%global _empty_manifest_terminate_build 0 Name: python-sagemaker-studio-image-build Version: 0.6.0 Release: 1 Summary: Build Docker Images in Amazon SageMaker Studio using AWS CodeBuild License: MIT-0 URL: https://github.com/aws-samples/sagemaker-studio-image-build-cli Source0: https://mirrors.aliyun.com/pypi/web/packages/e7/22/304e74f0afc681545eee1376d32190225889e8275f7a0c2a17c647446b5f/sagemaker_studio_image_build-0.6.0.tar.gz BuildArch: noarch %description ## SageMaker Docker Build [![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/) [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) This is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. ### Usage Navigate to the directory containing the Dockerfile and simply do: ```bash sm-docker build . ``` Any additional arguments supported with `docker build` are supported ```bash sm-docker build . --file /path/to/Dockerfile --build-arg foo=bar ``` By default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket These can be overridden with the relevant CLI options. ```bash sm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0 ``` The CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR. ### Installing Install the CLI using pip. ```bash pip install sagemaker-studio-image-build ``` Ensure the execution role has a trust policy with CodeBuild. ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "codebuild.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } ``` The following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codebuild:DeleteProject", "codebuild:CreateProject", "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": "arn:aws:codebuild:*:*:project/sagemaker-studio*" }, { "Effect": "Allow", "Action": "logs:CreateLogStream", "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*" }, { "Effect": "Allow", "Action": [ "logs:GetLogEvents", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*" }, { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:BatchGetImage", "ecr:CompleteLayerUpload", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecr:UploadLayerPart", "ecr:ListImages", "ecr:InitiateLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:PutImage" ], "Resource": "arn:aws:ecr:*:*:repository/sagemaker-studio*" }, { "Sid": "ReadAccessToPrebuiltAwsImages", "Effect": "Allow", "Action": [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ], "Resource": [ "arn:aws:ecr:*:763104351884:repository/*", "arn:aws:ecr:*:217643126080:repository/*", "arn:aws:ecr:*:727897471807:repository/*", "arn:aws:ecr:*:626614931356:repository/*", "arn:aws:ecr:*:683313688378:repository/*", "arn:aws:ecr:*:520713654638:repository/*", "arn:aws:ecr:*:462105765813:repository/*" ] }, { "Sid": "EcrAuthorizationTokenRetrieval", "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::sagemaker-*/*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": "arn:aws:s3:::sagemaker*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringLikeIfExists": { "iam:PassedToService": "codebuild.amazonaws.com" } } } ] } ``` If you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume: ```json { "Sid": "VpcAccessActions", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Resource": "*" } ``` ### Development Checkout the repository. ```bash make install ``` #### Testing locally To build locally, use one of the example Dockerfiles in the *examples* directory ```bash ROLE_NAME=<> (cd examples/basic_build && sm-docker build . --role ${ROLE_NAME} ) ``` ```bash (cd examples/build_with_args && sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 ) ``` #### Testing on SageMaker Studio To build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target. ```bash export DEV_S3_PATH_PREFIX=s3://path/to/location black . make -k s3bundle ``` From a "System Terminal" in SageMaker Studio ```bash export DEV_S3_PATH_PREFIX=s3://path/to/location aws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . pip install sagemaker_studio_image_build-x.y.z.tar.gz ``` ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file. %package -n python3-sagemaker-studio-image-build Summary: Build Docker Images in Amazon SageMaker Studio using AWS CodeBuild Provides: python-sagemaker-studio-image-build BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-sagemaker-studio-image-build ## SageMaker Docker Build [![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/) [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) This is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. ### Usage Navigate to the directory containing the Dockerfile and simply do: ```bash sm-docker build . ``` Any additional arguments supported with `docker build` are supported ```bash sm-docker build . --file /path/to/Dockerfile --build-arg foo=bar ``` By default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket These can be overridden with the relevant CLI options. ```bash sm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0 ``` The CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR. ### Installing Install the CLI using pip. ```bash pip install sagemaker-studio-image-build ``` Ensure the execution role has a trust policy with CodeBuild. ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "codebuild.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } ``` The following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codebuild:DeleteProject", "codebuild:CreateProject", "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": "arn:aws:codebuild:*:*:project/sagemaker-studio*" }, { "Effect": "Allow", "Action": "logs:CreateLogStream", "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*" }, { "Effect": "Allow", "Action": [ "logs:GetLogEvents", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*" }, { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:BatchGetImage", "ecr:CompleteLayerUpload", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecr:UploadLayerPart", "ecr:ListImages", "ecr:InitiateLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:PutImage" ], "Resource": "arn:aws:ecr:*:*:repository/sagemaker-studio*" }, { "Sid": "ReadAccessToPrebuiltAwsImages", "Effect": "Allow", "Action": [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ], "Resource": [ "arn:aws:ecr:*:763104351884:repository/*", "arn:aws:ecr:*:217643126080:repository/*", "arn:aws:ecr:*:727897471807:repository/*", "arn:aws:ecr:*:626614931356:repository/*", "arn:aws:ecr:*:683313688378:repository/*", "arn:aws:ecr:*:520713654638:repository/*", "arn:aws:ecr:*:462105765813:repository/*" ] }, { "Sid": "EcrAuthorizationTokenRetrieval", "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::sagemaker-*/*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": "arn:aws:s3:::sagemaker*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringLikeIfExists": { "iam:PassedToService": "codebuild.amazonaws.com" } } } ] } ``` If you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume: ```json { "Sid": "VpcAccessActions", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Resource": "*" } ``` ### Development Checkout the repository. ```bash make install ``` #### Testing locally To build locally, use one of the example Dockerfiles in the *examples* directory ```bash ROLE_NAME=<> (cd examples/basic_build && sm-docker build . --role ${ROLE_NAME} ) ``` ```bash (cd examples/build_with_args && sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 ) ``` #### Testing on SageMaker Studio To build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target. ```bash export DEV_S3_PATH_PREFIX=s3://path/to/location black . make -k s3bundle ``` From a "System Terminal" in SageMaker Studio ```bash export DEV_S3_PATH_PREFIX=s3://path/to/location aws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . pip install sagemaker_studio_image_build-x.y.z.tar.gz ``` ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file. %package help Summary: Development documents and examples for sagemaker-studio-image-build Provides: python3-sagemaker-studio-image-build-doc %description help ## SageMaker Docker Build [![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/) [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) This is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. ### Usage Navigate to the directory containing the Dockerfile and simply do: ```bash sm-docker build . ``` Any additional arguments supported with `docker build` are supported ```bash sm-docker build . --file /path/to/Dockerfile --build-arg foo=bar ``` By default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket These can be overridden with the relevant CLI options. ```bash sm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0 ``` The CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR. ### Installing Install the CLI using pip. ```bash pip install sagemaker-studio-image-build ``` Ensure the execution role has a trust policy with CodeBuild. ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "codebuild.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } ``` The following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codebuild:DeleteProject", "codebuild:CreateProject", "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": "arn:aws:codebuild:*:*:project/sagemaker-studio*" }, { "Effect": "Allow", "Action": "logs:CreateLogStream", "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*" }, { "Effect": "Allow", "Action": [ "logs:GetLogEvents", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*" }, { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:BatchGetImage", "ecr:CompleteLayerUpload", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecr:UploadLayerPart", "ecr:ListImages", "ecr:InitiateLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:PutImage" ], "Resource": "arn:aws:ecr:*:*:repository/sagemaker-studio*" }, { "Sid": "ReadAccessToPrebuiltAwsImages", "Effect": "Allow", "Action": [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ], "Resource": [ "arn:aws:ecr:*:763104351884:repository/*", "arn:aws:ecr:*:217643126080:repository/*", "arn:aws:ecr:*:727897471807:repository/*", "arn:aws:ecr:*:626614931356:repository/*", "arn:aws:ecr:*:683313688378:repository/*", "arn:aws:ecr:*:520713654638:repository/*", "arn:aws:ecr:*:462105765813:repository/*" ] }, { "Sid": "EcrAuthorizationTokenRetrieval", "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::sagemaker-*/*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": "arn:aws:s3:::sagemaker*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringLikeIfExists": { "iam:PassedToService": "codebuild.amazonaws.com" } } } ] } ``` If you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume: ```json { "Sid": "VpcAccessActions", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Resource": "*" } ``` ### Development Checkout the repository. ```bash make install ``` #### Testing locally To build locally, use one of the example Dockerfiles in the *examples* directory ```bash ROLE_NAME=<> (cd examples/basic_build && sm-docker build . --role ${ROLE_NAME} ) ``` ```bash (cd examples/build_with_args && sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 ) ``` #### Testing on SageMaker Studio To build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target. ```bash export DEV_S3_PATH_PREFIX=s3://path/to/location black . make -k s3bundle ``` From a "System Terminal" in SageMaker Studio ```bash export DEV_S3_PATH_PREFIX=s3://path/to/location aws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . pip install sagemaker_studio_image_build-x.y.z.tar.gz ``` ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file. %prep %autosetup -n sagemaker_studio_image_build-0.6.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-sagemaker-studio-image-build -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Tue Jun 20 2023 Python_Bot - 0.6.0-1 - Package Spec generated