My Python script for Global.health was not running in production, because it couldn’t find some imports. Now the real solution is to package up the imports with
setuptools and install them at runtime (we manage the environments with poetry), but the quick solution is to fix up the path so that they get imported anyway. Or so I thought.
The deployment lifecycle of this script is that it gets packaged into a Docker image and published to Amazon Elastic Container Repository. An EventBridge event triggers a Batch job definition using that image to be queued. So to understand why the imports aren’t working, we need to understand the Docker image.
docker create --name broken_script sha256:blah gives me a container based on the image. Previously I would have started that image and launched an interactive shell to poke around, but this time I decided to try something else:
docker export broken_cleanup | tar tf - gives me the filesystem listing (and all I would’ve done with the running shell was various
ls incantations, so that’s sufficient).
Indeed my image had various library files alongside the main script:
/app/clean_old_ingestion_source_files.py /app/EventBridgeClient.py /app/S3Client.py /app/__init__.py
Those supporting files should be in a subfolder. My copy command was wrong in the Dockerfile:
COPY clean_old_ingestion_source_files.py aws_access ./
This copies the content of
aws_access into the current folder, I wanted to copy the folder (and, recursively, its content). Simple fix: break that line into two, putting the files in their correct destinations. Now rebuild the image, and verify that it is fixed. This time I didn’t export the whole filesystem from a container, I exported the layers from the image.
docker image save sha256:blah | tar xf -
This gives me a manifest.json showing each layer, and a tar file with the content of that layer. Using this I could just get the table of content for the layer containing my Python files, and confirm that they are now organised correctly.