Always use virtual environments in CI, because PEP 668 (#573)

**Issue:** CI is not working on some newer OSs (Ubuntu 24.04, OpenBSD 7.5) due to [PEP 668](https://peps.python.org/pep-0668/) which disallows global installations from pip. **Description of changes:** Always run CI in a virtual environment (using path `.venv-builder`)
awslabs · Jun 19, 2024 · 1d5103e · 1d5103e
1 parent a486d70
commit 1d5103e
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 58 deletions.
diff --git a/.builder/actions/aws_crt_python.py b/.builder/actions/aws_crt_python.py
@@ -1,67 +1,37 @@
 import Builder
 import argparse
-import os
+from pathlib import Path
 import sys
 
-# Fall back on using the "{python}" builder variable
-PYTHON_DEFAULT = '{python}'
-
 
 class AWSCrtPython(Builder.Action):
-    python = PYTHON_DEFAULT
-
-    # Some CI containers have pip installed via "rpm" or non-Python methods, and this causes issues when
-    # we try to update pip via "python -m pip install --upgrade" because there are no RECORD files present.
-    # Therefore, we have to seek alternative ways with a last resort of installing with "--ignore-installed"
-    # if nothing else works AND the builder is running in GitHub actions.
-    # As of writing, this is primarily an issue with the AL2-x64 image.
-    def try_to_upgrade_pip(self, env):
-        did_upgrade = False
-
-        if (self.python == '{python}'):
-            self.python = env.config["variables"]["python"]
-
-        pip_result = env.shell.exec(self.python, '-m', 'pip', 'install', '--upgrade', 'pip', check=False)
-        if pip_result.returncode == 0:
-            did_upgrade = True
-        else:
-            print("Could not update pip via normal pip upgrade. Next trying via package manager...")
-
-        if (did_upgrade == False):
-            try:
-                Builder.InstallPackages(['pip']).run(env)
-                did_upgrade = True
-            except Exception:
-                print("Could not update pip via package manager. Next resorting to forcing an ignore install...")
-
-        if (did_upgrade == False):
-            # Only run in GitHub actions by checking for specific environment variable
-            # Source: https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
-            if (os.getenv("GITHUB_ACTIONS") is not None):
-                pip_result = env.shell.exec(
-                    self.python, '-m', 'pip', 'install', '--upgrade',
-                    '--ignore-installed', 'pip', check=False)
-                if pip_result.returncode == 0:
-                    did_upgrade = True
-                else:
-                    print("Could not update pip via ignore install! Something is terribly wrong!")
-                    sys.exit(12)
-            else:
-                print("Not on GitHub actions - skipping reinstalling Pip. Update/Install pip manually and rerun the builder")
 
     def run(self, env):
         # allow custom python to be used
         parser = argparse.ArgumentParser()
         parser.add_argument('--python')
         args = parser.parse_known_args(env.args.args)[0]
-        self.python = args.python if args.python else PYTHON_DEFAULT
+        if args.python:
+            self.python = args.python
+        else:
+            # Fall back on using the "{python}" builder variable
+            self.python = env.config['variables']['python']
+
+        # Create a virtual environment and use that.
+        # Otherwise, in places like ubuntu 24.04, PEP 668 stops
+        # you from globally installing/upgrading packages
+        venv_dirpath = Path.cwd() / '.venv-builder'
+        env.shell.exec(self.python, '-m', 'venv', str(venv_dirpath), check=True)
+        if sys.platform == 'win32':
+            self.python = str(venv_dirpath / 'Scripts/python')
+        else:
+            self.python = str(venv_dirpath / 'bin/python')
 
         # Enable S3 tests
         env.shell.setenv('AWS_TEST_S3', '1')
 
         actions = [
-            # Upgrade Pip via a number of different methods
-            self.try_to_upgrade_pip,
+            [self.python, '-m', 'pip', 'install', '--upgrade', 'pip'],
             [self.python, '-m', 'pip', 'install', '--upgrade', '--requirement', 'requirements-dev.txt'],
             Builder.SetupCrossCICrtEnvironment(),
             [self.python, '-m', 'pip', 'install', '--verbose', '.'],

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ on:
       - 'docs'
 
 env:
-  BUILDER_VERSION: v0.9.56
+  BUILDER_VERSION: v0.9.59
   BUILDER_SOURCE: releases
   BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
   PACKAGE_NAME: aws-crt-python
@@ -158,7 +158,7 @@ jobs:
       - name: Assert libcrypto.so used
         run: |
           # assert it's linked against the system's libcrypto.so
-          AWSCRT_PATH=`python3 -c "import _awscrt; print(_awscrt.__file__)"`
+          AWSCRT_PATH=`aws-crt-python/.venv-builder/bin/python3 -c "import _awscrt; print(_awscrt.__file__)"`
           printf "AWSCRT_PATH: $AWSCRT_PATH\n"
 
           LINKED_AGAINST=`ldd $AWSCRT_PATH`
@@ -212,8 +212,6 @@ jobs:
           environment_variables: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION AWS_REGION
           run: |
             sudo pkg_add awscli py3-pip py3-urllib3
-            python3 -m venv .venv
-            source .venv/bin/activate
             python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder')"
             chmod a+x builder
             ./builder build -p ${{ env.PACKAGE_NAME }}

diff --git a/codebuild/linux-integration-tests.yml b/codebuild/linux-integration-tests.yml
@@ -4,7 +4,7 @@ version: 0.2
 env:
   shell: bash
   variables:
-    BUILDER_VERSION: v0.9.44
+    BUILDER_VERSION: v0.9.59
     BUILDER_SOURCE: releases
     BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
     PACKAGE_NAME: aws-crt-python
@@ -13,7 +13,7 @@ phases:
     commands:
       - add-apt-repository ppa:ubuntu-toolchain-r/test
       - apt-get update -y
-      - apt-get install gcc-7 cmake ninja-build python3 python3-pip -y
+      - apt-get install gcc-7 cmake ninja-build python3 python3-pip python3-venv -y
   pre_build:
     commands:
       - export CC=gcc-7
@@ -27,4 +27,3 @@ phases:
   post_build:
     commands:
       - echo Build completed on `date`
-
diff --git a/codebuild/mqtt5-python-canary-test.yml b/codebuild/mqtt5-python-canary-test.yml
@@ -10,9 +10,6 @@ env:
     CANARY_CLIENT_COUNT: 10
     CANARY_LOG_FILE: 'canary_log.txt'
     CANARY_LOG_LEVEL: 'ERROR'
-    BUILDER_VERSION: v0.9.21
-    BUILDER_SOURCE: releases
-    BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
     PACKAGE_NAME: aws-crt-python
     CANARY_TEST_EXE: 'python -m unittest --failfast --verbose 2>&1 | tee /tmp/tests.log test.test_mqtt5_canary'
     CANARY_SERVER_ARN: Mqtt5MosquittoSever
@@ -36,4 +33,4 @@ phases:
       - $CODEBUILD_SRC_DIR/codebuild/mqtt5-python-canary-test.sh
   post_build:
     commands:
-      - echo Build completed on `date`
+      - echo Build completed on `date`