Skip to content

feat(build): Add support for Python scripts via pythonExtension #1686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 33 commits into from
Feb 26, 2025
Merged

feat(build): Add support for Python scripts via pythonExtension #1686

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
2a4aa8c
add PythonExtension
zvictor Feb 9, 2025
987ab35
remove potential shell injection risk
zvictor Feb 9, 2025
8b97cec
Filter out blank lines or comment lines
zvictor Feb 9, 2025
84699e5
fix spelling
zvictor Feb 9, 2025
d00d147
add pythonExtension's `runInline`
zvictor Feb 9, 2025
500d82b
changes to requirements don’t invalidate the entire install layer
zvictor Feb 9, 2025
f0b30d6
copy script files on-demand
zvictor Feb 9, 2025
b63554e
improve PythonExtension types and logging
zvictor Feb 9, 2025
8ad7009
add changeset
zvictor Feb 9, 2025
c3cbd61
fix broken imports
zvictor Feb 10, 2025
be2cefe
Improve security of inline script execution
zvictor Feb 10, 2025
bb59bf8
Add file existence check for requirementsFile
zvictor Feb 10, 2025
65d84d0
update lock file
zvictor Feb 10, 2025
7c96930
Enhance error handling with detailed error information
zvictor Feb 10, 2025
c599809
Add portable type annotation
zvictor Feb 10, 2025
015f3aa
fix error TS18046: 'e' is of type 'unknown'
zvictor Feb 10, 2025
4302077
export the python extension
zvictor Feb 10, 2025
8ef78ee
add `pythonExtension` to the catalog
zvictor Feb 10, 2025
ca51709
fix `Cannot find module '@trigger.dev/build/extensions/core' (TS2307)
zvictor Feb 11, 2025
ddc706a
replace execa by tinyexec
zvictor Feb 11, 2025
311aed3
Merge branch 'main' into main
zvictor Feb 11, 2025
0e2d2e5
Merge branch 'main' into main
matt-aitken Feb 11, 2025
cf95fca
Update pnpm-lock.yaml
matt-aitken Feb 11, 2025
914d323
Merge branch 'main' into main
zvictor Feb 14, 2025
c246120
add custom traces instead of logging
zvictor Feb 16, 2025
b0f08c4
Merge branch 'triggerdotdev:main' into main
zvictor Feb 25, 2025
4776637
The cleanup in the finally block does not fail silently anymore
zvictor Feb 25, 2025
be76d69
move python runtime/extension to independent package
zvictor Feb 25, 2025
ec5c390
fix build package readme
zvictor Feb 25, 2025
cccf3e0
update lock file
zvictor Feb 25, 2025
a433061
add documentation to python's package
zvictor Feb 25, 2025
751ac55
add missing dependency
zvictor Feb 25, 2025
7eddd20
Update little-trains-begin.md
ericallam Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/little-trains-begin.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@trigger.dev/build": minor
---

Introduced a new Python extension to enhance the build process. It now allows users to execute Python scripts with improved support and error handling.
2 changes: 2 additions & 0 deletions packages/build/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@
},
"dependencies": {
"@trigger.dev/core": "workspace:3.3.13",
"@trigger.dev/sdk": "workspace:3.3.13",
"execa": "^9.5.2",
"pkg-types": "^1.1.3",
"tinyglobby": "^0.2.2",
"tsconfck": "3.1.3"
Expand Down
172 changes: 172 additions & 0 deletions packages/build/src/extensions/python.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
import fs from "node:fs";
import assert from "node:assert";
import { execa } from "execa";
import { additionalFiles } from "@trigger.dev/build/extensions/core";
import { BuildManifest } from "@trigger.dev/core/v3";
import { BuildContext, BuildExtension } from "@trigger.dev/core/v3/build";
import { logger } from "@trigger.dev/sdk/v3";

import type { VerboseObject } from "execa";

export type PythonOptions = {
requirements?: string[];
requirementsFile?: string;
/**
* [Dev-only] The path to the python binary.
*
* @remarks
* This option is typically used during local development or in specific testing environments
* where a particular Python installation needs to be targeted. It should point to the full path of the python executable.
*
* Example: `/usr/bin/python3` or `C:\\Python39\\python.exe`
*/
pythonBinaryPath?: string;
/**
* An array of glob patterns that specify which Python scripts are allowed to be executed.
*
* @remarks
* These scripts will be copied to the container during the build process.
*/
scripts?: string[];
};

type ExecaOptions = Parameters<typeof execa>[1];

const splitAndCleanComments = (str: string) =>
str
.split("\n")
.map((line) => line.trim())
.filter((line) => line && !line.startsWith("#"));

export function pythonExtension(options: PythonOptions = {}): BuildExtension {
return new PythonExtension(options);
}

class PythonExtension implements BuildExtension {
public readonly name = "PythonExtension";

constructor(private options: PythonOptions = {}) {
assert(
!(this.options.requirements && this.options.requirementsFile),
"Cannot specify both requirements and requirementsFile"
);

if (this.options.requirementsFile) {
assert(
fs.existsSync(this.options.requirementsFile),
`Requirements file not found: ${this.options.requirementsFile}`
);
this.options.requirements = splitAndCleanComments(
fs.readFileSync(this.options.requirementsFile, "utf-8")
);
}
}

async onBuildComplete(context: BuildContext, manifest: BuildManifest) {
await additionalFiles({
files: this.options.scripts ?? [],
}).onBuildComplete!(context, manifest);

if (context.target === "dev") {
if (this.options.pythonBinaryPath) {
process.env.PYTHON_BIN_PATH = this.options.pythonBinaryPath;
}

return;
}

context.logger.debug(`Adding ${this.name} to the build`);

context.addLayer({
id: "python-installation",
image: {
instructions: splitAndCleanComments(`
# Install Python
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 python3-pip python3-venv && \
apt-get clean && rm -rf /var/lib/apt/lists/*

# Set up Python environment
RUN python3 -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
`),
},
deploy: {
env: {
PYTHON_BIN_PATH: `/opt/venv/bin/python`,
},
override: true,
},
});

context.addLayer({
id: "python-dependencies",
build: {
env: {
REQUIREMENTS_CONTENT: this.options.requirements?.join("\n") || "",
},
},
image: {
instructions: splitAndCleanComments(`
ARG REQUIREMENTS_CONTENT
RUN echo "$REQUIREMENTS_CONTENT" > requirements.txt

# Install dependencies
RUN pip install --no-cache-dir -r requirements.txt
`),
},
deploy: {
override: true,
},
});
}
}

export const run = async (scriptArgs: string[] = [], options: ExecaOptions = {}) => {
const pythonBin = process.env.PYTHON_BIN_PATH || "python";

const result = await execa({
shell: true,
verbose: (verboseLine: string, verboseObject: VerboseObject) =>
logger.debug(verboseObject.message, verboseObject),
...options,
})(pythonBin, scriptArgs);

try {
assert(!result.failed, `Command failed: ${result.stderr}`);
assert(result.exitCode === 0, `Non-zero exit code: ${result.exitCode}`);
} catch (e) {
logger.error(e.message, result);
throw e;
}

return result;
};

export const runScript = (
scriptPath: string,
scriptArgs: string[] = [],
options: ExecaOptions = {}
) => {
assert(scriptPath, "Script path is required");
assert(fs.existsSync(scriptPath), `Script does not exist: ${scriptPath}`);
Copy link
Contributor Author

@zvictor zvictor Feb 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO

  • in dev, we should check whether scriptPath matches the patterns defined in this.options.scripts otherwise throw an error even if file exists locally (fail-fast approach to avoid errors only when deploying)
  • To do so, we better define a doesMatchPattern function (inside additionalFiles.ts?) similar to findStaticAssetFiles

trigger.dev/packages/build/src/extensions/core/additionalFiles.ts

Lines 37 to 41 in bc7d445

async function findStaticAssetFiles(
matchers: string[],
destinationPath: string,
options?: { cwd?: string; ignore?: string[] }
): Promise<FoundStaticAssetFiles> {

Questions

  • How do I check if I am in dev when I have no access to context: BuildContext? process.env.NODE_DEV === 'development'?
  • Should doesMatchPattern be defined locally or exported from additionalFiles.ts?
  • Do I store the patterns in this.options.scripts in an env var as well, in order to have accessible from runScript?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Address the TODO comment about script pattern validation.

As noted in the TODO comment, we need to implement the fail-fast approach for script pattern validation in development.

Let's verify the current behavior and propose a solution:

🏁 Script executed:

#!/bin/bash
# Search for any existing pattern matching utilities
rg -A 5 "doesMatchPattern|findStaticAssetFiles" .

Length of output: 1173

Implement the script pattern validation check in development

The search confirms that the functionality to validate script patterns (using a fail-fast approach during development) hasn’t been implemented in the Python extension. To address the TODO, consider adding a validation function similar to the following:

  • Create a utility function (e.g., validateScriptPattern) that verifies the script’s filename (or full path) complies with the expected pattern (for example, ensuring it ends with .py).
  • Invoke this function immediately after the existing assertions, but only when in development mode (e.g., by checking process.env.NODE_ENV or a similar flag).
  • Fail fast by throwing an error with a descriptive message if the validation fails.

Example implementation snippet:

// packages/build/src/extensions/python.ts

import * as path from 'path';

/**
 * Validates that the script matches the expected Python script pattern.
 * @param scriptPath The path of the script.
 */
function validateScriptPattern(scriptPath: string) {
  const scriptName = path.basename(scriptPath);
  // Define your expected pattern for Python scripts (customize as needed)
  const pattern = /^[\w\-]+\.py$/;
  if (!pattern.test(scriptName)) {
    throw new Error(`Invalid script file name: ${scriptName}. Ensure it follows the expected naming convention.`);
  }
}

// Existing assertions
assert(scriptPath, "Script path is required");
assert(fs.existsSync(scriptPath), `Script does not exist: ${scriptPath}`);

// In development, validate the script pattern early
if (process.env.NODE_ENV === 'development') {
  validateScriptPattern(scriptPath);
}

This approach ensures that any deviation from the expected script naming convention is caught early in the development phase, adhering to the fail-fast principle.


return run([scriptPath, ...scriptArgs], options);
};

export const runInline = async (scriptContent: string, options: ExecaOptions = {}) => {
assert(scriptContent, "Script content is required");

// Create a temporary file with restricted permissions
const tmpFile = `/tmp/script_${Date.now()}.py`;
await fs.promises.writeFile(tmpFile, scriptContent, { mode: 0o600 });

try {
return await runScript(tmpFile, [], options);
} finally {
// Clean up temporary file
await fs.promises.unlink(tmpFile);
}
};

export default { run, runScript, runInline };
99 changes: 98 additions & 1 deletion pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading