0

I'm developing a Python project using VSCode Dev Containers. Until now, to build the container I'm developing on, I used the Dockerfile located in the project root, which the same one used for production, so that my development environment fully matched the deployed environment. This Dockerfile performs all the pip install steps.

Additional development-only tools (VSCode extensions, notebooks, etc.) were handled through devcontainer.json.

Recently, after installing Cato on my Mac (to connect to an internal PyPI hub), the pip install phase inside the container stopped working. Our IT team told me I need to add a certificate (cato-ca.crt) into the container, using the following commands:

RUN mkdir /usr/local/share/ca-certificates/cato-ca
COPY .devcontainer/cato-ca.crt /usr/local/share/ca-certificates/cato-ca/cato-ca.crt
RUN chmod 644 /usr/local/share/ca-certificates/cato-ca/cato-ca.crt && update-ca-certificates

These steps cannot be added to the production build, because the CI/CD environment doesn’t have (and shouldn’t have) this certificate. Because of this, I had to create a second Dockerfile used only for the Dev Container.

Question: Is there a way to keep a single Dockerfile and conditionally include these certificate-installation commands only when building the Dev Container (and before pip install runs)?

Improve this question
3
  • If the repository uses an internal TLS infrastructure, how does the CI environment validate its server certificate without having a copy of the CA certificate? It won't have anything that's not present in the Dockerfile. You also might consider whether a native-Python setup will work for you without necessarily forcing Docker into your core workflow, since there are multiple tools to install specific Python versions and standard approaches for writing out a fixed set of Python package dependencies. Commented Nov 18 at 15:47
  • The only way to get conditional behavior within a dockerfile is through bash scripting in your dockerfile. This is difficult to debug and hard ta manage though and I wouldn't use to resolve what is effectively an env var problem related to certs Commented Nov 19 at 0:50
  • @DavidMaze, I guess the CI environment is whitelisted somehow. I'm a big fan of Docker development, so going to native-Python will be my last resort. Commented Nov 19 at 8:30
Related questions
1703
How to force Docker for a clean build of an image
552
docker-compose up for only certain containers
108
How to configure different dockerfile for development and production
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.