Running `gcloud beta code dev` using private python packages from Artifact Registry

Question

I have a single private python package using Google Artifact Registry.

Within the requirements.txt, the index url is specified using

--extra-index-url ...
some_package==1.0.0

After running gcloud auth application-default login, this works when just simply running pip install -r requirements.txt from my virtualenv. However, this does not seem to work when I run gcloud beta code dev and it tries to build the Docker image. Maybe my assumption is wrong, but I figured it would have access to the credentials by simply providing the application-default-credential flag.

Dockerfile (keyring.txt installs keyring and google keyring)

# Use an official lightweight Python image.
# https://hub.docker.com/_/python
FROM python:3.10-slim

ENV APP_HOME /app
WORKDIR $APP_HOME

# Removes output stream buffering, allowing for more efficient logging
ENV PYTHONUNBUFFERED 1
# Disable pip caching, smaller image as a result
ENV PIP_NO_CACHE_DIR 1
ENV PIP_DISABLE_PIP_VERSION_CHECK 1

# Install dependencies
COPY ./requirements ./requirements
RUN pip install -r requirements/keyring.txt
RUN pip install -r requirements/production.txt

# Copy local code to the container image
COPY . .

CMD exec gunicorn --bind 0.0.0.0:$PORT config.wsgi:application

Output

...
#9 5.475 WARNING: Compute Engine Metadata server unavailable on attempt 1 of 3. Reason: timed out
#9 5.531 WARNING: Compute Engine Metadata server unavailable on attempt 2 of 3. Reason: [Errno 113] No route to host
#9 8.539 User for us-central1-python.pkg.dev: WARNING: Compute Engine Metadata server unavailable on attempt 3 of 3. Reason: timed out
#9 8.542 WARNING: Authentication failed using Compute Engine authentication due to unavailable metadata server.
#9 8.542 WARNING: Failed to retrieve Application Default Credentials: Your default credentials were not found. To set up Application Default Credentials, see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.
#9 8.542 WARNING: Trying to retrieve credentials from gcloud...
#9 8.542 WARNING: Failed to retrieve credentials from gcloud: gcloud command exited with status: [Errno 2] No such file or directory: 'gcloud'
#9 8.542 WARNING: Artifact Registry PyPI Keyring: No credentials could be found.
#9 8.542 WARNING: Keyring is skipped due to an exception: Failed to find credentials, Please run: `gcloud auth application-default login or export GOOGLE_APPLICATION_CREDENTIALS=<path/to/service/account/key>`
...

Do I have a fundamental misunderstanding of what the application-default-credential flag does? Is there any way to make this work locally?

I was expecting the docker image build to use the application default credential, but it is not.

Answer 1

The 'gcloud auth application-default login' command stores the credentials in a file 'Adc.json' that is located in the 'config/gcloud' directory in the user's Home directory.

In the Docker Image build process, the above-mentioned directory doesn't exists that's why can't retrieve the credentials from the file. The 'gcloud' command is also not installed which is why saying error "'No such file or directory:'gcloud'".

Mount the 'config/gcloud' into Docker Container by using -v option by running the 'docker run' command.