Merge pull request #1926 from renuka-fernando/python-custom

renuka-fernando · web-flow · commit 7e8a7eb3032a · 2026-05-13T15:53:21.000+05:30
feat(cli): copy python-executor into gateway-runtime image
diff --git a/cli/src/internal/gateway/docker_build.go b/cli/src/internal/gateway/docker_build.go
@@ -74,6 +74,10 @@ func BuildGatewayImages(config DockerBuildConfig) error {
 		return err
 	}
 
+	if err := ensurePythonExecutorInRuntimeContext(config.TempDir); err != nil {
+		return err
+	}
+
 	fmt.Println("  ✓ Gateway-builder completed")
 
 	// Step 2: Build the two images
@@ -121,6 +125,30 @@ func ensureBuildLockInControllerContext(tempDir string) error {
 	return nil
 }
 
+// ensurePythonExecutorInRuntimeContext stages the python-executor directory
+// produced by gateway-builder into the gateway-runtime Docker build context
+// so the Dockerfile's `COPY python-executor/ ...` can resolve it.
+func ensurePythonExecutorInRuntimeContext(tempDir string) error {
+	pythonExecutorSrc := filepath.Join(tempDir, "output", "python-executor")
+	if _, err := os.Stat(pythonExecutorSrc); err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return nil
+		}
+		return fmt.Errorf("failed to access python-executor output: %w", err)
+	}
+
+	pythonExecutorDst := filepath.Join(tempDir, "output", "gateway-runtime", "python-executor")
+	if err := os.RemoveAll(pythonExecutorDst); err != nil {
+		return fmt.Errorf("failed to clear existing python-executor in gateway-runtime build context: %w", err)
+	}
+
+	if err := utils.CopyDir(pythonExecutorSrc, pythonExecutorDst); err != nil {
+		return fmt.Errorf("failed to copy python-executor into gateway-runtime build context: %w", err)
+	}
+
+	return nil
+}
+
 // runGatewayBuilder runs the gateway-builder container
 func runGatewayBuilder(config DockerBuildConfig, logFile *os.File) error {
 	args := []string{"run", "--rm", "-v", config.TempDir + ":/workspace", config.GatewayBuilder,
diff --git a/gateway/gateway-builder/internal/policyengine/generator.go b/gateway/gateway-builder/internal/policyengine/generator.go
@@ -373,9 +373,16 @@ func copyDir(src, dst string) error {
 		dstPath := filepath.Join(dst, relPath)
 
 		if info.IsDir() {
+			if info.Name() == ".venv" || info.Name() == "__pycache__" || info.Name() == ".git" {
+				return filepath.SkipDir
+			}
 			return os.MkdirAll(dstPath, info.Mode())
 		}
 
+		if !info.Mode().IsRegular() {
+			return nil
+		}
+
 		// Copy file
 		data, err := os.ReadFile(path)
 		if err != nil {
diff --git a/gateway/gateway-builder/templates/Dockerfile.gateway-runtime.tmpl b/gateway/gateway-builder/templates/Dockerfile.gateway-runtime.tmpl
@@ -24,6 +24,17 @@ USER root
 COPY policy-engine /app/policy-engine
 RUN chmod +x /app/policy-engine
 
+# Replace python-executor with custom-compiled version containing user Python policies
+RUN rm -rf /app/python-executor
+COPY python-executor/ /app/python-executor/
+
+# Install python dependencies for custom policies
+RUN apt-get update && apt-get install -y --no-install-recommends python3-pip && \
+    pip3 install --no-cache-dir --upgrade pip setuptools wheel && \
+    pip3 install --no-cache-dir --target /app/python-libs -r /app/python-executor/requirements.txt && \
+    apt-get purge -y python3-pip && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
 USER wso2
 
 # Metadata labels
