This topic came up in another thread, so I wanted to highlight a few things that we've discovered in our endeavors to build Beam behind a firewall.
Conceptually, in order to allow this, a user needs to provide alternate mirrors for each "artifact" service required during build, and luckily I think most of the toolchains used by Beam support this. For example, the default PyPI mirror used by pip can be overridden via env var to an internal mirror, and likewise for docker and its registry service. I'm currently looking into gogradle to see if we can provide an alternate vendor directory as a shared resource behind our firewall. (I have a bigger question here, which is why was it necessary to add a third language into the python Beam ecosystem, just for the bootstrap process? Couldn't the boot code use python, or java?) But I'm getting ahead of myself. We're actually stuck at the very beginning, with gradlew. The gradlew wrapper seems to unconditionally download gradle, so you can't get past the first few hundred lines of code in the build process without requiring internet access. I made a ticket here: https://issues.apache.org/jira/browse/BEAM-7931. I'd love some pointers on how to fix this, because the offending code lives inside gradle-wrapper.jar, so I can't change it without access to the source. thanks, -chad