New build task : paketo builder #1660
Conversation
|
@cmoulliard what are the obstacles to use common buildah(-remote) task? |
What do you mean by "to use common buildah task" ? If the question is about: "Can we build the ubi builder image using buildah then the answer is no as such an image is not build from a Dockerfile by using a tool: pack - https://github.com/buildpacks/pack" |
|
@cmoulliard have you considered running |
| - name: BUILDER_IMAGE | ||
| description: The image packaging the paketo tools and to be used to build | ||
| type: string | ||
| default: "quay.io/redhat-user-workloads/konflux-build-pipeli-tenant/paketo-container:ea8ddb8818bb4a55546927e7674b0362dabd6342" |
There was a problem hiding this comment.
IIRC we cannot allow builder image to be specified as param, it must be hardcoded in task to provide valid provenance, other build tasks have been updated to disallow such parameter.
There was a problem hiding this comment.
also image should be officially released in konflux-ci quay namespace, we don't allow images from user-workloads. This image should be properly released via releases to konflux-ci
There was a problem hiding this comment.
also image should be officially released in konflux-ci quay namespace, we don't allow images from user-workloads. This image should be properly released via releases to konflux-ci
What should we do to release it part of konflux-ci ?
There was a problem hiding this comment.
I removed the default value in the meantime. See: a328f42
There was a problem hiding this comment.
you have to configure your konflux instance with proper release plan
There was a problem hiding this comment.
we cannot allow builder image to be specified as param
and what we do about this part?
There was a problem hiding this comment.
and what we do about this part?
What do you mean ? @MartinBasti
There was a problem hiding this comment.
we cannot allow users to specify their own build images, it must be hardcoded in the task to provide correct provenance
There was a problem hiding this comment.
Ok. So asap as this image will be released by konflux, then we will set the image ref to be used.
task/build-paketo-ubi-builder/0.1/build-paketo-ubi-builder.yaml
Outdated
Show resolved
Hide resolved
task/build-paketo-ubi-builder/0.1/build-paketo-ubi-builder.yaml
Outdated
Show resolved
Hide resolved
task/build-paketo-ubi-builder/0.1/build-paketo-ubi-builder.yaml
Outdated
Show resolved
Hide resolved
task/build-paketo-ubi-builder/0.1/build-paketo-ubi-builder.yaml
Outdated
Show resolved
Hide resolved
task/build-paketo-ubi-builder/0.1/build-paketo-ubi-builder.yaml
Outdated
Show resolved
Hide resolved
task/build-paketo-ubi-builder/0.1/build-paketo-ubi-builder.yaml
Outdated
Show resolved
Hide resolved
What is a build stage ? Can you elaborate ? |
Sorry for not being clear enough, I meant this |
|
/verify-owners |
Thanks. We cannot use Dockerfile like Multi-stage to build the buildpack stuffs (builder image or stack image or buildpacks) but specific tools like: pack, jam, create-package, etc |
|
/verify-owners |
|
/retest |
|
Can we merge it ? |
task/build-paketo-builder-oci-ta/0.1/build-paketo-builder-oci-ta.yaml
Outdated
Show resolved
Hide resolved
task/build-paketo-builder-oci-ta/0.1/build-paketo-builder-oci-ta.yaml
Outdated
Show resolved
Hide resolved
No, it has no approvals and unresolved threads |
|
We have changed the ownership mechanism from OWNERS to CODEOWNERS. Please rebased on main and update CODEOWNERS instead of OWNERS 🙏 |
cmoulliard
force-pushed
the
paketo-builder
branch
from
770b26a to
abe1ba5
Compare
cmoulliard
force-pushed
the
paketo-builder
branch
from
c19b458 to
01d22af
Compare
|
@cmoulliard I see re-review request, but these threads are still unresolved: |
cmoulliard
force-pushed
the
paketo-builder
branch
from
61fb165 to
6f2c96f
Compare
| description: the arguments to be passed to the pack command to build the image | ||
| type: array | ||
| default: [] | ||
| - name: BUILDER_IMAGE |
There was a problem hiding this comment.
builder image as param is still here
There was a problem hiding this comment.
Fixed with: e475d5e1 @MartinBasti
|
Please squash commits into one with nice description |
Signed-off-by: cmoulliard <[email protected]>
cmoulliard
force-pushed
the
paketo-builder
branch
from
6606492 to
471a178
Compare
Review the wording of the intro text Signed-off-by: cmoulliard <[email protected]> Changing the OWNERS Signed-off-by: cmoulliard <[email protected]> Use kerberios username for cmoulliard Signed-off-by: cmoulliard <[email protected]> Fix username typo error Signed-off-by: cmoulliard <[email protected]> Remove ubi from name, README and task definition Signed-off-by: cmoulliard <[email protected]> Removing the default value image as name will change Signed-off-by: cmoulliard <[email protected]> Removing #rsync comments Signed-off-by: cmoulliard <[email protected]> Remove from message printed: Signed-off-by: cmoulliard <[email protected]> Use buildah --retry parameter Signed-off-by: cmoulliard <[email protected]> Rename the task to include the suffic: -oci-ta Signed-off-by: cmoulliard <[email protected]> Change owner from cmoullia to cmoulliard Signed-off-by: cmoulliard <[email protected]> Double quote to prevent globbing and word splitting Signed-off-by: cmoulliard <[email protected]> Double quote to prevent globbing and word splitting Signed-off-by: cmoulliard <[email protected]> Double quote to prevent word splitting Signed-off-by: cmoulliard <[email protected]> Declare and assign separately to avoid masking return values. Signed-off-by: cmoulliard <[email protected]> Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead. Signed-off-by: cmoulliard <[email protected]> Remove trailing spaces and wrong indentation: expected 4 but found 6 Signed-off-by: cmoulliard <[email protected]> Fixing: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate Signed-off-by: cmoulliard <[email protected]> Fixing: Expanding an array without an index only gives the first element. Signed-off-by: cmoulliard <[email protected]> Fixing: Use braces when expanding arrays. Signed-off-by: cmoulliard <[email protected]> Remove double quote for ${BUILD_ARGS[@]} Signed-off-by: cmoulliard <[email protected]> Rename the task to include the suffix: -oci-ta Signed-off-by: cmoulliard <[email protected]> Replace @ with * for the array Signed-off-by: cmoulliard <[email protected]> Replace @ with * for the array Signed-off-by: cmoulliard <[email protected]> Removing some additional comments Signed-off-by: cmoulliard <[email protected]> Moving from OWNERS to CODEOWNERS Signed-off-by: cmoulliard <[email protected]> Add missing task of paketo to the renovate.json file Signed-off-by: cmoulliard <[email protected]> Updating renovate.json using update_renovate_json_based_on_codeowners.py script Signed-off-by: cmoulliard <[email protected]> Create a new renovate group for paketo => buildpack Signed-off-by: cmoulliard <[email protected]> Set -x to debug the bash script and review the logic to set the args passed to BUILD_ARGS Signed-off-by: cmoulliard <[email protected]> Remove set +x to understand why the bash script fails Signed-off-by: cmoulliard <[email protected]> Remove double quotes around argument: SSH_ARGS and echo BUILD_ARGS Signed-off-by: cmoulliard <[email protected]> Remove set +x to understand why the bash script fails Signed-off-by: cmoulliard <[email protected]> Declare the SSH_ARGS using an array Signed-off-by: cmoulliard <[email protected]> Remove set -x as non needed and fix wrong path to get image_digest Signed-off-by: cmoulliard <[email protected]> Remove trailling spaces Signed-off-by: cmoulliard <[email protected]> Removing ##### from echo commands Signed-off-by: cmoulliard <[email protected]> Generate the SBOM of the base image Signed-off-by: cmoulliard <[email protected]> Remove trailing space reported by yamllint Signed-off-by: cmoulliard <[email protected]> Remove trailing ## Signed-off-by: cmoulliard <[email protected]> Removing the BUILDER_IMAGE parameter Signed-off-by: cmoulliard <[email protected]>
cmoulliard
force-pushed
the
paketo-builder
branch
from
471a178 to
05e7400
Compare
Done @MartinBasti |
build-paketo-ubi-buildertask builds the ubi builder image for paketo using as input the builder.toml file. The image is build using the pack tool packaged part of the paketo-container image.The task also produces the SBOM which is signed and added to the image.
Build succeeded part of this PR: https://console.redhat.com/application-pipeline/workspaces/cmoullia/applications/buildpack-remote/pipelineruns/builder-ubi-base-l2q8r