Update containerfiles #111
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
arewm
commented
Jan 6, 2025
arewm
commented
- Changing parent image from Fedora to CentOS Stream to get a newer golang and unshare version before it is available in UBI
- Updating labels on images to be more accurate
arewm
force-pushed
the
update-containerfile
branch
from
511933d to
f947964
Compare
cgwalters
reviewed
Jan 6, 2025
There was a problem hiding this comment.
Only tangentially related to this, when I was looking at labels a while ago, I found that the OpenSUSE base images had clean and elegant metadata:
skopeo inspect -n docker://docker.io/opensuse/leap | jq .Labels
{
"org.openbuildservice.disturl": "obs://build.opensuse.org/openSUSE:Leap:15.6:Images/images/25049cab88eae9e94c1aeac7a8f0aee7-opensuse-leap-image:docker",
"org.opencontainers.image.created": "2024-09-19T19:48:27.536230874Z",
"org.opencontainers.image.description": "Image containing a minimal environment for containers based on openSUSE Leap 15.6.",
"org.opencontainers.image.source": "https://build.opensuse.org/package/show/openSUSE:Leap:15.6:Images/opensuse-leap-image?rev=25049cab88eae9e94c1aeac7a8f0aee7",
"org.opencontainers.image.title": "openSUSE Leap 15.6 Base Container",
"org.opencontainers.image.url": "https://www.opensuse.org/",
"org.opencontainers.image.vendor": "openSUSE Project",
"org.opencontainers.image.version": "15.6.5.643",
"org.opensuse.base.created": "2024-09-19T19:48:27.536230874Z",
"org.opensuse.base.description": "Image containing a minimal environment for containers based on openSUSE Leap 15.6.",
"org.opensuse.base.disturl": "obs://build.opensuse.org/openSUSE:Leap:15.6:Images/images/25049cab88eae9e94c1aeac7a8f0aee7-opensuse-leap-image:docker",
"org.opensuse.base.reference": "registry.opensuse.org/opensuse/leap:15.6.5.643",
"org.opensuse.base.source": "https://build.opensuse.org/package/show/openSUSE:Leap:15.6:Images/opensuse-leap-image?rev=25049cab88eae9e94c1aeac7a8f0aee7",
"org.opensuse.base.title": "openSUSE Leap 15.6 Base Container",
"org.opensuse.base.url": "https://www.opensuse.org/",
"org.opensuse.base.vendor": "openSUSE Project",
"org.opensuse.base.version": "15.6.5.643",
"org.opensuse.reference": "registry.opensuse.org/opensuse/leap:15.6.5.643"
}
Containerfile.buildah
Outdated
| org.label-schema.vendor="Konflux CI" \ | ||
| org.opencontainers.image.vendor="Konflux CI" \ | ||
| org.opencontainers.image.url="https://quay.io/konflux-ci/buildah" \ | ||
| org.opencontainers.image.url="https://quay.io/konflux-ci/buildah" \ |
There was a problem hiding this comment.
Why is this duplicated?
Also linking to quay seems redundant, anyone can infer that from where they find the image. If there's no actual web page for this I'd personally just drop the url here and keep .source.
There was a problem hiding this comment.
The duplication was unintentional.
I included url because I saw it in other images, i.e.
$ skopeo inspect docker://quay.io/containers/buildah:latest | jq -e ".Labels"
{
"built.by.commit": "f27333ae1ff3efbc9e5a507bb44c90e3bacc937e",
"built.by.digest": "sha256:113ae526992d1e4d777ecfb152085119d47d9ee32c2b6ffe2e25e16dbd3e953d",
"built.by.exec": "containers_build_push.sh",
"built.by.logs": "https://cirrus-ci.com/task/5416367588900864",
"built.by.repo": "https://github.com/containers/image_build.git",
"io.buildah.version": "1.35.4",
"io.containers.capabilities": "CHOWN,DAC_OVERRIDE,FOWNER,FSETID,KILL,NET_BIND_SERVICE,SETFCAP,SETGID,SETPCAP,SETUID,CHOWN,DAC_OVERRIDE,FOWNER,FSETID,KILL,NET_BIND_SERVICE,SETFCAP,SETGID,SETPCAP,SETUID,SYS_CHROOT",
"license": "MIT",
"name": "fedora",
"org.opencontainers.image.authors": "[email protected]",
"org.opencontainers.image.created": "2025-01-06T15:21:22+00:00",
"org.opencontainers.image.documentation": "https://github.com/containers/image_build/blob/f27333ae1ff3efbc9e5a507bb44c90e3bacc937e/buildah/README.md",
"org.opencontainers.image.license": "MIT",
"org.opencontainers.image.name": "fedora",
"org.opencontainers.image.revision": "f27333ae1ff3efbc9e5a507bb44c90e3bacc937e",
"org.opencontainers.image.source": "https://github.com/containers/image_build/blob/f27333ae1ff3efbc9e5a507bb44c90e3bacc937e/buildah/",
"org.opencontainers.image.url": "https://quay.io/containers/buildah",
"org.opencontainers.image.vendor": "Fedora Project",
"org.opencontainers.image.version": "1.38.0",
"vendor": "Fedora Project",
"version": "41"
}
f947964 to
b1aa2d5
Compare
* Changing parent image from Fedora to CentOS Stream to get a newer golang and unshare version before it is available in UBI * Updating labels on images to be more accurate Signed-off-by: arewm <[email protected]>
arewm
force-pushed
the
update-containerfile
branch
2 times, most recently
from
c08eb6d to
6f7eb08
Compare
This infra has been flakier, so reducing the dependency on it (as well as the load). Signed-off-by: arewm <[email protected]>
arewm
force-pushed
the
update-containerfile
branch
from
6f7eb08 to
d0b9ea1
Compare
tkdchen
reviewed
Jan 16, 2025
| distribution-scope="public" \ | ||
| release="0" \ | ||
| url="github.com/konflux-ci/buildah-container" | ||
| org.opencontainers.image.documentation="https://github.com/containers/image_build/blob/main/buildah/README.md" |
There was a problem hiding this comment.
It would be good to use OCI annotations consistently.
There was a problem hiding this comment.
The CenOS Stream images use org.label-schema so I wanted to overwrite those. I don't think that we currently have the ability to set annotations on our builds. It would be handy if our buildah tasks would copy all labels to annotations though as that seems like it is a preferred pattern.
|
/retest |
|
buildah-on-pull-request fails due to |
Yes in RHEL that's part of CRB - that repo needs to be enabled at build time. |
And remove the old one which is just copied from within the buildah submodule. Signed-off-by: arewm <[email protected]>
arewm
force-pushed
the
update-containerfile
branch
from
e725b18 to
8dff7b4
Compare
|
Yeah, I had the CRB packages enabled locally, I just never go around to stashing them. This change still doesn't build as fails in CentOS stream and the I guess I can probably exclude both of those? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.