-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for kubevirt container image pushing #860
Conversation
jobs/release.Jenkinsfile
Outdated
@@ -207,6 +207,7 @@ lock(resource: "release-${params.STREAM}", extra: locks) { | |||
// OCP ART doesn't actually care what the tag name is (it's just to stop GC), we | |||
// hardcode it. | |||
def push_containers = ['oscontainer': ['ostree', 'base-oscontainer', ''], | |||
'kubevirt': ['kubevirt', 'kubevirt', ''], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this one is tricky because I think upstream we don't want a tag suffix, but downstream we do.
@jlebon does that match your understanding?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed. We can't not add a suffix for this downstream. It'll conflict with the base-oscontainer. Upstream, we could push as quay.io/fedora/fedora-coreos-kubevirt:stable-kubevirt
, but that looks awkward. Probably time to make this configurable. One idea is to make it templated, like we do for other keys. E.g.:
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}
or
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}-suffix
To make it backwards-compatible, we could have the third element in the tuple here represent the default tag template when none is given, so e.g.
'extensions': ['extensions-container', 'extensions-container', '${STREAM}-extensions']
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I liked this idea when I first read it, but I'm starting to think it's not complete enough.
we also have the registry_repos.add_build_tag
piece that adds --tag=${params.VERSION}${tag_suffix}
so we'd have to split out tag_suffix
from quay.io/example/monorepo:${STREAM}-suffix
Maybe instead we should just add more flexibility in the config spec:
registry_repos:
kubevirt:
registry: quay.io/example/monorepo
tags:
- ${STREAM}-suffix
- ${VERSION}-suffix
IIUC we don't need to preserve backwards compat here because we use the latest pipeline code and latest pipecfg (i.e. there are only one copy of them for all branches and we can update them at the same time).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, making the templating bits a list works for me too! The add_build_tag
knob is definitely a bit of a hack, so it'd be good to get rid of it. The part about backcompat was more to provide a path to make this move more seamless, not that we can't change everything if we wanted to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok pushed a new upload that should take care of this.
Not sure about the tag suffix requirements, but the rest lgtm |
jobs/release.Jenkinsfile
Outdated
@@ -207,6 +207,7 @@ lock(resource: "release-${params.STREAM}", extra: locks) { | |||
// OCP ART doesn't actually care what the tag name is (it's just to stop GC), we | |||
// hardcode it. | |||
def push_containers = ['oscontainer': ['ostree', 'base-oscontainer', ''], | |||
'kubevirt': ['kubevirt', 'kubevirt', ''], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed. We can't not add a suffix for this downstream. It'll conflict with the base-oscontainer. Upstream, we could push as quay.io/fedora/fedora-coreos-kubevirt:stable-kubevirt
, but that looks awkward. Probably time to make this configurable. One idea is to make it templated, like we do for other keys. E.g.:
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}
or
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}-suffix
To make it backwards-compatible, we could have the third element in the tuple here represent the default tag template when none is given, so e.g.
'extensions': ['extensions-container', 'extensions-container', '${STREAM}-extensions']
If not specified the code will default to all built arches. We need this because we'll be adding kubevirt soon and it will only be built for x86_64. See also coreos/coreos-assembler#3436
For Fedora CoreOS we'll ship to quay.io/fedora/fedora-coreos-kubevirt. See coreos/fedora-coreos-tracker#1126 (comment)
This is going to be handled by the container pushing code in the release job so we don't need it here. The buildextend-kubevirt --upload pieces were also removed in coreos/coreos-assembler@a4cf183 so it doesn't work anyway.
ok I pushed up a new upload here. This should handle all outstanding concerns. I tested this in the downstream devel pipeline. |
Let's hold this until this week's releases are out. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we prefix the last commit title with e.g. config:
?
Also, there's a "wentb" typo in the last commit message.
docs/config.yaml
Outdated
registry: quay.io/fedora/fedora-coreos | ||
tags: ["${STREAM}"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should add REQUIRED
markers on these and docstrings for consistency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added REQUIRED docstrings
oscontainer: quay.io/fedora/fedora-coreos | ||
oscontainer: | ||
registry: quay.io/fedora/fedora-coreos | ||
tags: ["${STREAM}"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know it seems obvious since we're using it in the examples, but for completeness, can we explicitly document the supported variables?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did in the first instance; didn't for the others.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could even drop the REQUIRED
comments in the following ones, but cool as is too!
utils.groovy
Outdated
// this is a boolean option, not a registry repo | ||
continue | ||
} | ||
if (registry_repos."${repo}".tags) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor/optional: could also do
registry_repos[repos].tags
which looks cleaner.
config.yaml
Outdated
oscontainer: quay.io/fedora/fedora-coreos | ||
kubevirt: quay.io/fedora/fedora-coreos-kubevirt | ||
oscontainer: | ||
registry: quay.io/fedora/fedora-coreos |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I guess technically this key should be called repo
rather than registry
?
jobs/release.Jenkinsfile
Outdated
if (pipecfg.hotfix) { | ||
// this is a hotfix build; include the hotfix name | ||
// in the tag suffix so we don't clobber official | ||
// tags | ||
tag += "-hotfix-${pipecfg.hotfix.name}" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like it'd be cleaner to have this be part of get_registry_repos
now that it does tag stuff?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And then here we'd have:
def tag_args = registry_repos[configname].tags.collect{"--tag=$it"}
jobs/release.Jenkinsfile
Outdated
// in the tag suffix so we don't clobber official | ||
// tags | ||
tag_suffix += "-hotfix-${pipecfg.hotfix.name}" | ||
def repo = registry_repos[configname]['registry'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, interesting that here we went with the opposite notation. :) Regardless of which one we go with, let's have it match get_registry_repos
?
ok I think I addressed all comments. I need to run this through another round of testing; will report back on that in an hour. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor comments, but LGTM as is too!
oscontainer: quay.io/fedora/fedora-coreos | ||
oscontainer: | ||
registry: quay.io/fedora/fedora-coreos | ||
tags: ["${STREAM}"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could even drop the REQUIRED
comments in the following ones, but cool as is too!
docs/config.yaml
Outdated
@@ -113,17 +115,38 @@ s3: | |||
# OPTIONAL: container registry-related keys | |||
registry_repos: | |||
# OPTIONAL: repo to which to push oscontainer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor: maybe this now can be:
# OPTIONAL: repo to which to push oscontainer | |
# OPTIONAL: repo and tags to which to push oscontainer |
docs/config.yaml
Outdated
@@ -113,17 +115,38 @@ s3: | |||
# OPTIONAL: container registry-related keys | |||
registry_repos: | |||
# OPTIONAL: repo to which to push oscontainer | |||
oscontainer: quay.io/fedora/fedora-coreos | |||
oscontainer: | |||
# REQUIRED: repo to which to push oscontainer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor: and here, just
# REQUIRED: repo to which to push oscontainer | |
# REQUIRED: repo name |
For the commit title, how about something like:
? |
Sorry I forgot about this in the last upload. New upload just landed with fixes. I'll start testing this now. |
This commit updates the config to be able to specify which tags to push to inside the registry_repos definition. For example, we went from: oscontainer: quay.io/fedora/fedora-coreos to: oscontainer: repo: quay.io/fedora/fedora-coreos tags: ["${STREAM}"] This allows us to do things like embed any needed "tag_suffix" in the config rather than in the code. i.e. downstream now our extensions container entry will look like: extensions: repo: quay.io/openshift-release-dev/ocp-v4.0-art-dev tags: ["${STREAM}-extensions", "${VERSION}-extensions"] It also means we can now get rid of the `add_build_tag` hack that we had in the past.
ok this seems to pass in some basic testing. |
How you are testing this? 👀 |
Downstream devel pipeline. Look at the most recent runs of the release job. |
No description provided.