add support for kubevirt container image pushing #860
Conversation
jobs/release.Jenkinsfile
Outdated
| @@ -207,6 +207,7 @@ lock(resource: "release-${params.STREAM}", extra: locks) { | |||
| // OCP ART doesn't actually care what the tag name is (it's just to stop GC), we | |||
| // hardcode it. | |||
| def push_containers = ['oscontainer': ['ostree', 'base-oscontainer', ''], | |||
| 'kubevirt': ['kubevirt', 'kubevirt', ''], | |||
There was a problem hiding this comment.
I think this one is tricky because I think upstream we don't want a tag suffix, but downstream we do.
@jlebon does that match your understanding?
There was a problem hiding this comment.
Indeed. We can't not add a suffix for this downstream. It'll conflict with the base-oscontainer. Upstream, we could push as quay.io/fedora/fedora-coreos-kubevirt:stable-kubevirt, but that looks awkward. Probably time to make this configurable. One idea is to make it templated, like we do for other keys. E.g.:
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}or
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}-suffixTo make it backwards-compatible, we could have the third element in the tuple here represent the default tag template when none is given, so e.g.
'extensions': ['extensions-container', 'extensions-container', '${STREAM}-extensions']There was a problem hiding this comment.
I liked this idea when I first read it, but I'm starting to think it's not complete enough.
we also have the registry_repos.add_build_tag piece that adds --tag=${params.VERSION}${tag_suffix} so we'd have to split out tag_suffix from quay.io/example/monorepo:${STREAM}-suffix
Maybe instead we should just add more flexibility in the config spec:
registry_repos:
kubevirt:
registry: quay.io/example/monorepo
tags:
- ${STREAM}-suffix
- ${VERSION}-suffix
IIUC we don't need to preserve backwards compat here because we use the latest pipeline code and latest pipecfg (i.e. there are only one copy of them for all branches and we can update them at the same time).
There was a problem hiding this comment.
Yup, making the templating bits a list works for me too! The add_build_tag knob is definitely a bit of a hack, so it'd be good to get rid of it. The part about backcompat was more to provide a path to make this move more seamless, not that we can't change everything if we wanted to.
There was a problem hiding this comment.
ok pushed a new upload that should take care of this.
|
Not sure about the tag suffix requirements, but the rest lgtm |
jobs/release.Jenkinsfile
Outdated
| @@ -207,6 +207,7 @@ lock(resource: "release-${params.STREAM}", extra: locks) { | |||
| // OCP ART doesn't actually care what the tag name is (it's just to stop GC), we | |||
| // hardcode it. | |||
| def push_containers = ['oscontainer': ['ostree', 'base-oscontainer', ''], | |||
| 'kubevirt': ['kubevirt', 'kubevirt', ''], | |||
There was a problem hiding this comment.
Indeed. We can't not add a suffix for this downstream. It'll conflict with the base-oscontainer. Upstream, we could push as quay.io/fedora/fedora-coreos-kubevirt:stable-kubevirt, but that looks awkward. Probably time to make this configurable. One idea is to make it templated, like we do for other keys. E.g.:
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}or
registry_repos:
kubevirt: quay.io/example/monorepo:${STREAM}-suffixTo make it backwards-compatible, we could have the third element in the tuple here represent the default tag template when none is given, so e.g.
'extensions': ['extensions-container', 'extensions-container', '${STREAM}-extensions']
If not specified the code will default to all built arches. We need this because we'll be adding kubevirt soon and it will only be built for x86_64. See also coreos/coreos-assembler#3436
For Fedora CoreOS we'll ship to quay.io/fedora/fedora-coreos-kubevirt. See coreos/fedora-coreos-tracker#1126 (comment)
This is going to be handled by the container pushing code in the release job so we don't need it here. The buildextend-kubevirt --upload pieces were also removed in coreos/coreos-assembler@a4cf183 so it doesn't work anyway.
|
ok I pushed up a new upload here. This should handle all outstanding concerns. I tested this in the downstream devel pipeline. |
|
Let's hold this until this week's releases are out. |
docs/config.yaml
Outdated
| registry: quay.io/fedora/fedora-coreos | ||
| tags: ["${STREAM}"] |
There was a problem hiding this comment.
Should add REQUIRED markers on these and docstrings for consistency.
There was a problem hiding this comment.
added REQUIRED docstrings
| oscontainer: quay.io/fedora/fedora-coreos | ||
| oscontainer: | ||
| registry: quay.io/fedora/fedora-coreos | ||
| tags: ["${STREAM}"] |
There was a problem hiding this comment.
I know it seems obvious since we're using it in the examples, but for completeness, can we explicitly document the supported variables?
There was a problem hiding this comment.
I did in the first instance; didn't for the others.
There was a problem hiding this comment.
We could even drop the REQUIRED comments in the following ones, but cool as is too!
utils.groovy
Outdated
| // this is a boolean option, not a registry repo | ||
| continue | ||
| } | ||
| if (registry_repos."${repo}".tags) { |
There was a problem hiding this comment.
Minor/optional: could also do
registry_repos[repos].tagswhich looks cleaner.
config.yaml
Outdated
| oscontainer: quay.io/fedora/fedora-coreos | ||
| kubevirt: quay.io/fedora/fedora-coreos-kubevirt | ||
| oscontainer: | ||
| registry: quay.io/fedora/fedora-coreos |
There was a problem hiding this comment.
Hmm, I guess technically this key should be called repo rather than registry?
jobs/release.Jenkinsfile
Outdated
| if (pipecfg.hotfix) { | ||
| // this is a hotfix build; include the hotfix name | ||
| // in the tag suffix so we don't clobber official | ||
| // tags | ||
| tag += "-hotfix-${pipecfg.hotfix.name}" | ||
| } |
There was a problem hiding this comment.
Seems like it'd be cleaner to have this be part of get_registry_repos now that it does tag stuff?
There was a problem hiding this comment.
And then here we'd have:
def tag_args = registry_repos[configname].tags.collect{"--tag=$it"}
jobs/release.Jenkinsfile
Outdated
| // in the tag suffix so we don't clobber official | ||
| // tags | ||
| tag_suffix += "-hotfix-${pipecfg.hotfix.name}" | ||
| def repo = registry_repos[configname]['registry'] |
There was a problem hiding this comment.
Hmm, interesting that here we went with the opposite notation. :) Regardless of which one we go with, let's have it match get_registry_repos?
|
ok I think I addressed all comments. I need to run this through another round of testing; will report back on that in an hour. |
| oscontainer: quay.io/fedora/fedora-coreos | ||
| oscontainer: | ||
| registry: quay.io/fedora/fedora-coreos | ||
| tags: ["${STREAM}"] |
There was a problem hiding this comment.
We could even drop the REQUIRED comments in the following ones, but cool as is too!
docs/config.yaml
Outdated
| @@ -113,17 +115,38 @@ s3: | |||
| # OPTIONAL: container registry-related keys | |||
| registry_repos: | |||
| # OPTIONAL: repo to which to push oscontainer | |||
There was a problem hiding this comment.
Minor: maybe this now can be:
| # OPTIONAL: repo to which to push oscontainer | |
| # OPTIONAL: repo and tags to which to push oscontainer |
docs/config.yaml
Outdated
| @@ -113,17 +115,38 @@ s3: | |||
| # OPTIONAL: container registry-related keys | |||
| registry_repos: | |||
| # OPTIONAL: repo to which to push oscontainer | |||
| oscontainer: quay.io/fedora/fedora-coreos | |||
| oscontainer: | |||
| # REQUIRED: repo to which to push oscontainer | |||
There was a problem hiding this comment.
Minor: and here, just
| # REQUIRED: repo to which to push oscontainer | |
| # REQUIRED: repo name |
|
For the commit title, how about something like:
? |
Sorry I forgot about this in the last upload. New upload just landed with fixes. I'll start testing this now. |
This commit updates the config to be able to specify which tags to
push to inside the registry_repos definition. For example, we went
from:
oscontainer: quay.io/fedora/fedora-coreos
to:
oscontainer:
repo: quay.io/fedora/fedora-coreos
tags: ["${STREAM}"]
This allows us to do things like embed any needed "tag_suffix" in
the config rather than in the code. i.e. downstream now our extensions
container entry will look like:
extensions:
repo: quay.io/openshift-release-dev/ocp-v4.0-art-dev
tags: ["${STREAM}-extensions", "${VERSION}-extensions"]
It also means we can now get rid of the `add_build_tag` hack that
we had in the past.
|
ok this seems to pass in some basic testing. |
How you are testing this? 👀 |
Downstream devel pipeline. Look at the most recent runs of the release job. |
No description provided.