Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify that sidecars exist before declaring che devfile registry release successful #19490

Closed
nickboldt opened this issue Apr 1, 2021 · 6 comments
Closed

Verify that sidecars exist before declaring che devfile registry release successful #19490

nickboldt opened this issue Apr 1, 2021 · 6 comments
Assignees
@mkuznyetsov
Labels
area/ci CI build and releases, PR testing, & whitelabel/productization issues area/devfile-registry dependencies Pull requests that update a dependency file kind/task Internal things, technical debt, and to-do tasks to be performed.

Comments

@nickboldt
Copy link
Contributor

nickboldt commented Apr 1, 2021
edited
Loading

Is your task related to a problem? Please describe.

As seen in #19486 we had a situation w/ multiarch sidecar & happy path builds where...

  • the build failed to create the containers because not all arches requested to be built exist for the base images from which we're building...

  • despite failing to create sidecars, the devfile registry GH action thought all was well, and merrily reported success.

Describe the solution you'd like

We did a couple quickfixes today:

(needs validation -- we should have seen build failures for nightlies for the last week?)

But what we really need is a full validation of 'do the containers I need in the registry exist, and do the tags I expect also exist', like we do for other containers, eg., like this:

IMAGES_LIST=(
    quay.io/eclipse/che-endpoint-watcher
    quay.io/eclipse/che-keycloak
    quay.io/eclipse/che-postgres
    quay.io/eclipse/che-dev
    quay.io/eclipse/che-server
    quay.io/eclipse/che-dashboard-dev
    quay.io/eclipse/che-e2e
)

if [[ ${PHASES} == *"3"* ]] || [[ ${PHASES} == *"4"* ]]; then
    # verify images all created from IMAGES_LIST
    for image in "${IMAGES_LIST[@]}"; do
        verifyContainerExistsWithTimeout ${image}:${CHE_VERSION} 60
    done
fi

-- https://github.com/eclipse/che-release/blob/master/make-release.sh#L271-L286

image

Additional context

To compute a list of sidecar base images for the Che devfile registry, and then vet them for which arches they support:

curl -sSLo- https://raw.githubusercontent.com/eclipse-che/che-devfile-registry/master/arbitrary-users-patch/base_images | sed -r -e "s#che-.+ +##g" > /tmp/base-images.txt
for d in $(cat /tmp/base-images.txt); do if [[ $d != *"/"* ]]; then d=docker.io/$d; fi; echo; echo $d; skopeo inspect docker://${d} --raw | jq -r .manifests[].platform.architecture 2>&1 | tr "\n" " "; rm -f /tmp/out.txt; echo; done
rm -f  /tmp/base-images.txt

Output (where null = single arch, likely just amd64):

docker.io/antora/antora:2.3.3
null

registry.access.redhat.com/devtools/llvm-toolset-rhel7
amd64 ppc64le s390x 

mcr.microsoft.com/dotnet/core/sdk:2.2-stretch
null

mcr.microsoft.com/dotnet/core/sdk:3.1.301-buster
null

docker.io/golang:1.12-stretch
amd64 arm arm64 386 ppc64le s390x 

docker.io/golang:1.14-stretch
amd64 arm arm64 386 

docker.io/gradle:6.6.1-jdk11
amd64 arm arm64 ppc64le s390x 

docker.io/maven:3.6.3-jdk-11
amd64 arm64 

docker.io/maven:3.6.1-jdk-8
amd64 

docker.io/node:10.16
amd64 arm arm64 ppc64le s390x 

docker.io/node:12.18
amd64 arm arm64 

registry.access.redhat.com/ubi8/nodejs-10
amd64 arm64 ppc64le s390x 

registry.centos.org/che-stacks/centos-nodejs
null

quay.io/eclipse/che-php-base:7.4
null

centos/python-36-centos7:1
null

docker.io/python:3.8.6-slim
amd64 arm arm arm64 386 mips64le ppc64le s390x 

quay.io/quarkus/centos-quarkus-maven:21.0-java11
null

docker.io/rust:1.39.0-slim
amd64 arm arm64 386
@nickboldt nickboldt added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Apr 1, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Apr 1, 2021
@nickboldt nickboldt added area/devfile-registry area/ci CI build and releases, PR testing, & whitelabel/productization issues dependencies Pull requests that update a dependency file and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Apr 1, 2021
This was referenced Apr 1, 2021
Closed
Closed
@ericwill
Copy link
Contributor

It would be cool if we had a job that ran every night and checked that the digests in the base_images file are valid. That way we don't need to wait until release time to find out an image was deleted/moved etc.

@nickboldt
Copy link
Contributor Author

nickboldt commented Apr 19, 2021
edited
Loading

IMAGES_LIST array in the above sample code can be created from content in https://github.com/eclipse-che/che-devfile-registry/blob/master/arbitrary-users-patch/base_images ... every item in the left column maps to quay.io/eclipse/[image here]:[Che-release-tag]

checked that the digests in the base_images file are valid

What if we just regen the file and if a change is found, a PR is submitted?

Discussed this on 4/21, and @mkuznyetsov agreed to open a new issue for this work as a followup task to this issue, which should be resolved as of the 7.29.1 release.

@mkuznyetsov mkuznyetsov mentioned this issue Apr 21, 2021
Merged
9 tasks
@nickboldt nickboldt mentioned this issue Apr 21, 2021
Closed
16 tasks
@nickboldt
Copy link
Contributor Author

additional PR eclipse-che/che-devfile-registry#375 needed to fix missing script variable, wrong path to base images file, and avoid 20 sec waits before each check.

Also made the checks run in parallel instead of sequentially because hey, might as well go fast fast fast, right ?

@nickboldt
Copy link
Contributor Author

running to verify in https://github.com/eclipse-che/che-devfile-registry/runs/2410671243?check_suite_focus=true

@nickboldt
Copy link
Contributor Author 

2021-04-22T14:27:11.1831289Z        [1/3] Verify quay.io/eclipse/che-java11-maven:7.29.1 exists...
2021-04-22T14:27:11.1832126Z        [1/3] Verify quay.io/eclipse/che-java8-maven:7.29.1 exists...
2021-04-22T14:27:11.1833005Z        [1/3] Verify quay.io/eclipse/che-nodejs10-community:7.29.1 exists...
2021-04-22T14:27:11.1833932Z        [1/3] Verify quay.io/eclipse/che-nodejs12-community:7.29.1 exists...
2021-04-22T14:27:11.1834803Z        [1/3] Verify quay.io/eclipse/che-nodejs10-ubi:7.29.1 exists...
2021-04-22T14:27:11.1835641Z        [1/3] Verify quay.io/eclipse/che-nodejs8-centos:7.29.1 exists...
2021-04-22T14:27:11.1836456Z        [1/3] Verify quay.io/eclipse/che-php-7:7.29.1 exists...
2021-04-22T14:27:11.1837238Z        [1/3] Verify quay.io/eclipse/che-python-3.8:7.29.1 exists...
2021-04-22T14:27:11.1838028Z        [1/3] Verify quay.io/eclipse/che-quarkus:7.29.1 exists...
2021-04-22T14:27:11.1838797Z        [1/3] Verify quay.io/eclipse/che-rust-1.39:7.29.1 exists...

...

2021-04-22T14:27:11.9169554Z + echo '[INFO] Found quay.io/eclipse/che-cpp-rhel7:7.29.1 (tag = 7.29.1)'
...

@nickboldt
Copy link
Contributor Author

Followup in #19660

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkuznyetsov mkuznyetsov

Labels
area/ci CI build and releases, PR testing, & whitelabel/productization issues area/devfile-registry dependencies Pull requests that update a dependency file kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickboldt @mkuznyetsov @ericwill @che-bot