-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: push Dockerfile to registry #1129
feat: push Dockerfile to registry #1129
Conversation
cae09d3
to
dea4b84
Compare
883d38b
to
1859ba7
Compare
bca31e5
to
9968d21
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll also note that it will not be possible for the release service (or any other consumer) to verify that the content of the .dockerfile
image is still the same as what the build pipeline pushed. Which is probably fine, IIUC the Dockerfile image is probably just a nice-to-have informational kind of thing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you consider making a separate task for pushing the Dockerfile to the registry? It doesn't really make any sense to me have it as part of the build tasks
I haven't seen any necessity to make a separate task. As an associated artifacts images like .sbom and .att, it is natural to push it as a step of the build. |
Our tasks don't really make sense as upstream parts of the Tekton ecosystem. Now we're injecting this functionality into every build task because that's more convenient for the Red Hat container catalog. On the other hand, there is no good mechanism for sharing artifacts between tasks - other than Trusted Artifacts, which involves pushing to the registry in some form anyway. |
f5d5e79
to
2e8a3ba
Compare
2e8a3ba
to
169ad6a
Compare
PTAL. The previous changes are reworked by adding a new Tekton task |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, this looks better to me 👍
annotations: | ||
tekton.dev/pipelines.minVersion: "0.12.1" | ||
tekton.dev/tags: "image-build, appstudio" | ||
name: push-build-file-oci-ta |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add the recipe.yaml
(every oci-ta task should have one) for this task, so that auto-generation works properly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
FYI, I think the failing ec-tasks-check should be resolved by rebasing on main |
471879c
to
fef74dc
Compare
Rebased. Added recipel.yaml and add a task result |
12d6689
to
74faefc
Compare
/retest |
74faefc
to
2b12446
Compare
The task |
STONEBLD-2522 Add a new task push-dockerfile to push Dockerfile to registry as an OCI artifact. Task is configurable to accept varaints of Dockerfile with different names, like Containerfile. Use `oras pull' to get the image. This new task is added to docker-build pipeline and enabled by default. Trusted Artifacts version of push-dockerfile is created accordingly and updated into the docker-build-oci-ta pipeline. Signed-off-by: Chenxiong Qi <[email protected]>
6c761c5
to
ca7141d
Compare
Squashed all commits and rebased. |
STONEBLD-2522
Add a new task push-dockerfile to push Dockerfile to registry as an OCI
artifact.
Task is configurable to accept varaints of Dockerfile with different
names, like Containerfile.
Use `oras pull' to get the image.
This new task is added to docker-build pipeline and enabled by default.
Trusted Artifacts version of push-dockerfile is created accordingly and
updated into the docker-build-oci-ta pipeline.