Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support using local image tarballs with FROM #52

Merged
merged 1 commit into from
Jan 8, 2021
Merged

support using local image tarballs with FROM #52

merged 1 commit into from
Jan 8, 2021

Conversation

vito
Copy link
Member

@vito vito commented Jan 8, 2021
edited
Loading

This adds 'image args', configurable with IMAGE_ARG_* - similar to BUILD_ARG_*, only the value points to an image tarball.

The image tarball will be loaded and served by a local registry, and a reference to the image in the local registry will be provided as the build arg.

To use this, you must modify your Dockerfile like so:

ARG base_image=ubuntu
FROM ${base_image}

Then, when running oci-build-task, specify:

params:
  IMAGE_ARG_base_image: ubuntu/image.tar

This will remain forward compatible if we ever switch to Kaniko (#46), which would also require using build args as Kaniko image caching requires a full digest to be specified in FROM.

fixes #1
closes #2
closes #3
closes #14

@vito
support using local image tarballs with FROM
bb2f5be 
This adds 'image args', configurable with IMAGE_ARG_* - similar to
BUILD_ARG_*, only the value points to an image tarball.

The image tarball will be loaded and served by a local registry, and a
reference to the image in the local registry will be provided as the
build arg.

To use this, you must modify your Dockerfile like so:

  ARG base_image=ubuntu
  FROM ${base_image}

Then, when running oci-build-task, specify:

  params:
    IMAGE_ARG_base_image: ubuntu/image.tar

This will remain forward compatible if we ever switch to Kaniko (#46),
which would also require using build args as Kaniko image caching
requires a full digest to be specified in FROM.

fixes #1
closes #2
closes #3
closes #14

Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
This was referenced Jan 8, 2021
Closed
Closed
Closed
@vito vito merged commit 38fb352 into master Jan 8, 2021
@vito
Copy link
Member Author

vito commented Jan 11, 2021

just FYI: seeing issues with this, reproducible in a local test but haven't found the root cause yet. building works fine but the resulting image seems corrupt in some way (fails with unexpected EOF when trying to unpack). will ship this as soon as I figure that out.

@vito
Copy link
Member Author

vito commented Jan 12, 2021

just FYI: seeing issues with this, reproducible in a local test but haven't found the root cause yet. building works fine but the resulting image seems corrupt in some way (fails with unexpected EOF when trying to unpack). will ship this as soon as I figure that out.

fixed in f4c893c

@vito vito deleted the image-args branch January 12, 2021 16:52
@ringods ringods mentioned this pull request Mar 2, 2021
Closed
@cpadgett-comcast
Copy link

For those who end up here, there are some gotchas to the solution above:

  1. The variable name used for FROM ${base_image} must be all lowercase, otherwise the build will fail with an error similar to failed to parse stage name "localhost:34785/DOCKERFILE_FROM_IMAGE": invalid reference format: repository name must be lowercase

  2. The FROM image being used locally must specify the parameter format: oci, otherwise the build will fail with an error similar to failed to build: create local image registry: image from path: open base-image/image.tar: no such file or directory

  3. The FROM image must be an input to the task, otherwise you will get the same error as 2 above.

  4. The outputs for the image building task must be image, otherwise the build will fail with an error similar to no files match glob 'some-mistaken-output-image-name/image.tar'

Example pipeline

build-docker-image.yaml

---
platform: linux

image_resource:
  type: registry-image
  source:
    repository: concourse/oci-build-task

inputs:
- name: image-src
  path: .
- name: docker-from-image

outputs:
- name: image

run:
  path: build

Dockerfile

ARG  dockerfile_from_image=repository/url/path/image:tag
FROM ${dockerfile_from_image}

<more-dockerfile-stuff>

pipeline.yaml

resources:
- name: concourse-tasks-repo
  type: git
  source:
    uri: ((concourse_tasks_repo))
    branch: ((concourse_tasks_release_branch))

- name: tools-image-source-repo
  type: git
  source:
    uri: ((tools_image_src_repo))
    branch: ((tools_image_src_release_branch))

- name: tools-from-image
  type: registry-image
  source:
    repository: "((tools_from_image_docker_repo))"
    username: ((dockerregistry.username))  # store your secrets in a secrets manager like Vault
    password: ((dockerregistry.password))  # store your secrets in a secrets manager like Vault

- name: tools-image
  type: registry-image
  source:
    repository: "((tools_image_docker_repo))"
    username: ((dockerregistry.username))  # store your secrets in a secrets manager like Vault
    password: ((dockerregistry.password))  # store your secrets in a secrets manager like Vault

jobs:
- name: build-and-push-tools-image
  plan:
  - in_parallel:
      fail_fast: true
      steps:
      - get: concourse-tasks-repo
        trigger: true
      - get: tools-from-image
        params:
          format: oci
        trigger: true

  - task: build-tools-image
    privileged: true
    file: "concourse-tasks-repo/build-docker-image.yml"
    input_mapping:
      docker-from-image: tools-from-image
      image-src: tools-image-source-repo
    output_mapping:
      image: built-tools-image
    params:
      IMAGE_ARG_dockerfile_from_image: docker-from-image/image.tar

  - put: tools-image
    params:
      image: built-tools-image/image.tar

karlbaker02 pushed a commit to alphagov/govuk-infrastructure that referenced this pull request Sep 8, 2021
Specify govuk-ruby-2.7.X as base image for building app images
b8b587f 
This commit updates the `build-images` pipeline to specify the `govuk-ruby-2.7.X` image as the base image for building app images.

There are a [number of different ways to do this](concourse/oci-build-task#14) but this commit uses makes use of the [`IMAGE_ARG_*` param as part of the `vito/oci-build-task` resource](concourse/oci-build-task#52) which allows us to use image resources already defined in the pipeline within our Dockerfiles, where the base image is served from a registry local to the pipeline. It does this by bringing in these images as resources, namespaced under separate ECR repositories, then passing in the appropriate image to the build process via the `IMAGE_ARG_base_image` param (reflected in app `Dockerfile`s); the `FROM` command in said `Dockerfile`s then point to the correct ECR repository for the `govuk-ruby-2.7.X` base image (rather than to Docker Hub).
karlbaker02 pushed a commit to alphagov/govuk-infrastructure that referenced this pull request Sep 14, 2021
Specify govuk-ruby-2.7.X as base image for building app images
8730cd8 
This commit updates the `build-images` pipeline to specify the `govuk-ruby-2.7.X` image as the base image for building app images.

There are a [number of different ways to do this](concourse/oci-build-task#14) but this commit uses makes use of the [`IMAGE_ARG_*` param as part of the `vito/oci-build-task` resource](concourse/oci-build-task#52) which allows us to use image resources already defined in the pipeline within our Dockerfiles, where the base image is served from a registry local to the pipeline. It does this by bringing in these images as resources, namespaced under separate ECR repositories, then passing in the appropriate image to the build process via the `IMAGE_ARG_base_image` param (reflected in app `Dockerfile`s); the `FROM` command in said `Dockerfile`s then point to the correct ECR repository for the `govuk-ruby-2.7.X` base image (rather than to Docker Hub).
karlbaker02 pushed a commit to alphagov/govuk-infrastructure that referenced this pull request Sep 14, 2021
Specify govuk-ruby-2.7.X as base image for building app images
3fbbc90 
This commit updates the `build-images` pipeline to specify the `govuk-ruby-2.7.X` image as the base image for building app images.

There are a [number of different ways to do this](concourse/oci-build-task#14) but this commit uses makes use of the [`IMAGE_ARG_*` param as part of the `vito/oci-build-task` resource](concourse/oci-build-task#52) which allows us to use image resources already defined in the pipeline within our Dockerfiles, where the base image is served from a registry local to the pipeline. It does this by bringing in these images as resources, namespaced under separate ECR repositories, then passing in the appropriate image to the build process via the `IMAGE_ARG_base_image` param (reflected in app `Dockerfile`s); the `FROM` command in said `Dockerfile`s then point to the correct ECR repository for the `govuk-ruby-2.7.X` base image (rather than to Docker Hub).
rtrinque pushed a commit to alphagov/govuk-infrastructure that referenced this pull request Sep 14, 2021
@rtrinque
Specify govuk-ruby-2.7.X as base image for building app images
348dee0 
This commit updates the `build-images` pipeline to specify the `govuk-ruby-2.7.X` image as the base image for building app images.

There are a [number of different ways to do this](concourse/oci-build-task#14) but this commit uses makes use of the [`IMAGE_ARG_*` param as part of the `vito/oci-build-task` resource](concourse/oci-build-task#52) which allows us to use image resources already defined in the pipeline within our Dockerfiles, where the base image is served from a registry local to the pipeline. It does this by bringing in these images as resources, namespaced under separate ECR repositories, then passing in the appropriate image to the build process via the `IMAGE_ARG_base_image` param (reflected in app `Dockerfile`s); the `FROM` command in said `Dockerfile`s then point to the correct ECR repository for the `govuk-ruby-2.7.X` base image (rather than to Docker Hub).
suhlig referenced this pull request in suhlig/concourse-task-library Aug 1, 2022
@suhlig
Add input for optional base image
725edae 
See https://github.com/concourse/oci-build-task/pull/52\#issuecomment-892907161 for an example.
@holgerstolzenberg holgerstolzenberg mentioned this pull request Sep 28, 2022
Closed
@imsodin imsodin mentioned this pull request Jan 17, 2023
Open
jameshochadel added a commit to cloud-gov/common-pipelines that referenced this pull request Aug 4, 2023
@jameshochadel
Try params suggested in original GitHub PR
8e7cf7b 
Source: concourse/oci-build-task#52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@vito @cpadgett-comcast