-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Embed build info into the docker image instead of relying on runtime variables. #22930
Conversation
ea0dc7b
to
68156b4
Compare
b619b89
to
ec052e8
Compare
1bd77b3
to
96337d4
Compare
96337d4
to
2da734e
Compare
6fd59d5
to
cff36e2
Compare
Makefile-os
Outdated
# Values that are not saved to .env | ||
# but should be set in the docker image | ||
# default to static values to prevent | ||
# invalidating docker build cache |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this written as a haiku? 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not intended, but now it is an actual haiku 👍
cff36e2
to
3649368
Compare
3649368
to
b64d766
Compare
'DOCKER_VERSION', | ||
'DOCKER_BUILD', | ||
]; | ||
it('.services.(web|worker).environment excludes build info variables', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forgot to add this last time: I'm not clear what this is testing, exactly. What aren't we including in the web/worker envs, and why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We exclude variables that could be interpreted as build info such as the DOCKER_COMMIT, DOCKER_VERSION and (eventually) DOCKER_TARGET. You don't want to live in a world where you build with one commit/version and then run the container with another value set (arbitrarily) and then your container thinks it is a different image.. This test confirms that the variables that are used in the build info file are NOT available on the environment of the container.
e0c4c07
to
f988d74
Compare
- Updated Dockerfile to create a build info file containing static build variables (commit, version, build, target) that are now read-only at runtime. - Modified get_version_json function to read build information from the newly created build info file instead of relying on environment variables. - Introduced REQUIRED_VERSION_KEYS to ensure all necessary keys are present in version.json during checks. - Enhanced tests to validate the presence of required version keys and ensure proper functionality of the get_version_json method. - Updated docker-bake.hcl to maintain consistency in build arguments. TMP: use json instead Update src/olympia/core/utils.py Co-authored-by: Andrew Williamson <awilliamson@mozilla.com>
f988d74
to
a094ce2
Compare
Fixes: mozilla/addons#15230
Description
Dockerfile
to expose build arguments and create a static build info file, ensuring that build variables are hard-coded and not overridden at runtime.get_version_json
function inutils.py
to read build information from the newly created static file, ensuring required keys are validated.test_apps.py
andtest_utils.py
to check for required version keys and validate the build info retrieval process.Context
Previously relying on runtime environment variables led to less consistent checks because runtime variables can change, where the underlying image cannot. Since we are mostly checking the underlying image, we should not rely on the runtime variables but instead the image itself.
Testing
Checklist
#ISSUENUM
at the top of your PR to an existing open issue in the mozilla/addons repository.