container_pull: return the resolved digest to bazel and support overriding platform #544
Conversation
ixdy
force-pushed
the
bazel-sync-digest
branch
3 times, most recently
from
fb19de9
to
258022a
Compare
|
Thanks for sending this PR. It looks good overall. Lets get the change in containerregistry submitted and then return to this. |
ixdy
force-pushed
the
bazel-sync-digest
branch
3 times, most recently
from
65c926b
to
c490b27
Compare
|
testing 1 2 3 |
|
gubernator confirmed - https://k8s-gubernator.appspot.com/pr/ixdy |
|
/assign @erain |
|
/unassign @erain |
ixdy
force-pushed
the
bazel-sync-digest
branch
from
c490b27
to
b73121d
Compare
|
google/containerregistry update now included. this should be good to go. |
There was a problem hiding this comment.
Hi @ixdy ,
thanks again for sending this PR.
Let's try to add a test for it:
- add a new container_pull target in the WORKSPACE for a multi-platform image (and pick something other than linux / amd64?)
- add a container_test to https://github.com/bazelbuild/rules_docker/blob/master/tests/docker/BUILD that uses the image you just pulled. Test can have a metadata test and checl some property of the container that you would expect only be present for the given platform/os, (or you could use a file check that verifies the digest, if that is expected to be different for different platform/os)
Testing the resolved digest:
- Not sure how to do this one, I think we might need to expose the digest_result in a file produced by the container_pull rule, this would allow us to then add a file test (like https://github.com/bazelbuild/rules_docker/blob/master/tests/docker/BUILD#L168) that checks the file exists.
Please let me know if you have questions about how to add these tests.
|
hi @ixdy , do you think you can try to set up tests for this PR? |
|
Yeah, I was starting to work on tests, then ran into google/containerregistry#128, and then I got busy with some other project work. I hope to get back to this by the end of the week, though we'll need a new containerregistry release, too. |
|
er, wrong issue, I meant google/containerregistry#127. |
|
(though google/containerregistry#128 means that windows images aren't supported currently) |
|
right, forgot about google/containerregistry#127, sgtm, if you need any help with extra reviews for containerregistry changes let me know. And bummer about google/containerregistry#128, but imo its not a priority to get windows working. (I'm not in a hurry to see this in either, just wanted to check up on status, so take your time) |
ixdy
force-pushed
the
bazel-sync-digest
branch
from
b73121d
to
1a7b1fd
Compare
|
I've updated to containerregistry v0.0.34 and added some tests on multi-platform images. I'm still working on testing the resolved digest. |
|
(I also still need to update the README) |
ixdy
force-pushed
the
bazel-sync-digest
branch
2 times, most recently
from
907cd11
to
e79e94f
Compare
There was a problem hiding this comment.
I added some partial testing around the digests by checking that the digest file written by puller.par matches expectations. I'm not sure if there's a good way to test the return value of the container_pull rule itself.
I've also updated the README, so I think this is now ready for another review pass.
| "os_features": attr.string_list(), | ||
| "architecture": attr.string(default = "amd64"), | ||
| "cpu_variant": attr.string(), | ||
| "platform_features": attr.string_list(), |
There was a problem hiding this comment.
I'm not particularly happy about the name of this attribute, but features is a reserved attribute.
The docker manifest list spec refers to this as CPU features, but the OCI image index spec just says it's a reserved field.
There was a problem hiding this comment.
I haven't found any images that actually use features yet.
ixdy
force-pushed
the
bazel-sync-digest
branch
from
e79e94f
to
4aafcf7
Compare
ixdy
force-pushed
the
bazel-sync-digest
branch
from
4aafcf7
to
d18b6e2
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ixdy, nlopezgi If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This potentially fixes #543.
It's roughly modeled after the fix for
git_repositoryin bazelbuild/bazel@b42734f.It depends on google/containerregistry#113 (and a corresponding update of that dependency in
rules_docker), so this should not be merged as-is.