container_push: add doc about no transaction

When use container_push with skip_unchanged_digest, user often rely on the push process to (1) check for existence of the image in the registry and (2) push the image if (1) is false. This leave a time window between (1) and (2) where the image could have been pushed by an external process such as another CI job running in parallel. In such situation, depends on the container registry configuration, the push arrive later can either fail for attempting to override an already pushed image, or it will override the previously pushed image. There is no transactional guarantee that can help coordinate (1) and (2) in the current container registry spec. So let's document this edge case and advise users to work around by using some external distributed lock for running container_push target.
bazelbuild · May 26, 2022 · e76ca24 · e76ca24
1 parent 8e18bde
commit e76ca24
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/container/push.bzl b/container/push.bzl
@@ -170,7 +170,10 @@ container_push_ = rule(
         ),
         "skip_unchanged_digest": attr.bool(
             default = False,
-            doc = "Only push images if the digest has changed, default to False",
+            doc = "Check if the container registry already contain the image's digest. If yes, skip the push for that image. " +
+                  "Default to False. " +
+                  "Note that there is no transactional guarantee between checking for digest existence and pushing the digest. " +
+                  "This means that you should try to avoid running the same container_push targets in parallel.",
         ),
         "stamp": STAMP_ATTR,
         "tag": attr.string(