Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Onbuild triggers not cleared for downstream (grandchild) images #1308

Closed
imayobrown opened this issue Dec 31, 2019 · 5 comments · Fixed by #1324
Closed

Onbuild triggers not cleared for downstream (grandchild) images #1308

imayobrown opened this issue Dec 31, 2019 · 5 comments · Fixed by #1324
Labels
area/dockerfile kind/bug

Comments

@imayobrown
Copy link

Hi, we make heavy usage of ONBUILD instructions and base images to standardize our projects. We have found that when using the buildkit and building images from base images that specify ONBUILD instructions those triggers are not being cleared for grandchild images. It can be observed through both behavior and the json metadata returned from docker inpsect

To reproduce:

Base image foo-base with Dockerfile:

FROM alpine

ONBUILD COPY foo .

Child image foo-child with Dockerfile:

FROM foo-base

Grandchild image foo-grandchild with Dockerfile:

FROM foo-child

When built with the buildkit, foo-child image's docker inspect returns:

[
    {
        "Id": "sha256:fb13b3a850ec9a0d0784b507950b70447565f5ab9611b1e12ccdd7c6bc99fa0c",
        "RepoTags": [
            "foo-child:latest"
        ],
        "RepoDigests": [],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2019-12-31T17:11:03.347565717Z",
        "Container": "",
        "ContainerConfig": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": null,
            "Cmd": null,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "DockerVersion": "",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh"
            ],
            "ArgsEscaped": true,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": [
                "COPY foo ."
            ],
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 5533135,
        "VirtualSize": 5533135,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/d7c711b24349f28d464e2e0ee80f1a86429eece088658265b6ca7528b0fa2b8d/diff",
                "MergedDir": "/var/lib/docker/overlay2/2k3vmcj2hg16byj7qc3zajyty/merged",
                "UpperDir": "/var/lib/docker/overlay2/2k3vmcj2hg16byj7qc3zajyty/diff",
                "WorkDir": "/var/lib/docker/overlay2/2k3vmcj2hg16byj7qc3zajyty/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81",
                "sha256:392dcba5f80248ad344af9526e928fe4ca2dc9498465d7983f482050e42c1635"
            ]
        },
        "Metadata": {
            "LastTagTime": "2019-12-31T17:11:03.380829584Z"
        }
    }
]

When built without the buildkit the foo-child image's docker inspect returns:

[
    {
        "Id": "sha256:5695dd0f47a571223b10e61bad6cdf78c4f1b325e0eec88e4d9f8841581884fc",
        "RepoTags": [
            "foo-child:latest"
        ],
        "RepoDigests": [],
        "Parent": "sha256:8690bb907d3ccbd6c20b7e44a1470ec4e6933dbecc7a17ad04c053b5614624ba",
        "Comment": "",
        "Created": "2019-12-31T17:12:47.931653438Z",
        "Container": "",
        "ContainerConfig": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) COPY file:b72edb7d498ddd91e5c5116e4ce7a1eade15cdce38ca4f75b01ddff7c55f7e79 in . "
            ],
            "ArgsEscaped": true,
            "Image": "sha256:8690bb907d3ccbd6c20b7e44a1470ec4e6933dbecc7a17ad04c053b5614624ba",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "DockerVersion": "19.03.5",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh"
            ],
            "ArgsEscaped": true,
            "Image": "sha256:8690bb907d3ccbd6c20b7e44a1470ec4e6933dbecc7a17ad04c053b5614624ba",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 5533135,
        "VirtualSize": 5533135,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/d7c711b24349f28d464e2e0ee80f1a86429eece088658265b6ca7528b0fa2b8d/diff",
                "MergedDir": "/var/lib/docker/overlay2/2k3vmcj2hg16byj7qc3zajyty/merged",
                "UpperDir": "/var/lib/docker/overlay2/2k3vmcj2hg16byj7qc3zajyty/diff",
                "WorkDir": "/var/lib/docker/overlay2/2k3vmcj2hg16byj7qc3zajyty/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81",
                "sha256:392dcba5f80248ad344af9526e928fe4ca2dc9498465d7983f482050e42c1635"
            ]
        },
        "Metadata": {
            "LastTagTime": "2019-12-31T17:12:47.960151312Z"
        }
    }
]

The ContainerConfig.OnBuild values differ between the two of these.

When building foo-grandchild from foo-child built with the buildkit you get the following output:

[+] Building 0.1s (7/7) FINISHED
 => [internal] load build definition from Dockerfile.test
 => => transferring dockerfile: 62B                                                                                                                                                                                                      
 => [internal] load .dockerignore
 => => transferring context: 2B
 => [internal] load metadata for docker.io/library/foo-child:latest
 => [internal] load build context
 => => transferring context: 22B
 => CACHED [1/1] FROM docker.io/library/foo-child
 => [2/1] COPY foo .
 => exporting to image
 => => exporting layers
 => => writing image sha256:234dff610e95e151906dda3ec74442a9a70451cf151bf2eb7eb0dda939ef9b74
 => => naming to docker.io/library/foo-grandchild

When building foo-grandchild from foo-child built without the buildkit you get the following output:

[+] Building 0.1s (5/5) FINISHED
 => [internal] load build definition from Dockerfile.test
 => => transferring dockerfile: 41B
 => [internal] load .dockerignore
 => => transferring context: 2B
 => [internal] load metadata for docker.io/library/foo-child:latest
 => CACHED [1/1] FROM docker.io/library/foo-child
 => exporting to image
 => => exporting layers
 => => writing image sha256:3282a1cf09eefdc3c282fc849b214ad17fe72df08e5aae49d946a22ea1624aba
 => => naming to docker.io/library/foo-grandchild

Is this behavior intended? The divergence in behavior between the old builder and the buildkit is causing some of our builds to fail. If you need any additional information please let me know.
@FernandoMiguel
Copy link
Collaborator

FYI onbuild is deprecated
docker-library/official-images#2076

@imayobrown
Copy link
Author

imayobrown commented Dec 31, 2019
edited

FYI onbuild is deprecated
docker-library/official-images#2076

I'm a bit confused by that link. It looks to me like the onbuild variants of some/all official images are deprecated. Is this meant to communicate that the ONBUILD instruction is deprecated? Is there some communication of this in the official documentation?

There also seems to be some work from earlier this year (after that deprecation issue was closed) on enhancing the ONBUILD functionality in the buildkit #816.

@FernandoMiguel
Copy link
Collaborator

I've seen some other comments that it was heading that way

#816 (comment)

@imayobrown
Copy link
Author

I've seen some other comments that it was heading that way

#816 (comment)

From this comment #816 (comment) it looks like its still supported.

@tonistiigi tonistiigi mentioned this issue Jan 14, 2020
Merged
@imayobrown
Copy link
Author

Thanks for the quick fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dockerfile kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dockerfile: clear onbuild rules after triggering tonistiigi/buildkit
3 participants
@FernandoMiguel @tonistiigi @imayobrown