-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an option to publish stack images directly #243
Conversation
Instead of outputing OCI image files, this commit adds a `--publish` flag which signals `jam` to instead upload the created images directly to a registry. It will upload to the image reference listed in the `--buildOutput` and `--runOutput` arguments (instead of a path, use an image reference like `docker.io/foo/bar:0.0.2`. Internally, this splits the client.Export code into two parts. One part that outputs the images to a temporary directory and antoher that either converts to an OCI file or uploads directly to the registry. Signed-off-by: Daniel Mikusa <dan@mikusa.com>
Thanks @dmikusa . The code generally looks fine to me. I have one small observation, which is inline. As far as the integration testing, I think it's possible to set up an integration test against a docker repository, but that would require some changes to the test structure:
However, I have a more general concern: how we would use this in our CI pipeline. As-is, the stacks pipelines could leverage this new feature by publishing the stack at the end of the pipeline using
This leads me to suggest either an addition to or a replacement for this PR: the idea of publishing pre-built stacks. I can see the value in I think this additional command would be called something like Alternatively, I could see a change to our pipeline process which would allow us to use the behavior in this PR and also meet the two goals above. If we build and publish the stack with a temporary version tag (e.g. My preference would be to add Looking at those two commands, I'd expect them to have a similar set of flags, so rather than re-using So the two-phase command pair would look like the following:
and the all-in-one command would look like:
In sketching this out, I see some optimizations we could make with flag handling. For example if you provide |
I don't think that should be hard, and I agree it should be able to use upload in both places. It will have to extract the tgz to a temp folder, so there's a little extra I/O but nothing too bad, then push from the folder. Not a big deal, so I'll make that change (add
I was trying to avoid complicated flag handling, but I can give this a shot. Hopefully, it won't be too bad 🤞 |
Yeah. I think we can avoid those optimizations to start with. We can always introduce them later - they won't be breaking changes - so feel free to do the simplest thing for this PR. |
This commit adjusts the code so that it will always export the OCI image file. It will then optionally publish depending on the presence of the `--publish` flag. If needed, we can always add another flag to control exporting. Signed-off-by: Daniel Mikusa <dan@mikusa.com>
- Adds publish-stack command that takes OCI image files and publishes them - Modifies create-stack so that it has separate output and reference flags Signed-off-by: Daniel Mikusa <dan@mikusa.com>
@robdimsdale Requested changes have been submitted. I went slightly differently with the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great. I have one minor comment about the flag description (inline) but otherwise I think this is good to go.
Perfect. I think that's an intuitive UI and I agree it simplifies the code too. |
Signed-off-by: Daniel Mikusa <dan@mikusa.com>
Signed-off-by: Daniel Mikusa <dan@mikusa.com>
@robdimsdale I fixed the issue you mentioned as well as the code quality issues reported. I don't think we'd run into symlinks like that, but it doesn't hurt to try and protect from that problem. When you get a second, needs your review again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great - thanks for cleaning up the potential tar expansion issues. I agree we're unlikely to encounter them, so I was willing to merge without addressing them, but it is better to handle them.
Thanks @robdimsdale - I don't want to be pushy, could we cut a release to get this out? Or do you have plans for the time frame of the next release? |
Already cut a new release @dmikusa :) |
Summary
Instead of outputing OCI image files, this PR adds a
--publish
flag which signalsjam
to instead upload the created images directly to a registry. It will upload to the image reference listed in the--buildOutput
and--runOutput
arguments (instead of a path, use an image reference likedocker.io/foo/bar:0.0.2
.Internally, this splits the
client.Export
code into two parts. One part outputs the images to a temporary directory and another converts them to an OCI file or uploads them directly to the registry.Here's the output of a
jam create-stack
using this upload functionality:Use Cases
The main problem with using the existing Export functionality and then uploading images with a tool like
skopeo
is that it cannot yet deal with multi-architecture images. Since we're trying to add this functionality to Paketo stacks, something needs to change.This was a small code change to jam that adds the functionality necessary to upload images. It should also shorten pipelines because now you don't need the actual files. The images go directly to the registry. If you then need to tag or copy them to other registries you can efficiently do that with
skopeo
orcrane
.Question
I don't really know how to test the addition here. An integration test isn't really possible because you'd need an external registry as part of that test. There also doesn't seem to be an easy way to mock out this functionality, nor would that provide a lot of benefits.
I tried to break down the code such that the existing tests for Export would exercise most of the functionality and the rest is just a few calls to go-containerregistry which does the hard work and is already well tested. If you feel like we need a test and have ideas about how we could go about that, I'd be happy to add one. Just let me know.
I'm not 100% sure how well this will fit into the existing CI for stacks. This is going to publish directly to the registry and right now, I believe the build and publish are separate steps. Correct me if I'm wrong, but it looks like the build step runs and then saves the OCI image files to the GitHub release. We then have
skopeo
come by and upload those files to the registry.If it would help, we could make the publish command be done in addition to the Export, instead of only running one or the other. That might be easier to fit into the CI, as you'd still get the OCI image files. Regardless of what happens, something is going to need to change with CI because
skopeo
can't upload multi-arch images (at least not right now), so CI is going to fail when it tries to do that.I'm not an expert on these pipelines, so feel free to ignore this, but a couple ideas:
I'm open to something else as well, just let me know.
Checklist