New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build our own caddy image #61881
Build our own caddy image #61881
Conversation
The old setup resulted in a circular dep where if you added a new image, then to trigger an update you had to edit an existing lockfile. Ideally we'd only invalidate when a wolfi-images/*.lock.json file changes, but unsure if this is possible
wolfi-images/repo.bzl
Outdated
# Used to invalidate this repository when any lockfiles change. | ||
rctx.path(rctx.path("wolfi-images")) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Strum355 this works in some basic testing but not sure if there's a cleaner way to handle this. The issue I ran into was after adding the caddy image's yaml and lock.json files, the new lockfile wasn't in the dependency list -> repo wasn't invalidated -> repo isn't added to list -> GOTO 1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use rctx.watch("wolfi-images")
for this now that we're on bazel 7.1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, youll want rctx.watch_tree
given this is a directory
Tested the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
love a streamlined process
We currently just retag the upstream Caddy image where we use it in deploy-sourcegraph-docker. The upstream is slow to patch go module vulns, and the update process is different to the rest of our images.
Build a caddy container from scratch here to avoid having a separate update process, and to make use of the latest patched version of caddy from the wolfi repo.
Example of creating a new container image
This PR is also a good example of creating a new container image that uses a customised base image. The steps to create this PR were:
wolfi-images/caddy.yaml
sg wolfi lock caddy
to generate thewolfi-images/caddy.lock.json
lockfiledocker-images/caddy/BUILD.bazel
) to build the full Caddy image using the base image configurationsg wolfi image caddy
orbazel run //docker-images/caddy:base_tarball
docker-images/caddy/image_test.yaml
)bazel run //docker-images/caddy:image_test
Test plan