-
Notifications
You must be signed in to change notification settings - Fork 597
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run multi-arch builds on merges to main and release nightly builds #1498
Comments
For flux v1 we've created a separate image repository for the nightly builds, I think we need to do the same here for each controller. |
There is another divergence with Flux v1 in that we create a "nightly" for every (merge) commit there, instead of running it nightly. This means that there is something else we need to keep in mind: if there is no activity on the repository, the commit will not have changed and we can thus not blindly push e.g. |
Could we publish nightlies like flux 1, i.e., on every merge to main? For some subprojects I'd expect less than one merge a day, and for some it might be a handful, but I'd expect on average it would be about the same rate overall. |
The thing you would miss then are upstream dependency changes that result in a failing build, this can for example happen for the source-controller and/or image-automation-controller that have version selectors for some but not all packages, and a more complex build process in general. |
We should probably lock those down so they only get changed explicitly, and use -mod=readonly in builds. |
@squaremo we fail a build if go.sum changes |
Not talking about Go Module dependencies, but the ones in the container, e.g. https://github.com/fluxcd/source-controller/blob/main/Dockerfile#L4 |
Ah of course. Could we lock those down, or is it not practical or possible? |
Yes true; it would be simpler to use |
|
We could lock those down, but we would then need to invent another mechanism to automatically update them (using e.g. Dependabot or Renovate). Renovate would have my preference as it is capable of bundling updates, while Dependabot will create a pull request for literally every single dependency that has a newer version. |
Based on a discussion in fluxcd/image-reflector-controller#151
What
main
Why
Running multi-arch builds for every pull request is too aggressively burning CI minutes, but running them "nightly" for conformance may be "too late". Running them on merges to
main
should give a relatively prompt responsive if anything (32-bit) related is wrong with the thing you just merged, while heavily reducing the feedback time for pull requests.In addition, people do not have an easy way to access "early releases" at the moment except for when we manually trigger a "release candidate". Based on maintainer experience with
fluxcd/flux
andfluxcd/helm-operator
, this could be solved for most people by releasing a "nightly" build every day with the state ofmain
.Where
The text was updated successfully, but these errors were encountered: