-
Notifications
You must be signed in to change notification settings - Fork 26
ART-3034: Implement doozer images:rebase --force-yum-updates #428
ART-3034: Implement doozer images:rebase --force-yum-updates #428
Conversation
Build #1
|
78c80e6
to
9019421
Compare
Build #2
|
Codecov Report
@@ Coverage Diff @@
## master #428 +/- ##
===========================================
+ Coverage 0 31.22% +31.22%
===========================================
Files 0 38 +38
Lines 0 9015 +9015
Branches 0 1811 +1811
===========================================
+ Hits 0 2815 +2815
- Misses 0 6033 +6033
- Partials 0 167 +167
Continue to review full report at Codecov.
|
doozerlib/distgit.py
Outdated
dfp = DockerfileParser(str(df_path)) | ||
df_lines = dfp.content.splitlines(False) | ||
|
||
yum_update_line_flag = '__doozer=yum-update' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clever!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jupierce @vfreex wait... why do we need this? blanket updates have been considered harmful for some time. you get into weird situations where something you've already updated conflicts with what you're trying to install.
also, i'm skeptical that they would even execute in all cases. not all images run as root user.
also, if we were going to yum update, we'd probably also want to yum clean all.
That's a good question. I would leave it to @jupierce :)
Right, in that case the build will fail. However it doesn't seem possible to change to ROOT user then change it back after the update.
Good point. Will include that in next push. |
@sosiouxme - the intent is to allow us to update RHEL dependencies in an assembly image. The flag would only be used in that context. Consider an assembly that is trying to update a RHEL RPM
The image build will run fwiw, I was also hoping to use the same mechanic to satisfy your "we need an assembly which is the same as v4.7.8 but with all RHEL dependencies updated". In this case, we would performing an an assembly specific rebuild using |
@vfreex - +1 on If you promote this field out of ...
from: stream: nodejs
...
final_stage_user: 1001 The doozer CI alignment code and your new feature could then set
For non-final stages:
If not running with
|
9019421
to
a95b82e
Compare
Build #3
|
Thanks for the review. I've updated my PR to inject We are injecting So, I would like to keep the top level Also I would prefer not to inject |
`--force-yum-updates` will inject `yum update -y` in each stage. This ensures the component image will be able to override RPMs it is inheriting from its parent image using RPMs in the rebuild plashet. The current user will also be switched to root in every non-final stage. If `final_stage_user` is set in image meta, the current user in the final user will be switched to `root` before `yum update -y` then switched back to `final_stage_user`. If the option is not set, previously injected `yum update -y` commands should be removed (in case we are injecting distgit-only repos). If no repos are enabled for an image, we shouldn't inject `yum update -y` otherwise the command will fail. This PR also defaults `content.source.ci_alignment.final_user` to `final_stage_user`.
a95b82e
to
155aa9e
Compare
Build #4
|
Opened validator PR to support this direction: openshift-eng/ocp-build-data-validator#34 |
Co-authored-by: Justin Pierce <jupierce@redhat.com>
Build #5
|
Build #6
|
Merging this based on the conversation with @jupierce |
58c406f [ART-3093] Allow assemblies to specify machine-os-content in gen-payload (#460) beea167 Fix error message (#461) 6b7c51c Replace mojo links with The Source (#459) 5d71b80 Update doozerlib/plashet.py d8f0956 Update doozerlib/plashet.py 2568f67 Address unittest failures 4c72f79 [ART-2687] Expose brew event and brew tag to modification scripts 03fb7a7 Allow gen-payload to honor metadata.is d75c8e5 package_name instead of component_name 70271e6 Fix golang image build e9e24fc Allow --repo to take precedence over --repo-type defaults (#452) fd94360 Add additional event-safe methods for koji 0b3ccb0 ART-3050: add plashet from-tags --rhcos 395d222 [ART-3075] Add plashet subverb "for-assembly" (#449) ef4392e ART-3050: full assembly awareness for plashet from-tags (#439) 537043b Test dependency accumulation 0617168 Ensure inherited member list entries can contribute metadata 2efccc2 Open PRs for base images 417bd11 Fix method docs 6aadeb2 ART-3034: Implement doozer images:rebase --force-yum-updates (#428) 2009bd8 Testing fixes 89d2cad fix multiple-default click option error 345f848 Fix version extraction 1834dc3 A bit more bundle doc f89b434 Randomize assignee to avoid bugging approver[0] bc08bbb Lock parent images to assembly basis e6ff58f Code to merge image/rpm metadata with assembly overrides
58c406f [ART-3093] Allow assemblies to specify machine-os-content in gen-payload (#460) beea167 Fix error message (#461) 6b7c51c Replace mojo links with The Source (#459) 5d71b80 Update doozerlib/plashet.py d8f0956 Update doozerlib/plashet.py 2568f67 Address unittest failures 4c72f79 [ART-2687] Expose brew event and brew tag to modification scripts 03fb7a7 Allow gen-payload to honor metadata.is d75c8e5 package_name instead of component_name 70271e6 Fix golang image build e9e24fc Allow --repo to take precedence over --repo-type defaults (#452) fd94360 Add additional event-safe methods for koji 0b3ccb0 ART-3050: add plashet from-tags --rhcos 395d222 [ART-3075] Add plashet subverb "for-assembly" (#449) ef4392e ART-3050: full assembly awareness for plashet from-tags (#439) 537043b Test dependency accumulation 0617168 Ensure inherited member list entries can contribute metadata 2efccc2 Open PRs for base images 417bd11 Fix method docs 6aadeb2 ART-3034: Implement doozer images:rebase --force-yum-updates (#428) 2009bd8 Testing fixes 89d2cad fix multiple-default click option error 345f848 Fix version extraction 1834dc3 A bit more bundle doc f89b434 Randomize assignee to avoid bugging approver[0] bc08bbb Lock parent images to assembly basis e6ff58f Code to merge image/rpm metadata with assembly overrides
58c406f [ART-3093] Allow assemblies to specify machine-os-content in gen-payload (#460) beea167 Fix error message (#461) 6b7c51c Replace mojo links with The Source (#459) 5d71b80 Update doozerlib/plashet.py d8f0956 Update doozerlib/plashet.py 2568f67 Address unittest failures 4c72f79 [ART-2687] Expose brew event and brew tag to modification scripts 03fb7a7 Allow gen-payload to honor metadata.is d75c8e5 package_name instead of component_name 70271e6 Fix golang image build e9e24fc Allow --repo to take precedence over --repo-type defaults (#452) fd94360 Add additional event-safe methods for koji 0b3ccb0 ART-3050: add plashet from-tags --rhcos 395d222 [ART-3075] Add plashet subverb "for-assembly" (#449) ef4392e ART-3050: full assembly awareness for plashet from-tags (#439) 537043b Test dependency accumulation 0617168 Ensure inherited member list entries can contribute metadata 2efccc2 Open PRs for base images 417bd11 Fix method docs 6aadeb2 ART-3034: Implement doozer images:rebase --force-yum-updates (#428) 2009bd8 Testing fixes 89d2cad fix multiple-default click option error 345f848 Fix version extraction 1834dc3 A bit more bundle doc f89b434 Randomize assignee to avoid bugging approver[0] bc08bbb Lock parent images to assembly basis e6ff58f Code to merge image/rpm metadata with assembly overrides
--force-yum-updates
will injectyum update -y
in each stage. This ensures the component image will be able to override RPMs it is inheriting from its parent image using RPMs in the rebuild plashet.If the option is not set, previously injected
yum update -y
commandsshould be removed (in case we are injecting distgit-only repos).
Note if no repos are enabled for an image, we shouldn't inject
yum update -y
otherwise the command will fail.