Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

ART-3034: Implement doozer images:rebase --force-yum-updates #428

Merged
merged 3 commits into from
Jun 23, 2021

Conversation

vfreex
Copy link
Contributor

@vfreex vfreex commented Jun 11, 2021

--force-yum-updates will inject yum update -y in each stage. This ensures the component image will be able to override RPMs it is inheriting from its parent image using RPMs in the rebuild plashet.

If the option is not set, previously injected yum update -y commands
should be removed (in case we are injecting distgit-only repos).

Note if no repos are enabled for an image, we shouldn't inject yum update -y otherwise the command will fail.

@vfreex vfreex requested review from sosiouxme and jupierce June 11, 2021 07:05
@openshift-ci openshift-ci bot requested a review from Ximinhan June 11, 2021 07:06
@openshift-bot
Copy link

Build #1

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/setup.py
py3 create: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/py3
py3 installdeps: -rrequirements-dev.txt
py3 inst: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip
py3 installed: aiofiles==0.7.0,appdirs==1.4.4,astroid==2.5.6,attrs==21.2.0,autopep8==1.5.7,bashlex==0.15,cached-property==1.5.2,certifi==2021.5.30,cffi==1.14.5,chardet==4.0.0,click==8.0.1,contextvars==2.4,coverage==5.5,cryptography==3.4.7,decorator==5.0.9,Deprecated==1.2.12,distlib==0.3.2,dockerfile-parse==1.2.0,filelock==3.0.12,flake8==3.9.2,flexmock==0.10.4,future==0.18.2,gssapi==1.6.13,idna==2.10,immutables==0.15,importlib-metadata==4.5.0,importlib-resources==5.1.4,iniconfig==1.1.1,isort==5.8.0,kobo==0.19.0,koji==1.25.0,lazy-object-proxy==1.6.0,mccabe==0.6.1,mock==4.0.3,mysql-connector-python==8.0.25,packaging==20.9,pluggy==0.13.1,protobuf==3.17.3,py==1.10.0,pycodestyle==2.7.0,pycparser==2.20,pyflakes==2.3.1,pygit2==1.6.0,PyGithub==1.55,PyJWT==2.1.0,pykerberos==1.2.1,pylint==2.8.3,PyNaCl==1.4.0,pyparsing==2.4.7,pytest==6.2.4,python-dateutil==2.8.1,PyYAML==5.4.1,requests==2.25.1,requests-gssapi==1.2.3,requests-kerberos==0.12.0,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip,rpm==4.14.3,rpm-py-installer==1.1.0,semver==2.13.0,six==1.16.0,tenacity==7.0.0,toml==0.10.2,tox==3.23.1,typed-ast==1.4.3,typing==3.7.4.3,typing-extensions==3.10.0.0,urllib3==1.26.5,virtualenv==20.4.7,wrapt==1.12.1,zipp==3.4.1
py3 run-test-pre: PYTHONHASHSEED='1732080635'
py3 run-test: commands[0] | flake8
py3 run-test: commands[1] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..........................Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.........................................s.s.E.E.................................s.s...s.s.s..s.s.s....................................................................................ERROR:doozer.tests.test_runtime:Unable to check if target branch branch exists: whatever
.................
======================================================================
ERROR: test_inject_yum_update_commands (tests.test_distgit.test_image_distgit.test_image_distgit.TestImageDistGit)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/py3/lib/python3.6/site-packages/mock/mock.py", line 1346, in patched
    return func(*newargs, **newkeywargs)
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/tests/test_distgit/test_image_distgit/test_image_distgit.py", line 333, in test_inject_yum_update_commands
    dg._update_yum_update_commands(True)
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/doozerlib/distgit.py", line 1673, in _update_yum_update_commands
    self.logger.info("Injecting \"yum updates -y\" in each stage...")
  File "/usr/lib64/python3.6/logging/__init__.py", line 1636, in info
    self.log(INFO, msg, *args, **kwargs)
  File "/usr/lib64/python3.6/logging/__init__.py", line 1672, in log
    if self.isEnabledFor(level):
  File "/usr/lib64/python3.6/logging/__init__.py", line 1680, in isEnabledFor
    if self.logger.manager.disable >= level:
TypeError: '>=' not supported between instances of 'MagicMock' and 'int'

======================================================================
ERROR: test_inject_yum_update_commands_without_repos (tests.test_distgit.test_image_distgit.test_image_distgit.TestImageDistGit)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/py3/lib/python3.6/site-packages/mock/mock.py", line 1346, in patched
    return func(*newargs, **newkeywargs)
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/tests/test_distgit/test_image_distgit/test_image_distgit.py", line 407, in test_inject_yum_update_commands_without_repos
    dg._update_yum_update_commands(True)
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/doozerlib/distgit.py", line 1670, in _update_yum_update_commands
    self.logger.warning("Will not inject \"yum updates -y\" for this image because no yum repos are enabled.")
  File "/usr/lib64/python3.6/logging/__init__.py", line 1642, in warning
    self.log(WARNING, msg, *args, **kwargs)
  File "/usr/lib64/python3.6/logging/__init__.py", line 1672, in log
    if self.isEnabledFor(level):
  File "/usr/lib64/python3.6/logging/__init__.py", line 1680, in isEnabledFor
    if self.logger.manager.disable >= level:
TypeError: '>=' not supported between instances of 'MagicMock' and 'int'

----------------------------------------------------------------------
Ran 217 tests in 1.265s

FAILED (errors=2, skipped=10)
ERROR: InvocationError for command /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/py3/bin/coverage run --branch --source doozerlib -m unittest discover -t . -s tests/ (exited with code 1)
___________________________________ summary ____________________________________
ERROR:   py3: commands failed

@vfreex vfreex force-pushed the assemblies-force-yum-updates branch from 78c80e6 to 9019421 Compare June 11, 2021 07:49
@openshift-bot
Copy link

Build #2

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/setup.py
py3 inst-nodeps: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip
py3 installed: aiofiles==0.7.0,appdirs==1.4.4,astroid==2.5.6,attrs==21.2.0,autopep8==1.5.7,bashlex==0.15,cached-property==1.5.2,certifi==2021.5.30,cffi==1.14.5,chardet==4.0.0,click==8.0.1,contextvars==2.4,coverage==5.5,cryptography==3.4.7,decorator==5.0.9,Deprecated==1.2.12,distlib==0.3.2,dockerfile-parse==1.2.0,filelock==3.0.12,flake8==3.9.2,flexmock==0.10.4,future==0.18.2,gssapi==1.6.13,idna==2.10,immutables==0.15,importlib-metadata==4.5.0,importlib-resources==5.1.4,iniconfig==1.1.1,isort==5.8.0,kobo==0.19.0,koji==1.25.0,lazy-object-proxy==1.6.0,mccabe==0.6.1,mock==4.0.3,mysql-connector-python==8.0.25,packaging==20.9,pluggy==0.13.1,protobuf==3.17.3,py==1.10.0,pycodestyle==2.7.0,pycparser==2.20,pyflakes==2.3.1,pygit2==1.6.0,PyGithub==1.55,PyJWT==2.1.0,pykerberos==1.2.1,pylint==2.8.3,PyNaCl==1.4.0,pyparsing==2.4.7,pytest==6.2.4,python-dateutil==2.8.1,PyYAML==5.4.1,requests==2.25.1,requests-gssapi==1.2.3,requests-kerberos==0.12.0,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip,rpm==4.14.3,rpm-py-installer==1.1.0,semver==2.13.0,six==1.16.0,tenacity==7.0.0,toml==0.10.2,tox==3.23.1,typed-ast==1.4.3,typing==3.7.4.3,typing-extensions==3.10.0.0,urllib3==1.26.5,virtualenv==20.4.7,wrapt==1.12.1,zipp==3.4.1
py3 run-test-pre: PYTHONHASHSEED='1305193266'
py3 run-test: commands[0] | flake8
py3 run-test: commands[1] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..........................Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.........................................s.s...................................s.s...s.s.s..s.s.s....................................................................................ERROR:doozer.tests.test_runtime:Unable to check if target branch branch exists: whatever
.................
----------------------------------------------------------------------
Ran 217 tests in 1.270s

OK (skipped=10)
py3 run-test: commands[2] | coverage report
Name                                   Stmts   Miss Branch BrPart  Cover
------------------------------------------------------------------------
doozerlib/__init__.py                     11      4      2      1    62%
doozerlib/assertion.py                    22      0      6      0   100%
doozerlib/brew.py                        329    193    146      3    39%
doozerlib/build_status_detector.py        76      4     46      2    93%
doozerlib/cli/__init__.py                100     45     20      0    46%
doozerlib/cli/__main__.py               1156   1156    478      0     0%
doozerlib/cli/cli_opts.py                 16      3      6      0    86%
doozerlib/cli/detect_embargo.py          163     35     70      8    75%
doozerlib/cli/images_health.py            79     28     24      2    61%
doozerlib/cli/images_streams.py          545    545    222      0     0%
doozerlib/cli/plashet.py                 420    420    178      0     0%
doozerlib/cli/release_gen_payload.py     300    210    139      2    26%
doozerlib/cli/rpms_build.py              160     55     54      7    58%
doozerlib/cli/scan_sources.py            150    120     78      2    16%
doozerlib/config.py                       98     98     44      0     0%
doozerlib/constants.py                     9      0      0      0   100%
doozerlib/coverity.py                    237    209     74      0     9%
doozerlib/dblib.py                       248    152     68      4    35%
doozerlib/distgit.py                    1307    865    600     13    31%
doozerlib/dotconfig.py                    56     44     32      0    14%
doozerlib/exceptions.py                    3      0      0      0   100%
doozerlib/exectools.py                   194     75     76     17    56%
doozerlib/gitdata.py                     168    133     76      0    14%
doozerlib/image.py                       266    216    134      5    14%
doozerlib/logutil.py                      10      1      2      1    83%
doozerlib/metadata.py                    370    150    162     20    55%
doozerlib/model.py                       111     25     36      5    77%
doozerlib/olm/__init__.py                  0      0      0      0   100%
doozerlib/olm/bundle.py                  217    217     36      0     0%
doozerlib/operator_metadata.py           364     65     66      6    79%
doozerlib/pushd.py                        21      2      2      0    91%
doozerlib/repos.py                       207    105    113     17    44%
doozerlib/rhcos.py                        36      9      6      0    74%
doozerlib/rpm_builder.py                 214     30    111     30    80%
doozerlib/rpmcfg.py                      159     67     68      9    52%
doozerlib/runtime.py                     806    582    326      6    22%
doozerlib/source_modifications.py         89     28     18      3    65%
doozerlib/state.py                        24     12      8      0    38%
doozerlib/util.py                        274    128     98      3    50%
------------------------------------------------------------------------
TOTAL                                   9015   6031   3625    166    30%
___________________________________ summary ____________________________________
  py3: commands succeeded
  congratulations :)

@codecov-commenter
Copy link

Codecov Report

Merging #428 (9019421) into master (c55556c) will increase coverage by 31.22%.
The diff coverage is 58.62%.

Impacted file tree graph

@@             Coverage Diff             @@
##           master     #428       +/-   ##
===========================================
+ Coverage        0   31.22%   +31.22%     
===========================================
  Files           0       38       +38     
  Lines           0     9015     +9015     
  Branches        0     1811     +1811     
===========================================
+ Hits            0     2815     +2815     
- Misses          0     6033     +6033     
- Partials        0      167      +167     
Impacted Files Coverage Δ
doozerlib/cli/__main__.py 0.00% <0.00%> (ø)
doozerlib/distgit.py 32.59% <77.27%> (ø)
doozerlib/source_modifications.py 65.16% <0.00%> (ø)
doozerlib/cli/plashet.py 0.00% <0.00%> (ø)
doozerlib/runtime.py 27.04% <0.00%> (ø)
doozerlib/repos.py 41.06% <0.00%> (ø)
doozerlib/metadata.py 54.05% <0.00%> (ø)
doozerlib/cli/detect_embargo.py 73.61% <0.00%> (ø)
... and 30 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c55556c...9019421. Read the comment docs.

dfp = DockerfileParser(str(df_path))
df_lines = dfp.content.splitlines(False)

yum_update_line_flag = '__doozer=yum-update'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clever!

Copy link
Contributor

@sosiouxme sosiouxme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jupierce @vfreex wait... why do we need this? blanket updates have been considered harmful for some time. you get into weird situations where something you've already updated conflicts with what you're trying to install.

also, i'm skeptical that they would even execute in all cases. not all images run as root user.

also, if we were going to yum update, we'd probably also want to yum clean all.

@vfreex
Copy link
Contributor Author

vfreex commented Jun 15, 2021

@sosiouxme

why do we need this?

That's a good question. I would leave it to @jupierce :)

i'm skeptical that they would even execute in all cases. not all images run as root user.

Right, in that case the build will fail. However it doesn't seem possible to change to ROOT user then change it back after the update.

if we were going to yum update, we'd probably also want to yum clean all.

Good point. Will include that in next push.

@jupierce
Copy link
Contributor

@sosiouxme - the intent is to allow us to update RHEL dependencies in an assembly image. The flag would only be used in that context. Consider an assembly that is trying to update a RHEL RPM foo to version X in specific the machine-api-operator image v4.7.8. The basis image v4.7.8 has foo version Y. The "rebuild job" would do the following.

  1. Create an NVR list out of rpms installed in the basis image v4.7.8 (this contains Y).
  2. Read assembly metadata to find dependencies to path in (this contains X).
  3. Layer (2) over (1).
  4. Create a plashet for machine-api-operator using (3). This plashet is only for a single image.
  5. Run the build for the assembly with --force-yum-updates pointing images:build to ONLY this plashet.

The image build will run yum update -y but the only possible update will be X. The build output should be nearly identical to v4.7.8's machine-api-operator, but with X.

fwiw, I was also hoping to use the same mechanic to satisfy your "we need an assembly which is the same as v4.7.8 but with all RHEL dependencies updated". In this case, we would performing an an assembly specific rebuild using --force-yum-updates but without first curating the image specific plashet.

@jupierce
Copy link
Contributor

@vfreex - +1 on yum clean all . For the USER issue, we need to add USER 0 before the yum update.
Since this is lossy, we could introduce metadata for images that are sensitive to it. For CI alignment PRs, where we have to change the user for a similar reason, we introduced https://github.com/openshift/ocp-build-data/blob/8e9703d0eeeaf5bd552c2780badff8d66fa27ba8/images/openshift-base-nodejs.yml#L12 . This is the only image that uses it (i.e. most of our images are running as UID 0 in CI).

If you promote this field out of ci_alignment (https://github.com/openshift/ocp-build-data-validator/blob/4db9169a4f493f3cf803e5d1c78fd25102fb1a25/validator/schema/image_schema.py#L59) into the main metadata, we could solve this use case as well. Something like this in openshift-base-nodejs.yml

...
from:  stream: nodejs
...
final_stage_user: 1001

The doozer CI alignment code and your new feature could then set USER in the final stage to this field (if not Missing) to the specified value. So your injection would look something like for the final stage:

FROM ....
USER 0
RUN yum update -y
RUN yum clean all
USER 1001

For non-final stages:

FROM ....
USER 0
RUN yum update -y
RUN yum clean all

If not running with --force-yum-updates, the injection for the final stage would just be:

FROM ....
USER 1001

@vfreex vfreex force-pushed the assemblies-force-yum-updates branch from 9019421 to a95b82e Compare June 16, 2021 09:57
@openshift-bot
Copy link

Build #3

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/setup.py
py3 inst-nodeps: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip
py3 installed: aiofiles==0.7.0,appdirs==1.4.4,astroid==2.5.6,attrs==21.2.0,autopep8==1.5.7,bashlex==0.15,cached-property==1.5.2,certifi==2021.5.30,cffi==1.14.5,chardet==4.0.0,click==8.0.1,contextvars==2.4,coverage==5.5,cryptography==3.4.7,decorator==5.0.9,Deprecated==1.2.12,distlib==0.3.2,dockerfile-parse==1.2.0,filelock==3.0.12,flake8==3.9.2,flexmock==0.10.4,future==0.18.2,gssapi==1.6.13,idna==2.10,immutables==0.15,importlib-metadata==4.5.0,importlib-resources==5.1.4,iniconfig==1.1.1,isort==5.8.0,kobo==0.19.0,koji==1.25.0,lazy-object-proxy==1.6.0,mccabe==0.6.1,mock==4.0.3,mysql-connector-python==8.0.25,packaging==20.9,pluggy==0.13.1,protobuf==3.17.3,py==1.10.0,pycodestyle==2.7.0,pycparser==2.20,pyflakes==2.3.1,pygit2==1.6.0,PyGithub==1.55,PyJWT==2.1.0,pykerberos==1.2.1,pylint==2.8.3,PyNaCl==1.4.0,pyparsing==2.4.7,pytest==6.2.4,python-dateutil==2.8.1,PyYAML==5.4.1,requests==2.25.1,requests-gssapi==1.2.3,requests-kerberos==0.12.0,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip,rpm==4.14.3,rpm-py-installer==1.1.0,semver==2.13.0,six==1.16.0,tenacity==7.0.0,toml==0.10.2,tox==3.23.1,typed-ast==1.4.3,typing==3.7.4.3,typing-extensions==3.10.0.0,urllib3==1.26.5,virtualenv==20.4.7,wrapt==1.12.1,zipp==3.4.1
py3 run-test-pre: PYTHONHASHSEED='1165981495'
py3 run-test: commands[0] | flake8
py3 run-test: commands[1] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..........................Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.........................................s.s....................................s.s...s.s.s..s.s.s....................................................................................ERROR:doozer.tests.test_runtime:Unable to check if target branch branch exists: whatever
.................
----------------------------------------------------------------------
Ran 218 tests in 1.241s

OK (skipped=10)
py3 run-test: commands[2] | coverage report
Name                                   Stmts   Miss Branch BrPart  Cover
------------------------------------------------------------------------
doozerlib/__init__.py                     11      4      2      1    62%
doozerlib/assertion.py                    22      0      6      0   100%
doozerlib/brew.py                        329    193    146      3    39%
doozerlib/build_status_detector.py        76      4     46      2    93%
doozerlib/cli/__init__.py                100     45     20      0    46%
doozerlib/cli/__main__.py               1156   1156    478      0     0%
doozerlib/cli/cli_opts.py                 16      3      6      0    86%
doozerlib/cli/detect_embargo.py          163     35     70      8    75%
doozerlib/cli/images_health.py            79     28     24      2    61%
doozerlib/cli/images_streams.py          547    547    224      0     0%
doozerlib/cli/plashet.py                 420    420    178      0     0%
doozerlib/cli/release_gen_payload.py     300    210    139      2    26%
doozerlib/cli/rpms_build.py              160     55     54      7    58%
doozerlib/cli/scan_sources.py            152    122     80      2    16%
doozerlib/config.py                       98     98     44      0     0%
doozerlib/constants.py                     9      0      0      0   100%
doozerlib/coverity.py                    237    209     74      0     9%
doozerlib/dblib.py                       248    152     68      4    35%
doozerlib/distgit.py                    1318    864    602     13    32%
doozerlib/dotconfig.py                    56     44     32      0    14%
doozerlib/exceptions.py                    3      0      0      0   100%
doozerlib/exectools.py                   194     75     76     17    56%
doozerlib/gitdata.py                     168    133     76      0    14%
doozerlib/image.py                       266    216    134      5    14%
doozerlib/logutil.py                      10      1      2      1    83%
doozerlib/metadata.py                    373    150    162     20    55%
doozerlib/model.py                       111     25     36      5    77%
doozerlib/olm/__init__.py                  0      0      0      0   100%
doozerlib/olm/bundle.py                  217    217     36      0     0%
doozerlib/operator_metadata.py           364     65     66      6    79%
doozerlib/pushd.py                        21      2      2      0    91%
doozerlib/repos.py                       207    105    113     17    44%
doozerlib/rhcos.py                        36      9      6      0    74%
doozerlib/rpm_builder.py                 214     30    111     30    80%
doozerlib/rpmcfg.py                      159     67     68      9    52%
doozerlib/runtime.py                     806    582    326      6    22%
doozerlib/source_modifications.py         89     28     18      3    65%
doozerlib/state.py                        24     12      8      0    38%
doozerlib/util.py                        274    128     98      3    50%
------------------------------------------------------------------------
TOTAL                                   9033   6034   3631    166    30%
___________________________________ summary ____________________________________
  py3: commands succeeded
  congratulations :)

@vfreex
Copy link
Contributor Author

vfreex commented Jun 16, 2021

@sosiouxme @jupierce

Thanks for the review. I've updated my PR to inject USER 0 and yum clean all.

We are injecting yum update -y next to the FROM directive, before executing any directive from the source Dockerfile, in order to update packages inherited from the base image. But images:streams gen-buildconfigs is injecting to the end of Dockerfile. So the user field used in this PR is the user inherited from the parent image of the final stage, but the user in images:streams gen-buildconfigs is the user eventually embedded in image manifest. So strictly speaking, they are different.

So, I would like to keep the top level final_stage_user separate from content.source.ci_alignment.final_user, and make content.source.ci_alignment.final_user default to final_stage_user in case we want to override. It doesn't seem correct to inject yum update -y to the end of each stage otherwise we may accidentally upgrade more than we needed. I could be wrong but let me know if it is fine.

Also I would prefer not to inject USER 0 to the final stage if final_stage_user is missing. So if an image is building as non-root without final_stage_user, it will fail.

`--force-yum-updates` will inject `yum update -y` in each stage. This ensures the component image will be able to override RPMs it is inheriting from its parent image using RPMs in the rebuild plashet. The current user will also be switched to root in every non-final stage. If `final_stage_user` is set in image meta, the current user in the final user will be switched to `root` before `yum update -y` then switched back to `final_stage_user`.

If the option is not set, previously injected `yum update -y` commands
should be removed (in case we are injecting distgit-only repos).

If no repos are enabled for an image, we shouldn't inject `yum
update -y` otherwise the command will fail.

This PR also defaults `content.source.ci_alignment.final_user` to
`final_stage_user`.
@openshift-bot
Copy link

Build #4

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/setup.py
py3 inst-nodeps: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip
py3 installed: aiofiles==0.7.0,appdirs==1.4.4,astroid==2.5.6,attrs==21.2.0,autopep8==1.5.7,bashlex==0.15,cached-property==1.5.2,certifi==2021.5.30,cffi==1.14.5,chardet==4.0.0,click==8.0.1,contextvars==2.4,coverage==5.5,cryptography==3.4.7,decorator==5.0.9,Deprecated==1.2.12,distlib==0.3.2,dockerfile-parse==1.2.0,filelock==3.0.12,flake8==3.9.2,flexmock==0.10.4,future==0.18.2,gssapi==1.6.13,idna==2.10,immutables==0.15,importlib-metadata==4.5.0,importlib-resources==5.1.4,iniconfig==1.1.1,isort==5.8.0,kobo==0.19.0,koji==1.25.0,lazy-object-proxy==1.6.0,mccabe==0.6.1,mock==4.0.3,mysql-connector-python==8.0.25,packaging==20.9,pluggy==0.13.1,protobuf==3.17.3,py==1.10.0,pycodestyle==2.7.0,pycparser==2.20,pyflakes==2.3.1,pygit2==1.6.0,PyGithub==1.55,PyJWT==2.1.0,pykerberos==1.2.1,pylint==2.8.3,PyNaCl==1.4.0,pyparsing==2.4.7,pytest==6.2.4,python-dateutil==2.8.1,PyYAML==5.4.1,requests==2.25.1,requests-gssapi==1.2.3,requests-kerberos==0.12.0,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip,rpm==4.14.3,rpm-py-installer==1.1.0,semver==2.13.0,six==1.16.0,tenacity==7.0.0,toml==0.10.2,tox==3.23.1,typed-ast==1.4.3,typing==3.7.4.3,typing-extensions==3.10.0.0,urllib3==1.26.5,virtualenv==20.4.7,wrapt==1.12.1,zipp==3.4.1
py3 run-test-pre: PYTHONHASHSEED='3004499055'
py3 run-test: commands[0] | flake8
py3 run-test: commands[1] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..........................Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.........................................s.s....................................s.s...s.s.s..s.s.s....................................................................................ERROR:doozer.tests.test_runtime:Unable to check if target branch branch exists: whatever
.................
----------------------------------------------------------------------
Ran 218 tests in 2.139s

OK (skipped=10)
py3 run-test: commands[2] | coverage report
Name                                   Stmts   Miss Branch BrPart  Cover
------------------------------------------------------------------------
doozerlib/__init__.py                     11      4      2      1    62%
doozerlib/assertion.py                    22      0      6      0   100%
doozerlib/brew.py                        329    193    146      3    39%
doozerlib/build_status_detector.py        76      4     46      2    93%
doozerlib/cli/__init__.py                100     45     20      0    46%
doozerlib/cli/__main__.py               1156   1156    478      0     0%
doozerlib/cli/cli_opts.py                 16      3      6      0    86%
doozerlib/cli/detect_embargo.py          163     35     70      8    75%
doozerlib/cli/images_health.py            79     28     24      2    61%
doozerlib/cli/images_streams.py          549    549    226      0     0%
doozerlib/cli/plashet.py                 420    420    178      0     0%
doozerlib/cli/release_gen_payload.py     300    210    139      2    26%
doozerlib/cli/rpms_build.py              160     55     54      7    58%
doozerlib/cli/scan_sources.py            152    122     80      2    16%
doozerlib/config.py                       98     98     44      0     0%
doozerlib/constants.py                     9      0      0      0   100%
doozerlib/coverity.py                    237    209     74      0     9%
doozerlib/dblib.py                       248    152     68      4    35%
doozerlib/distgit.py                    1317    863    602     13    32%
doozerlib/dotconfig.py                    56     44     32      0    14%
doozerlib/exceptions.py                    3      0      0      0   100%
doozerlib/exectools.py                   194     75     76     17    56%
doozerlib/gitdata.py                     168    133     76      0    14%
doozerlib/image.py                       266    216    134      5    14%
doozerlib/logutil.py                      10      1      2      1    83%
doozerlib/metadata.py                    373    150    162     20    55%
doozerlib/model.py                       111     25     36      5    77%
doozerlib/olm/__init__.py                  0      0      0      0   100%
doozerlib/olm/bundle.py                  217    217     36      0     0%
doozerlib/operator_metadata.py           364     65     66      6    79%
doozerlib/pushd.py                        21      2      2      0    91%
doozerlib/repos.py                       207    105    113     17    44%
doozerlib/rhcos.py                        36      9      6      0    74%
doozerlib/rpm_builder.py                 214     30    111     30    80%
doozerlib/rpmcfg.py                      159     67     68      9    52%
doozerlib/runtime.py                     806    582    326      6    22%
doozerlib/source_modifications.py         89     28     18      3    65%
doozerlib/state.py                        24     12      8      0    38%
doozerlib/util.py                        274    128     98      3    50%
------------------------------------------------------------------------
TOTAL                                   9034   6035   3633    166    30%
___________________________________ summary ____________________________________
  py3: commands succeeded
  congratulations :)

@jupierce
Copy link
Contributor

Opened validator PR to support this direction: openshift-eng/ocp-build-data-validator#34

doozerlib/distgit.py Outdated Show resolved Hide resolved
Co-authored-by: Justin Pierce <jupierce@redhat.com>
@openshift-bot
Copy link

Build #5

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/setup.py
py3 inst-nodeps: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip
py3 installed: aiofiles==0.7.0,appdirs==1.4.4,astroid==2.5.6,attrs==21.2.0,autopep8==1.5.7,bashlex==0.15,cached-property==1.5.2,certifi==2021.5.30,cffi==1.14.5,chardet==4.0.0,click==8.0.1,contextvars==2.4,coverage==5.5,cryptography==3.4.7,decorator==5.0.9,Deprecated==1.2.12,distlib==0.3.2,dockerfile-parse==1.2.0,filelock==3.0.12,flake8==3.9.2,flexmock==0.10.4,future==0.18.2,gssapi==1.6.13,idna==2.10,immutables==0.15,importlib-metadata==4.5.0,importlib-resources==5.1.4,iniconfig==1.1.1,isort==5.8.0,kobo==0.19.0,koji==1.25.0,lazy-object-proxy==1.6.0,mccabe==0.6.1,mock==4.0.3,mysql-connector-python==8.0.25,packaging==20.9,pluggy==0.13.1,protobuf==3.17.3,py==1.10.0,pycodestyle==2.7.0,pycparser==2.20,pyflakes==2.3.1,pygit2==1.6.0,PyGithub==1.55,PyJWT==2.1.0,pykerberos==1.2.1,pylint==2.8.3,PyNaCl==1.4.0,pyparsing==2.4.7,pytest==6.2.4,python-dateutil==2.8.1,PyYAML==5.4.1,requests==2.25.1,requests-gssapi==1.2.3,requests-kerberos==0.12.0,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip,rpm==4.14.3,rpm-py-installer==1.1.0,semver==2.13.0,six==1.16.0,tenacity==7.0.0,toml==0.10.2,tox==3.23.1,typed-ast==1.4.3,typing==3.7.4.3,typing-extensions==3.10.0.0,urllib3==1.26.5,virtualenv==20.4.7,wrapt==1.12.1,zipp==3.4.1
py3 run-test-pre: PYTHONHASHSEED='4089025286'
py3 run-test: commands[0] | flake8
py3 run-test: commands[1] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..........................Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.........................................s.s.F.F..................................s.s...s.s.s..s.s.s....................................................................................ERROR:doozer.tests.test_runtime:Unable to check if target branch branch exists: whatever
.................
======================================================================
FAIL: test_inject_yum_update_commands_with_final_stage_user (tests.test_distgit.test_image_distgit.test_image_distgit.TestImageDistGit)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/tests/test_distgit/test_image_distgit/test_image_distgit.py", line 387, in test_inject_yum_update_commands_with_final_stage_user
    self.assertListEqual(actual, expected)
AssertionError: Lists differ: ['FRO[130 chars]n all  # set final_stage_user in ART metadata [325 chars]h/b'] != ['FRO[130 chars]n all', 'LABEL name=value', 'RUN some-command'[217 chars]h/b']

First differing element 4:
'RUN [22 chars]lean all  # set final_stage_user in ART metadata if this fails'
'RUN [22 chars]lean all'

Diff is 650 characters long. Set self.maxDiff to None to see it.

======================================================================
FAIL: test_inject_yum_update_commands_without_final_stage_user (tests.test_distgit.test_image_distgit.test_image_distgit.TestImageDistGit)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/mnt/workspace/jenkins/working/art-tools_doozer_PR-428/tests/test_distgit/test_image_distgit/test_image_distgit.py", line 346, in test_inject_yum_update_commands_without_final_stage_user
    self.assertListEqual(actual, expected)
AssertionError: Lists differ: ['FRO[130 chars]n all  # set final_stage_user in ART metadata [252 chars]h/b'] != ['FRO[130 chars]n all', 'LABEL name=value', 'RUN some-command'[144 chars]h/b']

First differing element 4:
'RUN [22 chars]lean all  # set final_stage_user in ART metadata if this fails'
'RUN [22 chars]lean all'

  ['FROM some-base-image:some-tag AS builder',
   '# __doozer=yum-update',
   'USER 0',
   '# __doozer=yum-update',
+  'RUN yum update -y && yum clean all',
-  'RUN yum update -y && yum clean all  # set final_stage_user in ART metadata '
-  'if this fails',
   'LABEL name=value',
   'RUN some-command',
   'FROM another-base-image:some-tag',
   '# __doozer=yum-update',
+  'RUN yum update -y && yum clean all',
-  'RUN yum update -y && yum clean all  # set final_stage_user in ART metadata '
-  'if this fails',
   'COPY --from=builder /some/path/a /some/path/b']

----------------------------------------------------------------------
Ran 218 tests in 1.381s

FAILED (failures=2, skipped=10)
ERROR: InvocationError for command /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/py3/bin/coverage run --branch --source doozerlib -m unittest discover -t . -s tests/ (exited with code 1)
___________________________________ summary ____________________________________
ERROR:   py3: commands failed

@openshift-bot
Copy link

Build #6

GLOB sdist-make: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/setup.py
py3 inst-nodeps: /mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip
py3 installed: aiofiles==0.7.0,appdirs==1.4.4,astroid==2.5.6,attrs==21.2.0,autopep8==1.5.7,bashlex==0.15,cached-property==1.5.2,certifi==2021.5.30,cffi==1.14.5,chardet==4.0.0,click==8.0.1,contextvars==2.4,coverage==5.5,cryptography==3.4.7,decorator==5.0.9,Deprecated==1.2.12,distlib==0.3.2,dockerfile-parse==1.2.0,filelock==3.0.12,flake8==3.9.2,flexmock==0.10.4,future==0.18.2,gssapi==1.6.13,idna==2.10,immutables==0.15,importlib-metadata==4.5.0,importlib-resources==5.1.4,iniconfig==1.1.1,isort==5.8.0,kobo==0.19.0,koji==1.25.0,lazy-object-proxy==1.6.0,mccabe==0.6.1,mock==4.0.3,mysql-connector-python==8.0.25,packaging==20.9,pluggy==0.13.1,protobuf==3.17.3,py==1.10.0,pycodestyle==2.7.0,pycparser==2.20,pyflakes==2.3.1,pygit2==1.6.0,PyGithub==1.55,PyJWT==2.1.0,pykerberos==1.2.1,pylint==2.8.3,PyNaCl==1.4.0,pyparsing==2.4.7,pytest==6.2.4,python-dateutil==2.8.1,PyYAML==5.4.1,requests==2.25.1,requests-gssapi==1.2.3,requests-kerberos==0.12.0,rh-doozer @ file:///mnt/workspace/jenkins/working/art-tools_doozer_PR-428/.tox/.tmp/package/1/rh-doozer-1.3.5.zip,rpm==4.14.3,rpm-py-installer==1.1.0,semver==2.13.0,six==1.16.0,tenacity==7.0.0,toml==0.10.2,tox==3.23.1,typed-ast==1.4.3,typing==3.7.4.3,typing-extensions==3.10.0.0,urllib3==1.26.5,virtualenv==20.4.7,wrapt==1.12.1,zipp==3.4.1
py3 run-test-pre: PYTHONHASHSEED='2332877043'
py3 run-test: commands[0] | flake8
py3 run-test: commands[1] | coverage run --branch --source doozerlib -m unittest discover -t . -s tests/
..........................Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.Environment variables required for db operation missing. Doozer will be runningin no DB use mode.
.........................................s.s....................................s.s...s.s.s..s.s.s....................................................................................ERROR:doozer.tests.test_runtime:Unable to check if target branch branch exists: whatever
.................
----------------------------------------------------------------------
Ran 218 tests in 1.204s

OK (skipped=10)
py3 run-test: commands[2] | coverage report
Name                                   Stmts   Miss Branch BrPart  Cover
------------------------------------------------------------------------
doozerlib/__init__.py                     11      4      2      1    62%
doozerlib/assertion.py                    22      0      6      0   100%
doozerlib/brew.py                        329    193    146      3    39%
doozerlib/build_status_detector.py        76      4     46      2    93%
doozerlib/cli/__init__.py                100     45     20      0    46%
doozerlib/cli/__main__.py               1156   1156    478      0     0%
doozerlib/cli/cli_opts.py                 16      3      6      0    86%
doozerlib/cli/detect_embargo.py          163     35     70      8    75%
doozerlib/cli/images_health.py            79     28     24      2    61%
doozerlib/cli/images_streams.py          549    549    226      0     0%
doozerlib/cli/plashet.py                 420    420    178      0     0%
doozerlib/cli/release_gen_payload.py     300    210    139      2    26%
doozerlib/cli/rpms_build.py              160     55     54      7    58%
doozerlib/cli/scan_sources.py            152    122     80      2    16%
doozerlib/config.py                       98     98     44      0     0%
doozerlib/constants.py                     9      0      0      0   100%
doozerlib/coverity.py                    237    209     74      0     9%
doozerlib/dblib.py                       248    152     68      4    35%
doozerlib/distgit.py                    1317    863    602     13    32%
doozerlib/dotconfig.py                    56     44     32      0    14%
doozerlib/exceptions.py                    3      0      0      0   100%
doozerlib/exectools.py                   194     75     76     17    56%
doozerlib/gitdata.py                     168    133     76      0    14%
doozerlib/image.py                       266    216    134      5    14%
doozerlib/logutil.py                      10      1      2      1    83%
doozerlib/metadata.py                    373    150    162     20    55%
doozerlib/model.py                       111     25     36      5    77%
doozerlib/olm/__init__.py                  0      0      0      0   100%
doozerlib/olm/bundle.py                  217    217     36      0     0%
doozerlib/operator_metadata.py           364     65     66      6    79%
doozerlib/pushd.py                        21      2      2      0    91%
doozerlib/repos.py                       207    105    113     17    44%
doozerlib/rhcos.py                        36      9      6      0    74%
doozerlib/rpm_builder.py                 214     30    111     30    80%
doozerlib/rpmcfg.py                      159     67     68      9    52%
doozerlib/runtime.py                     806    582    326      6    22%
doozerlib/source_modifications.py         89     28     18      3    65%
doozerlib/state.py                        24     12      8      0    38%
doozerlib/util.py                        274    128     98      3    50%
------------------------------------------------------------------------
TOTAL                                   9034   6035   3633    166    30%
___________________________________ summary ____________________________________
  py3: commands succeeded
  congratulations :)

@vfreex
Copy link
Contributor Author

vfreex commented Jun 23, 2021

Merging this based on the conversation with @jupierce

@vfreex vfreex merged commit 6aadeb2 into openshift-eng:master Jun 23, 2021
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/ocp-build-data that referenced this pull request Jun 30, 2021
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/ocp-build-data that referenced this pull request Jun 30, 2021
vfreex added a commit that referenced this pull request Jul 6, 2021
58c406f [ART-3093] Allow assemblies to specify machine-os-content in gen-payload (#460)
beea167 Fix error message (#461)
6b7c51c Replace mojo links with The Source (#459)
5d71b80 Update doozerlib/plashet.py
d8f0956 Update doozerlib/plashet.py
2568f67 Address unittest failures
4c72f79 [ART-2687] Expose brew event and brew tag to modification scripts
03fb7a7 Allow gen-payload to honor metadata.is
d75c8e5 package_name instead of component_name
70271e6 Fix golang image build
e9e24fc Allow --repo to take precedence over --repo-type defaults (#452)
fd94360 Add additional event-safe methods for koji
0b3ccb0 ART-3050: add plashet from-tags --rhcos
395d222 [ART-3075] Add plashet subverb "for-assembly" (#449)
ef4392e ART-3050: full assembly awareness for plashet from-tags (#439)
537043b Test dependency accumulation
0617168 Ensure inherited member list entries can contribute metadata
2efccc2 Open PRs for base images
417bd11 Fix method docs
6aadeb2 ART-3034: Implement doozer images:rebase --force-yum-updates (#428)
2009bd8 Testing fixes
89d2cad fix multiple-default click option error
345f848 Fix version extraction
1834dc3 A bit more bundle doc
f89b434 Randomize assignee to avoid bugging approver[0]
bc08bbb Lock parent images to assembly basis
e6ff58f Code to merge image/rpm metadata with assembly overrides
vfreex added a commit that referenced this pull request Jul 6, 2021
58c406f [ART-3093] Allow assemblies to specify machine-os-content in gen-payload (#460)
beea167 Fix error message (#461)
6b7c51c Replace mojo links with The Source (#459)
5d71b80 Update doozerlib/plashet.py
d8f0956 Update doozerlib/plashet.py
2568f67 Address unittest failures
4c72f79 [ART-2687] Expose brew event and brew tag to modification scripts
03fb7a7 Allow gen-payload to honor metadata.is
d75c8e5 package_name instead of component_name
70271e6 Fix golang image build
e9e24fc Allow --repo to take precedence over --repo-type defaults (#452)
fd94360 Add additional event-safe methods for koji
0b3ccb0 ART-3050: add plashet from-tags --rhcos
395d222 [ART-3075] Add plashet subverb "for-assembly" (#449)
ef4392e ART-3050: full assembly awareness for plashet from-tags (#439)
537043b Test dependency accumulation
0617168 Ensure inherited member list entries can contribute metadata
2efccc2 Open PRs for base images
417bd11 Fix method docs
6aadeb2 ART-3034: Implement doozer images:rebase --force-yum-updates (#428)
2009bd8 Testing fixes
89d2cad fix multiple-default click option error
345f848 Fix version extraction
1834dc3 A bit more bundle doc
f89b434 Randomize assignee to avoid bugging approver[0]
bc08bbb Lock parent images to assembly basis
e6ff58f Code to merge image/rpm metadata with assembly overrides
vfreex added a commit that referenced this pull request Jul 6, 2021
58c406f [ART-3093] Allow assemblies to specify machine-os-content in gen-payload (#460)
beea167 Fix error message (#461)
6b7c51c Replace mojo links with The Source (#459)
5d71b80 Update doozerlib/plashet.py
d8f0956 Update doozerlib/plashet.py
2568f67 Address unittest failures
4c72f79 [ART-2687] Expose brew event and brew tag to modification scripts
03fb7a7 Allow gen-payload to honor metadata.is
d75c8e5 package_name instead of component_name
70271e6 Fix golang image build
e9e24fc Allow --repo to take precedence over --repo-type defaults (#452)
fd94360 Add additional event-safe methods for koji
0b3ccb0 ART-3050: add plashet from-tags --rhcos
395d222 [ART-3075] Add plashet subverb "for-assembly" (#449)
ef4392e ART-3050: full assembly awareness for plashet from-tags (#439)
537043b Test dependency accumulation
0617168 Ensure inherited member list entries can contribute metadata
2efccc2 Open PRs for base images
417bd11 Fix method docs
6aadeb2 ART-3034: Implement doozer images:rebase --force-yum-updates (#428)
2009bd8 Testing fixes
89d2cad fix multiple-default click option error
345f848 Fix version extraction
1834dc3 A bit more bundle doc
f89b434 Randomize assignee to avoid bugging approver[0]
bc08bbb Lock parent images to assembly basis
e6ff58f Code to merge image/rpm metadata with assembly overrides
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants