build, run: record hash or digest in image history for sources used in --mount
#5691
Conversation
|
Need to add tests, will undraft then. |
|
Will rebase after this #5693 |
|
I'm surprised that we'd care about the contents of caches. I'd be inclined to archive the contents of a directory (and create a single-entry archive for a non-directory) to account for different permissions/ownership/datestamps/xattrs and to safely handle soft and hard links. |
If i'm understanding this correctly, did you mean instead of |
I wouldn't expect the archive to be written anywhere, but the digest of an archive is something we already use as a way of describing contents, when handling COPY and ADD instructions. I don't know yet about doing this over the entire build context or additional build context if only a portion of it is being used at that point (i.e., if "src" is set to a subdirectory). |
This sounds good to me, i will amend the PR. |
|
I'm seeing this behavior with ARG PATH_1=mydirectory
ARG SELINUXRELABEL=,z
ARG DISTRO=PATH_1
RUN --mount=type=bind,source=${PATH_1:?},target=/tmp/${PATH_1:?}${SELINUXRELABEL:?} \
echo NopSubsequently, |
@sanmai-NL Are contents of |
|
Thanks for your response. Yes indeed, they do end up in there, which I find surprising. And which is the reason for my comment. Some factors which may cause this in case the problem isn't general |
Re-reading your comment... So you do find this ending up in a layer by-design, do you? But this way, information leaks and the image bloats. |
@sanmai-NL What you are describing is a different bug, would it be possible to create a small reproducer and open a new issue ? |
|
A friendly reminder that this PR had no activity for 30 days. |
|
Since #5693 is merged, i'll get back to this. |
flouthoc
force-pushed
the
burst-cache-mount
branch
from
b1aa69d to
2b42840
Compare
flouthoc
force-pushed
the
burst-cache-mount
branch
from
2b42840 to
4e114bd
Compare
|
@nalind @containers/buildah-maintainers PTAL |
flouthoc
force-pushed
the
burst-cache-mount
branch
from
4e114bd to
03fd1c1
Compare
flouthoc
force-pushed
the
burst-cache-mount
branch
from
03fd1c1 to
78a884c
Compare
|
@nalind Could you PTAL again. |
imagebuildah/stage_executor.go
Outdated
| if imgID, ref, err = s.commit(ctx, s.getCreatedBy(nil, ""), emptyLayer, s.output, s.executor.squash || s.executor.confidentialWorkload.Convert, lastStage); err != nil { | ||
| createdBy, err := s.getCreatedBy(nil, "") | ||
| if err != nil { | ||
| return "", nil, false, err |
There was a problem hiding this comment.
Get in the habit of adding context to errors being passed up from calls to methods that returned them, to make it easier to follow the call stack when troubleshooting and debugging. Not just here, but throughout this PR.
internal/util/util.go
Outdated
| return "", err | ||
| } | ||
|
|
||
| tarWriter.Close() |
There was a problem hiding this comment.
Move this to just above the if err != nil check, if its return value isn't going to be checked.
|
In its current form, this considers caches where a "src" option is used to select a subdirectory, but not otherwise. It should either check the mount type and skip caches, or make arrangements to handle those cases. |
flouthoc
force-pushed
the
burst-cache-mount
branch
3 times, most recently
from
7718e85 to
e88f782
Compare
tests/bud.bats
Outdated
| Helloworld2 | ||
| _EOF | ||
|
|
||
| # on third run since we have added new file `anotherfile` so cache must burst. |
flouthoc
force-pushed
the
burst-cache-mount
branch
3 times, most recently
from
78cac13 to
ef188af
Compare
| data := []byte("Hello, world!") | ||
| if _, err := tempFile.Write(data); err != nil { | ||
| t.Fatalf("Failed to write data to temp file: %v", err) | ||
| } |
There was a problem hiding this comment.
Not a blocker: unless the filename being randomized is important to the test, using os.WriteFile() would be shorter.
When using `--mount=type=bind` or `--mount=type=cache` the hash or digest of source in these flags should be added to image history so buildah can burst cache if files on host or image which is being used as source is changed. Signed-off-by: flouthoc <[email protected]>
flouthoc
force-pushed
the
burst-cache-mount
branch
from
ef188af to
4383e34
Compare
|
@nalind Could you PTAL again. |
|
/lgtm |
|
@rhatdan @containers/build-maintainers PTAL |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
When using
--mount=type=bindor--mount=type=cachethe hash or digest of source in these flags should be added to image history so buildah can burst cache if files on host or image which is being used as source is changed.Closes
podman buildnot invalidating layers after a change in a--mount=type=binddirectory podman#23382What type of PR is this?
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?