support push docker image step #1550
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
…eline-library into feature/docker-tag-push-step * 'feature/docker-tag-push-step' of github.com:v1v/apm-pipeline-library: docs: update CHANGELOG.md [maven-release-plugin] prepare for next development iteration [maven-release-plugin] prepare release v1.1.293 fix: update the Kibana build script to the latest changes (#1551)
vars/pushDockerImages.txt
Outdated
| * secret: the docker secret | ||
| * registry: the docker registry | ||
| * arch: the supported arch (amd64 or arm64) | ||
| * version: what version | ||
| * snapshot: snapshot support | ||
| * imageName: the docker image name. | ||
| * variants: variants and docker namespace to copy from. | ||
| * targetNamespace: what docker namespace to publish to. |
There was a problem hiding this comment.
version, arch and variant are complicated, it is not obvious what will be the tag, maybe it worth a few examples to understand how it works
There was a problem hiding this comment.
The above example is not enough?
There was a problem hiding this comment.
I do not think so, you do not know which Docker image is the source and which will be the destination if you do not check the code.
vars/pushDockerImages.groovy
Outdated
| def targetNamespace = args.targetNamespace | ||
| def registry = args.registry | ||
|
|
||
| def sourceName = "${registry}/${sourceNamespace}/${name}${variant}:${sourceTag}" |
There was a problem hiding this comment.
Not sure is correct
def registry = 'docker.elastic.co'
def sourceNamespace = 'observability-ci'
def name = 'metricbeat'
variant = 'cloud'
sourceTag = '8.0.0-SNAPSHOT'
docker.elastic.co/observability-ci/metricbeatcloud:8.0.0-SNPASHOT
There was a problem hiding this comment.
I don't understand your question, sourceNamespace is never observability-ci but the one the consumer decides. That's exactly the same implementation as used to be -> https://github.com/elastic/beats/pull/30414/files#diff-5edb5ab93fc95960129eecb2ee3d8763a9c5e02b56e5b80126e0c5a52296ee8fL352
There was a problem hiding this comment.
aha! variant should contain -cloud rather than cloud
There was a problem hiding this comment.
the values are examples to point you to the separator (-) issue
There was a problem hiding this comment.
I don't think that's an issue:
"${registry}/${sourceNamespace}/${name}${variant}:${sourceTag}" then variable names should be defined with the format needed, otherwise what will you use?
vars/pushDockerImages.groovy
Outdated
| def registry = args.registry | ||
|
|
||
| def sourceName = "${registry}/${sourceNamespace}/${name}${variant}:${sourceTag}" | ||
| def targetName = "${registry}/${targetNamespace}/${name}${variant}:${targetTag}" |
There was a problem hiding this comment.
not sure is correct
def registry = 'docker.elastic.co'
def sourceNamespace = 'observability-ci'
def name = 'metricbeat'
variant = 'cloud'
sourceTag = '8.0.0-SNAPSHOT'
docker.elastic.co/observability-ci/metricbeatcloud:8.0.0-SNPASHOT
There was a problem hiding this comment.
There was a problem hiding this comment.
I'd prefer hiding the - prefix, and let it as an implementation detail:
variants: [
'' : 'beats',
'ubi8' : 'beats',
'cloud' : 'beats-ci',
'complete' : 'beats',
],and then evaluate it internally when building the image name: if the variant key is not empty, prepend the -. Otherwise the consumer could be adding whatever they like as variant separator, like ~cloud or even worst :cloud. I know this is weird, but I'd see it better if we are controlling the inputs. We could even sanitise them, removing :,\/; etc...
Wdyt?
There was a problem hiding this comment.
I understand the concern, but I'd rather prefer the freedom in case there is a corner case to support something else. No strong opinion though
There was a problem hiding this comment.
Not a blocker on my side either. We have it already working in the old system and this PR is simply moving it to another shareable place 😄 I'm totally OK with keeping it as is.
| if (snapshot) { | ||
| // remove third number in version | ||
| aliasVersion = version.substring(0, version.lastIndexOf(".")) + "-SNAPSHOT" | ||
| sourceTag += "-SNAPSHOT" | ||
| } |
There was a problem hiding this comment.
I think that this logic should not be here, it is related to process aliases, but not related to pushes Docker images, also, it is not needed if you pass the correct tag.
def version = '8.0.0'
aliasVersion -> 8.0-SNAPSHOT
There was a problem hiding this comment.
Bear in mind, this implementation did nothing but copy the existing one in the packaging.groovy file, so I didn't want to change the contract
| def registry = args.containsKey('registry') ? args.registry : error('pushDockerImages: registry parameter is required') | ||
| def secret = args.containsKey('secret') ? args.secret : error('pushDockerImages: secret parameter is required') | ||
| def targetNamespace = args.containsKey('targetNamespace') ? args.targetNamespace : error('pushDockerImages: targetNamespace parameter is required') | ||
| def version = args.containsKey('version') ? args.version : error('pushDockerImages: version parameter is required') |
There was a problem hiding this comment.
It is stack-oriented variable, it limits the use of the step
| pushDockerImages( | ||
| secret: "my-secret", | ||
| registry: "my-registry", | ||
| arch: 'amd64', | ||
| version: '8.2.0', | ||
| snapshot: true, | ||
| imageName : 'filebeat', | ||
| variants: [ | ||
| '' : 'beats', | ||
| 'ubi8' : 'beats', | ||
| 'cloud' : 'beats-ci', | ||
| 'complete' : 'beats', | ||
| ], | ||
| targetNamespace: 'observability-ci' | ||
| ) |
There was a problem hiding this comment.
I think version and arch are redundant, the variants cover the need to push a matrix of Docker images. If we need to specialize the push we can do it in steps designed to implement that layer.
It is more straightforward to have in variants the source tag, the destination tag, and the namespace. even though you have to repeat some configuration values the code will be much simpler and easy to configure.
There was a problem hiding this comment.
I understand that the configuration is the one we need to agree, and what do you propose?
This comment was marked as duplicate.
This comment was marked as duplicate.
See e187d64 |
vars/pushDockerImages.txt
Outdated
| variants: [ | ||
| '' : 'beats', | ||
| '-ubi8' : 'beats', | ||
| '-cloud' : 'beats-ci', | ||
| '-complete' : 'beats', | ||
| ], |
There was a problem hiding this comment.
What is the contract to define variant keys and values? I know it's something the consumer should know what to put here, but for having an overall reference, as I'm not able to infer any pattern with the current example
There was a problem hiding this comment.
The existing contract was already defined in the packaging.groovy as code:
This particular variants map provides:
- new variant name to be created and what targetNamespace.
Maybe the name could be changed to variantsNamespaceMap if it helps.
I still think this particular implementation could be much simpler if it's done by the build system itself. then from the CI point of view we only need to:
dockerLogin(...)
sh 'mage publishDockerImages'
For each beats.
vars/pushDockerImages.groovy
Outdated
| */ | ||
| def call(Map args = [:]) { | ||
| if(!isUnix()){ | ||
| error('publishToCDN: windows is not supported yet.') |
There was a problem hiding this comment.
| error('publishToCDN: windows is not supported yet.') | |
| error('pushDockerImages: windows is not supported yet.') |
Do you mean something like the below snippet? |
…push-step * upstream/main: docs: update CHANGELOG.md [maven-release-plugin] prepare for next development iteration [maven-release-plugin] prepare release v1.1.297 Enable uploadPackagesToGoogleBucket step for Beats/ElasticAgent (#1549) feat: improve build Kibana Docker images (#1559)
| ``` | ||
|
|
||
| * refspec: A branch (i.e. main), or a pull request identified by the "pr/" prefix and the pull request ID. | ||
| * refspec: A branch (i.e. main), a commit SHA, a tag, or a pull request identified by the "pr/" prefix and the pull request ID. |
There was a problem hiding this comment.
Tags are not supported, for release tags you can use the official image and for other tags you can use the commit SHA
| * refspec: A branch (i.e. main), a commit SHA, a tag, or a pull request identified by the "pr/" prefix and the pull request ID. | |
| * refspec: A branch (i.e. main), a commit SHA, or a pull request identified by the "pr/" prefix and the pull request ID. |
There was a problem hiding this comment.
I will fix it in other PR is not related with this one
There was a problem hiding this comment.
This is unrelated to this PR, since it was generated, let's fix the comment in a follow up
3 participants
What does this PR do?
Refactor a common step used in Beats, elastic-agent and fleet-server that could benefit us to reduce the complexity in those pipelines with something that's tested accordingly.
You can see how it works in: