build: add support for --inherit-labels
#6103
Conversation
|
/packit retest-failed |
|
Account Honny1 has no write access nor is author of PR! |
define/build.go
Outdated
| @@ -236,6 +236,9 @@ type BuildOptions struct { | |||
| // ID mapping options to use if we're setting up our own user namespace | |||
| // when handling RUN instructions. | |||
| IDMappingOptions *IDMappingOptions | |||
| // InheritLabels allows users to specify if they want | |||
| // to inheritlabels from base image or not. | |||
There was a problem hiding this comment.
| // to inheritlabels from base image or not. | |
| // to inherit labels from base image or not. |
docs/buildah-build.1.md
Outdated
| @@ -497,6 +497,10 @@ Path to an alternative .containerignore (.dockerignore) file. | |||
| Write the built image's ID to the file. When `--platform` is specified more | |||
| than once, attempting to use this option will trigger an error. | |||
|
|
|||
| **--inherit-labels** *bool-value* | |||
|
|
|||
| Allows users to specify if they want to inherit labels from base image or not. (Default is `true`). | |||
There was a problem hiding this comment.
"Allows users" is kind of implied here, in the man page. Describe what the tool will do when the flag is specified.
There was a problem hiding this comment.
Perhaps
Inherit the labels from the base image (default true).
I'm assuming the default is true; I haven't read the rest.
| # and `hello=world` which we just added using cli flag | ||
| want_output='map["hello":"world" "io.buildah.version":"'$buildah_version'"]' | ||
| run_buildah inspect --format '{{printf "%q" .Docker.Config.Labels}}' exp | ||
| expect_output "$want_output" |
There was a problem hiding this comment.
This needs to test builds with multiple layers (--layers=true) and ensure that the build cache doesn't use images that have been built with one value for this setting when the build is running with a different value, since the resulting configurations would differ.
It should probably also check running a multi-stage build where an earlier stage that's used as the base of a later stage sets a label, as I suspect that might not behave as expected in this iteration.
There was a problem hiding this comment.
It would also be good to add a test just using --inherit-labels" to ensure the default works and doesn't get change in the future. I'm also a bit on the OCD side, I'd also like a --inherit-labels=true` test, but not completely necessary.
There was a problem hiding this comment.
I added tests to work with --layers
pkg/cli/common.go
Outdated
| @@ -230,6 +231,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet { | |||
| fs.StringVar(&flags.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry") | |||
| fs.BoolVar(&flags.Compress, "compress", false, "this is a legacy option, which has no effect on the image") | |||
| fs.BoolVar(&flags.CompatVolumes, "compat-volumes", false, "preserve the contents of VOLUMEs during RUN instructions") | |||
| fs.BoolVar(&flags.InheritLabels, "inherit-labels", true, "inherit labels from base image") | |||
There was a problem hiding this comment.
| fs.BoolVar(&flags.InheritLabels, "inherit-labels", true, "inherit labels from base image") | |
| fs.BoolVar(&flags.InheritLabels, "inherit-labels", true, "inherit the labels from the base image") |
|
/packit retest-failed |
flouthoc
force-pushed
the
inherit-labels
branch
3 times, most recently
from
b10e993 to
2df09fd
Compare
define/build.go
Outdated
| @@ -236,6 +236,9 @@ type BuildOptions struct { | |||
| // ID mapping options to use if we're setting up our own user namespace | |||
| // when handling RUN instructions. | |||
| IDMappingOptions *IDMappingOptions | |||
| // InheritLabels allows users to specify if they want | |||
There was a problem hiding this comment.
Same comment as for the man page: we're at the API level here, so just describe what the library will be doing differently based on this field, perhaps something like "InheritLabels controls whether or not built images will retain the labels which were set in their base images".
| # Now build same file with --inherit-labels=true and verify if using the cache | ||
| run_buildah build $WITH_POLICY_JSON --layers --inherit-labels=true -t exp -f $BUDFILES/base-with-labels/Containerfile.layer | ||
| # Should contain `Using cache` at all since | ||
| expect_output --substring " Using cache" |
There was a problem hiding this comment.
How many times is "Using cache" expected to be printed? Would it be simpler to compare the IDs of the final images?
There was a problem hiding this comment.
I also added a check below to verify image id.
There was a problem hiding this comment.
This should also be checked for multi-stage builds, since for those we generally leave the final image for a stage around for use in caching.
flouthoc
force-pushed
the
inherit-labels
branch
2 times, most recently
from
97fe66a to
e812133
Compare
With this current patch it if |
There was a problem hiding this comment.
With this current patch it if
--inherit-labels=falseis set it does not inherit label intotargetstage from base stages. I think that aligns with the docs that no labels are inherited at all from base image. I added a test to verify that. WDYT ?
You could ask in the issue that prompted this PR, and given how #5762 describes handling of ARGs, which don't even get recorded in images, I'm not sure if I know what the correct behavior should be for labels when the base image for a stage is part of the same build. Either way, the detail should be mentioned in the docs.
| # Now build same file with --inherit-labels=true and verify if using the cache | ||
| run_buildah build $WITH_POLICY_JSON --layers --inherit-labels=true -t exp -f $BUDFILES/base-with-labels/Containerfile.layer | ||
| # Should contain `Using cache` at all since | ||
| expect_output --substring " Using cache" |
There was a problem hiding this comment.
This should also be checked for multi-stage builds, since for those we generally leave the final image for a stage around for use in caching.
flouthoc
force-pushed
the
inherit-labels
branch
2 times, most recently
from
1477512 to
04b2894
Compare
I updated the doc to reflect both |
| @@ -2670,6 +2670,69 @@ _EOF | |||
| expect_output "$want_output" | |||
| } | |||
|
|
|||
| @test "bud and test inherit-labels" { | |||
There was a problem hiding this comment.
Missing calls to _prefetch in here.
There was a problem hiding this comment.
tests/bud/base-with-labels/Containerfile.multi-stage uses "alpine" as its base.
There was a problem hiding this comment.
I added _prefetch alpine too.
flouthoc
force-pushed
the
inherit-labels
branch
from
04b2894 to
e9b339f
Compare
Allows users to specify if they want to inherit labels from base image or not. Signed-off-by: flouthoc <[email protected]>
flouthoc
force-pushed
the
inherit-labels
branch
from
e9b339f to
a235033
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, nalind The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Did we ever have a conversation on why not just do --cap-drop=all has precedence. |
|
@rhatdan I think you mean |
|
/lgtm |
Allows users to specify if they want to inherit labels from base image or not.
Closes: #6098
What type of PR is this?
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?