Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin the UBI 9 container 9.5-1734495538 (most recent release) #1970

Merged
merged 2 commits into from
Dec 18, 2024

Conversation

MarkEWaite
Copy link
Contributor

@MarkEWaite MarkEWaite commented Dec 18, 2024

Use most recent UBI 9 container image

Dependabot should have detected this container image update, but it did not. Dependabot did not miss these updates in the platformlabeler repository, where a simpler syntax is used for the test data containers.

I'm not sure if that is due to the AS clause or some other reason, but we want to use the most recent UBI 9 container image as a base, so this pull request makes sense in any case.

Latest image released 2 days ago from https://catalog.redhat.com/software/containers/ubi9/ubi/615bcf606feffc5384e8452e

I've opened a GitHub discussion topic to ask if there is a better way to handle this so that Dependabot will detect the change. Refer to

The first commit in the pull request mistakenly used an older version. The second commit fixes that mistake and uses the most recent version.

Testing done

None. Rely on ci.jenkins.io to check the new container image.

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

Dependabot should have detected this container image update, but it
did not.  Dependabot did not miss these updates in the platformlabeler
repository, where a simpler syntax is used for the test data containers.

I'm not sure if that is due to the AS clause or some other reason,
but we want to use the most recent UBI 9 container image as a base,
so this pull request makes sense in any case.

Latest image released 2 days ago from
https://catalog.redhat.com/software/containers/ubi9/ubi/615bcf606feffc5384e8452e
@MarkEWaite MarkEWaite requested a review from a team as a code owner December 18, 2024 01:12
@dduportal
Copy link
Contributor

I might be missing something 🤔 but:

I would have expected the tag 9.5 to always point to the latest 9.5-xxxx version and being kept up to date.

docker run --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5-1734081738  -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Fri Dec 13 09:37:56 2024
docker run --platform=linux/amd64 --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5-1734081738  -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Fri Dec 13 09:33:25 2024

docker run --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5 -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Wed Dec 18 04:31:14 2024
docker run --platform=linux/amd64 --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5 -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Wed Dec 18 04:27:18 2024

=> shows that it's even more recent than the proposed timestamped image.

Copy link
Contributor

@dduportal dduportal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even if 9.5 is the "most recent" (?) tag, using a timestamped tag is clearly a better way to make the container images more deterministic.

I'm for this change!

Nitpick: @MarkEWaite WDYT about changing the PR title to mention we're pinning the UBI 9.5-x version?

@MarkEWaite
Copy link
Contributor Author

=> shows that it's even more recent than the proposed timestamped image.

Thanks for catching that cut and paste error that I made. I intended to pin the most recent release and instead I copied a previous release. That's now fixed in the latest commit to the repository. Will update the pull request title to note that it is pinning to a specific timestamp like the Debian container image.

@MarkEWaite MarkEWaite changed the title Use most recent UBI 9 container image Pin the UBI 9 container 9.5-1734495538 (most recent release) Dec 18, 2024
Copy link
Contributor

@dduportal dduportal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merging as the test failures in the checks are unrelated to this change (Windows)

@dduportal dduportal merged commit cadf75e into jenkinsci:master Dec 18, 2024
9 of 12 checks passed
@MarkEWaite MarkEWaite deleted the use-latest-ubi-9-container branch December 18, 2024 17:25
@saper
Copy link
Collaborator

saper commented Dec 21, 2024

I would have expected the tag 9.5 to always point to the latest 9.5-xxxx version and being kept up to date.

I think that is the expected behaviour - I'd expect dependabot to raise a PR if, for example, 9.6 comes out.

@MarkEWaite
Copy link
Contributor Author

I would have expected the tag 9.5 to always point to the latest 9.5-xxxx version and being kept up to date.

I think that is the expected behaviour - I'd expect dependabot to raise a PR if, for example, 9.6 comes out.

Thanks for the insight! I think that you're right.

I was misunderstanding the platformlabeler test data generator results because In the platformlabeler test data, I seem to provide the more specific label (when available) and then rely on dependabot to update it to more recent versions. I think that it is better to use the more specific label for repeatable builds, but other maintainers may feel differently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants