-
-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pin the UBI 9 container 9.5-1734495538 (most recent release) #1970
Pin the UBI 9 container 9.5-1734495538 (most recent release) #1970
Conversation
Dependabot should have detected this container image update, but it did not. Dependabot did not miss these updates in the platformlabeler repository, where a simpler syntax is used for the test data containers. I'm not sure if that is due to the AS clause or some other reason, but we want to use the most recent UBI 9 container image as a base, so this pull request makes sense in any case. Latest image released 2 days ago from https://catalog.redhat.com/software/containers/ubi9/ubi/615bcf606feffc5384e8452e
I might be missing something 🤔 but: I would have expected the tag docker run --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5-1734081738 -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Fri Dec 13 09:37:56 2024
docker run --platform=linux/amd64 --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5-1734081738 -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Fri Dec 13 09:33:25 2024
docker run --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5 -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Wed Dec 18 04:31:14 2024
docker run --platform=linux/amd64 --rm -ti --entrypoint=bash registry.access.redhat.com/ubi9/ubi:9.5 -c 'rpm -qi basesystem' | grep 'Install Date'
Install Date: Wed Dec 18 04:27:18 2024 => shows that it's even more recent than the proposed timestamped image. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even if 9.5
is the "most recent" (?) tag, using a timestamped tag is clearly a better way to make the container images more deterministic.
I'm for this change!
Nitpick: @MarkEWaite WDYT about changing the PR title to mention we're pinning the UBI 9.5-x version?
Thanks for catching that cut and paste error that I made. I intended to pin the most recent release and instead I copied a previous release. That's now fixed in the latest commit to the repository. Will update the pull request title to note that it is pinning to a specific timestamp like the Debian container image. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Merging as the test failures in the checks are unrelated to this change (Windows)
I think that is the expected behaviour - I'd expect dependabot to raise a PR if, for example, 9.6 comes out. |
Thanks for the insight! I think that you're right. I was misunderstanding the platformlabeler test data generator results because In the platformlabeler test data, I seem to provide the more specific label (when available) and then rely on dependabot to update it to more recent versions. I think that it is better to use the more specific label for repeatable builds, but other maintainers may feel differently. |
Use most recent UBI 9 container image
Dependabot should have detected this container image update, but it did not. Dependabot did not miss these updates in the platformlabeler repository, where a simpler syntax is used for the test data containers.
I'm not sure if that is due to the AS clause or some other reason, but we want to use the most recent UBI 9 container image as a base, so this pull request makes sense in any case.
Latest image released 2 days ago from https://catalog.redhat.com/software/containers/ubi9/ubi/615bcf606feffc5384e8452e
I've opened a GitHub discussion topic to ask if there is a better way to handle this so that Dependabot will detect the change. Refer to
The first commit in the pull request mistakenly used an older version. The second commit fixes that mistake and uses the most recent version.
Testing done
None. Rely on ci.jenkins.io to check the new container image.
Submitter checklist