Change build tag from COMMIT_SHA to SHORT_SHA-BUILD_ID.
Rebuilding a container from the same commit can build a different
container image but it is not reflected in the image tag. To distinguish
images built from the same commit, we use SHORT_SHA and BUILD_ID.
Updates the user doc accordinly.
BUG=b/297072262
TEST=None
RELEASE_NOTE=None
Change-Id: I8bf149605f242cdf7388d2546c31c6e0d7baedfd
Reviewed-on: https://cos-review.googlesource.com/c/cos/tools/+/66030
Tested-by: Anil Altinay <aaltinay@google.com>
Reviewed-by: Arnav Kansal <rnv@google.com>
Cloud-Build: GCB Service account <228075978874@cloudbuild.gserviceaccount.com>
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index c0db729..8cb22bf 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -1,5 +1,5 @@
substitutions:
- _TAG_NAME: ${COMMIT_SHA}
+ _TAG_NAME: ${SHORT_SHA}-${BUILD_ID}
_BUILD_TOOLS_CACHE: 'https://storage.googleapis.com/cos-infra-prod_cloudbuild/cos-tools-cache'
steps:
- name: 'gcr.io/cloud-builders/docker'
diff --git a/postsubmit-cloudbuild.yaml b/postsubmit-cloudbuild.yaml
index ad5a077..9f52dad 100644
--- a/postsubmit-cloudbuild.yaml
+++ b/postsubmit-cloudbuild.yaml
@@ -1,5 +1,5 @@
substitutions:
- _TAG_NAME: ${COMMIT_SHA}
+ _TAG_NAME: ${SHORT_SHA}-${BUILD_ID}
_BUILD_TOOLS_CACHE: 'https://storage.googleapis.com/cos-infra-prod_cloudbuild/cos-tools-cache'
steps:
- name: 'gcr.io/cloud-builders/docker'
diff --git a/release/README.md b/release/README.md
index 9b19fab..49c199a 100644
--- a/release/README.md
+++ b/release/README.md
@@ -2,9 +2,11 @@
Container images for container source code present in [cos/tools](https://cos.googlesource.com/cos/tools) are built utilizing the Google [cloud build](https://cloud.google.com/build) service. An automated build system which utilizes cloud build [triggers](https://cloud.google.com/build/docs/automating-builds/create-manage-triggers) builds the container images whenever changes are pushed on the cos/tools git repo. Any change to the container images source code automatically triggers new builds for all the containers in this repo.
+In addition to builds triggered after a change on cos/tools, we have nightly builds for all the containers in this repo.
+
The recipes for building the containers are specified as [dockerfiles](https://docs.docker.com/engine/reference/builder) (for eg. toolbox [Dockerfile](https://cos.googlesource.com/cos/tools/+/refs/heads/master/src/cmd/toolbox/Dockerfile)). Further [buildx](https://docs.docker.com/buildx/working-with-buildx/) is used to create images for multiple target architectures(x86 64, ARM64).
-For each new build executed by the automated triggers, the built container images are pushed to an internal google container image registry with unique tag labels which are the GIT commit sha of the change being updated.
+For each new build executed by the automated triggers and nightly builds, the built container images are pushed to an internal google container image registry with unique tag labels with pattern of <short-sha>-<build-id>. Short-sha is the short version of GIT commit-sha of the change being updated. Build-id is a unique id assigned by cloud build. To pick a release candidate, find the latest image that has the matching short-sha to the commit-sha of the change.
The release process is a multi-party code reviewed automated process(see source [here](https://cos.googlesource.com/cos/tools/+/refs/heads/master/release)). This is also achieved by using the cloud build triggers on the cos/tools repository. The release candidates (state of the releases) live in a config file([source](https://cos.googlesource.com/cos/tools/+/refs/heads/master/release/release-versions.yaml)). When changes are made to the release candidates, an automated cloud build process copies the specified container images from the internal google container image registry to the public [cos-cloud](gcr.io/cos-cloud) container registry.
diff --git a/release/release-versions.yaml b/release/release-versions.yaml
index 1c1703b..5455491 100644
--- a/release/release-versions.yaml
+++ b/release/release-versions.yaml
@@ -1,35 +1,35 @@
- staging_container_name: "cos-customizer"
release_container_name: "cos-customizer"
- build_commit: "341e398593ce7e096cf3b32462b4a1c04a25cd34"
+ build_tag: "341e398593ce7e096cf3b32462b4a1c04a25cd34"
release_tags:
- "latest"
- "v20230815"
- staging_container_name: "toolbox"
release_container_name: "toolbox"
- build_commit: "6617a4e71d256cbc04203d080bb3ee4c0ffb3a8a"
+ build_tag: "6617a4e71d256cbc04203d080bb3ee4c0ffb3a8a"
release_tags:
- "latest"
- "v20240212"
- staging_container_name: "cos-gpu-installer-v1"
release_container_name: "cos-gpu-installer"
- build_commit: "7d2cd42758caf72ed8a49c26bea8720e410216ed"
+ build_tag: "7d2cd42758caf72ed8a49c26bea8720e410216ed"
release_tags:
- "latest"
- "v20230815"
- staging_container_name: "cos-gpu-installer"
release_container_name: "cos-gpu-installer"
- build_commit: "1b18fc612427022957a662b9aa2905a5411fba85"
+ build_tag: "1b18fc612427022957a662b9aa2905a5411fba85"
release_tags:
- "v2.2.1"
- staging_container_name: "cos-gpu-driver-builder"
release_container_name: "cos-gpu-driver-builder"
- build_commit: "d742bf7c5f9b3081f8467ce7236c2fa8c0a3cb63"
+ build_tag: "d742bf7c5f9b3081f8467ce7236c2fa8c0a3cb63"
release_tags:
- "latest"
- "v1.1.3"
- staging_container_name: "cos-gpu-config-builder"
release_container_name: "cos-gpu-config-builder"
- build_commit: "3e19b481013cc45ef82aedc710d63e964c70f3c9"
+ build_tag: "3e19b481013cc45ef82aedc710d63e964c70f3c9"
release_tags:
- "latest"
- "v0.1.1"
diff --git a/release/release.py b/release/release.py
index d753a60..73d68c5 100644
--- a/release/release.py
+++ b/release/release.py
@@ -14,7 +14,7 @@
def validate_config(release_config):
for release_container in release_config:
- for key in ["staging_container_name", "release_container_name", "build_commit", "release_tags"]:
+ for key in ["staging_container_name", "release_container_name", "build_tag", "release_tags"]:
assert key in release_container, "missing {} in entry {}".format(key, release_container)
def validate_src_gcr_path(path):
@@ -59,7 +59,7 @@
for release_container in release_config:
staging_container_name = release_container["staging_container_name"]
release_container_name = release_container["release_container_name"]
- build_tag = release_container["build_commit"]
+ build_tag = release_container["build_tag"]
release_tags = release_container["release_tags"]
for dst_bucket in dst_buckets:
copy_container_image(src_bucket, dst_bucket, staging_container_name, release_container_name, build_tag, release_tags)
diff --git a/release/tests/release-note-cve-verifier.py b/release/tests/release-note-cve-verifier.py
index 784060f..8e908e0 100644
--- a/release/tests/release-note-cve-verifier.py
+++ b/release/tests/release-note-cve-verifier.py
@@ -15,7 +15,7 @@
def validate_config(release_config):
for release_container in release_config:
- for key in ["staging_container_name", "release_container_name", "build_commit", "release_tags"]:
+ for key in ["staging_container_name", "release_container_name", "build_tag", "release_tags"]:
assert key in release_container, "missing {} in entry {}".format(key, release_container)
def validate_src_gcr_path(path):
@@ -37,7 +37,7 @@
verify_result = True
for release_container in release_config:
staging_container_name = release_container["staging_container_name"]
- build_tag = release_container["build_commit"]
+ build_tag = release_container["build_tag"]
src_path = os.path.join(src_bucket, staging_container_name)
container_tag_url = src_path + ":" + build_tag
# We need digest URL for occurences.
