From e3a287671253c4e26f77a4e7b2e576e1ccf39ef4 Mon Sep 17 00:00:00 2001 From: Marek Skrobacki Date: Tue, 23 Apr 2024 09:42:55 +0100 Subject: [PATCH 1/2] dnsmasq: switch to Debian, pin versions Turns out Alpine project does not really follow semver and removes any outdated packages from their repositories as soon as the new versions are released. This results in a non-reproducible builds. See https://gitlab.alpinelinux.org/alpine/abuild/-/issues/9996 for more details. This commit switches the base image to a slimmed down version of Debian, which allows us to use more stable package versioning at the cost of increasing image size from ~75MB to ~120MB. Closes PUC-241. --- .../generic/containers/Dockerfile.python312_alpine | 1 + containers/Dockerfile.dnsmasq | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/argo-workflows/generic/containers/Dockerfile.python312_alpine b/argo-workflows/generic/containers/Dockerfile.python312_alpine index 4f511f05..dc30936c 100644 --- a/argo-workflows/generic/containers/Dockerfile.python312_alpine +++ b/argo-workflows/generic/containers/Dockerfile.python312_alpine @@ -1,3 +1,4 @@ + FROM python:3.12.2-alpine3.19 as builder LABEL org.opencontainers.image.title="Python 3.12 image base image" diff --git a/containers/Dockerfile.dnsmasq b/containers/Dockerfile.dnsmasq index c26e0b58..7e6cf069 100644 --- a/containers/Dockerfile.dnsmasq +++ b/containers/Dockerfile.dnsmasq @@ -1,7 +1,10 @@ # syntax=docker/dockerfile:1 -FROM alpine:3.19.1 +FROM debian:bookworm-20240408-slim -RUN apk add --update --no-cache dnsmasq=2.90-r2 python3=3.11.8-r0 py3-pip=23.3.1-r0 py3-jinja2=3.1.2-r3 +RUN apt-get update && \ + apt-get -y install --no-install-recommends dnsmasq=2.89-1 python3-jinja2=3.1.2-1 && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* COPY common/helpers.sh /helpers.sh COPY dnsmasq/entry-point.sh /entry-point.sh From 4d6fdc684826725f93d19578ec309e9116e3fdd6 Mon Sep 17 00:00:00 2001 From: Marek Skrobacki Date: Tue, 23 Apr 2024 14:44:49 +0100 Subject: [PATCH 2/2] dnsmasq: version the container independently --- .github/workflows/containers.yaml | 3 +-- components/ironic/dnsmasq-ss.yaml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/containers.yaml b/.github/workflows/containers.yaml index 2fc7feb8..61008b15 100644 --- a/.github/workflows/containers.yaml +++ b/.github/workflows/containers.yaml @@ -57,10 +57,9 @@ jobs: tags: | type=raw,value=latest,enable={{is_default_branch}} type=sha,enable={{is_default_branch}} - type=raw,value=2023.1-ubuntu_jammy + type=raw,value=0.0.1 labels: | org.opencontainers.image.title=dnsmasq for Ironic deployed as openstack-helm - org.opencontainers.image.base.name=docker.io/alpine:3.19.1 - name: build and deploy dnsmasq container to registry uses: docker/build-push-action@v5 with: diff --git a/components/ironic/dnsmasq-ss.yaml b/components/ironic/dnsmasq-ss.yaml index 66279908..93ad75a6 100644 --- a/components/ironic/dnsmasq-ss.yaml +++ b/components/ironic/dnsmasq-ss.yaml @@ -23,7 +23,7 @@ spec: component: conductor containers: - name: dnsmasq - image: ghcr.io/rackerlabs/openstackhelm/dnsmasq:2023.1-ubuntu_jammy + image: ghcr.io/rackerlabs/openstackhelm/dnsmasq:0.0.1 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false