Fix PostCommit XVR GoUsingJava Dataflow job

[aIbrahiim]

Fixes: #30519

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

• Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
• Update CHANGES.md with noteworthy changes.
• If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.

[gemini-code-assist]

Summary of Changes

Hello @aIbrahiim, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the reliability of the Docker image build and push process for Python containers within the Java Dataflow runner. It introduces comprehensive checks to ensure the required Docker image is available locally, from the build cache, or from the registry before attempting to push, thereby preventing failures due to missing images. Additionally, it refines the Docker push command for better compatibility and explicit configuration, specifically addressing a post-commit issue related to XVR Java Dataflow.

Highlights

• Docker Image Availability Check: Implemented a robust check for the existence of the Docker Python container image before pushing. This involves inspecting local images, attempting to load from the buildx cache, and finally trying to pull from the registry. If the image is not found through any of these methods, a GradleException is thrown.
• Improved Docker Push Command: The Docker push command was updated to directly use 'docker push' instead of 'gcloud docker -- push'. Additionally, the CLOUDSDK_CONFIG environment variable is now explicitly set to ensure proper authentication and configuration for the push operation.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/beam_PostCommit_XVR_GoUsingJava_Dataflow.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[aIbrahiim]

Changed CLOUDSDK_CONFIG to /tmp/gcloud as the original KUBELET_GCLOUD_CONFIG_PATH was pointing to a read only directory in the pod, so gcloud couldn't write its config files and was crashing with permission errors while /tmp/gcloud is writable and fixes the authentication issues

[github-actions]

Assigning reviewers:

R: @liferoad for label build.

Note: If you would like to opt out of this review, comment assign to next reviewer.

Available commands:

• stop reviewer notifications - opt out of the automated review tooling
• remind me after tests pass - tag the comment author after tests pass
• waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.96%. Comparing base (a70f1f3) to head (9cfb002).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #36757   +/-   ##
=========================================
  Coverage     56.96%   56.96%           
  Complexity     3456     3456           
=========================================
  Files          1223     1223           
  Lines        187539   187539           
  Branches       3586     3586           
=========================================
  Hits         106837   106837           
  Misses        77312    77312           
  Partials       3390     3390           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Abacn]

What caused this? We should fix the underlying cause that docker image not gets built. be able to build container successfully at once. This kind of fallback logic is generally not preferred

[aIbrahiim]

The reason I added this try catch block was to address a specific error we were seeing in the logs:
The Docker build task (:sdks:python:container:py39:docker) was completing successfully, but when the subsequent docker inspect` command ran, the image wasn't found in the local Docker daemon. This happens because when using docker buildx with the docker container driver, the image is built into buildx's cache but isn't automatically loaded into the Docker daemons image store.

The fallback logic try to load the image from buildx cache using docker buildx build --output type=docker` which forces the image into the local Docker daemon. If that fails, it tries to pull from the registry .

[Abacn]

Other Dataflow XVR tests also push containers in order to run tests: https://github.com/apache/beam/blob/master/.github/workflows/beam_PostCommit_XVR_PythonUsingJava_Dataflow.yml

but what's the reason only this one requires environment setup in github action yaml file? In general we wish to keep GHA yaml minimum, and aims to make gradle target self contained so developers can test the target locally, or in different environment, not necessarily rely on GitHub Action runner to run.

[aIbrahiim]

The reason this workflow needs the explicit CLOUDSDK_CONFIG setup is because we were hitting specific permission errors that weren't occurring in the PythonUsingJava workflow. The original KUBELET_GCLOUD_CONFIG_PATH points to a read only directory in the Kubernetes pod, causing gcloud to crash when trying to write its config files.
error from logs:
WARNING: Could not setup log file in /var/lib/kubelet/pods/.../volumes/kubernetes.io~empty-dir/gcloud/logs, (Error: Could not create directory [...] Permission denied.
ERROR: gcloud crashed (OperationalError): unable to open database file
denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/apache-beam-testing/locations/us/repositories/us.gcr.io"

[damccorm]

Thanks!