Skip to content

Commit bf5c619

Browse files
BlaineEXEBlaineEXE
committed
cloudbuild: limit image release tags to semver only
When doing cloudbuilds for tagged releases, limit images to only a single tag that represents the semver tag. The registry.k8s.io tooling uses scripts to coordinate which images and tags are promoted from staging to release. The script don't handle image digests with multiple tags, and COSI can assume less release breakage by not relying on more advanced handling. When the cloudbuild script detects a release is happening, it will now apply only the semver tag to the image. Signed-off-by: Blaine Gardner <[email protected]>
1 parent a70bf11 commit bf5c619

File tree

1 file changed

+17
-7
lines changed

1 file changed

+17
-7
lines changed

hack/cloudbuild.sh

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -48,32 +48,42 @@ fi
4848
if [[ "${PULL_BASE_REF}" == controller/* ]]; then
4949
echo " ! ! ! this is a tagged controller release ! ! !"
5050
TAG="${PULL_BASE_REF#controller/*}"
51-
ADDITIONAL_CONTROLLER_TAGS+=("${CONTROLLER_IMAGE}:${TAG}")
51+
# when tagging a release image, do not apply any other tags other than the release tag
52+
# the registry.k8s.io scripting does not handle images with multiple tags
53+
ADDITIONAL_CONTROLLER_TAGS=()
54+
CONTROLLER_TAG="${CONTROLLER_IMAGE}:${TAG}"
5255
fi
5356

5457
# PULL_BASE_REF is 'sidecar/TAG' for a tagged sidecar release
5558
if [[ "${PULL_BASE_REF}" == sidecar/* ]]; then
5659
echo " ! ! ! this is a tagged sidecar release ! ! !"
5760
TAG="${PULL_BASE_REF#sidecar/*}"
58-
ADDITIONAL_SIDECAR_TAGS+=("${SIDECAR_IMAGE}:${TAG}")
61+
# when tagging a release image, do not apply any other tags other than the release tag
62+
# the registry.k8s.io scripting does not handle images with multiple tags
63+
ADDITIONAL_SIDECAR_TAGS=()
64+
SIDECAR_TAG="${SIDECAR_IMAGE}:${TAG}"
5965
fi
6066

6167
# PULL_BASE_REF is 'v0.y.z*' for tagged alpha releases where controller and sidecar are released simultaneously
6268
# hand wave over complex matching logic by just looking for 'v0.' prefix
6369
if [[ "${PULL_BASE_REF}" == 'v0.'* ]]; then
6470
echo " ! ! ! this is a tagged controller + sidecar release ! ! !"
6571
TAG="${PULL_BASE_REF}"
66-
ADDITIONAL_CONTROLLER_TAGS+=("${CONTROLLER_IMAGE}:${TAG}")
67-
ADDITIONAL_SIDECAR_TAGS+=("${SIDECAR_IMAGE}:${TAG}")
72+
# when tagging a release image, do not apply any other tags other than the release tag
73+
# the registry.k8s.io scripting does not handle images with multiple tags
74+
ADDITIONAL_CONTROLLER_TAGS=()
75+
ADDITIONAL_SIDECAR_TAGS=()
76+
CONTROLLER_TAG="${CONTROLLER_IMAGE}:${TAG}"
77+
SIDECAR_TAG="${SIDECAR_IMAGE}:${TAG}"
6878
fi
6979

7080
# else, PULL_BASE_REF is something that doesn't release image(s) to staging, like:
7181
# - a random branch name (e.g., feature-xyz)
7282
# - a version tag for a subdir with no image associated (e.g., client/v0.2.0, proto/v0.2.0)
7383

74-
# 'gcloud container images add-tag' within the cloudbuild infrastructure doesn't preserve the date
75-
# of the underlying image when adding a new tag, resulting in tags dated Dec 31, 1969 (the epoch).
76-
# To ensure the right date on all built image tags, do the build with '--tag' args for all tags.
84+
# This script's tagging should be less error-prone if 'docker buildx' has all the tags that an image
85+
# will be tagged with during the build process. All tags are applied at once without need to
86+
# maintain tooling for adding tags to manifests after build.
7787

7888
BUILD_ARGS="${ADDITIONAL_BUILD_ARGS}"
7989
for tag in "${ADDITIONAL_CONTROLLER_TAGS[@]}"; do

0 commit comments

Comments
 (0)