Fixes after merging remote branch

MaciejKaras · MaciejKaras · commit 5bfacf66a084 · 2025-08-08T09:37:00.000+02:00
diff --git a/scripts/release/atomic_pipeline.py b/scripts/release/atomic_pipeline.py
@@ -1,8 +1,7 @@
 #!/usr/bin/env python3
 
-"""This pipeline script knows about the details of our Docker images
-and where to fetch and calculate parameters. It uses Sonar.py
-to produce the final images."""
+"""This atomic_pipeline script knows about the details of our Docker images
+and where to fetch and calculate parameters."""
 import json
 import os
 import shutil
@@ -22,7 +21,8 @@
     verify_signature,
 )
 from scripts.release.build.image_build_configuration import ImageBuildConfiguration
-from .build_images import process_image
+from scripts.release.build.image_build_process import build_image
+
 from .optimized_operator_build import build_operator_image_fast
 
 TRACER = trace.get_tracer("evergreen-agent")
@@ -36,10 +36,6 @@ def get_tools_distro(tools_version: str) -> Dict[str, str]:
     return default_distro
 
 
-def is_running_in_evg_pipeline():
-    return os.getenv("RUNNING_IN_EVG", "") == "true"
-
-
 def load_release_file() -> Dict:
     with open("release.json") as release:
         return json.load(release)
@@ -59,27 +55,37 @@ def pipeline_process_image(
     if dockerfile_args:
         span.set_attribute("mck.build_args", str(dockerfile_args))
 
-    logger.info(f"Dockerfile args: {dockerfile_args}, for image: {image_name}")
-
     if not dockerfile_args:
         dockerfile_args = {}
-    logger.debug(f"Build args: {dockerfile_args}")
-    process_image(
+    logger.info(f"Dockerfile args: {dockerfile_args}, for image: {image_name}")
+
+    build_image(
         image_tag=build_configuration.version,
         dockerfile_path=dockerfile_path,
         dockerfile_args=dockerfile_args,
         registry=build_configuration.registry,
         platforms=build_configuration.platforms,
-        sign=build_configuration.sign,
         build_path=build_path,
     )
 
+    if build_configuration.sign:
+        pipeline_sign_image(
+            registry=build_configuration.registry,
+            version=build_configuration.version,
+        )
+
+
+@TRACER.start_as_current_span("sign_image_in_repositories")
+def pipeline_sign_image(registry: str, version: str):
+    logger.info("Signing image")
+    sign_image(registry, version)
+    verify_signature(registry, version)
+
 
 def build_tests_image(build_configuration: ImageBuildConfiguration):
     """
     Builds image used to run tests.
     """
-    image_name = "mongodb-kubernetes-tests"
 
     # helm directory needs to be copied over to the tests docker context.
     helm_src = "helm_chart"
@@ -170,20 +176,6 @@ def build_database_image(build_configuration: ImageBuildConfiguration):
     )
 
 
-@TRACER.start_as_current_span("sign_image_in_repositories")
-def sign_image_in_repositories(args: Dict[str, str], arch: str = None):
-    span = trace.get_current_span()
-    repository = args["quay_registry"] + args["ubi_suffix"]
-    tag = args["release_version"]
-    if arch:
-        tag = f"{tag}-{arch}"
-
-    span.set_attribute("mck.tag", tag)
-
-    sign_image(repository, tag)
-    verify_signature(repository, tag)
-
-
 def find_om_in_releases(om_version: str, releases: Dict[str, str]) -> Optional[str]:
     """
     There are a few alternatives out there that allow for json-path or xpath-type
@@ -257,43 +249,12 @@ def build_om_image(build_configuration: ImageBuildConfiguration):
     )
 
 
-def build_image_generic(
-    dockerfile_path: str,
-    build_configuration: ImageBuildConfiguration,
-    extra_args: dict | None = None,
-):
-    """
-    Build one or more platform-specific images, then (optionally)
-    push a manifest and sign the result.
-    """
-
-    registry = build_configuration.registry
-    image_name = build_configuration.image_name()
-    args_list = extra_args or {}
-    version = args_list.get("version", "")
-
-    # merge in the registry without mutating caller’s dict
-    build_args = {**args_list, "quay_registry": registry}
-    logger.debug(f"Build args: {build_args}")
-
-    logger.debug(f"Building {image_name} for platforms={build_configuration.platforms}")
-    logger.debug(f"build image generic - registry={registry}")
-    pipeline_process_image(
-        dockerfile_path=dockerfile_path,
-        build_configuration=build_configuration,
-        dockerfile_args=build_args,
-    )
-
-    if build_configuration.sign:
-        sign_image(registry, version)
-        verify_signature(registry, version)
-
-
 def build_init_appdb(build_configuration: ImageBuildConfiguration):
     release = load_release_file()
     base_url = "https://fastdl.mongodb.org/tools/db/"
     mongodb_tools_url_ubi = "{}{}".format(base_url, release["mongodbToolsBundle"]["ubi"])
     args = {"version": build_configuration.version, "mongodb_tools_url_ubi": mongodb_tools_url_ubi}
+
     pipeline_process_image(
         dockerfile_path="docker/mongodb-kubernetes-init-appdb/Dockerfile",
         build_configuration=build_configuration,
@@ -326,10 +287,10 @@ def build_readiness_probe_image(build_configuration: ImageBuildConfiguration):
         "GOLANG_VERSION": golang_version,
     }
 
-    build_image_generic(
+    pipeline_process_image(
         dockerfile_path="docker/mongodb-kubernetes-readinessprobe/Dockerfile",
         build_configuration=build_configuration,
-        extra_args=extra_args,
+        dockerfile_args=extra_args,
     )
 
 
@@ -345,10 +306,10 @@ def build_upgrade_hook_image(build_configuration: ImageBuildConfiguration):
         "GOLANG_VERSION": golang_version,
     }
 
-    build_image_generic(
+    pipeline_process_image(
         dockerfile_path="docker/mongodb-kubernetes-upgrade-hook/Dockerfile",
         build_configuration=build_configuration,
-        extra_args=extra_args,
+        dockerfile_args=extra_args,
     )
 
 
@@ -373,13 +334,13 @@ def build_agent_pipeline(
         "init_database_image": init_database_image,
         "mongodb_tools_url_ubi": mongodb_tools_url_ubi,
         "mongodb_agent_url_ubi": mongodb_agent_url_ubi,
-        "quay_registry": build_configuration.registry,
+        "quay_registry": build_configuration_copy.registry,
     }
 
-    build_image_generic(
+    pipeline_process_image(
         dockerfile_path="docker/mongodb-agent/Dockerfile",
         build_configuration=build_configuration_copy,
-        extra_args=args,
+        dockerfile_args=args,
     )
 
 
diff --git a/scripts/release/build/image_build_process.py b/scripts/release/build/image_build_process.py
@@ -9,7 +9,6 @@
 
 import docker
 from lib.base_logger import logger
-from scripts.evergreen.release.images_signing import sign_image, verify_signature
 
 
 def ecr_login_boto3(region: str, account_id: str):
@@ -47,16 +46,16 @@ def ensure_buildx_builder(builder_name: str = "multiarch") -> str:
     :return: The builder name that was created or reused
     """
 
-    docker = python_on_whales.docker
+    docker_cmd = python_on_whales.docker
 
-    existing_builders = docker.buildx.list()
+    existing_builders = docker_cmd.buildx.list()
     if any(b.name == builder_name for b in existing_builders):
         logger.info(f"Builder '{builder_name}' already exists – reusing it.")
-        docker.buildx.use(builder_name)
+        docker_cmd.buildx.use(builder_name)
         return builder_name
 
     try:
-        docker.buildx.create(
+        docker_cmd.buildx.create(
             name=builder_name,
             driver="docker-container",
             use=True,
@@ -70,8 +69,8 @@ def ensure_buildx_builder(builder_name: str = "multiarch") -> str:
     return builder_name
 
 
-def build_image(
-    tag: str, dockerfile: str, path: str, args: Dict[str, str] = {}, push: bool = True, platforms: list[str] = None
+def docker_build_image(
+    tag: str, dockerfile: str, path: str, args: Dict[str, str], push: bool, platforms: list[str]
 ):
     """
     Build a Docker image using python_on_whales and Docker Buildx for multi-architecture support.
@@ -83,15 +82,11 @@ def build_image(
     :param push: Whether to push the image after building
     :param platforms: List of target platforms (e.g., ["linux/amd64", "linux/arm64"])
     """
-    docker = python_on_whales.docker
+    docker_cmd = python_on_whales.docker
 
     try:
         # Convert build args to the format expected by python_on_whales
-        build_args = {k: str(v) for k, v in args.items()} if args else {}
-
-        # Set default platforms if not specified
-        if platforms is None:
-            platforms = ["linux/amd64"]
+        build_args = {k: str(v) for k, v in args.items()}
 
         logger.info(f"Building image: {tag}")
         logger.info(f"Platforms: {platforms}")
@@ -107,9 +102,10 @@ def build_image(
         builder_name = ensure_buildx_builder("multiarch")
 
         # Build the image using buildx
-        docker.buildx.build(
+        docker_cmd.buildx.build(
             context_path=path,
             file=dockerfile,
+            # TODO: add tag for release builds (OLM immutable tag)
             tags=[tag],
             platforms=platforms,
             builder=builder_name,
@@ -126,32 +122,25 @@ def build_image(
         raise RuntimeError(f"Failed to build image {tag}: {str(e)}")
 
 
-def process_image(
+def build_image(
     image_tag: str,
     dockerfile_path: str,
     dockerfile_args: Dict[str, str],
     registry: str,
-    platforms: list[str] = None,
-    sign: bool = False,
-    build_path: str = ".",
-    push: bool = True,
+    platforms: list[str],
+    build_path: str,
 ):
     # Login to ECR
     ecr_login_boto3(region="us-east-1", account_id="268558157000")
 
     image_full_uri = f"{registry}:{image_tag}"
 
     # Build image with docker buildx
-    build_image(
+    docker_build_image(
         tag=image_full_uri,
         dockerfile=dockerfile_path,
         path=build_path,
         args=dockerfile_args,
-        push=push,
+        push=True,
         platforms=platforms,
     )
-
-    if sign:
-        logger.info("Signing image")
-        sign_image(docker_registry, image_tag)
-        verify_signature(docker_registry, image_tag)
diff --git a/scripts/release/pipeline_main.py b/scripts/release/pipeline_main.py
@@ -30,13 +30,13 @@
     build_upgrade_hook_image,
 )
 from scripts.release.build.build_info import load_build_info
+from scripts.release.build.build_scenario import (
+    BuildScenario,
+)
 from scripts.release.build.image_build_configuration import (
     SUPPORTED_PLATFORMS,
     ImageBuildConfiguration,
 )
-from scripts.release.build.build_scenario import (
-    BuildScenario,
-)
 
 """
 The goal of main.py, image_build_configuration.py and build_context.py is to provide a single source of truth for the build
