Launchpad itself

OCI recipes don't allow programmatic ARG values

Bug #1902010 reported by Barry Price on 2020-10-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	New	Undecided	Unassigned

Bug Description

Ideally we'd like to be able to do something like this:

BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')

There may of course be security reasons why we don't want to parse free-form shell code, but some other mechanism of passing through at least a build date/time, ideally with a configurable format, would at least unblock adding e.g. org.opencontainers.image.created or org.label-schema.build-date fields to built images.

Revision history for this message

Colin Watson (cjwatson) wrote on 2020-10-29:

I'm indeed not at all keen on passing through free-form shell code, and would like to see an analysis of why this sort of thing has to be done via ARG values at all rather than being computed by the Dockerfile.

Changed in launchpad:
status:	New → Incomplete

Revision history for this message

Stuart Bishop (stub) wrote on 2020-10-29:

Dockerfile syntax does not support this. The highest level construct available is limited variable expansion (using environment variables and ARGs passed in), and there is no way to access dynamic data such as the system date or the git revision. You can run arbitrary commands in the container (eg. run the 'date' command), but there is no way for the Dockerfile to make use of the result.

It would be possible for Launchpad to stick the most popular information in environment variables, which the Dockerfile can access. However, there would be no way to transform the data and you would be stick with the date format or 'git describe' choices made by Launchpad.

Allowing a Makefile to be specified instead of a Dockerfile might be a solution.

Processing the Dockerfile using Jinja2 or similar templating engine might be a solution.

Changed in launchpad:
status:	Incomplete → New

Revision history for this message

Thiago F. Pappacena (pappacena) wrote on 2020-10-29:

I can understand why receiving external information at docker image's build time could be useful, but I agree that free-form shell code might be too broad.

Maybe using ARG to format a pre-defined set of information could a middle ground here. I'm thinking something like this, defined at ARG UI field:
MY_VAR1=xxx
BUILD_TIME={lp_now:%Y-%m-%d %H:%m:%S}
REVISION={lp_repository_revision}

Then, at buildd, we can format the ARG values using our set of pre-defined programmatic values and formatters (https://www.python.org/dev/peps/pep-3101/).

But of course, we would need to have a list of which variables could be useful, if we go in this direction.

Revision history for this message

Barry Price (barryprice) wrote on 2020-10-30:

I think the pre-defined approach makes sense, for starters I guess we'd want to be able to easily fill in the annotation keys in the OCI spec:

https://github.com/opencontainers/image-spec/blob/master/annotations.md

Just a timestamp for org.opencontainers.image.created would unblock my particular need, but it might also be worth adding tooling to be able to use e.g. a formatted 'git describe' of the branch, or the latest commit ID, along with perhaps bzr equivalents.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.