search

GoogleContainerTools / jib

🏗 Build container images for your Java applications.
Apache License 2.0
13.67k stars 1.44k forks source link

Set creationTime/lastModificationTime only for last layer #4108

Closed Tristan-WorkGH closed 1 year ago

Tristan-WorkGH commented 1 year ago

Environment:

Description of the issue: I understand that Jib create different layers as a mean to reduce images size by reusing common parts (in the case of my Spring-Boot app: base image, dependencies, resources, then application).
When I look on Docker Hub and when I do an docker images, I can see my image being created "53 years ago". I understand from the FAQ that its for reproducibility, and there is <creationTime/> and <filesModificationTime/> options if I want to change that.
But this seems to change files timestamp in the image for all layers.

Would it be possible to change timestamp only for the latest layer to be able to keep dependencies layer common between images while having the container time "correct".
That way I can keep my image up-to-date with the last/actual commit time using a plugin like git-commit-id-maven-plugin.

Expected behavior: To have an option to set <filesModificationTime/> only on last layer.

jib-maven-plugin Configuration: 

<plugin>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <configuration>
        <dateFormat>yyyy-MM-dd'T'HH:mm:ss'Z'</dateFormat>
        <dateFormatTimeZone>UTC</dateFormatTimeZone>
    </configuration>
</plugin>
<plugin>
    <groupId>com.google.cloud.tools</groupId>
    <artifactId>jib-maven-plugin</artifactId>
    <configuration>
        <container>
            <filesModificationTime>${git.commit.time}</filesModificationTime>
        </container>
    </configuration>
</plugin>

EDIT:
I may have not understand how docker images works. From this comment in issue moby/moby#42417, I understand that there is a field Created that is keep in some metadata of the image.
Can Jib offer a way to set this field ?

chanseokoh commented 1 year ago

You can consider using a community-contributed Jib extension: https://github.com/GoogleContainerTools/jib/issues/4071#issuecomment-1627866210

BTW, <creationTime> sets only the image time but doesn't set file timestamps in layers, so if you just want to see the real image creation time (the Created field you are talking about), there's no need to set <filesModificationTime>. Setting <filesModificationTime> nullifies all the benefits that come from reproducibility, so I strongly discourage setting it to build time. At least setting it to a commit timestamp is better than setting it to build time, but still, if there's no strong reason, I suggest not setting <filesModificationTime>.

mpeddada1 commented 1 year ago

Thanks for the question! As @chanseokoh mentioned, there is a third-party Jib extension available for setting file timestamps . Closing.