Closed nigelgbanks closed 3 months ago
nigelgbanks
commented
3 months ago Both versions have the same release of alpine.
/ $ cat /etc/alpine-release
3.19.1So it has more to do with when it was built then the cache actually being poisoned. The shame is that the Alpine package repository is changing without a change in it's version number...
joecorall
commented
3 months ago Is it because we don't have base pinned to a specific tag? https://github.com/Islandora-Devops/isle-buildkit/blob/main/base/Dockerfile#L2
nigelgbanks
commented
3 months ago It's pined here: https://github.com/Islandora-Devops/isle-buildkit/blob/main/docker-bake.hcl#L301
It's because the alpine repository isn't idempotent for a given release, like 3.19.1 (which I didn't realize before). They reserve the right to update packages like postgresql without changing the alpine repository version number. For example, to add security patches and whatnot. I'm not sure if we can prevent this sort of thing from happening. We could pin every alpine package like postgresql, and then the build would break when alpine updates a package, like so:
/ # apk add postgresql=16.2
ERROR: unable to select packages:
postgresql16-16.3-r0:
breaks: world[postgresql=16.2]But at that point we're just making work for ourselves for little gain. The only upside is that for a specific commit, of isle-buildkit we guarantee it produces the 100% the same image or fails to build. Though if we leave things as is, it should always build, but there might be minor version changes between alpine packages when built.
While I strived to make isle-buildkit close to idempotent as possible, it's a losing battle considering the additional effort. And we may just have to accept it as is.
make clean && make bake && make upCheck 1:
Check 2:
_Originally posted by @g7morris in https://github.com/Islandora-Devops/isle-buildkit/pull/346#discussion_r1700637086_