Open mattmoor opened 1 year ago
One "fun" thought experiment is whether the smart defaulting should even include the apko.yaml
mtime
. I'm imagining scenarios like tf-apko
where the config is constructed other ways and may not exist as a literal file, or is a composition of multiple files.
In general I feel like the apko.yaml
mtime
is arguably the weakest contribution to our pseudo-SOURCE_DATE_EPOCH
, so wanted to float the possibility of also just excluding it 🤔
Hi @mattmoor, seems like an interesting task and I would love to contribute to it if this is not already under development by someone else.
From my little understanding, we already have surfaced SOURCE_DATE_EPOCH
as the build time with the https://github.com/chainguard-dev/melange/pull/435 and this along with #535 can enable us to implement the smarted default timestamps. However, seems like something broke and ARM builds failed that's why PR linked to #535 had to be reverted.
Trying to investigate what could have happened but if you have some suggestions that I can begin with, would love to have a kick start! Thanks!
We're pretty close. In fact, this piece should be done, but I want to validate it e2e and we need some changes to Wolfi to set builddate
in our packages. Alpine should work now though.
This: https://github.com/chainguard-images/images/issues/535
Once that's done we should whack: https://github.com/chainguard-images/actions/blob/cfc56ba1a26d410474fe453d9c9a865fdd422fa7/apko-snapshot/action.yaml#L228 🤞
Thanks @mattmoor! That seems like we are already very close to closing it, loved the discussion!
Today
apko
supports settingSOURCE_DATE_EPOCH
to set the timestamp on images, but for Chainguard images we generally use the build timestamp because theapko.yaml
config files rarely change, but since packages float forward the typicalgit log -1 --pretty=%ct
is a poor approximation of the image's actual age.I think a more appropriate "smart" default for the image age is something like the
MAX()
of:apko.yaml
last-modified-time, andThis builds on https://github.com/chainguard-images/images/issues/535 and https://github.com/chainguard-dev/melange/issues/421 so that our image timestamps will only roll forward if one of the above change.
cc @kaniini @deitch @imjasonh