search

konflux-ci / build-definitions

Apache License 2.0
23 stars 134 forks source link

Task "source-build" fails - ERROR:failed to build source image #1413

Open cmoulliard opened 2 months ago

cmoulliard commented 2 months ago

Issue

The task "source-build" fails using our PipelineRun - https://github.com/redhat-buildpacks/builder-ubi-base/blob/main/.tekton/pipelinerun-builder-ubi-base.yaml#L438-L457 and reports such an error:

step-get-base-images
BASE_IMAGES param received:
sha256:cf6762b050e84d6c5cf31542f339edf312d9cb10a85bea92c27b1a86bb437d2d

step-build
2024-09-13 10:08:33,969:source-build:DEBUG:workspace directory /var/source-build
2024-09-13 10:08:33,969:source-build:DEBUG:working directory /var/source-build/source-build
2024-09-13 10:08:33,975:build-source.source-archive:DEBUG:Stashing any changes to working repo ['git', 'stash']
No local changes to save
2024-09-13 10:08:34,007:build-source.source-archive:DEBUG:Collecting timestamp of the commit at HEAD ['git', 'show', '-s', '--format=%cI']
2024-09-13 10:08:34,010:build-source.source-archive:DEBUG:Generate source repo file list ['git', 'ls-files', '--recurse-submodules', '-z']
2024-09-13 10:08:34,013:build-source.source-archive:DEBUG:Generate source archive ['tar', 'caf', '/var/source-build/source-build/source_archive/builder-ubi-base-c44a5c1d37588e85733dc49878b5ff9e8a2c1dd5.tar.gz', '--mtime', '2024-09-13T12:03:44+02:00', '--transform', 's,^,builder-ubi-base-c44a5c1d37588e85733dc49878b5ff9e8a2c1dd5/,', '--null', '-T-']
2024-09-13 10:08:34,541:build-source.source-archive:DEBUG:Popping any stashed changes to working repo ['git', 'stash', 'pop']
No stash entries found.
2024-09-13 10:08:34,543:build-source.source-archive:INFO:add source archive directory to sources for bsi: /var/source-build/source-build/source_archive
2024-09-13 10:08:34,543:source-build:INFO:Image sha256:cf6762b050e84d6c5cf31542f339edf312d9cb10a85bea92c27b1a86bb437d2d does not come from supported allowed registry.
2024-09-13 10:08:34,791:source-build:ERROR:failed to build source image
Traceback (most recent call last):
  File "/opt/source_build/source_build.py", line 1070, in main
    build_result = build(build_args)
                   ^^^^^^^^^^^^^^^^^
  File "/opt/source_build/source_build.py", line 1036, in build
    source_image = resolve_source_image(base_image, args.registry_allowlist)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/source_build/source_build.py", line 465, in resolve_source_image
    return resolve_source_image_by_manifest(binary_image)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/source_build/source_build.py", line 444, in resolve_source_image_by_manifest
    source_image = generate_konflux_source_image(image)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/source_build/source_build.py", line 400, in generate_konflux_source_image
    digest = fetch_image_manifest_digest(cleaned_image)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/source_build/source_build.py", line 192, in fetch_image_manifest_digest
    return run(cmd, check=True, text=True, capture_output=True).stdout.strip()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['skopeo', 'inspect', '--format', '{{.Digest}}', '--no-tags', '--retry-times', '5', 'docker://sha256:cf6762b050e84d6c5cf31542f339edf312d9cb10a85bea92c27b1a86bb437d2d']' returned non-zero exit status 1.
2024-09-13 10:08:34,792:source-build:INFO:build result {"status": "failure", "message": "Command '['skopeo', 'inspect', '--format', '{{.Digest}}', '--no-tags', '--retry-times', '5', 'docker://sha256:cf6762b050e84d6c5cf31542f339edf312d9cb10a85bea92c27b1a86bb437d2d']' returned non-zero exit status 1."}
2024-09-13 10:08:34,792:source-build:INFO:write build result into file /tekton/results/BUILD_RESULT
chmeliik commented 1 month ago

It appears that you passed sha256:cf6762b050e84d6c5cf31542f339edf312d9cb10a85bea92c27b1a86bb437d2d as the BASE_IMAGES param. The task failed to resolve this to an image, because it's not an image reference, it's just a digest

cmoulliard commented 1 month ago

It appears that you passed sha256:cf6762b050e84d6c5cf31542f339edf312d9cb10a85bea92c27b1a86bb437d2d as the BASE_IMAGES param. The task failed to resolve this to an image, because it's not an image reference, it's just a digest

The script should then report a more user friendly message by the way ;-)

What is supposed to be done by the source-build task ? I'm asking this question as currently when we build paketo buildpack images the source will consist mainly of config files like this https://github.com/redhat-buildpacks/builder-ubi-base/blob/main/builder.toml or go projects (= a buildpack) as this one as example: https://github.com/paketo-buildpacks/quarkus

chmeliik commented 1 month ago

What is supposed to be done by the source-build task ?

At a high-level: provide source code for all the software in the image. That's SRPMs for all the RPMs, source archives for all "upstream" dependencies (Go modules, python packages, ...), the source repo for the build etc.

chmeliik commented 1 month ago

The BASE_IMAGES param is used to figure out the parent image for the build. IIRC the source build task merges the source container of the parent image into the build of the current source container (because all the software in the parent image is usually also present in the child image)

The param is optional, if the base image is reported in the SBOM (and marked as a base image), the task will take it from the SBOM instead