Closed elthariel closed 3 years ago
Tatskaari
commented
3 years ago I'm not intimately familiar with managing docker registries but would it make more sense to set the timestamp using date to the current time? Do you have any opinions @tobyfielding1? Curious this isn't the default behavior.
peterebden
commented
3 years ago That would make the build non-deterministic though.
Can we / do we make the commit date available (e.g. if you set stamp = True)?
tobyfielding1
commented
3 years ago yep we need to have the same timestamp for deterministic builds so won't be able to make this change. GCP container registry gives you the upload date/time and I imagine all other registries do the same so that's one way. I don't think there is any other way of tracking the 'real' commit dates so I think you'll have to rely on your registry provider. Another option is re-tagging with the timestamp when pushing to a registry.
elthariel
commented
3 years ago @Tatskaari, as mentionned by @peterebden, using an actual timestamp would make the build non-deterministic @peterebden, I think there are multiple ways to handle that and I would prefer to leave that to the user. On our side we're using the commit data:
def git_image_timestamp():
return int(git_show("%ct"))@tobyfielding1 This actually doesn't work with gitlab registries, which are a reasonable common use case. We end up having an image reported as having 51 years, and either makes the gitlab cleanup policy fails altogether or the image to be expired way too soon.
I've spent a few hours trying to investigate the issue on gitlab, but I haven't found anything in buildah/skopeo to handle this issue correctly in our ci, outside of pulling the image and repushing it (which can be fairly long for our large jupyter notebook images)
Tatskaari
commented
3 years ago Ah, we're setting this during the build action, rather when we push! Okay I can see how this is useful. We can considered if we want to make that git_image_timestamp() the default but this looks good to me. Many thanks for the PR. :)
elthariel
commented
3 years ago Many thanks for the merge. I appreciate the quality et pertinence of the comment. Looking forward to my future contributions
tobyfielding1
commented
3 years ago nice one ! Thanks for the contribution
Right now, when building containers, the timestamp is forced to 0, making the gitlab registry think the image is 51 years old, and preventing the garbage collection. It also makes it very hard to find which commit hash tag is the most recent.
This PR adds a timestamp parameter, with a default value of 0, which allow to configure creation time of the image (using the commit date for example)