Closed Bug 1334401 Opened 3 years ago Closed 3 years ago

Prefer docker images from higher levels

Categories

(Firefox Build System :: Task Configuration, task)

task
Not set

Tracking

(Not tracked)

RESOLVED FIXED
mozilla54

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(1 file)

No description provided.
Comment on attachment 8831058 [details]
Bug 1334401 - Prefer docker images from higher levels.

https://reviewboard.mozilla.org/r/107720/#review109102

Nice fix!

Background:
The hash we index under is the hash of the dockerfile + files copied into the image.
So there is no guarantee that the image indexed for that hash is a result of this dockerfile + files copied,
other than the fact that if it was index under level 3, the creator had 3 credentials.
Hence, we can always trust higher levels, but not lower levels.

Extra benefit of prefering the high level is that:
 A) try user can't poison other try users (if a high commit level image build already exists)
 B) few docker images will have to be cached on the workers, more disk space for caching other things
Attachment #8831058 - Flags: review?(jopsen) → review+
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/761ae4db38f4
Prefer docker images from higher levels. r=jonasfj
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/0fe00456f943
Prefer docker images from higher levels. r=jonasfj
https://hg.mozilla.org/mozilla-central/rev/0fe00456f943
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Product: TaskCluster → Firefox Build System
You need to log in before you can comment on or make changes to this bug.