2047074 - image_builder: allow specifying architecture to override the default

Status: RESOLVED FIXED

(Release Engineering :: General, task)

Description

[Julien Cristau [:jcristau]]

Images produced by image_builder have architecture set to the native arch in their metadata, which is usually fine except for image_builder_arm64, which is built on amd64 but should have arch set to arm64.

Comment 1

[Julien Cristau [:jcristau]]

I'm going to extend the scope of this bug to also update the image to current versions of its dependencies.

Comment 2

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - explicitly set architecture to arm64 for image_builder_arm64. r?#releng

Because image_builder_arm64 is cross-built by the amd64 image_builder, it
ended up with its architecture metadata wrongly set to amd64.

There is no kaniko or skopeo flag to override only the resulting image
metadata: kaniko's --custom-platform also switches the platform used to
pull base images and run the build steps, which breaks the cross-build on
the amd64 worker. Instead, set a TARGET_ARCH environment variable for
image_builder_arm64 and have build-image rewrite the architecture field in
the image config after kaniko builds it, before repacking with skopeo.

Comment 3

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - update image_builder Go base image to 1.26. r?#releng

Comment 4

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - update kaniko to v1.25.15 and follow repo move to chainguard-forks. r?#releng

Comment 5

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - update skopeo to v1.23.0 and follow repo move to podman-container-tools. r?#releng

The containers/image module moved to go.podman.io/image/v5 and dropped the
build-time signature policy path override, so point skopeo at the bundled
policy.json via the CONTAINERS_POLICY_JSON environment variable instead.

The devicemapper graphdriver was removed upstream, so drop the now-unused
exclude_graphdriver_devicemapper build tag.

Comment 6

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - update image_builder Rust toolchain to 1.96.0 and refresh build-image dependencies. r?#releng

The newer toolchain supports the v4 Cargo.lock format that cargo update now
writes. It also renamed cargo's unstable --out-dir flag to --artifact-dir, so
update the build invocation to match.

Comment 7

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - update image_builder build-image base to Debian 13. r?#releng

Comment 8

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - fix build-image test_user_config to use the CHOWN_OUTPUT env var. r?#releng

The chown_output config field is read by envy from CHOWN_OUTPUT, but the test
set USER, so the field was never populated. The test has failed since it was
added; it isn't run in CI, so the failure went unnoticed.

Comment 9

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - run build-image unit tests during the image build. r?#releng

The build-image crate's unit tests are not run anywhere in CI. Run them as part
of building the image_builder image so changes under
taskcluster/docker/image_builder are covered. The tests only run for a native
build (target arch == build host arch); when cross-compiling the test binaries
can't be executed on the build host.

Comment 10

[Julien Cristau [:jcristau]]

Attachment: Bug 2047074 - bump image_builder version to 6.2.0. r?#releng

Comment 11

[Pulsebot]

Pushed by jcristau@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/5d6bb951f59e
https://hg.mozilla.org/integration/autoland/rev/3d3e63165dde
explicitly set architecture to arm64 for image_builder_arm64. r=releng-reviewers,taskgraph-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/c1783981c442
https://hg.mozilla.org/integration/autoland/rev/c3b2ae069335
update image_builder Go base image to 1.26. r=releng-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/11d45e3394b9
https://hg.mozilla.org/integration/autoland/rev/cdd7b1b911d5
update kaniko to v1.25.15 and follow repo move to chainguard-forks. r=releng-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/67f36ee7a66c
https://hg.mozilla.org/integration/autoland/rev/b2d1dc888310
update skopeo to v1.23.0 and follow repo move to podman-container-tools. r=releng-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/f9c0035b8c82
https://hg.mozilla.org/integration/autoland/rev/cd63524a2f1f
update image_builder Rust toolchain to 1.96.0 and refresh build-image dependencies. r=releng-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/420062f13895
https://hg.mozilla.org/integration/autoland/rev/358a95693409
update image_builder build-image base to Debian 13. r=releng-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/09c10043bf64
https://hg.mozilla.org/integration/autoland/rev/fd15d127f6c5
fix build-image test_user_config to use the CHOWN_OUTPUT env var. r=releng-reviewers,bhearsum
https://github.com/mozilla-firefox/firefox/commit/90208c037147
https://hg.mozilla.org/integration/autoland/rev/726d95502ba3
run build-image unit tests during the image build. r=releng-reviewers,ahal
https://github.com/mozilla-firefox/firefox/commit/89e67a0c941e
https://hg.mozilla.org/integration/autoland/rev/2ff4e042c34a
bump image_builder version to 6.2.0. r=releng-reviewers,ahal,bhearsum

Comment 12

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/3d3e63165dde
https://hg.mozilla.org/mozilla-central/rev/c3b2ae069335
https://hg.mozilla.org/mozilla-central/rev/cdd7b1b911d5
https://hg.mozilla.org/mozilla-central/rev/b2d1dc888310
https://hg.mozilla.org/mozilla-central/rev/cd63524a2f1f
https://hg.mozilla.org/mozilla-central/rev/358a95693409
https://hg.mozilla.org/mozilla-central/rev/fd15d127f6c5
https://hg.mozilla.org/mozilla-central/rev/726d95502ba3
https://hg.mozilla.org/mozilla-central/rev/2ff4e042c34a