Introduce new attribute on oci_image for created datetime
#724
Conversation
hanneskaeufler
force-pushed
the
hk-created
branch
from
3233f24
to
2c959e7
Compare
|
@alexeagle @thesayyn ping in case you haven't seen it. If you'll allow the CI to run I'll make sure to pass that :) Thanks for your time! |
|
Oh did not mean that you should rename it, we should use the |
Sorry I don't follow. I feel Let me know if that clears it up :) Thanks! |
the name of the attribute should be identical to config property. so both of them should be |
hanneskaeufler
force-pushed
the
hk-created
branch
from
ec2ae91
to
b3c15b8
Compare
Pushed everything I have now, should pass CI as well :) Thx again! |
hanneskaeufler
changed the title
created datetimeoci_image for created datetime
|
@hanneskaeufler could you rebase? |
Doing a docker inspect --format='{{.Created}}' my/image:latest on an
image built with oci_image previously always returned the static
beginning of the unix timestamp (1. January 1970 00:00:00). To be more
precise, that's what it returns for images that are built "from
scratch". When an image is built on a base, then the created date is set
to the created date of the base image.
Both are fine strategies for reproducible builds, but in stamped builds
that are eventually shipped/deployed, you probably want to set that time
to the actual build time.
To allow setting that, we introduce a separate file label, allowing to
pass in a file containing a stamp variable.
Registers dependencies as per installation instructions.
It's not used and has portability issues
hanneskaeufler
force-pushed
the
hk-created
branch
from
44e50cb
to
8f801a8
Compare
|
@thesayyn sure can, done ✅ |
https://github.com/bazel-contrib/rules_oci/actions/runs/11564798863/job/32190695142 ``` Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? ``` In bazel-contrib#724 it looks like I broke macos CI because that particular step is not run as part of the PR builds. I introduced a genrule which requires access to the docker daemon, while previously it was only used in test rules. Adding the env var to the docker host to the action graph should maybe fix this?
https://github.com/bazel-contrib/rules_oci/actions/runs/11564798863/job/32190695142 ``` Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? ``` In bazel-contrib#724 it looks like I broke macos CI because that particular step is not run as part of the PR builds. I introduced a genrule which requires access to the docker daemon, while previously it was only used in test rules. Adding the env var to the docker host to the action graph should maybe fix this?
Fixes #661 . Alternative to #722.
Why?
Doing a docker inspect --format='{{.Created}}' my/image:latest on an image built with oci_image previously always returned the static beginning of the unix timestamp (1. January 1970 00:00:00). To be more precise, that's what it returns for images that are built "from scratch". When an image is built on a base, then the created date is set to the created date of the base image.
Both are fine strategies for reproducible builds, but in stamped builds that are eventually shipped/deployed, you probably want to set that time to the actual build time.
What?
To allow setting that particular
Createdin the manifest json, we introduce a separate file label, allowing to pass in a file containing a stamp variable.