Florian Weimer wrote: > * Ralph Bean: > > I think you're interpreting the situation correctly. Upstream, we > > documented a decision to build those artifacts from source in > > https://konflux-ci.dev/architecture/ADR/0046-common-task-runner-image.html, > > discussed > > https://github.com/konflux-ci/architecture/pull/217. Downstream in RH, > > we're tracking the related work to actually do it in > > https://issues.redhat.com/browse/KONFLUX-5564 (the JIRA project isn't > > open atm, but we intend to make it so; that's underway). It isn't > > explicitly called out that we'll build against Fedora binaries or on > > Fedora infrastructure there; with the current plan we'll be building > > it in Konflux on Red Hat infrastructure, some things against ubi and > > and some against fedora. > Thank you for sharing this background. It's not really explicit in the > description of ADR 46 as far as I can see, but I assume another goal of > this change is to reduce the amount of mystery binaries as well, and > mirroring external dependencies into stable storage first?
Yeah, that's the way I see it too. I read that intent in the ADR in the decision line "Build and release via Konflux, hermetically if possible" which to me implies "build from source". > > With that plan, you'd end up with a task runner image that is an > > upstream Konflux binary. A straightforward rebuild of that upstream > > task runner image on the Fedora cluster, so that you have your own > > binary, is possible. (Same goes for all other Konflux images.) > Doesn't reference-by-hash make it rather hard to swap out images because > the rebuild necessarily changes the hash? Or are these references just > URIs and Konflux computes are resource locator from that? (Like the > "http://www.w3.org/TR/html4/strict.dtd"; in DOCTYPE declaration in > historic HTML documents.) > This has implications for sharing sources with downstream distributions. Imagine upstream konflux builds binaries of all its task runner images and it builds tekton bundles (OCI artifacts) of all of our tasks. A pipeline run refers to the bundles, which instruct the cluster which task runner image to use. If Fedora rebuilt only the task runner images, then yes it would be hard or impossible to employ them if you were still using the upstream Konflux tekton task bundles. Rebuilding the task runner images means that you also have to rebuild the tekton task bundles to refer to them - and finally, the Fedora flavor of the rpm build pipeline will need to refer to those task bundles. I'd use the same git-submodule pattern for this. -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
