Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(build): use ~= and >= package constraints #2896

Merged
merged 6 commits into from
Jan 9, 2023
Merged

feat(build): use ~= and >= package constraints #2896

merged 6 commits into from
Jan 9, 2023

Conversation

nitrocode
Copy link
Member

@nitrocode nitrocode commented Dec 29, 2022
edited
Loading

what

  • Pin dependencies using ~= and >=
  • Add schedules for atlantis-base and atlantis-image gha

why

  • Allow builds to install the most recent dependencies
    • alpine's apk supports ~=
    • debian's apt only supports >=
  • Prevent having to bump atlantis-base manually

options considered

package install options

  1. status-quo: continue to hard pin all dependencies using =
    • pros: explicit dependency updates
    • cons: older packages, have to bump multiple when we only want to bump one due to stale packages
  2. Use status-quo and pair it with renovatebot to bump dependencies
  3. Use ~= pins in alpine and use = in debian
    • pros:
      • explicit dependency updates in debian and only patch updates in alpine
      • debian packages are not as stale as alpine so this is probably fine
    • cons: older packages in debian
  4. Use ~= pins in alpine and use >= in debian
    • current pr
    • pros: latest packages
    • cons: could break tests but if tests break, we can pin down a version

atlantis-base options

  1. status-quo: pin to a YYYY-MM-DD tag
    • pros: explicit bumping allows control over the base image
    • cons: have to update atlantis-base dependencies in one pr and use another pr to bump the atlantis image to use the new base
  2. use latest
    • current pr
    • pros: no longer have to bump the atlantis-base tag
    • cons: less control over atlantis-base

checklist

  • I have tested my changes by building the base image and non-base image locally
docker build -t atlantis-base:alpine - < docker-base/Dockerfile.alpine
docker build -t atlantis-base:debian - < docker-base/Dockerfile.debian
docker build --build-arg ATLANTIS_BASE_TAG_TYPE=alpine -t atlantis:alpine .
docker build --build-arg ATLANTIS_BASE_TAG_TYPE=debian -t atlantis:debian .

references

@nitrocode nitrocode requested a review from a team as a code owner December 29, 2022 21:05
@nitrocode nitrocode changed the title Docker build latest schedule Build docker contains uses the latest base image Dec 29, 2022
@nitrocode nitrocode changed the title Build docker contains uses the latest base image Build containers uses the latest base image Dec 29, 2022
@nitrocode nitrocode changed the title Build containers uses the latest base image Build containers using latest base image Dec 29, 2022
@nitrocode nitrocode changed the title Build containers using latest base image feat(build): containers using latest base image Dec 29, 2022
@nitrocode nitrocode mentioned this pull request Dec 29, 2022
Closed
@nitrocode nitrocode added the needs discussion Large change that needs review from community/maintainers label Dec 29, 2022
@nitrocode nitrocode changed the title feat(build): containers using latest base image feat(build): use latest base image and ~= and >= package constraints Dec 29, 2022
@GenPage
Copy link
Member

GenPage commented Jan 4, 2023

I'm not a fan of using the latest tag for atlantis-base. Could we do something in between, like stable so that instead of manual cutting date releases we have a balance between bump fatigue and efficiency?

I just worry about eroding stability by introducing drifts in packages that would make debugging/tracing errors more difficult.

@nitrocode
Copy link
Member Author

If we introduced a new tag, how would stable be different from latest?

Currently latest tag is the latest stable release for both atlantis-base and atlantis images and dev tag is actually the latest tag version.

@nitrocode nitrocode changed the title feat(build): use latest base image and ~= and >= package constraints feat(build): use ~= and >= package constraints Jan 9, 2023
@nitrocode nitrocode removed the needs discussion Large change that needs review from community/maintainers label Jan 9, 2023
@nitrocode nitrocode mentioned this pull request Jan 9, 2023
Closed
chenrui333
chenrui333 reviewed Jan 9, 2023
View reviewed changes
.github/workflows/atlantis-image.yml Outdated
Comment on lines 20 to 23
# workflow_run:
# workflows: ["atlantis-base"]
# types: [completed]
# branches: [main]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I think it is a good idea, it should be put into the base flow and trigger this workflow upon success completion.

@nitrocode nitrocode requested a review from chenrui333 January 9, 2023 15:58
@GenPage
Copy link
Member

GenPage commented Jan 9, 2023

@nitrocode Agreed, there is no different between the two, I guess the point I'm trying to make is re-using tags is not ideal for image caching especially if we want atlantis-base to be more automated. If we release a bad version of atlantis-base, rolling back is also no longer an option.

Might I suggest we switch atlantis-base to semvar and have the version bumping be tied in based on commit tags (feat, fix, chore?) I would be happy to hook this up.

GenPage
GenPage approved these changes Jan 9, 2023
View reviewed changes
Copy link
Member

@GenPage GenPage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dependency pin changes LGTM, workflow discussion is out-of-scope for this PR

@nitrocode
Copy link
Member Author

If we release a bad version of atlantis-base, rolling back is also no longer an option.

This is not exactly true because you can tag images with multiple names. If your current latest is bad, you can always go back to hard pinning to a YYYY-MM-DD tag.

@nitrocode
Copy link
Member Author

Might I suggest we switch atlantis-base to semvar and have the version bumping be tied in based on commit tags (feat, fix, chore?) I would be happy to hook this up.

I think it might be better to merge the base and real images so we do not have to support 2 different images with 2 different workflows.

@nitrocode nitrocode merged commit 5715f3d into main Jan 9, 2023
@nitrocode nitrocode deleted the docker-build-latest-schedule branch January 9, 2023 16:15
@nitrocode nitrocode mentioned this pull request Jan 9, 2023
Merged
1 task
@nitrocode
Copy link
Member Author

@GenPage thanks for the suggestion. Please feel free to propose new changes when you have time.

@nitrocode nitrocode added this to the 0.22.3 milestone Jan 9, 2023
@chenrui333
Copy link
Member

Might I suggest we switch atlantis-base to semvar and have the version bumping be tied in based on commit tags (feat, fix, chore?) I would be happy to hook this up.

using calver is intentional and i think it is better for our case.

@GenPage GenPage mentioned this pull request Jan 18, 2023
Merged
3 tasks
@albertorm95 albertorm95 mentioned this pull request May 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenrui333 chenrui333 chenrui333 approved these changes

@GenPage GenPage GenPage approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.22.3
Development

Successfully merging this pull request may close these issues.
3 participants
@nitrocode @GenPage @chenrui333