Revisit image tags in BuildAh sample build strategy #1600
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
BuildAh image tags are based on the BuildAh version (e. g. v1.35.3) and are mutable, meaning the tag that you consume gets rebuilt by the BuildAh team regularly to address vulnerabilities.
Recently, the BuildAh team also added immutable tags which are never rebuilt, but may be removed. https://lists.podman.io/archives/list/podman@lists.podman.io/thread/FP6I3OAHRYXDV5S7NFZHNJBV7AQQZHPD/
Especially the fact that those might get removed is imo meaning that we should not use them in our sample build strategies.
I therefore adjust our update script to filter out those tags to make sure we won't get PRs like https://github.com/shipwright-io/build/pull/1599/files again.
I am also changing the BuildAh step of our build strategies to use imagePullPolicy=Always to ensure the latest available image is always pulled.
Submitter Checklist
See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.
Release Notes