arriving at a stable, functional, and sensical recipe standard #180
Comments
xynydev
added
type: discussion
|
Generally looks good. tags: # replaces the "latest" and timestamp tags
- gtsI'm interested in this part. It would be possible to provide multiple tags, like What about other images, like VanillaOS, which have different release schedules? |
|
Yes, that's an already implemented feature, and can be used to set any set of custom tags on any image. |
|
I think this structure makes way more sense TBH. I do think that |
|
Something else that could probably be added later for the user's image is |
|
As for the "schema" for the recipe, the struct definitions and the use of serde already act like a schema enforcer. However, I think using schema's for the configuration of modules would be a really good idea to be able to validate the input before building. |
|
So there is a jsonschema crate that we can use that is being actively maintained it would seem. Also we could include a tool to convert user's recipes using struct-convert. I used this at work for helping to create a helm values migration tool for deploying our services. |
Just realized. I don't think this should be |
Yeah I was a bit iffy on that too, but don't know what would be better. |
Maybe |
I like |
|
|
|
To spin that argument around: basically everything in the recipe concerns 'the final image', while |
|
Could you do a combination? |
|
That is a bit "waffly" IMO yeah 😅 |
|
So it's sounding like it's going to be something like this? base-image:
ref: ghcr.io/ublue-os/silverblue-main:40
public-key: https://... # unimplemented, needed for base image verification, would be optional, and automatically supplied for ublue etc.
type: ostree # unimplemented, might be needed for effectively supporting different base images, which might need things like running `ostree container commit`
final-image:
name: weird-os
description: This is my personal OS image.
tags: # replaces the "latest" and timestamp tags
- gts
stages:
...
modules:
...I think combining the |
|
But yeah, I probably agree that this is better. |
|
How about something like: base-image:
image: ghcr.io/ublue-os/silverblue-main:40
public-key: https://... # unimplemented, needed for base image verification, would be optional, and automatically supplied for ublue etc.
type: ostree # unimplemented, might be needed for effectively supporting different base images, which might need things like running `ostree container commit` It feels a bit redundant, but it follows convention from k8s and docker compose. Maybe if we want, we can find another name for |
base:
image: ghcr.io/ublue-os/silverblue-main:40
public-key: https://... # unimplemented, needed for base image verification, would be optional, and automatically supplied for ublue etc.
type: ostree # unimplemented, might be needed for effectively supporting different base images, which might need things like running `ostree container commit`
metadata:
name: weird-os
description: ...
tags: [gts]
stages:
...
modules:
... |
|
I'm liking that |
|
Something that I think would be super useful. I've been looking through how the Bluefin base:
from-recipe: parent-recipe.yml
...This could allow building tiered images like how bluefin and bluefin-dx are created. FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS base
# ...
FROM base AS dx
# ...We could then build and push both in a single build process (once I figure that out). |
|
That is similar to what I laid out as the other way to solve building multiple similar images alongside modules. Could be interesting. I don't see the practical difference from just building multiple images, one that uses the other as a base, except that GHA matrixes are concurrent so the build might be based on yesterdays image if the workflows aren't set up correctly. I'm also not sure how your solution would interplay with GHA matrixing, so we'll see. |
Yeah that was my main reasoning for it, though with having the full recipe we probably don't need to push both images. I think it would be a good idea for inheriting the base image and any stages that were defined in the parent recipe. We can try it out later and see what works best. |
Is there any point in this if both images aren't pushed? |
Yeah, the whole system of inheriting from a recipe. Say you have a tiered set of images. One that we'll call All in all it would just make it easier to keep certain images in sync with each other and prevent the issue of basing it off of yesterday's build of |
|
If If there's some elegant solution that would push both |
I can agree to this. This will require some research outside of this issue. |
(this issue is filed under CLI, because this is the only place changes would have to be made to implement changes to the recipe format)
I had an epiphany. But let me preface a bit; if the purpose of the recipe is to be a versatile standard that describes the build and publish process of a native container image, is it as good as that as can be? And if not, aren't we in the broad ideal moment of time to evolve it?
Here's how it could look:
That's a sketch, but IMO it's already better than what we have now. Ideas and discussion appreciated here, though.
Multiple versions of the recipe standard could be supported in a way similar to other projects, say,
docker-compose.ymldo. I'd opt for using the$schema:key to specify the version; that would force us to supply jsonschema for all supported versions, and the user to update both the autocomplete source and the actual version in their recipes at the same time. This would set a solid foundation for breaking recipe changes in the future. If rust can do jsonchema validation, maybe we could even get multi-version support in CLI with not much extra effort? #173@blue-build/members
The text was updated successfully, but these errors were encountered: