[Improvement] Add a new data source, github-tagged-images-file, to automate retrieving images from a image-list file of a GitHub release #544
Conversation
|
cc @superseb |
|
Thanks @brandond for reviewing. Currently, Longhorn doesn't include images list in release's artifact. It stores the images list in a file in the source code of each release. Therefore, I think the datasource name |
|
Ah that's interesting. Most Rancher projects make the airgap image list a release artifact. This was a requirement for centralized image security scanning. Could LH consider doing the same? |
I am not very sure about how Longhorn does image security scanning so not sure if this is something Longhorn would like to do. cc @innobead could you provide some thoughts? Regarding to the data source naming, do you agree that |
There was a problem hiding this comment.
I still don't think that "release" is the correct term to use here. It is not pulling content from GitHub Release Artifacts. It is is getting files from at git repo (or a GitHub repo, specifically) at a specific tag. Could we update things it to reflect that?
|
Discussed with @brandond and we agree to change the name to |
…tomate retrieving images from a image-list file of a GitHub release rancher#543 Signed-off-by: Phan Le <phan.le@suse.com>
brandond
changed the title
|
Hi @brandond all checks have passed and you have approved the PR. Is it ok to merge now? |
Current issue:
Longhorn would like to automate adding/mirroring images. However, the currently available list of data sources don't fit the use-case of Longhorn:
github-releasesdata source: This one finds new GitHub release tag and adds the images defined in theimagesfield in theconfig.jsonfile. For example:{ "vsphere-cpi": { "images": [ "gcr.io/cloud-provider-vsphere/cpi/release/manager" ], "versionSource": "github-releases:kubernetes/cloud-provider-vsphere", "versionConstraint": ">1.21.0" } }config.jsonfile instructs the script to find GitHub release tags in the repokubernetes/cloud-provider-vsphere. Then only add thegcr.io/cloud-provider-vsphere/cpi/release/managerimage with the found tags to the images-list. This doesn't fit the use-case of Longhorn because the list of Longhorn images are not fixed. We added/removed images between the releases. Therefore, it would require manual works to modify the"images"fied of theconfig.jsonoftenlygithub-latest-releasedata source: this data source has same limitation as thegithub-releases. Additionaly, Longhorn maintain multiple minor releases so a smaller version (e.g.,v1.4.5) might be released after the current latest version (e.g.,v1.5.3). This data source will not sync and add the smaller version (e.g.,v1.4.5)registrydata source: Longhorn doesn't maintain a registry. Not applicablehelm-latest,helm-oci, andhelm-directorydata sources. With these data sources, the workflow attempts to runhelm templateand extract the images from the workload (deployment/daemonset/pod) output ofhelm template. This approach doesn't work for Longhorn because not all Longhorn images appears in the output ofHelm template(the images of Longhorn system managed components)Proposal
Add a new data source to automate retrieving images from file which contains the list of images of a GitHub release,
github-releases-images-file. This will look up GitHub releases, excluding pre-releases, and find the list of images inside a specified file of the release. This can be used if your project maintains a list of images in a file, e.g., https://github.com/longhorn/longhorn/blob/master/deploy/longhorn-images.txtAn example of configuration for
github-releases-images-filecould be:{ "longhorn": { "versionSource": "github-releases-images-file:longhorn/longhorn", "imagesFilePath": "deploy/longhorn-images.txt", "versionConstraint": ">=1.4.0" } }With the new
github-releases-images-filedata source, the aboveconfig.jsoninstructs the GitHub workflow to:longhorn/longhorn, excluding pre-releasesdeploy/longhorn-images.txtand add the newly found images to the images-list.