84 lines
3.3 KiB
ReStructuredText
84 lines
3.3 KiB
ReStructuredText
.. _toolbox:
|
|
|
|
Fedora Toolbx images
|
|
====================
|
|
|
|
This document contains information about current workflow used to build and publish
|
|
Toolbox images. It also describes changes needed to make it work with `quay.io
|
|
<https://quay.io>`_.
|
|
|
|
Current workflow
|
|
----------------
|
|
|
|
The toolbx images are currently built using OSBS. The OSBS submits builds to
|
|
`candidate-registry.fedoraproject.org <https://candidate-registry.fedoraproject.org/>`_
|
|
using dockercfg and user can create an update in Bodhi. After testing period is finished
|
|
or the update gets enough karma it is moved by bodhi to `registry.fedoraproject_org
|
|
<https://registry.fedoraproject.org/>`_.
|
|
|
|
This will change in F39 where the images will be built by `koji-flatpak
|
|
<https://pagure.io/koji-flatpak>`_ plugin. Releng script will then submit the builds to
|
|
both `registry.fedoraproject_org <https://registry.fedoraproject.org/>`_ and `quay.io
|
|
<https://quay.io>`_.
|
|
|
|
.. image:: ../_static/toolbox_workflow_registry.drawio.png
|
|
:target: ../_images/toolbox_workflow_registry.drawio.png
|
|
|
|
Changes for quay.io
|
|
-------------------
|
|
|
|
This section will describe changes that are needed to make `quay.io <https://quay.io>`_
|
|
work with current setup. It will go through pipeline step by step and describe what
|
|
needs to be changed in case of toolbx workflow.
|
|
|
|
OSBS
|
|
~~~~
|
|
|
|
OSBS is using Openshift local container registry, which is configured by `dockercfg
|
|
<https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-production-secret.j2>`_
|
|
file and pointing to candidate-registry. There is dockercfg for `production
|
|
<https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-production-secret.j2>`_
|
|
and `staging
|
|
<https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-staging-secret.j2>`_.
|
|
This dockercfg is used as a secret in OSBS and it's deployed in `setup-worker-namespace
|
|
<https://pagure.io/fedora-infra/ansible/blob/main/f/playbooks/groups/osbs/setup-worker-namespace.yml>`_
|
|
playbook. To make this work with `quay.io <https://quay.io>`_ we need to replace the
|
|
dockercfg with new one pointing to `quay.io <https://quay.io>`_.
|
|
|
|
.. note::
|
|
|
|
OSBS could have trouble reaching to `quay.io <https://quay.io>`_, this needs to be
|
|
solved for this to work.
|
|
|
|
Releng script
|
|
~~~~~~~~~~~~~
|
|
|
|
In the new workflow introduced in Fedora 39+ is a Release Engineering script that pushes
|
|
the image to registry. This script could be found in `releng repository
|
|
<https://pagure.io/releng/blob/main/f/scripts/sync-latest-container-base-image.sh>`_ and
|
|
it's already pushing images to `quay.io <https://quay.io>`_.
|
|
|
|
Bodhi
|
|
~~~~~
|
|
|
|
Bodhi is pushing the container builds from `candidate-registry.fedoraproject.org
|
|
<https://candidate-registry.fedoraproject.org/>`_ to `registry.fedoraproject_org
|
|
<https://registry.fedoraproject.org/>`_ and this is configured in `production.ini
|
|
template
|
|
<https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/base/templates/production.ini.j2>`_
|
|
in ansible.
|
|
|
|
To make it work with quay.io we just need to change `container.destination_registry` and
|
|
`container.source_registry` variables.
|
|
|
|
.. note::
|
|
|
|
Bodhi wouldn't be part of the toolbx workflow in Fedora 39 and later. So no need to
|
|
change anything here.
|
|
|
|
Toolbx
|
|
~~~~~~
|
|
|
|
Toolbx has the `registry.fedoraproject_org <https://registry.fedoraproject.org/>`_ set
|
|
in code. This needs to be changed before we completely switch to `quay.io
|
|
<https://quay.io>`_.
|