zuul/zuul-jobs
Code Issues Proposed changes

Update registry tests to better cover speculative image builds

Browse Source 
The docker toolchain is a bit of a walled garden and speculative image
builds work great by default as long as docker.io is your image
registry. As soon as you start trying to host images elsewhere it
becomes a lot more complicated to use speculatively built images during
docker image builds.

Update our existing registry role test jobs to use images hosted
somewhere other than docker.io to force us onto the less happy code
path, then verify that we are able to build images from speculative
states using docker. This should give us decent coverage that everything
works as expected.

Change-Id: I4801f98a0ef1aab01b4bc3b6e6576800efacbac4
This commit is contained in:
Clark Boylan
2025-08-28 13:15:45 -07:00
parent 81b2a1896a
commit 5dcc397840
4 changed files with 102 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test-playbooks/registry/docker-siblings/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM docker.io/upstream/image as first
FROM quay.io/opendevorg/imagedoesnotexist as first
ARG ZUUL_SIBLINGS=""
RUN echo "Zuul siblings: ${ZUUL_SIBLINGS}"
RUN cp /test-nonce /test-nonce-is-there

34
test-playbooks/registry/test-registry.yaml
View File

@@ -24,7 +24,7 @@
include_role:
name: intermediate-registry-user-config
- name: "Build a container image for the previous build with docker roles"
when: container_command == 'docker'
when: container_role == 'docker'
include_role:
name: "build-docker-image"
vars:
@@ -32,7 +32,7 @@
- context: test-playbooks/registry/docker
repository: "{{ previous_build_repository }}"
- name: "Build a container image for the previous build with container-image roles"
when: container_command != 'docker'
when: container_role != 'docker'
include_role:
name: "build-container-image"
vars:
@@ -107,20 +107,28 @@
zuul_artifacts: "{{ previous_build_zuul.artifacts }}"
# This simulates a build actually using the previous build.
# This only works for podman because docker cannot use speculative images
# hosted outside of docker.io during normal operations. That only works
# with buildkit and image building when using docker.
- hosts: builder
name: Test that the previous build is available
tasks:
- name: Include intermediate registry vars
include_vars: vars/intermediate-registry-auth.yaml
- name: Include previous build vars
include_vars: vars/previous-build.yaml
- name: Pull the previous build from buildset registry to the builder host
command: "{{ container_command }} pull {{ previous_build_repository }}:latest"
- name: "Show local container images for debugging"
command: "{{ container_command }} image ls"
- name: Verify previously built image is in buildset registry
command: "{{ container_command }} image inspect {{ previous_build_repository }}:latest"
- name: Simple checks when using podman
when: container_command != 'docker'
block:
- name: Include intermediate registry vars
include_vars: vars/intermediate-registry-auth.yaml
- name: Include previous build vars
include_vars: vars/previous-build.yaml
- name: Pull the previous build from buildset registry to the builder host
command: "{{ container_command }} pull {{ previous_build_repository }}:latest"
- name: "Show local container images for debugging"
command: "{{ container_command }} image ls"
- name: Verify previously built image is in buildset registry
command: "{{ container_command }} image inspect {{ previous_build_repository }}:latest"
- name: Remove the image from local storage to force fetching from the buildset registry
command: "{{ container_command }} image prune --all --force"
# Back to straightforward use of the roles under test.
@@ -137,7 +145,7 @@
- name: Build docker image
include_role:
name: "build-{{ (container_command == 'docker') | ternary('docker', 'container') }}-image"
name: "build-{{ (container_role == 'docker') | ternary('docker', 'container') }}-image"
vars:
_normal_docker_images:
- context: test-playbooks/registry/docker-siblings

2
test-playbooks/registry/vars/previous-build.yaml
View File

@@ -2,7 +2,7 @@
# buildset via provides/requires. This build should be copied from
# the intermediate registry to the buildset registry.
previous_build_repository: docker.io/upstream/image
previous_build_repository: quay.io/opendevorg/imagedoesnotexist
previous_build_uuid: 48a84fe22a744cb5b0310f396358d912
previous_build_zuul:
artifacts:

81
zuul-tests.d/container-roles-jobs.yaml
View File

@@ -241,6 +241,7 @@
post-run: test-playbooks/registry/test-registry-post.yaml
vars:
container_command: docker
container_role: docker
multiarch: false
nodeset: &registry_nodeset
nodes:
@@ -250,6 +251,26 @@
label: debian-bookworm
- name: builder
label: ubuntu-jammy
# Docker can't currently build with speculative states hosted anywhere
# but docker.io. This is nonvoting as we're using quay.io as the
# registry. A followup will fix this issue and make the test voting.
voting: false
- job:
name: zuul-jobs-test-registry-docker-container-role
parent: zuul-jobs-test-registry-docker
description: |
Test the intermediate registry roles.
Like its parent this tests the intermediate registry roles. The
difference here is we test with build-container-image to check
compatibility with that role using docker as the command.
vars:
container_role: container
# Docker can't currently build with speculative states hosted anywhere
# but docker.io. This is nonvoting as we're using quay.io as the
# registry. A followup will fix this issue and make the test voting.
voting: false
- job:
name: zuul-jobs-test-registry-docker-multiarch
@@ -272,9 +293,22 @@
post-run: test-playbooks/registry/test-registry-post.yaml
vars:
container_command: docker
container_role: docker
multiarch: true
nodeset: *registry_nodeset
- job:
name: zuul-jobs-test-registry-docker-container-role-multiarch
parent: zuul-jobs-test-registry-docker-multiarch
description: |
Test the intermediate registry roles with multiarch.
Like its parent this tests the intermediate registry roles. The
difference here is we test with build-container-image to check
compatibility with that role using docker as the command.
vars:
container_role: container
- job:
name: zuul-jobs-test-registry-podman
description: |
@@ -297,6 +331,7 @@
post-run: test-playbooks/registry/test-registry-post.yaml
vars:
container_command: podman
container_role: container
multiarch: false
nodeset: *registry_nodeset
@@ -713,7 +748,7 @@
- project:
check:
jobs: &id001
jobs:
- zuul-jobs-test-ensure-docker-centos-9-stream
- zuul-jobs-test-ensure-docker-debian-bookworm
- zuul-jobs-test-ensure-docker-debian-bullseye
@@ -730,7 +765,9 @@
- zuul-jobs-test-build-docker-image-release
- zuul-jobs-test-build-docker-image-release-multiarch
- zuul-jobs-test-registry-docker
- zuul-jobs-test-registry-docker-container-role
- zuul-jobs-test-registry-docker-multiarch
- zuul-jobs-test-registry-docker-container-role-multiarch
- zuul-jobs-test-registry-podman
- zuul-jobs-test-registry-buildset-registry
- zuul-jobs-test-registry-buildset-registry-k8s-microk8s
@@ -755,6 +792,46 @@
- zuul-jobs-test-ensure-podman-debian-bullseye
- zuul-jobs-test-mirror-container-images
gate:
jobs: *id001
jobs: &id001
- zuul-jobs-test-ensure-docker-centos-9-stream
- zuul-jobs-test-ensure-docker-debian-bookworm
- zuul-jobs-test-ensure-docker-debian-bullseye
- zuul-jobs-test-ensure-docker-ubuntu-focal
- zuul-jobs-test-ensure-docker-ubuntu-jammy
- zuul-jobs-test-ensure-docker-ubuntu-noble
- zuul-jobs-test-build-container-image-docker-release
- zuul-jobs-test-build-container-image-docker-release-multiarch
- zuul-jobs-test-build-container-image-docker-release-multiarch-multinode
- zuul-jobs-test-build-container-image-podman-release
- zuul-jobs-test-build-container-image-docker-promote
- zuul-jobs-test-build-container-image-docker-promote-multiarch
- zuul-jobs-test-build-container-image-podman-promote
- zuul-jobs-test-build-docker-image-release
- zuul-jobs-test-build-docker-image-release-multiarch
- zuul-jobs-test-registry-docker-multiarch
- zuul-jobs-test-registry-docker-container-role-multiarch
- zuul-jobs-test-registry-podman
- zuul-jobs-test-registry-buildset-registry
- zuul-jobs-test-registry-buildset-registry-k8s-microk8s
- zuul-jobs-test-registry-buildset-registry-k8s-crio
- zuul-jobs-test-ensure-kubernetes-crio-ubuntu-focal
- zuul-jobs-test-ensure-kubernetes-podman-ubuntu-noble
- zuul-jobs-test-ensure-kubernetes-microk8s-ubuntu-jammy
- zuul-jobs-test-ensure-kubernetes-microk8s-debian-bookworm
- zuul-jobs-test-ensure-podman-debian-bookworm
- zuul-jobs-test-ensure-podman-debian-bullseye
- zuul-jobs-test-ensure-podman-ubuntu-jammy
- zuul-jobs-test-ensure-podman-ubuntu-noble
- zuul-jobs-test-ensure-podman-socket-debian-bookworm
- zuul-jobs-test-ensure-podman-socket-debian-bullseye
- zuul-jobs-test-ensure-podman-socket-ubuntu-jammy
- zuul-jobs-test-ensure-podman-socket-ubuntu-noble
- zuul-jobs-test-ensure-skopeo-debian-bookworm
- zuul-jobs-test-ensure-skopeo-debian-bullseye
- zuul-jobs-test-ensure-skopeo-ubuntu-focal
- zuul-jobs-test-ensure-skopeo-ubuntu-jammy
- zuul-jobs-test-ensure-skopeo-ubuntu-noble
- zuul-jobs-test-ensure-podman-debian-bullseye
- zuul-jobs-test-mirror-container-images
periodic-weekly:
jobs: *id001