mirrors/archlinux-docker
1
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/archlinux-docker.git synced 2026-05-16 11:16:15 +02:00
Code Issues Projects Releases Wiki Activity
414 Commits 5 Branches 1,981 Tags
Commit Graph

414 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robin Candau
af60f44b1a
Pull Alpine images from Google's public pull-through cache proxy during build 
The CI is pulling the Alpine Linux image during `podman build` (via the [Dockerfile](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/blob/master/Dockerfile.template?ref_type=heads#L13)) for each built images.

With the 3 image versions we have right now (`base`, `base-devel`, `multilib-devel`) plus the new / incoming [`repro` image](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/merge_requests/96) (which is built twice during the CI), that's a total of 5 pull requests made to Docker Hub per CI.

Docker Hub has a rate limit of 100 pull requests per 6 hours for unauthenticated requests (see https://www.docker.com/increase-rate-limit). That means that 20 CI runs within 6 hours (including from forks) would get us blocked (which eventually happened during my *numerous* tests with the repro image MR...).

This commit aims to configure podman to pull the image from [Google's public pull-through cache proxy](https://docs.cloud.google.com/artifact-registry/docs/pull-cached-dockerhub-images) instead (and fallback to Docker Hub if needed), reducing the number of requestis we send to Docker Hub and avoiding being rate limited.

Closes https://gitlab.archlinux.org/archlinux/infrastructure/-/work_items/817
 2026-04-20 19:48:47 +02:00
Justin Kromlinger
7161278aa0
Ensure BusyBox compatibility for CI 2026-04-20 15:22:05 +02:00
Justin Kromlinger
b36148c7bb
Ensure BusyBox compatibility 2026-04-20 14:20:03 +02:00
hashworks
4246889a1d Merge branch 'fix_pre-release-CI-stage' into 'master' 
Add the missing 'source_date_epoch' argument to the make-dockerfile.sh script call in the pre-release CI stage

See merge request archlinux/archlinux-docker!99
 2026-04-20 14:06:13 +02:00
Robin Candau
aa78d463ca
Add the missing 'source_date_epoch' argument to the make-dockerfile.sh script call in the pre-release CI stage 
Since https://gitlab.archlinux.org/archlinux/archlinux-docker/-/merge_requests/96, the make-dockerfile.sh script expects the new SOURCE_DATE_EPOCH variable / argument which was mistankely omitted in the pre-release CI stage call to the script.
 2026-04-20 11:23:10 +02:00
hashworks
e8ebb06a73 Merge branch 'repro_publish' into 'master' 
Add missing REPRO build arguments in the CI publish step

See merge request archlinux/archlinux-docker!98
 2026-04-19 21:37:41 +02:00
Robin Candau
152c2410be
Add missing REPRO build arguments in the CI publish step 
The publish CI step was mistankely omitted from https://gitlab.archlinux.org/archlinux/archlinux-docker/-/merge_requests/96
 2026-04-19 20:48:45 +02:00
hashworks
09a5aed161 Merge branch 'repro' into 'master' 
Add a new `repro` image version / tag providing a bit for bit reproducible image

Closes #44

See merge request archlinux/archlinux-docker!96
 2026-04-19 17:54:32 +02:00
Robin Candau
96c00dc076
Link the 'diffoci' upstream issue about the 'image naming paradox' in repro documentation 2026-04-09 22:33:22 +02:00
Robin Candau
4b15f9a1a1
Remove ldconfig auxiliary cache file only for the repro group 2026-04-02 09:24:16 +02:00
Robin Candau
c0bb963913
Slight wording improvements 2026-04-01 21:05:02 +02:00
Robin Candau
93b7de821a
Add disclaimer to REPRO.md 2026-04-01 19:24:31 +02:00
Robin Candau
4dd4125eff
Improve user doc in REPRO.md 2026-04-01 16:26:18 +02:00
Robin Candau
4819df410a
Formatting and typo fixes in REPRO.md 2026-04-01 14:13:59 +02:00
Robin Candau
76713dc531
Add user documentation about reproducing an image locally 2026-04-01 13:46:20 +02:00
Robin Candau
303235f6a5
Use same SDE value for the rootFS and podman build 2026-04-01 10:44:29 +02:00
Robin Candau
6529154341
Fix SDE definition for podman build and re-add digest comparison 2026-03-31 20:33:21 +02:00
Robin Candau
cccc73178e
Add repro test for the rootFS 
Show bit for bit reproducibility of the rootFS
 2026-03-31 01:05:58 +02:00
Robin Candau
af4e991076
Consistency for if blocks style 2026-03-31 00:52:11 +02:00
Robin Candau
8cefb71233
Remove non-relevant digest checks 
The container registry is always going to rewrite parts of the image in an uncontrollable way. As far as we know, it's not possible to download a 1:1 copy of a build output from the container registry (until someone figures this out).

As far as I understand it, it also explains why `diffoci --semantic` is a thing and why it's generally considered "good enough" (give current constraints).
 2026-03-31 00:48:30 +02:00
Robin Candau
9a4c205f52
Honor SDE in Dockerfile for the repro group 2026-03-30 23:01:08 +02:00
Robin Candau
eb80a94f54
Remove ldconfig cache from Dockerfile.template 
Not needed at runtime and adds non-determinism
 2026-03-30 22:47:09 +02:00
Robin Candau
87a723680e
Get rid of pacman logs for repro image 2026-03-30 22:39:15 +02:00
Robin Candau
6103dcbc5f
Add repro-test stage to the CI 
Rebuild the rootFS and the "repro" image, pull the originally built "repro" image and compare them (with `podman digest` and `diffoci`).
 2026-03-30 22:35:00 +02:00
Robin Candau
7069a6cc06
Revert "WIP" 
This reverts commit cd87d3eb612d5bc8a660a19e7a7bb9e1bf5c252b.
 2026-03-30 20:26:23 +02:00
Robin Candau
cd87d3eb61
WIP 2026-03-30 13:14:59 +02:00
Robin Candau
0e2fd8ee15
Run arch-repro-status when testing the 'repro' image 
This is more informative than anything, we're primarily looking at providing a bit for bit reproducible image. The reproducibility of the userspace is not fully guaranteed at the moment
 2026-03-28 15:53:21 +01:00
Robin Candau
2f44c1aeba
Re-generate pacman keys before testing the repro image in CI 2026-03-28 15:19:22 +01:00
Robin Candau
2c15b530fe
Syntax fix 2026-03-28 14:55:41 +01:00
Robin Candau
c4462ed40b
Fix ordering in GitLab CI and Makefile 2026-03-28 14:53:14 +01:00
Robin Candau
4f4495e15b
Fix call to unexisting var in Makefile 2026-03-28 14:47:16 +01:00
Robin Candau
b21717021c
Update comment styling 2026-03-28 14:39:41 +01:00
Robin Candau
7fe6027fa9
Move repro specific steps under the repro group condition 
Given that we intend to create a dedicated repro tag, we should probably put every repro steps behind this condition and leave the other groups / tags untouched for now.
 2026-03-28 14:35:55 +01:00
Mark Hegreberg
20bbc94b91
repro POC 
this commit takes the relevant repro steps from the wsl image, and wraps
breaking changes to only affect the :repro image

testing reproducability is not yet included, so we can discuss the
approach first
 2026-03-27 19:36:32 -07:00
Mark Hegreberg
a4bf94ea08 fix typo and slight wording change 2026-03-23 09:01:03 -07:00
Robin Candau
ec82ba398e
Document the 'repro' tag in README 2026-03-23 13:20:20 +01:00
Justin Kromlinger
0d7c4c0017
Revert "Temporarily drop profile.d/80-systemd-osc-context to avoid machine-id nsf error spam" 
This reverts commit 2ae497c16d7647c505b1cb39e19659d26193a5a0.

Resolves #107.
 2025-12-19 17:09:57 +01:00
Justin Kromlinger
b8a77b2c87
Add temporary workaround until pacman 7.1.0 rollout is done 2025-12-14 19:12:51 +01:00
Justin Kromlinger
60e4a6c9bb
Fix pacman v7.1.0 sandbox config 2025-12-14 18:46:41 +01:00
Justin Kromlinger
7bdde954b0
Fix fakechroot build with pacman v7.1.0 
Every `pacman -Sy*` call executed with fakeroot will fail with the new pacman release.
Until we have an alternative we need to add `--disable-sandbox-filesystem`.

See https://gitlab.archlinux.org/archlinux/archlinux-wsl/-/merge_requests/77
 2025-12-13 18:38:33 +01:00
hashworks
d886fb482e Merge branch 'renovate/alpine-3.x' into 'master' 
Update alpine Docker tag to v3.23

See merge request archlinux/archlinux-docker!93
 2025-12-11 15:45:25 +01:00
renovate
d08dcc818c Update alpine Docker tag to v3.23 2025-12-11 15:42:26 +01:00
Justin Kromlinger
14a5131df7
Revert "Debug #108" 
This reverts commit f7a03d6b9d48bff92af94b6d5bf2f54e0e408260.
 2025-12-11 15:41:42 +01:00
Justin Kromlinger
f7a03d6b9d
Debug #108 2025-12-10 16:36:05 +01:00
hashworks
fd06401276 Merge branch 'fastly-mirror' into 'master' 
Use new fastly CDN as default mirror

See merge request archlinux/archlinux-docker!92
 2025-10-30 16:29:48 +01:00
Justin Kromlinger
648ec9e246
Use new fastly CDN as default mirror 2025-10-30 14:12:46 +01:00
Justin Kromlinger
2ae497c16d
Temporarily drop profile.d/80-systemd-osc-context to avoid machine-id nsf error spam 
See #107
 2025-10-08 16:41:01 +02:00
hashworks
744b1c5c6a Merge branch 'renovate/alpine-3.x' into 'master' 
Update alpine Docker tag to v3.22

See merge request archlinux/archlinux-docker!91
 2025-06-01 14:31:27 +02:00
renovate
cb7b8eb35d
Update alpine Docker tag to v3.22 2025-05-30 18:25:59 +00:00
Justin Kromlinger
ae0527df18
Disable sandbox in oci images due to missing kernel landlock 
Resolves the `error: restricting filesystem access failed because the
landlock ruleset could not be applied!` when running pacman.

Closes #103.
 2025-01-31 12:22:15 +01:00