Bug 1487356

Summary: docker strategy builds handle .dockerignore inconsistently
Product: OpenShift Container Platform Reporter: Ben Parees <bparees>
Component: BuildAssignee: Adam Kaplan <adam.kaplan>
Status: CLOSED ERRATA QA Contact: wewang <wewang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: adam.kaplan, aos-bugs, ccoleman, erich, jokerman, mmccomas, sponnaga, wzheng
Target Milestone: ---Keywords: OSE41z_next, Reopened
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: 4.1.3
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: in OpenShift Docker strategy builds, .dockerignore files were not processed before sending content to the Docker daemon Consequence: images included content that developers wanted to be excluded Fix: engine for building container images was switched to buildah in 4.1.0 Result: .dockerignore files in source repositories are respected during Docker strategy builds
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-26 08:50:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Parees 2017-08-31 17:53:03 UTC 
Description of problem:

the .dockerignore file is not respected by the docker strategy build.  It is respected when using the image layer optimization option (which uses imagebuilder under the covers).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create a repo with a Dockerfile and .dockerignore
2. The Dockerfile needs to "ADD . /tmp"
3. Build the repo using a docker strategy on openshift

Actual results:
files listed in .dockerignore should are present in the final image's /tmp dir when using the default docker strategy (but not when using the imagelayer optimization).


Expected results:
files listed in .dockerignore should not be present in the final image's /tmp dir
Comment 1 Ben Parees 2017-08-31 17:54:53 UTC 
This is because we blindly tar the workdir and send it to the docker daemon:
https://github.com/openshift/origin/blob/master/pkg/build/builder/dockerutil.go#L195

Clayton can you add some details about what tool we should be using to create the tar instead?
Comment 2 Ben Parees 2017-09-14 21:44:39 UTC 
(not a regression, so pushing this out).
Comment 3 Ben Parees 2017-10-05 03:53:30 UTC 
(still not a regression, still pushing this out, though will try to get to it still)
Comment 4 Ben Parees 2017-10-30 17:45:59 UTC 
attempt that ended in a dead end: https://github.com/openshift/source-to-image/pull/809
Comment 5 Ben Parees 2019-01-25 16:06:16 UTC 
This should be resolved in 4.0 by the move to buildah.  Adam can you test this on a 4.0 cluster?
Comment 6 Adam Kaplan 2019-02-01 21:56:36 UTC 
This appears to remain an issue. Need to dig a bit further to confirm.
Comment 7 Adam Kaplan 2019-02-05 14:39:07 UTC 
Confirmed that this is an issue with buildah.
Requested https://github.com/containers/buildah/issues/699 to be repopened.
Comment 9 Kirsten Newcomer 2019-06-12 11:59:57 UTC 
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers.  Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant.

This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. 

If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new 

Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new 

As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.
Comment 10 Ben Parees 2019-06-12 13:56:57 UTC 
Adam, it looks like https://github.com/containers/buildah/issues/699 was resolved.  Should this BZ instead be marked as fixed in 4.1.0?
Comment 11 Adam Kaplan 2019-06-12 14:06:08 UTC 
Ben - this is correct. Now that we're using buildah, .dockerignore should just work. QE team should be able to verify this was fixed with 4.1.0.

We should create new BZs if there are further issues with .dockerignore files.
Comment 12 Ben Parees 2019-06-12 17:37:47 UTC 
Eric we wanted QE to verify this.
Comment 13 wewang 2019-06-17 06:35:57 UTC 
verified in 
4.1.0-0.nightly-2019-06-13-165744

repo:
$ tree
.
├── Dockerfile
├── subdir
│   ├── sub1.txt
│   └── sub2.txt
├── test1.txt
└── test2.txt

1 directory, 5 files
$ more .dockerignore 
# comment
*
test*
!test2*
subdir
!*/sub1*


result:
TEP 3: RUN ls -lR  /tmp/src
/tmp/src:
total 4
drwx------. 2 root root 22 Jun 17 06:27 subdir
-rw-rw-r--. 1 root root  6 Jun 17 06:26 test2.txt

/tmp/src/subdir:
total 4
-rw-rw-r--. 1 root root 9 Jun 17 06:26 sub1.txt
Comment 16 errata-xmlrpc 2019-06-26 08:50:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1589