Bug 1487356 - docker strategy builds handle .dockerignore inconsistently
Summary: docker strategy builds handle .dockerignore inconsistently
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.1.0
Assignee: Adam Kaplan
QA Contact: wewang
URL:
Whiteboard: 4.1.3
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-31 17:53 UTC by Ben Parees
Modified: 2019-06-26 08:50 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: in OpenShift Docker strategy builds, .dockerignore files were not processed before sending content to the Docker daemon Consequence: images included content that developers wanted to be excluded Fix: engine for building container images was switched to buildah in 4.1.0 Result: .dockerignore files in source repositories are respected during Docker strategy builds
Clone Of:
Environment:
Last Closed: 2019-06-26 08:50:22 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1589 0 None None None 2019-06-26 08:50:29 UTC

Description Ben Parees 2017-08-31 17:53:03 UTC
Description of problem:

the .dockerignore file is not respected by the docker strategy build.  It is respected when using the image layer optimization option (which uses imagebuilder under the covers).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create a repo with a Dockerfile and .dockerignore
2. The Dockerfile needs to "ADD . /tmp"
3. Build the repo using a docker strategy on openshift

Actual results:
files listed in .dockerignore should are present in the final image's /tmp dir when using the default docker strategy (but not when using the imagelayer optimization).


Expected results:
files listed in .dockerignore should not be present in the final image's /tmp dir

Comment 1 Ben Parees 2017-08-31 17:54:53 UTC
This is because we blindly tar the workdir and send it to the docker daemon:
https://github.com/openshift/origin/blob/master/pkg/build/builder/dockerutil.go#L195

Clayton can you add some details about what tool we should be using to create the tar instead?

Comment 2 Ben Parees 2017-09-14 21:44:39 UTC
(not a regression, so pushing this out).

Comment 3 Ben Parees 2017-10-05 03:53:30 UTC
(still not a regression, still pushing this out, though will try to get to it still)

Comment 4 Ben Parees 2017-10-30 17:45:59 UTC
attempt that ended in a dead end: https://github.com/openshift/source-to-image/pull/809

Comment 5 Ben Parees 2019-01-25 16:06:16 UTC
This should be resolved in 4.0 by the move to buildah.  Adam can you test this on a 4.0 cluster?

Comment 6 Adam Kaplan 2019-02-01 21:56:36 UTC
This appears to remain an issue. Need to dig a bit further to confirm.

Comment 7 Adam Kaplan 2019-02-05 14:39:07 UTC
Confirmed that this is an issue with buildah.
Requested https://github.com/containers/buildah/issues/699 to be repopened.

Comment 9 Kirsten Newcomer 2019-06-12 11:59:57 UTC
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers.  Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant.

This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. 

If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new 

Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new 

As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.

Comment 10 Ben Parees 2019-06-12 13:56:57 UTC
Adam, it looks like https://github.com/containers/buildah/issues/699 was resolved.  Should this BZ instead be marked as fixed in 4.1.0?

Comment 11 Adam Kaplan 2019-06-12 14:06:08 UTC
Ben - this is correct. Now that we're using buildah, .dockerignore should just work. QE team should be able to verify this was fixed with 4.1.0.

We should create new BZs if there are further issues with .dockerignore files.

Comment 12 Ben Parees 2019-06-12 17:37:47 UTC
Eric we wanted QE to verify this.

Comment 13 wewang 2019-06-17 06:35:57 UTC
verified in 
4.1.0-0.nightly-2019-06-13-165744

repo:
$ tree
.
├── Dockerfile
├── subdir
│   ├── sub1.txt
│   └── sub2.txt
├── test1.txt
└── test2.txt

1 directory, 5 files
$ more .dockerignore 
# comment
*
test*
!test2*
subdir
!*/sub1*


result:
TEP 3: RUN ls -lR  /tmp/src
/tmp/src:
total 4
drwx------. 2 root root 22 Jun 17 06:27 subdir
-rw-rw-r--. 1 root root  6 Jun 17 06:26 test2.txt

/tmp/src/subdir:
total 4
-rw-rw-r--. 1 root root 9 Jun 17 06:26 sub1.txt

Comment 16 errata-xmlrpc 2019-06-26 08:50:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1589


Note You need to log in before you can comment on or make changes to this bug.