This is a tracking bug for components that may not be able to immediately migrate their CI to 4.x clusters due a behavior skew between imagebuilder and buildah.

Problem:

In a multistage build, it is common to use the `COPY --from=<alias|index> <src> <dest>` instruction. In imagebuilder relative paths were allowed in the <src> argument - imagebuilder would assume that <src> was relative to the the most recent working directory in the referenced image. Docker and buildah do not make this assumption [1][2].

The following repos (producing images with the referenced Dockerfiles) may be impacted:

openshift/ansible-service-broker › operator/build/olm-testing.Dockerfile
openshift/ansible-service-broker › operator/build/olm-testing.downstream.Dockerfile
openshift/certman-operator › build/Dockerfile
openshift/cloud-ingress-operator › build/Dockerfile
openshift/cluster-kube-apiserver-operator › Dockerfile-origin-release
openshift/cluster-logging-operator › Dockerfile
openshift/configmap-reload › Dockerfile
openshift/configmap-reload › Dockerfile.ocp
openshift/deadmanssnitch-operator › build/Dockerfile
openshift/kube-state-metrics › Dockerfile.ocp
openshift/managed-velero-operator › build/Dockerfile
openshift/multus-cni › webhook/Dockerfile
openshift/openshift-state-metrics › Dockerfile
openshift/pagerduty-operator › build/Dockerfile
openshift/rbac-permissions-operator › build/Dockerfile
openshift/splunk-forwarder-operator › build/Dockerfile

Solution:

Replace the relative path in <src> with an absolute path.

Note that some of these Dockerfiles use environment variables or build args to set an absolute path. If these are utilized, teams should verify that these env vars or build args are set properly in openshift/release.

Additional Info:

[1] https://docs.docker.com/engine/reference/builder/#copy
[2] https://github.com/moby/moby/issues/36643