Bug 1842982 - Dockerfile builds ignore preamble build args
Summary: Dockerfile builds ignore preamble build args
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.6.0
Assignee: Nalin Dahyabhai
QA Contact: wewang
URL:
Whiteboard:
Depends On:
Blocks: 1843405
TreeView+ depends on / blocked
 
Reported: 2020-06-02 13:52 UTC by Adam Kaplan
Modified: 2020-10-27 16:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, if a Dockerfile used in Docker strategy builds used the ARG instruction to define build arguments before the first FROM instruction occurred in the Dockerfile, that instruction would be dropped when the Dockerfile was preprocessed to incorporate any overrides which might have been specified in the Build or BuildConfig. References to those arguments would subsequently not be resolved properly while building an image using the preprocessed Dockerfile. The preprocessing logic has been modified so that it preserves ARG instructions which are encountered before the first FROM instruction when generating the updated Dockerfile contents, so this problem should no longer occur.
Clone Of:
Environment:
Last Closed: 2020-10-27 16:03:54 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift builder pull 132 0 None closed Bug 1842982: preserve ARG values that come before the first FROM 2020-10-21 14:51:12 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:03:56 UTC

Description Adam Kaplan 2020-06-02 13:52:49 UTC
Description of problem:

If a Dockerfile used in Docker strategy builds has build args that precede the first FROM statement, the build arg is dropped from the generated Dockerfile.


Version-Release number of selected component (if applicable): 4.4


How reproducible: Always


Steps to Reproduce:
1. Create a Docker strategy build with a BuildConfig that has ARG instructions that precede the first FROM statement:

```
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  name: dropped-build-arg
spec:
  source:
    dockerfile: |-
      ARG foo=centos
      FROM registry.redhat.io/ubi8/ubi:latest
      RUN echo "hello from ubi!"
      FROM $foo
      RUN echo "hello from $foo"
    type: Dockerfile
  strategy:
    dockerStrategy: {}
    type: Docker

2. Start the build


Actual results:

Build will fail - no such image $foo

Expected results:

Build should succeed.


Additional info:

Comment 3 wewang 2020-06-05 01:46:46 UTC
Still wait for available 4.6 nightly build payload to verify it.

Comment 4 wewang 2020-06-08 05:50:36 UTC
Verified in version:
4.6.0-0.nightly-2020-06-07-065515

Steps:
1. Create a bc:
```
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  name: dropped-build-arg
spec:
  source:
    dockerfile: |-
      ARG foo=centos
      FROM registry.redhat.io/ubi8/ubi:latest
      RUN echo "hello from ubi!"
      FROM $foo
      RUN echo "hello from $foo"
    type: Dockerfile
  strategy:
    dockerStrategy: {}
    type: Docker
```
2. Start build with bc
$ oc get builds
NAME                  TYPE     FROM          STATUS                            STARTED             DURATION
dropped-build-arg-1   Docker   Dockerfile    Failed (PullBuilderImageFailed)   2 hours ago         44s
$ oc logs -f build/dropped-build-arg-1
Caching blobs under "/var/cache/blobs".
Pulling image registry.redhat.io/ubi8/ubi:latest ...
Warning: Pull failed, retrying in 5s ...
Warning: Pull failed, retrying in 5s ...
Warning: Pull failed, retrying in 5s ...
error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: while pulling "docker://registry.redhat.io/ubi8/ubi:latest" as "registry.redhat.io/ubi8/ubi:latest": Error initializing source docker://registry.redhat.io/ubi8/ubi:latest: unexpected http code: 500 (Internal Server Error), URL: https://registry.redhat.io/auth/realms/rhcc/protocol/redhat-docker-v2/auth?account=53065484%7Cuhc-1V6IJfkUxJwJq1N5Z0k0aWL3AhR&scope=repository%3Aubi8%2Fubi%3Apull&service=docker-registry

3. Check the build pod, Build pod always mounts correctpull secrets
$  oc describe pod/dropped-build-arg-1-build
  node-pullsecrets:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/kubelet/config.json
    HostPathType:  File

$ oc debug pod/dropped-build-arg-1-build
Starting pod/dropped-build-arg-1-build-debug, command was: openshift-docker-build --loglevel=0
Pod IP: 10.128.2.119
If you don't see a command prompt, try pressing enter.
sh-4.2# cat /var/lib/kubelet/config.json 


4. Create secret for registry.redhat.io and set build secret to bc, then pull registry.redhat.io/ubi8/ubi:latest successfully
$ oc logs -f build/dropped-build-arg-3
STEP 1: FROM registry.redhat.io/ubi8/ubi:latest
STEP 2: RUN echo "hello from ubi!"
hello from ubi!
time="2020-06-08T05:09:29Z" level=info msg="Image operating system mismatch: image uses \"\", expecting \"linux\""
time="2020-06-08T05:09:29Z" level=info msg="Image architecture mismatch: image uses \"\", expecting \"amd64\""
--> 9377eebee87
STEP 3: FROM centos
Getting image source signatures
Copying blob sha256:8a29a15cefaeccf6545f7ecf11298f9672d2f0cdaf9e357a95133ac3ad3e1f07
Copying config sha256:470671670cac686c7cf0081e0b37da2e9f4f768ddc5f6a26102ccd1c6954c1ee
Writing manifest to image destination
Storing signatures
STEP 4: RUN echo "hello from $foo"
hello from centos


when I replace registry.redhat.io/ubi8/ubi:latest with registry.redhat.io/rhscl/ruby-26-rhel7:latest in above bc, no need to create secret and set build secret to bc, pull successfully, so I am confused what different pull from registry.redhat.io/ubi8 and registry.redhat.io/rhscl? I thought should the same, should use  node credentials to pull image, no need to create secret in my project anymore @adam could you know the reason? thanks.

Comment 5 wewang 2020-06-08 08:15:15 UTC
Please ingore message about comment 4, checked another 4.6.0-0.nightly-2020-06-07-065515 env, not met issue about comment 4, seems env has issue.

Comment 7 errata-xmlrpc 2020-10-27 16:03:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.