Description of problem: If a Dockerfile used in Docker strategy builds has build args that precede the first FROM statement, the build arg is dropped from the generated Dockerfile. Version-Release number of selected component (if applicable): 4.4 How reproducible: Always Steps to Reproduce: 1. Create a Docker strategy build with a BuildConfig that has ARG instructions that precede the first FROM statement: ``` apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: name: dropped-build-arg spec: source: dockerfile: |- ARG foo=centos FROM registry.redhat.io/ubi8/ubi:latest RUN echo "hello from ubi!" FROM $foo RUN echo "hello from $foo" type: Dockerfile strategy: dockerStrategy: {} type: Docker 2. Start the build Actual results: Build will fail - no such image $foo Expected results: Build should succeed. Additional info:
Still wait for available 4.6 nightly build payload to verify it.
Verified in version: 4.6.0-0.nightly-2020-06-07-065515 Steps: 1. Create a bc: ``` apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: name: dropped-build-arg spec: source: dockerfile: |- ARG foo=centos FROM registry.redhat.io/ubi8/ubi:latest RUN echo "hello from ubi!" FROM $foo RUN echo "hello from $foo" type: Dockerfile strategy: dockerStrategy: {} type: Docker ``` 2. Start build with bc $ oc get builds NAME TYPE FROM STATUS STARTED DURATION dropped-build-arg-1 Docker Dockerfile Failed (PullBuilderImageFailed) 2 hours ago 44s $ oc logs -f build/dropped-build-arg-1 Caching blobs under "/var/cache/blobs". Pulling image registry.redhat.io/ubi8/ubi:latest ... Warning: Pull failed, retrying in 5s ... Warning: Pull failed, retrying in 5s ... Warning: Pull failed, retrying in 5s ... error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: while pulling "docker://registry.redhat.io/ubi8/ubi:latest" as "registry.redhat.io/ubi8/ubi:latest": Error initializing source docker://registry.redhat.io/ubi8/ubi:latest: unexpected http code: 500 (Internal Server Error), URL: https://registry.redhat.io/auth/realms/rhcc/protocol/redhat-docker-v2/auth?account=53065484%7Cuhc-1V6IJfkUxJwJq1N5Z0k0aWL3AhR&scope=repository%3Aubi8%2Fubi%3Apull&service=docker-registry 3. Check the build pod, Build pod always mounts correctpull secrets $ oc describe pod/dropped-build-arg-1-build node-pullsecrets: Type: HostPath (bare host directory volume) Path: /var/lib/kubelet/config.json HostPathType: File $ oc debug pod/dropped-build-arg-1-build Starting pod/dropped-build-arg-1-build-debug, command was: openshift-docker-build --loglevel=0 Pod IP: 10.128.2.119 If you don't see a command prompt, try pressing enter. sh-4.2# cat /var/lib/kubelet/config.json 4. Create secret for registry.redhat.io and set build secret to bc, then pull registry.redhat.io/ubi8/ubi:latest successfully $ oc logs -f build/dropped-build-arg-3 STEP 1: FROM registry.redhat.io/ubi8/ubi:latest STEP 2: RUN echo "hello from ubi!" hello from ubi! time="2020-06-08T05:09:29Z" level=info msg="Image operating system mismatch: image uses \"\", expecting \"linux\"" time="2020-06-08T05:09:29Z" level=info msg="Image architecture mismatch: image uses \"\", expecting \"amd64\"" --> 9377eebee87 STEP 3: FROM centos Getting image source signatures Copying blob sha256:8a29a15cefaeccf6545f7ecf11298f9672d2f0cdaf9e357a95133ac3ad3e1f07 Copying config sha256:470671670cac686c7cf0081e0b37da2e9f4f768ddc5f6a26102ccd1c6954c1ee Writing manifest to image destination Storing signatures STEP 4: RUN echo "hello from $foo" hello from centos when I replace registry.redhat.io/ubi8/ubi:latest with registry.redhat.io/rhscl/ruby-26-rhel7:latest in above bc, no need to create secret and set build secret to bc, pull successfully, so I am confused what different pull from registry.redhat.io/ubi8 and registry.redhat.io/rhscl? I thought should the same, should use node credentials to pull image, no need to create secret in my project anymore @adam could you know the reason? thanks.
Please ingore message about comment 4, checked another 4.6.0-0.nightly-2020-06-07-065515 env, not met issue about comment 4, seems env has issue.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196