Current package.mk will operate on the first dependence object
'check-dirty', which will result the make process abort earlier
with below message:
pkg/package.mk:60: *** Your repository is not clean. Will not push package image. Stop.
This is not expected behavior since we have no chance to build
a docker image locally in case of the user has no intention to
push that image.
This patch adjust the dependece order for the default target, thus
we can build the docker image locally but can't push that image
since we're in a dirty git repository.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
This is like the `push` target but omits the pulls and depends on forcetag
instead. With the git commit now being embedded into the image this is now a
necessary part of rebasing a PR for which images have already been pushed.
Also adds PHONY targets for existing forcetag and push targets which were
missing.
NB $(error) appends a "." to omit the final one from the error message
Signed-off-by: Ian Campbell <ijc@docker.com>
This updates the build of the two image caches to use the `pkg/package.mk`
infrastructure, albeit in a slightly (ok, very) atypical way.
In order to share the bulk of the build code (including the `Dockerfile` and
the `Makefile` machinery to download the images) we arrange for the necessary
bits to be copied at build time into distinct subdirectories and for the
`pkg/package.mk` to be aware of this possibility.
Since pkg/package.mk is only set up to build a single package we use a single
`image-cache/Makefile` to drive the whole process and recurse into
`Makefile.pkg` to build individual packages.
One particular subtlety is that the package hash is based on the `image-cache`
directory (which is in `git`) rather than the generated subdirectories (which
are not in `git`). Since all the generators (and their inputs) are in the
`image-cache` directory this is what we want. This means that the two images
are given the same tag, but this is deliberate and desirable.
The generated directories are completely temporary to avoid picking up stale
versions of images when versions are updated. Images are hardlinked into place.
The images are moved to the linuxkitprojects org. Using a dev tag for now, will
update once everything is in place.
Also use "tag" rather than "build" where appropriate in the Makefile.
There is no point in the .dockerignore now, but add a .gitignore.
Signed-off-by: Ian Campbell <ijc@docker.com>
For DIRTY and RELEASED this means simply performing a static assignment with
`:=`. For HASH it is a little more complex since it is (and we want/need it to
be) a conditional assigment. However it is only used for defining TAG, so make
that a static assignment.
This reduces the number of times the complex DIRTY shell command in particular
is evaluated.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Firstly add option to disable content trust, for the use of e.g. projects which
are pushing to the linuxkitprojects org (which has no trust setup) rather than
the main linuxkit org.
Secondly, when trust _is_ enabled then enable it globally, in particular it is
now active for the `docker build` and hence containers referenced in
Dockerfiles via "FROM" will be checked.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Otherwise files which have an updated timestamp but no actual changes are
marked as changes because `git diff-index` only uses the `lstat` result and not
the actual file contents. Running `git update-index --refresh` updates the
cache.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
If a user passes a HASH e.g. HASH=dev then assume they know what they are doing
and don't need dirty tracking.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Useful to answer the question of what the hash was at the point of some older
commit.
$ make --no-print-directory -C pkg/init/ show-tag
linuxkit/init:36c56f0664d49c5a6adc1120d1bf5ba6ac30b389
$ make --no-print-directory -C pkg/init/ show-tag HASH_COMMIT=4699f80ef73141ee87a77d03f93065e541fab382
linuxkit/init:17693d233dd009b2a3a8d23673cb85969e1dce80
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
The current rune for $(HASH) returns nothing with the Jessie version of git
(2.1.4). Using `--full-tree` works corectly but requires an absolute path (else
it produces e.g. "fatal: ../init: '../init' is outside repository").
Both `ls-tree` and `diff-index` are happy with a full absolute path, which
simplifies things since we can use `$(CURDIR)` directly.
Tested with a dirty `pkg/init` on both Jessie (git 2.1.4) and Stretch (git
2.11.0) with the following command, which produces identical output in both
cases:
$ for pkg in init containerd ; do make -C pkg/$pkg --no-print-directory show-tag; ( cd pkg/$pkg && make show-tag ); done
linuxkit/init:36c56f0664d49c5a6adc1120d1bf5ba6ac30b389-dirty
linuxkit/init:36c56f0664d49c5a6adc1120d1bf5ba6ac30b389-dirty
linuxkit/containerd:1e3e8f207421de8deac8cedc26a138d6b1661a0d
linuxkit/containerd:1e3e8f207421de8deac8cedc26a138d6b1661a0d
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
By setting `DIRTY` to either "-dirty" or "" directly we can simply use
`$(HASH)$(DIRTY)` and avoid make adding a space as it does with `+=`.
For the push check we now block pushing if `$(DIRTY)` is non-empty.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
$ make --no-print-directory -C pkg/init/ show-tag
linuxkit/init:36c56f0664d49c5a6adc1120d1bf5ba6ac30b389
Useful for scripting etc.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This commit moves the include statement to the bottom of the file to
ensure that all variables are set before conditionals are evaluated.
I also changed the ifndef NETWORK to ifdef NETWORK as the former was
incorrect. We want `NET_OPTS="--network=none"` in cases where NETWORK is
not defined.
Fixes: #2134
Signed-off-by: Dave Tucker <dt@docker.com>
- Only build if the hash has changed. Previosuly
we'd unconditionally build and not push of the tag existed.
- Add '.m' to the hash if the repository is dirty.
This allows developers to build locally without committing
but makes it clear that the hash is from a modified repository.
- Don't push to hub if the repository is dirty
- If the current commit has a tag, also push this to hub.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
These now inherit from a top-level package.mk
Options like use of the network can be enabled on a per package basis
This removes a lot of duplicate code and make the maintenace of these
Makefiles much easier
Signed-off-by: Dave Tucker <dt@docker.com>
