Support multi-arch config outputs #421
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prior to this change, apko_config had a single "config" property that contained an apko config, where the package list was the intersection of the arch-specific package lists. Most of the time, the package list is identical across architectures, but architecture-specific dependencies (like libatomic) can lead to divergence. Since we only include the intersection, we would omit these architecture specific packages. When apko_build re-solved the locked package list, it would add the missing packages back, so this worked out, but was suboptimal. We want to solve this mostly because this information being incomplete prevents us from relying on it, but this also solves an annoying hole in our reproducibility story, because the missing packages would not be pinned to any version and could float. In the future, we may want to upgrade these locked versions (e.g. "foo=1.2.3-r4") to locked hashes (e.g. "foo><sha1hashgoeshere") for the architecture-specific configs, but apko does not currently support that and there would be quite a lot of prep work we'd need to do, but at least we have a place to do it now. Signed-off-by: Jon Johnson <[email protected]>
|
See chainguard-dev/terraform-publisher-apko#52 for how this will be used. |
imjasonh
approved these changes
Dec 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prior to this change, apko_config had a single "config" property that contained an apko config, where the package list was the intersection of the arch-specific package lists.
Most of the time, the package list is identical across architectures, but architecture-specific dependencies (like libatomic) can lead to divergence. Since we only include the intersection, we would omit these architecture specific packages. When apko_build re-solved the locked package list, it would add the missing packages back, so this worked out, but was suboptimal.
We want to solve this mostly because this information being incomplete prevents us from relying on it, but this also solves an annoying hole in our reproducibility story, because the missing packages would not be pinned to any version and could float.
In the future, we may want to upgrade these locked versions (e.g. "foo=1.2.3-r4") to locked hashes (e.g. "foo><sha1hashgoeshere") for the architecture-specific configs, but apko does not currently support that and there would be quite a lot of prep work we'd need to do, but at least we have a place to do it now.