Conversation
janisz
changed the title
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3021 +/- ##
=======================================
Coverage 27.38% 27.38%
=======================================
Files 95 95
Lines 5427 5427
Branches 2548 2548
=======================================
Hits 1486 1486
Misses 3214 3214
Partials 727 727
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
janisz
force-pushed
the
ubi-micro
branch
4 times, most recently
from
a50fa44 to
417c31a
Compare
Contributor
msugakov
reviewed
Mar 4, 2026
Contributor
msugakov
left a comment
msugakov
left a comment
There was a problem hiding this comment.
Most of what I commented on collector/container/Dockerfile applies to collector/container/konflux.Dockerfile also.
janisz
added a commit
that referenced
this pull request
Mar 4, 2026
Changes: - Switch from ubi-minimal to ubi base image for package_installer stages - Remove dnf installation step (ubi already includes dnf) - UBI10: sha256:f573194e8e5231f1c9340c497e1f8d9aa9dbb42b2849e60341e34f50eec9477e - UBI9: sha256:cecb1cde7bda7c8165ae27841c2335667f8a3665a349c0d051329c61660a496c This improves build efficiency since we no longer need to install dnf on top of ubi-minimal, which essentially gives us ubi anyway. Addresses review comment from @msugakov on PR #3021. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
janisz
added a commit
that referenced
this pull request
Mar 4, 2026
Changes: - Add ubi-micro-base stage to reference the ubi-micro image - Create package_installer_final stage that copies ubi-micro base to /out - Install packages on top of the existing ubi-micro base - Use ubi-micro-base as the final runtime image base This ensures that the rpmdb in the final image correctly tracks both: 1. Packages that come with the ubi-micro base image 2. Packages we install via dnf --installroot Without this change, we were creating a new rpmdb from scratch in /out, which would replace ubi-micro's existing rpmdb and lose track of packages already present in the base image. Addresses review comment from @msugakov on PR #3021. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
msugakov
reviewed
Mar 4, 2026
janisz
force-pushed
the
ubi-micro
branch
2 times, most recently
from
5f66aec to
b7e45ba
Compare
janisz
commented
Mar 6, 2026
janisz
changed the title
Molter73
reviewed
Mar 6, 2026
Molter73
reviewed
Mar 6, 2026
msugakov
reviewed
Mar 6, 2026
ovalenti
reviewed
Mar 10, 2026
janisz
changed the title
Add bash, coreutils, curl, grep, and gawk to the runtime package list in konflux.Dockerfile to match the regular Dockerfile and provide necessary shared libraries and utilities. These packages were missing from the konflux.Dockerfile package_installer stage, causing runtime errors: - curl provides libcurl.so.4 (required by collector binary) - bash, coreutils, grep, gawk provide shell utilities used by scripts The packages are already present in rpms.lock.yaml (included as dependencies from other packages or previous builds), so only rpms.in.yaml needs to be updated to document the explicit dependency. Fixes error: collector: error while loading shared libraries: libcurl.so.4: cannot open shared object file: No such file or directory Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Tomasz Janiszewski <tomek@redhat.com>
Replace the complex sed-based generation of Dockerfile.dev with a static single-stage Dockerfile for development builds. This simplifies the build process and makes the development Dockerfile easier to maintain. Changes: - Add static collector/container/Dockerfile.dev using full UBI base - Remove container-dockerfile-dev target from Makefile - Update image-dev target to use static Dockerfile.dev directly - Remove --build-arg BUILD_TYPE=devel (not needed for dedicated dev Dockerfile) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> chore: Add static Dockerfile.dev and update .gitignore Add the static Dockerfile.dev file that was previously ignored, and remove it from .gitignore since it's now a source file rather than a generated one. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The collector binary requires libcap-ng.so.0 at runtime, but this library was missing from the final image after commit 4b7f0cc removed packages. While libcap-ng-devel is installed in the builder stage, the runtime library libcap-ng must also be present in the final image. This was causing CI test failures with: "collector: error while loading shared libraries: libcap-ng.so.0: cannot open shared object file: No such file or directory" Changes: - Added libcap-ng to rpms.in.yaml final stage packages - Added libcap-ng to konflux.Dockerfile runtime packages - Added libcap-ng (and missing c-ares, tbb) to Dockerfile runtime packages Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Rename collector/container/Dockerfile.dev to dev.Dockerfile to follow a more consistent naming convention (matching konflux.Dockerfile pattern). This is now a static file (not generated), so removed it from the clean target in collector/Makefile. Changes: - Renamed collector/container/Dockerfile.dev to dev.Dockerfile - Updated Makefile to reference dev.Dockerfile - Removed dev.Dockerfile from clean target (no longer generated) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Mauro Ezequiel Moltrasio <mmoltras@redhat.com>
Change from removing all /var/cache/* to specifically removing only /var/cache/dnf and /var/cache/yum to prevent accidentally removing needed files like ldconfig/aux-cache. This prevents potential regressions if future RHEL releases add other important files to /var/cache. Addresses review comment from @msugakov on PR #3021. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove digest pins (@sha256:...) from collector/container/Dockerfile and use floating :latest tags instead. Non-konflux images are not updated via MintMaker, so pinned digests would be set in stone forever. Only konflux.Dockerfile should use pinned digests for reproducibility. Addresses review comment from @Molter73 on PR #3021. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace the install.sh script with inline commands directly in the Dockerfile. The install scripts were meant to avoid duplicate Dockerfiles, but since we now have a dedicated dev.Dockerfile, we can inline the commands for better clarity. Addresses review comment from @Molter73 on PR #3021. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Move file copies from package_installer stage back to final stage for semantic clarity. The package_installer stage should focus on installing packages, while the final stage assembles all files. This addresses reviewer ovalenti's preference on PR #3021. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com>
Signed-off-by: Tomasz Janiszewski <tomek@redhat.com>
Signed-off-by: Tomasz Janiszewski <tomek@redhat.com>
Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com>
Contributor
|
🚢 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Reduce container image size and improve security posture by migrating from UBI minimal base images to UBI micro base images.
Removed Packages
Refs:
Checklist
Automated testing
If any of these don't apply, please comment below.
Testing Performed
CI