Extract buildinfo from yaml file and create content_manifest.json

[gursewak1997]

We are adding the buildindfo data to the json file to be able to identify which repos were used to build RHCOS. The repo names used in manifest would match names in reposistory-to-CPE.json published by Red Hat

Got buildinfo from content_sets.yaml which resides under redhat-coreos repo and is copied over to src/config/. Extracted the repo names and mapped to their corresponding pulp repository IDs to add it to our content_manifest.json for buildinfo. The file content_manifest.json will be available under /usr/share/buildinfo/ after cmdlib.sh running is completed.

Issue: https://issues.redhat.com/browse/GRPA-3731
Discussion: #2540

[miabbott]

Looks like a good start, but I think there are some more changes needed

[miabbott]

I would keep this code behind a conditional that checks for the presence of the --content-sets argument. We don't need to run this for FCOS at this time.

[jlebon]

Further, maybe it'd be cleaner to make this part of a function in cmdlib.sh and call out to it from prepare_compose_overlays when we detect the YAML file is present.

[miabbott]

Let's use "${workdir}"/tmp/buildinfo for this location

[miabbott]

I think this whole section of code should be conditional on the presence of content_manifest.json

[miabbott]

I'm not sure how this code is supposed to work? The content_manifest.json is cat'ed, then an ostree commit is made, and the override manifest YAML doc has an empty -contentset entry added to it?

[gursewak1997]

Yes, pretty much but cat content_manifest.json was not necessary. So basically just ostree commit the json file to /usr/share/ and adding -contentset entry to manifest yaml doc.

[miabbott]

Could you also expand the commit message to provide a bit more context on the "why?" for the change and link to the Jira card as part of it?

[jlebon]

Hmm, we shouldn't hardcode this path.

[jlebon]

In general, cosa uses conventions. I was thinking more that instead of passing a --content-sets switch, cosa just does the right thing if it detects that it's present in the configdir.

[jlebon]

Further, maybe it'd be cleaner to make this part of a function in cmdlib.sh and call out to it from prepare_compose_overlays when we detect the YAML file is present.

[miabbott]

/retest

[miabbott]

FCOS CI is failing on the ShellCheck step

[2021-12-09T01:46:55.890Z] ./tests/check_one.sh src/cmdlib.sh src/.cmdlib.sh.shellchecked
[2021-12-09T01:46:56.452Z] 
[2021-12-09T01:46:56.452Z] In src/cmdlib.sh line 309:
[2021-12-09T01:46:56.452Z]     echo $(jq --argjson repos "$REPOS" '. += 
[2021-12-09T01:46:56.452Z]          ^-- SC2046: Quote this to prevent word splitting.
[2021-12-09T01:46:56.452Z]          ^-- SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
[2021-12-09T01:46:56.452Z] 
[2021-12-09T01:46:56.452Z] For more information:
[2021-12-09T01:46:56.452Z]   https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
[2021-12-09T01:46:56.452Z]   https://www.shellcheck.net/wiki/SC2005 -- Useless echo? Instead of 'echo $(...
[2021-12-09T01:46:56.452Z] make: *** [Makefile:34: src/.cmdlib.sh.shellchecked] Error 1
script returned exit code 2```

[jlebon]

Should use configdir variable.

[jlebon]

Can we combine these? E.g.

if [ -e "${configdir}/content_sets.yaml" ]; then
    mkdir -p ...
    create_content_manifest /path/to/output.json
    ...
fi

[jlebon]

This needs to go under ostree-layers. So we should probably instead just add it to the layers variable and then move down the block that outputs ostree-layers to after this.

[jlebon]

Same note here re. hardcoded path. Maybe simpler to have the caller to this function pass in the path to the YAML file.

Re. yaml2json, this is OK, though it doesn't look necessary. We could directly read YAML in the Python code.

[jlebon]

This looks like it's outputting every repo in the file, but instead I think what we want is to parse the flattened manifest and only output the mapped repos which are used.

[jlebon]

Seems like it'd be cleaner to build the file entirely in the Python bits.

[jlebon]

Minor: the variable $arch should already be defined and accessible.

Changes landed

[miabbott]

Tested this locally with RHCOS and it worked great!

Saw the message about the missing repo:

Warning: No corresponding repo in repository-to-cpe.json for rhel-8-fast-datapath-aarch64                                                                                                                                                                                                                                     
Committing /srv/tmp/override/contentsetrootfs... e261cf0d7d1cf17ca3725f83d07da9aebfa3c66ea2d8641d36dd1ffc608d79eb 

And the end result looked perfect.

$ cat /usr/share/buildinfo/content_manifest.json 
{
  "metadata": {
    "icm_version": 1,
    "icm_spec": "https://raw.githubusercontent.com/containerbuildsystem/atomic-reactor/master/atomic_reactor/schemas/content_manifest.json",
    "image_layer_index": 1
  },
  "content_sets": [
    "rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4",
    "rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4",
    "fast-datapath-for-rhel-8-x86_64-rpms",
    "rhocp-4.8-for-rhel-8-x86_64-rpms"
  ],
  "image_contents": []
}

The content_sets was missing the NFV repo, but I understand that is only being used for kernel-rt in the extensions. I wonder if we should just include all the repos by default?

I don't think we need to block on that question, as this gets us most of the way there.

[gursewak1997]

The content_sets was missing the NFV repo, but I understand that is only being used for kernel-rt in the extensions. I wonder if we should just include all the repos by default?

I don't think including all the repos would be a good idea but I am open to it if needed.

[gursewak1997]

Also, @miabbott are we still looking to add the symlink so that it is accessible as /root/buildinfo
If so, we just need to commit the buildinfo.conf file in https://github.com/openshift/os/pull/670/files

[jlebon]

Missing indentation.

[jlebon]

Could make this clearer by passing the output path to create_content_manifest so it directly writes to the rootfs.

[jlebon]

Minor: base_repo would be more conventional.

[jlebon]

Hmm, why iterate over the dictionary? Isn't it directly accessible through data['repo_mapping'][baseRepo]['name']?

[jlebon]

Let's use a separate variable to mutate instead of mutating the source data?

[jlebon]

Shouldn't this say content_sets.yaml?

[jlebon]

I wonder if we should tweak the semantics a bit: we include those repos that aren't in repository-to-cpe.json in content_sets.yaml but leave their name as "". Then here, we can warn and skip if the name is empty, otherwise explicitly error out. This ensures that if the set of manifest repo names changes, we're not just going to forget to update content_sets.yaml.

Another way to say this: we require that every repo in the manifest must have an entry in content_sets.yaml.

[gursewak1997]

Agree with it.
I was thinking we could have two different warning messages;

• one for the repos with "" as their name in yaml file
• and another one if their is no entry for a base_repo in the yaml file itself. This would help us to add an entry to the YAML file in case we miss one in the yaml file in the future.

[jlebon]

Ideally here we'd be checking that the baseurls match. This would require parsing the repo files though. We can skip this for now.

[jlebon]

Shouldn't need this since we should always be creating a JSON file by the end.

[jlebon]

Also, maybe for the commit message, something like: "cmd-build: add support for content_sets.yaml"? Also should include a body containing a bit of context on why we're doing this and if needed links to more context.

[jlebon]

Some minor comments, but mostly LGTM! Looks like

Also should include a body containing a bit of context on why we're doing this and if needed links to more context.

still needs to be addressed.

[jlebon]

Minor: spurious line deletion hunk.

[jlebon]

Instead of using $1 and $2 like this, let's declare some local variables upfront at the beginning of the function with clearer names.

[jlebon]

Let's set manifest_tmp_json ourselves here as a local variable (and the manifest_tmp_json in prepare_build should probably also be local).

[jlebon]

Alternatively, we can formalize this as part of prepare_build and not delete the treefile like you had before but name the variable something like flattened_manifest and explicitly export it the same way we export manifest. Then here we can reuse it instead of rerunning rpm-ostree compose tree. Anyway, not a blocker!

[jlebon]

What I meant here is that we explicitly error out, but OK with this too to start. We can always tighten things later.

Actually, this is probably better for the developer case. So it's a good default and then we could add a switch for more stricter handling in production pipelines, a bit like how it is for lockfiles.

[gursewak1997]

Keeping as it for now.

[jlebon]

Minor: looks like we're eating the file's final newline here.

[jlebon]

LGTM, nice work!

[jlebon]

Minor: these should be local. Not worth the respin though.