images: Update bpftools and llvm images#41339
Merged
Conversation
6b0db0d to
2064b68
Compare
Member
Author
|
/test |
Artyop
approved these changes
Aug 25, 2025
glrf
approved these changes
Aug 25, 2025
tommyp1ckles
approved these changes
Sep 3, 2025
c603b9c to
0f3c813
Compare
Member
Author
|
/test |
361c952 to
78e043b
Compare
Member
Author
|
/test |
With #41230, renovate will now handle updating those images, but since they haven't been updated in a while, there's some manual adjustments that are required before renovate can handle those. With cilium/image-tools#339 and cilium/image-tools#343, these two images no longer include their test files. This PR removes the test stage from the `runtime` image as it was just rerunning those tests and there are no `runtime` image tests. This PR also fixes the tests for the `builder` image. It turns out that those tests have been broken since #32767 because they haven't been running in CI for years. Those tests aren't running since we switched from the legacy docker engine to buildkit, see [details](https://docs.docker.com/build/building/multi-stage/#differences-between-legacy-builder-and-buildkit): > The legacy Docker Engine builder processes all stages of a Dockerfile leading up to the selected --target. It will build a stage even if the selected target doesn't depend on that stage. > > BuildKit only builds the stages that the target stage depends on. Future followups: * Does it make sense to have a test expect a specific version of `libprotoc` when this dependency is regularly automatically updated by renovate? With the current setup, this test will break everytime renovate updates `libprotoc`. I'd argue that the version string should be removed from the expected output so we only test that `protoc --version` runs successfully without expecting a given version string. * Consider either: * Update the CI to ensure those container structure tests are run on PRs * Remove container structure tests as after this PR, only the `builder` image will have [some](https://github.com/cilium/cilium/blob/a7de0143835a080750dbbde7285be37ab8599883/images/builder/test/spec.yaml) and all they test is that `protoc` is installed in the image Note: the release note for this PR is more focused on the user-visible change related to the update of the `bpftools` and `llvm` images. ```release images: Update `bpftools` and `llvm` images to reduce the size of the `cilium` image by 39MB (`amd64`) / 35MB (arm64) ``` Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
d95b043 to
35dc7b7
Compare
Signed-off-by: Cilium Imagebot <noreply@cilium.io>
Member
Author
|
/test |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With #41230, renovate will now handle updating those images, but since they haven't been updated in a while, there's some manual adjustments that are required before renovate can handle those.
With cilium/image-tools#339 and cilium/image-tools#343, these two images no longer include their test files. This PR removes the test stage from the
runtimeimage as it was just rerunning those tests and there are noruntimeimage tests.This PR also fixes the tests for the
builderimage. It turns out that those tests have been broken since #32767 because they haven't been running in CI for years. Those tests aren't running since we switched from the legacy docker engine to buildkit, see details:Future followups:
libprotocwhen this dependency is regularly automatically updated by renovate? With the current setup, this test will break everytime renovate updateslibprotoc. I'd argue that the version string should be removed from the expected output so we only test thatprotoc --versionruns successfully without expecting a given version string.builderimage will have some and all they test is thatprotocis installed in the imageNote: the release note for this PR is more focused on the user-visible change related to the update of the
bpftoolsandllvmimages.