build: Include component version in image version tag#413
Merged
Conversation
60ccf70 to
ab8602a
Compare
Some context in cilium/cilium#41862 Today, images build in this repository have tags with the following structure: `<timestamp>-<commit-sha>` where `commit-sha` is the short sha of the last commit to affect the given image directory (`images/<image>/`) and `timestamp` is the timestamp of that commit. This versioning scheme allows ordering of tags by build date, which allows renovate to manage version updates for those images. But this can hide potential major breaking changes in those images. For example when LLVM got upgraded from `18.1.8` to `19.1.7`, the corresponding image tag changed from `1732033893-de666b6` to `1747754567-1d8e3ec`, which hardly relfects the major version bump. This PR updates the image tagging mechanism to optionnaly incorporate the main image component version in the image version tag. For images for which there is no major relevant component, the current versionning scheme is preserved. | Image | Version Source | Example Version | |----------------|---------------------------------------|-----------------| | bpftool | libbpf/bpftool releases | 7.4.0 | | checkpatch | Linux kernel version | 5.12 | | iptables | iptables package version | 1.8.8-1 | | llvm | llvm-project releases | 19.1.7 | | network-perf | iperf version | 3.19 | Images that keep their current versioning pattern: `compilers`, `maker`, `startup-script`, `tester` This leads to the following per image tags: ``` for image in $(ls images); do echo $image; ./scripts/make-image-tag.sh images/$image; echo "\n";done bpftool 7.4.0-1758805548-08727cd-wip checkpatch 5.12-1755701578-b97bd7a-wip compilers 1758805548-08727cd iptables 1.8.8-1-1758805548-08727cd-wip llvm 19.1.7-1758805548-08727cd-wip maker 1761742433-196d922 network-perf 3.19-1758616553-aad452d-wip startup-script 1755531540-60ee83e tester 1761742433-196d922 ``` Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
ab8602a to
4aadee8
Compare
rgo3
approved these changes
Nov 5, 2025
rgo3
left a comment
There was a problem hiding this comment.
Will we need to teach renovate how to deal with this change or does that work automatically? (Not very familiar with the renovate tooling)
Member
Author
Yes, we will have to update this accordingly |
1 task
Member
|
@hemanthmalla hoping this is on your radar? :) |
aanm
approved these changes
Nov 20, 2025
HadrienPatte
added a commit
to cilium/cilium
that referenced
this pull request
Dec 2, 2025
This PR updates the custom versioning regex used for the images from the `image-tools` repository to reflect image versioning scheme changes from cilium/image-tools#413. The existing regex is kept for images that still follow the previous versioning scheme (`image-compilers`, `image-maker`, `startup-script` and `image-tester`). Other images now have a slighlty more elaborate regex to account for their "semantic + timestamp + commit sha" new versioning scheme. Reference: https://docs.renovatebot.com/modules/versioning/regex/ Note: we're using the `build` capture group for the timestamp element Note: Renovate requires that all previous capture groups match (even if with an empty value), this is why the `patch` capture group is configured to either match the patch version component or match to an empty value in case the version does not have a patch number (like for the `checkpatch` and `network-perf` images). Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
github-merge-queue bot
pushed a commit
to cilium/cilium
that referenced
this pull request
Dec 2, 2025
This PR updates the custom versioning regex used for the images from the `image-tools` repository to reflect image versioning scheme changes from cilium/image-tools#413. The existing regex is kept for images that still follow the previous versioning scheme (`image-compilers`, `image-maker`, `startup-script` and `image-tester`). Other images now have a slighlty more elaborate regex to account for their "semantic + timestamp + commit sha" new versioning scheme. Reference: https://docs.renovatebot.com/modules/versioning/regex/ Note: we're using the `build` capture group for the timestamp element Note: Renovate requires that all previous capture groups match (even if with an empty value), this is why the `patch` capture group is configured to either match the patch version component or match to an empty value in case the version does not have a patch number (like for the `checkpatch` and `network-perf` images). Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
HadrienPatte
added a commit
to cilium/cilium
that referenced
this pull request
Dec 2, 2025
Update those images to their latest version following their new versioning scheme (see cilium/image-tools#413). Followup updates for those images will be handled by renovate (see #43087). Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
|
Thanks for doing this! |
HadrienPatte
added a commit
to cilium/cilium
that referenced
this pull request
Dec 10, 2025
Update those images to their latest version following their new versioning scheme (see cilium/image-tools#413). Followup updates for those images will be handled by renovate (see #43087). Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
github-merge-queue bot
pushed a commit
to cilium/cilium
that referenced
this pull request
Dec 10, 2025
Update those images to their latest version following their new versioning scheme (see cilium/image-tools#413). Followup updates for those images will be handled by renovate (see #43087). Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
HadrienPatte
added a commit
that referenced
this pull request
Dec 10, 2025
This PR enables renovate to bump `libbpf/bpftool` in the bpftools image. This is now safe to do since #413 as the bpftools image includes that `libbpf/bpftool` version in its tag so we can control when we want to get those upgrades in `cilium/cilium`. Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
HadrienPatte
added a commit
that referenced
this pull request
Dec 10, 2025
This PR enables renovate to bump [`iperf`](https://github.com/esnet/iperf) in the `network-perf` image. This is now safe to do since #413 as the `network-perf` image tags now include its `iperf` version in it so we can control when we want to get those upgrades in `cilium/cilium`. Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
HadrienPatte
added a commit
to cilium/cilium
that referenced
this pull request
Dec 12, 2025
Update default `network-perf` image reference to follow its new versioning scheme (see cilium/image-tools#413). The contents of the image is not otherwise changed. See similar PR: #43098 Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
HadrienPatte
added a commit
to cilium/cilium
that referenced
this pull request
Dec 12, 2025
Update default `network-perf` image reference to follow its new versioning scheme (see cilium/image-tools#413). The contents of the image is not otherwise changed. See similar PR: #43098 Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
github-merge-queue bot
pushed a commit
to cilium/cilium
that referenced
this pull request
Dec 17, 2025
Update default `network-perf` image reference to follow its new versioning scheme (see cilium/image-tools#413). The contents of the image is not otherwise changed. See similar PR: #43098 Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
tklauser
pushed a commit
that referenced
this pull request
Jan 6, 2026
This PR enables renovate to bump `libbpf/bpftool` in the bpftools image. This is now safe to do since #413 as the bpftools image includes that `libbpf/bpftool` version in its tag so we can control when we want to get those upgrades in `cilium/cilium`. Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
tklauser
pushed a commit
that referenced
this pull request
Jan 6, 2026
This PR enables renovate to bump [`iperf`](https://github.com/esnet/iperf) in the `network-perf` image. This is now safe to do since #413 as the `network-perf` image tags now include its `iperf` version in it so we can control when we want to get those upgrades in `cilium/cilium`. Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Some context in cilium/cilium#41862
Today, images build in this repository have tags with the following structure:
<timestamp>-<commit-sha>wherecommit-shais the short sha of the last commit to affect the given image directory (images/<image>/) andtimestampis the timestamp of that commit.This versioning scheme allows ordering of tags by build date, which allows renovate to manage version updates for those images. But this can hide potential major breaking changes in those images. For example when LLVM got upgraded from
18.1.8to19.1.7, the corresponding image tag changed from1732033893-de666b6to1747754567-1d8e3ec, which hardly relfects the major version bump.This PR updates the image tagging mechanism to optionnaly incorporate the main image component version in the image version tag. For images for which there is no major relevant component, the current versionning scheme is preserved.
Images that keep their current versioning pattern:
compilers,maker,startup-script,testerThis leads to the following per image tags:
We can inspect the CI jobs to confirm that the new tagging system is now used:
