From 93ae9b4736c43ccc215ffcef566d325a0843ba40 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Sat, 21 Jun 2025 11:08:50 -0500 Subject: [PATCH] feat: add cache bust using git sha Signed-off-by: Kevin Carter --- .github/workflows/container-build-apache.yaml | 2 ++ .github/workflows/container-build-ceph-client.yaml | 2 ++ .github/workflows/container-build-glance.yaml | 2 ++ .github/workflows/container-build-heat.yaml | 2 ++ .github/workflows/container-build-keystone.yaml | 4 +++- .github/workflows/container-build-neutron.yaml | 2 ++ .github/workflows/container-build-octavia.yaml | 2 ++ .github/workflows/container-build-openstack-venv.yaml | 2 ++ ContainerFiles/apache | 1 + ContainerFiles/ceph-libs | 1 + ContainerFiles/ceph-libs copy | 1 + ContainerFiles/glance | 1 + ContainerFiles/heat | 1 + ContainerFiles/keystone | 1 + ContainerFiles/octavia | 1 + ContainerFiles/openstack-venv | 1 + ContainerFiles/shibd | 2 +- 17 files changed, 26 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container-build-apache.yaml b/.github/workflows/container-build-apache.yaml index 2d291a2..df3ba88 100644 --- a/.github/workflows/container-build-apache.yaml +++ b/.github/workflows/container-build-apache.yaml @@ -95,6 +95,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | MOD_WSGI_VERSION=${{ matrix.apache-mod-wsgi-version }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -150,3 +151,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | MOD_WSGI_VERSION=${{ matrix.apache-mod-wsgi-version }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-ceph-client.yaml b/.github/workflows/container-build-ceph-client.yaml index 9c8ce59..c512bf3 100644 --- a/.github/workflows/container-build-ceph-client.yaml +++ b/.github/workflows/container-build-ceph-client.yaml @@ -106,6 +106,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CEPH_VERSION=${{ matrix.ceph-libs-version }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -161,3 +162,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | CEPH_VERSION=${{ matrix.ceph-libs-version }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-glance.yaml b/.github/workflows/container-build-glance.yaml index d508d17..7bcc16e 100644 --- a/.github/workflows/container-build-glance.yaml +++ b/.github/workflows/container-build-glance.yaml @@ -104,6 +104,7 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -160,3 +161,4 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-heat.yaml b/.github/workflows/container-build-heat.yaml index 65a5430..c01ff32 100644 --- a/.github/workflows/container-build-heat.yaml +++ b/.github/workflows/container-build-heat.yaml @@ -104,6 +104,7 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -160,3 +161,4 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-keystone.yaml b/.github/workflows/container-build-keystone.yaml index 28b6807..bf48f77 100644 --- a/.github/workflows/container-build-keystone.yaml +++ b/.github/workflows/container-build-keystone.yaml @@ -117,6 +117,7 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} RXT_VERSION=${{ matrix.rackspace-plugin-version }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -173,4 +174,5 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} - RXT_VERSION=${{ matrix.rackspace-plugin-version }} \ No newline at end of file + RXT_VERSION=${{ matrix.rackspace-plugin-version }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-neutron.yaml b/.github/workflows/container-build-neutron.yaml index b60b9c2..9fa16ce 100644 --- a/.github/workflows/container-build-neutron.yaml +++ b/.github/workflows/container-build-neutron.yaml @@ -104,6 +104,7 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -160,3 +161,4 @@ jobs: build-args: | OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-octavia.yaml b/.github/workflows/container-build-octavia.yaml index f36d446..1bc37df 100644 --- a/.github/workflows/container-build-octavia.yaml +++ b/.github/workflows/container-build-octavia.yaml @@ -119,6 +119,7 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} OVN_PLUGIN_VERSION=${{ matrix.ovnPluginTag }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -176,3 +177,4 @@ jobs: OS_VERSION=${{ env.project_version != '' && env.project_version || matrix.openstack-constraints }} OS_CONSTRAINTS=${{ matrix.openstack-constraints }} OVN_PLUGIN_VERSION=${{ matrix.ovnPluginTag }} + CACHEBUST=${{ github.sha }} diff --git a/.github/workflows/container-build-openstack-venv.yaml b/.github/workflows/container-build-openstack-venv.yaml index 8fd4115..b1321d9 100644 --- a/.github/workflows/container-build-openstack-venv.yaml +++ b/.github/workflows/container-build-openstack-venv.yaml @@ -64,6 +64,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | PYTHON_VERSION=${{ env.PYTHON_VERSION }} + CACHEBUST=${{ github.sha }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} @@ -119,3 +120,4 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | PYTHON_VERSION=${{ env.PYTHON_VERSION }} + CACHEBUST=${{ github.sha }} diff --git a/ContainerFiles/apache b/ContainerFiles/apache index 3c4b094..ed8fc56 100644 --- a/ContainerFiles/apache +++ b/ContainerFiles/apache @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="keystone" diff --git a/ContainerFiles/ceph-libs b/ContainerFiles/ceph-libs index e094d85..abfb2bb 100644 --- a/ContainerFiles/ceph-libs +++ b/ContainerFiles/ceph-libs @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 ARG CEPH_VERSION=main WORKDIR /opt RUN export DEBIAN_FRONTEND=noninteractive \ diff --git a/ContainerFiles/ceph-libs copy b/ContainerFiles/ceph-libs copy index 14af5e5..3895039 100644 --- a/ContainerFiles/ceph-libs copy +++ b/ContainerFiles/ceph-libs copy @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 ARG CEPH_VERSION=main WORKDIR /opt RUN export DEBIAN_FRONTEND=noninteractive \ diff --git a/ContainerFiles/glance b/ContainerFiles/glance index a7ac3a5..d93346b 100644 --- a/ContainerFiles/glance +++ b/ContainerFiles/glance @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master RUN export DEBIAN_FRONTEND=noninteractive \ diff --git a/ContainerFiles/heat b/ContainerFiles/heat index 50475e7..50b0106 100644 --- a/ContainerFiles/heat +++ b/ContainerFiles/heat @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master RUN export DEBIAN_FRONTEND=noninteractive \ diff --git a/ContainerFiles/keystone b/ContainerFiles/keystone index be83cd7..028ad9d 100644 --- a/ContainerFiles/keystone +++ b/ContainerFiles/keystone @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master ARG RXT_VERSION=main diff --git a/ContainerFiles/octavia b/ContainerFiles/octavia index dbcbfd8..a408eac 100644 --- a/ContainerFiles/octavia +++ b/ContainerFiles/octavia @@ -4,6 +4,7 @@ ARG VENV_TAG=3.12-latest FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build +ARG CACHEBUST=0 ARG OS_VERSION=master ARG OS_CONSTRAINTS=master ARG OVN_PLUGIN_VERSION=master diff --git a/ContainerFiles/openstack-venv b/ContainerFiles/openstack-venv index bf39091..9f93bb5 100644 --- a/ContainerFiles/openstack-venv +++ b/ContainerFiles/openstack-venv @@ -5,6 +5,7 @@ ARG PYTHON_VERSION=3.12 ARG OS_RELEASE=bookworm FROM python:${PYTHON_VERSION}-${OS_RELEASE} +ARG CACHEBUST=0 RUN python3 -m venv /var/lib/openstack RUN /var/lib/openstack/bin/pip install --upgrade pip "setuptools>=80.9.0,<81" ENV PATH="/var/lib/openstack/bin:$PATH" \ diff --git a/ContainerFiles/shibd b/ContainerFiles/shibd index 91e564c..939aef2 100644 --- a/ContainerFiles/shibd +++ b/ContainerFiles/shibd @@ -3,7 +3,7 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ FROM debian:trixie-slim - +ARG CACHEBUST=0 LABEL maintainer="Rackspace" LABEL vendor="Rackspace OpenStack Team" LABEL org.opencontainers.image.name="shibd"