Problem Description
The recent introduction of the containerd layer store in Depot-hosted runners exposed gaps in our understanding and configuration of Docker’s build process. The feature is working as designed, but it conflicts with our existing workflow when handling multi-architecture builds and provenance data.
Specifically:
- Single-architecture images inadvertently include manifest lists with an unexpected "unknown" platform due to Docker's default build provenance metadata.
- The legacy Docker layer store previously stripped this metadata, but the
containerd store natively supports manifest lists and does not modify the image format.
- Modifying our scripts is necessary to fully support the
containerd layer store while retaining provenance data and enabling multi-architecture builds.
Desired Solution
-
Update build_docker.sh to Use docker buildx:
- Incorporate
docker buildx build to handle multi-platform builds efficiently.
- Ensure proper handling of provenance metadata and manifest merging when creating multi-arch images.
-
Integrate depot build as an Optional Workflow:
- Add a flag to toggle between
docker buildx and depot build for CI environments.
- Use
depot build for efficient multi-arch builds where possible, falling back to docker buildx for broader compatibility.
-
Enhance CI Workflow:
- Default to
docker buildx for local and dev workflows to avoid additional dependencies.
- Enable
depot build only in CI and set it up dynamically using a GitHub Action.
-
Optimize for Single-Arch Builds:
- Modify the script to build single-architecture images efficiently (e.g., during dogfood development) while keeping multi-arch workflows intact in CI.
Next Steps
- Update
scripts/build_docker.sh to support both docker buildx for local dev and depot build for ci.
- Test single-architecture and multi-architecture builds using both approaches to ensure functionality with the
containerd layer store.
References
This issue will help us fully leverage the containerd layer store's benefits while maintaining compatibility and development flexibility.
Problem Description
The recent introduction of the
containerdlayer store in Depot-hosted runners exposed gaps in our understanding and configuration of Docker’s build process. The feature is working as designed, but it conflicts with our existing workflow when handling multi-architecture builds and provenance data.Specifically:
containerdstore natively supports manifest lists and does not modify the image format.containerdlayer store while retaining provenance data and enabling multi-architecture builds.Desired Solution
Update
build_docker.shto Usedocker buildx:docker buildx buildto handle multi-platform builds efficiently.Integrate
depot buildas an Optional Workflow:docker buildxanddepot buildfor CI environments.depot buildfor efficient multi-arch builds where possible, falling back todocker buildxfor broader compatibility.Enhance CI Workflow:
docker buildxfor local and dev workflows to avoid additional dependencies.depot buildonly in CI and set it up dynamically using a GitHub Action.Optimize for Single-Arch Builds:
Next Steps
scripts/build_docker.shto support bothdocker buildxfor local dev anddepot buildfor ci.containerdlayer store.References
containerdimage storeThis issue will help us fully leverage the
containerdlayer store's benefits while maintaining compatibility and development flexibility.