[RFC][PATCH 0/4] Build kas container for multiple distro versions
1 view
Skip to first unread message
Felix Moessbauer
Sep 17, 2025, 8:48:39 AM (9 days ago) Sep 17
to kas-...@googlegroups.com, Felix Moessbauer
As we plan to switch the kas container to a Debian trixie base, we might
want to continue providing containers based on Debian bookworm as well.
Once merged, these can be accessed by adding -<bookworm|trixie> to the
container tag.
@Jan: I tested the following release relevant aspects as well:
- push to next
- push to master
- create a tag
P1 and P2 are independent fixes needed when pushing the tags
in a non chronologic order.
Best regards,
Felix
Felix Moessbauer (4):
ci: tag builds must not tag containers with latest
ci: only tag container with newest tag with latest-release
ci: add support to build container for multiple distro versions
kas-container: allow to select specific image distribution
.github/actions/docker-init/action.yml | 10 +++++++++-
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 10 +++++++---
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
kas-container | 3 +++
7 files changed, 38 insertions(+), 10 deletions(-)
--
2.51.0
want to continue providing containers based on Debian bookworm as well.
Once merged, these can be accessed by adding -<bookworm|trixie> to the
container tag.
@Jan: I tested the following release relevant aspects as well:
- push to next
- push to master
- create a tag
P1 and P2 are independent fixes needed when pushing the tags
in a non chronologic order.
Best regards,
Felix
Felix Moessbauer (4):
ci: tag builds must not tag containers with latest
ci: only tag container with newest tag with latest-release
ci: add support to build container for multiple distro versions
kas-container: allow to select specific image distribution
.github/actions/docker-init/action.yml | 10 +++++++++-
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 10 +++++++---
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
kas-container | 3 +++
7 files changed, 38 insertions(+), 10 deletions(-)
--
2.51.0
Felix Moessbauer
Sep 17, 2025, 8:48:44 AM (9 days ago) Sep 17
to kas-...@googlegroups.com, Felix Moessbauer
A more recent base image (Debian trixie) also brings more recent version
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/userguide/getting-started.rst | 4 ++--
5 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d18..dbef3ff99 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ debian-release:
+ required: false
runs:
using: composite
@@ -43,11 +45,17 @@ runs:
- name: Determine Debian tag
run: |
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.debian-release }}" ]; then
+ DEBIAN_RELEASE="${{ inputs.debian-release }}"
+ else
+ DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+ fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
+ echo "DEBIAN_LATEST_RELEASE=$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
shell: bash
- name: Prepare repository for COPY-in
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f950901d6..8c5d4ca66 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ debian-release: ["bookworm", "trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -50,7 +51,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
+ tags: |
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('ghcr.io/{0}/{1}:latest', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.debian-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index aac34a23e..e553eb76c 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -60,6 +60,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ debian-release: ["bookworm", "trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -69,6 +70,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ debian-release: ${{ matrix.debian-release }}
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
@@ -80,10 +82,10 @@ jobs:
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
outputs: type=docker,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
- name: Test ${{ matrix.image-name }} image
env:
- KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
KAS_CLONE_DEPTH: 1
run: |
cd image-tests/${{ matrix.image-name }}
@@ -118,7 +120,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: |
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('ghcr.io/{0}/{1}:next', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 736587d14..027de4064 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ debian-release: ["bookworm", "trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -28,6 +29,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ debian-release: ${{ matrix.debian-release }}
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
@@ -43,8 +45,9 @@ jobs:
provenance: false
outputs: type=registry,rewrite-timestamp=true
tags: |
- ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
- ${{ github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}-${{ matrix.debian-release }}
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('ghcr.io/{0}/{1}:{2}', github.repository, matrix.image-name, env.RELEASE_VERSION) || '' }}
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
index c36faf250..7e075002f 100644
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
- a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro>]`` in your CI script
+ that requests a container image as runtime environment.
Start build::
--
2.51.0
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/actions/docker-init/action.yml | 10 +++++++++-
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
docs/userguide/getting-started.rst | 4 ++--
5 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d18..dbef3ff99 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ debian-release:
+ required: false
runs:
using: composite
@@ -43,11 +45,17 @@ runs:
- name: Determine Debian tag
run: |
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.debian-release }}" ]; then
+ DEBIAN_RELEASE="${{ inputs.debian-release }}"
+ else
+ DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+ fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
+ echo "DEBIAN_LATEST_RELEASE=$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
shell: bash
- name: Prepare repository for COPY-in
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f950901d6..8c5d4ca66 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ debian-release: ["bookworm", "trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -50,7 +51,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
+ tags: |
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('ghcr.io/{0}/{1}:latest', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.debian-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index aac34a23e..e553eb76c 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -60,6 +60,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ debian-release: ["bookworm", "trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -69,6 +70,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ debian-release: ${{ matrix.debian-release }}
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
@@ -80,10 +82,10 @@ jobs:
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
outputs: type=docker,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
- name: Test ${{ matrix.image-name }} image
env:
- KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
KAS_CLONE_DEPTH: 1
run: |
cd image-tests/${{ matrix.image-name }}
@@ -118,7 +120,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: |
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('ghcr.io/{0}/{1}:next', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.debian-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 736587d14..027de4064 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ debian-release: ["bookworm", "trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -28,6 +29,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ debian-release: ${{ matrix.debian-release }}
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
@@ -43,8 +45,9 @@ jobs:
provenance: false
outputs: type=registry,rewrite-timestamp=true
tags: |
- ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
- ${{ github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}-${{ matrix.debian-release }}
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && format('ghcr.io/{0}/{1}:{2}', github.repository, matrix.image-name, env.RELEASE_VERSION) || '' }}
+ ${{ matrix.debian-release == env.DEBIAN_LATEST_RELEASE && github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
index c36faf250..7e075002f 100644
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
- a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro>]`` in your CI script
+ that requests a container image as runtime environment.
Start build::
--
2.51.0
Felix Moessbauer
Sep 17, 2025, 8:48:45 AM (9 days ago) Sep 17
to kas-...@googlegroups.com, Felix Moessbauer
With the recent publishing of per-distro container builds (e.g.
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
docs/command-line/environment-variables.inc | 6 ++++++
kas-container | 3 +++
2 files changed, 9 insertions(+)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 18003488c..305258f7f 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| |container-distro| (C) | Select the base distro of the container image |
+| | (e.g. ``bookworm``). If not specified, the |
+| | default (most-recent supported) distro version |
+| | is used. |
++--------------------------+--------------------------------------------------+
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
diff --git a/kas-container b/kas-container
index 884bb75f1..560baac00 100755
--- a/kas-container
+++ b/kas-container
@@ -294,6 +294,9 @@ set_container_image_var()
KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+ if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+ KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+ fi
}
# SC2034: DIR appears unused (ignore, as they are used inside eval)
--
2.51.0
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
docs/command-line/environment-variables.inc | 6 ++++++
kas-container | 3 +++
2 files changed, 9 insertions(+)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 18003488c..305258f7f 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| |container-distro| (C) | Select the base distro of the container image |
+| | (e.g. ``bookworm``). If not specified, the |
+| | default (most-recent supported) distro version |
+| | is used. |
++--------------------------+--------------------------------------------------+
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
diff --git a/kas-container b/kas-container
index 884bb75f1..560baac00 100755
--- a/kas-container
+++ b/kas-container
@@ -294,6 +294,9 @@ set_container_image_var()
KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+ if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+ KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+ fi
}
# SC2034: DIR appears unused (ignore, as they are used inside eval)
--
2.51.0
Jan Kiszka
Sep 18, 2025, 1:15:37 AM (8 days ago) Sep 18
to Felix Moessbauer, kas-...@googlegroups.com
{next,latest}-<distro-release> tags, is it?
> annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
> - name: Attest ${{ matrix.image-name }} image
> uses: actions/attest-build-provenance@v1
> diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
> index c36faf250..7e075002f 100644
> --- a/docs/userguide/getting-started.rst
> +++ b/docs/userguide/getting-started.rst
> @@ -30,8 +30,8 @@ There are (at least) three options for using kas:
> use it in place of the ``kas`` command.
> The script version corresponds to the kas tool and the kas image version.
> - Use the container image in CI. Specify
> - ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
> - a container image as runtime environment.
> + ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro>]`` in your CI script
> + that requests a container image as runtime environment.
too vague and also not explained. It should be "distro-release" as it
both encodes the distribution and its major release. In theory, we could
use that to build containers based on different distros as well.
Jan
--
Siemens AG, Foundational Technologies
Linux Expert Center
Jan Kiszka
Sep 18, 2025, 1:16:52 AM (8 days ago) Sep 18
to Felix Moessbauer, kas-...@googlegroups.com
On 17.09.25 14:48, 'Felix Moessbauer' via kas-devel wrote:
the distro releases.
The problem of KAS_CONTAINER_IMAGE_DISTRO (besides being a rather long
name and still missing the important element "release") is that overlaps
with KAS_IMAGE_VERSION. If wanted to add a separate control for the
distro release, we would have to enforce that KAS_IMAGE_VERSION does not
contain the distro release. Or we simply leave full control over the
container version to KAS_IMAGE_VERSION.
Second, we need to explain the people that, if they follow the
well-established pattern to encode their kas version by embedding
kas-container into repos, they now also need to patch that script to
select an older distro release - if needed.
Florian Bezdeka
Sep 18, 2025, 3:13:37 AM (8 days ago) Sep 18
to Felix Moessbauer, kas-...@googlegroups.com
On Wed, 2025-09-17 at 14:48 +0200, 'Felix Moessbauer' via kas-devel
wrote:
To some degree KAS_CONTAINER_IMAGE_DISTRO might sound like that you
could switch from Debian (which is a distro) to something else like
Ubuntu.
It's more about the Debian release/version/codename, isn't it?
If so: A version is normally a number, so 12 or 13 in the future, while
the "codename" is bookworm or trixie. Maybe there is a good idea around
how the variable name could express the "expected value" better.
As the variable value translates into a OCI path: What happens if you
currently set "13" instead of "trixie"? Is the error message quite
clear?
> --
> You received this message because you are subscribed to the Google Groups "kas-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kas-devel+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/kas-devel/20250917124820.2098658-5-felix.moessbauer%40siemens.com.
wrote:
> With the recent publishing of per-distro container builds (e.g.
> bookworm, trixie), we also allow the user to select the specific
> distro version. For that, we introduce the environment variable
> KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
> to the image tag. If unset, the most recent version is choosen (i.e.
> nothing is appended to the tag).
Just a short note about naming:
> bookworm, trixie), we also allow the user to select the specific
> distro version. For that, we introduce the environment variable
> KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
> to the image tag. If unset, the most recent version is choosen (i.e.
> nothing is appended to the tag).
To some degree KAS_CONTAINER_IMAGE_DISTRO might sound like that you
could switch from Debian (which is a distro) to something else like
Ubuntu.
It's more about the Debian release/version/codename, isn't it?
If so: A version is normally a number, so 12 or 13 in the future, while
the "codename" is bookworm or trixie. Maybe there is a good idea around
how the variable name could express the "expected value" better.
As the variable value translates into a OCI path: What happens if you
currently set "13" instead of "trixie"? Is the error message quite
clear?
> You received this message because you are subscribed to the Google Groups "kas-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kas-devel+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/kas-devel/20250917124820.2098658-5-felix.moessbauer%40siemens.com.
Reply all
Reply to author
Forward
0 new messages