[PATCH 2/4][RESEND] Update to container images to Debian 13
4 views
Skip to first unread message
Felix Moessbauer
Oct 2, 2025, 4:43:48 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com
From: Jan Kiszka <jan.k...@siemens.com>
This brings newer compilers, relevant - or challenging - for yocto
builds, and otherwise just minor dependency adjustments.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
Dockerfile | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index e4ac8b4d4..716e0600d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
#
# kas - setup tool for bitbake based projects
#
-# Copyright (c) Siemens AG, 2017-2024
+# Copyright (c) Siemens AG, 2017-2025
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -21,14 +21,14 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
-ARG DEBIAN_TAG=bookworm-slim
+ARG DEBIAN_TAG=trixie-slim
FROM debian:${DEBIAN_TAG} AS kas-base
ARG SOURCE_DATE_EPOCH
ARG CACHE_SHARING=locked
-ARG DEBIAN_TAG=bookworm-slim
+ARG DEBIAN_TAG=trixie-slim
ENV DEBIAN_BASE_IMAGE_TAG=${DEBIAN_TAG}
ARG TARGETPLATFORM
@@ -106,7 +106,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=${CACHE_SHARING} \
apt-get update && \
apt-get install -y -f --no-install-recommends \
binfmt-support bzip2 mmdebstrap arch-test apt-utils dosfstools \
- dpkg-dev gettext-base git mtools parted python3 python3-distutils \
+ dpkg-dev gettext-base git mtools parted python3 \
quilt qemu-user-static reprepro sudo unzip git-buildpackage \
pristine-tar sbuild schroot zstd \
umoci skopeo \
@@ -138,8 +138,8 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=${CACHE_SHARING} \
apt-get install --no-install-recommends -y \
gawk wget git diffstat unzip texinfo \
gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
- xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \
- pylint xterm python3-subunit mesa-common-dev zstd liblz4-tool && \
+ xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1 libsdl1.2-dev \
+ pylint xterm python3-subunit mesa-common-dev zstd lz4 && \
if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
apt-get install --no-install-recommends -y gcc-multilib g++-multilib; \
fi && \
--
2.51.0
This brings newer compilers, relevant - or challenging - for yocto
builds, and otherwise just minor dependency adjustments.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
Dockerfile | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index e4ac8b4d4..716e0600d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
#
# kas - setup tool for bitbake based projects
#
-# Copyright (c) Siemens AG, 2017-2024
+# Copyright (c) Siemens AG, 2017-2025
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@@ -21,14 +21,14 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
-ARG DEBIAN_TAG=bookworm-slim
+ARG DEBIAN_TAG=trixie-slim
FROM debian:${DEBIAN_TAG} AS kas-base
ARG SOURCE_DATE_EPOCH
ARG CACHE_SHARING=locked
-ARG DEBIAN_TAG=bookworm-slim
+ARG DEBIAN_TAG=trixie-slim
ENV DEBIAN_BASE_IMAGE_TAG=${DEBIAN_TAG}
ARG TARGETPLATFORM
@@ -106,7 +106,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=${CACHE_SHARING} \
apt-get update && \
apt-get install -y -f --no-install-recommends \
binfmt-support bzip2 mmdebstrap arch-test apt-utils dosfstools \
- dpkg-dev gettext-base git mtools parted python3 python3-distutils \
+ dpkg-dev gettext-base git mtools parted python3 \
quilt qemu-user-static reprepro sudo unzip git-buildpackage \
pristine-tar sbuild schroot zstd \
umoci skopeo \
@@ -138,8 +138,8 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=${CACHE_SHARING} \
apt-get install --no-install-recommends -y \
gawk wget git diffstat unzip texinfo \
gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
- xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \
- pylint xterm python3-subunit mesa-common-dev zstd liblz4-tool && \
+ xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1 libsdl1.2-dev \
+ pylint xterm python3-subunit mesa-common-dev zstd lz4 && \
if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
apt-get install --no-install-recommends -y gcc-multilib g++-multilib; \
fi && \
--
2.51.0
Felix Moessbauer
Oct 2, 2025, 4:43:48 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
Changes since RFC:
- rebase onto next
- include commits this series depends on (p1, p2)
- change distro-version to distro-release, which now incorporates the
debian / ubuntu part as well (e.g. debian-bookworm).
- update environment variable description, which addresses Florians
comment as well.
Note: The container tags now look like this:
- :4.8 -> debian trixie container
- :4.8-debian-trixie -> debian trixie container
- :4.8-debian-bookworm -> debian-bookworm container
Best regards,
Felix
Felix Moessbauer (3):
Update isar example
ci: add support to build container for multiple distro versions
kas-container: allow to select specific image distribution
Jan Kiszka (1):
Update to container images to Debian 13
.github/actions/docker-init/action.yml | 19 ++++++++++++++++++-
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
Dockerfile | 12 ++++++------
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
examples/isar.yml | 7 ++++---
kas-container | 3 +++
9 files changed, 55 insertions(+), 18 deletions(-)
--
2.51.0
- rebase onto next
- include commits this series depends on (p1, p2)
- change distro-version to distro-release, which now incorporates the
debian / ubuntu part as well (e.g. debian-bookworm).
- update environment variable description, which addresses Florians
comment as well.
Note: The container tags now look like this:
- :4.8 -> debian trixie container
- :4.8-debian-trixie -> debian trixie container
- :4.8-debian-bookworm -> debian-bookworm container
Best regards,
Felix
Felix Moessbauer (3):
Update isar example
ci: add support to build container for multiple distro versions
kas-container: allow to select specific image distribution
Jan Kiszka (1):
Update to container images to Debian 13
.github/actions/docker-init/action.yml | 19 ++++++++++++++++++-
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
Dockerfile | 12 ++++++------
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
examples/isar.yml | 7 ++++---
kas-container | 3 +++
9 files changed, 55 insertions(+), 18 deletions(-)
--
2.51.0
Felix Moessbauer
Oct 2, 2025, 4:43:53 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
With the recent publishing of per-distro container builds (e.g.
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/command-line/environment-variables.inc | 6 ++++++
kas-container | 3 +++
2 files changed, 9 insertions(+)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 18003488c..79421cfec 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| |container-distro| (C) | Select the base distro of the container image |
+| | (e.g. ``debian-bookworm``). If not specified, the|
+| | default (most-recent supported) distro version |
+| | is used. |
++--------------------------+--------------------------------------------------+
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
diff --git a/kas-container b/kas-container
index 884bb75f1..560baac00 100755
--- a/kas-container
+++ b/kas-container
@@ -294,6 +294,9 @@ set_container_image_var()
KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+ if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+ KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+ fi
}
# SC2034: DIR appears unused (ignore, as they are used inside eval)
--
2.51.0
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/command-line/environment-variables.inc | 6 ++++++
kas-container | 3 +++
2 files changed, 9 insertions(+)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 18003488c..79421cfec 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| |container-distro| (C) | Select the base distro of the container image |
+| | (e.g. ``debian-bookworm``). If not specified, the|
+| | default (most-recent supported) distro version |
+| | is used. |
++--------------------------+--------------------------------------------------+
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
diff --git a/kas-container b/kas-container
index 884bb75f1..560baac00 100755
--- a/kas-container
+++ b/kas-container
@@ -294,6 +294,9 @@ set_container_image_var()
KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+ if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+ KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+ fi
}
# SC2034: DIR appears unused (ignore, as they are used inside eval)
--
2.51.0
Felix Moessbauer
Oct 2, 2025, 4:43:53 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
A more recent base image (Debian trixie) also brings more recent version
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
5 files changed, 36 insertions(+), 9 deletions(-)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d18..75eddb38c 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ distro-release:
+ required: false
runs:
using: composite
@@ -41,13 +43,28 @@ runs:
shell: bash
- name: Determine Debian tag
+ if: ${{ startsWith(inputs['distro-release'], 'debian-') }}
run: |
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.distro-release }}" ]; then
+ DISTRO_RELEASE="${{ inputs.distro-release }}"
+ DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
+ else
+ DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+ fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
+ echo "DISTRO_LATEST_RELEASE=debian-$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
+ shell: bash
+
+ - name: Determine generic tag
+ if: ${{ !startsWith(inputs['distro-release'], 'debian-') }}
+ run: |
+ echo "Non debian 'distro-release' values are currently not supported"
+ exit 1
shell: bash
- name: Prepare repository for COPY-in
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f950901d6..c604b6ddf 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -50,7 +51,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
+ tags: |
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && format('ghcr.io/{0}/{1}:latest', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index aac34a23e..d75afbd30 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -60,6 +60,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -69,6 +70,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
@@ -80,10 +82,10 @@ jobs:
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
outputs: type=docker,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.distro-release }}
- name: Test ${{ matrix.image-name }} image
env:
- KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.distro-release }}
KAS_CLONE_DEPTH: 1
run: |
cd image-tests/${{ matrix.image-name }}
@@ -118,7 +120,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: |
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && format('ghcr.io/{0}/{1}:next', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 736587d14..4583e2f55 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -28,6 +29,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ distro-release: ${{ matrix.distro-release }}
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
@@ -43,8 +45,9 @@ jobs:
provenance: false
outputs: type=registry,rewrite-timestamp=true
tags: |
- ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
- ${{ github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}-${{ matrix.distro-release }}
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && format('ghcr.io/{0}/{1}:{2}', github.repository, matrix.image-name, env.RELEASE_VERSION) || '' }}
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
index c36faf250..7e075002f 100644
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
- a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro>]`` in your CI script
+ that requests a container image as runtime environment.
Start build::
--
2.51.0
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
.github/actions/docker-init/action.yml | 19 ++++++++++++++++++-
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
docs/userguide/getting-started.rst | 4 ++--
.github/workflows/master.yml | 5 ++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
5 files changed, 36 insertions(+), 9 deletions(-)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d18..75eddb38c 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ distro-release:
+ required: false
runs:
using: composite
@@ -41,13 +43,28 @@ runs:
shell: bash
- name: Determine Debian tag
+ if: ${{ startsWith(inputs['distro-release'], 'debian-') }}
run: |
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.distro-release }}" ]; then
+ DISTRO_RELEASE="${{ inputs.distro-release }}"
+ DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
+ else
+ DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+ fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
+ echo "DISTRO_LATEST_RELEASE=debian-$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
+ shell: bash
+
+ - name: Determine generic tag
+ if: ${{ !startsWith(inputs['distro-release'], 'debian-') }}
+ run: |
+ echo "Non debian 'distro-release' values are currently not supported"
+ exit 1
shell: bash
- name: Prepare repository for COPY-in
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index f950901d6..c604b6ddf 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -50,7 +51,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
+ tags: |
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && format('ghcr.io/{0}/{1}:latest', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index aac34a23e..d75afbd30 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -60,6 +60,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -69,6 +70,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
@@ -80,10 +82,10 @@ jobs:
SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }}
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
outputs: type=docker,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.distro-release }}
- name: Test ${{ matrix.image-name }} image
env:
- KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ KAS_CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.distro-release }}
KAS_CLONE_DEPTH: 1
run: |
cd image-tests/${{ matrix.image-name }}
@@ -118,7 +120,9 @@ jobs:
DEBIAN_TAG=${{ env.DEBIAN_TAG }}
provenance: false
outputs: type=registry,rewrite-timestamp=true
- tags: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next
+ tags: |
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && format('ghcr.io/{0}/{1}:next', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:next-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 736587d14..4583e2f55 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -28,6 +29,7 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ distro-release: ${{ matrix.distro-release }}
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
@@ -43,8 +45,9 @@ jobs:
provenance: false
outputs: type=registry,rewrite-timestamp=true
tags: |
- ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
- ${{ github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
+ ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}-${{ matrix.distro-release }}
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && format('ghcr.io/{0}/{1}:{2}', github.repository, matrix.image-name, env.RELEASE_VERSION) || '' }}
+ ${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
index c36faf250..7e075002f 100644
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
- a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro>]`` in your CI script
+ that requests a container image as runtime environment.
Start build::
--
2.51.0
Jan Kiszka
Oct 2, 2025, 6:23:53 AMOct 2
to Felix Moessbauer, kas-...@googlegroups.com, florian...@siemens.com
On 02.10.25 10:43, Felix Moessbauer wrote:
> With the recent publishing of per-distro container builds (e.g.
> bookworm, trixie), we also allow the user to select the specific
> distro version. For that, we introduce the environment variable
> KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
> to the image tag. If unset, the most recent version is choosen (i.e.
> nothing is appended to the tag).
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
> ---
> docs/command-line/environment-variables.inc | 6 ++++++
> kas-container | 3 +++
> 2 files changed, 9 insertions(+)
>
> diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
> index 18003488c..79421cfec 100644
> --- a/docs/command-line/environment-variables.inc
> +++ b/docs/command-line/environment-variables.inc
> @@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
> | ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
> | | container (e.g. 4.5). |
> +--------------------------+--------------------------------------------------+
> +| |container-distro| (C) | Select the base distro of the container image |
It's more than the distro, it's the distro + its release.
> With the recent publishing of per-distro container builds (e.g.
> bookworm, trixie), we also allow the user to select the specific
> distro version. For that, we introduce the environment variable
> KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
> to the image tag. If unset, the most recent version is choosen (i.e.
> nothing is appended to the tag).
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
> ---
> docs/command-line/environment-variables.inc | 6 ++++++
> kas-container | 3 +++
> 2 files changed, 9 insertions(+)
>
> diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
> index 18003488c..79421cfec 100644
> --- a/docs/command-line/environment-variables.inc
> +++ b/docs/command-line/environment-variables.inc
> @@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
> | ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
> | | container (e.g. 4.5). |
> +--------------------------+--------------------------------------------------+
> +| |container-distro| (C) | Select the base distro of the container image |
> +| | (e.g. ``debian-bookworm``). If not specified, the|
> +| | default (most-recent supported) distro version |
> +| | is used. |
> ++--------------------------+--------------------------------------------------+
> | ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
> | (C) | including tag). |
> +--------------------------+--------------------------------------------------+
> @@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
> ``CI_SERVER_PROTOCOL``
> ``CI_SERVER_SHELL_SSH_HOST``
> ``CI_SERVER_SHELL_SSH_PORT``
> +.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
>
> .. only:: html
>
> diff --git a/kas-container b/kas-container
> index 884bb75f1..560baac00 100755
> --- a/kas-container
> +++ b/kas-container
> @@ -294,6 +294,9 @@ set_container_image_var()
> KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
> KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
> KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
> + if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
> + KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
> + fi
out, so that users already have place to adjust that when embedding the
script into a project that is not yet fine with the latest distro-release.
And we should mention that in the documentation.
Jan
> }
>
> # SC2034: DIR appears unused (ignore, as they are used inside eval)
--
Linux Expert Center
Jan Kiszka
Oct 2, 2025, 6:30:38 AMOct 2
to Felix Moessbauer, kas-...@googlegroups.com, florian...@siemens.com
On 02.10.25 10:43, Felix Moessbauer wrote:
But why is the run AFTER starting to use? Please move up.
to avoid post-release surprises...
> annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
> - name: Attest ${{ matrix.image-name }} image
> uses: actions/attest-build-provenance@v1
> diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
> index c36faf250..7e075002f 100644
> --- a/docs/userguide/getting-started.rst
> +++ b/docs/userguide/getting-started.rst
> @@ -30,8 +30,8 @@ There are (at least) three options for using kas:
> use it in place of the ``kas`` command.
> The script version corresponds to the kas tool and the kas image version.
> - Use the container image in CI. Specify
> - ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
> - a container image as runtime environment.
> + ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro>]`` in your CI script
> + that requests a container image as runtime environment.
>
> Start build::
>
MOESSBAUER, Felix
Oct 2, 2025, 8:45:28 AMOct 2
to Kiszka, Jan, kas-...@googlegroups.com, Bezdeka, Florian
distro-release starts with "debian-" (or not). Either the step
"Determine Debian tag" or "Determine generic tag" is executed.
In if / else, I prefer to have the positive case first, then the
negative.
Or do you mean something else?
Felix
>
> > + if: ${{ !startsWith(inputs['distro-release'], 'debian-') }}
> > + run: |
> > + echo "Non debian 'distro-release' values are currently not supported"
> > + exit 1
> > shell: bash
> >
> > - name: Prepare repository for COPY-in
> >
Siemens AG
Linux Expert Center
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany
Jan Kiszka
Oct 2, 2025, 8:55:54 AMOct 2
to Moessbauer, Felix (FT RPD CED OES-DE), kas-...@googlegroups.com, Bezdeka, Florian (FT RPD CED OES-DE)
Anyway, why make them conditional at all? Why not simply fail in the
step that evaluates the input? Would be much shorter.
BTW,
if: ${{ startsWith(inputs['distro-release'], 'debian-') }}
if [ -n "${{ inputs.distro-release }}" ]; then
Felix Moessbauer
Oct 2, 2025, 10:52:47 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
Changes since v1:
- rebased onto next
- ci
- check distro-version upfront instead of conditional tasks
- fix master workflow
- kas-container
- initialize the variable
- improve documentation in environment-variables, getting-started
- add precise docs to "Build in Container"
Note: The following workflows have been tested in CI:
- next: https://github.com/fmoessbauer/kas/actions/runs/18196595084
- master: https://github.com/fmoessbauer/kas/actions/runs/18196529691
- tag: https://github.com/fmoessbauer/kas/actions/runs/18196010388
Changes since RFC:
- rebase onto next
- include commits this series depends on (p1, p2)
- change distro-version to distro-release, which now incorporates the
debian / ubuntu part as well (e.g. debian-bookworm).
- update environment variable description, which addresses Florians
comment as well.
Note: The container tags now look like this:
- :4.8 -> debian trixie container
- :4.8-debian-trixie -> debian trixie container
- :4.8-debian-bookworm -> debian-bookworm container
Best regards,
Felix
Felix Moessbauer (2):
.github/workflows/master.yml | 6 +++++-
kas-container | 5 +++++
9 files changed, 62 insertions(+), 15 deletions(-)
--
2.51.0
- rebased onto next
- ci
- check distro-version upfront instead of conditional tasks
- fix master workflow
- kas-container
- initialize the variable
- improve documentation in environment-variables, getting-started
- add precise docs to "Build in Container"
Note: The following workflows have been tested in CI:
- next: https://github.com/fmoessbauer/kas/actions/runs/18196595084
- master: https://github.com/fmoessbauer/kas/actions/runs/18196529691
- tag: https://github.com/fmoessbauer/kas/actions/runs/18196010388
Changes since RFC:
- rebase onto next
- include commits this series depends on (p1, p2)
- change distro-version to distro-release, which now incorporates the
debian / ubuntu part as well (e.g. debian-bookworm).
- update environment variable description, which addresses Florians
comment as well.
Note: The container tags now look like this:
- :4.8 -> debian trixie container
- :4.8-debian-trixie -> debian trixie container
- :4.8-debian-bookworm -> debian-bookworm container
Best regards,
Felix
ci: add support to build container for multiple distro versions
kas-container: allow to select specific image distribution
Jan Kiszka (1):
Update to container images to Debian 13
.github/actions/docker-init/action.yml | 21 +++++++++++++++++++-
kas-container: allow to select specific image distribution
Jan Kiszka (1):
Update to container images to Debian 13
.github/workflows/master.yml | 6 +++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
Dockerfile | 12 +++++------
.github/workflows/release.yml | 7 +++++--
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
docs/userguide/kas-container-description.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
kas-container | 5 +++++
9 files changed, 62 insertions(+), 15 deletions(-)
--
2.51.0
Felix Moessbauer
Oct 2, 2025, 10:52:48 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
A more recent base image (Debian trixie) also brings more recent version
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/actions/docker-init/action.yml | 21 ++++++++++++++++++++-
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/workflows/master.yml | 6 +++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
docs/userguide/getting-started.rst | 4 ++--
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
5 files changed, 39 insertions(+), 9 deletions(-)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d18..04811849b 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ distro-release:
+ required: false
runs:
using: composite
@@ -40,14 +42,31 @@ runs:
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ distro-release:
+ required: false
runs:
using: composite
echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
shell: bash
+ - name: Validate distro-release argument
+ run: |
+ if [[ ! "${{ inputs.distro-release }}" == debian-* ]]; then
+ echo "Non debian 'distro-release' values are currently not supported"
+ exit 1
+ else
+ exit 1
+ echo "'distro-release' is a Debian"
+ fi
+ shell: bash
+
- name: Determine Debian tag
run: |
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.distro-release }}" ]; then
+ DISTRO_RELEASE="${{ inputs.distro-release }}"
+ DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
+ else
+ DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+ fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
+ echo "DISTRO_LATEST_RELEASE=debian-$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.distro-release }}" ]; then
+ DISTRO_RELEASE="${{ inputs.distro-release }}"
+ DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
+ else
+ DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
+ fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
+ echo "DISTRO_LATEST_RELEASE=debian-$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
shell: bash
- name: Prepare repository for COPY-in
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
- name: Prepare repository for COPY-in
index f950901d6..5db1d114c 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
@@ -37,6 +38,7 @@ jobs:
+++ b/.github/workflows/master.yml
@@ -17,6 +17,7 @@ jobs:
strategy:
matrix:
image-name: ["kas", "kas-isar"]
+ distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
uses: actions/checkout@v4
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
if: ${{ env.PUSH_MASTER == 'true' }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
@@ -50,7 +52,9 @@ jobs:
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
index c36faf250..5a21881c6 100644
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
- a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro-release>]`` in your CI script
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>]`` in your CI script that requests
- a container image as runtime environment.
+ that requests a container image as runtime environment.
Start build::
--
Start build::
2.51.0
Felix Moessbauer
Oct 2, 2025, 10:52:48 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com
Felix Moessbauer
Oct 2, 2025, 10:52:55 AMOct 2
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
With the recent publishing of per-distro container builds (e.g.
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
docs/userguide/kas-container-description.inc | 6 ++++++
kas-container | 5 +++++
4 files changed, 19 insertions(+), 2 deletions(-)
docs/userguide/getting-started.rst | 4 ++--
docs/userguide/kas-container-description.inc | 6 ++++++
kas-container | 5 +++++
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 18003488c..9cc6884a5 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| |container-distro| (C) | Select the base distro and its release of the |
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| | container image (e.g. ``debian-bookworm``). |
+| | If not specified, the default (most-recent |
+| | supported) distro version is used. |
++--------------------------+--------------------------------------------------+
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
diff --git a/docs/userguide/getting-started.rst b/docs/userguide/getting-started.rst
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
index 5a21881c6..9e9b38a59 100644
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro-release>]`` in your CI script
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- that requests a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro-release>]`` in your CI
+ script that requests a container image as runtime environment.
Start build::
diff --git a/docs/userguide/kas-container-description.inc b/docs/userguide/kas-container-description.inc
index 4499b19fa..7067cd3f0 100644
--- a/docs/userguide/kas-container-description.inc
+++ b/docs/userguide/kas-container-description.inc
@@ -17,6 +17,12 @@ from ``kas-container`` and the versions do not match, a warning is emitted. This
limitation might be lessened in the future, once a stable interface between
``kas-container`` and kas is introduced.
+From version ``5.0`` onward, kas offers images built on several base
+distributions. Select a distribution by setting the environment variable
+``KAS_CONTAINER_IMAGE_DISTRO`` to the desired value (e.g. ``debian-bookworm``
+or ``debian-trixie``). The corresponding image tags follow the pattern
+``:<version>-<base-distro>`` (e.g. ``:5.0-debian-bookworm``).
+
As container backends, Docker and
Podman are supported. To force the use of podman over docker, set
``KAS_CONTAINER_ENGINE=podman``. For details, see :ref:`env-vars-label`.
diff --git a/kas-container b/kas-container
index 884bb75f1..6eb29fbfe 100755
--- a/kas-container
+++ b/kas-container
@@ -29,6 +29,7 @@ set -e
KAS_CONTAINER_SCRIPT_VERSION="4.8.2"
KAS_IMAGE_VERSION_DEFAULT="${KAS_CONTAINER_SCRIPT_VERSION}"
+KAS_CONTAINER_IMAGE_DISTRO_DEFAULT=""
KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas"
KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas"
KAS_CONTAINER_SELF_NAME="$(basename "$0")"
@@ -290,10 +291,14 @@ trap kas_container_cleanup EXIT INT TERM
set_container_image_var()
{
KAS_IMAGE_VERSION="${KAS_IMAGE_VERSION:-${KAS_IMAGE_VERSION_DEFAULT}}"
+ KAS_CONTAINER_IMAGE_DISTRO="${KAS_CONTAINER_IMAGE_DISTRO:-${KAS_CONTAINER_IMAGE_DISTRO_DEFAULT}}"
KAS_CONTAINER_IMAGE_NAME="${KAS_CONTAINER_IMAGE_NAME:-${KAS_CONTAINER_IMAGE_NAME_DEFAULT}}"
KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+ if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+ KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+ fi
}
KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+ if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+ KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+ fi
}
# SC2034: DIR appears unused (ignore, as they are used inside eval)
--
2.51.0
--
Jan Kiszka
Oct 2, 2025, 11:01:28 AMOct 2
to Felix Moessbauer, kas-...@googlegroups.com, florian...@siemens.com
> + else
> + echo "'distro-release' is a Debian"
> + fi
> + shell: bash
> +
> - name: Determine Debian tag
> run: |
> COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
> - DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
> + DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
> + if [ -n "${{ inputs.distro-release }}" ]; then
> + DISTRO_RELEASE="${{ inputs.distro-release }}"
> + DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
boilerplate logic.
I'm not even sure anymore if we need the test at all, given that
"inputs" is fully under our own control, no?
Jan
Jan Kiszka
Oct 2, 2025, 11:04:33 AMOct 2
to Felix Moessbauer, kas-...@googlegroups.com, florian...@siemens.com
On 02.10.25 16:52, Felix Moessbauer wrote:
kas-container script if you copy this into your downstream layer already
for encoding the supported kas version."
Jan
MOESSBAUER, Felix
Oct 6, 2025, 10:07:56 AM (13 days ago) Oct 6
to Kiszka, Jan, kas-...@googlegroups.com, Bezdeka, Florian
>
> I'm not even sure anymore if we need the test at all, given that
> "inputs" is fully under our own control, no?
set it to e.g. ubuntu-jammy, which does not work. We want to give a
meaningful error message in this case instead of failing in colorful
ways.
I'll update it and send a v3.
Felix
Felix Moessbauer
Oct 6, 2025, 10:33:37 AM (13 days ago) Oct 6
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
A more recent base image (Debian trixie) also brings more recent version
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/actions/docker-init/action.yml | 15 ++++++++++++++-
of the host tools. According to our experience when switching to
bookworm, it takes some time for the downstream projects to adapt.
To bridge this gap, we build the kas container now for Debian
bookworm and debian trixie and tag the containers accordingly by
appending "-(trixie|bookworm)" to the image tags. The original tagging
scheme is kept and points to the trixie (resp. most recent distro)
version.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/workflows/master.yml | 6 +++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
docs/userguide/getting-started.rst | 4 ++--
5 files changed, 33 insertions(+), 9 deletions(-)
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
docs/userguide/getting-started.rst | 4 ++--
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index f174f0d18..3f6df3b7c 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ distro-release:
+ required: false
runs:
using: composite
@@ -42,12 +44,23 @@ runs:
+++ b/.github/actions/docker-init/action.yml
@@ -7,6 +7,8 @@ inputs:
required: true
image-name:
required: true
+ distro-release:
+ required: false
runs:
using: composite
- name: Determine Debian tag
run: |
+ if [[ ! "${{ inputs.distro-release }}" == debian-* ]]; then
+ echo "Non debian 'distro-release' values are currently not supported"
+ exit 1
+ fi
+ echo "Non debian 'distro-release' values are currently not supported"
+ exit 1
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.distro-release }}" ]; then
+ DISTRO_RELEASE="${{ inputs.distro-release }}"
+ DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
- DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
+ if [ -n "${{ inputs.distro-release }}" ]; then
+ DISTRO_RELEASE="${{ inputs.distro-release }}"
+ DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
Felix Moessbauer
Oct 6, 2025, 10:33:37 AM (13 days ago) Oct 6
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com
Felix Moessbauer
Oct 6, 2025, 10:33:37 AM (13 days ago) Oct 6
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
Changes since v2:
- ci: fold-in distro-release validation
- docs: add Jan's part about how to pin the distro-release in the
kas-container script
kas-container | 5 +++++
9 files changed, 59 insertions(+), 15 deletions(-)
--
2.51.0
- ci: fold-in distro-release validation
- docs: add Jan's part about how to pin the distro-release in the
kas-container script
.github/actions/docker-init/action.yml | 15 ++++++++++++++-
.github/workflows/master.yml | 6 +++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
Dockerfile | 12 ++++++------
.github/workflows/master.yml | 6 +++++-
.github/workflows/next.yml | 10 +++++++---
.github/workflows/release.yml | 7 +++++--
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
docs/userguide/kas-container-description.inc | 9 +++++++++
docs/userguide/getting-started.rst | 4 ++--
kas-container | 5 +++++
9 files changed, 59 insertions(+), 15 deletions(-)
--
2.51.0
Felix Moessbauer
Oct 6, 2025, 10:33:42 AM (13 days ago) Oct 6
to kas-...@googlegroups.com, jan.k...@siemens.com, florian...@siemens.com, Felix Moessbauer
With the recent publishing of per-distro container builds (e.g.
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
bookworm, trixie), we also allow the user to select the specific
distro version. For that, we introduce the environment variable
KAS_CONTAINER_IMAGE_DISTRO, which results in appending "-<distro>"
to the image tag. If unset, the most recent version is choosen (i.e.
nothing is appended to the tag).
docs/command-line/environment-variables.inc | 6 ++++++
docs/userguide/getting-started.rst | 4 ++--
docs/userguide/kas-container-description.inc | 9 +++++++++
kas-container | 5 +++++
4 files changed, 22 insertions(+), 2 deletions(-)
docs/userguide/getting-started.rst | 4 ++--
docs/userguide/kas-container-description.inc | 9 +++++++++
kas-container | 5 +++++
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 18003488c..9cc6884a5 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -193,6 +193,11 @@ overwritten using the ``env`` section of the config file.
| ``KAS_IMAGE_VERSION`` (C)| Select the version of the (official) kas |
| | container (e.g. 4.5). |
+--------------------------+--------------------------------------------------+
+| |container-distro| (C) | Select the base distro and its release of the |
+| | container image (e.g. ``debian-bookworm``). |
+| | If not specified, the default (most-recent |
+| | supported) distro version is used. |
++--------------------------+--------------------------------------------------+
| ``KAS_CONTAINER_IMAGE`` | Select the container image (full OCI path |
| (C) | including tag). |
+--------------------------+--------------------------------------------------+
@@ -221,6 +226,7 @@ overwritten using the ``env`` section of the config file.
``CI_SERVER_PROTOCOL``
``CI_SERVER_SHELL_SSH_HOST``
``CI_SERVER_SHELL_SSH_PORT``
+.. |container-distro| replace:: ``KAS_CONTAINER_IMAGE_DISTRO``
.. only:: html
index 5a21881c6..9e9b38a59 100644
--- a/docs/userguide/getting-started.rst
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro-release>]`` in your CI script
+++ b/docs/userguide/getting-started.rst
@@ -30,8 +30,8 @@ There are (at least) three options for using kas:
use it in place of the ``kas`` command.
The script version corresponds to the kas tool and the kas image version.
- Use the container image in CI. Specify
- that requests a container image as runtime environment.
+ ``ghcr.io/siemens/kas/kas[-isar][:<x.y>][-<distro-release>]`` in your CI
+ script that requests a container image as runtime environment.
Start build::
diff --git a/docs/userguide/kas-container-description.inc b/docs/userguide/kas-container-description.inc
index 4499b19fa..7f350138a 100644
--- a/docs/userguide/kas-container-description.inc
+++ b/docs/userguide/kas-container-description.inc
@@ -17,6 +17,15 @@ from ``kas-container`` and the versions do not match, a warning is emitted. This
limitation might be lessened in the future, once a stable interface between
``kas-container`` and kas is introduced.
+From version ``5.0`` onward, kas offers images built on several base
+distributions. Select a distribution by setting the environment variable
+``KAS_CONTAINER_IMAGE_DISTRO`` to the desired value (e.g. ``debian-bookworm``
+or ``debian-trixie``). The corresponding image tags follow the pattern
+``:<version>-<base-distro>`` (e.g. ``:5.0-debian-bookworm``).
+Alternatively, you can adjust ``KAS_CONTAINER_IMAGE_DISTRO_DEFAULT`` in the
``kas-container`` and kas is introduced.
+From version ``5.0`` onward, kas offers images built on several base
+distributions. Select a distribution by setting the environment variable
+``KAS_CONTAINER_IMAGE_DISTRO`` to the desired value (e.g. ``debian-bookworm``
+or ``debian-trixie``). The corresponding image tags follow the pattern
+``:<version>-<base-distro>`` (e.g. ``:5.0-debian-bookworm``).
+``kas-container`` script if you copy this into your downstream layer already
+for encoding the supported kas version.
+
Jan Kiszka
Oct 13, 2025, 7:18:36 AM (6 days ago) Oct 13
to Felix Moessbauer, kas-...@googlegroups.com, florian...@siemens.com
Jan
Reply all
Reply to author
Forward
0 new messages