gitlab-build-images/README.md

# GitLab Build Images

This repository is used to build docker images that are used to build and test
various parts of GitLab:

1. Build Omnibus packages
1. Test GitLab-CE/EE project
1. Build gitlab-org/www-gitlab-com project

## Adding a new image

There are two methods to adding a new image:

1. Use a Dockerfile.
1. Use a custom image with versioned features.

### Use a Dockerfile

A bespoke image is one that uses it's own Dockerfile. In the interests of
avoiding repetition, it's better to use the custom docker build if possible.

Images from a custom Dockerfile are built from job definitions in [custom.images.yml](.gitlab/ci/custom.images.yml)

Assuming the image you want to add is called `new-image`:

1. Add a new build job:

   ```yml
   new-image:
     extends: .build_static_image
   ```

   **NOTE:** You can use `parallel:matrix` keyword to build images for multiple architectures:

   ```yml
   new-image:
     extends: .build_static_image
     parallel:
       matrix:
         - ARCH: [ 'arm64', 'amd64' ]
   ```

1. Add a Dockerfile: `Dockerfile.new-image`.

### Use a custom image with versioned features

To add a new image to the build, create a new images definition file like [`gitlab.images.yml`](.gitlab/ci/gitlab.images.yml).

With custom images, the components and versions define the resulting image name and tag.

Major components define image path. Base image is defined by `OS` component. Supported base images are:

1. `debian:$version`
1. `ubi:$version`

[Supported major](https://gitlab.com/gitlab-org/gitlab-build-images/-/blob/master/scripts/lib/custom-docker.sh#L4) components are:

1. `OS`
1. `RUBY`
1. `GOLANG`
1. `RUST`
1. `NODE`
1. `POSTGRES`

Minor components define tag name. [Supported minor](https://gitlab.com/gitlab-org/gitlab-build-images/-/blob/master/scripts/lib/custom-docker.sh#L5) components are:

1. `BUNDLER`
1. `RUBYGEMS`
1. `GIT`
1. `LFS`
1. `CHROME`
1. `YARN`
1. `GRAPHICSMAGICK`
1. `EXIFTOOL`
1. `BAZELISK`
1. `DOCKER`
1. `BUILDX`
1. `GCLOUD`
1. `KUBECTL`
1. `HELM`

The names are defined as `[feature]-[version]` pairs, separated by `-`.

Here are some example build names:

1. `debian-bullseye-ruby-2.7-golang-1.15:git-2.29`
1. `debian-bullseye-ruby-3.0.0-node-14.15:git-2.29-lfs-2.9-yarn-1.22-graphicsmagick-1.3.34`
1. `debian-bullseye-ruby-3.0.0-golang-1.14-postgresql-12:git-2.29-lfs-2.9-chrome-87-node-14.15-yarn-1.22-graphicsmagick-1.3.34`

#### Adding a new build

As an example, if you want to add new image for Ruby 3.0 with `git` 2.29 and `golang` 1.15 based on `debian` bullseye,
following job definition would have to be created:

```yml
new_image:
  extends:
    - .build_dynamic_image
  variables:
    OS: 'debian:bookworm'
    RUBY: '3.0.6'
    GOLANG: '1.15'
    RUST: '1.73.0'
    GIT: '2.29'
```

Note that tag name is limited to 128 characters so amount of `minor components` an image can have is limited by it.

#### Pushing a rebuilt image

You might need to run a manual job to build and push a rebuilt image after a merge request is merged.

## Note regarding Google Chrome

Google has a policy of yanking older versions of Google Chrome from their PPA
whenever a new major version is released. To help maintain consistent build
images, there is a CI step that saves the latest Google Chrome and Chromium .deb into an the
GitLab package registry. The install for Chrome will use registry to fetch corresponding packages.
Make sure a certain version is cached before updating it in build jobs.
See `scripts/cache-google-chrome` for more details.

## Note regarding Golang and FIPS

When adding support for a new major/minor Golang version, we also need to
ensure there's a matching [`golang-fips`](https://github.com/golang-fips/)
branch available, e.g. for Golang 1.21 there's https://github.com/golang-fips/go/tree/go1.21-fips-release.
The `golang-fips` branch creation process can take time and so it
[may be necessary to use the previous version](https://gitlab.com/gitlab-org/gitlab-build-images/-/merge_requests/771)
until it's available.

## Contributing

See [Contributing](CONTRIBUTING.md)