Add ubi-base based on ubi10

[akurinnoy]

This PR introduces new ubi-base image based on ubi10. It adds GH workflows for production builds and for PR validations. Building UDI based on ubi10 is disabled so far.

This PR also enhances GH workflows to make them fork-friendly:

env:
  REGISTRY: ${{ vars.REGISTRY || 'quay.io/devfile' }}

One can set repository variable REGISTRY to their custom registry (e.g. quay.io/yourusername). Otherwise, the fallback registry (quay.io/devfile) will be used.

How to test

1. Create a DevWorkspace, it should start successfully:

   Devfile

   link: https://gist.github.com/akurinnoy/afccc6da6105a5c87911acb648bb88a9/raw/c83a1952c939ca51bd847d70a1f32158554f50e4/ubi10-base

   schemaVersion: 2.3.0
   metadata:
     name: ubi10-base
     generateName: ubi10-base-
   components:
     - name: tools
       container:
         args:
           - tail
           - '-f'
           - /dev/null
         image: quay.io/devfile/base-developer-image:ubi10-pr-237
         memoryLimit: 10G
         memoryRequest: 512Mi
         cpuRequest: 1000m
         cpuLimit: 5000m
         env:
           - name: KUBEDOCK_ENABLED
             value: 'true'

   DevWorkspace

   cat << EOF | oc apply -f -
   kind: DevWorkspace
   apiVersion: workspace.devfile.io/v1alpha2
   metadata:
     name: test-ubi10
   spec:
     started: true
     template:
       components:
         - name: tools
           container:
             image: 'quay.io/devfile/base-developer-image:ubi10-pr-237'
             memoryLimit: 10G
             memoryRequest: 512Mi
             cpuLimit: 5000m
             cpuRequest: 1000m
             args:
               - tail
               - '-f'
               - /dev/null
             env:
               - name: KUBEDOCK_ENABLED
                 value: 'true'
             sourceMapping: /projects
     contributions:
       - name: che-code
         uri: https://eclipse-che.github.io/che-plugin-registry/main/v3/plugins/che-incubator/che-code/latest/devfile.yaml
         components:
           - name: che-code-runtime-description
             container:
               env:
                 - name: CODE_HOST
                   value: 0.0.0.0
   EOF

2. Open Che Code and check if all the development tools are included, see https://github.com/devfile/developer-images/blob/86af50296b6c4187376feea5e22a9e993fbb00e5/README.md#included-development-tools

3. Check (thanks @dkwon17 ):

• persistent home storage
  • stow correctly runs on first start, and does not on subsequent starts
• podman build (podman build -t hello https://github.com/containers/PodmanHello.git)
  • overlay set up
• kubedock
  • podman run (podman run quay.io/dkwon17/test:1234)

How to get image size

1. Pull the image:

podman pull quay.io/devfile/base-developer-image:ubi10-pr-237

2. Get total size:

podman images quay.io/devfile/base-developer-image:ubi10-pr-237 --format "table {{.Repository}}:{{.Tag}}\t{{.Size}}"
# REPOSITORY:TAG                                     SIZE
# quay.io/devfile/base-developer-image:ubi10-pr-237  789 MB

3. Get compressed size:

podman save quay.io/devfile/base-developer-image:ubi10-pr-237 | gzip | wc -c | numfmt --to=iec
# 256M

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: akurinnoy

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

Pull Request UBI 10 images published ✨

Base Image: quay.io/devfile/base-developer-image:ubi10-pr-237

[github-actions]

Pull Request images published ✨

UDI: quay.io/devfile/universal-developer-image:pr-237

[rohanKanojia]

There appears to be duplication between ubi9/ and ubi10/. Would it make sense to factor out shared scripts (e.g. kubedock_setup.sh, podman-wrapper.sh) into a common location to reduce duplication and ease maintenance?

[akurinnoy]

I kept this duplication on purpose, so that after switching to ubi10, we can delete the ubi9/ directory.

@dkwon17 Is this approach correct?

[dkwon17]

Yes, eventually I'd imagine we will deprecate ubi9 sometime after fully adopting ubi10, just like we did for ubi8

[rohanKanojia]

Will this be updated with final values or any additional notes before merging the PR?

[akurinnoy]

updated

[svor]

As for me this info is redundant in README.md:

• It requires manual updates whenever we install or remove something, which is easy to forget.
• The value may differ across architectures.
• If anyone needs this detail, they can always find it on quay.io, where the image is published

[akurinnoy]

@dkwon17 can we remove the image size info?

[dkwon17]

In the base/ubi9 image, I noticed that the storage.conf file path /etc/containers/storage.conf

Is this location supposed to be different for UBI9 and UBI10?

[akurinnoy]

In ubi10 there is no /etc/containers/storage.conf so used the default distribution-provided configuration file, which is /usr/share/containers/storage.conf. Now I understand that the correct approach would have been to copy the default storage.conf to /etc/containers/.

I also noticed that the entrypoint.sh creates a new config that takes precedence over the system-wide ones:

developer-images/base/ubi10/entrypoint.sh

Lines 14 to 22 in 699a882

	# Configure container builds to use vfs or fuse-overlayfs
	if [ ! -d "${HOME}/.config/containers" ]; then
	mkdir -p ${HOME}/.config/containers
	if [ -c "/dev/fuse" ] && [ -f "/usr/bin/fuse-overlayfs" ]; then
	(echo '[storage]';echo 'driver = "overlay"';echo '[storage.options.overlay]';echo 'mount_program = "/usr/bin/fuse-overlayfs"') > ${HOME}/.config/containers/storage.conf
	else
	(echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf
	fi
	fi

It looks like this modifications to storage.conf in the Dockerfile are dead code.

[dkwon17]

Could we also incorporate the changes from #235 as well?

[akurinnoy]

I'm preparing a fixup for this.

[dkwon17]

Thank you @akurinnoy ,

What I've successfully tested so far:

• persistent home storage
  • stow correctly runs on first start, and does not on subsequent starts
• podman build (podman build -t hello https://github.com/containers/PodmanHello.git)
  • overlay set up
• kubedock
  • podman run (podman run quay.io/dkwon17/test:1234)

[github-actions]

Pull Request UBI 10 images published ✨

Base Image: quay.io/devfile/base-developer-image:ubi10-pr-237

[github-actions]

Pull Request images published ✨

UDI: quay.io/devfile/universal-developer-image:pr-237

[github-actions]

Pull Request UBI 10 images published ✨

Base Image: quay.io/devfile/base-developer-image:ubi10-pr-237

[github-actions]

Pull Request images published ✨

UDI: quay.io/devfile/universal-developer-image:pr-237

[rohanKanojia]

I tested the PR using devfile, and it seems to be working

• podman build -t hello https://github.com/containers/PodmanHello.git works
• podman run quay.io/dkwon17/test:1234 works
• Total Size: 803 MB
• Compressed Size: 275M

Installed Tools

Command	Version Info
bash	GNU bash, version 5.2.26(1)-release
bat	bat 0.18.3
buildah	buildah version 1.39.4
curl	curl 8.9.1
ps	procps-ng 4.0.4
diff	GNU diffutils 3.10
gh	gh version 2.73.0
git	git version 2.47.3
git-lfs	git-lfs/3.6.1
ip	iproute2-6.11.0
kubedock	kubedock 0.18.2
less	less 661
lsof	lsof 4.98.0
man	man 2.12.0
nano	GNU nano, version 8.1
netstat	net-tools 2.10-alpha
7z	7-Zip 24.09
rg	ripgrep 13.0.0
rsync	rsync version 3.4.1
scp	Part of OpenSSH_9.9p1, OpenSSL 3.2.2 4 Jun 2024
sed	GNU sed 4.9
shasum	6.04
socat	socat version 1.7.4.4
sudo	1.9.15
stow	GNU Stow 2.4.0
tail	tail (GNU coreutils) 9.5
tar	tar (GNU tar) 1.35
time	GNU Time 1.9
vim	VIM - Vi IMproved 9.1
wget	GNU Wget 1.24.5
zip	Zip 3.0 (July 5th 2008)