Thanks for bringing this up, Florian. I completely agree. On Mon, Jun 2, 2025, at 8:21 AM, Ralph Bean wrote: > I think you're interpreting the situation correctly. Upstream, we > documented a decision to build those artifacts from source in > https://konflux-ci.dev/architecture/ADR/0046-common-task-runner-image.html, > discussed https://github.com/konflux-ci/architecture/pull/217.
Thanks, good to see this. I find the current status quo of hermetic builds to be a bit painful in Konflux personally, and hopefully us forcing it on the task runners will lead to us improving some of the tooling there. > With that plan, you'd end up with a task runner image that is an > upstream Konflux binary. A straightforward rebuild of that upstream > task runner image on the Fedora cluster, so that you have your own > binary, is possible. Though hopefully not just in the cluster, but conveniently locally as well. So far AFAICS when going to Konflux-style hermetic builds it's basically cachi2 that ruins this (related to the above). > For example, we currently deploy on a Red Hat Openshift cluster (ROSA). > Rebuilding all of those openshift images is surely a step too far, no? I would say no, but it's not exactly about rebuilding, but about self-hosting. It's clearly useful for us to do *some* level of self-hosting inside our own infrastructure even in partial-production paths. This is a percentage scale, not a binary flag. If all we do with Fedora is spawn ephemeral testing VMs that are destroyed, that's probably not enough. If we try to run everything on Fedora, that's obviously too far. -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
