Add platform validation for multi-arch manifests in Post_Build stage#2126
Add platform validation for multi-arch manifests in Post_Build stage#2126dagood wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds an optional platform-completeness validation step for multi-arch manifest list generation in ImageBuilder and wires it through AzDO Post_Build templates (plus docs) so builds can fail early if a manifest list tag would omit manifest-defined platforms.
Changes:
- Add manifest list platform validation APIs to
ManifestListHelperand expose a--validate-manifest-list-platformsCLI switch forcreateManifestList. - Update
CreateManifestListCommandto run validation (when enabled) before pushing/creating manifest lists. - Plumb a
validateManifestListPlatformsboolean parameter through AzDO templates and document the behavior in DEV-GUIDE/CHANGELOG.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/ImageBuilder/ManifestListHelper.cs | Adds platform validation logic and supporting types/helpers for manifest list generation. |
| src/ImageBuilder/Commands/CreateManifestListOptions.cs | Introduces --validate-manifest-list-platforms CLI option and binds it to options. |
| src/ImageBuilder/Commands/CreateManifestListCommand.cs | Executes platform validation (when enabled) before creating/pushing manifest lists. |
| src/ImageBuilder.Tests/ManifestListHelperTests.cs | Adds unit tests covering validation issues and successful validation. |
| src/ImageBuilder.Tests/CreateManifestListCommandTests.cs | Adds end-to-end command test verifying validation prevents partial manifest list creation. |
| eng/docker-tools/templates/stages/dotnet/build-test-publish-repo.yml | Adds validateManifestListPlatforms parameter pass-through for the repo pipeline template. |
| eng/docker-tools/templates/stages/dotnet/build-and-test.yml | Adds validateManifestListPlatforms parameter pass-through for dotnet build-and-test stage template. |
| eng/docker-tools/templates/stages/build-and-test.yml | Wires validateManifestListPlatforms into Post_Build stage invocation. |
| eng/docker-tools/templates/jobs/post-build.yml | Conditionally appends --validate-manifest-list-platforms to createManifestList args. |
| eng/docker-tools/DEV-GUIDE.md | Documents Post_Build creating manifests and the new validation toggle guidance. |
| eng/docker-tools/CHANGELOG.md | Adds changelog entry describing the new validation parameter and recommended usage. |
|
This is an implementation by Copilot for: The doc and test changes look reasonable to me, but I would need more time to understand everything happening in |
| Description = "Path to the image info file to read and update with manifest list digests" | ||
| }; | ||
|
|
||
| private static readonly Option<bool> ValidateManifestListPlatformsOption = new("--validate-manifest-list-platforms") |
There was a problem hiding this comment.
Why have an option at all? I would think this should just be the default, and only, behavior.
There was a problem hiding this comment.
I imagined that someone might want to be able to run a filtered dev build that produces a manifest tag that only includes the outputs from that specific build, to tinker with.
With harvesting existing images to put in the manifest, maybe someone could end up being confused about which of the images pointed to by the manifest came from the dev build vs. some other build?
For me/Go, it doesn't matter either way, just trying to imagine odd dev cases and keep this change low-impact so it can be merged ASAP. (We're holding off on automated builds until validation is in.)
I'll push another commit that makes it the only behavior to see how that looks.
Change
createManifestListto validate the list of platforms in the manifest list against the expectations inmanifest.json. More information in doc changes.