Page MenuHomePhabricator
Create Task
Maniphest T352389

[tbs][builder] Explore adding support for third-party buildpacks
Closed, ResolvedPublic
Actions

Description

My current understanding is that tools that implement this functionality do so by dynamically creating a builder by reading the config in builder.toml, then modifying the buildpacks it includes, and specifying the order in which the buildpacks should be used for detection.

E.g. pack does this here: https://github.com/buildpacks/pack/blob/main/pkg/client/create_builder.go

This also enables multi-buildpack builds without the hack of injecting additional buildpacks after the detect phase.

Heroku likely has it's own custom implementation of this, while Tekton (afaik) doesn't have any native support for modifying the base builder.

Related Objects

Event Timeline

Slst2020 created this task.Nov 30 2023, 10:09 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 30 2023, 10:09 AM
Slst2020 updated the task description. (Show Details)Nov 30 2023, 10:11 AM
dcaro subscribed.Dec 5 2023, 9:59 AM

I think that is only to create the builder separatedly, to do that on the fly the spec uses the project.toml file:
https://github.com/buildpacks/spec/blob/main/extensions/project-descriptor.md#iobuildpacks-optional
https://buildpacks.io/docs/app-developer-guide/using-project-descriptor/

That is done here: https://github.com/buildpacks/pack/blob/main/pkg/client/build.go#L456C29-L456C51
For which it has downloaded the custom buildpacks if needed here: https://github.com/buildpacks/pack/blob/main/pkg/client/build.go#L368

Essentially it downloads the builder, and injects the new buildpacks on the fly.

There's a pull request to add a prepare step to the lifecycle, that would do that (https://github.com/buildpacks/rfcs/pull/238) but I did not have the time to see it through.

I think heroku has their own implementation that is managed by the heroku buildpack:set and such commands (and the UI), and predates those specs.

I would ask though if the question is if we want to allow users pulling any third-party buildpack or not (as discussed in T330102: Decision request - What buildpacks to allow and include for toolforge build service beta).

If that's part of the task, we should have a think at that policy.
If not, then we have to keep in mind that we want to have an allowlist or similar for the allowed buildpacks.
In any case, we can improve the way we do that today :)

This also enables multi-buildpack builds without the hack of injecting additional buildpacks after the detect phase.

I'm not sure what do you have in mind, but it seems to me that we still will need to do some hackish stuff to parse the porject.toml, and inject the buildpacks to the builder somehow in-between the lifecycle steps (similar to what we do now). Can you elaborate?

dcaro mentioned this in T352774: [builds-builder] Investigate how to enable mono/dotnet/c# and implement the best one to unblock us to migrate tools.Dec 5 2023, 2:51 PM
taavi added a project: Toolforge Build Service.Jan 9 2024, 2:26 PM
dcaro edited projects, added Toolforge (Toolforge iteration 03); removed Toolforge (Toolforge iteration 02).Jan 9 2024, 3:29 PM
dcaro removed a project: Toolforge (Toolforge iteration 03).Jan 10 2024, 11:43 AM
dcaro closed this task as Resolved.Mar 5 2024, 10:40 AM
dcaro claimed this task.

I think we can close this for now as we are not probably be working on it for the next FY, and reopen if it becomes urgent or when we have time to work on it.
ps. I don't like the declined status xd

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL