Merge pull request #5785 from cheesesashimi/zzlotnik/revert-pr-5313

NO-ISSUE: Revert "extract oc binary from base OS image after build"

Author: openshift-merge-bot[bot]

Dockerfile

@@ -34,8 +34,6 @@ RUN if [ "${TAGS}" = "fcos" ]; then \
     if ! rpm -q util-linux; then dnf install -y util-linux; fi && \
     # We also need to install fuse-overlayfs and cpp for Buildah to work correctly.
     if ! rpm -q buildah; then dnf install -y buildah fuse-overlayfs cpp --exclude container-selinux; fi && \
-    # Install the oc binary.
-    if ! rpm -q openshift-clients; then dnf install -y openshift-clients; fi && \
     # Create the build user which will be used for doing OS image builds. We
     # use the username "build" and the uid 1000 since this matches what is in
     # the official Buildah image.

Dockerfile.rhel7

@@ -35,8 +35,6 @@ RUN if [ "${TAGS}" = "fcos" ]; then \
     if ! rpm -q util-linux; then dnf install -y util-linux; fi && \
     # We also need to install fuse-overlayfs and cpp for Buildah to work correctly.
     if ! rpm -q buildah; then dnf install -y buildah fuse-overlayfs cpp --exclude container-selinux; fi && \
-    # Install the oc binary.
-    if ! rpm -q openshift-clients; then dnf install -y openshift-clients; fi && \
     # Create the build user which will be used for doing OS image builds. We
     # use the username "build" and the uid 1000 since this matches what is in
     # the official Buildah image.

pkg/controller/build/buildrequest/assets/buildah-build.sh

@@ -98,16 +98,4 @@ buildah push \
 	--authfile="$FINAL_IMAGE_PUSH_CREDS" \
 	--digestfile="/tmp/done/digestfile" \
 	--cert-dir /var/run/secrets/kubernetes.io/serviceaccount "$TAG"
-
-# If the oc command is not present, then we must extract it from the base OS
-# image which we've already pulled to do the build.
-if ! command -v "oc" &> /dev/null; then
-    # Extract the oc binary from the base OS image and place it into the
-    # /tmp/done path.
-    container="$(buildah from --authfile="$BASE_IMAGE_PULL_CREDS" "$BASE_OS_IMAGE_PULLSPEC")"
-    buildah unshare /bin/bash -c 'cp "$(buildah mount "$container")/usr/bin/oc" "/tmp/done/oc"; buildah umount "$container"'
-    buildah rm "$container"
-    echo "Extracted oc command from $BASE_OS_IMAGE_PULLSPEC"
-fi
-
 EOF

pkg/controller/build/buildrequest/assets/create-digest-cm.sh

@@ -6,20 +6,7 @@
 
 set -xeuo
 
-# Check if the oc command is available.
-if command -v "oc" &> /dev/null; then
-    echo "Using built-in oc command"
-else
-    # If the oc command is not available, check under /tmp/done/oc.
-    if [[ -x /tmp/done/oc ]]; then
-        # Add this to our PATH if found.
-        export PATH="$PATH:/tmp/done"
-    else
-        # If it cannot be found, return a non-zero exit code.
-        echo "oc command not found"
-        exit 1
-    fi
-fi
+# Inject the contents of the digestfile into a ConfigMap.
 
 # Create and label the digestfile ConfigMap
 if ! oc create configmap \

pkg/controller/build/buildrequest/buildrequest.go

@@ -451,10 +451,6 @@ func (br buildRequestImpl) toBuildahPod() *corev1.Pod {
 			Name:  "NO_PROXY",
 			Value: noProxy,
 		},
-		{
-			Name:  "BASE_OS_IMAGE_PULLSPEC",
-			Value: br.opts.OSImageURLConfig.BaseOSContainerImage,
-		},
 	}
 
 	securityContext := &corev1.SecurityContext{}
@@ -564,6 +560,7 @@ func (br buildRequestImpl) toBuildahPod() *corev1.Pod {
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
 					SecretName: br.getBasePullSecretName(),
+					// SecretName: br.opts.MachineOSConfig.Spec.BuildInputs.BaseImagePullSecret.Name,
 					Items: []corev1.KeyToPath{
 						{
 							Key:  corev1.DockerConfigJsonKey,
@@ -578,6 +575,7 @@ func (br buildRequestImpl) toBuildahPod() *corev1.Pod {
 			Name: "final-image-push-creds",
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
+					// SecretName: br.opts.MachineOSConfig.Spec.BuildInputs.RenderedImagePushSecret.Name,
 					SecretName: br.getFinalPushSecretName(),
 					Items: []corev1.KeyToPath{
 						{
@@ -589,11 +587,14 @@ func (br buildRequestImpl) toBuildahPod() *corev1.Pod {
 			},
 		},
 		{
-			// Provides a way for the "image-build" container to pass the digested
-			// pullspec and oc binary to the "create-digest-configmap" container.
+			// Provides a way for the "image-build" container to signal that it
+			// finished so that the "wait-for-done" container can retrieve the
+			// iamge SHA.
 			Name: "done",
 			VolumeSource: corev1.VolumeSource{
-				EmptyDir: &corev1.EmptyDirVolumeSource{},
+				EmptyDir: &corev1.EmptyDirVolumeSource{
+					Medium: corev1.StorageMediumMemory,
+				},
 			},
 		},
 		{
@@ -670,7 +671,7 @@ func (br buildRequestImpl) toBuildahPod() *corev1.Pod {
 					// us to avoid parsing log files.
 					Name:            "create-digest-configmap",
 					Command:         append(command, digestCMScript),
-					Image:           br.opts.Images.MachineConfigOperator,
+					Image:           br.opts.OSImageURLConfig.BaseOSContainerImage,
 					Env:             env,
 					ImagePullPolicy: corev1.PullAlways,
 					SecurityContext: securityContext,

pkg/controller/build/buildrequest/buildrequest_test.go

@@ -211,8 +211,6 @@ func assertSecretInCorrectFormat(t *testing.T, secret *corev1.Secret) {
 }
 
 func assertBuildJobIsCorrect(t *testing.T, buildJob *batchv1.Job, opts BuildRequestOpts) {
-	t.Helper()
-
 	etcRpmGpgKeysOpts := optsForEtcRpmGpgKeys()
 	assertBuildJobMatchesExpectations(t, opts.HasEtcPkiRpmGpgKeys, buildJob,
 		etcRpmGpgKeysOpts.envVar(),
@@ -235,7 +233,12 @@ func assertBuildJobIsCorrect(t *testing.T, buildJob *batchv1.Job, opts BuildRequ
 	)
 
 	assert.Equal(t, buildJob.Spec.Template.Spec.InitContainers[0].Image, mcoImagePullspec)
-	assert.Equal(t, buildJob.Spec.Template.Spec.Containers[0].Image, mcoImagePullspec)
+	expectedPullspecs := []string{
+		"base-os-image-from-machineosconfig",
+		fixtures.OSImageURLConfig().BaseOSContainerImage,
+	}
+
+	assert.Contains(t, expectedPullspecs, buildJob.Spec.Template.Spec.Containers[0].Image)
 
 	assertPodHasVolume(t, buildJob.Spec.Template.Spec, corev1.Volume{
 		Name: "final-image-push-creds",