What

This MR updates the [python_version] from 3.12.7 to 3.12.8. It also strengthens the rebuild mechanism:

new builds are done if there are changes in [scripts/version.sh],
[CI.runtime] will always update the list of alpine packages.
- NB: this was already the case for some images further down the lane.

Why

If we modify any value in [scripts/version.sh], then most likely, you want the CI images to be updated as well.
Important to get the latest version of Alpine packages.

How

Update [python_version] in [scripts/version.sh].
Adds [scripts/version.sh] in [images/ci/inputs].
Adds RUN apk update instruction in [CI.runtime].

Manually testing the MR

Testing the [python_version] is updated to [3.12.8].

Relevant log line: https://gitlab.com/tezos/tezos/-/jobs/8653654689#L2013
Or pull the image and run python --version

% docker image pull us-central1-docker.pkg.dev/nl-gitlab-runner/registry/tezos/tezos/ci/test:amd64--bruno-update-docker
% docker run -it --rm --entrypoint /bin/sh us-central1-docker.pkg.dev/nl-gitlab-runner/registry/tezos/tezos/ci/test:amd64--bruno-update-docker
~ $ python --version
Python 3.12.8

Testing that rebuilds are done when [scripts/version.sh] is modified.

Compare logs of the different pipelines of this MR. More precisely,

In job https://gitlab.com/tezos/tezos/-/jobs/8652846844 corresponding to commit 1411c7cf all images already exist: https://gitlab.com/tezos/tezos/-/jobs/8652846844#L65

CI images at us-central1-docker.pkg.dev/nl-gitlab-runner/registry/tezos/tezos/ci with tag suffix 3b05b8595bc2393465495780721bf043cf963a3d already exists in the registry, do nothing.

In job https://gitlab.com/tezos/tezos/-/jobs/8653365791#L65 corresponding to commit 88fc2d4e

Build CI images with image_tag_suffix a23d38e2cfa2ca531bb85f5b6254c9d44ba2a50e

Testing that fresh packages are used

Compare the logs of the different [oc.docker:ci] jobs. The relevant lines are for the [runtime 4/7] step.
- in the latest [oc.docker:ci:amd64] job, you can see that [runtime 4/7] is not cached and that the list of packages is fetched. https://gitlab.com/tezos/tezos/-/jobs/8653654689#L122

#9 [runtime 4/7] RUN apk update  && apk add --no-cache     binutils     gcc     gmp     libgmpxx     hidapi     libc-dev     libev     libffi     curl     sudo     sqlite-libs     openssl-libs-static     sqlite-dev     postgresql-dev
#9 0.074 fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
#9 0.338 fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
#9 0.816 v3.20.3-414-g03b29bdd93a [https://dl-cdn.alpinelinux.org/alpine/v3.20/main]
#9 0.816 v3.20.3-415-g857e8a3bcad [https://dl-cdn.alpinelinux.org/alpine/v3.20/community]
#9 0.816 OK: 24171 distinct packages available
#9 0.934 fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
#9 1.085 fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
#9 1.432 (1/63) Upgrading libcrypto3 (3.3.2-r0 -> 3.3.2-r1)
#9 1.474 (2/63) Upgrading libssl3 (3.3.2-r0 -> 3.3.2-r1)
#9 1.493 (3/63) Installing libgcc (13.2.1_git20240309-r0)
[...]

in the run of the same job before adding [apk update] https://gitlab.com/tezos/tezos/-/jobs/8653365791#L106, the step [runtime 4/7] is cached and the packages are not re-installed, but instead an older image layer is reused.

#9 [runtime 4/7] RUN apk --no-cache add     binutils     gcc     gmp     libgmpxx     hidapi     libc-dev     libev     libffi     curl     sudo     sqlite-libs     openssl-libs-static     sqlite-dev     postgresql-dev
#9 pulling sha256:ed6126cad275882be273ee094b253fbc0cd1b3733b144d52ae60096ff68ce93f
#9 pulling sha256:cd24385265db59723dcac67131b002570318ad857711c5aae8cc57959012a575 0.1s done
#9 pulling sha256:da9db072f522755cbeb85be2b3f84059b70571b229512f1571d9217b77e1087f
#9 pulling sha256:562a4c1fb7ed47e72c33173bfdde6c04148eee7bf556bd8fa6b7757a10cd2526
#9 pulling sha256:da9db072f522755cbeb85be2b3f84059b70571b229512f1571d9217b77e1087f 0.3s done
#9 pulling sha256:ed6126cad275882be273ee094b253fbc0cd1b3733b144d52ae60096ff68ce93f 0.4s done
#9 pulling sha256:562a4c1fb7ed47e72c33173bfdde6c04148eee7bf556bd8fa6b7757a10cd2526 1.6s done
#9 CACHED

Checklist

Document the interface of any function added or modified (see the coding guidelines)
Document any change to the user interface, including configuration parameters (see node configuration)
Provide automatic testing (see the testing guide).
For new features and bug fixes, add an item in the appropriate changelog (docs/protocols/alpha.rst for the protocol and the environment, CHANGES.rst at the root of the repository for everything else).
Select suitable reviewers using the Reviewers field below.
Select as Assignee the next person who should take action on that MR

Edited Dec 16, 2024 by Bruno B

Images/CI: update [python_version] and strengthen the rebuild mechanism