# Container Images This directory contains all images used by tests. Note that all these images must be pushed to the testing project hosted on [Google Container Registry][gcr]. This will happen automatically as part of continuous integration. This will speed up loading as images will not need to be built from scratch for each test run. Image tooling is accessible via `make`, specifically via `tools/images.mk`. ## Why make? Make is used because it can bootstrap the `default` image, which contains `bazel` and all other parts of the toolchain. ## Listing images To list all images, use `make list-all-images` from the top-level directory. ## Loading and referencing images To build a specific image, use `make load-<image>` from the top-level directory. This will ensure that an image `gvisor.dev/images/<image>:latest` is available. Images should always be referred to via the `gvisor.dev/images` canonical path. This tag exists only locally, but serves to decouple tests from the underlying image infrastructure. The continuous integration system can either take fine-grained dependencies on single images via individual `load` targets, or pull all images via a single `load-all-images` invocation. ## Adding new images To add a new image, create a new directory under `images` containing a Dockerfile and any other files that the image requires. You may choose to add to an existing subdirectory if applicable, or create a new one. All images will be tagged and memoized using a hash of the directory contents. As a result, every image should be made completely reproducible if possible. This means using fixed tags and fixed versions whenever feasible. Notes that images should also be made architecture-independent if possible. The build scripts will handling loading the appropriate architecture onto the machine and tagging it with the single canonical tag. Add a `load-<image>` dependency in the Makefile if the image is required for a particular set of tests. This target will pull the tag from the image repository if available. ## Building and pushing images All images can be built manually by running `build-<image>` and pushed using `push-<image>`. Note that you can also use `build-all-images` and `push-all-images`. Note that pushing will require appropriate permissions in the project. The continuous integration system can either take fine-grained dependencies on individual `push` targets, or ensure all images are up-to-date with a single `push-all-images` invocation. ## Multi-Arch images By default, the image is built for host architecture. Cross-building can be achieved by specifying `ARCH` variable to make. For example: ``` $ make ARCH=aarch64 rebuild-default ```