What

This MR activates the use of versioned base images across all CI pipelines by updating the CI configuration to reference explicit version tags (e.g., debian:trixie-1.0 instead of debian:trixie).

Why

This is the follow-up to !20047 (merged), which added static version numbers to base image definitions. That MR established the VERSION variable infrastructure but intentionally did not activate it. This MR completes the implementation by:

Updating the image construction logic in ci/lib_tezos_ci/tezos_ci.ml to include the version in image paths
Modifying all pipeline configurations to use the versioned image tags

This addresses the pull policy issue where runners using if-not-present would not update images even when their SHA256 changed, as explained in !20047 (merged).

How

The implementation includes:

OCaml CI library changes:
- Modified make_img function in ci/lib_tezos_ci/tezos_ci.ml to use the version parameter (was previously ignored as _version)
- Updated debian_repository.ml and rpm_repository.ml to construct versioned BASE_IMAGE paths with version 1.0
Pipeline configuration updates (25 files total):
- All pipeline YAML files now reference versioned base images (e.g., $DISTRIBUTION:$RELEASE-1.0)
- Affects daily, release tag, merge train, and partial repository pipelines
- Covers Debian, Ubuntu, Fedora, Rocky Linux, Rust, and Homebrew base images

This change ensures that when base images are updated following the workflow established in !20047 (merged), the version number will be incremented, forcing runners to pull the new images.

Manually testing the MR

Verify that all CI jobs using base images complete successfully
Check that jobs correctly reference versioned images (e.g., debian:trixie-1.0)

for example:

Note: The base images with version 1.0 tags is available in the GCP protected registry (built via !20047 (merged)'s versioning infrastructure).

Edited Dec 17, 2025 by pietro

base image: use versioned base images

What

Why

How

Manually testing the MR

Merge request reports