From b68ceb753f21731aea262dcc51c443f7a3137cae Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Wed, 26 Feb 2025 09:23:24 -0500
Subject: [PATCH 1/8] complement.sh: don't use remote base synapse image

Ensure that the synapse-workers & complement-synapse images are built
from the local base synapse image that was just built, instead of from
the latest synapse image pulled from a public registry.
---
 scripts-dev/complement.sh | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index 6be9177f11..c0c435eddd 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -181,24 +181,40 @@ if [ -z "$skip_docker_build" ]; then
 
         # Build the base Synapse image from the local checkout
         echo_if_github "::group::Build Docker image: matrixdotorg/synapse"
-        $CONTAINER_RUNTIME build -t matrixdotorg/synapse \
-        --build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
-        --build-arg TEST_ONLY_IGNORE_POETRY_LOCKFILE \
-        -f "docker/Dockerfile" .
+
+        # Tag local builds with a dummy registry so that later builds
+        # may reference them instead of pulling from a remote registry
+        LOCAL_REGISTRY=localhost:5000
+
+        SYNAPSE_TAG=matrixdotorg/synapse
+        $CONTAINER_RUNTIME build \
+            -t "$SYNAPSE_TAG" \
+            -t "$LOCAL_REGISTRY/$SYNAPSE_TAG" \
+            --build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
+            --build-arg TEST_ONLY_IGNORE_POETRY_LOCKFILE \
+            -f "docker/Dockerfile" .
         echo_if_github "::endgroup::"
 
         # Build the workers docker image (from the base Synapse image we just built).
+        SYNAPSE_WORKERS_TAG=matrixdotorg/synapse-workers
         echo_if_github "::group::Build Docker image: matrixdotorg/synapse-workers"
-        $CONTAINER_RUNTIME build -t matrixdotorg/synapse-workers -f "docker/Dockerfile-workers" .
+        $CONTAINER_RUNTIME build \
+            -t "$SYNAPSE_WORKERS_TAG" \
+            -t "$LOCAL_REGISTRY/$SYNAPSE_WORKERS_TAG" \
+            --build-arg FROM="$LOCAL_REGISTRY/$SYNAPSE_TAG" \
+            -f "docker/Dockerfile-workers" .
         echo_if_github "::endgroup::"
 
         # Build the unified Complement image (from the worker Synapse image we just built).
+        COMPLEMENT_SYNAPSE_TAG=complement-synapse
         echo_if_github "::group::Build Docker image: complement/Dockerfile"
-        $CONTAINER_RUNTIME build -t complement-synapse \
+        $CONTAINER_RUNTIME build \
+            -t "$COMPLEMENT_SYNAPSE_TAG" \
             `# This is the tag we end up pushing to the registry (see` \
             `# .github/workflows/push_complement_image.yml) so let's just label it now` \
             `# so people can reference it by the same name locally.` \
-            -t ghcr.io/element-hq/synapse/complement-synapse \
+            -t "ghcr.io/element-hq/synapse/$COMPLEMENT_SYNAPSE_TAG" \
+            --build-arg FROM="$LOCAL_REGISTRY/$SYNAPSE_WORKERS_TAG" \
             -f "docker/complement/Dockerfile" "docker/complement"
         echo_if_github "::endgroup::"
 

From 9e0490ec001a13d812f578e7aecdd10da7063481 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Mon, 3 Mar 2025 16:12:23 -0500
Subject: [PATCH 2/8] Remove local tags for unpushed images

as there is no risk of pulling these from a public registry
---
 scripts-dev/complement.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index c0c435eddd..2d063ca87c 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -200,7 +200,6 @@ if [ -z "$skip_docker_build" ]; then
         echo_if_github "::group::Build Docker image: matrixdotorg/synapse-workers"
         $CONTAINER_RUNTIME build \
             -t "$SYNAPSE_WORKERS_TAG" \
-            -t "$LOCAL_REGISTRY/$SYNAPSE_WORKERS_TAG" \
             --build-arg FROM="$LOCAL_REGISTRY/$SYNAPSE_TAG" \
             -f "docker/Dockerfile-workers" .
         echo_if_github "::endgroup::"
@@ -214,7 +213,6 @@ if [ -z "$skip_docker_build" ]; then
             `# .github/workflows/push_complement_image.yml) so let's just label it now` \
             `# so people can reference it by the same name locally.` \
             -t "ghcr.io/element-hq/synapse/$COMPLEMENT_SYNAPSE_TAG" \
-            --build-arg FROM="$LOCAL_REGISTRY/$SYNAPSE_WORKERS_TAG" \
             -f "docker/complement/Dockerfile" "docker/complement"
         echo_if_github "::endgroup::"
 

From 215d94a26c0544468ac596391b520d31ef59d279 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Tue, 4 Mar 2025 10:35:20 -0500
Subject: [PATCH 3/8] Document how to use local images as base

---
 docker/README-testing.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docker/README-testing.md b/docker/README-testing.md
index db88598b8c..c6ff3e0ac6 100644
--- a/docker/README-testing.md
+++ b/docker/README-testing.md
@@ -31,14 +31,16 @@ release of Synapse, instead of your current checkout, you can skip this step. Fr
 root of the repository:
 
 ```sh
-docker build -t matrixdotorg/synapse -f docker/Dockerfile .
+docker build -t matrixdotorg/synapse:testing -f docker/Dockerfile .
 ```
 
 Next, build the workerised Synapse docker image, which is a layer over the base
-image.
+image. To test with your local checkout, pass the tag of the Synapse docker image
+built in the previous step as a build argument. Otherwise, the build will pull the
+image of the latest Synapse release and use that as the base of the workers image.
 
 ```sh
-docker build -t matrixdotorg/synapse-workers -f docker/Dockerfile-workers .
+docker build -t matrixdotorg/synapse-workers --build-arg FROM=matrixdotorg/synapse:testing -f docker/Dockerfile-workers .
 ```
 
 Finally, build the multi-purpose image for Complement, which is a layer over the workers image.

From 6541da872ee9efee19d1abe2e8fd65a00e63435a Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Tue, 4 Mar 2025 10:45:31 -0500
Subject: [PATCH 4/8] Add changelog

---
 changelog.d/18210.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/18210.misc

diff --git a/changelog.d/18210.misc b/changelog.d/18210.misc
new file mode 100644
index 0000000000..55ecb2d6be
--- /dev/null
+++ b/changelog.d/18210.misc
@@ -0,0 +1 @@
+In scripts-dev/complement.sh, ensure that the synapse-workers & complement-synapse images are built from the local base synapse image that was just built, instead of from the latest synapse image pulled from a public registry.

From 4c03b3b059110d457793e0d54843fb00fe644050 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Tue, 4 Mar 2025 11:36:33 -0500
Subject: [PATCH 5/8] Refer to docker image "names", not "tags"

because the tag is really just the part of a name after the colon
---
 docker/README-testing.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/README-testing.md b/docker/README-testing.md
index c6ff3e0ac6..f03b71a8f9 100644
--- a/docker/README-testing.md
+++ b/docker/README-testing.md
@@ -35,7 +35,7 @@ docker build -t matrixdotorg/synapse:testing -f docker/Dockerfile .
 ```
 
 Next, build the workerised Synapse docker image, which is a layer over the base
-image. To test with your local checkout, pass the tag of the Synapse docker image
+image. To test with your local checkout, pass the name of the Synapse docker image
 built in the previous step as a build argument. Otherwise, the build will pull the
 image of the latest Synapse release and use that as the base of the workers image.
 
@@ -49,7 +49,7 @@ Finally, build the multi-purpose image for Complement, which is a layer over the
 docker build -t complement-synapse -f docker/complement/Dockerfile docker/complement
 ```
 
-This will build an image with the tag `complement-synapse`, which can be handed to
+This will build an image with the name `complement-synapse`, which can be handed to
 Complement for testing via the `COMPLEMENT_BASE_IMAGE` environment variable. Refer to
 [Complement's documentation](https://github.com/matrix-org/complement/#running) for
 how to run the tests, as well as the various available command line flags.

From ee08a4a53048c3dc338bb9283848fbdbf77da197 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Tue, 4 Mar 2025 11:37:33 -0500
Subject: [PATCH 6/8] Show full name of built complement-synapse image

A tag of "latest" is included by default
---
 docker/README-testing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/README-testing.md b/docker/README-testing.md
index f03b71a8f9..389e314ad4 100644
--- a/docker/README-testing.md
+++ b/docker/README-testing.md
@@ -49,7 +49,7 @@ Finally, build the multi-purpose image for Complement, which is a layer over the
 docker build -t complement-synapse -f docker/complement/Dockerfile docker/complement
 ```
 
-This will build an image with the name `complement-synapse`, which can be handed to
+This will build an image with the name `complement-synapse:latest`, which can be handed to
 Complement for testing via the `COMPLEMENT_BASE_IMAGE` environment variable. Refer to
 [Complement's documentation](https://github.com/matrix-org/complement/#running) for
 how to run the tests, as well as the various available command line flags.

From 6f7415c3f22b1c43558ae92413c7165dd2753149 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Tue, 4 Mar 2025 11:38:40 -0500
Subject: [PATCH 7/8] Document the SYNAPSE_VERSION build argument

---
 docker/README-testing.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/README-testing.md b/docker/README-testing.md
index 389e314ad4..f0ef8ddfd9 100644
--- a/docker/README-testing.md
+++ b/docker/README-testing.md
@@ -38,6 +38,8 @@ Next, build the workerised Synapse docker image, which is a layer over the base
 image. To test with your local checkout, pass the name of the Synapse docker image
 built in the previous step as a build argument. Otherwise, the build will pull the
 image of the latest Synapse release and use that as the base of the workers image.
+To test with a specific release of Synapse, set the `SYNAPSE_VERSION` build argument
+to the desired release version.
 
 ```sh
 docker build -t matrixdotorg/synapse-workers --build-arg FROM=matrixdotorg/synapse:testing -f docker/Dockerfile-workers .

From 51ab12ee2195463b75943601c0a5aeaeb96257e9 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Thu, 20 Mar 2025 09:08:49 -0400
Subject: [PATCH 8/8] Make dummy local registry more distinct

`localhost:5000` may be used for other development images, so use a
registry name that is less likely to conflict with an existing one.
Also remove the port as having one makes it seem significant, but it
really isn't.
---
 scripts-dev/complement.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index 2d063ca87c..4f480938ba 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -184,7 +184,7 @@ if [ -z "$skip_docker_build" ]; then
 
         # Tag local builds with a dummy registry so that later builds
         # may reference them instead of pulling from a remote registry
-        LOCAL_REGISTRY=localhost:5000
+        LOCAL_REGISTRY=synapse-registry.localhost
 
         SYNAPSE_TAG=matrixdotorg/synapse
         $CONTAINER_RUNTIME build \