Made the digest exporter report image digest if there is only one image. #1237
Conversation
…ne image. Currently the image digest exporter does not implemented the behavior described in the resources doc, which says "if there are multiple versions of the image, the latest will be used." Instead, it reports the digest of `index.json`, which is an image index. This behavior introduces a usability issue: one of the major public container registry --- dockerhub --- does not support OCI image indices, and there are very few tools (if any) that support converting OCI image indices to docker manifest lists. Skopeo currently only support pushing an OCI image index that contain only one image. If the index has more than one images, it requires the user to specify one: containers/skopeo#107 containers/image#400 Essentially, these limitations make the image digest exporter useless. To make this feature useful, the exporter could instead implement the following behavior: 1. If there is only one image in `index.json`, report the image's digest. 2. If there are multiple images, report the digest of the full index. The advantage of this behavior is that, we can immediately use it (in conjunction of GoogleContainerTools/kaniko#744), yet if multi-image manifests are more widely supported, the image digest exporter can still support that without any modification.
googlebot
added
the
cla: yes
tekton-robot
added
size/S
|
Hi @chhsia0. Thanks for your PR. I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign @dibyom |
cmd/imagedigestexporter/main.go
Outdated
| @@ -55,9 +56,19 @@ func main() { | |||
| log.Printf("ImageResource %s doesn't have an index.json file: %s", imageResource.Name, err) | |||
| continue | |||
| } | |||
| digest, err := ii.Digest() | |||
| // If there is only one image in the index, report the digest of the image; otherwise, report the digest of the whole index. | |||
| digest, err := func() (v1.Hash, error) { | |||
There was a problem hiding this comment.
Suggest moving this to a package-level function, with a name, and passing ii as an argument to it.
There was a problem hiding this comment.
+1 to what @sbwsg said, otherwise looks good! Thanks @chhsia0 :D
Also p.s. I think you've seen this already but note that we're probably going to change the way that resourceResults works pretty dramatically in the future (proposal to remove in 0.9 release)
cmd/imagedigestexporter/main.go
Outdated
| @@ -55,9 +56,19 @@ func main() { | |||
| log.Printf("ImageResource %s doesn't have an index.json file: %s", imageResource.Name, err) | |||
| continue | |||
| } | |||
| digest, err := ii.Digest() | |||
| // If there is only one image in the index, report the digest of the image; otherwise, report the digest of the whole index. | |||
| digest, err := func() (v1.Hash, error) { | |||
|
/ok-to-test |
tekton-robot
added
ok-to-test
|
Sorry about the delay. Will add a test and fix the problems on Monday. |
tekton-robot
added
size/L
|
The following is the coverage report on pkg/.
|
|
The following is the coverage report on pkg/.
|
chhsia0
force-pushed
the
export-image-digest
branch
from
1f3e3c4
to
f68448f
Compare
|
The following is the coverage report on pkg/.
|
chhsia0
force-pushed
the
export-image-digest
branch
from
3cd05a8
to
1f62071
Compare
|
The following is the coverage report on pkg/.
|
|
Error message from the e2e test: Judging from the message, I suspect that the EOF comes from the following line: However I could not understand how the EOF ended up there. The block scalar YAML syntax and the shell's here document syntax looks correct to me. @sbwsg @bobcatfish Could you take a look? |
|
@chhsia0 I think it's the whitespace at the end of that line with the EOF. I don't know why your change has caused the image digest exporter to become sensitive to that but removing it locally and running the example on your branch works for me. |
|
🤦♂ |
chhsia0
force-pushed
the
export-image-digest
branch
from
1f62071
to
78b21d4
Compare
|
The following is the coverage report on pkg/.
|
|
Good stuff! /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chhsia0, vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
Changes
Currently the image digest exporter does not implemented the behavior described
in
resources.md, which says "if there are multiple versions of the image,the latest will be used." Instead, it reports the digest of
index.json, whichis an image index. This behavior introduces a usability issue: one of the major
public container registry --- dockerhub --- does not support OCI image indices,
and there are very few tools (if any) that support converting OCI image indices
to docker manifest lists. E.g., skopeo currently only support pushing an OCI image
index that contains only one image. If the index has more than one images, it
requires the user to specify one:
containers/skopeo#107
containers/image#400
Essentially, these limitations make the image digest exporter less useful. To make
it more usable, the exporter could instead implement the following behavior:
If there is only one image in
index.json, report the image's digest.If there are multiple images, report the digest of the full index.
The advantage of this behavior is that, we can immediately use it (in conjunction
of GoogleContainerTools/kaniko#744), yet if multi-image
manifests are more widely supported in the future, the image digest exporter can
still support that without any modification.
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmddir, please updatethe release Task and TaskRun to build and release this image
Reviewer Notes
If API changes
are included, additive changes
must be approved by at least two OWNERS
and backwards incompatible changes
must be approved by more than 50% of the OWNERS,
and they must first be added
in a backwards compatible way.
Release Notes
Although the exported digest changes for any single-image index, the the digests of either the index or the image are eventually used to refer to the image, so there should be no actual user impact.