[ECR] [request]: public registry tag listing #1262
Comments
|
To be clear, my feature request is to let a public user who doesn't have the permisson to log into the repo use the CLI like |
|
This just got me, my CI system is failing while listing image tags: ❯ curl -i -H "Authorization: Bearer $TOKEN" https://public.ecr.aws/v2/xxxxxxx/awesome-image/tags/list
HTTP/2 404
date: Fri, 19 Feb 2021 15:26:51 GMT
content-type: text/plain; charset=utf-8
content-length: 19
docker-distribution-api-version: registry/2.0
x-content-type-options: nosniff
404 page not foundI assumed that ECR Public implements Docker Registry HTTP API V2, but apparently it is not 🤷♂️ |
|
I would also point out that the documentation for public registries sounds like the Amazon ECR Public supports the entire Docker Registry HTTP API.
|
|
It is very disappointing to see that the official documentation says:
But at the same time, the list-image-tags API is not supported (even if I am calling the API using the |
|
Just wanted to leave a note here as not being able to list the image tags for images on the Public Gallery is causing problems with dependency management for parts of the Kubeflow project. |
|
We ran into this issue as well as we sync the repository to local registry for performance and stability reasons. I will be escalating the issue through our AWS representative and would recommend others do the same. |
|
It seems this isn't an issue for private ECR repository https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html I'm able to invoke the "tag/list" http endpoint on one of my private repository but not public ones. |
|
We have been looking at a way to poll for updates to specific repositories so as to remain up-to-date (specifically we are hoping to receive notifications when a new version of the App Mesh Envoy container is pushed). This would be really easy if there was a programmatic way to list tags for a repository 😢 |
|
This is impacting Dependabot support for ECR Public also, dependabot/dependabot-core#4212. |
|
@maishsk is there any chance to see this problem addressed? |
|
Hello, having helm 3.8 released with OCI support, looks like AWS Public ECR is not compliant with dependencies https://helm.sh/docs/topics/registries/#specifying-dependencies. For me "helm depepndency update" fails exactly with the same error of not being able to list tags. |
|
Seems like the listing tags API is not OCI compliant? Seems like a big mistake on AWS's part to not adhere to the OCI spec. The OCI spec mandates that the response MUST be in the following format: The response from the tag list API does not follow this format and means that it cannot be used by OCI-compliant tooling. The OCI spec also expects a |
|
Oh wow, that's entirely and completely different API but sitting on the oci path, which makes it purposefully incompatible. I didn't think to double-check. Nice find. This is utterly useless for any reasonable use-case and misses the heart of this issue entirely. I'll be sure to flag this with our account rep. I would recommend others do the same. |
|
Yikes. That's a big miss. Please re-open and fix the response format for this API. |
|
Hi everyone, this was released prematurely and does not yet reflect our intended feature set. The OCI compliant tags API is coming soon and we will share more details here once it is fully and finally released. Apologies for the confusion. |
|
Thank you @arunsollet for clarifying, that's really good to hear! |
|
Hi everyone 👋 We are seeking guidance around the functionality of this API and how strictly we need to adhere to the OCI spec in order to meet immediate needs. We intend for full OCI compliance, but if we consider iterating toward that compliance we can likely solve most blocking issues more quickly. The main issue with the premature release is that it was not yet complete (as some observed the internal-only response body). It seems to me the main thrust of solving most use cases a) the api must exist, and b) the response body must be formatted as specified. Beyond this, I'd like to understand how important ordering and pagination are. The OCI spec calls for transparent tokens (in the form of tag values), and that tags returned are lexically order. There are some implementations which adhere strictly to the spec in this regard, and others that do not. What do folks think about a release sooner to address the main issue first, and we can iterate toward sorting and potentially using a transparent token in a subsequent release? This maps to how the v2 tags/list API works on ECR today. I know it's not perfect, but will this meet most use cases? Flux, ArgoCD, Skopeo, Dependabot are the main ones I'm thinking about, none of which depend upon pagination or ordering as far as I can tell. To leave this as a simple question for folks to 👍 or 👎 - would you support if we defer lexical sorting and transparent tokens for pagination, if we can ship the API and properly formatted response body sooner? Thanks very much! |
|
Hey all! We have started rolling this feature out and are already seeing a good deal of traffic on it. You may still see 404's on the endpoint until the rollout is complete, but wanted to let you all know since you may have some automation in place that starts working for the first time as this comes online. As always - please let us know if anyone sees any issues or has questions. Otherwise, we'll post again once the deployments are complete. Thanks again for all the patience and guidance, especially from the various open source maintainers we discussed this with. |
|
This is now fully rolled out, please let us know if there are any issues/questions. Thanks again everyone! |
|
Can confirm. Dependabot on GitHub now updates public ECR |
|
Hello @jlbutler ,, I am unable to do The Same for public.ecr.aws/docker/library/eclipse-temurin:17.0.6_10-jre-alpine Can you help me with the Same ?
|
|
Sorted, we have to use the registry name, |
|
Could you show an example dependabot.yml file, please @MajidEM?
Still need to set this up and would help speed things up 😉
|
|
@aairey this is one of the setting we are using and getting Dependabot execution errorDependabot settings |
|
@rr-paras-patel I fail to see where you have configured |
|
@aairey yes it is base image mentioned in Dockerfile : |
Community Note
Tell us about your request
Enable discovering tags of a public repository, possibly by implementing the
/tags/listendpoint https://github.com/opencontainers/distribution-spec/blob/master/spec.md#content-discoveryWhich service(s) is this request for?
ECR Public
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Discover the available tags for a repository I don't own
Are you currently working around this issue?
Finding the list via the ECR public gallery
The text was updated successfully, but these errors were encountered: