Digest output is image ID, not RepoDigest #461
Comments
|
@jsok Can you rerun this workflow please? -
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect sajari/docd:${{ steps.meta.outputs.version }}
-
name: Inspect image
if: github.event_name != 'pull_request'
run: |
docker pull sajari/docd:${{ steps.meta.outputs.version }}
docker image inspect sajari/docd:${{ steps.meta.outputs.version }} |
|
@crazy-max unfortunately I can't modify the workflow at this point in time, but I have re-run the workflow so that it pulls the latest version of this action. The metadata shows the same image ID, not the digest reported by the remote. See:
Maybe there's some overloading of the term digest going on here? |
|
Can confirm I am seeing the same thing. The digest output here does not match the digest shown in the registry (in my case, ghcr.io). So I'm thinking need to write a small action to get the right diget so I can use as an output to pull via |
|
I also can confirm that issue with an image pushed to AWS ECR. As stated the output "digest" seems to something else (didn't investigate but I believe it's the image id). With that I can't use the output to use it in another step to pull the image |
|
I had a same problem. |
|
There's no need to abandon - id: build
uses: docker/build-push-action@v2
with: { ... }
- name: Get image digest
id: digest
run: echo "::set-output name=digest::$(docker inspect ${{ steps.build.outputs.digest }} | jq -r '.[].RepoDigests[0] | split("@") | .[1]')" |
|
Having dug deeper on this issue, the If you do not call setup-buildx, then it seems to incorrectly populate |
|
I can also confirm that the digest is incorrect unless including the The README says the step is not required but assists with multi-platform images, export cache. I don't have those use-cases so I left it out. Given how Thanks @jsok for sharing the fix. |
|
I just hit this putting together a small sample, and can also confirm that the workaround "fixes" this, but this feels like a pretty bad bug. Would the maintainers be receptive to a fix, if this is just a bandwidth problem? |
Thanks for your feedback, will take a look and come back to you. |
|
Suggested workaround unfortunately doesn't work on ECR:
Please note I'm using |
|
docker/buildx#975 should fix this issue. You can try it with: -
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
version: https://github.com/crazy-max/buildx.git#moby-remotedgst |
|
The official Since this github issue is closed, can this workaround be removed? |
+1 Can anyone confirm please? |
|
I saw the official workflow is still linking to this issue and I have no idea what happened. Is the workflow way correct for handling everything now? |
Not needed anymore.
Not sure what you mean? I don't see any reference to this issue in our code base. I'm locking this issue as it has been solved but feel free to open a new one if it still happens. See also #906 (comment). |
Troubleshooting
The output called
digestis not in fact the digest that can be used to pull the image that was pushed to the repository.The
metadataoutput has the same ID listed as"containerimage.digest".Behaviour
Steps to reproduce this issue
Expected behaviour
The output named
digestshould contain the digest of the image, not the ID.i.e. the output of
docker inspect $IMAGE | jq .[].RepoDigestsActual behaviour
The output named
digestcontains the Image ID, i.e. the output ofdocker inspect $IMAGE | jq .[].IDConfiguration
DockerHub reports the Digest to be:
sha256:abe87bda82fdf472763c5782bd787154fd5196dbf37bb5b94b3c757df71f0de3docker/build-push-action@v2outputs a digest ofsha256:e72b6e4b4ed5763c94bfde0320282c8a3125152d8f2325d015c37a01eed2a9b2Logs
1_Publish Docker image.txt
The text was updated successfully, but these errors were encountered: