Pushing an image index #237
Comments
A solution for ORAS would be nice. Since my artifacts are tarballs, I'm just pretending they're Docker layers, which works. |
|
We were initially planning on adding support for These are the current artifact reference types we're hoping to evolve. Can you help with a bit more details for what you're looking to generate to understand where it would fit in? |
|
Homebrew https://brew.sh is a package manager that supports both macOS and Linux. We have binary packages (called bottles), which are tarballs, for multiple versions of macOS and one universal Linux bottle that works on all distributions. We store each bottle in an ORAS artifact in an image manifest. We bundle these image manifests up into a single image index. We use the You can see examples of these ORAS image indexes at https://github.com/orgs/brewsci/packages and https://github.com/orgs/homebrew/packages. I now use You can close this issue now, but I'm happy to answer follow up questions if you think this would be an interesting use case for ORAS. |
|
Homebrew stores its bottles as artifacts in an OCI registry? I didn't know that; been using it since earliest days, must be close to a decade now, switched over from, was it "macports"?. Which registry do you use, @sjackman? @SteveLasker I think @sjackman is looking for something very similar to how container images work. One root index, with This seems like the right use case for oras. |
As of this week!
GitHub Packages, also known as GitHub Container Registry https://ghcr.io
We actually do use the media types |
|
For example https://github.com/orgs/Homebrew/packages/container/package/core/hello $ oras pull ghcr.io/homebrew/core/hello:2.10
Downloaded 449de5ea35d0 hello-2.10.catalina.bottle.tar.gz
Downloaded b3b083db0807 hello-2.10.arm64_big_sur.bottle.tar.gz
Downloaded 54ac46b692fc hello-2.10.el_capitan.bottle.tar.gz
Downloaded 69489ae397e4 hello-2.10.big_sur.bottle.tar.gz
Downloaded f9d6285eafa4 hello-2.10.mojave.bottle.tar.gz
Downloaded 1b66790d4266 hello-2.10.high_sierra.bottle.tar.gz
Pulled ghcr.io/homebrew/core/hello:2.10
Digest: sha256:4f1d476de4e32f4a70a46df406fb917a0f1d990dcefd29be0a16c282a0a285d5
$ skopeo copy docker://ghcr.io/homebrew/core/hello:2.10 oci:hello:2.10
Getting image source signatures
Copying blob 449de5ea35d0 [--------------------------------------] 0.0b / 0.0b
Copying config bd012697f6 done
Writing manifest to image destination
Storing signatures
$ docker pull --platform=darwin/amd64 ghcr.io/homebrew/core/hello:2.10
2.10: Pulling from homebrew/core/hello
operating system is not supported
$ docker pull ghcr.io/linuxbrew/core/hello:2.10
2.10: Pulling from linuxbrew/core/hello
f81d7c0a3eee: Pull complete
Digest: sha256:b36a2cb7220504776fc540b67e9fe93947b97635d40fd98c62f27970be16d9ff
Status: Downloaded newer image for ghcr.io/linuxbrew/core/hello:2.10
ghcr.io/linuxbrew/core/hello:2.10 |
Then what is missing from oras for your support? It looks pretty solid. |
I like that. I am a big advocate for using registries as a universal distribution mechanism. The combination of layers, manifests with annotations and stacking, and hashes (especially hashes), plus natively-attached config to each manifest, makes for a very powerful system. I have my own tool for doing the same, mostly to inspect and pull down images. |
Nothing. Using
|
|
This might be an interesting use case for pushing (and pulling) multi-arch binaries (multiple binaries for different architectures), but I'm not sure it's within the scope of oras. |
@justincormack for thoughts around multi-arch for other artifactTypes. |
|
The upside of using image index is that it works with skopeo and other tools. It doesn't have to be a requirement though, if there are alternatives. I'm not 100% sure that oras needs to be the tool that supports multi-arch artifacts as it tries to a be a generic tool as far as I can tell. But it could be, I don't know. I think this is a topic that's worth standardizing though. |
|
I wouldn't say ORAS is trying to be the container image tool, as there are great tools for that. Rather, it's the non-container image tool for utilizing registries, without the constraints of the container image specific artifact type. |
Yes, that is exactly how I look at it. |
|
@sjackman do you have an idea why $ docker pull --platform=darwin/amd64 ghcr.io/homebrew/core/hello:2.10
2.10: Pulling from homebrew/core/hello
operating system is not supported |
|
Hi @volo-droid , You're pulling with the docker client. Since this isn't a container runtime, rather a homebrew package, you'll need to use the specific client. https://github.com/homebrew/homebrew-core/pkgs/container/core%2Fhello#how-do-i-install-these-formulae |
$ docker pull --platform=darwin/amd64 ghcr.io/homebrew/core/hello:2.10
2.10: Pulling from homebrew/core/hello
operating system is not supported
$ docker pull --platform=linux/amd64 ghcr.io/homebrew/core/hello:2.10
2.10: Pulling from homebrew/core/hello
e6980196298e: Pull complete The Docker client does not support pulling images for |
|
I'm curious what the status of this & the status of this item of the artifact authors guidance:
This section is absent from the artifact specification. There seem to be two distinct philosophies:
It's unclear to me what the tradeoffs are, or what the "future-looking" perspective here would be. |
@AaronFriel The above use case is already supported in oras-go v2.0.0-rc.4 and oras cli 0.16.0 . When pushing an OCI artifact with non-nil
I think it's covered in distribution spec but not reflected in image specification. |
|
That's very interesting and helpful. I must have missed that in the docs that two strategies would be utilized. It does leave me with a few more questions about how we'd go about filtering artifacts by platform/os/etc, but I suspect we can use |
|
@AaronFriel Feel free to elaborate your question in oras discussion. Maybe the feature you need is already supported in the current version. Sorry for the lacking of documentation but we are planning to add user guide after 1.0.0 release. |
|
@AaronFriel ORAS has fully supported the OCI artifact manifest in the latest release of CLI and ORAS Go SDK. We will create some documentation to explain it on the ORAS website.
I think adding annotations is also a workaround to distinguish them. May I know your requirements for ORAS? |
|
Yes, I think tentatively I'm looking at storing a tree like so: To implement plugin discovery for the Pulumi engine. This is all in the prototyping/design stage at the moment, and it seems like ORAS is an ideal mechanism for us. The root tag |
|
@sjackman ran into this - your indexes you are pushing are missing the MediaType field, so they are being processed as manifests by the Docker Hub pipeline, not indexes. |
|
Closing since it is now supported by
|
|
hi @sjackman I'm wondering if you have any document or notes to describe how to use |
Does ORAS support pushing an image index
application/vnd.oci.image.index.v1+jsonthat contains multipleapplication/vnd.oci.image.manifest.v1+json?See https://github.com/opencontainers/image-spec/blob/master/media-types.md#oci-image-media-types
and https://github.com/opencontainers/image-spec/blob/master/image-index.md
The text was updated successfully, but these errors were encountered: