Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Made the digest exporter report image digest if there is only one image. #1237

Merged
merged 3 commits into from
Sep 6, 2019
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Made the image digest exporter report image digest if there is only o…
…ne image.

Currently the image digest exporter does not implemented the behavior described
in the resources doc, which says "if there are multiple versions of the image,
the latest will be used." Instead, it reports the digest of `index.json`, which
is an image index. This behavior introduces a usability issue: one of the major
public container registry --- dockerhub --- does not support OCI image indices,
and there are very few tools (if any) that support converting OCI image indices
to docker manifest lists. Skopeo currently only support pushing an OCI image
index that contain only one image. If the index has more than one images, it
requires the user to specify one:
containers/skopeo#107
containers/image#400

Essentially, these limitations make the image digest exporter useless. To make
this feature useful, the exporter could instead implement the following behavior:

1. If there is only one image in `index.json`, report the image's digest.

2. If there are multiple images, report the digest of the full index.

The advantage of this behavior is that, we can immediately use it (in conjunction
of GoogleContainerTools/kaniko#744), yet if multi-image
manifests are more widely supported, the image digest exporter can still support
that without any modification.
  • Loading branch information
chhsia0 committed Aug 23, 2019
commit 86aa9ed1a9cc6b73bff37ee1a70fb2bef8ac4ab7
15 changes: 13 additions & 2 deletions cmd/imagedigestexporter/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"log"
"os"

"github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/layout"
v1alpha1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1alpha1"
)
Expand Down Expand Up @@ -55,9 +56,19 @@ func main() {
log.Printf("ImageResource %s doesn't have an index.json file: %s", imageResource.Name, err)
continue
}
digest, err := ii.Digest()
// If there is only one image in the index, report the digest of the image; otherwise, report the digest of the whole index.
digest, err := func() (v1.Hash, error) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest moving this to a package-level function, with a name, and passing ii as an argument to it.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and unit tests! :)

im, err := ii.IndexManifest()
if err != nil {
return v1.Hash{}, err
}
if len(im.Manifests) == 1 {
return im.Manifests[0].Digest, nil
}
return ii.Digest()
}()
if err != nil {
log.Fatalf("Unexpected error getting image digest %v: %v", imageResource, err)
log.Fatalf("Unexpected error getting image digest for %s: %v", imageResource.Name, err)
}
output = append(output, v1alpha1.PipelineResourceResult{Name: imageResource.Name, Digest: digest.String()})
}
Expand Down
6 changes: 3 additions & 3 deletions docs/resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -289,9 +289,9 @@ To surface the image digest in the output of the `taskRun` the builder tool
should produce this information in a
[OCI Image Spec](https://github.com/opencontainers/image-spec/blob/master/image-layout.md)
`index.json` file. This file should be placed on a location as specified in the
task definition under the resource `outputImageDir`. Annotations in `index.json`
will be ignored, and if there are multiple versions of the image, the latest
will be used.
task definition under the resource `outputImageDir`. If there is only one image
in the `index.json` file, the digest of that image is exported; otherwise, the
digest of the whole image index would be exported.

For example this build-push task defines the `outputImageDir` for the
`builtImage` resource in `/workspace/buildImage`
Expand Down