ECR support

[rothgar]

ECR supports OCI format and should probably be listed as compatible on the cnab website.

I tried using the cnab-to-oci tool to verify it but the tool won't build. cnabio/cnab-to-oci#107

What's the best way to verify CNAB support so ECR can be tested and listed as compatible on https://cnab.io/registries/?

[carolynvs]

@rothgar You can use a precompiled Porter binary (which uses cnab-to-oci) to verify.

1. Install porter
2. Make a new directory, e.g. mkdir hello-world
3. Run porter create to make a test bundle
4. Run porter publish --registry TODO where you fill in a registry on ECR. For example on docker hub it would be "username", or on GHCR it would be "ghcr.io/yourname". This tests if we can push bundles to ECR.
5. Run porter install --reference TODO where you fill in the fullly qualified reference to the bundle. For example "ghcr.io/yourname/yourbundle:v0.1.0". The output of publish will include the final pushed location. This tests if cnab-to-oci can read the attributes, manifests and images from ECR.

If both commands work, let me know and I'll update our listing to include ECR!

[rothgar]

Thanks for those examples @carolynvs

Here's the output I got but I'm not sure what it's trying to do when it's getting a 404 error

porter publish --registry 323238900174.dkr.ecr.us-east-1.amazonaws.com 
Pushing CNAB invocation image...
The push refers to repository [323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer]
0f340999ed56: Preparing
5cb5b32f0d7b: Preparing
75da8efa208d: Preparing
ad890b2dadde: Preparing
da6b20a8192a: Preparing
eed409fc8201: Preparing
eed409fc8201: Waiting
0f340999ed56: Layer already exists
da6b20a8192a: Layer already exists
5cb5b32f0d7b: Layer already exists
75da8efa208d: Layer already exists
ad890b2dadde: Layer already exists
eed409fc8201: Layer already exists
v0.1.0: digest: sha256:6ca40fabc7bba3badff7f2a436085c361b1f6e226b849e7ec9d62179114eee31 size: 1579

Rewriting CNAB bundle.json...
Starting to copy image 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer:v0.1.0...
Failed to copy image 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer:v0.1.0: unexpected response: 404 Not Found
Error: error preparing the bundle with cnab-to-oci before pushing: unexpected response: 404 Not Found

I tried running with --debug and get the same failure output.

[carolynvs]

This is the function that is failing in cnab-to-oci. It identifies all images used by the bundle, in this case 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer, and it copies the images into the same repository as the bundle (in this case 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello). Here is porter's doc on the final destination of the bundle and images.

https://github.com/cnabio/cnab-to-oci/blob/c859986da48dc6f0fa44151bb53f127dd43e1cff/remotes/fixup.go#L21

What the publish workflow looks like at a high level is:

1. push the invocation image (323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer) to the destination registry.
2. get the registry digest for the invocation image.
3. copy the invocation image to the bundle's repository (323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello@INVOCATION_IMAGE_REPOSITORY_DIGEST)
4. push the bundle artifact to the registry at 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello@v0.1.0.

Specifically this line is failing I think based on the error:

https://github.com/cnabio/cnab-to-oci/blob/c859986da48dc6f0fa44151bb53f127dd43e1cff/remotes/fixup.go#L51

I'm not sure what is causing the 404 exactly. But seems like it is happening when copying the image from one repository to another.

Does ECR let you push directly to a digest e.g. 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello@DIGEST?

[rothgar]

Ah, that makes sense. ECR doesn't support creating repos automatically on push. Once I created porter-hello-installer and porter-hello repos everything worked

# porter publish --registry 323238900174.dkr.ecr.us-east-1.amazonaws.com                                                                                                
Pushing CNAB invocation image...                                                                                                                                        
The push refers to repository [323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer]                                                                     
0f340999ed56: Preparing                                                                                                                                                 
5cb5b32f0d7b: Preparing                                                                                                                                                 
75da8efa208d: Preparing                                                                                                                                                 
ad890b2dadde: Preparing                                                                                                                                                 
da6b20a8192a: Preparing                                                                                                                                                 
eed409fc8201: Preparing                                                                                                                                                 
eed409fc8201: Waiting                                                                                                                                                   
da6b20a8192a: Layer already exists                                                                                                                                      
5cb5b32f0d7b: Layer already exists                                                                                                                                      
75da8efa208d: Layer already exists                                                                                                                                      
0f340999ed56: Layer already exists
ad890b2dadde: Layer already exists
eed409fc8201: Layer already exists
v0.1.0: digest: sha256:6ca40fabc7bba3badff7f2a436085c361b1f6e226b849e7ec9d62179114eee31 size: 1579

Rewriting CNAB bundle.json...
Starting to copy image 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer:v0.1.0...
Completed image 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello-installer:v0.1.0 copy
Bundle tag 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello:v0.1.0 pushed successfully, with digest "sha256:720fecb62c58e421a6adf6f453621ca722d3820aa22a2883f1dba3f304313f52"

# porter install --reference 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello:v0.1.0
installing porter-hello...
Unable to find image '323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello@sha256:6ca40fabc7bba3badff7f2a436085c361b1f6e226b849e7ec9d62179114eee31' locally
sha256:6ca40fabc7bba3badff7f2a436085c361b1f6e226b849e7ec9d62179114eee31: Pulling from porter-hello
Digest: sha256:6ca40fabc7bba3badff7f2a436085c361b1f6e226b849e7ec9d62179114eee31
Status: Downloaded newer image for 323238900174.dkr.ecr.us-east-1.amazonaws.com/porter-hello@sha256:6ca40fabc7bba3badff7f2a436085c361b1f6e226b849e7ec9d62179114eee31
executing install action from porter-hello (installation: porter-hello)
Install Hello World
Hello World
execution completed successfully!

[carolynvs]

Great! I will update the site to list ECR with a note about creating the repository first for both the invocation image and bundle.