Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Change tags on digests #232

Closed
wants to merge 1 commit into from
Closed

Change tags on digests #232

wants to merge 1 commit into from

Conversation

vitaliy-guliy
Copy link
Contributor

Signed-off-by: Vitaliy Gulyy vgulyy@redhat.com

What does this PR do?

Use digests instead of tags when referencing docker images in devfiles.

What issues does this PR fix or reference?

Solves eclipse-che/che#16047

@vitaliy-guliy
Change tags on digests
cf4cf8e 
Signed-off-by: Vitaliy Gulyy <vgulyy@redhat.com>
@ericwill ericwill requested a review from nickboldt April 27, 2020 13:40
nickboldt
nickboldt suggested changes Apr 27, 2020
View reviewed changes
Copy link
Contributor

@nickboldt nickboldt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a manually created commit. Did you run a script? Will it run the next time a commit is pushed to this registry? How are these digests generated and kept current?

Needs documentation and link to CI job/process.

@vitaliy-guliy
Copy link
Contributor Author

vitaliy-guliy commented Apr 28, 2020
edited
Loading

@nickboldt Tags on digests have been changed by hands. The same for che-plugin-registry.
I used to run build.sh in the repository root to check the build.
Though the original issue eclipse-che/che#16047 describes only changing the references, from your feedback I see that we have to do something else.

@nickboldt
Copy link
Contributor

So... your vision is that we would run build.sh manually every time a new nightly image referred in the registry is released?

How is that manageable? Surely you would prefer if the digests were updated automatically?

@ericwill
Copy link
Contributor

AFIUI there is already automation present in the devfile-registry for using digests instead of tags. For example we have the USE_DIGESTS argument in the build scripts.

IMO the work here should look like this:

  • Change the current references to digests manually
  • Update the build scripts to use digests all the time (remove USE_DIGESTS and make it true)
  • Add a CONTRIBUTING.MD to make it clear for new users how to contribute updates to the devfile-registry, and that they should use digests instead of tags
  • Update the README to reflect the above

@nickboldt did I miss a case?

@nickboldt
Copy link
Contributor

nickboldt commented Apr 28, 2020
edited
Loading

Update the build scripts to use digests all the time (remove USE_DIGESTS and make it true)

Right now the scripts rely on seeing a tag and replacing that with the equivalent digest.

https://github.com/eclipse/che-devfile-registry/blob/master/build/scripts/write_image_digests.sh#L23
https://github.com/eclipse/che-devfile-registry/blob/master/build/scripts/write_image_digests.sh#L41-L44

If you hardcode the digests into the registry, how will the script know which NEWER digest to use?

Or are you expecting that ever new release of a sidecar container will be manually added to the plugin registry by someone who will find the latest digest and use that in their PR?

I suppose that works but... you could also just use container foo:2.4.6 and let the registry build convert that to foo@sha256:aasdasdasdasd for you.

@ericwill
Copy link
Contributor

Because we are to use tokens now, let's close this PR and open a new one when the new approach is decided.

@ericwill ericwill closed this Jun 26, 2020
sparkoo pushed a commit to sparkoo/che-devfile-registry that referenced this pull request Dec 4, 2020
@nickboldt
add --latest-only caching option (eclipse-che#232)
a40609c 
* switch from alpine+rhel to ubi+rhel-httpd; rename file so that vscode/che does correct file assoc

Change-Id: I4e12db0a173fc7aeb59947139ba39a01c6b227d0
Signed-off-by: nickboldt <nboldt@redhat.com>

* fix README to add new --target params and remove ref to non-existent Dockerfile.caching

Change-Id: Ib097d689276c68b45cac707c23efd2332ae7d6c4
Signed-off-by: nickboldt <nboldt@redhat.com>

* combine RUN commands; add notes about --latest-only caching

Change-Id: I3c7d4f11774261b7110f44e58f6460440855b486
Signed-off-by: nickboldt <nboldt@redhat.com>

* add --latest-only caching option

Change-Id: Ie0690a1ab8f9e89989b658a05b890075635c92e6
Signed-off-by: nickboldt <nboldt@redhat.com>

* move LABEL and ENV stuff to the last image (needed by Brew); remove unneeded USER commands

Change-Id: Iff3aa7c7cc9b912b8f435e0932e8c0b21f5519bd
Signed-off-by: nickboldt <nboldt@redhat.com>

* fix positioning of the optional step to remove non-latest meta.yaml files

Change-Id: I2b97cd814980d336b0b788e5526679d798ae2481
Signed-off-by: nickboldt <nboldt@redhat.com>

* fix python install logic so it supports both the bootstrap method needed for Brew and the simpler '/usr/bin/pip3.6 install yq jsonschema' approach for online users; remove unneeded port, fix entry point

Change-Id: I0c356dd93ebc714fc7534e86d8a398b97463c04d
Signed-off-by: nickboldt <nboldt@redhat.com>

* add entrypoint scripts to fix user and run httpd (works for different .nix default paths)

Change-Id: I5e9e15e955403b0fc1ffb97d28b1e1274673b883
Signed-off-by: nickboldt <nboldt@redhat.com>

* shaking a fist at circlei's shellcheck madness and thanking my lucky starts for @amisvek's advice

Change-Id: I0d8c89776c3dcf30080dd43823b40c49cd01be60
Signed-off-by: nickboldt <nboldt@redhat.com>

* instead of including ENVs and LABELs, inject them downstream

Change-Id: I6ae8525d958eddbefa254fa371e93ed580dc869b
Signed-off-by: nickboldt <nboldt@redhat.com>

* disable the artifact caching by default in upstream; add notes about what doesn't work in downstream

Change-Id: Ia1825e554135a7ca3463dbc27252b9ef9908cba3
Signed-off-by: nickboldt <nboldt@redhat.com>

* delete more than just the meta.yaml files -- delete folders containing the meta.yaml too (OMG thanks @amisvek for the quick fix)

Change-Id: If5ef526355a9c358af7b4a0c4ad917b1bc9528a8
Signed-off-by: nickboldt <nboldt@redhat.com>

* add newline at end of script because shrug emoji

Change-Id: Ic897685dd0873fc5d48e775fe15fd9ca4a55ddad
Signed-off-by: nickboldt <nboldt@redhat.com>

* accidentally commented out

Change-Id: I64530e5a5cca77bbf2aabefc140bb1b6d8efe859
Signed-off-by: nickboldt <nboldt@redhat.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nickboldt nickboldt nickboldt requested changes

@benoitf benoitf Awaiting requested review from benoitf

@ericwill ericwill Awaiting requested review from ericwill

@JPinkney JPinkney Awaiting requested review from JPinkney

@svor svor Awaiting requested review from svor

@tsmaeder tsmaeder Awaiting requested review from tsmaeder

@vinokurig vinokurig Awaiting requested review from vinokurig

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vitaliy-guliy @nickboldt @ericwill