Make identifiable temporary bundle image tags #2336
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this change
When we publish a bundle, we have to push the invocation image temporarily to a tag, so that we can then retrieve its repository digest. Right now the tag is the hash of the bundle reference, which is impossible for someone maintaining a registry to identify and clean up.
This changes the format of the temporary invocation image tag to:
porter-HASH
For example:
The input text for the invocation image hash is the location of the bundle:
ghcr.io/getporter/examples/porter-hello:v0.2.0
which results in a md5 hash of 3cb284ae76addb8d56b52bb7d6838351, so the resulting temporary location where we push the invocation image is:
ghcr.io/getporter/examples/porter-hello:porter-3cb284ae76addb8d56b52bb7d6838351
I have updated all our code to use the same function to generate the temporary tag, even for referenced images which previously used a different method of computing the hash when publishing from an archive. Referenced images now compute the hash based on the original location of the image.
So if a bundle referenced nginx:v1.0.0 and is used in a bundle located at example.com/mybuns, the temporary location for nginx would be:
example.com/mybuns:porter-55135915b5d3b5cf91b7305ec6a76d6e
where the hash uses the location of the original image (nginx:v1.0.0)
What issue does it fix
Closes #2319
Notes for the reviewer
N/A
Checklist
Reviewer Checklist