This repository has been archived by the owner on Mar 27, 2024. It is now read-only.
Container-diff cannot download images with OCI manifest #389
Comments
This was referenced Mar 10, 2023
BronzeDeer
added a commit
to BronzeDeer/kaniko
that referenced
this issue
Mar 20, 2023
The dockerfile for the regression test connected to issue 684 used a rolling tag as base image, making it flaky and fail since it was introduced. This commit pins the base image to the digest of bionic-20200219, which, based on the date of the commit that introduced to the dockerfile would be the most newest ubuntu build and likely what the "rolling" tag resolved to back then. Since this also an image from the pre-oci days of ubuntu, this circumvents a bug in container-diff as well (GoogleContainerTools/container-diff#389)
BronzeDeer
added a commit
to BronzeDeer/kaniko
that referenced
this issue
Mar 20, 2023
The dockerfile for the regression test connected to issue 684 used a rolling tag as base image, making it flaky and fail since it was introduced. This commit pins the base image to the digest of bionic-20200219, which, based on the date of the commit that introduced to the dockerfile would be the most newest ubuntu build and likely what the "rolling" tag resolved to back then. Since this also an image from the pre-oci days of ubuntu, this circumvents a bug in container-diff as well (GoogleContainerTools/container-diff#389)
imjasonh
pushed a commit
to GoogleContainerTools/kaniko
that referenced
this issue
Mar 21, 2023
* fix(ci): Bump golangci-lint to 1.51.1 * chore(lint): fix gofmt and goimport issues * chore(lint): fix linter issues - Adapted error comparison according to linter recommendation - Disabled noctx linting for http request where canceling makes no sense - Disabled nilerror linting where nil error is returned on purpose - Disabled makezero linter where slice is explicitly deepcopied * chore(ci): Update go version in tests workflows * fix(ci): Allow boilerplate years from 2000-2099 Previously the regex only allowed the copyright notice to contain the years 2018,2019,2020,2021, or 2022. This commit widens to regex to 20\d\d allowing any year in the range [2000-2099] * feat(ci): Replace minikube with k3s for intregration tests The existing setup for minikube is very complicated, replicating most of the setup steps for a full kubernetes cluster in an only partially supported minikube configuration (driver=none). Furthermore the existing setup has been broken for sometime, likely, at least in part due to the changes to CNI and CRI in recent kubernetes versions. Since what we actually need is only a running Kubernetes cluster on the node and access to a registry on localhost:5000, we can switch the extremely complicated minikube setup for a lightweight cluster using k3s. Minikube came with a default addon for running a registry on every node, but the same is not the case for k3s, instead we make use of the package helm controller and its HelmChart CR to deploy twuni/docker-registry.helm and expose it on localhost using the integrated LoadBalancer controller. * fix(test-684): pin base container version The dockerfile for the regression test connected to issue 684 used a rolling tag as base image, making it flaky and fail since it was introduced. This commit pins the base image to the digest of bionic-20200219, which, based on the date of the commit that introduced to the dockerfile would be the most newest ubuntu build and likely what the "rolling" tag resolved to back then. Since this also an image from the pre-oci days of ubuntu, this circumvents a bug in container-diff as well (GoogleContainerTools/container-diff#389)
|
I can confirm the reproduction of this issue, which is "breaking" our cicd pipelines right now |
|
Fixed by d8d566b. Closing |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I ran into this bug when trying to fix the integration tests for kaniko which relies on container-diff to verify build parity between kaniko and docker
One of the test images is based on ubuntu:rolling, which by now is serving OCI indexes and manifests.
Expected behavior
container-diff can pull and then analyze or diff the images
Actual behavior
ERRO[0001] error retrieving image ubuntu@sha256:699796ebf58f6d43889a7a2a29bcc8e421f8fa86bdc00d3ffededdb37e2a8d4c: MANIFEST_UNKNOWN: OCI index found, but accept header does not support OCI indexesInformation
Steps to reproduce the behavior
container-diff analyze ubuntu@sha256:699796ebf58f6d43889a7a2a29bcc8e421f8fa86bdc00d3ffededdb37e2a8d4c
Notes
On noticing that the go-containerregistry dependency in go.mod is over 4 years old, I bumped it to the newest release (v0.13.0) and if I build with this dependency, the resulting container-diff works
$ ./container-diff-local version v0.17.0 built from git (unknown) $ ./container-diff-local analyze ubuntu@sha256:699796ebf58f6d43889a7a2a29bcc8e421f8fa86bdc00d3ffededdb37e2a8d4c -----Size----- Analysis for ubuntu@sha256:699796ebf58f6d43889a7a2a29bcc8e421f8fa86bdc00d3ffededdb37e2a8d4c: IMAGE DIGEST SIZE ubuntu@sha256:699796ebf58f6d43889a7a2a29bcc8e421f8fa86bdc00d3ffededdb37e2a8d4c sha256:3314ba73393b9a02c8e86e2222d58dcba1a3b8a996f1dae66c59504a4c8be3cd 70.6MI'll be putting up a PR shortly, however I'm a bit worried that such a large jump in dependency version might be disruptive, so I am open to suggestions for an older version of ggcr or any things that need to be fixed when bumping to version 1.17 dependencies
The text was updated successfully, but these errors were encountered: