Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow to specify image digest and do not reach out to registry if digest is available in cache #194

Closed
jsievers opened this issue Apr 23, 2018 · 4 comments
Closed

allow to specify image digest and do not reach out to registry if digest is available in cache #194

jsievers opened this issue Apr 23, 2018 · 4 comments

Comments

@jsievers
Copy link

We were facing some hangs on our pipeline recently caused by the docker image registry being down.

Proposal:

I want to be able to pin down the image used by a task to an immutable digest anyway, sth like.

- name: hello-world-docker-image
  type: docker-image
  source:
    username: ((docker-hub-username))
    password: ((docker-hub-password))
    repository: sample_docker_registry/concourse-tutorial-hello-world
    digest: "sha256:a8a5091416981a6dd5d4fc53fb4773133e8c7627202d55831d636c60d2d1a2e1"

then, the check and in logic of docker-image-resource could first check if the digest is available in the local cache , e.g. using

docker images sample_docker_registry/concourse-tutorial-hello-world --format "{{.Digest}}"

and spare the roundtrip to the docker image registry altogether if the digest is found locally.
This would make concourse pipelines more resilient to outages of docker registries.
@CAFxX
Copy link

CAFxX commented Jun 27, 2018
edited
Loading

Agreed, without this using community resources is basically a gamble because there's no way to pin a specific version of a docker image - so you have to trust the author won't do something funny later on, or risk allowing them to run arbitrary code of their choice on your infrastructure.

@giner
Copy link

giner commented Jun 27, 2018

I have tried the following and it didn't work:

    name: hipchat-notification-resource
    type: docker-image
    source:
      repository: cfcommunity/hipchat-notification-resource@sha256:d1c86704c6367651e4f8a905ced8760ed835344a1df6dab7ff9fae79ca0a3057

@achawki
Copy link

achawki commented Jul 26, 2018

Seems related to/duplicate of #187

creack added a commit to creack/docker-image-resource that referenced this issue Jul 27, 2018
@creack
Add digest to source, Fixes concourse#187, Fixes concourse#194
0857bd4 
Signed-off-by: Guillaume J. Charmes <[email protected]>
creack added a commit to creack/docker-image-resource that referenced this issue Jul 27, 2018
@creack
Add digest to source, Fixes concourse#187, Fixes concourse#194
cd7f930 
Signed-off-by: Guillaume J. Charmes <[email protected]>
creack added a commit to creack/docker-image-resource that referenced this issue Jul 27, 2018
@creack
Add digest to source, Fixes concourse#187, Fixes concourse#194
3031a86 
Signed-off-by: Guillaume J. Charmes <[email protected]>
@vito vito mentioned this issue Jul 30, 2018
Closed
@vito
Copy link
Member

vito commented Jul 30, 2018

Yeah, gonna fold this into #187. Thanks!

@vito vito closed this as completed Jul 30, 2018
@achawki achawki mentioned this issue Jul 31, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@vito @jsievers @CAFxX @giner @achawki