Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JFCLI should identify the correct manifest from the virtual repository. #2765

Open
logeshjf opened this issue Nov 19, 2024 · 0 comments
Open

JFCLI should identify the correct manifest from the virtual repository. #2765

logeshjf opened this issue Nov 19, 2024 · 0 comments
Labels
feature request New feature or request

Comments

@logeshjf
Copy link

Use case:
When we push docker images to the Virtual repository using the JFrog CLI and if the default deployment repository is not in 1st place of the resolution order, then the JFrog CLI gets a different manifest and fails to collect the build info.

Example:
There are two local repositories 'dev' and 'release' and the default deployment repository is configured to the 'dev' repository,
In the virtual repository, the resolution order is

release
dev

Consider a scenario where we deploy the docker image (alpine:latest) to the virtual repository, it will be deployed to the ‘dev’ repository and the deployed image will be promoted from the dev to the release repository later inside the virtual.

After that, if we build a new image with the same name and tag (alpine:latest) and push it to the virtual repository again, the image will be pushed to the ‘dev’ repository.

Then, the JFCLI will collect the manifest for validation from the virtual repository. During the validation, the manifest is resolved from the ‘release’ repository as it was in the 1st place of the resolution order instead of the default redeployment repository ‘dev’. Hence, there is a mismatch in the manifest checksum and the validation fails. Here is the sample error snippet.

14:13:42 [Debug] Found incorrect manifest.json file. Expects digest "sha256:8a3078e2b2f3b3fc0b7fbfe87aaeb9c7c76582400e8c98328dccfef59d7c2cf8" found "sha256:91ef0af61f39ece4d6710e465df5ed6ca12112358344fd51ae6a3b886634148b
14:13:42 [Warn] Failed to collect build-info. No layer(s) was found for image:'/test-docker/alpine:latest'. Hint, try to delete the image from the local cache and rerun the command
14:13:42 [Debug] Could not find docker image in Artifactory, expecting image tag: ./test-docker/alpine:latest

Feature description:

The JFrog CLI should perform the following validation while deploying to a virtual repository.

  1. Get the manifest from the virtual repository based on the SHA instead of the name:tag.
  2. Add an option to make the validation optional.

Expected behavior
JFCLI should identify the correct manifest from the virtual repository during the validation process.

Possible workaround:
Change the workflow by deploying directly to the local repository rather than the virtual repository.
@logeshjf logeshjf added the feature request New feature or request label Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@logeshjf