From 76d19c5da0ffa66d86e24e5dab46c4bb51bfd960 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 11 Nov 2024 15:34:55 -0500 Subject: [PATCH] fix: supply manifest list digest to pyxis We're populating containerImage entities incorrectly. I think this has no real effect, but if you look at one that we generate, the manifest_list_digest and manifest_schema2_digest are always the same, but they're not supposed to be. We currently incorrectly always set them to the value of the arch-specific image manifest, when the point is to provide both values, the multi-arch image index manifest as the manifest_list_digest and the arch-specific image manifest as the manifest_schema2_digest. Signed-off-by: Ralph Bean --- pyxis/create_container_image.py | 17 ++++++----------- pyxis/test_create_container_image.py | 2 ++ 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/pyxis/create_container_image.py b/pyxis/create_container_image.py index f11403d..6d92ef5 100755 --- a/pyxis/create_container_image.py +++ b/pyxis/create_container_image.py @@ -246,11 +246,11 @@ def pyxis_tags(args, date_now): ] -def repository_digest_values(args, docker_image_digest): +def repository_digest_values(args): """Return digest values for the repository entry in the image entity""" result = {"manifest_schema2_digest": args.architecture_digest} if args.media_type in MANIFEST_LIST_TYPES: - result["manifest_list_digest"] = docker_image_digest + result["manifest_list_digest"] = args.digest return result @@ -261,12 +261,10 @@ def create_container_image(args, parsed_data: Dict[str, Any]): date_now = datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%f+00:00") - if "digest" not in parsed_data: - raise Exception("Digest was not found in the passed oras manifest json") if "name" not in parsed_data: raise Exception("Name was not found in the passed oras manifest json") - docker_image_digest = parsed_data["digest"] - # digest isn't accepted in the parsed_data payload to pyxis + + # digest isn't accepted in the parsed_data payload to pyxis; we ignore it del parsed_data["digest"] image_name = parsed_data["name"] @@ -309,9 +307,7 @@ def create_container_image(args, parsed_data: Dict[str, Any]): if uncompressed_top_layer_id: container_image_payload["uncompressed_top_layer_id"] = uncompressed_top_layer_id - container_image_payload["repositories"][0].update( - repository_digest_values(args, docker_image_digest) - ) + container_image_payload["repositories"][0].update(repository_digest_values(args)) # For images released to registry.redhat.io we need a second repository item # with published=true and registry and repository converted. @@ -347,7 +343,6 @@ def add_container_image_repository(args, parsed_data: Dict[str, Any], image: Dic date_now = datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%f+00:00") image_name = parsed_data["name"] - docker_image_digest = parsed_data["digest"] patch_url = urljoin(args.pyxis_url, f"v1/images/id/{identifier}") @@ -360,7 +355,7 @@ def add_container_image_repository(args, parsed_data: Dict[str, Any], image: Dic "tags": pyxis_tags(args, date_now), } ) - image["repositories"][-1].update(repository_digest_values(args, docker_image_digest)) + image["repositories"][-1].update(repository_digest_values(args)) rsp = pyxis.patch(patch_url, image).json() diff --git a/pyxis/test_create_container_image.py b/pyxis/test_create_container_image.py index b6f7fa4..e42e8b4 100644 --- a/pyxis/test_create_container_image.py +++ b/pyxis/test_create_container_image.py @@ -202,6 +202,7 @@ def test_create_container_image_latest(mock_datetime, mock_post): args.certified = "false" args.is_latest = "true" args.rh_push = "false" + args.digest = "some_digest" args.architecture_digest = "arch specific digest" args.media_type = "application/vnd.oci.image.index.v1+json" @@ -262,6 +263,7 @@ def test_create_container_image_rh_push_multiple_tags(mock_datetime, mock_post): args.tags = "tagprefix tagprefix-timestamp" args.certified = "false" args.rh_push = "true" + args.digest = "some_digest" args.architecture_digest = "arch specific digest" args.media_type = "application/vnd.oci.image.index.v1+json"