Merge pull request #2895 from rhatdan/push

Make buildah push support pushing manifests lists and digests

cmd/buildah/manifest.go

@@ -42,10 +42,6 @@ type manifestAnnotateOpts = struct {
 	features, osFeatures, annotations []string
 }
 type manifestInspectOpts = struct{}
-type manifestPushOpts = struct {
-	purge, quiet, all, tlsVerify, removeSignatures                        bool
-	authfile, certDir, creds, digestfile, format, signaturePolicy, signBy string
-}
 
 func init() {
 	var (
@@ -61,7 +57,7 @@ func init() {
 		manifestRemoveOpts          manifestRemoveOpts
 		manifestAnnotateOpts        manifestAnnotateOpts
 		manifestInspectOpts         manifestInspectOpts
-		manifestPushOpts            manifestPushOpts
+		manifestPushOpts            pushOptions
 	)
 	manifestCommand := &cobra.Command{
 		Use:   "manifest",
@@ -191,7 +187,7 @@ func init() {
 	}
 	manifestPushCommand.SetUsageTemplate(UsageTemplate())
 	flags = manifestPushCommand.Flags()
-	flags.BoolVar(&manifestPushOpts.purge, "purge", false, "remove the manifest list if push succeeds")
+	flags.BoolVar(&manifestPushOpts.rm, "rm", false, "remove the manifest list if push succeeds")
 	flags.BoolVar(&manifestPushOpts.all, "all", false, "also push the images in the list")
 	flags.StringVar(&manifestPushOpts.authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 	flags.StringVar(&manifestPushOpts.certDir, "cert-dir", "", "use certificates at the specified path to access the registry")
@@ -206,6 +202,7 @@ func init() {
 	}
 	flags.BoolVar(&manifestPushOpts.tlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry. TLS verification cannot be used when talking to an insecure registry.")
 	flags.BoolVarP(&manifestPushOpts.quiet, "quiet", "q", false, "don't output progress information when pushing lists")
+	flags.SetNormalizeFunc(cli.AliasFlags)
 	manifestCommand.AddCommand(manifestPushCommand)
 }
 
@@ -633,7 +630,7 @@ func manifestInspect(ctx context.Context, store storage.Store, systemContext *ty
 	return nil
 }
 
-func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) error {
+func manifestPushCmd(c *cobra.Command, args []string, opts pushOptions) error {
 	if err := auth.CheckAuthFile(opts.authfile); err != nil {
 		return err
 	}
@@ -662,12 +659,15 @@ func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) err
 	if err != nil {
 		return err
 	}
-
 	systemContext, err := parse.SystemContextFromOptions(c)
 	if err != nil {
 		return errors.Wrapf(err, "error building system context")
 	}
 
+	return manifestPush(systemContext, store, listImageSpec, destSpec, opts)
+}
+
+func manifestPush(systemContext *types.SystemContext, store storage.Store, listImageSpec, destSpec string, opts pushOptions) error {
 	_, listImage, err := util.FindImage(store, "", systemContext, listImageSpec)
 	if err != nil {
 		return err
@@ -713,7 +713,7 @@ func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) err
 
 	_, digest, err := list.Push(getContext(), dest, options)
 
-	if err == nil && opts.purge {
+	if err == nil && opts.rm {
 		_, err = store.DeleteImage(listImage.ID, true)
 	}
 

cmd/buildah/push.go

@@ -15,20 +15,23 @@ import (
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/transports/alltransports"
+	"github.com/containers/storage"
 	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
 type pushOptions struct {
+	all                bool
 	authfile           string
 	blobCache          string
 	certDir            string
 	creds              string
 	digestfile         string
 	disableCompression bool
 	format             string
+	rm                 bool
 	quiet              bool
 	removeSignatures   bool
 	signaturePolicy    string
@@ -68,6 +71,7 @@ func init() {
 
 	flags := pushCommand.Flags()
 	flags.SetInterspersed(false)
+	flags.BoolVar(&opts.all, "all", false, "push all of the images referenced by the manifest list")
 	flags.StringVar(&opts.authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 	flags.StringVar(&opts.blobCache, "blob-cache", "", "assume image blobs in the specified directory will be available for pushing")
 	flags.StringVar(&opts.certDir, "cert-dir", "", "use certificates at the specified path to access the registry")
@@ -76,6 +80,7 @@ func init() {
 	flags.BoolVarP(&opts.disableCompression, "disable-compression", "D", false, "don't compress layers")
 	flags.StringVarP(&opts.format, "format", "f", "", "manifest type (oci, v2s1, or v2s2) to use when saving image using the 'dir:' transport (default is manifest type of source)")
 	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "don't output progress information when pushing images")
+	flags.BoolVar(&opts.rm, "rm", false, "remove the manifest list if push succeeds")
 	flags.BoolVarP(&opts.removeSignatures, "remove-signatures", "", false, "don't copy signatures when pushing image")
 	flags.StringVar(&opts.signBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`")
 	flags.StringVar(&opts.signaturePolicy, "signature-policy", "", "`pathname` of signature policy file (not usually used)")
@@ -195,6 +200,12 @@ func pushCmd(c *cobra.Command, args []string, iopts pushOptions) error {
 
 	ref, digest, err := buildah.Push(getContext(), src, dest, options)
 	if err != nil {
+		if errors.Cause(err) != storage.ErrImageUnknown {
+			// Image might be a manifest so attempt a manifest push
+			if manifestsErr := manifestPush(systemContext, store, src, destSpec, iopts); manifestsErr == nil {
+				return nil
+			}
+		}
 		return util.GetFailureCause(err, errors.Wrapf(err, "error pushing image %q to %q", src, destSpec))
 	}
 	if ref != nil {

contrib/completions/bash/buildah

@@ -634,12 +634,14 @@ return 1
 
  _buildah_push() {
      local boolean_options="
+          --all
           --help
           -h
           --disable-compression
           -D
           --quiet
           -q
+          --rm
           --tls-verify
           --remove-signatures
   "
@@ -870,7 +872,7 @@ return 1
      --digestfile
      --format
      -f
-     --purge
+     --rm
      --sign-by
   "
 

docs/buildah-manifest-push.md

@@ -47,10 +47,6 @@ After copying the image, write the digest of the resulting image to the file.
 
 Manifest list type (oci or v2s2) to use when pushing the list (default is oci).
 
-**--purge**
-
-Delete the manifest list or image index from local storage if pushing succeeds.
-
 **--quiet**, **-q**
 
 Don't output progress information when pushing lists.
@@ -59,6 +55,10 @@ Don't output progress information when pushing lists.
 
 Don't copy signatures when pushing images.
 
+**--rm**
+
+Delete the manifest list or image index from local storage if pushing succeeds.
+
 **--sign-by** *fingerprint*
 
 Sign the pushed images using the GPG key that matches the specified fingerprint.

docs/buildah-push.md

@@ -1,7 +1,7 @@
 # buildah-push "1" "June 2017" "buildah"
 
 ## NAME
-buildah\-push - Push an image from local storage to elsewhere.
+buildah\-push - Push an image, manifest list or image index from local storage to elsewhere.
 
 ## SYNOPSIS
 **buildah push** [*options*] *image* [*destination*]
@@ -42,6 +42,11 @@ If the transport part of DESTINATION is omitted, "docker://" is assumed.
 
 ## OPTIONS
 
+**--all**
+
+If specified image is a manifest list or image index, push the images in addition to
+the list or index itself.
+
 **--authfile** *path*
 
 Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `buildah login`.
@@ -86,6 +91,10 @@ When writing the output image, suppress progress output.
 
 Don't copy signatures when pushing images.
 
+**--rm**
+
+When pushing a the manifest list or image index, delete them from local storage if pushing succeeds.
+
 **--sign-by** *fingerprint*
 
 Sign the pushed image using the GPG key that matches the specified fingerprint.
@@ -164,4 +173,4 @@ registries.conf is the configuration file which specifies which container regist
 Signature policy file.  This defines the trust policy for container images.  Controls which container registries can be used for image, and whether or not the tool should trust the images.
 
 ## SEE ALSO
-buildah(1), buildah-login(1), containers-policy.json(5), docker-login(1), containers-registries.conf(5)
+buildah(1), buildah-login(1), containers-policy.json(5), docker-login(1), containers-registries.conf(5), buildah-manifest(1)

pkg/cli/common.go

@@ -403,6 +403,8 @@ func AliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName {
 		name = "arch"
 	case "override-os":
 		name = "os"
+	case "purge":
+		name = "rm"
 	}
 	return pflag.NormalizedName(name)
 }

tests/lists.bats

@@ -105,6 +105,14 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
     run_buildah 125 manifest inspect foo
 }
 
+@test "manifest-push-rm" {
+    run_buildah manifest create foo
+    run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}
+    run_buildah manifest inspect foo
+    run_buildah manifest push --signature-policy ${TESTSDIR}/policy.json --rm foo dir:${TESTDIR}/pushed
+    run_buildah 125 manifest inspect foo
+}
+
 @test "manifest-push should fail with nonexistent authfile" {
     run_buildah manifest create foo
     run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}