Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make buildah push support pushing manifests lists and digests #2895

Merged
merged 1 commit into from
Jan 8, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions cmd/buildah/manifest.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ import (
"github.com/containers/image/v5/manifest"
"github.com/containers/image/v5/transports"
"github.com/containers/image/v5/transports/alltransports"
"github.com/containers/image/v5/types"
"github.com/containers/storage"
digest "github.com/opencontainers/go-digest"
imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
Expand All @@ -39,10 +41,6 @@ type manifestAnnotateOpts = struct {
features, osFeatures, annotations []string
}
type manifestInspectOpts = struct{}
type manifestPushOpts = struct {
purge, quiet, all, tlsVerify, removeSignatures bool
authfile, certDir, creds, digestfile, format, signaturePolicy, signBy string
}

func init() {
var (
Expand All @@ -58,7 +56,7 @@ func init() {
manifestRemoveOpts manifestRemoveOpts
manifestAnnotateOpts manifestAnnotateOpts
manifestInspectOpts manifestInspectOpts
manifestPushOpts manifestPushOpts
manifestPushOpts pushOptions
)
manifestCommand := &cobra.Command{
Use: "manifest",
Expand Down Expand Up @@ -188,7 +186,7 @@ func init() {
}
manifestPushCommand.SetUsageTemplate(UsageTemplate())
flags = manifestPushCommand.Flags()
flags.BoolVar(&manifestPushOpts.purge, "purge", false, "remove the manifest list if push succeeds")
flags.BoolVar(&manifestPushOpts.rm, "rm", false, "remove the manifest list if push succeeds")
flags.BoolVar(&manifestPushOpts.all, "all", false, "also push the images in the list")
flags.StringVar(&manifestPushOpts.authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
flags.StringVar(&manifestPushOpts.certDir, "cert-dir", "", "use certificates at the specified path to access the registry")
Expand All @@ -203,6 +201,7 @@ func init() {
}
flags.BoolVar(&manifestPushOpts.tlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry. TLS verification cannot be used when talking to an insecure registry.")
flags.BoolVarP(&manifestPushOpts.quiet, "quiet", "q", false, "don't output progress information when pushing lists")
flags.SetNormalizeFunc(cli.AliasFlags)
manifestCommand.AddCommand(manifestPushCommand)
}

Expand Down Expand Up @@ -630,7 +629,7 @@ func manifestInspectCmd(c *cobra.Command, args []string, opts manifestInspectOpt
return nil
}

func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) error {
func manifestPushCmd(c *cobra.Command, args []string, opts pushOptions) error {
if err := auth.CheckAuthFile(opts.authfile); err != nil {
return err
}
Expand Down Expand Up @@ -659,12 +658,15 @@ func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) err
if err != nil {
return err
}

systemContext, err := parse.SystemContextFromOptions(c)
if err != nil {
return errors.Wrapf(err, "error building system context")
}

return manifestPush(systemContext, store, listImageSpec, destSpec, opts)
}

func manifestPush(systemContext *types.SystemContext, store storage.Store, listImageSpec, destSpec string, opts pushOptions) error {
_, listImage, err := util.FindImage(store, "", systemContext, listImageSpec)
if err != nil {
return err
Expand Down Expand Up @@ -712,7 +714,7 @@ func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) err

_, digest, err := list.Push(ctx, dest, options)

if err == nil && opts.purge {
if err == nil && opts.rm {
_, err = store.DeleteImage(listImage.ID, true)
}

Expand Down
11 changes: 11 additions & 0 deletions cmd/buildah/push.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,23 @@ import (
"github.com/containers/image/v5/manifest"
"github.com/containers/image/v5/transports"
"github.com/containers/image/v5/transports/alltransports"
"github.com/containers/storage"
imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)

type pushOptions struct {
all bool
authfile string
blobCache string
certDir string
creds string
digestfile string
disableCompression bool
format string
rm bool
quiet bool
removeSignatures bool
signaturePolicy string
Expand Down Expand Up @@ -68,6 +71,7 @@ func init() {

flags := pushCommand.Flags()
flags.SetInterspersed(false)
flags.BoolVar(&opts.all, "all", false, "push all of the images referenced by the manifest list")
flags.StringVar(&opts.authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
flags.StringVar(&opts.blobCache, "blob-cache", "", "assume image blobs in the specified directory will be available for pushing")
flags.StringVar(&opts.certDir, "cert-dir", "", "use certificates at the specified path to access the registry")
Expand All @@ -76,6 +80,7 @@ func init() {
flags.BoolVarP(&opts.disableCompression, "disable-compression", "D", false, "don't compress layers")
flags.StringVarP(&opts.format, "format", "f", "", "manifest type (oci, v2s1, or v2s2) to use when saving image using the 'dir:' transport (default is manifest type of source)")
flags.BoolVarP(&opts.quiet, "quiet", "q", false, "don't output progress information when pushing images")
flags.BoolVar(&opts.rm, "rm", false, "remove the manifest list if push succeeds")
flags.BoolVarP(&opts.removeSignatures, "remove-signatures", "", false, "don't copy signatures when pushing image")
flags.StringVar(&opts.signBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`")
flags.StringVar(&opts.signaturePolicy, "signature-policy", "", "`pathname` of signature policy file (not usually used)")
Expand Down Expand Up @@ -195,6 +200,12 @@ func pushCmd(c *cobra.Command, args []string, iopts pushOptions) error {

ref, digest, err := buildah.Push(getContext(), src, dest, options)
if err != nil {
if errors.Cause(err) != storage.ErrImageUnknown {
// Image might be a manifest so attempt a manifest push
if manifestsErr := manifestPush(systemContext, store, src, destSpec, iopts); manifestsErr == nil {
return nil
}
}
return util.GetFailureCause(err, errors.Wrapf(err, "error pushing image %q to %q", src, destSpec))
}
if ref != nil {
Expand Down
4 changes: 3 additions & 1 deletion contrib/completions/bash/buildah
Original file line number Diff line number Diff line change
Expand Up @@ -632,12 +632,14 @@ return 1

_buildah_push() {
local boolean_options="
--all
--help
-h
--disable-compression
-D
--quiet
-q
--rm
--tls-verify
--remove-signatures
"
Expand Down Expand Up @@ -868,7 +870,7 @@ return 1
--digestfile
--format
-f
--purge
--rm
--sign-by
"

Expand Down
8 changes: 4 additions & 4 deletions docs/buildah-manifest-push.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,6 @@ After copying the image, write the digest of the resulting image to the file.

Manifest list type (oci or v2s2) to use when pushing the list (default is oci).

**--purge**

Delete the manifest list or image index from local storage if pushing succeeds.

**--quiet**, **-q**

Don't output progress information when pushing lists.
Expand All @@ -59,6 +55,10 @@ Don't output progress information when pushing lists.

Don't copy signatures when pushing images.

**--rm**

Delete the manifest list or image index from local storage if pushing succeeds.

**--sign-by** *fingerprint*

Sign the pushed images using the GPG key that matches the specified fingerprint.
Expand Down
13 changes: 11 additions & 2 deletions docs/buildah-push.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# buildah-push "1" "June 2017" "buildah"

## NAME
buildah\-push - Push an image from local storage to elsewhere.
buildah\-push - Push an image, manifest list or image index from local storage to elsewhere.

## SYNOPSIS
**buildah push** [*options*] *image* [*destination*]
Expand Down Expand Up @@ -42,6 +42,11 @@ If the transport part of DESTINATION is omitted, "docker://" is assumed.

## OPTIONS

**--all**

If specified image is a manifest list or image index, push the images in addition to
the list or index itself.

**--authfile** *path*

Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `buildah login`.
Expand Down Expand Up @@ -86,6 +91,10 @@ When writing the output image, suppress progress output.

Don't copy signatures when pushing images.

**--rm**

When pushing a the manifest list or image index, delete them from local storage if pushing succeeds.

**--sign-by** *fingerprint*

Sign the pushed image using the GPG key that matches the specified fingerprint.
Expand Down Expand Up @@ -164,4 +173,4 @@ registries.conf is the configuration file which specifies which container regist
Signature policy file. This defines the trust policy for container images. Controls which container registries can be used for image, and whether or not the tool should trust the images.

## SEE ALSO
buildah(1), buildah-login(1), containers-policy.json(5), docker-login(1), containers-registries.conf(5)
buildah(1), buildah-login(1), containers-policy.json(5), docker-login(1), containers-registries.conf(5), buildah-manifest(1)
2 changes: 2 additions & 0 deletions pkg/cli/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,8 @@ func AliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName {
name = "arch"
case "override-os":
name = "os"
case "purge":
name = "rm"
}
return pflag.NormalizedName(name)
}
8 changes: 8 additions & 0 deletions tests/lists.bats
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,14 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
run_buildah 125 manifest inspect foo
}

@test "manifest-push-rm" {
run_buildah manifest create foo
run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}
run_buildah manifest inspect foo
run_buildah manifest push --signature-policy ${TESTSDIR}/policy.json --rm foo dir:${TESTDIR}/pushed
run_buildah 125 manifest inspect foo
}

@test "manifest-push should fail with nonexistent authfile" {
run_buildah manifest create foo
run_buildah manifest add --arch=arm64 foo ${IMAGE_LIST}
Expand Down