Skip to content

Commit

Permalink
Correctly pass through base image annotations (#636)
Browse files Browse the repository at this point in the history
There were some bugs here before:

- for indexes, we'd annotate the base, but then append to empty.Index
  which didn't carry those forward.
- when producing single-platform images based on multi-platform indexes
  (the default and most common scenario), we wouldn't carry forward the
  original base index's annotations to the single matching platform base
  image.
  • Loading branch information
imjasonh authored Mar 7, 2022
1 parent 5fb6c8c commit 204fbc9
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
22 changes: 14 additions & 8 deletions pkg/build/gobuild.go
Original file line number Diff line number Diff line change
Expand Up @@ -888,16 +888,15 @@ func (g *gobuild) Build(ctx context.Context, s string) (Result, error) {
return nil, err
}

// Take the digest of the base index or image, to annotate images we'll build later.
baseDigest, err := base.Digest()
if err != nil {
return nil, err
}

// Annotate the base image we pass to the build function with
// annotations indicating the digest (and possibly tag) of the
// base image. This will be inherited by the image produced.
if mt != types.DockerManifestList && !g.preserveMediaType {
if !(mt == types.DockerManifestList && g.preserveMediaType) {
baseDigest, err := base.Digest()
if err != nil {
return nil, err
}

anns := map[string]string{
specsv1.AnnotationBaseImageDigest: baseDigest.String(),
}
Expand Down Expand Up @@ -957,6 +956,8 @@ func (g *gobuild) buildAll(ctx context.Context, ref string, baseIndex v1.ImageIn
if err != nil {
return nil, fmt.Errorf("error getting matching image from index: %w", err)
}
// Carry forward the base index's annotations, which include base image annotations.
img = mutate.Annotations(img, im.Annotations).(v1.Image)
return g.buildOne(ctx, ref, img, matches[0].Platform)
}

Expand Down Expand Up @@ -1005,7 +1006,12 @@ func (g *gobuild) buildAll(ctx context.Context, ref string, baseIndex v1.ImageIn
return nil, err
}
}
idx := ocimutate.AppendManifests(mutate.IndexMediaType(empty.Index, baseType), adds...)

idx := ocimutate.AppendManifests(
mutate.Annotations(
mutate.IndexMediaType(empty.Index, baseType),
im.Annotations).(v1.ImageIndex),
adds...)

// TODO(mattmoor): If we want to attach anything (e.g. signatures, attestations, SBOM)
// at the index level, we would do it here!
Expand Down
8 changes: 4 additions & 4 deletions pkg/build/gobuild_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ func TestGoBuildNoKoData(t *testing.T) {

img, ok := result.(v1.Image)
if !ok {
t.Fatalf("Build() not an image: %v", result)
t.Fatalf("Build() not an Image: %T", result)
}

ls, err := img.Layers()
Expand Down Expand Up @@ -742,7 +742,7 @@ func TestGoBuild(t *testing.T) {

img, ok := result.(oci.SignedImage)
if !ok {
t.Fatalf("Build() not an image: %v", result)
t.Fatalf("Build() not a SignedImage: %T", result)
}

validateImage(t, img, baseLayers, creationTime, true, true)
Expand Down Expand Up @@ -854,7 +854,7 @@ func TestGoBuildWithoutSBOM(t *testing.T) {

img, ok := result.(oci.SignedImage)
if !ok {
t.Fatalf("Build() not an image: %v", result)
t.Fatalf("Build() not a SignedImage: %T", result)
}

validateImage(t, img, baseLayers, creationTime, true, false)
Expand Down Expand Up @@ -890,7 +890,7 @@ func TestGoBuildIndex(t *testing.T) {

idx, ok := result.(oci.SignedImageIndex)
if !ok {
t.Fatalf("Build() not an image: %v", result)
t.Fatalf("Build() not a SignedImageIndex: %T", result)
}

im, err := idx.IndexManifest()
Expand Down

0 comments on commit 204fbc9

Please sign in to comment.