search

CircleCI-Public / aws-ecr-orb

CircleCI orb for interacting with Amazon's Elastic Container Registry (ECR)
https://circleci.com/orbs/registry/orb/circleci/aws-ecr
MIT License
80 stars 142 forks source link

[Feature request] Tags per platform #280

Open sawanoboly opened 1 year ago

sawanoboly commented 1 year ago

What would you like to be added

When using a multi-platform build, I would like to push a tag for each platform in addition to the tag in manifest.

For example, {TAG}_arm64, {TAG}_amd64, etc.

Why is this needed

We would like to use untagged as a policy setting when using Amazon ECR lifecycle. With the current push method, the container images included in the manifest will be in DIGEST only status and will likely be deleted in the untagged lifecycle. When implemented, a generally fixed suffix is sufficient.

brivu commented 1 year ago

Hey @sawanoboly,

Thank you for opening this issue. I am not quite clear on what you mean here. Are you able to send me an example of your current manifest and an example of your desired manifest? If you can include links to the documentation to help clarify, that'd be great.

If you'd like this feature to be included in this round of releases, feel free to make the code changes and open a pull request. That way I can review it and potentially merge it to main in the next release.

Thank you!

Best, Brian

sawanoboly commented 1 year ago

@brivu Thanks for the reply 😃

This request is not supported by the standard operation of buildx and may require some complications.

As an example, if you have the following manifest as the latest tag,

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1780,
         "digest": "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaa",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1780,
         "digest": "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbb",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}

Image indexes with the latest tag are not subject to the untagged rule of the ECR lifecycle. However, the actual images it contains, sha256:aaaaaaaaaaaaaaaaaaaaaaaaaa, sha256: bbbbbbbbbbbbbbbbbbbbbbbbbbbb, are not tagged, so the life cycle untagged rules will remove untagged rules in the lifecycle will delete them.

I currently exclude myself from the ECR lifecycle, so aaa...., bbb... images are also tagged.

The script actually used divides the steps as follows

# build both images as : latest_amd64 and : latest_arm64
docker buildx bake --no-cache --load latest

# push amd64 image
docker tag $(IMAGE_NAME): latest_amd64 $(ECR_DOMAIN)/$(IMAGE_NAME):latest_amd64
docker push $(ECR_DOMAIN)/$(IMAGE_NAME): latest_amd64

# push arm64 image
docker tag $(IMAGE_NAME): latest_arm64 $(ECR_DOMAIN)/$(IMAGE_NAME):latest_arm64
docker push $(ECR_DOMAIN)/$(IMAGE_NAME): latest_arm64

# create manifest and push to ECR
docker manifest create \
  $(ECR_DOMAIN)/$(IMAGE_NAME):latest \
  $(ECR_DOMAIN)/$(IMAGE_NAME):latest_amd64 \
  -a $(ECR_DOMAIN)/$(IMAGE_NAME):latest_arm64

docker manifest push $(ECR_DOMAIN)/$(IMAGE_NAME):latest

I am not sure if this is optimal, but so far we have been able to operate successfully with it. I think it could be made a bit more concise by using buildx's metadata.

Did we convey what we wanted to do?