leafty
commented
1 week ago Thanks @Panaetius, for the UI side, we could use trimming before sending. Is there a validation rule for container image references?
Open Panaetius opened 1 week ago
leafty
commented
1 week ago Thanks @Panaetius, for the UI side, we could use trimming before sending. Is there a validation rule for container image references?
Panaetius
commented
1 week ago https://docs.docker.com/reference/cli/docker/image/tag/ describes it a bit, which refers to this spec: https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pulling-manifests which has [a-z0-9]+((\.|_|__|-+)[a-z0-9]+)*(\/[a-z0-9]+((\.|_|__|-+)[a-z0-9]+)*)* for the image name/path and [a-zA-Z0-9_][a-zA-Z0-9._-]{0,127} for the tag, if I'm reading this correctly.
I don't think there's a ready made rule available for this in pydantic or similar.
leafty
commented
1 week ago OK, thanks! Not sure if this is usable at the moment since it does not seem to cover using a digest (which is valid).
Example: renku/renkulab-py@sha256:eceed25752d7544db159e4144a41ed6e96e667f39ff9fa18322d79c33729a18c. This uses the index digest, so is a reference to a multi-arch image. This works perfectly fine for a Renku 2.0 session.
Registry page: https://hub.docker.com/layers/renku/renkulab-py/3.11-6e408a8/images/sha256-9f3940e65bd1f30c8963a2ce501afa740dd151f7e19181d43ddd3d12c9934339
We should validate that the image name for an environment is actually a valid image identifier. Currently it accepts any character, including spaces. This then causes session launch to fail because it can't find the image, but is very difficult to spot that this happened in the input field. (so
renku/myimagedoesn't work whererenku/myimageworks).ideally we'd also validate this in the UI. For reference, one of these two won't launch(due to a space in the beginning):
