search

containerd / nerdctl

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
Apache License 2.0
7.97k stars 595 forks source link

Image labels lost when pushed (specific to `ghcr.io` ?) #2524

Open icefery opened 1 year ago

icefery commented 1 year ago

Description

when execute nerdctl push <image> --all-platforms and push image to ghcr.io, image labels lost.

Steps to reproduce the issue

  1. Write dockerfile
FROM ubuntu:22.04
LABEL org.opencontainers.image.source=https://github.com/<OWNER>/<REPO>
  1. Build image and push to ghcr.io
nerdctl build -f <DOCKERFILE> --tag ghcr.io/<OWNER>/<IMAGE> --platform linux/amd64,linux/arm64 .

nerdctl push ghcr.io/<OWNER>/<IMAGE>
  1. GitHub Package does not connect this image to the label repository, but labels do exist in nerdctl image describe <IMAGE>

Describe the results you received and expected

As the same as docker push.

What version of nerdctl are you using?

Client:
 Version:       v1.5.0
 OS/Arch:       linux/amd64
 Git commit:    b33a58f288bc42351404a016e694190b897cd252
 buildctl:
  Version:      v0.12.0
  GitCommit:    18fc875d9bfd6e065cd8211abc639434ba65aa56

Server:
 containerd:
  Version:      v1.7.3
  GitCommit:    7880925980b188f4c97b462f709d0db8e8962aff
 runc:
  Version:      1.1.8
  GitCommit:    v1.1.8-0-g82f18fe0

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

Linux tc-209 5.15.0-83-generic #92-Ubuntu SMP Mon Aug 14 09:30:42 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
yankay commented 1 year ago

HI @icefery

When I tried to investigate the bug, found the labels does not lost. And the registry is Harbor.

# Build with a Dockerfile in the issue
nerdctl build --tag release-ci.daocloud.io/yankay-personal/haha2  --platform linux/amd64,linux/arm64 .
nerdctl  push release-ci.daocloud.io/yankay-personal/haha2:latest

In another machine

nerdctl  pull  release-ci.daocloud.io/yankay-personal/haha2:latest
nerdctl image history release-ci.daocloud.io/yankay-personal/haha2:latest
SNAPSHOT                                                                   CREATED        CREATED BY                                       SIZE       COMMENT
<missing>                                                                  6 weeks ago    LABEL org.opencontainers.image.source=https:…    0.0 B      buildkit.dockerfile.v0
<missing>                                                                  6 weeks ago    /bin/sh -c #(nop)  CMD ["/bin/sh"]               0.0 B
sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230    6 weeks ago    /bin/sh -c #(nop) ADD file:32ff5e7a78b890996…    7.3 MiB

It shows the lables :-) Would you help us to reproduce the bug with full steps :-)

And if image is built by multi-tags , it's better to use nerdctl push --all-platforms options to push all archs.

icefery commented 1 year ago

HI @icefery

When I tried to investigate the bug, found the labels does not lost. And the registry is Harbor.

# Build with a Dockerfile in the issue
nerdctl build --tag release-ci.daocloud.io/yankay-personal/haha2  --platform linux/amd64,linux/arm64 .
nerdctl  push release-ci.daocloud.io/yankay-personal/haha2:latest

In another machine

nerdctl  pull  release-ci.daocloud.io/yankay-personal/haha2:latest
nerdctl image history release-ci.daocloud.io/yankay-personal/haha2:latest
SNAPSHOT                                                                   CREATED        CREATED BY                                       SIZE       COMMENT
<missing>                                                                  6 weeks ago    LABEL org.opencontainers.image.source=https:…    0.0 B      buildkit.dockerfile.v0
<missing>                                                                  6 weeks ago    /bin/sh -c #(nop)  CMD ["/bin/sh"]               0.0 B
sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230    6 weeks ago    /bin/sh -c #(nop) ADD file:32ff5e7a78b890996…    7.3 MiB

It shows the lables :-) Would you help us to reproduce the bug with full steps :-)

And if image is built by multi-tags , it's better to use nerdctl push --all-platforms options to push all archs.

Thanks for your reply. I have tried to push to ghcr.io and docker hub with --all-platforms flag, and then pull them at another machine, image lables do exist.

The purpose is to make up relation for github package(image) and github repo.

Docker cli:

docker buildx build -f ubuntu.dockerfile -t ghcr.io/icefery/ubuntu:22.04 --platform linux/amd64,linux/arm64 --push .

can archive the goal. I don't know why, I guess there might be some usage limitations for github package.