search

dotnet / docker-tools

This is a repo to house some common tools for our various docker repos.
MIT License
122 stars 46 forks source link

Only include image digests in annotation data #1378

Closed mthalman closed 1 month ago

mthalman commented 1 month ago

The logic in GenerateEolAnnotationDataCommand is too permissive with the digests contained in its results. It is a given that the registry will include annotation manifests. These manifests will be returned in the query used here: https://github.com/dotnet/docker-tools/blob/53fc43c6658f8fba28a47c3597b5e28aec558c72/src/Microsoft.DotNet.ImageBuilder/src/Commands/GenerateEolAnnotationDataCommand.cs#L160

These annotation digests will be included in the results because their digests will not match what is contained in the image info file, as expected. Including these annotation digests in the results will cause them to be annotated themselves (an annotation of an annotation). Instead, all referrer manifests need to be filtered out and not included in the results.

dotnet-issue-labeler[bot] commented 1 month ago

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

dotnet-issue-labeler[bot] commented 1 month ago

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.