search

dotnet / sdk-container-builds

Libraries and build tooling to create container images from .NET projects using MSBuild
https://learn.microsoft.com/en-us/dotnet/core/docker/publish-as-container
MIT License
181 stars 39 forks source link

Container Publish: OCI base image without optional root mediaType fails #567

Open Tobias-08 opened 6 months ago

Tobias-08 commented 6 months ago

Describe the bug

We are using custom aspnet-runtime-images with OCI manifest. When using dotnet publish -p:PublishProfile=DefaultContainer with csproj's ContainerBaseImage pointing to our custom image, publish fails (exception below).

Our OCI manifest does not have a mediaType property in root which is valid according to the spec but seems to cause dotnet to fail:

{
        "schemaVersion": 2,
        "config": {
                "mediaType": "application/vnd.oci.image.config.v1+json",
                "size": ...,
                "digest": "..."
        },
        "layers": [
                {
                        "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
                        ...

To Reproduce

Exceptions (if any)

The "CreateNewImage" task failed unexpectedly. [...]
/usr/lib/dotnet/sdk/8.0.104/Containers/build/Microsoft.NET.Build.Containers.targets(202,5): error MSB4018: System.Text.Json.JsonException: JSON deserialization for type 'Microsoft.NET.Build.Containers.ManifestV2' was missing required properties, including the following: mediaType
baronfel commented 6 months ago

Thanks for the report.

@Tobias-08 without a media type, how should we interpret the various properties of the manifest? When an image like this is pushed to Docker hub or other container registries, what defaults do they have?

Tobias-08 commented 6 months ago

@baronfel Thanks for your quick response.

I'm not an expert on OCI manifests but shouldn't config:mediaType or layers:n:mediaType be sufficient?

Or do you mean that you need the root mediaType to differentiate between docker and OCI manifests (without parsing further properties)? Then I get your point but in my opinion it's still problematic that a valid manifest does not work.

baronfel commented 6 months ago

Yeah, your last point is what I was getting at. At this point I agree with you that per spec the manifest is valid, and I think that we need to see what other tools do in the absence of this (seemingly critical) information. Do they assume a certain media type? Do they probe for properties that only exist in one media type or another? Etc.

baronfel commented 6 months ago

@Tobias-08 is there any chance you could provide a sample base image or link to one for testing purposes?

baronfel commented 6 months ago

I think that Docker at least defaults a manifests' mediaType to "application/vnd.docker.distribution.manifest.v2+json", based on this default which is mapped to a mediaType in this check

Tobias-08 commented 6 months ago

@baronfel Unfortunately I am not allowed to share our images and I did not find a comparable OCI dotnet image.

I would have said to go with the "probe for properties that only exist in one media type"-approach.

That said I'm going to check with our image guys if the root mediaType could be added (as it seems quite unusual not to have one).