Incorrectly tagged release

[Cellane]

In the official Docker registry for this project, there is one image that’s incorrectly tagged. Please see here.

The image gcr.io/google-containers/cadvisor@sha256:ed53f9f93bb52d64fa8f95daece42d95d18d1e48a8ec9237bd5944ed634348a1 (digest ed53f9f93bb5) is tagged both as v0.25.0 (correct, I assume) and v.25.0. The existence of the later tag makes it more difficult to build tools that automatically detect, pull and deploy new releases of cAdvisor, as that image is easily (mis-?)parsed as “version 25.0”, rather than “0.25.0”

Is it possible for someone with write access to the registry to fix this mistake? Thank you kindly!

[dashpole]

google-containers became read-only recently, which may mean I can't update that image anymore. I'm checking with the owners of the repo. The plan is to start publishing cAdvisor images to a new gcr project soon, which should solve your problem.

[Cellane]

@dashpole I see! Thank you very much for your answer, and for trying to contact the relevant people.

[transacid]

another confusing thing is that the github release page says: 0.36.0 is a pre-release and 0.35.0 is the latest release. the registry tags 0.34.0 as "latest" although there is a 0.35.0 container

[dashpole]

Yes, we lost the ability to push "latest" images after we instituted a policy of immutable tags. So we just don't push the "latest" tag anymore. The github page usually has release N-1 marked as latest, and the most recent marked as pre-release.

[dashpole]

We won't be able to delete the incorrectly tagged version. Once I publish the next release to the new project, i'll let you know.

[Cellane]

@dashpole Hmm, I sort of understand (and thank you for investigating this!), but I think even publishing new tag/release won’t solve the issue I mentioned in the first post.

In my very tiny project (Cellane/shinka), I need to select the latest version published, thus I query the https://gcr.io/v2/google-containers/cadvisor/tags/list endpoint for a list of published tags in this registry. While the manifest dictionary gives me the publication date of each tag and I could theoretically elect the highest value of timeCreatedMs as the latest version, in reality, I don’t think that would be reliable – perhaps an urgent hotfix of an older version (say 0.30.3, as an hypothetical example) could be pushed later than the latest stable version.

That’s why I look at the tags dictionary instead, load its values into a Bash array (yikes!) and sort them with sort --version-sort. But as mentioned in my original thread, that command will understand the tag v.25.0 as 25.0.0 rather than 0.25.0. (I understand the above explanation sounds more like “my problem” rather than “your problem”, of course)

I suppose I could add special treatment for this one particular tag, or a global replace of v. ➡️ v0., but I wonder if that would break something else in other registries…

That’s why I was originally mentioning if that one tag could be removed from the registry (but that might be troublesome if tags are immutable) – not the entire release, just the duplicate/incorrect tag from the one image.

(Although as you mentioned in your first comment, publishing images into a new registry would also solve the problem for sure, provided the incorrect tag is not re-pushed into the new registry 🙇‍♂️)

[ratorx]

Hi, are there any updates on the incorrect latest tag? You mentioned moving the image to a new repo (which I assume is gcr.io/cadvisor/cadvisor?). I'm slightly confused which version to use.

On GitHub, the release marked as latest is v0.37.5. I understand that there are lots of pre-release versions. However, there is a newer version than the marked latest version, which is not tagged with pre-release (v0.38.8). Should that be a pre-release version, or the new latest version? And finally on gcr.io/cadvisor/cadvisor, the latest tag is on release v0.38.6.

Which version should I use? Would it be possible to update the latest tag on gcr.io to match the latest version (whichever one it might be)?

I understand that the recommendation is to manually pin a tag. However, I would prefer to be able to just run the latest stable version, whichever one it might be. I don't mind things breaking, but I'd rather not miss out on any security updates, especially considering the privileged nature of the container. Would it be possible to auto-update the latest tag on gcr.io and on GitHub to be consistent?

[Mark90]

This surprised me, but thinking about it it's actually a good argument that docker image tags should not be mutable, just like you shouldn't mutate tags in a git repository.

Seeing as it is a GCR policy it's unlikely to change, and I can imagine they won't allow mutating specific tags and disallow mutating others.

But it would be nice if the README.md contained something along the lines of

don't use cadvisor:latest because [GCR policy]