Open michbeck100 opened 8 months ago
davidcollom
commented
7 months ago Hi @michbeck100, Thanks for raising this... I have seen this myself and was meant to raise an issue about it! I think the publish date needs to play some part in the sorting process. Its actually an area of version-checker I've not explored just yet.
michbeck100
commented
7 months ago Is there any progress on this?
hawksight
commented
3 months ago @michbeck100 nothing as of yet that I'm aware of.
I was looking into validating some "latest" images and came across 2 cases where this type of problem is present with other tooling such as oras. I think it could have something to do with the API returning Lexical ordering.
Take this example making use of the --last feature
oras repo tags docker.io/grafana/grafana --exclude-digest-tags --last 9.5.7
oras repo tags docker.io/grafana/grafana --exclude-digest-tags --last 10.1.8In that case above because of the alphabetic ordering, the second command actually brings back many more results than the first, despite what you would imagine to be less.
I'll have to review the code here, but I suspect that version-checker might be doing something similar perhaps?
I have some strange version checks with popular images and I think there is something missing in the checking algorithm.
For the image
grafana/grafanaversion-checker says the latest version is 9799770991, which is obviously correct if you compare just version numbers. But this tag is 8 months old and the actual latest tag currently would be 10.2.2. Another example would bequay.io/jetstack/cert-manager-webhook-arm64: v1.13.2 vs. 608111629.I am wondering if it would be better to always take the publish date into account when checking versions?
Maybe there is another trick how to avoid these false positives?