search

oras-project / oras

OCI registry client - managing content like artifacts, images, packages
https://oras.land
Apache License 2.0
1.44k stars 174 forks source link

make image spec flag defaults to `v1.1` #1327

Open qweeah opened 5 months ago

qweeah commented 5 months ago

Historically ORAS user is able to push an artifact with pre-baked config data:

> oras version
Version:        1.2.0-beta.1
Go version:     go1.21.6
Git commit:     9ffdb3eec60b969d842af1a9e699202e0827fa01
Git tree state: clean
> echo "my config" > config
> oras push localhost:5000/test:config --config config
✓ Uploaded  application/vnd.unknown.config.v1+json                                                                             10/10  B 100.00%   65ms
  └─ sha256:d2dd07b796dd3f3c95c4d0f05f3807428e1ab9010bcfc704d55f2de9536589a4
✓ Uploaded  application/vnd.oci.empty.v1+json                                                                                    2/2  B 100.00%   73ms
  └─ sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
✓ Uploaded  application/vnd.oci.image.manifest.v1+json                                                                       474/474  B 100.00%   33ms
  └─ sha256:b43de09173341653d188292e0e507b1bc8be0fad45ed4a23d12f9533aebe9c7e
Pushed [registry] localhost:5000/test:config
Digest: sha256:b43de09173341653d188292e0e507b1bc8be0fad45ed4a23d12f9533aebe9c7e
> oras manifest fetch localhost:5000/test:config --pretty
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.unknown.config.v1+json",
    "digest": "sha256:d2dd07b796dd3f3c95c4d0f05f3807428e1ab9010bcfc704d55f2de9536589a4",
    "size": 10
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.empty.v1+json",
      "digest": "sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "size": 2,
      "data": "e30="
    }
  ],
  "annotations": {
    "org.opencontainers.image.created": "2024-04-08T08:22:23Z"
  }
}

The baked artifact doesn't contain artifactType field, which is not compliant to the OCI artifact guidance.

We still allow the above behavior to avoid breaking change in 1.* versions. The workaround is to set the default value of --image-spec to auto, when --artifact-type is not provided, switch to v1.0 automatically.

In v2 we should 1) Remove the auto switch: set the default value of --image-spec to v1.1 2) Ban the behavior and user need to use --image-spec v1.0 --config xxx to bake v1.0 OCI artifacts (without artifactType) explicitly.

FeynmanZhou commented 5 months ago

Linking related comment https://github.com/oras-project/oras/issues/1061#issuecomment-2042085185