[英]Tagging and pushing Docker image changes digest
拉取、标记然后推送我们在 Github 操作流中生成的 Docker 图像会导致推送带有新摘要的新图像,而不是简单地标记现有图像。
首先,我们使用 Docker build-push 操作的新 v2 构建映像( https://github.com/docker/build-push-action )
jobs:
build-push:
name: Build and push docker image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
- id: docker_build
uses: docker/build-push-action@v2
with:
tags: gcr.io/our-project/foo:initial-tag
push: true
target: build
build-args: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }}
然后,在稍后的单独工作流程中,我们将该图像 ( gcr.io/our-project/foo:initial-tag
) 拉下来并添加新标签。
jobs:
tag-image:
name: Tag image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
- run: |
docker pull gcr.io/our-project/foo:initial-tag
docker tag gcr.io/our-project/foo:initial-tag gcr.io/our-project/foo:new-tag
docker push gcr.io/our-project/foo:new-tag
在推送new-tag
之后,我希望我们的注册表包含一个带有initial-tag
和new-tag
的图像摘要。 相反,这会创建一个新的图像摘要,上面只有new-tag
。
Digest: sha256:abc123
Tags: gcr.io/our-project/foo:initial-tag
Digest: sha256:def456
Tags: gcr.io/our-project/foo:new-tag
此外,如果我们现在将标签(比如latest
)添加到new-tag
,它不会创建新的图像摘要
Digest: sha256:abc123
Tags: gcr.io/our-project/foo:initial-tag
Digest: sha256:def456
Tags: gcr.io/our-project/foo:new-tag, gcr.io/our-project/foo:latest
作为一种解决方法,我们发现推送不带标签的图像名称会正确地将标签分配给现有的摘要。
docker pull gcr.io/our-project/foo:initial-tag
docker tag gcr.io/our-project/foo:initial-tag gcr.io/our-project/foo:new-tag
docker push gcr.io/our-project/foo
crane cp
将有效地复制图像并保留摘要值
https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane_copy.md
您可以导出 docker 图像并像这样推送。 然后 docker 图像摘要不会在您标记更多时更改。
- name: build docker image
uses: docker/build-push-action@v3
with:
context: .
file: 'Dockerfile'
load: true
tags: |
${{ steps.tag-container-image.outputs.TAG_A }}
${{ steps.tag-container-image.outputs.TAG_B }}
${{ steps.tag-container-image.outputs.LATEST }}
- name: push docker image
run: |
docker push ${{ steps.tag-container-image.outputs.TAG_A }}
docker push ${{ steps.tag-container-image.outputs.TAG_B }}
docker push ${{ steps.tag-container-image.outputs.LATEST }}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.