[英]Tagging and pushing Docker image changes digest
拉取、標記然后推送我們在 Github 操作流中生成的 Docker 圖像會導致推送帶有新摘要的新圖像,而不是簡單地標記現有圖像。
首先,我們使用 Docker build-push 操作的新 v2 構建映像( https://github.com/docker/build-push-action )
jobs:
build-push:
name: Build and push docker image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
- id: docker_build
uses: docker/build-push-action@v2
with:
tags: gcr.io/our-project/foo:initial-tag
push: true
target: build
build-args: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }}
然后,在稍后的單獨工作流程中,我們將該圖像 ( gcr.io/our-project/foo:initial-tag
) 拉下來並添加新標簽。
jobs:
tag-image:
name: Tag image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
- run: |
docker pull gcr.io/our-project/foo:initial-tag
docker tag gcr.io/our-project/foo:initial-tag gcr.io/our-project/foo:new-tag
docker push gcr.io/our-project/foo:new-tag
在推送new-tag
之后,我希望我們的注冊表包含一個帶有initial-tag
和new-tag
的圖像摘要。 相反,這會創建一個新的圖像摘要,上面只有new-tag
。
Digest: sha256:abc123
Tags: gcr.io/our-project/foo:initial-tag
Digest: sha256:def456
Tags: gcr.io/our-project/foo:new-tag
此外,如果我們現在將標簽(比如latest
)添加到new-tag
,它不會創建新的圖像摘要
Digest: sha256:abc123
Tags: gcr.io/our-project/foo:initial-tag
Digest: sha256:def456
Tags: gcr.io/our-project/foo:new-tag, gcr.io/our-project/foo:latest
作為一種解決方法,我們發現推送不帶標簽的圖像名稱會正確地將標簽分配給現有的摘要。
docker pull gcr.io/our-project/foo:initial-tag
docker tag gcr.io/our-project/foo:initial-tag gcr.io/our-project/foo:new-tag
docker push gcr.io/our-project/foo
crane cp
將有效地復制圖像並保留摘要值
https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane_copy.md
您可以導出 docker 圖像並像這樣推送。 然后 docker 圖像摘要不會在您標記更多時更改。
- name: build docker image
uses: docker/build-push-action@v3
with:
context: .
file: 'Dockerfile'
load: true
tags: |
${{ steps.tag-container-image.outputs.TAG_A }}
${{ steps.tag-container-image.outputs.TAG_B }}
${{ steps.tag-container-image.outputs.LATEST }}
- name: push docker image
run: |
docker push ${{ steps.tag-container-image.outputs.TAG_A }}
docker push ${{ steps.tag-container-image.outputs.TAG_B }}
docker push ${{ steps.tag-container-image.outputs.LATEST }}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.