cloud-image-uploader

#22 containers: only create one manifest per repo, clarify the name
Merged by jcline. Opened by adamwill.
adamwill/cloud-image-uploader container-simplify-manifests  into  main

After @jcline and I played around with this stuff a bit, it
seems clear that:

  • We don't need to create a separate manifest for each 'target'
  • We can give the local copy of the manifest a disposable name

At present we give the local manifests we create the exact name
that would usually refer to the remote manifest they are
ultimately published as. That is, we were doing something like:

buildah manifest create quay.io/fedora/fedora:41 ...

which is really kind of confusing, because usually doing e.g.:

buildah manifest inspect quay.io/fedora/fedora:41

would show you the contents of the manifest from quay.io, but
if you create a local manifest with that exact same name, that
one will take precedence. It's a confusing mechanism and we don't
need to name the manifests we're creating in this confusing
way, so let's not, let's just give them names that are clearly
local (inspired by podman), clearly temporary, and clearly tied
to this tool (fiu).

We were also creating a separate manifest per "target" - the
various names on the various registries that we ultimately
publish the manifest as - because this is what the bash script
this code replaces did. But some testing indicates this really
is not necessary. The manifests just refer to the images by
their sha256sums, which of course are always the same. For e.g.
if you do:

buildah manifest create test1 quay.io/fedora/fedora:41-x86_64
buildah manifest create test2 registry.fedoraproject.org/fedora:41-x86_64
buildah manifest create test3 oci-archive:/path/to/source/image

...where /path/to/source/image is the image that we published to
those two registries under the name fedora:41-x86_64 via
skopeo copy, those three manifests will all be exactly
identical. So we can just create the manifest once per repo, and
publish that same manifest to the different tags on the different
repositories.

Signed-off-by: Adam Williamson awilliam@redhat.com

Sample set of commands for this change, from the tests:

buildah rmi localhost/fiu-temp-fedora-minimal-40
buildah manifest create localhost/fiu-temp-fedora-minimal-40 registry.fedoraproject.org/fedora-minimal:40-aarch64 registry.fedoraproject.org/fedora-minimal:40-ppc64le registry.fedoraproject.org/fedora-minimal:40-s390x registry.fedoraproject.org/fedora-minimal:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-minimal-40 docker://registry.fedoraproject.org/fedora-minimal:40 --all
buildah manifest push localhost/fiu-temp-fedora-minimal-40 docker://registry.fedoraproject.org/fedora-minimal:latest --all
buildah manifest push localhost/fiu-temp-fedora-minimal-40 docker://quay.io/fedora/fedora-minimal:40 --all
buildah manifest push localhost/fiu-temp-fedora-minimal-40 docker://quay.io/fedora/fedora-minimal:latest --all
buildah rmi localhost/fiu-temp-fedora-minimal-40
buildah rmi localhost/fiu-temp-fedora-40
buildah manifest create localhost/fiu-temp-fedora-40 registry.fedoraproject.org/fedora:40-aarch64 registry.fedoraproject.org/fedora:40-ppc64le registry.fedoraproject.org/fedora:40-s390x registry.fedoraproject.org/fedora:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-40 docker://registry.fedoraproject.org/fedora:40 --all
buildah manifest push localhost/fiu-temp-fedora-40 docker://registry.fedoraproject.org/fedora:latest --all
buildah manifest push localhost/fiu-temp-fedora-40 docker://quay.io/fedora/fedora:40 --all
buildah manifest push localhost/fiu-temp-fedora-40 docker://quay.io/fedora/fedora:latest --all
buildah rmi localhost/fiu-temp-fedora-40
buildah rmi localhost/fiu-temp-fedora-toolbox-40
buildah manifest create localhost/fiu-temp-fedora-toolbox-40 registry.fedoraproject.org/fedora-toolbox:40-aarch64 registry.fedoraproject.org/fedora-toolbox:40-ppc64le registry.fedoraproject.org/fedora-toolbox:40-s390x registry.fedoraproject.org/fedora-toolbox:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-toolbox-40 docker://registry.fedoraproject.org/fedora-toolbox:40 --all
buildah manifest push localhost/fiu-temp-fedora-toolbox-40 docker://registry.fedoraproject.org/fedora-toolbox:latest --all
buildah manifest push localhost/fiu-temp-fedora-toolbox-40 docker://quay.io/fedora/fedora-toolbox:40 --all
buildah manifest push localhost/fiu-temp-fedora-toolbox-40 docker://quay.io/fedora/fedora-toolbox:latest --all
buildah rmi localhost/fiu-temp-fedora-toolbox-40
buildah rmi localhost/fiu-temp-fedora-kinoite-40
buildah manifest create localhost/fiu-temp-fedora-kinoite-40 registry.fedoraproject.org/fedora-kinoite:40-aarch64 registry.fedoraproject.org/fedora-kinoite:40-ppc64le registry.fedoraproject.org/fedora-kinoite:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-kinoite-40 docker://registry.fedoraproject.org/fedora-kinoite:40 --all
buildah manifest push localhost/fiu-temp-fedora-kinoite-40 docker://registry.fedoraproject.org/fedora-kinoite:latest --all
buildah manifest push localhost/fiu-temp-fedora-kinoite-40 docker://quay.io/fedora/fedora-kinoite:40 --all
buildah manifest push localhost/fiu-temp-fedora-kinoite-40 docker://quay.io/fedora/fedora-kinoite:latest --all
buildah rmi localhost/fiu-temp-fedora-kinoite-40
buildah rmi localhost/fiu-temp-fedora-onyx-40
buildah manifest create localhost/fiu-temp-fedora-onyx-40 registry.fedoraproject.org/fedora-onyx:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-onyx-40 docker://registry.fedoraproject.org/fedora-onyx:40 --all
buildah manifest push localhost/fiu-temp-fedora-onyx-40 docker://registry.fedoraproject.org/fedora-onyx:latest --all
buildah manifest push localhost/fiu-temp-fedora-onyx-40 docker://quay.io/fedora/fedora-onyx:40 --all
buildah manifest push localhost/fiu-temp-fedora-onyx-40 docker://quay.io/fedora/fedora-onyx:latest --all
buildah rmi localhost/fiu-temp-fedora-onyx-40
buildah rmi localhost/fiu-temp-fedora-sericea-40
buildah manifest create localhost/fiu-temp-fedora-sericea-40 registry.fedoraproject.org/fedora-sericea:40-aarch64 registry.fedoraproject.org/fedora-sericea:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-sericea-40 docker://registry.fedoraproject.org/fedora-sericea:40 --all
buildah manifest push localhost/fiu-temp-fedora-sericea-40 docker://registry.fedoraproject.org/fedora-sericea:latest --all
buildah manifest push localhost/fiu-temp-fedora-sericea-40 docker://quay.io/fedora/fedora-sericea:40 --all
buildah manifest push localhost/fiu-temp-fedora-sericea-40 docker://quay.io/fedora/fedora-sericea:latest --all
buildah rmi localhost/fiu-temp-fedora-sericea-40
buildah rmi localhost/fiu-temp-fedora-silverblue-40
buildah manifest create localhost/fiu-temp-fedora-silverblue-40 registry.fedoraproject.org/fedora-silverblue:40-aarch64 registry.fedoraproject.org/fedora-silverblue:40-ppc64le registry.fedoraproject.org/fedora-silverblue:40-x86_64
buildah manifest push localhost/fiu-temp-fedora-silverblue-40 docker://registry.fedoraproject.org/fedora-silverblue:40 --all
buildah manifest push localhost/fiu-temp-fedora-silverblue-40 docker://registry.fedoraproject.org/fedora-silverblue:latest --all
buildah manifest push localhost/fiu-temp-fedora-silverblue-40 docker://quay.io/fedora/fedora-silverblue:40 --all
buildah manifest push localhost/fiu-temp-fedora-silverblue-40 docker://quay.io/fedora/fedora-silverblue:latest --all
buildah rmi localhost/fiu-temp-fedora-silverblue-40

@walters @nalin @dwalsh can anyone check my understanding here? tl;dr: this is a thing for publishing Fedora container images to registries. We publish the images to multiple registries under the same names (e.g. fedora:40-x86_64), then we want to publish a multi-arch manifest with the name e.g. fedora:40 to each registry, and sometimes we also publish it under an alias, e.g. fedora:latest or fedora:rawhide.

Previously, when creating the manifests with buildah manifest create, we created a new manifest for each 'target' (combination of registry and name) and gave it a name like registry.fedoraproject.org/fedora:40, because this is what the bash script we're replacing did. But now I think I understand this process a bit more, that seems unnecessary and confusing.

So this changes it to just create a single manifest for each group of images, with a name that is clearly local and throwaway, then publish that same manifest to each registry and target name. Is that totally fine, or is there some reason to create a manifest per target and name it for that target?
Edited by adamwill

No, I think you understand correctly. When pushing an image or an index with multiple images, the destination name, if you specify one, doesn't have to be related to the name of the local copy of the image or index, if the source even has a name.

Right, agreed.

Pull-Request has been merged by jcline
Metadata
None
No Tags
Changes Summary 2
+19 -15
file changed
fedora_image_uploader/handler.py
+18 -11
file changed
tests/test_handler.py
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.