Use Image IDs For Dangling Images

Question

Use Image IDs For Dangling Images

threewordphrase opened this issue a year ago · comments

With this config in my ghaction:

      - name: Cache Docker images.
        uses: ScribeMD/docker-cache@0.3.3
        with:
          key: docker-${{ runner.os }}-${{ hashFiles('Makefile', 'docker/**', '.dockerignore') }}

I get this error:

Post job cleanup.
Listing Docker images.
docker image list --format "{{ .Repository }}:{{ .Tag }}"
app-api-tools:elastic-clusters-9736687
<none>:<none>
<none>:<none>
860771757009.dkr.ecr.us-east-1.amazonaws.com/api-server:elastic-clusters-9736687
api:elastic-clusters-9736687
node:16-alpine
node:18-alpine
alpine:3.15
alpine:3.16
alpine:3.17
python:3.9-slim
node:16
node:18
buildpack-deps:buster
buildpack-deps:bullseye
debian:10
debian:11
ubuntu:[2](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:2)0.04
ubuntu:22.04
ubuntu:18.04
moby/buildkit:latest
node:14
node:14-alpine
alpine:[3](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:3).1[4](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:4)
mysql:[5](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:5).7.38
localstack/localstack:0.14.0

Images present before restore step will be skipped; only new images will be saved.
docker save --output ~/.docker-images.tar app-api-tools:elastic-clusters-973[6](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:6)68[7](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:7) <none>:<none> <none>:<none> [8](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:8)6077175700[9](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:9).dkr.ecr.us-east-1.amazonaws.com/api-server:elastic-clusters-9736687 api:elastic-clusters-9736687 python:3.9-slim mysql:5.7.38 localstack/localstack:0.[14](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:14).0
Error: Error: Command failed: docker save --output ~/.docker-images.tar app-api-tools:elastic-clusters-9736687 <none>:<none> <none>:<none> 86077[17](https://github.com/appSolutionsInc/app-api-server/actions/runs/5347477564/jobs/9696014201#step:19:17)57009.dkr.ecr.us-east-1.amazonaws.com/api-server:elastic-clusters-9736687 api:elastic-clusters-9736687 python:3.9-slim mysql:5.7.38 localstack/localstack:0.14.0
/usr/bin/bash: -c: line 1: syntax error near unexpected token `<'
/usr/bin/bash: -c: line 1: `docker save --output ~/.docker-images.tar app-api-tools:elastic-clusters-9736687 <none>:<none> <none>:<none> 860771757009.dkr.ecr.us-east-1.amazonaws.com/api-server:elastic-clusters-9736687 api:elastic-clusters-9736687 python:3.9-slim mysql:5.7.38 localstack/localstack:0.14.0'

Kurt von Laven · Answer 1 · Thu Jul 27 2023 15:24:55 GMT+0800 (China Standard Time)

It looks like some of your Docker images don't have names, which is not a case we handle right now. Are you able to tag them? Alternatively, we would be open to a pull request to use {{ .ID }} rather than {{ .Repository }}:{{ .Tag }} as the format for the docker image list and docker save commands. It would be slightly complicated by the fact that we would want to continue showing the output of docker image list --format {{ .Repository }}:{{ .Tag }} in the logs since it's more readable than raw hexadecimal image IDs.

Kurt von Laven · Answer 2 · Fri Mar 08 2024 19:49:06 GMT+0800 (China Standard Time)

@threewordphrase, do you have any thoughts on the linked PR? As a user, I would personally prefer that the action fail so that I realize I have forgotten to name and tag some Docker images. I would love input from others on this though since I have never actually used an anonymous Docker image before, and I don't know what purpose they serve.

Andreas Ganske · Answer 3 · Wed Mar 20 2024 21:18:23 GMT+0800 (China Standard Time)

Instead of tags we are using sha256 to pull the correct image (see https://rockbag.medium.com/why-you-should-pin-your-docker-images-with-sha-instead-of-tags-fd132443b8a6 for the reasoning).

So we use this in our docker-compose.yml:

redis:
    image: cgr.dev/chainguard/redis@sha256:cd0eb6030e86577bbf24c18e7d6ff1f84b2bce4b9f1d74f2bd0fba170e728165

This also then turns into <none> for the tag, which obviously fails the same way you already described. Would it be possible to support using sha256? Or how would we go about this?

Kurt von Laven · Answer 4 · Tue Mar 26 2024 14:20:42 GMT+0800 (China Standard Time)

Thank you for reaching out, @ChaosCoder. I appreciate you raising this use case. As a temporary workaround, you could manually tag the image, but I recently realized a simple way for us to support images that are missing either a name or a tag. I have linked my pull request in case you have any feedback. I added a test case for an image without a name, but I wonder if you might know how to create an image without a tag using the docker CLI short of pushing it and then pulling it by its digest?