Provide a mechanism to obtain the digest of the image that was pushed in CI/CD workflows.

Question

Provide a mechanism to obtain the digest of the image that was pushed in CI/CD workflows.

tmds opened this issue a year ago · comments

In a CI/CD workflow, it is interesting to be able to obtain the digest of the image that was pushed to use that in the next step which will for example deploy the image.

This may be something like a ContainerImageDigestFile property which (when set) is a path where the container digest gets written to.

@baronfel wdyt?

Chet Husk · Answer 1 · Thu Jun 29 2023 21:38:39 GMT+0800 (China Standard Time)

What about instead emitting the digest (and potentially other properties) as Task outputs of the CreateNewImage Task? This is information we'd eventually want for authoring manifest lists as well, and we already emit the generated config and manifest as JSON strings (for debugging purposes). I'd welcome emitting some Properties/Items in a more structured way.

Tom Deseyn · Answer 2 · Thu Jun 29 2023 22:20:24 GMT+0800 (China Standard Time)

I was looking for something similar to https://docs.podman.io/en/latest/markdown/podman-push.1.html#digestfile-digestfile which allows to pick up the digest and use it in the next step.

The alternative is to create new tags so you can use those further down the pipeline.

I found this request for the Azure Docker push to provide this: https://stackoverflow.com/questions/63295762/retrieve-image-digest-value-from-docker-task-inside-azure-pipelines, though it seems the task does not provide it, so maybe the use-case is not common.

Chet Husk · Answer 3 · Thu Jun 29 2023 22:41:58 GMT+0800 (China Standard Time)

If we made the digest available (which I 100% think we should do), then you could accomplish that with a simple target:

<Target Name="WriteContainerDigestToFile" AfterTargets="PublishContainer" DependsOnTargets="PublishContainer">
  <PropertyGroup>
    <_DigestFile>$(IntermediateOutputPath)/digests/$(some other calculation here?)</_DigestFile>
  </PropertyGroup> 
  <WriteLinesToFile  File="$(_DigestFile)" Lines="$(ContainerDigest)" Overwrite="true" />
  <ItemGroup>
    <FileWrites Include="$(_DigestFile)" />
  </ItemGroup>
</Target>

It would probably need a bit more to properly account for incrementality but that would be a good start.

Tom Deseyn · Answer 4 · Thu Jun 29 2023 23:09:50 GMT+0800 (China Standard Time)

then you could accomplish that with a simple target:

Oh, I didn't know that would be possible.

Some formatting got lost here:

...DependsOnTargets="PublishContainer" Outputs>

Would there be a way to include this target by adding it to a file that is passed in some way to a dotnet build invocation?

Chet Husk · Answer 5 · Thu Jun 29 2023 23:28:32 GMT+0800 (China Standard Time)

There are a bunch of ways - the most common would be adding it to a project file directly, or a Directory.Build.targets file as a sibling to the project up higher up in the directory hierarchy.

There are less common ways too, we have some docs on the extensibility hooks here: https://learn.microsoft.com/visualstudio/msbuild/customize-your-build

Chet Husk · Answer 6 · Thu Aug 10 2023 03:39:10 GMT+0800 (China Standard Time)

Thanks to @mbkrafft the generated digest is now available from the CreateNewImage task's outputs.

Tom Deseyn · Answer 7 · Tue Feb 06 2024 14:50:44 GMT+0800 (China Standard Time)

This is supported by the .NET 8 SDK.