Giters

project-zot / zot

zot - A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)

Home Page:https://zotregistry.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Feat]: Get the image LastUpdated timestamp from the OCI Image Manifest

rgl opened this issue · comments

commented

Is your feature request related to a problem? Please describe.

Given the following OCI Image Manifest (application/vnd.oci.image.manifest.v1+json):

{
  "annotations": {
    "org.opencontainers.image.authors": "Rui Lopes",
    "org.opencontainers.image.created": "2024-01-30T07:19:18.484719627Z",
    "org.opencontainers.image.description": "Example Spin HTTP Application written in Go",
    "org.opencontainers.image.licenses": "ISC",
    "org.opencontainers.image.revision": "0000000000000000000000000000000000000000",
    "org.opencontainers.image.source": "https://github.com/rgl/spin-http-go-example",
    "org.opencontainers.image.title": "spin-http-go-example",
    "org.opencontainers.image.vendor": "ruilopes.com",
    "org.opencontainers.image.version": "0.0.0-dev"
  },
  "config": {
    "digest": "sha256:aabedf0b094944b344cecbffcfa0a9172e905a5d156bdf67c4c6cbb6d27d1d92",
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 78
  },
  "layers": [
    {
      "digest": "sha256:8ebfedbb105d9d687f77ecc2c9560331f09455dfb5d989de82d20b33682ed675",
      "mediaType": "application/vnd.wasm.content.layer.v1+wasm",
      "size": 250247
    },
    {
      "digest": "sha256:05149121ed25afb7fb659c07ae8043e781e21ec37736f6b3f8493a66c78826b6",
      "mediaType": "application/vnd.fermyon.spin.application.v1+config",
      "size": 688
    }
  ],
  "schemaVersion": 2
}

I expected Zot to pick up the timestamp from the org.opencontainers.image.created annotation value as the image LastUpdated timestamp.

Describe the solution you'd like

I think the following code must be updated to support the org.opencontainers.image.created annotation at the image manifest level:

https://github.com/project-zot/zot/blob/v2.0.1/pkg/meta/common/common.go#L225

I'm not sure if it should first grab the timestamp from the image manifest (application/vnd.oci.image.manifest.v1+json), and if that fails, only then, it should try to get it from the inner metadata like the image config (application/vnd.oci.image.config.v1+json), image index (application/vnd.oci.image.index.v1+json), etc.

Describe alternatives you've considered

No response

Additional context

No response

commented

Hi @rgl, currently the value is taken from the image config, https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/config.go#L95, and if not found there, from the layer metadata in the image config https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/config.go#L76.

Can you please provide more context about the use case of using the org.opencontainers.image.created label? Why would it have precedence over the values in the config? Why not the other way around?

I can think of the case in which the image config is not of mediaType application/vnd.oci.image.config.v1+json, case in which we could read the label as a fallback, but given the issue description your use case seems different.

commented

@andaaron I'm not really sure how the precedence should be. From my user viewpoint, we should have the ultimate control over annotations, while the tools that actually create the image config and layers might not grant us such fine grained control. That's why I think the annotations should take precedence, so we could override something, but... I'm not sure this is written anywhere.

In my particular case, I'm playing with WebAssembly with the Spin runtime, by adding the initial support for annotations at fermyon/spin#2254, and I just noticed that the LastUpdated/Created timestamp was missing from the Zot UI, which I found strange, hence this issue. With a plea for help :-)

This is how it looks at the Zot UI search page result, where all the other annotations seem to be picked up, except the image creation time, where it shows as Timestamp N/A:

image

Maybe the spin tooling needs to be updated to include that config created property instead? Or rather, all the annotations should go into the config/application/vnd.oci.image.config.v1+json?

OTOW, if there is a org.opencontainers.image.created annotation, why shouldn't it be used?

commented

Opened #2240 to fix this issue. First look into index annotations, if not present manifest annotations, if not present config annotations, if not present the config created field, and finally if none of these are available the layer history in the config.

commented

@andaaron thank you!