-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade oras to 0.5.0, refactor client oci logic to use new oras.Copy() #10294
Conversation
Signed-off-by: Josh Wolf <josh@joshwolf.dev>
I believe the source of the reordering is this helper method (see "sort.Slice"): https://github.com/oras-project/oras-go/blob/0b0339cc7dfd19cc65416d0a034ea1f6abb05a2a/pkg/content/manifest.go#L72 I suppose the order of the layers may not be significant, and maybe we just modify the test... but wondering if we ought to add an option in oras to respect the order provided cc @deitch |
Don't want to expand the scope of this PR. Noting only in the context of:
As we're moving toward a backwards compatibility contract, are there any factors to keep in mind when deciding how layer ordering should be handled? Edit: for the scope of this PR, the ordinality question is only relevant to how to handle the failing test. |
Yeah it is that. The order of leaf nodes (including layers) never is supposed to be significant. Sorting lets us be consistent about it, not just for tests, but for lots of things. If there is a use case where it is significant, let's lay it out here and address it. The ordering of leafs vs branches (e.g. manifests) is significant, as many registries will not allow a manifest whose leafs are not entirely in the registry already. |
Thanks @deitch @joshrwolf - can we just update the test and take this out of draft mode? I will raise this issue with maintainers |
Are there tests in place for pulling/pushing docker images with oras 0.5.0? While this won't affect Helm (we perform lookups for things like the signature or manifest based on I know some community members have asked whether we can eventually add support for both docker images and helm charts being co-located, so that you can pull down a chart as well as all images it requires, so it is possible this could become a concern (much) further down the road. |
@scottrigby - If this doesn't affect moving a helm chart between registries or repositories and the content digest remains the same then there should be no concern. Or does it? |
Updated the test to pass by using the newly ordered manifests digest. It feels weird to change a test to make the code work, but hopefully the justification is clear. for completeness: the only chance is the manifests layer ordering (was: [chartdata, prov], is: [prov, chartdata) due to the newly added sort method in oras pointed out above by @jdolitsky (ref). This changes the manifest's bytes which changes it's expected digest, but the manifests contents are the same, made clear by the config, chartdata, and prov digests all staying the same In the future it might make more sense to make the test assert the struct contents of |
@joshrwolf That sounds right. For everyone else, I also got to pair with Josh a bit on this and saw that this was in fact not just changing the test expectations to match "bad code" lol, but truly reordering the expected results to match the order that the new ORAS helper function should always now provide. |
@joshrwolf thank you much for updating and for the explanation. Can you please fix the DCO check? |
@joshrwolf - also, please fix test |
…r sorted by oras Signed-off-by: Josh Wolf <josh@joshwolf.dev>
Signed-off-by: Josh Wolf <josh@joshwolf.dev>
@jdolitsky fixed the DCO check and the results from |
@bacongobbler - do you know how we should address lint errors due to updated dependencies?
This is unrelated to the change, seems only due to updating go.mod/go.sum. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Considering we can fix the linting issue, this change LGTM. Nice work
@jdolitsky I have a concern on the ordering in the future helm development. Currently, helm uses the unique media types to identify the content:
What if we have two layers having the same media type? What if we have one chart package but multiple provenance files from different parties? |
@shizhMSFT independent of the order of layers, we can simply find layers matching If we were to find more than one layer with 2 .tgz -> error I'm still unclear on why the order might be significant. Is looking at layer index[0] and layer index[1] any more secure? |
@jdolitsky Thanks for clarifying how helm handles the artifacts. It makes more sense to me now. |
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Please see 889c70b which fixed CI This is a bit of a bandaid, but some of these errors are completely unrelated to this change (for example Once this PR is merged, I can open an issue to remove the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Linting fixed! lgtm 👍
@joshrwolf nicely done 👏
Ah yes @jdolitsky, thank you! Go 1.16 vs Go 1.17 🙃
Also thanks to @hickeyma for #10347, which helped lead to discovering the linting problem here.
Also thanks to the feedback on implications of this update for helm and ORAS 🤝
Team effort! 💖
What this PR does / why we need it:
Updates oras dependency to 0.5.0, using the new
oras.Copy()
api instead of the deprecatedoras.Push()
andoras.Pull()
.Special notes for your reviewer:
This is still a WIP. Currently investigating why layers are being pushed out of order, resulting in failing tests:
If applicable: