image list: add creation date

[alban]

image list: add creation date

The OCI image spec defines the creation date annotation: https://github.com/opencontainers/image-spec/blob/main/annotations.md

org.opencontainers.image.created date and time on which the image was built, conforming to RFC 3339.

This patch ensures that the annotation is set with the same value for both amd64 and arm64.

Then, the date is printed in the image list command:

Note: the creation date will also be useful for the future Artifact Hub patch because the 'createdAt' field is mandatory in artifacthub-pkg.yml:

https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml

createdAt: The date this package was created (RFC3339 layout) (required)

How to use

$ sudo -E ig image list
INFO[0000] Experimental features enabled
REPOSITORY  TAG     DIGEST       CREATED
trace_dns   latest  d98eea3ede9e 2024-03-06T16:50:41+01:00

Testing done

go run -exec 'sudo -E' ./cmd/ig/... image build -t mytest:mytest2 gadgets/trace_dns/
go run -exec 'sudo -E' ./cmd/ig/... image list|grep mytest

[mqasimsarfraz]

Looking good, Just some minor comments!

[mqasimsarfraz]

Looks good, I tested it and it seems to be working fine for locally built images.

I noticed if I pull the image and print it, I see an empty value:

REPOSITORY                                                              TAG                                                                     DIGEST       CREATED                                                                
test                                                                    latest                                                                  2772850011db 4 days ago                                                             
trace_open                                                              latest                                                                  42832ffe4547 

Is that expected?

[alban]

I noticed if I pull the image and print it, I see an empty value:
Is that expected?

It depends if the image you pulled has the annotation with the creation date.

[alban]

I noticed if I pull the image and print it, I see an empty value:
Is that expected?

It depends if the image you pulled has the annotation with the creation date.

Actually, there seems to be a bug there...

[alban]

When pulling the image from the remote repository with pullGadgetImageToStore(), oras.Copy() does not return the annotations from the index but generate a new descriptor:
https://github.com/oras-project/oras-go/blob/main/registry/remote/repository.go#L1039-L1042

However, the annotations from the manifests are preserved. Two possible solutions:

1. When pulling, copy the annotations from the manifest to the index (/var/lib/ig/oci-store/index.json)
2. When listing the images (ig image list), read the annotations from the manifests (/var/lib/ig/oci-store/blobs/sha256/)

I tried to implement the first solution, but I didn't get it to work:

--- a/pkg/oci/oci.go
+++ b/pkg/oci/oci.go
@@ -165,11 +165,31 @@ func pullGadgetImageToStore(ctx context.Context, imageStore oras.Target, image s
                return nil, fmt.Errorf("copying to remote repository: %w", err)
        }
 
+       // oras.Copy() ignores annotations from the index. Retrieve annotations from manifest.
+       manifest, err := getManifestForHost(ctx, imageStore, targetImage.String())
+       if err != nil {
+               return nil, fmt.Errorf("reading manifest: %w", err)
+       }
+
+       desc.Annotations = manifest.Annotations
+
+       var manifestDesc ocispec.Descriptor
+       manifestBytes, err := getContentBytesFromDescriptor(ctx, repo, manifestDesc)
+       if err != nil {
+               return nil, fmt.Errorf("getting manifest from descriptor: %w", err)
+       }
+       repo.Push(ctx, desc, bytes.NewReader(manifestBytes))
+       err = repo.Tag(ctx, desc, targetImage.String())
+       if err != nil {
+               return nil, fmt.Errorf("tagging image with annotations: %w", err)
+       }
+
        imageDesc := &GadgetImageDesc{
                Repository: targetImage.Name(),
                Digest:     desc.Digest.String(),
-               Created:    getTimeFromAnnotations(desc.Annotations),
+               Created:    getTimeFromAnnotations(manifest.Annotations),
        }
+       fmt.Printf("Image %s:%s@%s created at %+v\n", imageDesc.Repository, imageDesc.Tag, imageDesc.Digest, imageDesc.Created)
        if ref, ok := targetImage.(reference.Tagged); ok {
                imageDesc.Tag = ref.Tag()
        }

The Printf prints the correct date, but it is not saved in /var/lib/ig/oci-store/index.json... (to be debugged?)

See also this long discussion oras-project/oras-go#22 (comment) about annotations in descriptor versus annotations in the manifest itself. IIUC, the discussion suggests we should not rely on the remote registry to keep the annotations in the index, but instead we should use the annotations in the manifest.

I suggest to merge this PR, and find a way to fix it in a follow-up PR. Wdyt?

[alban]

I fixed it with solution 2.

It should work with pulled images too now.

[mqasimsarfraz]

LGTM, works fine for pulled images as well!