-
Notifications
You must be signed in to change notification settings - Fork 13
Moving artifact type out of annotations #59
Moving artifact type out of annotations #59
Conversation
Signed-off-by: Brandon Mitchell <git@bmitch.net>
@michaelb990 I think I captured the request here. Comments/reviews welcome. |
Is this meant to be a valid IANA-style mediatype? |
We should probably follow the requirements for the config mediaType in artifacts today which defers to IANA in some parts but I don't think it's a strict requirement: |
IANA was used as the clearing house. If two artifacts want to claim a |
docs/proposals/PROPOSAL_E.md
Outdated
@@ -59,6 +59,7 @@ Create a new artifact media type to support future use cases where a separate co | |||
{ | |||
"schemaVersion": 2, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/opencontainers/image-spec/blob/main/schema/image-manifest-schema.json#L8
^ isn't this supposed to indicate schema version? which means we are allowed to make schema changes and move forward? Is this being considered at all? Hope I am making sense here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In theory I think you are correct, but I imagine a lot of implementations are keying off of mediatype vs. this field in determining the schema to use... probably worth a discussion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess the choices are:
(1) do we announce and ask implementations to fix said bug (ignoring schemaVersion
field when there is explicitly one sounds like a unmarshalling-101 bug to me)
OR
(2) do we guarantee that our changes must forever be forward-compatible with older code/tools, which means schemaVersion
can be deprecated?
PS: Just stating choices, not making one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We've been keeping it for historical reasons. https://github.com/opencontainers/image-spec/blob/main/manifest.md#image-manifest-property-descriptions
I suppose it could be removed, or made optional, since no older runtimes should be parsing a newer artifact-spec manifest (the manifest isn't for packaging images that would be used by those runtimes).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For moving forward, I believe @jdolitsky is right, we would be creating a new media type (there's a version in that field). However, those fields are parsed by registries, so a new media type, or new version number in an otherwise known media type, will be rejected by almost every existing registry out there (they parse the manifest to know the associated blobs, perform validation, and often handle garbage collection) until those registries are upgraded. There's no automatic forward compatibility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"For this version of the specification, this MUST be 2 to ensure backward compatibility with older versions of Docker."
The above statement doesn't hold then for another version (> v2s2) of the specification? If so, this field does offer an out for a schema selector instead of deprecation, either to support or not support schema versions, with minimal code changes. Thoughts? Furthermore, in the long-term, "backward compatibility with Docker" seems an artificial constraint for an OCI spec.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rchincha are you suggesting using "schemaVersion": 3
instead of adding application/vnd.oci.artifact.manifest.v1+json
altogether?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"schemaVersion": 3
for sure and subsequent schema changes per community consensus.
For old tools,
(in pseudocode) ...
# this is the skip-unsupported change to be added!
read schema as JSON key-val pairs
schemaVersion = json.keys["schemaVersion"]
if schemaVersion not in [v1, v2s1, v2s2]:
fail with unsupported-error
process further because supported
PS: Wouldn't this be a more acceptable path in reality for folks who are not interested in supporting schema changes but want to fail gracefully instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds reasonable to me, others may have more background on this field
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From today's call given that the schemaVersion is for historic reasons, carrying this over to the new manifest might not be needed.
#73
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is exactly what I was imagining for the manifest. Thanks for putting it together!
I was also hoping to add filtering on the referrers API for the artifactType
field. Are you thinking we should do that in a separate PR? I'm happy to work on that one if it helps.
will this resolve #46 then? |
Moving questions and comments from #64 to here:
It's the same behavior as defined in OCI Artifacts, where the Helm team can define their type, the SPDX SBOM team can define theirs, Joe Curly can define their type. OCI Artifacts used the When we debated this in OCI Artifacts, rather than make OCI the clearing house for who owns the Similar to operating system extensibility points, where someone can say the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
L39: -
org.opencontainers.artifact.type
: type of artifact (sig, sbom, etc)
I think this can be removed if we pull the artifactType
into a top-level field.
docs/proposals/PROPOSAL_E.md
Outdated
@@ -59,6 +59,7 @@ Create a new artifact media type to support future use cases where a separate co | |||
{ | |||
"schemaVersion": 2, | |||
"mediaType": "application/vnd.oci.artifact.manifest.v1+json", | |||
"artifactType": "example/icecream", // used in place of config mediaType |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm expecting this to be another media type, similar to the mediaType
field.
"artifactType": "example/icecream", // used in place of config mediaType | |
"artifactType": "application/vnd.example.icecream.v1", // used in place of config mediaType |
docs/proposals/PROPOSAL_E.md
Outdated
@@ -80,7 +81,11 @@ Extend the Image Manifest with a refers field (existing registries should ignore | |||
{ | |||
"schemaVersion": 2, | |||
"mediaType": "application/vnd.oci.image.manifest.v1+json", | |||
"config": { ... }, | |||
"config": { | |||
"mediaType": "example/icecream", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here:
"mediaType": "example/icecream", | |
"mediaType": "application/vnd.example.icecream.v1", |
@SteveLasker - could you help outline the shape of new artifact manifest for a standalone Helm artifact? Docs: https://helm.sh/docs/topics/registries/#helm-chart-manifest Would it be something like Old {
"schemaVersion": 2,
"config": {
"mediaType": "application/vnd.cncf.helm.config.v1+json",
"digest": "sha256:8ec7c0f2f6860037c19b54c3cfbab48d9b4b21b485a93d87b64690fdb68c2111",
"size": 117
},
"layers": [
{
"mediaType": "application/vnd.cncf.helm.chart.content.v1.tar+gzip",
"digest": "sha256:1b251d38cfe948dfc0a5745b7af5ca574ecb61e52aed10b19039db39af6e1617",
"size": 2487
}
]
} New {
"mediaType": "application/vnd.oci.artifact.manifest.v1+json",
"artifactType": "application/vnd.cncf.helm.chart.envelope.v1+json",
"blobs": [
{
"mediaType": "application/vnd.cncf.helm.chart.content.v1.tar+gzip",
"digest": "sha256:1b251d38cfe948dfc0a5745b7af5ca574ecb61e52aed10b19039db39af6e1617",
"size": 2487
}
]
} |
Your example above would be the functional equivalent, which also shows how the OCI Image There's two additional points:
I'd also suggest the helm team shouldn't change, as the If you really wanted to get interesting, consider this example. If we were to create a new runtime container image format, with the artifact manifest, we could put the {
"mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
"artifactType": "application/vnd.oci.image.manifest.v1+json",
"blobs": [
{
"mediaType": "application/vnd.oci.image.config.v1+json",
"digest": "sha256:e752324f6804d5d0b2c098f84507d095a8fd0031cf06cdb3c7ad1625dcd1b399",
"size": 7097
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:83c5cfdaa5385ea6fc4d31e724fd4dc5d74de847a7bdd968555b8f2c558dac0e",
"size": 25851449
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:7445693bd43e8246a8c166233392b33143f7f5e396c480f74538e5738fb6bd6e",
"size": 226
}
],
"annotations": {
"io.cncf.oras.artifact.created": "2022-06-13T22:11:10.08Z"
}
} Notice the |
The image example is interesting, thanks. All SGTM. I just opened #66 the track the other ongoing convo about |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some nits on the consistency of examples, but otherwise LGTM for the scope of the PR.
docs/proposals/PROPOSAL_E.md
Outdated
@@ -121,21 +126,21 @@ The response is an Index of descriptors: | |||
"manifests": [ | |||
{ | |||
"mediaType": "application/vnd.oci.image.manifest.v1+json", | |||
"artifactType": "example/icecream", // pulled up from manifest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would this match the examples above in line 85?
FWIW, I beleive iana recommends thing/example
, but that gets overly simplified, so I'm also ok with `"application/vnd.example.icecream.v1" example @michaelb990 provided above.
@sudo-bmitch, are you ready to take this PR out of |
@SteveLasker no, we are still voting on this option in #64. |
- Removes the unused annotion - Removes the schemaVersion - Uses IANA syntax for mediaType Signed-off-by: Brandon Mitchell <git@bmitch.net>
This looks at what happens if we move artifact type out of annotations and into a dedicated field in the manifest.
Pros:
Cons:
Extends the descriptor struct to support pulling up the type field
We lose support for registries that do not allow custom media types on the config descriptor (notably Docker Hub)
The mediaType will not fit in the tag extension, so a mapping is needed for the tag digest scheme
Voting for this option is happening in #64.
Signed-off-by: Brandon Mitchell git@bmitch.net