Skip to content

Feature/docker validate sha #1386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 27, 2025
Merged

Feature/docker validate sha #1386

merged 3 commits into from
May 27, 2025

Conversation

agrasth
Copy link

@agrasth agrasth commented May 11, 2025
edited
Loading

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • All static analysis checks passed.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.

Add --validate-sha flag for Docker push command

Description

This PR adds core support for the new --validate-sha flag in the Docker push command. When enabled, the flag allows the CLI to use the image's SHA digest for validation instead of the tag name during Docker push operations. This is particularly useful when pushing to virtual repositories where the tag might exist with different content in higher priority repositories.

Changes

  • Modified artifactory/utils/container/remoteagent.go to handle manifest digest mismatches gracefully
  • Updated the manifest validation logic to log warnings instead of failing when using the --validate-sha flag
  • Added detailed logging to help users understand what's happening during SHA-based validation

Testing

  • Manually tested the flag with both old and new CLI syntax
  • Verified behavior when pushing to repositories with existing tags
  • Confirmed build info collection works correctly with the flag

Related PRs

  • jfrog-cli: here
  • jfrog-cli-artifactory: here

@agrasth agrasth force-pushed the feature/docker-validate-sha branch from bdf4685 to 7da3389 Compare May 11, 2025 21:34
This was referenced May 11, 2025
Merged
Merged
@agrasth agrasth force-pushed the feature/docker-validate-sha branch from d8dddd7 to bdf4685 Compare May 11, 2025 21:50
@agrasth agrasth force-pushed the feature/docker-validate-sha branch from bdf4685 to fe001f2 Compare May 11, 2025 22:05
@agrasth agrasth force-pushed the feature/docker-validate-sha branch from c65e6ae to 333c9f5 Compare May 16, 2025 22:55
@agrasth agrasth force-pushed the feature/docker-validate-sha branch from 333c9f5 to 17a5ce9 Compare May 19, 2025 06:14
bhanurp
bhanurp requested changes May 22, 2025
View reviewed changes
artifactory/utils/container/buildinfo.go Outdated
@@ -91,10 +92,23 @@ func (builder *buildInfoBuilder) getSearchableRepo() string {

// Set build properties on image layers in Artifactory.
func setBuildProperties(buildName, buildNumber, project string, imageLayers []utils.ResultItem, serviceManager artifactory.ArtifactoryServicesManager) (err error) {
// Skip if no build info is provided
if buildName == "" || buildNumber == "" {
log.Debug("Skipping setting properties - no build name or build number provided")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
log.Debug("Skipping setting properties - no build name or build number provided")
log.Debug("Skipping setting properties - build name and build number are required")

updated debug log message

artifactory/utils/container/remoteagent.go Outdated
log.Warn("Manifest digest mismatch detected. Local image digest: " + rabib.manifestSha2 + ", Repository digest: " + manifestDigest)
log.Info("Proceeding with SHA-based validation to ensure correct image identification...")
// Return nil instead of error to allow the operation to continue
return nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is the error always nil, if it is has to be nil always remove return type as error in this function

@agrasth agrasth merged commit 60a3b4b into jfrog:dev May 27, 2025
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bhanurp bhanurp bhanurp requested changes

@itsmeleela itsmeleela Awaiting requested review from itsmeleela

@fluxxBot fluxxBot Awaiting requested review from fluxxBot

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@agrasth @bhanurp