Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs: Try to clarify sha256 explanation #490

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Conversation

ewels
Copy link
Member

@ewels ewels commented May 7, 2024

Follow on from #448

Try to add a little more detail / explanation about exactly what this section is proposing.

Follow on from #448

Try to add a little more detail / explanation about exactly what this section is proposing.
docs/guide.mdx Outdated
Comment on lines 64 to 67
Whilst using a digest directly isn't possible, Wave can generate image names which include a sha256 digest
of the `Dockerfile` used to build the image within the tag.
In order to reference a container via this sha256 digest tag, you will need to use the _freeze_ image mode.
This will force the creation of a new container image, using the container you have specified as base image.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I'm understanding better what you but it's not correct and a complete different thing what I'm trying to say above.

The checksum created by using freeze is NOT a sha256 digest (it uses a complete different algo).

The above above is explaining how you can use a container sha256 digest name reference with Wave, not how to produce a container having a digest in the name

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The above above is explaining how you can use a container sha256 digest name reference with Wave

Ok great, this PR was part docs and partly intended to try to clear this up so that I understand 😅

Can you give an example Wave URI that uses a container sha256 digest, without placeholders please? As I don't follow how it works from the docs that were here already.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

 docker pull ubuntu@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok but that's skipping wave completely right? I thought you said this morning that you didn't want to do that?

That's what the nextflow inspect stuff I suggested before was about, to show how to get these URIs..

Copy link
Collaborator

@pditommaso pditommaso May 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure to follow. Do you mean how to use digest with wave? it's enough to enable freeze

wave -i ubuntu@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 --freeze --build-repo docker.io/pditommaso/wave-test

Resulting container

docker.io/pditommaso/wave-test:d1a0bffd1b4ef0f6

Not getting how inspect is related here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok that's requesting an image with a digest from Wave. There's no docker pull with a digest there?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a digests for any other container image, but it has nothing do to wit the original one and it's not returned by inspect, so I see now point to mention here

docs/guide.mdx Outdated Show resolved Hide resolved
docs/guide.mdx Outdated Show resolved Hide resolved
docs/guide.mdx Outdated Show resolved Hide resolved
docs/guide.mdx Outdated Show resolved Hide resolved
Copy link
Member Author

@ewels ewels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggestions to try to improve this, but honestly I'm still tying myself in knots in this topic! 😵

In order to reference a container via sha256 digest in the image name with Wave you will need to *freeze* image mode
that will force the creation of a new container image using the container you have specified as base image.
In order to reference a container via this sha256 digest tag, you will need to use the _freeze_ image mode.
This will force the creation of a new container image, using the container you have specified as base image.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This will force the creation of a new container image, using the container you have specified as base image.
This will force the creation of a new container image, using the container you have specified as base image
and push it to a 3rd party container registry.


```
docker.io/<user>/<repository>:<image>--<hash>
```
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
```
```
The image `tag` here is composed of a Human-readable `<image>` name and a `<hash>` based on the build instructions.

@@ -61,10 +61,10 @@ If an access token isn't provided, the following rate limits apply:
The Wave does not support the use of sha256 digest in the image name, e.g. `ubuntu@sha256:3235...ce8f`, when using
the augmentation process to extend container images.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
the augmentation process to extend container images.
the augmentation process to extend container images.
This is because Wave augmentation affects the image sha256, because the image contents change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants