-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: Try to clarify sha256 explanation #490
base: master
Are you sure you want to change the base?
Conversation
Follow on from #448 Try to add a little more detail / explanation about exactly what this section is proposing.
docs/guide.mdx
Outdated
Whilst using a digest directly isn't possible, Wave can generate image names which include a sha256 digest | ||
of the `Dockerfile` used to build the image within the tag. | ||
In order to reference a container via this sha256 digest tag, you will need to use the _freeze_ image mode. | ||
This will force the creation of a new container image, using the container you have specified as base image. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I'm understanding better what you but it's not correct and a complete different thing what I'm trying to say above.
The checksum created by using freeze is NOT a sha256 digest (it uses a complete different algo).
The above above is explaining how you can use a container sha256 digest name reference with Wave, not how to produce a container having a digest in the name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The above above is explaining how you can use a container sha256 digest name reference with Wave
Ok great, this PR was part docs and partly intended to try to clear this up so that I understand 😅
Can you give an example Wave URI that uses a container sha256 digest, without placeholders please? As I don't follow how it works from the docs that were here already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
docker pull ubuntu@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok but that's skipping wave completely right? I thought you said this morning that you didn't want to do that?
That's what the nextflow inspect
stuff I suggested before was about, to show how to get these URIs..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure to follow. Do you mean how to use digest with wave? it's enough to enable freeze
wave -i ubuntu@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 --freeze --build-repo docker.io/pditommaso/wave-test
Resulting container
docker.io/pditommaso/wave-test:d1a0bffd1b4ef0f6
Not getting how inspect
is related here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok that's requesting an image with a digest from Wave. There's no docker pull
with a digest there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a digests for any other container image, but it has nothing do to wit the original one and it's not returned by inspect
, so I see now point to mention here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some suggestions to try to improve this, but honestly I'm still tying myself in knots in this topic! 😵
In order to reference a container via sha256 digest in the image name with Wave you will need to *freeze* image mode | ||
that will force the creation of a new container image using the container you have specified as base image. | ||
In order to reference a container via this sha256 digest tag, you will need to use the _freeze_ image mode. | ||
This will force the creation of a new container image, using the container you have specified as base image. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will force the creation of a new container image, using the container you have specified as base image. | |
This will force the creation of a new container image, using the container you have specified as base image | |
and push it to a 3rd party container registry. |
|
||
``` | ||
docker.io/<user>/<repository>:<image>--<hash> | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
``` | |
``` | |
The image `tag` here is composed of a Human-readable `<image>` name and a `<hash>` based on the build instructions. |
@@ -61,10 +61,10 @@ If an access token isn't provided, the following rate limits apply: | |||
The Wave does not support the use of sha256 digest in the image name, e.g. `ubuntu@sha256:3235...ce8f`, when using | |||
the augmentation process to extend container images. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the augmentation process to extend container images. | |
the augmentation process to extend container images. | |
This is because Wave augmentation affects the image sha256, because the image contents change. |
Follow on from #448
Try to add a little more detail / explanation about exactly what this section is proposing.