Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs: Try to clarify sha256 explanation #490

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 11 additions & 3 deletions docs/guide.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,12 @@ If an access token isn't provided, the following rate limits apply:
The Wave does not support the use of sha256 digest in the image name, e.g. `ubuntu@sha256:3235...ce8f`, when using
the augmentation process to extend container images.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
the augmentation process to extend container images.
the augmentation process to extend container images.
This is because Wave augmentation affects the image sha256, because the image contents change.


In order to reference a container via sha256 digest in the image name with Wave you will need to *freeze* image mode
that will force the creation of a new container image using the container you have specified as base image.
Whilst using a digest directly isn't possible, Wave can generate image names which include a sha256 digest
ewels marked this conversation as resolved.
Show resolved Hide resolved
of the `Dockerfile` used to build the image within the tag.
In order to reference a container via this sha256 digest tag, you will need to use the _freeze_ image mode.
This will force the creation of a new container image, using the container you have specified as base image.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I'm understanding better what you but it's not correct and a complete different thing what I'm trying to say above.

The checksum created by using freeze is NOT a sha256 digest (it uses a complete different algo).

The above above is explaining how you can use a container sha256 digest name reference with Wave, not how to produce a container having a digest in the name

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The above above is explaining how you can use a container sha256 digest name reference with Wave

Ok great, this PR was part docs and partly intended to try to clear this up so that I understand 😅

Can you give an example Wave URI that uses a container sha256 digest, without placeholders please? As I don't follow how it works from the docs that were here already.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

 docker pull ubuntu@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok but that's skipping wave completely right? I thought you said this morning that you didn't want to do that?

That's what the nextflow inspect stuff I suggested before was about, to show how to get these URIs..

Copy link
Collaborator

@pditommaso pditommaso May 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure to follow. Do you mean how to use digest with wave? it's enough to enable freeze

wave -i ubuntu@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 --freeze --build-repo docker.io/pditommaso/wave-test

Resulting container

docker.io/pditommaso/wave-test:d1a0bffd1b4ef0f6

Not getting how inspect is related here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok that's requesting an image with a digest from Wave. There's no docker pull with a digest there?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a digests for any other container image, but it has nothing do to wit the original one and it's not returned by inspect, so I see now point to mention here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This will force the creation of a new container image, using the container you have specified as base image.
This will force the creation of a new container image, using the container you have specified as base image
and push it to a 3rd party container registry.


In your pipeline configuration, ensure that you specify the following settings:
For example, in your pipeline configuration you could specify the following settings:

```groovy
wave.enabled = true
Expand All @@ -73,6 +75,12 @@ wave.strategy = ['dockerfile']
wave.build.repository = 'docker.io/<user>/<repository>'
```

This would build a new image, push it to docker.io and return a URI with the following structure:

```
docker.io/<user>/<repository>:<image>--<sha>
ewels marked this conversation as resolved.
Show resolved Hide resolved
```
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
```
```
The image `tag` here is composed of a Human-readable `<image>` name and a `<hash>` based on the build instructions.


## Tutorials

### Authenticate private repositories
Expand Down