Skip to content

feat: add container sha as optional field to package #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 23, 2025
Merged

feat: add container sha as optional field to package #109

merged 1 commit into from
Oct 23, 2025

Conversation

@t0mmylam
Copy link
Collaborator

@t0mmylam t0mmylam commented Oct 22, 2025
edited
Loading

Adds optional containerSHA field to package specs

Changes

API & CRD:

  • Added containerSHA field to Package spec and PackageStatus
  • Updated CRD and Helm chart with new field

Implementation:

  • Added getPackageImage() helper to use digest format (image@sha256:...) when containerSHA is specified
  • Updated pod creation to pull images by digest when available
  • Propagated containerSHA through PackageSkyhook annotations and NodeState.Upsert()

Testing:

  • Updated all unit tests to handle new parameter
  • Updated e2e test to use real multi-arch manifest digest for agentless:1.2

Usage

packages:
  my-package:
    version: "1.0"
    image: ghcr.io/example/image
    containerSHA: "sha256:abc123..."  # Optional: ensures exact image

When specified, Kubernetes pulls image@sha256:... instead of image:version, guaranteeing the exact container regardless of tag changes.

lockwobr
lockwobr reviewed Oct 23, 2025
View reviewed changes
lockwobr
lockwobr reviewed Oct 23, 2025
View reviewed changes
@t0mmylam t0mmylam merged commit 6edb574 into main Oct 23, 2025
10 of 12 checks passed
@t0mmylam t0mmylam deleted the containerSHA branch October 23, 2025 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lockwobr lockwobr lockwobr approved these changes

@mskalka mskalka Awaiting requested review from mskalka mskalka is a code owner

@ayuskauskas ayuskauskas Awaiting requested review from ayuskauskas ayuskauskas is a code owner

@riceriley59 riceriley59 Awaiting requested review from riceriley59 riceriley59 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@t0mmylam @lockwobr