oras check draft design
#1803
oras check draft design
#1803
Conversation
Signed-off-by: Xiaoxuan Wang <[email protected]>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1803 +/- ##
==========================================
+ Coverage 85.25% 85.27% +0.02%
==========================================
Files 143 143
Lines 6739 6739
==========================================
+ Hits 5745 5747 +2
+ Misses 706 704 -2
Partials 288 288 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Signed-off-by: Xiaoxuan Wang <[email protected]>
wangxiaoxuan273
requested review from
sajayantony,
shizhMSFT,
SteveLasker,
qweeah,
Wwwsylvia and
TerryHowe
as code owners
| @@ -0,0 +1,114 @@ | |||
| # oras check draft design | |||
|
|
|||
| This is a draft design for the `oras check` command. | |||
There was a problem hiding this comment.
Could you clarify what content will be checked? Linking to this issue #1791 can also provide some context to reviewers
There was a problem hiding this comment.
For each image specified by the user (by name or digest), we will check:
[for the manifest]
- If the manifest referenced by the tag or digest exists in the repository.
- If the manifest's size, digest and media type match the information saved on the repo server. (technically, that means if the descriptor resolved by the repo server matches the actual manifest)
[for each blob, including config and layers]
- If the blob referenced by the manifest exists in the repository.
- If the blob's size and digest match the descriptors in the manifest
[check the subject if present, recursively]
- check the subject's manifest as mentioned above
- check the subject's blobs as mentioned above
There was a problem hiding this comment.
Maybe just add this text here?
docs/proposals/check-design.md
Outdated
| ## Questions for discussion | ||
| 1. Should we support reference by digest? | ||
| 2. Should we support validating index? What should the behavior be? | ||
| 3. Should we support validating an entire repository? (`oras check localhost:5000/hello`, no image reference is given) No newline at end of file |
There was a problem hiding this comment.
We may want to think which use case that users want to check the entire repo? My assumption is that users may want to check the content completeness and integrity when backup or restore an entire repo
There was a problem hiding this comment.
Two scenarios I can think of:
- When a user fails to pull an image from the registry, he can run
oras checkto see if the image is corrupted. This helps the user to troubleshoot faster. - User may want to set up a periodic pipeline (say once a month) to check that all current images in the production repository are intact.
docs/proposals/check-design.md
Outdated
|
|
||
| ## Questions for discussion | ||
| 1. Should we support reference by digest? | ||
| 2. Should we support validating index? What should the behavior be? |
There was a problem hiding this comment.
I think an image index should be considered as it will saves some time for users to check a multi-platform image; otherwise, users have to manually retrieve digest of each multi-platform image and check them one by one.
The behavior would be checking the content integrity of each platform-specific manifest.
docs/proposals/check-design.md
Outdated
| https://github.com/oras-project/oras/pull/1801 | ||
|
|
||
| ## Questions for discussion | ||
| 1. Should we support reference by digest? |
There was a problem hiding this comment.
Can you clarify this question?
There was a problem hiding this comment.
What I mean is, currently we support
oras check localhost:5000/repo:v1
Do we want to support
oras check localhost:5000/repo@sha256:xxxxx ?
Signed-off-by: Xiaoxuan Wang <[email protected]>
Signed-off-by: Xiaoxuan Wang <[email protected]>
What this PR does / why we need it:
PoC implementation: #1801
Issue: #1791
What will be checked by
oras check:For each image specified by the user (by name or digest), we will check:
[for the manifest]
If the manifest referenced by the tag or digest exists in the repository.
If the manifest's size, digest and media type match the information saved on the repo server. (technically, that means if the descriptor resolved by the repo server matches the actual manifest)
[for each blob, including config and layers]
If the blob referenced by the manifest exists in the repository.
If the blob's size and digest match the descriptors in the manifest
[check the subject if present, recursively]
check the subject's manifest as mentioned above
check the subject's layer as mentioned above
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Please check the following list: