Skip to content

Force OCI format for inner images when publishing tarballs or to local docker instances #47398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 3, 2025
Merged

Force OCI format for inner images when publishing tarballs or to local docker instances #47398

merged 2 commits into from
Apr 3, 2025

Conversation

baronfel
Copy link
Member

@baronfel baronfel commented Mar 9, 2025
edited
Loading

Description

Today it's possible to publish a multi-arch container manifest that is an OCI format, but contains inner images that are Docker format. This is an error - all formats (Docker or OCI) should be unified. Some tools will accept this mismatch, but others will error and force compliance. The MDE team found this as it impacted their migrations to SDK containers.

Fix

This PR determines if we are in a scenario in the outer-build where we are publishing an OCI manifest wrapper and forces the inner images to be OCI also. There results in exactly one change to the generated inner images: the media type field changes. All other content remains the same.

Workaround

Users can set <ContainerImageFormat>OCI</ContainerImageFormat> today to fix this.

Risk

Low - this is covered by tests and only applies to a single specific erroring scenario.

@ghost ghost added Area-Infrastructure untriaged Request triage from a team member labels Mar 9, 2025
@baronfel baronfel added Area-Containers Related to dotnet SDK containers functionality and removed Area-Infrastructure labels Mar 9, 2025
@baronfel baronfel requested a review from a team March 9, 2025 16:56
@baronfel baronfel marked this pull request as ready for review March 18, 2025 14:20
@baronfel baronfel changed the title enforce OCI format for inner images when publishing tarballs or to local docker instances Force OCI format for inner images when publishing tarballs or to local docker instances Mar 19, 2025
@surayya-MS
Copy link
Member

LGTM

@baronfel baronfel force-pushed the enforce-oci-for-manifest-publishing branch from 1bcd676 to 1ec4897 Compare March 19, 2025 17:42
@rbhanda rbhanda added this to the 8.0.16 milestone Mar 20, 2025
@Forgind Forgind removed untriaged Request triage from a team member Branch Lockdown labels Apr 2, 2025
@baronfel baronfel merged commit 56ef042 into dotnet:release/8.0.4xx Apr 3, 2025
19 of 23 checks passed
@baronfel baronfel deleted the enforce-oci-for-manifest-publishing branch April 3, 2025 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@surayya-MS surayya-MS surayya-MS approved these changes

Assignees
No one assigned
Labels
Area-Containers Related to dotnet SDK containers functionality Servicing-approved
Projects
None yet
Milestone
8.0.16
Development

Successfully merging this pull request may close these issues.
4 participants
@baronfel @surayya-MS @Forgind @rbhanda