add semver tagging semantics #214
Conversation
(this was probably from local hacking) Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
changes to /check:
* versions now include both tag and digest
* when tag: is omitted, detect tags based on semantic versioning
* find all tags which are valid semver versions (e.g. 1, 1.2, 1.2.3)
* skips any tags which aren't semver, except for 'latest' (see below)
* for each semver tag found, emit each digest only once and in
semver order, with most specific semver tag chosen
* this prevents repeating 3, 3.2, 3.2.1 if they have the same
digest; only 3.2.1 is returned instead
* if 'latest' tag is present *and* has a unique digest, return it as
the latest version
* this is to support hotfixes or not strictly following semver for
whatever reason; the intent is for 'latest' to be latest
* if latest tag digest is also tagged as a semver tag, don't return
it; it may be a race condition when pushing a new version (e.g.
5.0.0 tagged but 'latest' not bumped yet)
changes to /in:
* now writes the tag from the given version to ./tag, rather than the
tag: from source
* still fetches the exact digest from the version
/out is semantically unchanged, and only has refactors to deal with the
now-optional tag: field
TODO:
* implement checking from a cursor; currently just returns all versions
* support 'variants' i.e. 1.2.3-foo
* automatic tag bumping in /out
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
vito
force-pushed
the
semver-tags
branch
2 times, most recently
from
0c12207
to
6ad4a07
Compare
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
note: we are following the future-looking resource check semantics here. the initial check will return all versions. later checks will treat the tag and digest as a cursor: as long as the digest is the same, only the versions after the tag will be returned. if the digests differ, all versions will be returned instead, "resetting" the history. Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
instead of passing a bunch of values, just 'rewrite' the source config to point to a mirror Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: Bishoy Youssef <byoussef@vmware.com> Signed-off-by: Alex Suraci <asuraci@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com>
Signed-off-by: Alex Suraci <asuraci@vmware.com> Co-authored-by: James Thomson <jamesth@vmware.com>
this is a significant optimization: before we would fetch the digest for every tag, now we'll only fetch the digest for the latest tag + any tags with newer versions. Signed-off-by: Alex Suraci <asuraci@vmware.com>
this will perform a ping + auth flow and then pass the transport along in options for all subsequent requests. the net effect is that rather than pinging + acquiring a token on every request, we will only ping, since the token is already acquired. i'm not sure if either of these endpoints are rate limited in the first place, so this might not matter, but it at least saves time. Signed-off-by: Alex Suraci <asuraci@vmware.com>
these needed tag: configured, but they were skipped because my local test setup didn't have the docker image stuff set. that doesn't actually need to be set for the 429 test, since they use a fake registry, so i moved them to a separate context. Signed-off-by: Alex Suraci <asuraci@vmware.com>
|
@xtreme-sameer-vohra Quick update: this is good to go! Just finished the last TODO item and fixed a broken test. |
|
@xtreme-sameer-vohra I merged |
|
@xtreme-sameer-vohra This is ready to go again. We're thinking of jumping to v7.0 instead of v6.8 so I'd like to include this too since we're doing a major version bump and this involves a behaviour change, even though it's mostly backwards-compatible. I wish I could make it easier to review but with how long this has been open it'd be a bit of a nightmare to rebase. All of my recent pushes are just to bring it in line with changes that have been made on |
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
|
Just skimmed through so far, but seems pretty nice! Have you considered adding a semver constraint configuration to the |
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
previously, if a 1.2.3-rc.4 tag was present alongside 1.2.3, the resource would return 1.2.3-rc.4 as the tag. now it returns 1.2.3. Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io> Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
Yeah I think that makes a lot of sense. I'd rather leave it for a separate PR though, just 'cause this one's pretty big already. |
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
also ensure tag is included when given a cursor version that doesn't have the tag present, so that versions are consistent when given a partial version with `fly check-resource --from` Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
|
compared to latest: It's quite a bit slower. I expect this won't be a huge problem for named resources, since they only need to do this slow check once (and whenever a digest disappears) - but will it be for anonymous edit: obviously, "problem" is subjective - things will still work, but if it tacks on an extra 20s to many edit take 2: I refreshed my memory on how the |
|
@aoldershaw Yup - that's what led to the whole image-fetching refactor. With how things used to work, it would definitely be too slow for task image resources - but now that Scopes are a little confusing, but in this case you can ignore them since scopes only apply to pipeline-level resources - otherwise it'll be the "null" (global) scope. |
fixes #151
closes #197 (supersedes it)
still a WIP - leaving lots of context in each commit message, will amend this with more commentary later
note: this is intended to be as backwards-compatible as possible, but the default behavior will change specifically when
tag:is not specified. rather than tracking only thelatesttag, the resource will track all semver tags present, only returninglatestif there are no semver tags with the same digestTODO:
/check: support detecting "variants" (i.e.alpine,3-alpine,3.2-alpine,3.2.4-alpine)/check: distinguish between multi-word variants (i.e.apacheshouldn't match1.2.3-foo-apache)/check: distinguish between prereleases and variants (i.e.apacheSHOULD match1.2.3-rc.2-apache)/check: skip prereleases by default, add flag/check: support checking "from" a version/check: refactor; there's a lot of branching with tag vs. non-tag and mirror vs. no mirror/out: support pushing versions and variant versions/out: implement optional semver tag bumping (i.e. bump3.2,3, andlatestwhen shipping3.2.4assuming3.2is latest)3.2.0-alpine, and optionally3.2-alpineif latest 3.2.x,3-alpineif latest 3.x,alpineif latest overall)checkrequest which fetches digests of all the tags is a bit slow - it looks likego-containerregistrydoes a fresh auth flow for each call. Can we optimize this, either by avoiding requests when given a cursor version or by opening an issue ongo-containerregistry? (opened issue: Is there a way to reuse token/transport to prevent repeated auth requests? google/go-containerregistry#740)/in: respect a version that only hasdigest:- this is may be from a user manually pinning, per Feature request: support digest in 'source' #45 (comment)checkand then find the specified version?