-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New image id with every build #7297
Comments
I tried reproducing, but didn't manage to. mkdir repro-7297 && cd repro-7297
echo -e "FROM debian\nRUN echo 1\n" > Dockerfile docker build -t test .
...
=> [2/2] RUN echo 1 0.3s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:3a097764d6b73e779c6d27dc92a09837bcc950def76056e8451d86d104297b7b 0.0s
=> => naming to docker.io/library/test 0.0s
docker image inspect --format '{{.ID}}' test
sha256:3a097764d6b73e779c6d27dc92a09837bcc950def76056e8451d86d104297b7b
docker build -t test .
...
=> CACHED [2/2] RUN echo 1 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:3a097764d6b73e779c6d27dc92a09837bcc950def76056e8451d86d104297b7b 0.0s
=> => naming to docker.io/library/test 0.0s
docker image inspect --format '{{.ID}}' test
sha256:3a097764d6b73e779c6d27dc92a09837bcc950def76056e8451d86d104297b7b
docker build -t test .
...
=> CACHED [2/2] RUN echo 1 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:3a097764d6b73e779c6d27dc92a09837bcc950def76056e8451d86d104297b7b 0.0s
=> => naming to docker.io/library/test 0.0s
docker image inspect --format '{{.ID}}' test
sha256:3a097764d6b73e779c6d27dc92a09837bcc950def76056e8451d86d104297b7b Are you using the default builder, or is it possible you created a custom (container-driver) builder? What does |
cc @crazy-max |
I should add this is happening on Apple M2 chip.
From above output, |
Ah, thanks for that output! Yes, it looks like the image doesn't change, but the attestation gets created for each build, so the digest of the manifest index will change because of that; Image digest is the same for all builds;
cc @tonistiigi @crazy-max PTAL |
Done some further debugging and it is caused by |
When using the containerd image store an OCI index is pushed that contains the provenance attestation as this store supports multi-platform images. This is the case since Buildx 0.10.0:
I recall someone was also confused about the image id being different with provenance because of lack of reproducibility/immutability of it but can't find yet the issue related to this. In any case you can just disable provenance if this is an issue for you:
|
OK understood, thank you very much for clarifying this. |
Description
docker build -t test .
results in an image idrunning
docker build -t test .
again gives a new image id (despite sayingCACHED 2/2
)Reproduce
Use any simple Dockerfile and run
docker build
twice for it, you will get two different image idsExpected behavior
docker build
should not generate a new image id if all steps are cacheddocker version
Client: Docker Engine - Community Version: 26.1.3 API version: 1.45 Go version: go1.22.3 Git commit: b72abbb6f0 Built: Thu May 16 07:47:24 2024 OS/Arch: darwin/arm64 Context: desktop-linux Server: Docker Desktop 4.30.0 (149282) Engine: Version: 26.1.1 API version: 1.45 (minimum version 1.24) Go version: go1.21.9 Git commit: ac2de55 Built: Tue Apr 30 11:48:04 2024 OS/Arch: linux/arm64 Experimental: false containerd: Version: 1.6.31 GitCommit: e377cd56a71523140ca6ae87e30244719194a521 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
docker info
Diagnostics ID
080414E0-4A72-428B-B7E8-64293C8ED6A1/20240527075817
Additional Info
No response
The text was updated successfully, but these errors were encountered: