Correct/Add image digest to `manifest.json`
As any logged in user to dcar.dsop.io
I want the image digests published. Currently the image ids are published, but not the image digests.
So that I can determine if images have changed by comparing image digests.
The image ids (or sha tags) are not immutable and vary based on what registry is used. Having the manifest digest published would allow users to determine if images have changed without downloading the released image tars.
For example on /redhat/ubi/ubi8:8.1 for jenkins run 2200 ...
The manifest.json lists the manifest digest as ...
"podman-manifest-digest": "sha256:a775bc13c84593a72f815a3f55a7ba7cb5178c4c8985b2afc9527ca7d7ed06ef"but a775bc13c84593a72f8... is the sha tag/image id on your nexus repo.
If you inspect the image after loading it or explore the index.json in the OCI archive.tar file.
{
"schemaVersion":2,
"manifests":
[
{"mediaType":"application/vnd.oci.image.manifest.v1+json",
"digest":"sha256:1b63c2c0f022155f41ac51cc70defeb45f0c7762bf36a5af5efd0c4c6b756da1",
"size":351,
"annotations":{
"org.opencontainers.image.ref.name":"nexus-
docker.52.61.140.4.nip.io/redhat/ubi/ubi8@sha256:a775bc13c84593a72f815a3f55a7ba7cb5178c4c8985b2afc9527ca7d7ed06ef"},
...This shows that the manifest digest is sha256:1b63... and the sha tag/image id is sha256:a775.... sha256:1b63... will not change when the image is moved to a new registry.
NOTES
- Possible solution:
- My guess is that manifest digest was set to image id by accident.
- Update the released
manifest.jsonto include the correct value forpodman-manifest-digestor add a new field.
- Influencers
- Previous attempts
Acceptance Criteria
- ADR laying out what options were researched and why we decided on a particular path