DockerCLI/cli/command/image/push.go

191 lines
6.3 KiB
Go
Raw Normal View History

// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
//go:build go1.21
package image
import (
"context"
"encoding/json"
"fmt"
"io"
"github.com/containerd/platforms"
"github.com/distribution/reference"
"github.com/docker/cli/cli"
"github.com/docker/cli/cli/command"
"github.com/docker/cli/cli/command/completion"
"github.com/docker/cli/cli/streams"
"github.com/docker/docker/api/types/auxprogress"
"github.com/docker/docker/api/types/image"
registrytypes "github.com/docker/docker/api/types/registry"
"github.com/docker/docker/pkg/jsonmessage"
"github.com/docker/docker/registry"
"github.com/morikuni/aec"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
"github.com/pkg/errors"
"github.com/spf13/cobra"
)
type pushOptions struct {
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
all bool
remote string
untrusted bool
quiet bool
platform string
}
// NewPushCommand creates a new `docker push` command
func NewPushCommand(dockerCli command.Cli) *cobra.Command {
var opts pushOptions
cmd := &cobra.Command{
Use: "push [OPTIONS] NAME[:TAG]",
Short: "Upload an image to a registry",
Args: cli.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
opts.remote = args[0]
return RunPush(cmd.Context(), dockerCli, opts)
},
Annotations: map[string]string{
"category-top": "6",
"aliases": "docker image push, docker push",
},
ValidArgsFunction: completion.ImageNames(dockerCli),
}
flags := cmd.Flags()
flags.BoolVarP(&opts.all, "all-tags", "a", false, "Push all tags of an image to the repository")
flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress verbose output")
command.AddTrustSigningFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
// Don't default to DOCKER_DEFAULT_PLATFORM env variable, always default to
// pushing the image as-is. This also avoids forcing the platform selection
// on older APIs which don't support it.
flags.StringVar(&opts.platform, "platform", "",
`Push a platform-specific manifest as a single-platform image to the registry.
'os[/arch[/variant]]': Explicit platform (eg. linux/amd64)`)
flags.SetAnnotation("platform", "version", []string{"1.46"})
return cmd
}
// RunPush performs a push against the engine based on the specified options
//
//nolint:gocyclo
func RunPush(ctx context.Context, dockerCli command.Cli, opts pushOptions) error {
var platform *ocispec.Platform
if opts.platform != "" {
p, err := platforms.Parse(opts.platform)
if err != nil {
_, _ = fmt.Fprintf(dockerCli.Err(), "Invalid platform %s", opts.platform)
return err
}
platform = &p
printNote(dockerCli, `Selecting a single platform will only push one matching image manifest from a multi-platform image index.
This means that any other components attached to the multi-platform image index (like Buildkit attestations) won't be pushed.
If you want to push a whole multi-platform image, make sure all image content is present and remove the --platform flag.
`)
}
ref, err := reference.ParseNormalizedNamed(opts.remote)
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
switch {
case err != nil:
return err
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
case opts.all && !reference.IsNameOnly(ref):
return errors.New("tag can't be used with --all-tags/-a")
case !opts.all && reference.IsNameOnly(ref):
ref = reference.TagNameOnly(ref)
if tagged, ok := ref.(reference.Tagged); ok && !opts.quiet {
_, _ = fmt.Fprintf(dockerCli.Out(), "Using default tag: %s\n", tagged.Tag())
}
}
// Resolve the Repository name from fqn to RepositoryInfo
repoInfo, err := registry.ParseRepositoryInfo(ref)
if err != nil {
return err
}
// Resolve the Auth config relevant for this server
authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), repoInfo.Index)
encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
if err != nil {
return err
}
requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "push")
options := image.PushOptions{
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
All: opts.all,
RegistryAuth: encodedAuth,
PrivilegeFunc: requestPrivilege,
Platform: platform,
}
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
responseBody, err := dockerCli.Client().ImagePush(ctx, reference.FamiliarString(ref), options)
if err != nil {
return err
}
defer func() {
for _, note := range notes {
fmt.Fprintln(dockerCli.Err(), "")
printNote(dockerCli, note)
}
}()
defer responseBody.Close()
implement docker push -a/--all-tags The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998) always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.) all of `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`. Pushing all tags of an image was not desirable in many case, so docker v0.10.0 enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`) (see https://github.com/moby/moby/issues/3411 and the pull request that implemented this: https://github.com/moby/moby/pull/4948). This behavior exists up until today, and is confusing, because unlike other commands, `docker push` does not default to use the `:latest` tag when omitted, but instead makes it push "all tags of the image" For example, in the following situation; ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB ``` Running `docker push thajeztah/myimage` seemingly does the expected behavior (it pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the reason expected (`:latest` being the default tag), but because `:latest` happens to be the only tag present for the `thajeztah/myimage` image. If another tag exists for the image: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE thajeztah/myimage latest b534869c81f0 41 hours ago 1.22MB thajeztah/myimage v1.0.0 b534869c81f0 41 hours ago 1.22MB ``` Running the same command (`docker push thajeztah/myimage`) will push _both_ images to Docker Hub. > Note that the behavior described above is currently not (clearly) documented; > the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/) does not mention that omitting the tag will push all tags This patch changes the default behavior, and if no tag is specified, `:latest` is assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar to the flag that's present on `docker pull`. With this change: - `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest` - to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 08:48:42 -05:00
if !opts.untrusted {
// TODO PushTrustedReference currently doesn't respect `--quiet`
return PushTrustedReference(dockerCli, repoInfo, ref, authConfig, responseBody)
}
if opts.quiet {
err = jsonmessage.DisplayJSONMessagesToStream(responseBody, streams.NewOut(io.Discard), handleAux(dockerCli))
if err == nil {
fmt.Fprintln(dockerCli.Out(), ref.String())
}
return err
}
return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), handleAux(dockerCli))
}
var notes []string
func handleAux(dockerCli command.Cli) func(jm jsonmessage.JSONMessage) {
return func(jm jsonmessage.JSONMessage) {
b := []byte(*jm.Aux)
var stripped auxprogress.ManifestPushedInsteadOfIndex
err := json.Unmarshal(b, &stripped)
if err == nil && stripped.ManifestPushedInsteadOfIndex {
note := fmt.Sprintf("Not all multiplatform-content is present and only the available single-platform image was pushed\n%s -> %s",
aec.RedF.Apply(stripped.OriginalIndex.Digest.String()),
aec.GreenF.Apply(stripped.SelectedManifest.Digest.String()),
)
notes = append(notes, note)
}
var missing auxprogress.ContentMissing
err = json.Unmarshal(b, &missing)
if err == nil && missing.ContentMissing {
note := `You're trying to push a manifest list/index which
references multiple platform specific manifests, but not all of them are available locally
or available to the remote repository.
Make sure you have all the referenced content and try again.
You can also push only a single platform specific manifest directly by specifying the platform you want to push with the --platform flag.`
notes = append(notes, note)
}
}
}
func printNote(dockerCli command.Cli, format string, args ...any) {
if dockerCli.Err().IsTerminal() {
_, _ = fmt.Fprint(dockerCli.Err(), aec.WhiteF.Apply(aec.CyanB.Apply("[ NOTE ]"))+" ")
} else {
_, _ = fmt.Fprint(dockerCli.Err(), "[ NOTE ] ")
}
_, _ = fmt.Fprintf(dockerCli.Err(), aec.Bold.Apply(format)+"\n", args...)
}