如何提取docker映像的所有其他标签？ [英] How to pull all alternative tags of a docker image?

问题描述

我通过构建管道管理gitlab。所有组件都封装在官方gitlab维护者的docker映像中。

每当我更新时（通常每周一次），我需要检查gitlab / gitlab-runner-helper仍适用于最新版本的gitlab。这只能通过执行管道来检查。如果它不起作用，则日志会准确地告诉我它需要什么图像，然后我将其拉出。

该图像还标有最新标签，该标签由于对非易失性标签的依赖性强，我无法使用。

  $ docker image ls 
存储标签图像ID创建大小
 gitlab / gitlab-runner-helper x86_64-8af42251 1ee5a99eba5f 20小时前43.7MB 
 gitlab / gitlab-runner-helper x86_64-latest 1ee5a99eba5f 20小时前43.7MB 
  

要自动执行更新过程，我想知道如何使用所有其他标签提取最新图像？

docker pull的手册页上说，有一个-all-tags 选项，以从存储库中加载任何已标记的图像，但这不能与标记结合使用。

解决方案

据我所知，没有真正有效或内置的方式来做到这一点。相反，您需要通过REST查询注册表，首先要查询该存储库的标签列表：

GET http：//< registry> / v2 /< repository> / tags / list

然后，为每个标签添加一个清单：

获取http：//< registry> / v2 /<存储库> / manifests /< tag> c b


每个清单都会有一个与之关联的哈希，您应该能够从响应的HTTP标头中获取该哈希。您甚至可以对它发出HEAD请求，并避免其余清单负载，但是我最近没有尝试过。

现在您有了一个列表标签和清单哈希，您只需要查找所有与最新标签匹配的哈希标签即可。

这有点乏味，但是使用 curl 和 jq 编写脚本实际上也不错，特别是如果您无需担心安全性。

---

脚本：

 ＃！/ bin / sh 
 
 TOKEN =`curl -s https://auth.docker.io/token?service=registry.docker.io& scope = repository：gitlab / gitlab-runner-helper：pull | jq‘.token’| sed's / /// g'` 
 TAGS =`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/tags/list -H授权： Bearer $ TOKEN | jq .tags [] | sed's / // g'| grep x86_64` 
 
用于标记$ TAGS； 
做
＃$ tag是旧条目吗？ 
如果grep -Fxq $ tag tags.list 
然后
＃已处理
继续
否则
 echo发现新标签：$ tag 
 newSHA =`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/$tag -H授权：承载$ TOKEN | jq .fsLayers [] .blobSum | sed's / /// g'` 
 LatestSHA =`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/x86_64-latest -H授权：Bearer $ TOKEN | jq .fsLayers [] .blobSum | sed's / /// g'` 
如果[ $ newSHA = $ lateshaSHA] 
然后
 echo $ tag是新的最新版本 
 docker pull gitlab / gitlab-runner-helper：$ tag 
 echo $ tag>> tags.list 
 fi 
 fi 
完成
  

以上脚本利用名为 tags.list 的文件，该文件位于该文件旁边。该文件包含较旧的标记，以防止发出500个以上的HTTP请求。如果文件中还没有 TAGS 中的标签，这并不意味着它是最新的。有时会出现标签，最终将成为最新版本。这些标签已被探测，但不会插入文件中。如果将来会跳过这些版本，那么将来可能会成为一个问题。

注意：上面的脚本仅针对特定的标签的子集（ x86_64 ）。

I administer a gitlab with build pipeline. All components are encapsulated in docker images from the official gitlab maintainer.

Whenever I update - usually once a week - I need to check whether the gitlab/gitlab-runner-helper still works for the current latest version of gitlab. This can only be checked by executing a pipeline. If it does not work, the log tells me exactly what image it needs an I proceed to pull it.

The image in question is also tagged with a latest tag, which I cannot use, due to the hard dependency to the non-volatile tag.

$docker image ls
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
gitlab/gitlab-runner-helper   x86_64-8af42251     1ee5a99eba5f        20 hours ago        43.7MB
gitlab/gitlab-runner-helper   x86_64-latest       1ee5a99eba5f        20 hours ago        43.7MB

To automate my update process, I'd like to know, how I could pull the latest image with all alternative tags?

The man page of docker pull says, there is a --all-tags option, to load any tagged image from the repository, but this cannot be combined with a tag.

解决方案

As far as I know, there is no really efficient or built in way to do this. Instead, you need to query your registry via REST, first for the tag list for that repository:

GET http://<registry>/v2/<repository>/tags/list

Then, for each tag, a manifest:

GET http://<registry>/v2/<repository>/manifests/<tag>

Each manifest will have a hash associated with it, which you should be able to get from the HTTP headers of the response. You may even be able to make a HEAD request for it and avoid the rest of the manifest payload, but I haven't tried this recently.

Now you have a list of tags and manifest hashes, and you just need to find all the tags with hashes that match the latest tag.

This is a little tedious, but it's actually not that bad to script out with curl and jq, especially if you don't need to worry about security.

---

Script:

#!/bin/sh

TOKEN=`curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:gitlab/gitlab-runner-helper:pull" | jq '.token' | sed 's/"//g'`
TAGS=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/tags/list -H "Authorization: Bearer $TOKEN" | jq ".tags[]" | sed 's/"//g' | grep x86_64`

for tag in $TAGS;
do
  # is $tag an old entry?
  if grep -Fxq $tag tags.list
  then
    # already processed
    continue
  else
    echo "new tag found: $tag"
    newSHA=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/$tag -H "Authorization: Bearer $TOKEN" | jq ".fsLayers[] .blobSum" | sed 's/"//g'`
    latestSHA=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/x86_64-latest -H "Authorization: Bearer $TOKEN" | jq ".fsLayers[] .blobSum" | sed 's/"//g'`
    if [ "$newSHA" = "$latestSHA" ]
    then
      echo "$tag is new latest version"
      docker pull gitlab/gitlab-runner-helper:$tag
      echo $tag >> tags.list
    fi
  fi
done

The above script utilizes a file named tags.list, that is placed next to it. This file contains the older tags, to prevent issuing 500+ HTTP requests. If a tag from the TAGS is not yet present in the file, it does not mean, it is the latest. Sometimes tags appear, that eventually will become the latest version. Those tags are probed, but will not be inserted into the file. This might become an issue in the future, if those versions will be skipped as latest.

Note: The script above only focuses on a specific subset of tags (x86_64).

这篇关于如何提取docker映像的所有其他标签？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！