如何提取docker映像的所有其他标签? [英] How to pull all alternative tags of a docker image?
问题描述
我通过构建管道管理gitlab。所有组件都封装在官方gitlab维护者的docker映像中。
每当我更新时(通常每周一次),我需要检查gitlab / gitlab-runner-helper仍适用于最新版本的gitlab。这只能通过执行管道来检查。如果它不起作用,则日志会准确地告诉我它需要什么图像,然后我将其拉出。
该图像还标有最新标签,该标签由于对非易失性标签的依赖性强,我无法使用。
$ docker image ls
存储标签图像ID创建大小
gitlab / gitlab-runner-helper x86_64-8af42251 1ee5a99eba5f 20小时前43.7MB
gitlab / gitlab-runner-helper x86_64-latest 1ee5a99eba5f 20小时前43.7MB
要自动执行更新过程,我想知道如何使用所有其他标签提取最新图像?
docker pull的手册页上说,有一个-all-tags
选项,以从存储库中加载任何已标记的图像,但这不能与标记结合使用。
据我所知,没有真正有效或内置的方式来做到这一点。相反,您需要通过REST查询注册表,首先要查询该存储库的标签列表:
GET http://< registry> / v2 /< repository> / tags / list
然后,为每个标签添加一个清单:
每个清单都会有一个与之关联的哈希,您应该能够从响应的HTTP标头中获取该哈希。您甚至可以对它发出HEAD请求,并避免其余清单负载,但是我最近没有尝试过。 现在您有了一个列表标签和清单哈希,您只需要查找所有与 这有点乏味,但是使用 脚本: 以上脚本利用名为 注意:上面的脚本仅针对特定的标签的子集( I administer a gitlab with build pipeline. All components are encapsulated in docker images from the official gitlab maintainer. Whenever I update - usually once a week - I need to check whether the gitlab/gitlab-runner-helper still works for the current latest version of gitlab. This can only be checked by executing a pipeline. If it does not work, the log tells me exactly what image it needs an I proceed to pull it. The image in question is also tagged with a latest tag, which I cannot use, due to the hard dependency to the non-volatile tag. To automate my update process, I'd like to know, how I could pull the latest image with all alternative tags? The man page of docker pull says, there is a As far as I know, there is no really efficient or built in way to do this. Instead, you need to query your registry via REST, first for the tag list for that repository: Then, for each tag, a manifest: Each manifest will have a hash associated with it, which you should be able to get from the HTTP headers of the response. You may even be able to make a HEAD request for it and avoid the rest of the manifest payload, but I haven't tried this recently. Now you have a list of tags and manifest hashes, and you just need to find all the tags with hashes that match the This is a little tedious, but it's actually not that bad to script out with Script: The above script utilizes a file named Note: The script above only focuses on a specific subset of tags ( 这篇关于如何提取docker映像的所有其他标签?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!获取http://< registry> / v2 /<存储库> / manifests /< tag> c b
最新
标签匹配的哈希标签即可。
curl
和 jq
编写脚本实际上也不错,特别是如果您无需担心安全性。
#!/ bin / sh
TOKEN =`curl -s https://auth.docker.io/token?service=registry.docker.io& scope = repository:gitlab / gitlab-runner-helper:pull | jq‘.token’| sed's / /// g'`
TAGS =`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/tags/list -H授权: Bearer $ TOKEN | jq .tags [] | sed's / // g'| grep x86_64`
用于标记$ TAGS;
做
#$ tag是旧条目吗?
如果grep -Fxq $ tag tags.list
然后
#已处理
继续
否则
echo发现新标签:$ tag
newSHA =`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/$tag -H授权:承载$ TOKEN | jq .fsLayers [] .blobSum | sed's / /// g'`
LatestSHA =`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/x86_64-latest -H授权:Bearer $ TOKEN | jq .fsLayers [] .blobSum | sed's / /// g'`
如果[ $ newSHA = $ lateshaSHA]
然后
echo $ tag是新的最新版本
docker pull gitlab / gitlab-runner-helper:$ tag
echo $ tag>> tags.list
fi
fi
完成
tags.list
的文件,该文件位于该文件旁边。该文件包含较旧的标记,以防止发出500个以上的HTTP请求。如果文件中还没有 TAGS
中的标签,这并不意味着它是最新的。有时会出现标签,最终将成为最新版本。这些标签已被探测,但不会插入文件中。如果将来会跳过这些版本,那么将来可能会成为一个问题。
x86_64
)。$docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
gitlab/gitlab-runner-helper x86_64-8af42251 1ee5a99eba5f 20 hours ago 43.7MB
gitlab/gitlab-runner-helper x86_64-latest 1ee5a99eba5f 20 hours ago 43.7MB
--all-tags
option, to load any tagged image from the repository, but this cannot be combined with a tag.GET http://<registry>/v2/<repository>/tags/list
GET http://<registry>/v2/<repository>/manifests/<tag>
latest
tag.curl
and jq
, especially if you don't need to worry about security.
#!/bin/sh
TOKEN=`curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:gitlab/gitlab-runner-helper:pull" | jq '.token' | sed 's/"//g'`
TAGS=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/tags/list -H "Authorization: Bearer $TOKEN" | jq ".tags[]" | sed 's/"//g' | grep x86_64`
for tag in $TAGS;
do
# is $tag an old entry?
if grep -Fxq $tag tags.list
then
# already processed
continue
else
echo "new tag found: $tag"
newSHA=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/$tag -H "Authorization: Bearer $TOKEN" | jq ".fsLayers[] .blobSum" | sed 's/"//g'`
latestSHA=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/x86_64-latest -H "Authorization: Bearer $TOKEN" | jq ".fsLayers[] .blobSum" | sed 's/"//g'`
if [ "$newSHA" = "$latestSHA" ]
then
echo "$tag is new latest version"
docker pull gitlab/gitlab-runner-helper:$tag
echo $tag >> tags.list
fi
fi
done
tags.list
, that is placed next to it. This file contains the older tags, to prevent issuing 500+ HTTP requests. If a tag from the TAGS
is not yet present in the file, it does not mean, it is the latest. Sometimes tags appear, that eventually will become the latest version. Those tags are probed, but will not be inserted into the file. This might become an issue in the future, if those versions will be skipped as latest.x86_64
).