jfrog-cli icon indicating copy to clipboard operation
jfrog-cli copied to clipboard
verified publisher icon jfrog

JFCLI should identify the correct manifest from the virtual repository.

Open logeshjf opened this issue 1 year ago • 1 comments

Use case: When we push docker images to the Virtual repository using the JFrog CLI and if the default deployment repository is not in 1st place of the resolution order, then the JFrog CLI gets a different manifest and fails to collect the build info.

Example: There are two local repositories 'dev' and 'release' and the default deployment repository is configured to the 'dev' repository, In the virtual repository, the resolution order is

release dev

Consider a scenario where we deploy the docker image (alpine:latest) to the virtual repository, it will be deployed to the ‘dev’ repository and the deployed image will be promoted from the dev to the release repository later inside the virtual.

After that, if we build a new image with the same name and tag (alpine:latest) and push it to the virtual repository again, the image will be pushed to the ‘dev’ repository.

Then, the JFCLI will collect the manifest for validation from the virtual repository. During the validation, the manifest is resolved from the ‘release’ repository as it was in the 1st place of the resolution order instead of the default redeployment repository ‘dev’. Hence, there is a mismatch in the manifest checksum and the validation fails. Here is the sample error snippet.

14:13:42 [Debug] Found incorrect manifest.json file. Expects digest "sha256:8a3078e2b2f3b3fc0b7fbfe87aaeb9c7c76582400e8c98328dccfef59d7c2cf8" found "sha256:91ef0af61f39ece4d6710e465df5ed6ca12112358344fd51ae6a3b886634148b 14:13:42 [Warn] Failed to collect build-info. No layer(s) was found for image:'/test-docker/alpine:latest'. Hint, try to delete the image from the local cache and rerun the command 14:13:42 [Debug] Could not find docker image in Artifactory, expecting image tag: ./test-docker/alpine:latest

Feature description:

The JFrog CLI should perform the following validation while deploying to a virtual repository.

  1. Get the manifest from the virtual repository based on the SHA instead of the name:tag.
  2. Add an option to make the validation optional.

Expected behavior JFCLI should identify the correct manifest from the virtual repository during the validation process.

Possible workaround: Change the workflow by deploying directly to the local repository rather than the virtual repository.

logeshjf avatar Nov 19 '24 13:11 logeshjf

Considered for backlog.

shuvadipc avatar Feb 20 '25 11:02 shuvadipc

Hi @logeshjf - Thanks for asking this feature which is now supported. Please use JFrog-CLI v2.77.0 to get this.

shuvadipc avatar Jul 21 '25 09:07 shuvadipc