Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Quay image tags overwritten? SHAs purged?
See original GitHub issueDescribe the bug
It looks like public keycloak images get purged when a tag is overwritten. I am pinning my keycloak image refs with SHAs but the images are very soon not retrievable anymore. Main tag I am using: 17.0.1-legacy
My questions:
- why are tags overwritten? Shouldn’t a tag be stable?
- if a tag is overwritten, why is the old SHA not available any more?
Version
17.0.1-legacy
Expected behavior
Images to stay available at Quay.io
Actual behavior
Images get deleted why tags are overwritten.
How to Reproduce?
No response
Anything else?
No response
Issue Analytics
- State:
- Created a year ago
- Reactions:4
- Comments:11 (5 by maintainers)
Top Results From Across the Web
Chapter 4. Working with tags Red Hat Quay 3
Images can be set to expire from a Red Hat Quay repository at a chosen date and time using a feature called tag...
Read more >Use Project Quay
A specific tag and all its images can be deleted by clicking on the tag's gear icon and choosing Delete Tag . This...
Read more >Working with tags - Quay Documentation
Deleting a tag A specific tag and all its images can be deleted by clicking on the icon and choosing Delete Tag. This...
Read more >Auto Expiration Of Transient Quay.io Images
... e.g. branch integration tests, then you can tag those Docker images with an expiration time so they are automatically deleted from Quay....
Read more >Docker how to change repository name or rename image?
docker rmi server. That will just remove the alias/tag . Since d583c3ac45fd has other names, the actual image won't be deleted.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I fully appreciate the SHA pinning issue, and we should figure out some solution to this issue. The problem here is when we re-spin the images rather than release a new version of Keycloak we end up publishing the updated container with the same tags.
Not quite sure how we should handle the re-spins and automate the tags there. At the moment this is how we set tags:
https://github.com/keycloak/keycloak/blob/0efa4afd493de0cb62501301f8a6828e95ea4982/.github/workflows/release-container.yml#L23-L31
Typically a re-spin would have an incremental number (something like 18.0.1-1, 18.0.1-2, etc.), but that would require checking what the last number is to increment it. Another option may be possible to just add a date based tag (18.0.1-20220501 for example).
It’s not something I can prioritize looking at right now, and we’ve done in this way for quite a long time, but if someone has a clean proposal I’d be more than welcome to review it. If not I’ll take a look at it in a few weeks hopefully.
@stianst can you maybe help us a little more about this issue maybe? We have the same issue and use SHA from security perspective as well!