Menu
I administer a gitlab with a build pipeline. All components are encapsulated in docker images from the official gitlab maintainer.
Whenever I update - usually once a week - I need to check whether the gitlab/gitlab-runner-helper still works for the current latest version of gitlab. This can only be checked by executing a pipeline. If it does not work, the log tells me exactly what image it needs and I proceed to pull it.
The image in question is also tagged with a latest tag, which I cannot use, due to the hard dependency to the non-volatile tag.
$docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
gitlab/gitlab-runner-helper x86_64-8af42251 1ee5a99eba5f 20 hours ago 43.7MB
gitlab/gitlab-runner-helper x86_64-latest 1ee5a99eba5f 20 hours ago 43.7MB
To automate my update process, I'd like to know, how I could pull the latest image with all alternative tags?
The man page of docker pull says, there is a --all-tags option, to load any tagged image from the repository, but this cannot be combined with a tag.
538
To pull all images from a repository, provide the -a (or --all-tags ) option when using docker pull .
You can just create a new file name, dockertags , under /usr/local/bin (or add a PATH env to your . bashrc / . zshrc ), and put that code in it. Then add the executable permissions( chmod +x dockertags ).
There's a way to check all version tags on Docker Hub (for example), against the local docker image's “Image ID”. You can get every tag from a Docker Registry (like Docker Hub), then use every tag you found, to get the image ID information from the manifest of every image.
A tag must point to a single Docker image but a single Docker image can have many Tags. So let's rebuild the previous image with version:latest tag. In the above case, we built a new image (without modifying the contents) with the name version:latest though we left out :latest part so that Docker can do its magic.
2. We can use the ‘–all-tags’ or ‘-a’ option to pull all images with different tags at once as the ‘docker pull’ command pulls only one image at a time by default and the command is shown as below: – In the above example, we can see that it has started downloading all the images with different tags from the ‘alpine’ repository.
The docker rmi command serves for deleting Docker images, but if the image is tagged with more than one tag, it will remove not image, but tag: To change Docker image name or repository, use the same principle. Cool Tip: Clean up a Docker host by removing unused Docker images!
The docker tag command will silently replace a tag’s reference if an existing tag is used as the target: The demo tag now refers to second-image and cannot be used to reference first-image. You can still interact with the first image using its remaining tag, first-image:latest.
The registry URL is part of the tag. Add a new tag that includes the registry you want to push to, then use docker push to upload it: Pushing a bare tag without a URL component will send the image data to Docker Hub. Consequently you must add a tag with your server’s hostname and optional port number when you’re interacting with a private registry.
As far as I know, there is no really efficient or built in way to do this. Instead, you need to query your registry via REST, first for the tag list for that repository:
GET http://<registry>/v2/<repository>/tags/list
Then, for each tag, a manifest:
GET http://<registry>/v2/<repository>/manifests/<tag>
Each manifest will have a hash associated with it, which you should be able to get from the HTTP headers of the response. You may even be able to make a HEAD request for it and avoid the rest of the manifest payload, but I haven't tried this recently.
Now you have a list of tags and manifest hashes, and you just need to find all the tags with hashes that match the latest tag.
This is a little tedious, but it's actually not that bad to script out with curl and jq, especially if you don't need to worry about security.
Script:
#!/bin/sh
TOKEN=`curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:gitlab/gitlab-runner-helper:pull" | jq '.token' | sed 's/"//g'`
TAGS=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/tags/list -H "Authorization: Bearer $TOKEN" | jq ".tags[]" | sed 's/"//g' | grep x86_64`
for tag in $TAGS;
do
# is $tag an old entry?
if grep -Fxq $tag tags.list
then
# already processed
continue
else
echo "new tag found: $tag"
newSHA=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/$tag -H "Authorization: Bearer $TOKEN" | jq ".fsLayers[] .blobSum" | sed 's/"//g'`
latestSHA=`curl -s https://registry.hub.docker.com/v2/gitlab/gitlab-runner-helper/manifests/x86_64-latest -H "Authorization: Bearer $TOKEN" | jq ".fsLayers[] .blobSum" | sed 's/"//g'`
if [ "$newSHA" = "$latestSHA" ]
then
echo "$tag is new latest version"
docker pull gitlab/gitlab-runner-helper:$tag
echo $tag >> tags.list
fi
fi
done
The above script utilizes a file named tags.list, that is placed next to it. This file contains the older tags, to prevent issuing 500+ HTTP requests. If a tag from the TAGS is not yet present in the file, it does not mean, it is the latest. Sometimes tags appear, that eventually will become the latest version. Those tags are probed, but will not be inserted into the file. This might become an issue in the future, if those versions will be skipped as latest.
Note: The script above only focuses on a specific subset of tags (x86_64).
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
