Better describe an Image Manifest as an artifact #1015
Conversation
Signed-off-by: Bracken Dawson <[email protected]>
brackendawson
requested review from
jonjohnsonjr,
jonboulle,
stevvooe,
sudo-bmitch,
sajayantony,
vbatts and
cyphar
as code owners
manifest.md
Outdated
| "config": { | ||
| "mediaType": "image/gif", | ||
| "size": 3540101, | ||
| "digest": "sha256:725c49c527a83669901d00392768df9f653b1964a056c54232bc4c93003ddb48" | ||
| }, | ||
| "layers": [ | ||
| { | ||
| "mediaType": "application/octet-stream", | ||
| "size": 0, | ||
| "digest": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" | ||
| } | ||
| ], |
There was a problem hiding this comment.
This is inverted from most examples I'm used to. With content, typically that is shipped in the layer and the config is only defined if there is metadata for the artifact. There is a push to define the "zero layer" artifact, but in those scenarios, the config is typically empty (or {} for registries expecting json).
There was a problem hiding this comment.
An empty config conveys no artifactType, according to the distribution spec, right?
My motivation to write this was that I couldn't initially tell how to set the artifactType of an Image Manifest.
How about giving the example of a zero size blob conveying artifactType and a single layer with some other media type?
There was a problem hiding this comment.
By empty config with {}, I'm referring to the blob content, not the descriptor. E.g.
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"config": {
"mediaType": "application/spdx+json",
"size": 2,
"digest": "sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a"
},
"layers": [
{
"mediaType": "application/spdx+json",
"size": 9210,
"digest": "sha256:038b15a57207ce80b990a095b2a325188b005ccb6dc2704cb17dcf9cbfbaa1e9"
}
],
"annotations": {
"org.opencontainers.artifact.created": "2023-02-04T21:27:04Z",
"org.opencontainers.artifact.description": "SPDX JSON SBOM"
},
"subject": {
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 1024,
"digest": "sha256:e7cdaad185f143527e454463f96f4eb5c49d9a24aea299fd00e4f136be34bb03"
}
}Here's an example with a helm chart I like, where they have a dedicated config media type:
{
"schemaVersion": 2,
"config": {
"mediaType": "application/vnd.cncf.helm.config.v1+json",
"digest": "sha256:23b5b19b695d822e7c1e6e1bd17d49ec768ab4b4f71aeb7d20f0b378f6257298",
"size": 139
},
"layers": [
{
"mediaType": "application/vnd.cncf.helm.chart.content.v1.tar+gzip",
"digest": "sha256:ae2ef52c768449e51474033431f5c974a03d89278f89de0ed24f8b08d24f8447",
"size": 6589
}
]
}There was a problem hiding this comment.
Thanks, updated. Do you think we should add an annotation only example once we decide what the best recommendation regarding the layers field is?
Signed-off-by: Bracken Dawson <[email protected]>
brackendawson
force-pushed
the
artifact
branch
from
ec718d6 to
b3e1281
Compare
|
#1043 contains more up to date examples of artifacts. |
I think that the only way to know what an artifact stored as an Image Manifest should look like is to read this line near the bottom of the "listing referrers" section of the distribution spec. I think it should be possible to understand an artifact from the image spec.