acr icon indicating copy to clipboard operation
acr copied to clipboard
verified publisher icon Azure

Cache images by SHA

Open johnknutsonhc opened this issue 10 months ago • 1 comments

What is the problem you're trying to solve

To improve the security posture of our supply chain, we wish to reference container images by SHA rather than tags, which are mutable.

Describe the solution you'd like

I would like to reference images by SHA and have ACR retrieve the appropriate SHA of the upstream image.

Additional context

Error message:

#2 [auth] actions/actions-runner:pull token for ORG_REGISTRY.azurecr.io
#2 DONE 0.0s

#3 [internal] load metadata for ORG_REGISTRY.azurecr.io/actions/actions-runner:sha256-831a2607a2618e4b79d9323b4c72330f3861768a061c2b92a845e9d214d80e5b
#3 ERROR: encountered unknown type application/vnd.oci.empty.v1+json; children may not be fetched
------
 > [internal] load metadata for ORG_REGISTRY.azurecr.io/actions/actions-runner:sha256-831a2607a2618e4b79d9323b4c72330f3861768a061c2b92a845e9d214d80e5b:
------
Dockerfile:1
--------------------
   1 | >>> FROM ORG_REGISTRY.azurecr.io/actions/actions-runner:sha256-831a2607a2618e4b79d9323b4c72330f3861768a061c2b92a845e9d214d80e5b
   2 |     # sha256-831a2607a2618e4b79d9323b4c72330f3861768a061c2b92a845e9d214d80e5b = 2.323.0
   3 |     # see https://github.com/actions/runner/pkgs/container/actions-runner for versions
--------------------
ERROR: failed to solve: ORG_REGISTRY.azurecr.io/actions/actions-runner:sha256-831a2607a2618e4b79d9323b4c72330f3861768a061c2b92a845e9d214d80e5b: failed to resolve source metadata for ORG_REGISTRY.azurecr.io/actions/actions-runner:sha256-831a2607a2618e4b79d9323b4c72330f3861768a061c2b92a845e9d214d80e5b: encountered unknown type application/vnd.oci.empty.v1+json; children may not be fetched

johnknutsonhc avatar Apr 17 '25 16:04 johnknutsonhc

Thanks for your feedback, @johnknutsonhc. Adding @JXavierMSFT to track this feature request

terencet-dev avatar May 09 '25 16:05 terencet-dev