container-diff
container-diff copied to clipboard
GoogleContainerTools
[bug] hiting the cache even tough docker image has changed
Expected behavior
- container-diff diff image-a image-b --type=file
- docker pull image-a or docker build . --tag image a
- container-diff diff image-a image-b --type=file
should produce different results.
Actual behavior
Currently, running the same sequence of steps don't produce different results (the cached version gets repeated) and it's not obvious for the end-user which specific versions of the images were compared.
Comment about implementation: It seems that the docker image is based off the argument passed as image name alone, and no inspecting on the image is actually done.
One possible solution could be to use the image digest combined with the name for the cache key.
Information
- container-diff version: v0.15.0
- Operating system: OSX 10.15.4
Steps to reproduce the behavior
- Create image-a
FROM busybox
RUN echo "hi" > /hello
CMD ["cat", "/hello"]
Then
docker build -t image-a:latest -f Dockerfile.a .
- Create image-b
FROM busybox
RUN echo "ola" > /hello
CMD ["cat", "/hello"]
Then
docker build -t image-b:latest -f Dockerfile.b .
- Perform diff
container-diff diff daemon://image-a daemon://image-b --type=file
Output:
➜ container-diff-test container-diff diff daemon://image-a:latest daemon://image-b:latest --type=file
-----File-----
These entries have been added to image-a:latest: None
These entries have been deleted from image-a:latest: None
These entries have been changed between image-a:latest and image-b:latest:
FILE SIZE1 SIZE2
/hello 3B 4B
- Rebuild b
# change ola to 'hi' in Dockerfile.b and rebuild it with:
docker build -t image-b:latest -f Dockerfile.b .
- Diff a and b again
➜ container-diff-test container-diff diff daemon://image-a:latest daemon://image-b:latest --type=file
-----File-----
These entries have been added to image-a:latest: None
These entries have been deleted from image-a:latest: None
These entries have been changed between image-a:latest and image-b:latest:
FILE SIZE1 SIZE2
/hello 3B 4B
I would expect the following output:
➜ container-diff-test container-diff diff daemon://image-a:latest daemon://image-b:latest --type=file
-----File-----
These entries have been added to image-a:latest: None
These entries have been deleted from image-a:latest: None
These entries have been changed between image-a:latest and image-b:latest: None
( To get this I had to remove the cache file)
@guilherme yep you're absolutely right, we should be using the FQN with the image digest (or image ID) instead of the image name + tag for the cache keys.
I don't think anyone on our team will be able to implement this any time soon, but if you're interested in contributing I'm happy to review a PR.
I came across a similar issue.
Steps:
- I use command 'docker tag my-image:tag1 my-image:tag2' to duplicate my-image with different tag.
- container-diff diff daemon://my-image:tag1 daemon://my-image:tag2 --type=file The result yielded said those image are different. But actually they are exactly the same as their digests are identical to each other.
If I add the option --no-cache, container-diff diff daemon://my-image:tag1 daemon://my-image:tag2 --type=file --no-cache This time the result told me those images are the same as expected.
But the analyze command fetch out of date digests container-diff analyze daemon://my-image:tag1 --no-cache The command above print a out of date digest as it is different from the output by docker image list --digests
