market icon indicating copy to clipboard operation
market copied to clipboard

Published 20 hours ago verified publisher icon oceanprotocol

Enforce docker container checksum in publish form

Open bogdanfazakas opened this issue 2 years ago • 3 comments

Fixes #1672 .

Changes proposed in this PR:

  • get container checksum from docker hub api using the existing proxy
  • allow users add manually the container checksum for images not hosted on docker hub and for private images where we can't fetch the value
  • fetch the checksum for our default container images

bogdanfazakas avatar Sep 19 '22 12:09 bogdanfazakas

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
market ✅ Ready (Inspect) Visit Preview Oct 10, 2022 at 1:20PM (UTC)

vercel[bot] avatar Sep 19 '22 12:09 vercel[bot]

fetches everything correctly in some quick tests. Some findings:

  1. When switching in UI between node:latest & python:latest, 4 of the same requests with the same response are happening. So let's double check if we can reduce those requests.

  2. Tried with the example in the placeholder and got: Screen Shot 2022-09-22 at 18 45 14

As latest does not exist for this, let's use oceanprotocol/algo_dockers:node-vibrant as placeholder example.

Because then all is good:

Screen Shot 2022-09-22 at 18 48 54

UI for success path is good enough considering this is advanced feature, one small addition could be that in above success case, the filled Docker Image Checksum becomes readOnly.

  1. The always fun error states. This is really confusing for an image which does not exist, I typed in oceanprotocol/hello:
Screen Shot 2022-09-22 at 18 51 16

So in this case I would expect UI telling me this image does not exist. And no empty Image: & Tag: But not sure if we can reliably detect if there's a Docker image behind a URL? Easy for shortcut notation oceanprotocol/hello but not with a full URL I suppose.

So we would need some error state for cases where we can detect that it's not a Docker image

kremalicious avatar Sep 22 '22 17:09 kremalicious

fetches everything correctly in some quick tests. Some findings:

  1. When switching in UI between node:latest & python:latest, 4 of the same requests with the same response are happening. So let's double check if we can reduce those requests.
  2. Tried with the example in the placeholder and got:

As latest does not exist for this, let's use oceanprotocol/algo_dockers:node-vibrant as placeholder example.

Because then all is good:

UI for success path is good enough considering this is advanced feature, one small addition could be that in above success case, the filled Docker Image Checksum becomes readOnly.

  1. The always fun error states. This is really confusing for an image which does not exist, I typed in oceanprotocol/hello:

So in this case I would expect UI telling me this image does not exist. And no empty Image: & Tag: But not sure if we can reliably detect if there's a Docker image behind a URL? Easy for shortcut notation oceanprotocol/hello but not with a full URL I suppose.

So we would need some error state for cases where we can detect that it's not a Docker image

Think i cover most or all of the things mentioned above 😃

bogdanfazakas avatar Sep 28 '22 13:09 bogdanfazakas

Deploy Preview for market-oceanprotocol ready!

Name Link
Latest commit c030f8ec7ea159a37ff6f2b14057a372f25cb4dc
Latest deploy log https://app.netlify.com/sites/market-oceanprotocol/deploys/63441bbc6df4e40008c286e0
Deploy Preview https://deploy-preview-1696--market-oceanprotocol.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

netlify[bot] avatar Oct 07 '22 09:10 netlify[bot]

The only issue that i found is that we don't specify that the validation works only for docker hub. So based on the placeholder i write my custom url and then click 'Use' . I get an error where it tells me tot check my url image

mihaisc avatar Oct 07 '22 10:10 mihaisc

The only issue that i found is that we don't specify that the validation works only for docker hub. So based on the placeholder i write my custom url and then click 'Use' . I get an error where it tells me tot check my url

this should have covered the following scenarios:

  1. if docker image inserted is a url : we we do a head query on that url to see if it is a valid url (think this is the most we can do in this case), if that succeeds we inform the user to add manually the container checksum, otherwise we display the error you've got
  2. if not an url, we hit docker-hub via our docker-hub-proxy, if image-tag not found we display that error, if found we add the checksum and disable that input field

But i think something is wrong with the url thingy, checking it

bogdanfazakas avatar Oct 07 '22 11:10 bogdanfazakas

Ok, after further discussion there will be no checks/validation for images from custom repos. For example : docker pull quay.io/startx/mariadb in the field you put just quay.io/startx/mariadb a url doesn't work and you can't even check it. If it's custom we can't really validate, the user just need to input the right values for name and checksum.

Docker Image URL - > Custom Docker Image ( there is no url involved, never) Remove the url part from the placeholder.

mihaisc avatar Oct 07 '22 12:10 mihaisc

Code Climate has analyzed commit c030f8ec and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 0.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 4.0% (0.0% change).

View more on Code Climate.

codeclimate[bot] avatar Oct 10 '22 13:10 codeclimate[bot]