I have a CI pipeline on Github Actions that builds and pushes a docker image, then, I have a seperate repository that has an action that I trigget from the command line, that takes as an arg a docker image which then applies it to a Kustomize template
Here is an example of that CI
docker build . -t ghcr.io/myOrg/myApp:${{ commitSha }}
docker push ghcr.io/myOrg/myRepo:${{ commitSha }}
gh workflow run update_image.yml -R myOrg/myInfraRepo -f image=ghcr.io/myOrg/myRepo@$(docker images --no-trunc --quiet ghcr.io/myOrg/myApp:${{ commitSha }})
When testing, the whole flow works, and triggers the workflow with an image & digest, however, the digest doesn't seem to be correct
When I check the container via github packages, I can see the following manifest
{
"digest": "sha256:9e32f9292cbe63d27374fd467ad5e530112cbfddf17c250ca90e087bdfcd436e",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 1998,
"config": {
"digest": "sha256:6f7e582643c22f4e41021be851bb0394c0e326e8fe06c7d3e890316d1a0234e9",
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 8755
},
"layers": [
...
Both digests are different, and the output of docker images --no-trunc --quiet was the digest under config.digest, not the top level digest. I don't understand why they're different, is this a registry digest?
If so, how can I get that digest via the command line?
Well, I managed to resolve this. I was using the wrong command to get the digest.
It works, but that's only the local digest. I replaced it with this from here
which returns the full name and remote digest. So now my final command looks like this: