Skip to content

Commit 48ea324

Browse files
authored
Merge pull request #1047 from broadinstitute/fix/docker-manifest-v2-format
Switch Docker builds to Docker Manifest List v2 format
2 parents c36842d + 4d3dc91 commit 48ea324

2 files changed

Lines changed: 80 additions & 67 deletions

File tree

.github/actions/create-manifest/action.yml

Lines changed: 44 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
name: 'Create Multi-Arch Manifest'
2-
description: 'Create Docker manifest with OCI annotations'
2+
description: 'Create multi-arch Docker manifest'
33
inputs:
44
ghcr-repo:
55
description: 'GHCR repository base (e.g., ghcr.io/broadinstitute/viral-ngs)'
@@ -14,8 +14,8 @@ inputs:
1414
description: 'Source ARM64 image tag'
1515
required: true
1616
description:
17-
description: 'Image description for OCI annotation'
18-
required: true
17+
description: 'Image description (reserved for future use)'
18+
required: false
1919

2020
runs:
2121
using: 'composite'
@@ -24,10 +24,47 @@ runs:
2424
shell: bash
2525
run: |
2626
docker buildx imagetools create \
27-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
28-
--annotation "index:org.opencontainers.image.description=${{ inputs.description }}" \
29-
--annotation "index:org.opencontainers.image.licenses=MIT" \
30-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
3127
--tag "${{ inputs.ghcr-repo }}:${{ inputs.target-tag }}" \
3228
"${{ inputs.ghcr-repo }}:${{ inputs.source-amd64 }}" \
3329
"${{ inputs.ghcr-repo }}:${{ inputs.source-arm64 }}"
30+
31+
- name: Verify Docker Manifest List v2 format
32+
shell: bash
33+
run: |
34+
set -euo pipefail
35+
36+
REPO_PATH="${REPO#ghcr.io/}"
37+
38+
# Fetch registry access token
39+
TOKEN=$(curl -fsS "https://ghcr.io/token?service=ghcr.io&scope=repository:${REPO_PATH}:pull" | jq -er .token) || {
40+
echo "FAIL: Unable to retrieve token from ghcr.io"
41+
exit 1
42+
}
43+
44+
# Fetch manifest and capture HTTP status code + content type
45+
HTTP_STATUS=$(curl -sS -o /dev/null -w '%{http_code}' \
46+
-H "Authorization: Bearer $TOKEN" \
47+
-H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" \
48+
"https://ghcr.io/v2/${REPO_PATH}/manifests/${{ inputs.target-tag }}") || {
49+
echo "FAIL: Unable to retrieve manifest from ghcr.io for tag '${{ inputs.target-tag }}'"
50+
exit 1
51+
}
52+
53+
if [ "$HTTP_STATUS" != "200" ]; then
54+
echo "FAIL: Expected HTTP 200 when fetching manifest, got: $HTTP_STATUS"
55+
exit 1
56+
fi
57+
58+
CONTENT_TYPE=$(curl -sS -D- -o /dev/null \
59+
-H "Authorization: Bearer $TOKEN" \
60+
-H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" \
61+
"https://ghcr.io/v2/${REPO_PATH}/manifests/${{ inputs.target-tag }}" | grep -i content-type)
62+
63+
if echo "$CONTENT_TYPE" | grep -qi "manifest.list.v2"; then
64+
echo "OK: Docker Manifest List v2 format confirmed"
65+
else
66+
echo "FAIL: Expected Docker Manifest List v2, got: $CONTENT_TYPE"
67+
exit 1
68+
fi
69+
env:
70+
REPO: ${{ inputs.ghcr-repo }}

.github/workflows/docker.yml

Lines changed: 36 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,9 @@ jobs:
161161
context: .
162162
file: docker/Dockerfile.baseimage
163163
platforms: linux/amd64
164-
push: true
164+
provenance: false
165+
sbom: false
166+
outputs: type=image,push=true,oci-mediatypes=false
165167
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-amd64
166168
cache-from: |
167169
type=registry,ref=${{ env.GHCR_REPO }}:cache-baseimage-amd64-${{ needs.get-version.outputs.image-tag-prefix }}
@@ -195,7 +197,9 @@ jobs:
195197
context: .
196198
file: docker/Dockerfile.baseimage
197199
platforms: linux/arm64
198-
push: true
200+
provenance: false
201+
sbom: false
202+
outputs: type=image,push=true,oci-mediatypes=false
199203
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-arm64
200204
cache-from: |
201205
type=registry,ref=${{ env.GHCR_REPO }}:cache-baseimage-arm64-${{ needs.get-version.outputs.image-tag-prefix }}
@@ -253,20 +257,12 @@ jobs:
253257
254258
# Create version tag
255259
docker buildx imagetools create \
256-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
257-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - base image" \
258-
--annotation "index:org.opencontainers.image.licenses=MIT" \
259-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
260260
--tag ${{ env.GHCR_REPO }}:${VERSION}-baseimage \
261261
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-amd64 \
262262
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-arm64
263263
264264
# Create major.minor tag
265265
docker buildx imagetools create \
266-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
267-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - base image" \
268-
--annotation "index:org.opencontainers.image.licenses=MIT" \
269-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
270266
--tag ${{ env.GHCR_REPO }}:${MAJOR_MINOR}-baseimage \
271267
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-amd64 \
272268
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-arm64
@@ -302,7 +298,9 @@ jobs:
302298
context: .
303299
file: docker/Dockerfile.core
304300
platforms: linux/amd64
305-
push: true
301+
provenance: false
302+
sbom: false
303+
outputs: type=image,push=true,oci-mediatypes=false
306304
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64
307305
build-args: |
308306
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-amd64
@@ -341,7 +339,9 @@ jobs:
341339
context: .
342340
file: docker/Dockerfile.core
343341
platforms: linux/arm64
344-
push: true
342+
provenance: false
343+
sbom: false
344+
outputs: type=image,push=true,oci-mediatypes=false
345345
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
346346
build-args: |
347347
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-baseimage-arm64
@@ -403,19 +403,11 @@ jobs:
403403
MAJOR_MINOR=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
404404
405405
docker buildx imagetools create \
406-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
407-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - core utilities" \
408-
--annotation "index:org.opencontainers.image.licenses=MIT" \
409-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
410406
--tag ${{ env.GHCR_REPO }}:${VERSION}-core \
411407
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64 \
412408
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
413409
414410
docker buildx imagetools create \
415-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
416-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - core utilities" \
417-
--annotation "index:org.opencontainers.image.licenses=MIT" \
418-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
419411
--tag ${{ env.GHCR_REPO }}:${MAJOR_MINOR}-core \
420412
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64 \
421413
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
@@ -451,7 +443,9 @@ jobs:
451443
context: .
452444
file: docker/Dockerfile.assemble
453445
platforms: linux/amd64
454-
push: true
446+
provenance: false
447+
sbom: false
448+
outputs: type=image,push=true,oci-mediatypes=false
455449
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-assemble-amd64
456450
build-args: |
457451
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64
@@ -490,7 +484,9 @@ jobs:
490484
context: .
491485
file: docker/Dockerfile.assemble
492486
platforms: linux/arm64
493-
push: true
487+
provenance: false
488+
sbom: false
489+
outputs: type=image,push=true,oci-mediatypes=false
494490
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-assemble-arm64
495491
build-args: |
496492
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
@@ -552,19 +548,11 @@ jobs:
552548
MAJOR_MINOR=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
553549
554550
docker buildx imagetools create \
555-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
556-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - assembly" \
557-
--annotation "index:org.opencontainers.image.licenses=MIT" \
558-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
559551
--tag ${{ env.GHCR_REPO }}:${VERSION}-assemble \
560552
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-assemble-amd64 \
561553
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-assemble-arm64
562554
563555
docker buildx imagetools create \
564-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
565-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - assembly" \
566-
--annotation "index:org.opencontainers.image.licenses=MIT" \
567-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
568556
--tag ${{ env.GHCR_REPO }}:${MAJOR_MINOR}-assemble \
569557
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-assemble-amd64 \
570558
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-assemble-arm64
@@ -600,7 +588,9 @@ jobs:
600588
context: .
601589
file: docker/Dockerfile.classify
602590
platforms: linux/amd64
603-
push: true
591+
provenance: false
592+
sbom: false
593+
outputs: type=image,push=true,oci-mediatypes=false
604594
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-classify-amd64
605595
build-args: |
606596
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64
@@ -639,7 +629,9 @@ jobs:
639629
context: .
640630
file: docker/Dockerfile.classify
641631
platforms: linux/arm64
642-
push: true
632+
provenance: false
633+
sbom: false
634+
outputs: type=image,push=true,oci-mediatypes=false
643635
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-classify-arm64
644636
build-args: |
645637
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
@@ -701,19 +693,11 @@ jobs:
701693
MAJOR_MINOR=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
702694
703695
docker buildx imagetools create \
704-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
705-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - metagenomic classification" \
706-
--annotation "index:org.opencontainers.image.licenses=MIT" \
707-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
708696
--tag ${{ env.GHCR_REPO }}:${VERSION}-classify \
709697
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-classify-amd64 \
710698
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-classify-arm64
711699
712700
docker buildx imagetools create \
713-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
714-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - metagenomic classification" \
715-
--annotation "index:org.opencontainers.image.licenses=MIT" \
716-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
717701
--tag ${{ env.GHCR_REPO }}:${MAJOR_MINOR}-classify \
718702
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-classify-amd64 \
719703
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-classify-arm64
@@ -749,7 +733,9 @@ jobs:
749733
context: .
750734
file: docker/Dockerfile.phylo
751735
platforms: linux/amd64
752-
push: true
736+
provenance: false
737+
sbom: false
738+
outputs: type=image,push=true,oci-mediatypes=false
753739
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-phylo-amd64
754740
build-args: |
755741
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64
@@ -788,7 +774,9 @@ jobs:
788774
context: .
789775
file: docker/Dockerfile.phylo
790776
platforms: linux/arm64
791-
push: true
777+
provenance: false
778+
sbom: false
779+
outputs: type=image,push=true,oci-mediatypes=false
792780
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-phylo-arm64
793781
build-args: |
794782
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
@@ -850,19 +838,11 @@ jobs:
850838
MAJOR_MINOR=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
851839
852840
docker buildx imagetools create \
853-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
854-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - phylogenetics" \
855-
--annotation "index:org.opencontainers.image.licenses=MIT" \
856-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
857841
--tag ${{ env.GHCR_REPO }}:${VERSION}-phylo \
858842
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-phylo-amd64 \
859843
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-phylo-arm64
860844
861845
docker buildx imagetools create \
862-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
863-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - phylogenetics" \
864-
--annotation "index:org.opencontainers.image.licenses=MIT" \
865-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
866846
--tag ${{ env.GHCR_REPO }}:${MAJOR_MINOR}-phylo \
867847
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-phylo-amd64 \
868848
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-phylo-arm64
@@ -898,7 +878,9 @@ jobs:
898878
context: .
899879
file: docker/Dockerfile.mega
900880
platforms: linux/amd64
901-
push: true
881+
provenance: false
882+
sbom: false
883+
outputs: type=image,push=true,oci-mediatypes=false
902884
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-mega-amd64
903885
build-args: |
904886
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-amd64
@@ -937,7 +919,9 @@ jobs:
937919
context: .
938920
file: docker/Dockerfile.mega
939921
platforms: linux/arm64
940-
push: true
922+
provenance: false
923+
sbom: false
924+
outputs: type=image,push=true,oci-mediatypes=false
941925
tags: ${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-mega-arm64
942926
build-args: |
943927
BASEIMAGE=${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-core-arm64
@@ -993,19 +977,11 @@ jobs:
993977
MAJOR_MINOR=$(echo "$VERSION" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
994978
995979
docker buildx imagetools create \
996-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
997-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - all tools combined" \
998-
--annotation "index:org.opencontainers.image.licenses=MIT" \
999-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
1000980
--tag ${{ env.GHCR_REPO }}:${VERSION} \
1001981
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-mega-amd64 \
1002982
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-mega-arm64
1003983
1004984
docker buildx imagetools create \
1005-
--annotation "index:org.opencontainers.image.source=https://github.com/broadinstitute/viral-ngs" \
1006-
--annotation "index:org.opencontainers.image.description=Viral genomics analysis tools - all tools combined" \
1007-
--annotation "index:org.opencontainers.image.licenses=MIT" \
1008-
--annotation "index:org.opencontainers.image.authors=viral-ngs@broadinstitute.org" \
1009985
--tag ${{ env.GHCR_REPO }}:${MAJOR_MINOR} \
1010986
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-mega-amd64 \
1011987
${{ env.GHCR_REPO }}:${{ needs.get-version.outputs.image-tag-prefix }}-mega-arm64

0 commit comments

Comments
 (0)