Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Latest tag not applied (but not consistently)



  • I have a docker feed. It is called base. (Because it holds my base images.)

    I have this feed setup to use SemVer 2:

    0a9812d9-7d80-4ff3-bc48-b176b9e99d3c-image.png

    And for most of my repositories in that feed, it works just fine. Here is an example:

    639194b1-fd16-4994-955c-20f4870c0b54-image.png

    However, for one of my repositories, it is not working:

    5d765197-0ba0-4c3c-820e-3c0f79e07eba-image.png

    And if I try to add the latest tag, it will not work, because of the SemVer 2 restrictions!:

    ecef58f6-aef8-4f0b-b8b4-e97ffedb4155-image.png

    So it knows it should be doing SemVer 2, but it is not applying the latest tag.

    Note: I tried to just pull the latest tag directly, to ensure that it was not just a UI issue. It gave me an error:

    dfd5c21e-05b0-47a6-99fc-4d8ebde46fa7-image.png

    But if I put in the actual tag for the only container image that is in that repository, it works:

    00243e42-8299-42ea-b1de-3754c8034ddc-image.png

    What can I do to get this repository to apply the latest tag?

    NOTE: incase it is needed, we are running version 5.3.39 (Build 2)

    Update:
    I tried deleting the container images in the build/ops-dotnet-6.0 repository, and then deleting the repository itself.

    I then promoted the container image from my base-prerelease feed. (Note that in that repository, the latest tag is correctly applied.) When I promoted it, the build/ops-dotnet-6.0 repository was created again, with the container image in it (tagged with 1.0.1). But the latest tag was not applied.

    So deleting and recreating does not seem to fix the problem...

    Update 2:

    Digging a bit deeper, I noticed this message in the logs:

     Logged: 12/14/2021 8:51:00 PM
     Level: Warning
     Category: Web
     Message: Could not update vulnerabilities on demand for package base:build/ops-dotnet-6.0:<redacted>: Object reference not set to an instance of an object.
     Details: System.NullReferenceException: Object reference not set to an instance of an object.
    at Inedo.Extensions.Sonatype.VulnerabilitySources.OSSIndexVulnerabilitySource.<>c.<GetCoordinateChunks>b__15_0(IVulnerabilityPackage p)
    at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
    at System.Linq.Enumerable.Sum(IEnumerable`1 source)
    at Inedo.Extensions.Sonatype.VulnerabilitySources.OSSIndexVulnerabilitySource.<GetCoordinateChunks>d__15.MoveNext()
    at Inedo.Extensions.Sonatype.VulnerabilitySources.OSSIndexVulnerabilitySource.<GetVulnerabilitiesAsync>d__14.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Inedo.ProGet.Feeds.Docker.DockerFeed.<>c__DisplayClass30_0.<<GetVulnerabilitiesForContainerAsync>b__1>d.MoveNext()
    

    Maybe the vulnerability scan failing is causing it to fail to set the latest tag? If so, how can I fix this failure?


  • inedo-engineer

    Hi @Stephen-Schaff,

    How many tags does the build/ops-dotnet-6.0 have? Is 1.0.1 the only tag it has or is there another? Does the base-prerelease registry also have strict versioning enabled?

    The error you are seeing with vulnerability scanning will not affect the setting of the tag on Docker images. Vulnerability scanning is a scheduled job that happens in the background and not automatically upon upload of a new image so that should not affect this image. I am curious about that error though. Do you have your Sonatype vulnerability source attempting to scan your Docker registry? If so, Sonatype does not support Docker registries. We only support using Clair for scanning vulnerabilities in Docker images.

    Thanks,
    Rich



  • @rhessinger,

    How many tags does the build/ops-dotnet-6.0 have?

    The build/ops-dotnet-6.0 repository has only one container image it it and it has only the 1.0.1 tag.

    Does the base-prerelease registry also have strict versioning enabled?

    Yes it does. And the latest tag is working there.

    Do you have your Sonatype vulnerability source attempting to scan your Docker registry?

    We are configured to use OSS Index as a scanning source.

    I removed any scanning, deleted the container image and repository and then re-promoted the container. As you indicated it would, this did not fix the problem. (The latest tag is still not applied to the container.)

    Any ideas on how I can get the latest tag to be auto applied?


  • inedo-engineer

    @Stephen-Schaff said "Any ideas on how I can get the latest tag to be auto applied?"

    the "virtual" tags are recomputed when a tag is added, so if you can try tagging your image 1.0.2 (or something), and then deleting that tag, you should see1, 1.0, and latest all applied to that image



  • @atripp - That worked!

    A bit odd to me that removing the Container Image and re-adding did not work, but adding a tag did.

    Either way, I have a work around for when this happens in the future.

    Thank you!


  • inedo-engineer

    @Stephen-Schaff great to hear! And I guess another way to do it would be enabling/disabling the semver restrictions on the feed

    Let us know if it keeps happening, and you can find a pattern - we'll see if we can identify what might be the cause of it


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation