Skaffold: Support for GitHub Package repository (does not support pull by digest)

@WilliamB17 did you have an issue with Github Package? Skaffold does push using IMAGE_NAME:VERSION. When it references those images in the Kubernetes yaml files, it uses the IMAGE_NAME:VERSION@SHA form though. Which should be totally ok.

@dgageot Yes, in Github's documentation it says that you can't push and pull with SHA. The image is pushed on the Github registry, however in my cluster k8s I can't pull the image. I've tried this locally and I can't pull an image with a digest.

@WilliamB17 Could you share the logs that make you think this is the issue? I have the feeling that the problem might be different. See https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry to understand how Kubernetes pulls images from private registries.

For give an example I use this.
the Docker image is pushed here.

If I add myself the tag only in the deployment description and I use kubectl apply -f k8s/k8s-dep.yaml my pod is pull properly in k8s cluster.

I can reproduce this. You can not pull from GitHub Package Registry using a the ...@sha256... syntax.

Not being able to pull using a digest is the current limitation of GitHub Packages that is giving hard time to many people.

That seems so unreal that they don't support that. It's a core feature of
Docker

On Wed, May 20, 2020 at 9:15 PM Chanseok Oh notifications@github.com
wrote:

Not being able to pull using a digest is the current limitation of GitHub
Packages
https://github.community/t5/GitHub-API-Development-and/Cannot-pull-docker-image-from-Github-Package-Registry-by-digest/m-p/33018#M3127
that is giving hard time to many people.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/GoogleContainerTools/skaffold/issues/4218#issuecomment-631671702,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AABFPF7QBOC7NH5CKPIJ2KTRSQT4RANCNFSM4NEQGKLQ
.

With discussed this issue offline today, and agree with @chanseokoh 's observation: the inability for the GitHub Package repository to reference images by digest is breaking many applications. It's not up to Skaffold to workaround this restriction.

We've had some similar conversations with other users to improve Skaffold integrating with tag-based workflows, so it may be possible that we accidentally resolve this incompatibility in the future. We just aren't planning on addressing this specifically for GitHub at this time.

That said, I'd be willing to review any PR's that make Skaffold function in environments which discourage tagging.

Is it so hard to prepare a PR which address this limitation behind a flag? I will try to do it. Any @tstromberg hints?

@StarpTech - As far as I know, changing Skaffold to pull based on tag rather than digest is not going to be a trivial change. @dgageot likely has a more authoritative opinion.

According to https://github.community/t/cannot-pull-docker-image-from-github-package-registry-by-digest/14342/9 this shortcoming will be fixed shortly on the GitHub side.

@tstromberg thanks for the review.

It would clearly not be easy!

Does anyone have a fork of Skaffold that doesn't pull by digest? I'm completely blocked by this.

@iMerica unfortunately this is not a straight-forward fix and I doubt any of the maintainers have a fork that does this.