fix(release): correct manifest-digest capture + cross-arch smoke pull#246
Merged
Conversation
Two bugs in the buildx flow (#243/#245) that surfaced on the first real amd64 release run from an arm64 host: 1. Digest capture used `imagetools inspect --format '{{.Manifest.Digest}}'`, which for a buildx OCI index renders the whole descriptor block, not the sha — so the stored "digest" was multi-line garbage and promote would have failed. Parse the `Digest:` line instead (verified == `imagetools inspect --raw | shasum -a 256`). Factored into manifest_digest(), used by stage_push and the --resume-promote path. 2. Smoke did a plain `docker pull`, which resolves the build HOST's arch — on an arm64 host an amd64-only image fails "no matching manifest for linux/arm64". Pull the target platform explicitly (`--platform ${PLATFORMS%%,*}`); Docker can pull (not run) a non-native image, which is all the label check needs. Verified against the live v1.0.1-rc.1 images: manifest_digest returns the clean index sha, and `pull --platform linux/amd64` succeeds on the arm64 build host. The 1.0.1 rc images are already built + valid, so this unblocks promoting them (no rebuild). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two bugs in the new buildx release flow (#243/#245), surfaced on the first real amd64 release run from an arm64 host. The 1.0.1 release got through the gate (matrix 270/0) and built + pushed all 5 amd64 rc images, then failed at smoke.
Bugs
imagetools inspect --format '{{.Manifest.Digest}}'renders the whole descriptor block for a buildx OCI index, not the sha, so the stored digest was multi-line garbage (promote would fail). Parse theDigest:line instead — verified equal toimagetools inspect --raw | shasum -a 256. Factored intomanifest_digest(), used bystage_pushand the--resume-promotepath.docker pull— resolves the build host's arch, so on an arm64 Mac an amd64-only image failsno matching manifest for linux/arm64. Pull--platform ${PLATFORMS%%,*}explicitly (Docker can pull, not run, a non-native image — enough for the label check).Verified against the live rc images
shellcheckclean ·make testgreen.Unblocks 1.0.1 with no rebuild
The rc images are built + valid. After merge:
make release --resume-promote --draftre-captures their digests (now correctly) and promotes:1.0.1+:latest+ cuts the draft — no re-run of the matrix or the amd64 build.