Update SHA for go-containerregistry #1815
Conversation
update sha for com_github_google_go_containerregistry
umeshkumhar
requested review from
alexeagle,
gravypod,
pcj and
smukherj1
as code owners
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
|
@googlebot I signed it! |
umeshkumhar
changed the title
|
Looks like it was broken by bazelbuild/continuous-integration@15fbac4 |
alexeagle
force-pushed
the
patch-1
branch
2 times, most recently
from
0b40bc6
to
bd94f03
Compare
| @@ -39,7 +39,7 @@ def go_deps(): | |||
| name = "com_github_google_go_containerregistry", | |||
| urls = ["https://api.github.com/repos/google/go-containerregistry/tarball/8a2841911ffee4f6892ca0083e89752fb46c48dd"], # v0.1.4 | |||
| strip_prefix = "google-go-containerregistry-8a28419", | |||
| sha256 = "60b9a600affa5667bd444019a4e218b7752d8500cfa923c1ac54ce2f88f773e2", | |||
| sha256 = "cadb09cb5bcbe00688c73d716d1c9e774d6e4959abec4c425a1b995faf33e964", | |||
There was a problem hiding this comment.
I'm not opposed to updating the sha, but is there nay concern the artifact was tampered with?
I'm not sure if this is relevant, but neither sha matches the shas of the artifacts for that version in the regular non-api project: #1814 (comment)
cc @alexeagle
There was a problem hiding this comment.
@alexeagle @umeshkumhar thoughts on this? Do we know why the sha suddenly changed? And why it differs from those in the repo's release page?
There was a problem hiding this comment.
@SrodriguezO Not 100% sure, but this issue is raised with this commit ID. In this PR, you can see ko version is changed.
There are some reported issues where ko on version change has changed the tar hashes, which impacted SHA checks..More info here:
kubernetes/kubernetes#99376
One another possibility can be that the maintainer has re-published/ updated tarball, which caused SHA change, which I don't think have happened.
I have not explored to the root cause. Let me know if that helps
There was a problem hiding this comment.
Hi,
I'm facing an issue where using rules_docker v0.16.0 results in:
Checksum was cadb09cb5bcbe00688c73d716d1c9e774d6e4959abec4c425a1b995faf33e964 but wanted 60b9a600affa5667bd444019a4e218b7752d8500cfa923c1ac54ce2f88f773e2
The root cause is explained in ko-build/ko#315 and kubernetes/kubernetes#99376.
The TL;DR is that Kubernetes was using short hashes for versions, which may change in length over time. The hash is injected into the source through git archive.
This SHA256 change should fix things for now, but will eventually break again. The real solution will be to update the dependency to a commit after kubernetes/kubernetes@ab221b5.
There was a problem hiding this comment.
Further, my solution to this problem, without updating from rules_docker v0.16.0, has been to explicitly pull in github.com/google/go-containerregistry v0.4.1 via rules_go.
The remote server we fetched it from was providing two different files (differing by a whitespace) which caused the content hash to be unstable, making CI fail most of the time. Note this hash was changed in the last month by bazelbuild@08cddcc so the instability has been here for a while.
…s_docker bug Summary: This is to work around bazelbuild/rules_docker#1814 For more context, also see bazelbuild/rules_docker#1815 and google/go-containerregistry#997 Test Plan: Jenkins build should run now. Reviewers: zasgar, #third_party_approvers Reviewed By: zasgar, #third_party_approvers Differential Revision: https://phab.corp.pixielabs.ai/D8400 GitOrigin-RevId: 4d6cd51
update sha for com_github_google_go_containerregistry
PR Checklist
Please check if your PR fulfils the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Breaking http_archive or git_repository due to SHA change of @com_github_google_go_containerregistry
Issue Number: 1814
What is the new behaviour?
Will pull tarball @com_github_google_go_containerregistry and verify SHA properly
Does this PR introduce a breaking change?
Other information
#1814