0

I've been using the the Docker Python API and Boto3 to build images and push them to Amazon ECR. What I've having difficultly determining is how do I determine if an Image I build already exists in ECR? I can use the Boto3 libraries like so:

import boto3
import botocore

client = boto3.client('ecr')
images = client.list_images(repositoryName=repo_name, registryId=repo_id)

This will give me a list of digests, but they're not the Image digests. They're the Docker repository digests (which is a digest of the image + its manifest). So if I build an image locally, I can't use this to check to see if the image already exists with a tag on Amazon ECR.

import docker
client = docker.from_env()
image = client.build(path=docker_dir)
sha256 = image[0].id # <--This Sha sum is for the image, different from repository

Is there anyway to get the actual image digest for images in a given repository without having to pull the image?

djsumdog
  • 2,560
  • 1
  • 29
  • 55
  • I think if you hash the ECR manifest, you should get the same value as `sha256`. I'm unfamiliar with ECR but explored this for my own education recently using dockerhub and Google Container Registry (GCR): https://medium.com/google-cloud/adventures-w-docker-manifests-78f255d662ff – DazWilkin Mar 30 '19 at 00:51

1 Answers1

0

I think you could be doing something wrong because I am using a code so similar to yours and I am getting the digest.

session = boto3.Session(profile_name='default')
ecr = boto3.client('ecr')
docker_api = docker.APIClient()
print(session)

response = client.list_images(

    repositoryName='repoparent/reponame',

    maxResults=5,
    filter={
        'tagStatus': 'ANY'
    }
)

print (response)

I got like response the imagedigest include in the response

Session(region_name='eu-central-1')
{'imageIds': [{'imageDigest': 'sha256:cbb5f28f7a8377207c8f95e3a9fae311fa12f81a22401e053d5c07fd0f87', 'imageTag': 'temp_e2e_1.0.13'}], 'nextToken': 'ukD72mdD/mC8b5xV3susmJzzaTgp3hKwR9nRUWa1yZZ4wYnPpldlCcKdX0uA+hWWOLo3ccyBGxIDoN9FQLPPEHv2DRd1OrIm4ooJdVM1M6sckRwXypd7HXj/SnA9iMm3YBl8HRpVXD/kVWB2VlNFS4aftrQQgtfrPNl6nb/S4zGFrQGQp23fdsY5TsKrWTLOWrdo8HGhWX2ylJ0Qoi19DAOBEN2/JAwMbk2hyquf5NDeA7omjHUMI1pfX5lpO2FPF39DKMZtzdwe24e8RcHa508aukf9CYW6gya6knjWbJfQSrb4lIP4HsTVBqDUuxg5IC9ghqLdXJNCEzWHzwQtuKg0vLdHmM6iftfrVhsgY6rKtZbcXwxlJb3a7FMMdm', 'ResponseMetadata': {'RequestId': 'fb33b587-795d-11e9-a32-17af1b3e4c54', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': 'fb33587-75d-11e9-a3342-17af1b3e4c54', 'content-type': 'application/x-amz-json-1.1', 'content-length': '532'}, 'RetryAttempts': 0}}
Guel135
  • 750
  • 7
  • 26
  • That's the digest of the image + manifest. If you check your local docker host when you build the image, it has a different digest. I ended up just using the image digest and applying it as a tag to the image. – djsumdog May 18 '19 at 15:22