From 86f24789ade982fce95897c18f5b82d102c0ecea Mon Sep 17 00:00:00 2001 From: Codex Date: Fri, 29 May 2026 12:59:10 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BD=BF=E7=94=A8=20schema2=20digest=20?= =?UTF-8?q?=E5=8F=91=E5=B8=83=20v0.1=20=E9=95=9C=E5=83=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy/templates/tekton/pipeline.yaml | 3 ++- docs/reference/spec-v01-cicd.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/templates/tekton/pipeline.yaml b/deploy/templates/tekton/pipeline.yaml index 88c587c..6b84ffd 100644 --- a/deploy/templates/tekton/pipeline.yaml +++ b/deploy/templates/tekton/pipeline.yaml @@ -174,8 +174,9 @@ spec: --opt build-arg:HTTPS_PROXY=http://127.0.0.1:10808 \ --opt build-arg:NO_PROXY=hyueapi.com,.hyueapi.com,127.0.0.1,localhost,::1,10.42.0.0/16,10.43.0.0/16,.svc,.cluster.local \ --output type=image,name="$image",push=true,registry.insecure=true - digest="$(curl -fsSI "http://127.0.0.1:5000/v2/agentrun/agentrun-mgr/manifests/$(params.revision)" | awk -F': ' 'tolower($1)=="docker-content-digest" {gsub(/\r/,"",$2); print $2; exit}')" + digest="$(curl -fsSI -H "Accept: application/vnd.docker.distribution.manifest.v2+json" "http://127.0.0.1:5000/v2/agentrun/agentrun-mgr/manifests/$(params.revision)" | awk -F': ' 'tolower($1)=="docker-content-digest" {gsub(/\r/,"",$2); print $2; exit}')" test -n "$digest" + curl -fsSI -H "Accept: application/vnd.docker.distribution.manifest.v2+json" "http://127.0.0.1:5000/v2/agentrun/agentrun-mgr/manifests/$digest" >/dev/null printf '%s' "$image" > /tekton/results/image printf '%s' "$digest" > /tekton/results/digest printf '%s' "$(params.registry-prefix)/agentrun-mgr@$digest" > /tekton/results/repository-digest diff --git a/docs/reference/spec-v01-cicd.md b/docs/reference/spec-v01-cicd.md index fea3377..d2759e9 100644 --- a/docs/reference/spec-v01-cicd.md +++ b/docs/reference/spec-v01-cicd.md @@ -118,7 +118,7 @@ Tekton promotion 可以读取 `deploy/deploy.json` 来 render runtime desired st ## Artifact 与镜像身份 - `v0.1` 镜像 tag 使用完整 40 位 source commitId。 -- Runtime manifest 必须使用 digest pin 作为部署身份。 +- Runtime manifest 必须使用 digest pin 作为部署身份;G14 本地 registry 对同一 tag 的默认 HEAD 可能返回 Docker schema1 compatibility digest,Tekton 必须用 `Accept: application/vnd.docker.distribution.manifest.v2+json` 采集 containerd 可直接拉取的 schema2 manifest digest,并在写入 catalog 前按 digest HEAD 验证。 - Catalog 必须记录 lane、source branch、GitOps branch、source commitId、serviceId、image tag、digest、component identity 和 publish/reuse 状态。 - 同一 source commit 对同一 service 应生成同一镜像;lane 差异放在 manifest、env、SecretRef、namespace、RBAC 和 runtime config 中,不 bake 进镜像。 - `deploy/deploy.json` 只承载人写 runtime intent,不承载 digest、publish state 或 reuse evidence。