Skip to main content

Append a tarball to an image in a container registry

Project description

Append layer

PyPI version

This standalone utility appends a tarball to an existing image in a container registry – without having to pull down the image locally.

It supports any registry that implements the OCI Distribution Spec.

Why

The basic use-case for this utility is when you have a base image that is already available in a container registry, and you simply need to add one or more files, then push the result back to the same registry.

In this case, you can do no better in terms of network transfer than this utility. It does the minimum amount of work in order to get the job done.

With the Docker ADD command, you'd have to download the existing image and start up a build process in order to run the ADD command.

FROM apache/airflow:2.3.2
ADD your_tar_file.tar.gz /opt/airflow/dag

The resulting image would be exactly the same, but there is no special optimization in Docker that would avoid downloading the base image (although theoretically, it could be done but it would require bigger changes in the data model in order to support lazy referencing of layer data).

Incidentally, the script was designed exactly with Apache Airflow in mind.

Note that Buildkit will have support for this from v0.10 but it's not clear how this will be supported in a Dockerfile.

Installation

Install the tool using pip:

$ pip install appendlayer

This makes available "appendlayer" as a script in your environment.

Alternatively, download the appendlayer.py script and run it using Python directly:

$ python appendlayer.py

The script has no external dependencies, using only what's included already with Python.

Usage

Pipe in the layer contents using a tarball and provide the repository (or image) name and the old and new tags:

$ echo "Hello world" > test.txt
$ tar cvf - test.txt | appendlayer <host> <repository> <old-tag> <new-tag>

Alternatively, qualify source and destination using image syntax:

$ tar cvf - test.txt | appendlayer <host> <old-repository>:<old-tag> <new-repository>:<new-tag>

Or even across different hosts:

$ tar cvf - test.txt | appendlayer <old-host>/<old-repository>:<old-tag> <new-host>/<new-repository>:<new-tag>

For Azure Container Registry (ACR) for example, the host is typically <registry-name>.azurecr.io.

Authentication

The script uses OAuth2 to authorize requests to the container registry.

This is configured using either the ACCESS_TOKEN or REFRESH_TOKEN environment variable, or by extracting authentication details from the Docker configuration file (located based on the DOCKER_CONFIG environment variable).

For example, for Azure Container Registry, to authorize to a specific container registry.

$ export REFRESH_TOKEN=$( \
      az acr login -t --name <registry-name>.azurecr.io \
      --expose-token --output tsv --query accessToken)

To authorize across multiple registries, use an access token:

$ export ACCESS_TOKEN=$( \
       az account get-access-token --query accessToken --output tsv)

Changes

2.1 (2022-09-30)

  • Add support for username/password credentials in stored Docker credentials in addition to identity token.

2.0 (2022-09-30)

  • Add support for extracting refresh token from stored Docker credentials.

  • Fix bug where two different repositories would not correctly get authorized for the destination registry.

  • Added support for specifying different source and destination repositories. Missing blobs will be copied if necessary.

1.0 (2022-01-29)

  • Initial release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

appendlayer-2.1.tar.gz (6.5 kB view details)

Uploaded Source

File details

Details for the file appendlayer-2.1.tar.gz.

File metadata

  • Download URL: appendlayer-2.1.tar.gz
  • Upload date:
  • Size: 6.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.10.1 pkginfo/1.8.2 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.13

File hashes

Hashes for appendlayer-2.1.tar.gz
Algorithm Hash digest
SHA256 7153c682e23ea541ca63ff98a4d3307caf41b191d838de65efa27f2e11b22285
MD5 cd29091bec45529de4bf07eac50e14df
BLAKE2b-256 238c9bb350e68d56dcfd2750595dc3db8e12b1e3f85f952a21b536681cbf369e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page