Path-filtered builds can overwrite shared tags with partial manifest lists.
This happened in the dotnet-docker samples official pipeline. Issue: dotnet/dotnet-docker#7191
The latest samples run was manually queued with only the nanoserver sample Dockerfiles:
--path 'samples/dotnetapp/Dockerfile.nanoserver' --path 'samples/aspnetapp/Dockerfile.nanoserver'
Run: https://dev.azure.com/dnceng/internal/_build/results?buildId=2973445
That run succeeded, but Create Manifest Lists created shared tags from only the Windows platform tags.
Copy Images then imported those partial shared tags into the public repo. The public tags aspnetapp, aspnetapp-10.0, dotnetapp, dotnetapp-10.0, and latest now only contain Windows entries.
The previous samples run included all sample Dockerfiles and produced complete Linux + Windows manifest lists:
https://dev.azure.com/dnceng/internal/_build/results?buildId=2973256
This appears related to the ImageBuilder change from #2030 / f6e7c49, which moved manifest-list creation to Post_Build and creates manifest lists from the platforms present in the current build image-info. That is unsafe for official publishes when --path selects only part of an image's platform set.
Path-filtered builds can overwrite shared tags with partial manifest lists.
This happened in the dotnet-docker samples official pipeline. Issue: dotnet/dotnet-docker#7191
The latest samples run was manually queued with only the nanoserver sample Dockerfiles:
Run: https://dev.azure.com/dnceng/internal/_build/results?buildId=2973445
That run succeeded, but
Create Manifest Listscreated shared tags from only the Windows platform tags.Copy Imagesthen imported those partial shared tags into the public repo. The public tagsaspnetapp,aspnetapp-10.0,dotnetapp,dotnetapp-10.0, andlatestnow only contain Windows entries.The previous samples run included all sample Dockerfiles and produced complete Linux + Windows manifest lists:
https://dev.azure.com/dnceng/internal/_build/results?buildId=2973256
This appears related to the ImageBuilder change from #2030 /
f6e7c49, which moved manifest-list creation toPost_Buildand creates manifest lists from the platforms present in the current build image-info. That is unsafe for official publishes when--pathselects only part of an image's platform set.