#Publish a test image to a registry service

I'm having some difficulties writing what I'd hoped to be a simple test module. I'm trying to stage an ephemeral Docker registry, so that I can build a container and push it to that registry. Ultimately, so I can then test my Cosign module against it.

This part of the test module:

reg, err := dag.Container().
  From("registry:2.8.3").
  WithExposedPort(5000).
  AsService().
  Start(ctx)
if err != nil {
  return fmt.Errorf("failed to start registry: %w", err)
}

 testRef, err := dag.Container().From("alpine:latest").
   WithServiceBinding("registry", reg).
   Publish(ctx, "registry:5000/test")
if err != nil {
  return fmt.Errorf("failed to publish image: %w", err)
}

Creates this output:

✘ Tests.all: Void 2.4s
! call function "All": process "/runtime" did not complete successfully: exit code: 2
┃ invoke: failed to publish image: input: container.from.withServiceBinding.publish resolve: failed to export: failed to push registry:5000/test: failed to do request: Head "https://registry:5
┃ 0/v2/test/blobs/sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f": dial tcp: lookup registry on 10.87.0.1:53: no such host                                             
┃                                                                                                                                                                                               
  ✔ Service.start: ServiceID! 0.2s
    ✔ start /entrypoint.sh /etc/docker/registry/config.yml 0.7s
    ┃ d36db80e3 service=registry version=2.8.3                                                                                                                                                  
--snip--
                                                                  
    ┃ 17:28:27 INF port is healthy endpoint=10.87.0.19:5000                                                                                                                                   
  ✔ Container.from(address: "alpine:latest"): Container! 0.1s
  ✘ Container.publish(address: "registry:5000/test"): String! 0.0s
  ! failed to export: failed to push registry:5000/test: failed to do request: Head "https://registry:5000/v2/test/blobs/sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f": dial tcp: lookup registry on 10.87.0.1:53: no such host
    ✘ remotes.docker.resolver.HTTPRequest 0.0s
    ! dial tcp: lookup registry on 10.87.0.1:53: no such host
      ✘ HTTP HEAD 0.0s
      ! dial tcp: lookup registry on 10.87.0.1:53: no such host
    ✘ remotes.docker.resolver.HTTPRequest 0.0s
    ! dial tcp: lookup registry on 10.87.0.1:53: no such host
      ✘ HTTP HEAD 0.0s
      ! dial tcp: lookup registry on 10.87.0.1:53: no such host

Error: response from query: input: tests.all resolve: call function "All": process "/runtime" did not complete successfully: exit code: 2

Stdout:
invoke: failed to publish image: input: container.from.withServiceBinding.publish resolve: failed to export: failed to push registry:5000/test: failed to do request: Head "https://registry:5000/v2/test/blobs/sha256:d25f557d7f31bf7acfac935859b5153da41d13c41f2b468d16f729a5b883634f": dial tcp: lookup registry on 10.87.0.1:53: no such host

I feel like I'm missing something very simple. Any ideas?

@pulsar otter do you wanna debug this together a bit now?

oh I think I see the issue

Start(ctx) -- that is not necessary when you are passing a Service into WithServiceBinding

Can you try to remove that line? -- but also happy to pair 😄

I get the same issue with that change. Sure. Just ditching my next call 🙂

meet me here https://dagger-io.zoom.us/j/89033779425?pwd=RYfJy8K5xJLCqgVXlEaTUyZVW1ThDo.1

Hey @pulsar otter I think this isn’t possible 😦

It’s the reason you mentioned, because publish is being called from the host runtime. I’m gonna play with a few more things but this may need to become a GH issue

Are you testing publishing or trying to do something else, if it’s just testing then perhaps using ttl.sh may be a workaround for this for now

cc @limber leaf I vaguely remember we discussed this while bikeshedding service API. http() has this (an equivalent to service binding) but Container.publish() doesn't, do you remember why?

at the time it was difficult because those bits were deep in buildkit, but it's probably somewhat easy to do now; we'd want it for both container.from (so customizing the LLB image source type) and container.publish (customizing the exporting logic)

Thanks for the time and consideration. I'm happy to help test 🙂

@pulsar otter even if we get the Publish service dependency fixed, this particular use-case would require some other changes in Dagger since it's not currently possible push to non https registries. IDK if the buildkit exporter API allows overriding that which currently, AFAIK, can only be changed via config file or flag arguments.

Having said that, here's a stopgap to achieve this with the current Dagger version by leveraging skopeo and the AsTarball method in the Container type to push the image to the local registry:

func (m *Lala) Test(ctx context.Context) (*Container, error) {
    reg := dag.Container().
        From("registry:2.8.3").
        WithExposedPort(5000).
        AsService()

    _, err := dag.Container().From("quay.io/skopeo/stable").
        WithServiceBinding("registry", reg).
        WithMountedFile("image.tar", dag.Container().From("alpine:latest").AsTarball()).
        WithExec([]string{"copy", "--dest-tls-verify=false", "docker-archive:image.tar", "docker://registry:5000/alpine:latest"}).
        Sync(ctx)
    if err != nil {
        return nil, err
    }

    return dag.Container().From("quay.io/skopeo/stable").
        WithServiceBinding("registry", reg).
        WithExec([]string{"inspect", "--tls-verify=false", "docker://registry:5000/alpine:latest"}), nil
}

you can then call cosign in a new container with the same registry service and that will work