Use new container registry API for the tags list UI
Context
So far, we're relying on the Docker/OCI Listing Image Tags registry API to list tags and display them in the GitLab:
- List registry repository tags API
-
Get details of a single repository API (when the
tags
and/ortags_count
parameter is set totrue
) - Get details of a registry repository tag API
- Tags list UI
Problems
Performance
Using this API is a performance problem because in most cases, it requires doing 1+3N
network requests against the registry, where N
is the number of tags on each GitLab UI/API tags list page:
- List tags (just their name) within the repository
- For each tag:
-
HEAD
tag to get the corresponding manifest digest -
GET
corresponding manifest payload -
GET
corresponding configuration payload (to infer the creation timestamp from it)
-
Accuracy
One of the most important pieces of information about tags in the GitLab UI/API is the published timestamp. However, in the current implementation, the timestamp shown is not actually the time at which an image tag was pushed/published but rather the image build-time timestamp. Why?
The Docker/OCI API did not provide any means to track tag publish timestamps, so the only possible workaround was to look at the image configuration payload assembled by the container runtime when building (not pushing!) the image and extract the creation timestamp from that. As result, the shown timestamp will not change when e.g. re-tagging an existing image.
Apart from the above, not all tools used to build container images will fill the creation timestamp in the configuration payload. As result, we can face situations where there is no timestamp to show on the UI, and this leads to #300380 (closed).
Solution
We have recently introduced a new registry list repository tags API. This was not possible to achieve before &5523 (closed).
Since then, we've been gradually replacing the use of the old Docker/OCI tags list API with this new API. The latest was for cleanup policies in &8379 (closed), which resulted in a major performance (and accuracy) improvement.
We can continue to do this work by using the new API when listing tags in the GitLab UI. Right now, this UI looks as follows:
We can replace the 1+3N
requests against the registry with a single one, and get an accurate publish timestamp AND major performance improvement for free. The only missing piece of information that is needed for the GitLab UI/API and that is not yet part of the registry API response is:
- Manifest digest
- Configuration digest
We should be able to add these to the response without much trouble.
Required Changes
-
Expand the registry list repository tags API so that it includes the manifest and configuration digest for each one of the listed tags golang backend
-
Update the Rails backend so that it uses the above when populating the response for the
ContainerRepositoryDetails
GraphQL query used by the frontend rails backend:- We must guarantee backward compatibility with self-managed, where this new registry API is not yet available. In those cases, we should continue to perform the current requests against the registry Docker/OCI API;
- The
CreatedAt
field in the response must be populated based on thecreated_at
andupdated_at
timestamps from the registry response, as discussed here;
No frontend changes should be required.