check image size job in ci-templates project is broken
Proposal
We use a job called check image size to ensure that changes to analyzer images don't result in an image that exceeds a maximum value.
However, I've just noticed that the check image size job is broken, and will never fail, regardless of whether a new image far exceeds the maximum allowed value.
Details
The current_size being reported by the check image size job in the ci-templates project is now 0:
In both of the above cases, the current size of the image is 0:
total size of the compressed image layers, in bytes
$ echo $current_size
0I've confirmed this with the API on gemnasium:
$ curl --header "PRIVATE-TOKEN: <private-token>" \
"https://gitlab.com/api/v4/projects/9450192/registry/repositories/3054180/tags/55420927e4bd0abe32552fcdd82eeb6d229e2166" | jq .
{
"name": "55420927e4bd0abe32552fcdd82eeb6d229e2166",
"path": "gitlab-org/security-products/analyzers/gemnasium/tmp/main:55420927e4bd0abe32552fcdd82eeb6d229e2166",
"location": "registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium/tmp/main:55420927e4bd0abe32552fcdd82eeb6d229e2166",
"revision": "",
"short_revision": "",
"digest": "sha256:95ec5632ee0c37431b412719cb43892ea8807ef54cf3483678ac48a138980396",
"created_at": "2024-09-03T10:37:40.021+00:00",
"total_size": 0
}Notice the total_size is 0.
Also, the container registry for gemnasium shows 0 B for the size in the UI:
Because of this, the check image size job is effectively broken, and will never fail.
Proposal
The purpose of this issue is to investigate why the size is always reported as 0 and fix this.
Implementation Plan
It turns out that this issue is caused by Add OCI image annotations to docker images (gitlab-org/security-products/ci-templates!391 - merged) • Craig Andrews • 17.4 as explained here.
We need to revert Add OCI image annotations to docker images (gitlab-org/security-products/ci-templates!391 - merged) • Craig Andrews • 17.4 and then figure out how to accurately determine the image size for Docker OCI index images.