I just brought up a local registry to do some more testing for you, and here is a little more information to help. First, here is how I'm pushing an image without specifying a tag. Note that I've exported SREGISTRY_CLIENT=registry so it's not trying to interact with another endpoint):
$ sregistry push --name chicken/nugget /home/vanessa/Desktop/busybox.simg
[client|registry] [database|sqlite:////home/vanessa/.singularity/sregistry.db]
[1. Collection return status 200 OK]
[================================] 0/0 MB - 00:00:00
[Return status 200 Upload Complete]
I'll just show that chunk of stuff for the first time, I can now use the "search" command to see the containers in my registry. Note that since I didn't supply a tag, it pushed as "latest"
$ sregistry search
Collections
1 chicken/nugget:latest http://127.0.0.1/containers/1
Let's say I push again. Again, no tag. What happens?
$ sregistry push --name chicken/nugget /home/vanessa/Desktop/busybox.simg
$ sregistry search
1 chicken/nugget:latest http://127.0.0.1/containers/2
The subtle difference is that the URL for the container is different - instead of ending in 1, we have 2. This isn't really a meaningful identifier, but it does tell you that the container is different. It used to be the case that I would maintain all pushes of a container, but at some point (with Singularity Hub) I found that users were pushing infinitely, not noticing or realizing I was saving every version and there is no way that this is maintainable (since Singularity Hub has tight funding). So the default is that if you, as a user, push the same container again, you understand you are essentially replacing the previous one like that. Unless you freeze it. What do I mean by that? Let me show you. First, let's push a container with a different tag.
$ sregistry push --name chicken/nugget:ketchup /home/vanessa/Desktop/busybox.simg
$ sregistry search
Collections
1 chicken/nugget:ketchup http://127.0.0.1/containers/3
2 chicken/nugget:latest http://127.0.0.1/containers/2
Now we have the ketchup tag! Woohoo! And we can verify (if we have access to the web interface) that there are two containers in collection "chicken"
See the unlocked green button? Neither of these containers are frozen. We can overwrite them. Let's freeze one, shall we?
Oooh now it's blue! Let's try pushing ketchup again from the command line, now that it's frozen.
$ sregistry push --name chicken/nugget:ketchup /home/vanessa/Desktop/busybox.simg
[client|registry] [database|sqlite:////home/vanessa/.singularity/sregistry.db]
[1. Collection return status 200 OK]
[================================] 0/0 MB - 00:00:00
[Return status 200 chicken/nugget:ketchup@80897b282135094777f9157d9273572a already exists.]
This would be how to protect your images and prevent overwrite, if needed. If you want to provide a "latest" tag, then allow for an overwrite to latest. For a specific version? Push that container with some release-1.2 and freeze it.
Now what about the integrity of the files themselves? The list doesn't show it, but the version (hash of the file) is maintained in the database:
and accessible via the API:
and when you pull it, you can list your own images:
Yes, the hash is duplicated for two images because they are a push of the same file (with different name) because I'm lazy :)
and then inspect them for more information, this is what the singularity registry client provides in its local database:
So based on what I've shown you here, we have a very easy strategy for linking the recipes to an automated build with version control!
- add the recipes to Github
- link to Travis or Circle
- push to sregistry after build, testing, discussion, and for the push have the "tag" be the commit id (and any other additional tags that are meaningful like release, or latest).
Best,
Vanessa