docker-push post processor tries to push using invalid repo string (uses sha256:string from repositories.json)

[russmac]

FOR BUGS:

Packer fails to push using sha256 of repository, Matched sha to /var/lib/docker/image/aufs/repositories.json with correct details.

This completely breaks the docker post-processor to push to ECR

According to official docker docs , Usage: docker push [OPTIONS] NAME[:TAG] however

2016/03/02 16:37:02 ui: docker (docker-push): Pushing: sha256:2e18ee540e6941f218f27d8a38ae5b60bb9aaef3953ef23aa0d4cfa30ac82b35
2016/03/02 16:37:02 packer: 2016/03/02 16:37:02 Executing: /usr/bin/docker [push sha256:2e18ee540e6941f218f27d8a38ae5b60bb9aaef3953ef23aa0d4cfa30ac82b35]

the sha256 shown matches the sha256 in repositories.json next to the actual repository string which would work if used.

Source responsible
https://github.com/mitchellh/packer/blob/master/post-processor/docker-push/post-processor.go#L86-L102

name := artifact.Id()

if i := strings.Index(name, "/"); i >= 0 {
    // This should always be true because the / is required. But we have
    // to get the index to this so we don't accidentally strip off the port
    if j := strings.Index(name[i:], ":"); j >= 0 {
        name = name[:i+j]
    }
}

ui.Message("Pushing: " + name)
if err := driver.Push(name); err != nil {
    return nil, false, err
}

return nil, false, nil

}

Attempting decoupled from packer, same error.
[root@graphene packer_ansible]# docker push sha256:82b1e1e0e34c1aa59fe90287812a0867b184c1287313ea04c4dd80971e57e9fe
The push refers to a repository [docker.io/library/sha256]
Repository does not exist: sha256

• Packer Version
  v0.9
• Host platform
  Debian v8.3
• Debug log output from PACKER_LOG=1 packer build template.json.
  https://gist.github.com/russmac/83a99af39ad2474c2f57
• The simplest example template and scripts needed to reproduce the bug.
  https://gist.github.com/russmac/5beb8fec9b101c005671

[russmac]

Same issue with Packer 0.8.6

[cbednarski]

Thanks for opening an issue. You are missing a pair of square braces in your post-processor section (you need a list of lists).

What this means that is that each post-processor is running directly against the output of the builder, rather than docker-push running against the result of docker-tag, and that is why you see docker-push trying to push the SHA.

If you look at the examples on the docker page you'll notice they have nested lists. (An extra set of [ ].)

This is not an intuitive failure mode. I see this issue come up fairly regularly and I thought this was a bug myself when I first encountered it.

The reason it works this way is because it allows us to use the result of a build more than once. So for example if you want to make a Vagrant .box and a .tar file at the same time or tag a docker build as v1.2.3 and staging or push to ECS and DockerHub at the same time you can do that without having to run the build twice.

[russmac]

Thankyou for explaining :).