Lazily load attestation data in imagetools inspect#1505
Merged
jedevc merged 2 commits intodocker:masterfrom Jan 24, 2023
Merged
Lazily load attestation data in imagetools inspect#1505jedevc merged 2 commits intodocker:masterfrom
imagetools inspect#1505jedevc merged 2 commits intodocker:masterfrom
Conversation
This refactor ensures that the attestations are not output in the JSON
output for "{{ json . }}", and additionally allows future refactors to
dynamically load the attestation contents, ensuring faster performance
when attestations are not used in the output.
Signed-off-by: Justin Chadwell <me@jedevc.com>
Delay loading the attestation data immediately, and only compute it upon request. We do this using a deferred function which allows to define the computation in the same place as before, but perform the computation later. With this patch, we ensure that the attestation data is only pulled from the remote if it is actually referenced in the format string - otherwise, we can skip it, for improved performance. Signed-off-by: Justin Chadwell <me@jedevc.com>
Member
I guess most of this logic will be moved to the go-imageinspect lib anyway right? |
Collaborator
Author
Maybe, I think it depends on what API surface we end up exposing - most likely, I think yes 😄 |
tonistiigi
approved these changes
Jan 24, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
⬆️ Follow-up to #1498
This PR improves performance for the standard case of doing a simple
imagetools inspectcommand. In v0.10.0 we see a performance regression when inspecting images that have attached attestations using simple format strings like{{ json . }}. We can resolve this performance issue by lazily loading attestation data, only when requested to by the format template.This is split into two patches:
.SBOMand.Provenanceattributes into methods instead of properties on the struct. These can be accessed identically to the previous attributes for all valid format inputs (though we get a slightly different error message in some cases, if we attempt to pass arguments to these methods, but these are invalid inputs anyways).Because this data is now loaded lazily, it no longer makes sense to include it in the output of commands such as
{{ json . }}, so no field forSBOMorProvenanceis included for those.I think we can cherry-pick this to the v0.10 branch, and release it in v0.10.1? Users who were relying on the SBOM and Provenance data appearing in the output of
{{ json . }}and similar would be affected, but this is a relatively minor change.Note: we could simplify some of this code with a
Deferredtype in the future, which would encapsulate some of the logic for computing a function and caching the result, however, we'd want to use generics for that, which would require a bump to buildx 1.18 - which we shouldn't do a minor release.