Skip to content

ROX-33792: remove unnecessary image pulls when creating manifests#19596

Merged
janisz merged 1 commit intomasterfrom
fix-manifest-push-no-pull
Mar 25, 2026
Merged

ROX-33792: remove unnecessary image pulls when creating manifests#19596
janisz merged 1 commit intomasterfrom
fix-manifest-push-no-pull

Conversation

@janisz
Copy link
Copy Markdown
Contributor

@janisz janisz commented Mar 25, 2026
edited
Loading

Description

Docker manifest create can work with remote image references without pulling the actual image layers. This saves significant time and bandwidth in the manifest creation jobs.

The manifest only needs the image metadata, not the full image content, so pulling images before creating the manifest is wasteful.

Affects:

  • push_image_manifest_lists (main images)
  • push_operator_manifest_lists (operator)
  • push_scanner_image_manifest_lists (scanner v4)

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

CI

# docker manifest inspect quay.io/rhacs-eng/stackrox-operator:4.11.0-437-gc9c8fe4ecf
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 740,
         "digest": "sha256:6da8f6a54195552498169202df1ad54a9c0ff81b3a6f677712b68d64e76daffe",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 740,
         "digest": "sha256:d0cb02e692dac92d3614822c747759625d6c71868a0bf3381ee29ee3d06ec305",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      }
   ]
}

@janisz @claude
fix(ci): remove unnecessary image pulls when creating manifests
c9c8fe4 
Docker manifest create can work with remote image references without
pulling the actual image layers. This saves significant time and
bandwidth in the manifest creation jobs.

The manifest only needs the image metadata, not the full image content,
so pulling images before creating the manifest is wasteful.

Affects:
- push_image_manifest_lists (main images)
- push_operator_manifest_lists (operator)
- push_scanner_image_manifest_lists (scanner v4)

AI-assisted change.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Mar 25, 2026

Images are ready for the commit at c9c8fe4.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-437-gc9c8fe4ecf.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 25, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.28%. Comparing base (4f8098a) to head (c9c8fe4).
⚠️ Report is 8 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #19596   +/-   ##
=======================================
  Coverage   49.28%   49.28%           
=======================================
  Files        2735     2735           
  Lines      206215   206215           
=======================================
+ Hits       101633   101635    +2     
+ Misses      97041    97039    -2     
  Partials     7541     7541
Flag Coverage Δ
go-unit-tests 49.28% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@janisz janisz mentioned this pull request Mar 25, 2026
Open
@janisz janisz requested a review from davdhacs March 25, 2026 09:11
davdhacs
davdhacs approved these changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@davdhacs davdhacs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯
This should reduce the PR manifest time 60-90 seconds, and for the master ones possibly by 5 minutes? (stackrox/stackrox/actions/runs/23541622798/job/68533121683#step:10:961)
Image

@janisz janisz changed the title fix(ci): remove unnecessary image pulls when creating manifests ROX-33792: remove unnecessary image pulls when creating manifests Mar 25, 2026
@davdhacs davdhacs mentioned this pull request Mar 25, 2026
Closed
@davdhacs
Copy link
Copy Markdown
Contributor

davdhacs commented Mar 25, 2026

I'm testing the full set of jobs (simulating run on master) here: https://github.com/stackrox/stackrox/actions/runs/23549044837?pr=19605

@janisz janisz merged commit 9f416c1 into master Mar 25, 2026
103 checks passed
@janisz janisz deleted the fix-manifest-push-no-pull branch March 25, 2026 16:28
@davdhacs
Copy link
Copy Markdown
Contributor

davdhacs commented Mar 25, 2026

Thanks! The test on all 4 jobs showed the faster times (1-2 minutes versus 3-5 before this change):
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davdhacs davdhacs davdhacs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@janisz @rhacs-bot @davdhacs