Tag images
Entrypoint used for copying an image to a destination/multiple destinations. If specified, copying operation may be performed on a remote machine via SSH.
CLI reference
usage: pubtools-quay-tag-image [-h] --source-ref SOURCE_REF --dest-ref
DEST_REF [--all-arch] [--quay-user QUAY_USER]
[--quay-password QUAY_PASSWORD]
[--source-quay-host SOURCE_QUAY_HOST]
[--source-quay-user SOURCE_QUAY_USER]
[--source-quay-password SOURCE_QUAY_PASSWORD]
[--remote-exec]
[--ssh-remote-host SSH_REMOTE_HOST]
[--ssh-remote-host-port SSH_REMOTE_HOST_PORT]
[--ssh-reject-unknown-host]
[--ssh-username SSH_USERNAME]
[--ssh-password SSH_PASSWORD]
[--ssh-key-filename SSH_KEY_FILENAME]
[--container-exec]
[--container-image CONTAINER_IMAGE]
[--docker-url DOCKER_URL]
[--docker-timeout DOCKER_TIMEOUT]
[--docker-verify-tls]
[--docker-cert-path DOCKER_CERT_PATH]
[--registry-username REGISTRY_USERNAME]
[--registry-password REGISTRY_PASSWORD]
Named Arguments
- --source-ref
Source image reference.
- --dest-ref
Destination image reference. Multiple can be specified.
- --all-arch
Flag of whether to copy all architectures of an image (if multiatch image)
- --quay-user
Username for Quay login.
- --quay-password
Password for Quay. Can be specified by env variable QUAY_PASSWORD.
- --source-quay-host
Host of source_ref.
- --source-quay-user
Username for source_ref registry login.
- --source-quay-password
Password for source_ref registry. Can be specified by env variable SOURCE_QUAY_PASSWORD.
- --remote-exec
Flag of whether the commands should be executed on a remote server.
- --ssh-remote-host
Hostname for remote execution.
- --ssh-remote-host-port
Port of the remote host
- --ssh-reject-unknown-host
Flag of whether to reject an SSH host when it’s not found among known hosts.
- --ssh-username
Username for SSH connection. Defaults to local username.
- --ssh-password
Password for SSH. Will only be used if key-based validation is not available. Can be specified by env variable SSH_PASSWORD
- --ssh-key-filename
Path to the private key file for SSH authentication.
- --container-exec
Whether to execute the commands in a Docker container.
- --container-image
Path to the container image in which to execute the commands. Must be downloadable without extra permissions.
- --docker-url
URL of the docker client that should run the container. Local socket by default.
Default: “unix://var/run/docker.sock”
- --docker-timeout
Timeout for executing Docker commands. Disabled by default.
- --docker-verify-tls
Whether to perform TLS verification with the Docker client. Disabled by default.
- --docker-cert-path
Path to Docker certificates for TLS authentication. ‘~/.docker’ by default.
- --registry-username
Username to login to registry containing the specified image. If not provided, login will be assumed to not be needed.
- --registry-password
Password to login to registry containing the specified image. If not provided, login will be assumed to not be needed. Can be specified by env variable REGISTRY_PASSWORD.
API reference
- pubtools._quay.tag_images.tag_images(source_ref: str, dest_refs: List[str], all_arch: bool = False, quay_user: Optional[str] = None, quay_password: Optional[str] = None, source_quay_host: Optional[str] = None, source_quay_user: Optional[str] = None, source_quay_password: Optional[str] = None, remote_exec: bool = False, ssh_remote_host: Optional[str] = None, ssh_remote_host_port: Optional[str] = None, ssh_reject_unknown_host: bool = False, ssh_username: Optional[str] = None, ssh_password: Optional[str] = None, ssh_key_filename: Optional[str] = None, container_exec: bool = False, container_image: Optional[str] = None, docker_url: str = 'unix://var/run/docker.sock', docker_timeout: Optional[int] = None, docker_verify_tls: bool = False, docker_cert_path: Optional[str] = None, registry_username: Optional[str] = None, registry_password: Optional[str] = None) None[source]
Tag images in Quay.
- Args:
- source_ref (str):
Source image reference.
- dest_refs ([str]):
List of destination image references.
- all_arch (bool):
Whether to copy all architectures.
- quay_user (str):
Quay username for Docker HTTP API.
- quay_password (str):
Quay password for Docker HTTP API.
- source_quay_host (str):
Host of source ref.
- source_quay_user (str):
Quay username for Docker HTTP API for the source ref.
- source_quay_password (str):
Quay password for Docker HTTP API for the source ref.
- remote_exec (bool):
Whether to execute the command remotely. Takes precedence over container_exec.
- ssh_remote_host (str):
Hostname for remote execution.
- ssh_remote_host_port (str):
Port of the remote host.
- ssh_reject_unknown_host (bool):
whether to reject an SSH host when it’s not found among known hosts.
- ssh_username (str):
Username for SSH connection. Defaults to local username.
- ssh_password (str):
Password for SSH. Will only be used if key-based validation is not available.
- ssh_key_filename (str):
Path to the private key file for SSH authentication.
- container_exec (bool):
Whether to execute the commands in a Docker container.
- container_image (str):
Path to the container image in which to execute the commands. Must be downloadable without extra permissions.
- docker_url (str):
URL of the docker client that should run the container. Local socket by default.
- docker_timeout (int):
Timeout for executing Docker commands. Disabled by default.
- docker_verify_tls (bool):
Whether to perform TLS verification with the Docker client. Disabled by default.
- docker_cert_path (str):
Path to Docker certificates for TLS authentication. ‘~/.docker’ by default.
- registry_username (str):
Username to login to registry containing the specified image. If not provided, login will be assumed to not be needed.
- registry_password (str):
Password to login to registry containing the specified image. If not provided, login will be assumed to not be needed.
Examples
Locally copy an image from source to destination. Quay password is injected from the environment variable.
$ export QUAY_PASSWORD=token
$ pubtools-quay-tag-image \
--source-ref quay.io/source/image:34 \
--dest-ref quay.io/target/image:34 \
--quay-user quay+username \
Locally copy an image from source to destination. Use extra login and password for source ref
$ export QUAY_PASSWORD=token
$ export SOURCE_QUAY_PASSWORD=token2
$ pubtools-quay-tag-image \
--source-ref quay.io/source/image:34 \
--dest-ref quay.io/target/image:34 \
--source-quay-user source-quay+username \
--quay-user quay+username \
Connect to a remote host via ssh (using password) and perform the copying to multiple destinations.
$ export QUAY_PASSWORD=token
$ export SSH_PASSWORD=123456
$ pubtools-quay-tag-image \
--source-ref quay.io/source/image:34 \
--dest-ref quay.io/target/image:34 \
--dest-ref quay.io/target/image2:34 \
--quay-user quay+username \
--remote-exec \
--ssh-remote-host 127.0.0.1 \
--ssh-remote-host-port 2222 \
--ssh-username user
Connect to a remote host via ssh (using private key), perform the copying
$ export QUAY_PASSWORD=token
$ export SSH_PASSWORD=123456
$ pubtools-quay-tag-image \
--source-ref quay.io/source/image:34 \
--dest-ref quay.io/target/image:34 \
--quay-user quay+username \
--remote-exec \
--ssh-remote-host 127.0.0.1 \
--ssh-remote-host-port 2222 \
--ssh-username user \
--ssh-key-filename /path/to/file.key \
Copy to multiple destination inside a specified container.
$ export QUAY_PASSWORD=token
$ export SSH_PASSWORD=123456
$ pubtools-quay-tag-image \
--source-ref quay.io/source/image:34 \
--dest-ref quay.io/target/image:34 \
--dest-ref quay.io/target/image2:34 \
--quay-user quay+username \
--container-exec \
--container-image quay.io/namespace/image:1 \
--docker-url https://some-url.com \
--docker-timeout 120 \
--docker-verify-tls \
--docker-cert-path /some/path