Merge pull request #4449 from ChengyuZhu6/manifest-push

AkihiroSuda · web-flow · commit ca6ced01e928 · 2025-08-18T10:36:34.000+08:00
manifest: support nerdctl manifest push command
diff --git a/cmd/nerdctl/manifest/manifest.go b/cmd/nerdctl/manifest/manifest.go
@@ -37,6 +37,7 @@ func Command() *cobra.Command {
 		CreateCommand(),
 		AnnotateCommand(),
 		RemoveCommand(),
+		PushCommand(),
 	)
 
 	return cmd
diff --git a/cmd/nerdctl/manifest/manifest_push.go b/cmd/nerdctl/manifest/manifest_push.go
@@ -0,0 +1,80 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package manifest
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/containerd/nerdctl/v2/cmd/nerdctl/completion"
+	"github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
+	"github.com/containerd/nerdctl/v2/pkg/api/types"
+	"github.com/containerd/nerdctl/v2/pkg/cmd/manifest"
+)
+
+func PushCommand() *cobra.Command {
+	var cmd = &cobra.Command{
+		Use:               "push [OPTIONS] INDEX/MANIFESTLIST",
+		Short:             "Push a manifest list to a registry",
+		Args:              cobra.ExactArgs(1),
+		RunE:              pushAction,
+		ValidArgsFunction: pushShellComplete,
+		SilenceUsage:      true,
+		SilenceErrors:     true,
+	}
+	cmd.Flags().Bool("insecure", false, "Allow communication with an insecure registry")
+	cmd.Flags().Bool("purge", false, "Remove the manifest list after pushing")
+	return cmd
+}
+
+func processPushFlags(cmd *cobra.Command) (types.ManifestPushOptions, error) {
+	globalOptions, err := helpers.ProcessRootCmdFlags(cmd)
+	if err != nil {
+		return types.ManifestPushOptions{}, err
+	}
+
+	insecure, err := cmd.Flags().GetBool("insecure")
+	if err != nil {
+		return types.ManifestPushOptions{}, err
+	}
+	purge, err := cmd.Flags().GetBool("purge")
+	if err != nil {
+		return types.ManifestPushOptions{}, err
+	}
+
+	return types.ManifestPushOptions{
+		Stdout:   cmd.OutOrStdout(),
+		GOptions: globalOptions,
+		Insecure: insecure,
+		Purge:    purge,
+	}, nil
+}
+
+func pushAction(cmd *cobra.Command, args []string) error {
+	pushOptions, err := processPushFlags(cmd)
+	if err != nil {
+		return err
+	}
+	err = manifest.Push(cmd.Context(), args[0], pushOptions)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func pushShellComplete(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return completion.ImageNames(cmd)
+}
diff --git a/cmd/nerdctl/manifest/manifest_push_linux_test.go b/cmd/nerdctl/manifest/manifest_push_linux_test.go
@@ -0,0 +1,124 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package manifest
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/containerd/nerdctl/mod/tigron/expect"
+	"github.com/containerd/nerdctl/mod/tigron/require"
+	"github.com/containerd/nerdctl/mod/tigron/test"
+
+	"github.com/containerd/nerdctl/v2/pkg/testutil"
+	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
+	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/registry"
+)
+
+func TestManifestPushErrors(t *testing.T) {
+	testCase := nerdtest.Setup()
+	invalidName := "invalid/name/with/special@chars"
+	testCase.SubTests = []*test.Case{
+		{
+			Description: "require-one-argument",
+			Command:     test.Command("manifest", "push", "arg1", "arg2"),
+			Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+				return &test.Expected{
+					ExitCode: 1,
+				}
+			},
+		},
+		{
+			Description: "invalid-list-name",
+			Command:     test.Command("manifest", "push", invalidName),
+			Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+				return &test.Expected{
+					ExitCode: 1,
+					Errors:   []error{errors.New(data.Labels().Get("error"))},
+				}
+			},
+			Data: test.WithLabels(map[string]string{
+				"error": "invalid reference format",
+			}),
+		},
+	}
+
+	testCase.Run(t)
+}
+
+func TestManifestPush(t *testing.T) {
+	nerdtest.Setup()
+
+	var registryTokenAuthHTTPSRandom *registry.Server
+	var tokenServer *registry.TokenAuthServer
+
+	manifestRef := testutil.GetTestImageWithoutTag("alpine") + "@" + testutil.GetTestImageManifestDigest("alpine", "linux/amd64")
+	expectedDigest := "sha256:5317ce2da263afa23570c692d62c1b01381285b2198b3ea9739ce64bec22aff2"
+
+	testCase := &test.Case{
+		Require: require.All(
+			require.Linux,
+			nerdtest.Registry,
+		),
+		Setup: func(data test.Data, helpers test.Helpers) {
+			registryTokenAuthHTTPSRandom, tokenServer = nerdtest.RegistryWithTokenAuth(data, helpers, "admin", "badmin", 0, true)
+			tokenServer.Setup(data, helpers)
+			registryTokenAuthHTTPSRandom.Setup(data, helpers)
+		},
+		Cleanup: func(data test.Data, helpers test.Helpers) {
+			if registryTokenAuthHTTPSRandom != nil {
+				registryTokenAuthHTTPSRandom.Cleanup(data, helpers)
+			}
+			if tokenServer != nil {
+				tokenServer.Cleanup(data, helpers)
+			}
+		},
+		SubTests: []*test.Case{
+			{
+				Description: "push-to-registry",
+				Require:     require.Not(nerdtest.Docker),
+				Setup: func(data test.Data, helpers test.Helpers) {
+					targetRef := fmt.Sprintf("%s:%d/%s",
+						registryTokenAuthHTTPSRandom.IP.String(), registryTokenAuthHTTPSRandom.Port, "test-list-push:v1")
+					helpers.Ensure("pull", manifestRef)
+					helpers.Ensure("tag", manifestRef, targetRef)
+					helpers.Ensure("--hosts-dir", registryTokenAuthHTTPSRandom.HostsDir, "login", "-u", "admin", "-p", "badmin",
+						fmt.Sprintf("%s:%d", registryTokenAuthHTTPSRandom.IP.String(), registryTokenAuthHTTPSRandom.Port))
+					helpers.Ensure("push", "--hosts-dir", registryTokenAuthHTTPSRandom.HostsDir, targetRef)
+					helpers.Ensure("rmi", targetRef)
+					helpers.Ensure("manifest", "create", "--insecure", targetRef+"-success", targetRef)
+				},
+				Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+					targetRef := fmt.Sprintf("%s:%d/%s",
+						registryTokenAuthHTTPSRandom.IP.String(), registryTokenAuthHTTPSRandom.Port, "test-list-push:v1")
+					return helpers.Command("manifest", "push", "--insecure", targetRef+"-success")
+				},
+				Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+					return &test.Expected{
+						ExitCode: 0,
+						Output:   expect.Contains(data.Labels().Get("output")),
+					}
+				},
+				Data: test.WithLabels(map[string]string{
+					"output": expectedDigest,
+				}),
+			},
+		},
+	}
+	testCase.Run(t)
+}
diff --git a/docs/command-reference.md b/docs/command-reference.md
@@ -56,6 +56,7 @@ It does not necessarily mean that the corresponding features are missing in cont
   - [:whale: nerdctl manifest annotate](#whale-nerdctl-manifest-annotate)
   - [:whale: nerdctl manifest create](#whale-nerdctl-manifest-create)
   - [:whale: nerdctl manifest inspect](#whale-nerdctl-manifest-inspect)
+  - [:whale: nerdctl manifest push](#whale-nerdctl-manifest-push)
   - [:whale: nerdctl manifest rm](#whale-nerdctl-manifest-rm)
 - [Registry](#registry)
   - [:whale: nerdctl login](#whale-nerdctl-login)
@@ -1108,6 +1109,24 @@ nerdctl manifest inspect alpine:3.22.1
 nerdctl manifest inspect alpine@sha256:eafc1edb577d2e9b458664a15f23ea1c370214193226069eb22921169fc7e43f
 ```
 
+### :whale: nerdctl manifest push
+
+Push a manifest list to a registry.
+
+Usage: `nerdctl manifest push [OPTIONS] INDEX/MANIFESTLIST`
+
+Flags:
+
+- `--insecure`: Allow communication with an insecure registry
+- `--purge`: Remove the manifest list after pushing
+
+Examples:
+
+```bash
+# Push a manifest list to a registry
+nerdctl manifest push myapp:latest
+```
+
 ### :whale: nerdctl manifest rm
 
 Remove one or more index/manifest lists.
diff --git a/pkg/api/types/manifest_types.go b/pkg/api/types/manifest_types.go
@@ -48,3 +48,13 @@ type ManifestInspectOptions struct {
 	// Allow communication with an insecure registry
 	Insecure bool
 }
+
+// ManifestPushOptions specifies options for `nerdctl manifest push`.
+type ManifestPushOptions struct {
+	Stdout   io.Writer
+	GOptions GlobalCommandOptions
+	// Allow communication with an insecure registry
+	Insecure bool
+	// Remove the manifest list after pushing
+	Purge bool
+}
diff --git a/pkg/cmd/manifest/push.go b/pkg/cmd/manifest/push.go
diff --git a/pkg/manifesttypes/manifesttypes.go b/pkg/manifesttypes/manifesttypes.go

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ func Command() *cobra.Command {`
`37`	`37`	`CreateCommand(),`
`38`	`38`	`AnnotateCommand(),`
`39`	`39`	`RemoveCommand(),`
	`40`	`+ PushCommand(),`
`40`	`41`	`)`
`41`	`42`
`42`	`43`	`return cmd`