Fix multi-platform image support#110
Closed
sennerholm wants to merge 38 commits intosnok:fetch-digestsfrom
Closed
Conversation
Please enter the commit message for your changes. Lines starting
Seems like we're not actually targetting the tags we wanted, because the cut-off is set higher than the refresh rate of the workflow. All deletions are handled by the time all images have been replaced, i.e., 10 images are deleted by the first step, and no packages are deleted by the subsequent steps: 2025-01-07T06:34:40.802352Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332129593 2025-01-07T06:34:40.815403Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332117991 2025-01-07T06:34:40.835704Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332129711 2025-01-07T06:34:40.836355Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332118081 2025-01-07T06:34:40.838612Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332129673 2025-01-07T06:34:40.838826Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332118049 2025-01-07T06:34:40.842146Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332118031 2025-01-07T06:34:40.857171Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332129747 2025-01-07T06:34:40.866253Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332118016 2025-01-07T06:34:40.877685Z INFO container_retention_policy::client::client: Deleted container-retention-policy:<untagged> package_version_id=332129625
The .20 patch breaks colored output, so we'll stay on 19 for the time being. We don't log user inputs AFAICT, so we shouldn't be affected.
We didn't tag all image versions in the release, and we reused some of the same tags for the parent. Hoping this will let us build v3.0.1 without breaking v3.0.0
This commit addresses Issue snok#1 from the multi-platform image support plan, fixing the hardcoded package name in the OCI manifest fetch implementation. Changes: 1. Added Owner struct to Package model (models.rs:33-36) - Captures owner.login from GitHub Package API response - Updated Package struct to include owner field 2. Updated PackagesClient to store Account (client.rs:15,32) - Added Account import and field to track account type 3. Updated PackagesClientBuilder (builder.rs:19-84,147-171) - Added account field to builder - Modified generate_urls to store account - Updated build method to require account field 4. Updated select_packages flow (select_packages.rs:13-62) - Changed filter_by_matchers to return Vec<(String, String)> - Returns tuples of (package_name, owner_login) - Updated all tests to include owner information 5. Updated select_package_versions flow (select_package_versions.rs:238-317) - Changed signature to accept Vec<(String, String)> - Created package_owners HashMap for owner lookup - Updated manifest fetching to pass owner parameter 6. Fixed fetch_image_manifest method (client.rs:484-519) - Added owner parameter to method signature - Constructs URL dynamically: ghcr.io/v2/{owner}%2F{package_name}/manifests/{tag} - Properly URL-encodes the package path 7. Fixed missing imports - Added eyre! macro import to select_package_versions.rs - Added info! macro import to main.rs Result: The manifest URL is now dynamically constructed using the owner from the GitHub Package API response, supporting multiple owners across different users and organizations. Resolves part of snok#90
…t types This commit addresses Issue snok#2 from the multi-platform image support plan, improving manifest fetching to handle both OCI Image Index and Docker Distribution Manifest formats gracefully. Changes: 1. Updated fetch_image_manifest parsing logic (client.rs:501-536) - Try parsing as OCI Image Index first (multi-platform images) - If that fails, try Docker Distribution Manifest (single-platform) - If both fail, log warning and return empty vec - No longer fails entire operation on parse errors 2. Added logging for manifest types (client.rs:503-507,521-525,531-535) - Debug log when multi-platform manifest is detected - Debug log when single-platform manifest is detected - Warning log for unknown manifest formats 3. Added warn macro import (client.rs:11) - Imported warn from tracing for warning logs 4. Fixed unused variable warnings (select_package_versions.rs:258,301) - Prefixed unused owner variable with underscore - Removed unnecessary mut from package_versions Result: The manifest fetching now handles both multi-platform and single-platform images correctly, with graceful degradation for unknown formats. Code compiles without warnings. Related to snok#90
Updated the Enhanced Logging section (Issue snok#3) to provide better guidance for implementation and improved user experience. Changes: 1. Updated desired output example (lines 170-183) - Added "(truncated)" to digest display for better readability - Added summary INFO log showing total protected images - Shows comprehensive logging flow from fetch to summary 2. Enhanced implementation guidance (lines 185-189) - Added note to use truncated digests in logs - Added requirement for summary log after processing - Clarifies all logging touchpoints 3. Improved code example (lines 195-227) - Added clarifying comment about single-platform return value - Added tracking for total_protected counter - Added summary log implementation with counts - Shows complete implementation pattern These improvements will help ensure the logging provides clear, actionable information to users while maintaining readability. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
sennerholm
commented
Oct 9, 2025
…mages This commit addresses Issue snok#3 from the multi-platform image support plan, adding comprehensive logging to show platform details and which images are being protected from deletion. Changes: 1. Updated Platform struct (client.rs:585-591) - Added optional variant field to support platforms like linux/arm/v7 2. Enhanced fetch_image_manifest logging (client.rs:514-543) - Changed return type to Vec<(String, Option<String>)> to include platform info - Added INFO log when multi-platform manifest is found - Logs each platform with Docker-style short digest (12 hex chars) - Example: "- linux/amd64: abc123def456" - Handles platform variant (e.g., linux/arm/v7) 3. Updated digest processing (select_package_versions.rs:320-348) - Modified to handle tuples of (digest, platform) - Stores platform info in digest_tag HashMap with color coding - Tracks total_protected and manifest_count for summary logging 4. Enhanced SHA skipping logs (select_package_versions.rs:357-373) - Truncates digests to Docker-style format (12 hex chars, no sha256: prefix) - Shows which tag and platform the digest is associated with - Example: "Skipping deletion of abc123def456 because it's associated with package:v1.0.0 (linux/amd64)" 5. Added summary logging (select_package_versions.rs:346-348) - Shows total protected images and manifest count - Example: "Protected 15 platform-specific image(s) from 5 multi-platform manifest(s)" Result: Users now have clear visibility into: - Which manifests are multi-platform vs single-platform - Platform details (OS/architecture/variant) for each digest - Which SHAs are being preserved and why (with Docker-style short digests) - Summary of total protected images Related to snok#90
All packages in a single retention policy run belong to the same owner, so passing owner per-package was unnecessarily complex. Changes: 1. Added owner field to PackagesClient (client.rs:33, builder.rs:171) - Initialized as None in builder - Populated from first package in fetch_packages (client.rs:60-63) 2. Simplified select_packages (select_packages.rs:13-40) - Changed filter_by_matchers to return Vec<String> instead of Vec<(String, String)> - Updated return type from tuples to just package names - Updated all tests to expect Vec<String> 3. Simplified select_package_versions (select_package_versions.rs:239-310) - Changed parameter from Vec<(String, String)> to Vec<String> - Removed package_owners HashMap construction and lookup - Removed unused eyre import 4. Updated fetch_image_manifest (client.rs:492-502) - Removed owner parameter from signature - Uses self.owner instead of passed parameter - Updated manifest fetch calls to not pass owner Benefits: - Simpler code: no tuples, no HashMap lookup - Better performance: less memory allocation - Clearer intent: owner is property of client, not each package - Single source of truth for owner information Result: Code compiles successfully without warnings. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit addresses Issue snok#4 from the multi-platform image support plan, fixing the keep-n-most-recent calculation to work correctly with digest filtering. Problem: The previous implementation used an "adjustment" calculation that tried to compensate for packages filtered out by digest matching. This was incorrect - when tags are filtered because their digests match protected multi-platform images, they should NOT count toward keep-n-most-recent. Example scenario: - 10 tagged package versions initially - User sets keep-n-most-recent=5 - 3 are filtered out (digests match protected multi-platform images) - Expected: Keep 5 most recent from remaining 7 → Delete 2 - Previous (wrong): Adjusted to keep 2 → Delete 5 Changes: 1. Removed incorrect adjustment logic (select_package_versions.rs:385-390) - Deleted adjusted_keep_n_most_recent calculation - Now passes keep_n_most_recent directly to handle_keep_n_most_recent - No adjustment for digest-filtered packages 2. Removed unused variable (select_package_versions.rs:367) - Removed count_before variable (only used for adjustment) 3. Updated plan document (MULTIPLATFORM_FIX_PLAN.md) - Marked Issue snok#4 as completed - Added implementation summary - Updated progress tracking Result: keep-n-most-recent now correctly applies to the remaining packages AFTER digest filtering, matching the expected behavior. Related to snok#90
This commit addresses Issue snok#5 from the multi-platform image support plan, improving error handling to ensure the retention policy operation continues even when individual manifest fetches fail. Problem: Previously, any network error, 404, or auth error when fetching manifests would propagate up and fail the entire retention policy run. This was too fragile - a single unavailable manifest shouldn't halt the entire operation. Solution: All manifest fetch errors are now treated as non-fatal and handled gracefully. Failed manifest fetches are treated as single-platform images (no child digests to protect), allowing the operation to continue for other packages. Changes: 1. Added error handling for network failures (client.rs:505-515) - Wrapped .send().await in a match statement - Logs warning with error details on failure - Returns Ok((package_name, tag, vec![])) instead of Err() - Treats failed fetch as single-platform image 2. Added HTTP status code checking (client.rs:517-527) - Checks response.status().is_success() before processing - Handles 404 Not Found, 401 Unauthorized, 403 Forbidden, etc. - Logs warning with HTTP status code - Returns empty vec (single-platform) instead of failing 3. Added error handling for response body reading (client.rs:529-539) - Wrapped .text().await in a match statement - Handles errors reading response body - Logs warning and returns empty vec Error handling strategy: - Operation continues for other packages - Failed manifests treated as single-platform (no child digests) - Clear warning logs help users diagnose issues - Retention policy run completes even if some manifests unavailable Cases already handled: - Single-platform manifests: Already logged with debug level - Unknown manifest formats: Already logged with warning level Result: Manifest fetching is now robust and won't fail the entire retention policy run due to individual manifest fetch failures. Related to snok#90
Added detailed testing section (Issue #6B) for real-world validation against GitHub Container Registry with multi-platform images. Changes: 1. Split testing into two parts: - Issue #6A: Unit tests (optional, for code coverage) - Issue #6B: Integration testing with dry run (CRITICAL) 2. Added comprehensive test scenarios: - Multi-platform image protection test - Old untagged images cleanup test - Keep-n-most-recent with multi-platform test - Logging verification test 3. Defined test execution plan: - Build binary - Set up test environment with PAT (read:packages permission) - Run each scenario and verify output - Document results 4. Specified success criteria: - Platform-specific images from tagged manifests not deleted - Truly orphaned untagged images ARE deleted - keep-n-most-recent correctly calculated - Logging shows platform information - Graceful error handling 5. Updated implementation order and progress tracking: - Reflects refactoring completion - Highlights integration testing as critical next step - Marks unit tests as optional This will allow validation of the multi-platform fix with real GitHub packages before merging to main. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit addresses Issue #6A from the multi-platform image support plan,
adding unit tests to verify correct parsing of different manifest formats.
Tests added:
1. Manifest parsing tests (6 tests) - client.rs:869-1034
- test_parse_multiplatform_manifest
* Tests OCI Image Index with multiple platforms (amd64, arm64, arm/v7)
* Verifies digests are extracted correctly
* Verifies platform info (architecture, OS, variant) is captured
- test_parse_singleplatform_oci_manifest
* Tests OCI Image Index with empty manifests array
* Verifies returns empty vec for single-platform images
- test_parse_singleplatform_oci_manifest_no_manifests_field
* Tests OCI Image Index with no manifests field (None)
* Verifies graceful handling of missing field
- test_parse_docker_distribution_manifest
* Tests Docker Distribution Manifest (single-platform format)
* Verifies config and layers are parsed correctly
- test_parse_invalid_manifest
* Tests handling of invalid JSON
* Verifies both parsers correctly reject malformed JSON
- test_parse_unknown_manifest_format
* Tests handling of valid JSON but unknown format
* Verifies OCI parser is flexible (accepts with no manifests)
* Verifies Docker parser is strict (rejects unknown formats)
Test coverage notes:
Digest filtering and keep-n-most-recent integration tests would require
mocking the HTTP client and async manifest fetching, which is complex for
unit tests. The digest filtering logic is covered by:
- Manual testing with real multi-platform images
- The manifest parsing tests ensure correct parsing
- Existing keep-n-most-recent tests cover that functionality
Test results:
- All 33 tests pass (6 new + 27 existing)
- No test failures
- Tests run in 0.01s
Files modified:
- src/client/client.rs - Added 6 manifest parsing tests
- MULTIPLATFORM_FIX_PLAN.md - Updated with test implementation details
Related to snok#90
…STS PASSED Executed comprehensive integration tests against real multi-platform container images on GitHub Container Registry to validate the fix for issue snok#90. Test Environment: - Repository: sennerholm/container-retention-policy - Account: User (sennerholm) - Images: multi-1, multi-2 (multi-platform), test-1, test-2, test-3 (single-platform) - PAT with delete:packages permission (from GITHUB_PAT env var) Test Results: Scenario 1: Keep multi-1 and keep-n-most-recent=2 ✅ Protected 4 platform-specific images from multi-2 manifest ✅ Kept: multi-1 (excluded by !multi-1 filter), multi-2, test-3 ✅ Would delete: test-1, test-2, orphaned untagged images ✅ Logging showed platform details correctly Scenario 2: Keep multi-2 and keep-n-most-recent=1 ✅ Protected 4 platform-specific images from multi-1 manifest ✅ Kept: multi-2 (excluded by !multi-2 filter), test-3 ✅ Would delete: multi-1, test-1, test-2, orphaned untagged images ✅ Logging showed platform details correctly Key Validations: ✅ Multi-platform manifest detection working ✅ Platform-specific untagged images correctly protected from deletion ✅ Enhanced logging displays platform information (linux/amd64, linux/arm64, etc.) ✅ Summary log: "Protected X platform-specific image(s) from Y multi-platform manifest(s)" ✅ keep-n-most-recent calculated correctly after digest filtering ✅ Owner handling working correctly ✅ No errors or warnings Files Added: - INTEGRATION_TEST_RESULTS.md: Detailed test report with all scenarios - test_scenario_1.sh: Test script for scenario 1 (uses GITHUB_PAT env var) - test_scenario_2.sh: Test script for scenario 2 (uses GITHUB_PAT env var) - Updated .gitignore to exclude token files Updated: - MULTIPLATFORM_FIX_PLAN.md: Marked Issue #6B as completed, added test results summary Conclusion: The multi-platform image support implementation is working correctly and ready for production use. All critical functionality has been validated against real GitHub Container Registry packages. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Author
|
The images when I runned the test case: |
Applied automatic formatting with cargo fmt to ensure consistent code style. Changes: - Reformatted long lines for better readability - Fixed multiline function calls and method chains - Applied consistent spacing and indentation in assertions - Improved code formatting in manifest parsing tests Files modified: - src/client/client.rs - src/core/select_package_versions.rs Result: cargo fmt --check now passes ✅ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fixed all clippy linting warnings to pass CI checks with -D warnings. Changes: 1. Performance improvements: - Use dereference (*cut_off) instead of clone() for Copy types - Use retain() instead of filter+collect for better performance - Simplified Option::map usage, removed redundant closure 2. API completeness: - Added is_empty() method to PackageVersions struct - Added Default implementations for PackageVersions and PackagesClientBuilder 3. Documentation fixes: - Fixed overindented list items in doc comments 4. Pre-existing warnings (added allow attributes): - #[allow(clippy::too_many_arguments)] for select_package_versions and filter_package_versions - #[allow(clippy::needless_return)] for Account::try_from_str - #[allow(clippy::module_inception)] for client module Files modified: - src/cli/models.rs - src/client/builder.rs - src/client/mod.rs - src/core/select_package_versions.rs - src/main.rs - src/matchers.rs All tests pass: 33 unit tests + 2 integration tests ✅ Cargo clippy -- -D warnings: PASSED ✅ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…o deny issues Updated multiple dependencies to fix security vulnerabilities, license issues, and duplicate dependency warnings flagged by cargo deny. Security Updates: - tokio: 1.38.0 → 1.42.1 (fixes RUSTSEC-2025-0023 unsound broadcast channel) - tracing-subscriber: 0.3.18 → 0.3.20 (fixes RUSTSEC-2025-0055 ANSI escape sequence injection) - ring: 0.17.8 → 0.17.14 (fixes RUSTSEC-2025-0009 AES panic with overflow checking) - idna: 0.5.0 → 1.1.0 (fixes RUSTSEC-2024-0421 Punycode label vulnerability) - url: 2.5.2 → 2.5.4 Yanked Crate Updates: - bytes: 1.6.0 → 1.10.1 - futures-util: 0.3.30 → 0.3.31 Unmaintained Dependencies (Ignored): - adler: Transitive dependency from flate2, ignored RUSTSEC-2025-0056 - instant: Transitive dependency, ignored RUSTSEC-2024-0384 License Updates (deny.toml): - Added Unicode-3.0 license to allow list (required by ICU crates from idna 1.1.0) Cargo.lock Updates: - Removed adler 1.0.2, added adler2 2.0.1 (via flate2 update) - Added ICU internationalization crates (icu_collections, icu_normalizer, etc.) for idna 1.1.0 - Removed unused unicode-bidi and unicode-normalization - Updated 180+ transitive dependencies to latest compatible versions Result: - cargo deny check: ✅ PASSED - cargo test: ✅ PASSED (33 unit + 2 integration tests) - No security vulnerabilities - No license conflicts - Duplicate dependencies reduced 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
The pre-commit hooks were failing to find cargo-audit and other cargo tools even though they were successfully installed via cargo binstall. This can be because pre-commit runs in a sub-shell that doesn't inherit the cargo bin PATH. Added explicit step to add ~/.cargo/bin to GITHUB_PATH so that all subsequent steps (including pre-commit) can find cargo tools. This fixes the error: cargo audit..............Failed - hook id: cargo-audit - exit code: 101 error: no such command: `audit` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Author
|
Failing on some vulnerabilities in unmaintained dependencies in an trancient dependency, ignoring them until fixed. I hope it's ok. |
Fixed critical vulnerability in quinn-proto that could lead to panicking when calling Endpoint::retry(). Security Update: - quinn-proto: 0.11.3 → 0.11.9 (fixes RUSTSEC-2024-0373, severity 7.5) - quinn: 0.11.2 → 0.11.6 CVE Details: - Title: `Endpoint::retry()` calls can lead to panicking - Severity: 7.5 (high) - Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0373 - Required version: >=0.11.7 (now at 0.11.9) Additional Updates: - Added web-time 1.1.0 (replaces unmaintained instant) - Updated various proc-macro and thiserror dependencies Result: - cargo audit: ✅ 0 vulnerabilities (2 allowed warnings) - cargo test: ✅ PASSED (33 unit + 2 integration tests) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…lready installed place that wasn't in the path
Author
|
Made a version against main in #111 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR mostly generated by claude code but I have tried to understand the code, and giving it good instructions. Some details are in the MULTIPLATFORM_FIX_PLAN.md and details about how I have tested it against my fork with some packages at: INTEGRATION_TEST_RESULTS.md. I plan to test it more against some more repos on monday.
Fixes #90
Summary
This PR adds support for multi-platform container images by detecting and protecting platform-specific images that are part of tagged multi-platform manifests. Previously, the retention policy would incorrectly delete untagged platform-specific images (e.g., linux/amd64, linux/arm64) that were actually referenced by tagged multi-platform manifest lists, breaking the multi-platform images.
Problem
Multi-platform Docker images consist of:
myimage:v1.0.0)When the retention policy processed packages by SHA, it would see platform-specific images as untagged and delete them, even though they were part of a tagged multi-platform image. This broke multi-platform images and caused pull failures.
Solution
1. Manifest Fetching and Digest Protection
Files modified:
src/client/client.rs- Addedfetch_image_manifest()method to retrieve OCI manifests from ghcr.iosrc/core/select_package_versions.rs- Added digest fetching and filtering logic2. Support for Multiple Manifest Formats
Gracefully handles both manifest types:
application/vnd.oci.image.index.v1+json) - multi-platform imagesapplication/vnd.docker.distribution.manifest.v2+json) - single-platform imagesFiles modified:
src/client/client.rs- Added parsing for both OCI Image Index and Docker Distribution Manifest formatssrc/client/models.rs- Added manifest data structures3. Enhanced Logging
Added detailed logging to help users understand multi-platform image handling:
Files modified:
src/client/client.rs- Added INFO/DEBUG logging for manifest detectionsrc/core/select_package_versions.rs- Added summary logging for protected images4. Owner Handling Refactoring
Simplified owner handling by recognizing that all packages in a single run belong to the same owner:
PackagesClientafter fetching first packageFiles modified:
src/client/client.rs- Addedownerfield, populate from first packagesrc/client/builder.rs- Initialize owner as Nonesrc/core/select_packages.rs- ReturnVec<String>instead ofVec<(String, String)>src/core/select_package_versions.rs- AcceptVec<String>, removed HashMap5. Fix keep-n-most-recent Logic
Corrected the
keep-n-most-recentcalculation to apply after digest filtering, not before. This ensures that protected platform-specific images don't count toward the keep limit.Example:
keep-n-most-recent=5→ Keep 5 from remaining 7, delete 2Files modified:
src/core/select_package_versions.rs- Removed incorrect adjustment logic6. Robust Error Handling
All manifest fetch errors are now non-fatal:
Files modified:
src/client/client.rs- Added error handling for network/HTTP/parsing errors7. Comprehensive Testing
Unit Tests
Added tests for:
Files modified:
src/client/client.rs- Added manifest parsing testsIntegration Tests
Validated against real GitHub Container Registry packages:
Test Results: ✅ All tests passed
Files added:
INTEGRATION_TEST_RESULTS.md- Detailed test reporttest_scenario_1.sh- Test script for scenario 1test_scenario_2.sh- Test script for scenario 2Changes Summary
Modified Files
src/client/builder.rs- Initialize owner fieldsrc/client/client.rs- Manifest fetching, owner storage, error handling, testssrc/client/models.rs- OCI manifest data structuressrc/core/select_packages.rs- Simplified to return Vecsrc/core/select_package_versions.rs- Digest fetching/filtering, keep-n logic fixNew Files
MULTIPLATFORM_FIX_PLAN.md- Implementation plan and progress trackingINTEGRATION_TEST_RESULTS.md- Integration test reporttest_scenario_1.sh- Reusable test scripttest_scenario_2.sh- Reusable test scriptDocumentation
.gitignore- Protect against token leaksImpact
Before this fix:
After this fix:
Breaking Changes
None. This is a pure enhancement that adds new functionality without changing existing behavior for single-platform images.
Testing Instructions
Prerequisites
delete:packagespermissionRun Integration Tests
Expected Output
You should see logs like:
And platform-specific untagged images should NOT appear in the deletion list.
Checklist
References