Can I add the hash of docker container to my snapshot?

ilya_at_vividilya_at_vivid Member
edited May 1 in Ask the FireCloud Team

runtime {
docker: "imagename":HASH
memory: memGB
disks: "local-disk 256 HDD"
cpu: nCores
}

This would be useful for forcing versioning of the docker image in the snapshot.

Best Answer

Answers

  • SChaluvadiSChaluvadi Member, Broadie, Moderator admin

    @ilya_at_vivid Yes, you can add a hash like so:
    docker: “broadinstitute/gatk:4.1.0.0” where the 4.1.0.0 is the hash.

  • ilya_at_vividilya_at_vivid Member
    edited May 3

    What if you have a tag and a hash?

    e.g. project/image:tag

    I had an error message with an "@hash after image name. Maybe that is the right format?

  • SChaluvadiSChaluvadi Member, Broadie, Moderator admin

    @ilya_at_vivid I don't believe that you can implement the hash from a runtime attribute. When you refer to hash do you mean the container ID as if two different containers were built from the same docker image?

  • ilya_at_vividilya_at_vivid Member

    Here is an example from a log file generated by terra. sha256 tag after the image name. I modified it to protect any identity. If a snapshot contained that hash you would guarantee that someone could not change the docker image in the snap shot. Right now I can just upload an image to a docker repository and the snap shot is no longer a "snap shot".

    Pulling image "gcr.io/project/[email protected]:96a21410f3a03c44rtt67f9eaafd3165f1482f8ba2a92d4f9378504d9befb01"
    2019/05/08 03:01:37 I: Pulled image "gcr.io/project/[email protected]:96a21410f3a03c44rtt67f9eaafd3165f1482f8ba2a92d4f9378504d9befb01"
    2019/05/08 03:01:37successfully.

Sign In or Register to comment.