When uploading OCI artifacts with an image, they are not removed when the image expires:

$ crane ls ttl.sh/slsapoc
sha256-1cb5afe8bf4d159f6a7ebc5aa676366e43c1147a7ff2b8e05414a05be364a357.att
sha256-1cb5afe8bf4d159f6a7ebc5aa676366e43c1147a7ff2b8e05414a05be364a357.sig
sha256-669a37977f429bab60af7e82c12bca071824a4ffd89b93aec6614231a896a282.att
sha256-669a37977f429bab60af7e82c12bca071824a4ffd89b93aec6614231a896a282.sig
sha256-6e847778c78369bd386fb4203d1664f8f20d64fd6945a43e5cbb68e587c6064d.att
sha256-6e847778c78369bd386fb4203d1664f8f20d64fd6945a43e5cbb68e587c6064d.sig
sha256-7c2fb77bf9a5eae1561974f8adbe95a475a8bdf74cd805aa30127ae313cd58b7.att
sha256-7c2fb77bf9a5eae1561974f8adbe95a475a8bdf74cd805aa30127ae313cd58b7.sig

The image with the tag latest or10m is not there anymore, but the previous signatures and attestations persisted.

Currently, the GitHub action handles all deployments, except for the cloudflare worker. We should hook this up to the GitHub action also.

If I push a multi-platform image, or an OCI image, they aren't being cleaned after the timeout. I believe it's related to

• application/vnd.docker.distribution.manifest.v1+json
• application/vnd.docker.distribution.manifest.v1+prettyjws
• application/vnd.docker.distribution.manifest.v2+json
• application/vnd.docker.distribution.manifest.list.v2+json
• application/vnd.oci.image.manifest.v1+json
• application/vnd.oci.image.index.v1+json

The registry itself will automatically resolve a multi-platform image to linux/amd64 by default if you don't request the manifest list, so you end up with the following (5 minutes had passed):

$ docker pull --platform linux/amd64 ttl.sh/library/busybox:5m
5m: Pulling from library/busybox
manifest for ttl.sh/library/busybox:5m not found: manifest unknown: manifest unknown

$ docker pull --platform linux/arm/v5 ttl.sh/library/busybox:5m
5m: Pulling from library/busybox
3a7a3789f986: Pull complete 
Digest: sha256:139abcf41943b8bcd4bc5c42ee71ddc9402c7ad69ad9e177b0a9bc4541f14924
Status: Downloaded newer image for ttl.sh/library/busybox:5m
ttl.sh/library/busybox:5m

See the error from docker:

export IMAGE_NAME=$(uuidgen)
$ docker build -t ttl.sh/${IMAGE_NAME}:1h .
invalid argument "ttl.sh/A028C747-D344-4B85-AF58-FC59A321788D:1h" for "-t, --tag" flag: invalid reference format: repository name must be lowercase
$ docker version
Docker version 20.10.10, build b485636f4b

Suggestion to make the frontpage of ttl.sh say:

export IMAGE_NAME=$(uuidgen | tr '[:upper:]' '[:lower:]')

Example: https://github.com/replicatedhq/kots/blob/master/.github/dependabot.yml

The goal is to automate node packages and GitHub Actions when there are future versions available.

It would be good to retag the images as latest. This would enable:

docker build -t replreg.is/uuid/uuid:1h .
docker push replreg.is/uuid/uuid:1h

And then pulling with just

docker pull replreg.is/uuid/uuid

We should keep the timestamp tag too, for compatibility and because it's probably expected.

Supporting immutable tags would be great to be sure the pushed images aren't modified in any way. I think this could be controllable by the path of the image, something like tth.sh/immutable/<uuid>:<tag> could indicate this image should be immutable.

We should update ttl.sh to the latest distribution image and also create a GitHub action/automation to create Pull requests to the latest version, when one is available.

I am getting an error while pushing to ttl.sh, 413 request entity too large.
https://github.com/waveywaves/backstage/actions/runs/3103852916/jobs/5027642820#step:16:661

Based on the docker documentation I understand that the following configuration is necessary to get around this issue
https://docs.docker.com/registry/recipes/nginx/#setting-things-up

# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;

Hi,

I pushed yesterday an image... which shouldn't be available today.

Here is what I have done :

$ docker push ttl.sh/${IMAGE_NAME}:1h
The push refers to repository [ttl.sh/8097e2f7-fb1d-4a24-845d-48b5d597f8a4]
0804652eb60a: Pushed 
4f77f01cd59a: Pushed 
aeccf26589a7: Pushed 
f640be0d5aad: Pushed 
aa4330046b37: Pushed 
ad10b481abe7: Pushed 
69715584ec78: Pushed 

12 hours later :

$ docker push ttl.sh/${IMAGE_NAME}:1h
The push refers to repository [ttl.sh/8097e2f7-fb1d-4a24-845d-48b5d597f8a4]
0804652eb60a: Pushed 
4f77f01cd59a: Pushed 
aeccf26589a7: Pushed 
f640be0d5aad: Pushed 
aa4330046b37: Pushed 
ad10b481abe7: Pushed 
69715584ec78: Pushed 

Then... I can stilll pull the image.

$ docker pull ttl.sh/${IMAGE_NAME}:1h

1h: Pulling from 8097e2f7-fb1d-4a24-845d-48b5d597f8a4
79e9f2f55bf5: Pull complete 
0d96da54f60b: Pull complete 
5b27040df4a2: Pull complete 
e2ead8259a04: Pull complete 
3790aef225b9: Pull complete 
186297f03b96: Pull complete 
9dd4a5b2b3a0: Pull complete 
Digest: sha256:aabba69b5f956aea6eb3b7b46331e29229a03e7ef50c7c2e13559bdbd4e89431
Status: Downloaded newer image for ttl.sh/8097e2f7-fb1d-4a24-845d-48b5d597f8a4:1h
ttl.sh/8097e2f7-fb1d-4a24-845d-48b5d597f8a4:1h

Did I do something wrong ?

I was trying to setup ttl.sh on my own system, but got stuck since there are no clear steps documented to do so.

This is what I tried.

• Manually build the docker image, from registry folder.
• After the build, tried to run the image, using different possible combinations of docker run:
  • docker run -itd ttlsh:v1 -> got this error Set GCS_KEY_ENCODED variable configuration error: error parsing /etc/docker/registry/config.yml: yaml: line 16: mapping values are not allowed in this context
  • docker run -itd -e PORT=5000 -e GCS_KEY_ENCODED=Z2NzCg== -e REPLREG_HOST=0.0.0.0 -e REPLREG_SECRET=secret ttlsh:v1 -> got error panic: invalid character 'g' looking for beginning of value

What is the correct way to run it. There are lot of env variables defined in entrypoint.sh, what those each variables means?
variables: PORT,HOOK_TOKEN, HOOK_URI, REPLREG_HOST, REPLREG_SECRET, GCS_KEY_ENCODED.