Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Do image digests work in pipes?

Mees Kluivers
Mees Kluivers
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 24, 2024

When providing an image for example like this:

 

- pipe: sonarsource/sonarqube-scan:2.0.1@sha256:f559720fcbb3bc355b9599666525c3ad80d6b6ab25ecd53aabb029aa583139a
We get an error in the pipeline:
Configuration error

It looks like you tried to use a pipe in your bitbucket-pipelines.yml that doesn’t exist. Check the name of the pipe and try again.

(pulling this image locally works without any problems)

But using something like:

 

- pipe: sonarsource/sonarqube-scan:2.0.1

Does work without any problems. Is there any reason why not to allow to use these digests to improve security?
Answer
Watch
Like Be the first to like this
370 views

1 answer

1 accepted

1 vote
Answer accepted
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 25, 2024

Hey @Mees Kluivers ,

and welcome to the Community!

Using digests in the pipe image definition is actually possible, but the syntax is slightly different from what you shared in your description.

When defining a custom docker image as a pipe, you need to prepend it with docker://:

pipe: docker://<DockerAccountName>/<ImageName>:<version>@<sha256>

Essentially, every pipe is a Docker container with an entry point script that contains the logic.

Following is an example of how it would look like using the sonarqube scan image you mentioned:

- step:
   name: Test pipe
   script:
     - echo "Test" 
     - pipe: docker://sonarsource/sonarqube-scan:2.0.1@sha256:f559720fcbb3bc355b9599666525c3ad80d6b6ab25ecd53aabb029aa583139a7
        variables:
          - <PIPE VARIABLES>

Reference: Custom pipes

I hope that helps! Should you have any questions, feel free to ask.

Thank you, @Mees Kluivers !

Patrik S

View More Comments
Mees Kluivers
Mees Kluivers
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 26, 2024

Thanks! I guess the docs are not clear enough about this.

Following this logic, would both definitions not be 'custom' pipes? Why should it work without prefixing it with 'docker://' without a hash, but won't it work when adding the hash?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Pipelines
TAGS
AUG Leaders

Atlassian Community Events

    See all events