Skip to content

Image building may fail when specifying a platform if an image has already been built with a different platform #47292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

Image building may fail when specifying a platform if an image has already been built with a different platform #47292

wants to merge 9 commits into from
+152 −11

Conversation

@hojooo
Copy link
Contributor

@hojooo hojooo commented Sep 21, 2025
edited
Loading

Summary

This PR fixes Docker platform handling issues that occur when building images for a platform different from the host platform. The changes ensure that platform information is properly propagated throughout the buildpack layer export and multi-architecture image inspection processes.

Related Issues

Root Cause

The issues stemmed from incomplete platform information propagation in the Docker API implementation:

  • During buildpack layer export, platform information wasn't passed to the docker save command
  • Multi-architecture image inspection didn't properly respect the pulled digest, leading to platform conflicts

Changes Made

Inspect path improvements

  • After pull, either pin to the resolved manifest digest, or inspect by tag + optional platform to remove ambiguity between index digest and per-arch manifest.

Unified platform parameter encoding

  • For v1.48+/v1.49+ endpoints: pass OCI Platform JSON,
  • e.g., {"os":"linux","architecture":"amd64","variant":"v8"}.

Image.Descriptor parsing

  • Parse Descriptor.digest (and use RepoDigests as a fallback) to reliably resolve and pin the correct per-arch manifest.

@hojooo
Respect image platform when exporting buildpack layers
6230392 
Ensure the builder propagates the requested image platform to
DockerApi.exportLayers so Docker 1.41+ saves layers for the pulled
architecture rather than the host default. Add platform-aware tests
issue: spring-projects#46665

Signed-off-by: hojooo <[email protected]>
@hojooo
Respect pulled digest when inspecting multi-arch images
9319625 
Capture the digest emitted during the pull stream and
inspect name@digest so the newly pulled manifest is always used.
issue: spring-projects#46674.

Signed-off-by: hojooo <[email protected]>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 21, 2025
@hojooo
Copy link
Contributor Author

hojooo commented Oct 27, 2025

#46674 (comment)

@hojooo hojooo force-pushed the fix-build-docker-image branch from 66ac80d to 174fdb3 Compare October 28, 2025 07:36
@hojooo hojooo force-pushed the fix-build-docker-image branch 3 times, most recently from 2a15da3 to 8d5a456 Compare November 4, 2025 13:33
@hojooo hojooo force-pushed the fix-build-docker-image branch from 8d5a456 to 772add5 Compare November 4, 2025 16:02
@hojooo hojooo force-pushed the fix-build-docker-image branch from 2d2e41b to fc86c38 Compare November 7, 2025 05:43
@philwebb philwebb self-assigned this Nov 12, 2025
@philwebb philwebb changed the title Fix Docker multi-architecture image platform handling in buildpack operations Image building may fail when specifying a platform if an image has already been built with a different platform Nov 12, 2025
@philwebb philwebb added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 12, 2025
This was referenced Nov 12, 2025
Closed
Closed
philwebb pushed a commit that referenced this pull request Nov 12, 2025
@hojooo @philwebb
Correctly handle platform specific buildpack builds
913c434 
Prior to this commit, performing a build on a ARM Mac with the default
configuration and then building it again with the image platform set to
`linux/amd64` results in an "Image platform mismatch detected" failure.

This is due to the fact that `docker inspect` returns JSON for the
default platform, regardless of the fact that another architecture
has been pulled.

To solve the issue, the `inspect` API call on Docker 1.49+ can now
accept a platform query parameter which when specified returns platform
specific JSON.

At the time of this commit, the Docker API documentation hasn't been
updated, despite PR moby/moby#49586 being
merged.

In addition to using the correct inspect JSON, we also need to pin
the run image we use to a specific digest. Without doing this,
buildpacks revert back to the default platform image and
"content digest not found" errors are thrown (similar to
https://github.com/buildpacks/docs/issues/818).

See gh-47292

Signed-off-by: hojooo <[email protected]>
philwebb added a commit that referenced this pull request Nov 12, 2025
@philwebb
Polish 'Correctly handle platform specific buildpack builds'
39f3d1c 
See gh-47292
@philwebb philwebb closed this in b6460ea Nov 12, 2025
@philwebb
Copy link
Member

philwebb commented Nov 12, 2025
edited by wilkinsona
Loading

Thanks very much @hojooo, this must have been quite some effort to work out how to fix (especially as the Docker API docs are incomplete).

I've merged it into 3.4.x with a few changes, the main one being to remove the platform when doing the export. I think we can get away without that.

@philwebb philwebb added this to the 3.4.12 milestone Nov 12, 2025
@philwebb philwebb mentioned this pull request Nov 13, 2025
Closed
@hojooo
Copy link
Contributor Author

hojooo commented Nov 13, 2025
edited
Loading

Thanks, @philwebb !

Related issue: #46665 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wilkinsona wilkinsona wilkinsona left review comments

+1 more reviewer

@mkhaled2 mkhaled2 mkhaled2 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@philwebb philwebb

Labels

type: bug A general bug

Projects

None yet

Milestone

3.4.12

Development

Successfully merging this pull request may close these issues.

5 participants

@hojooo @philwebb @wilkinsona @mkhaled2 @spring-projects-issues