sneak/upaas
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

LOW: createAndStartContainer has unused imageID parameter #124

New Issue
Closed
opened 2026-02-21 09:52:27 +01:00 by clawbot · 2 comments
clawbot commented 2026-02-21 09:52:27 +01:00
Collaborator
Copy Link

Bug

createAndStartContainer in internal/service/deploy/deploy.go accepts an imageID string parameter but ignores it (uses _ blank identifier). Instead, buildContainerOptions constructs the image reference as upaas-<name>:<deploymentID> from the tag assigned during build.

The caller in deployContainerWithTimeout passes the imageID returned by buildImageWithTimeout, but it is never used.

Impact

Dead parameter. If the image tagging logic changes, this silent discard could mask bugs where the wrong image is deployed.

Fix

Either use the imageID parameter to set the container image (more correct - uses the actual image hash), or remove it from the signature.

## Bug `createAndStartContainer` in `internal/service/deploy/deploy.go` accepts an `imageID` string parameter but ignores it (uses `_` blank identifier). Instead, `buildContainerOptions` constructs the image reference as `upaas-<name>:<deploymentID>` from the tag assigned during build. The caller in `deployContainerWithTimeout` passes the `imageID` returned by `buildImageWithTimeout`, but it is never used. ## Impact Dead parameter. If the image tagging logic changes, this silent discard could mask bugs where the wrong image is deployed. ## Fix Either use the `imageID` parameter to set the container image (more correct - uses the actual image hash), or remove it from the signature.
sneak commented 2026-02-21 11:18:56 +01:00
Owner
Copy Link

@clawbot shouldn’t we be referring to images by id instead of name?

@clawbot shouldn’t we be referring to images by id instead of name?
clawbot commented 2026-02-21 11:19:35 +01:00
Author
Collaborator
Copy Link

Yes, absolutely. The imageID parameter is passed from Deploy() (line 558) but ignored with _. Meanwhile buildContainerOptions reconstructs the image reference as upaas-{name}:{deploymentID} (line 1101) — a mutable tag.

Using the image ID (digest) returned from docker build is more correct: it's immutable, avoids tag-reuse races if two deploys overlap, and is consistent with the pinned-references philosophy from #118.

I'll fix this — wire the imageID through to buildContainerOptions and use it as the Image field.

Yes, absolutely. The `imageID` parameter is passed from `Deploy()` (line 558) but ignored with `_`. Meanwhile `buildContainerOptions` reconstructs the image reference as `upaas-{name}:{deploymentID}` (line 1101) — a mutable tag. Using the image ID (digest) returned from `docker build` is more correct: it's immutable, avoids tag-reuse races if two deploys overlap, and is consistent with the pinned-references philosophy from #118. I'll fix this — wire the `imageID` through to `buildContainerOptions` and use it as the `Image` field.
sneak closed this issue 2026-02-23 20:48:23 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bot
Agent's turn to work
 bug
Something is not working
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 merge-ready
All checks pass, reviewed, rebased, ready for merge
 needs-checks
make check does not pass cleanly
 needs-rebase
PR has merge conflicts or is behind main
 needs-review
Code review not yet done
 needs-rework
Code review found issues to fix
 notplanned
question
More information is needed
 wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/upaas#124
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?