Docker Community Forums

Share and learn in the Docker community.

Retrieve image labels from manifest

I need to retrieve all image labels for images in our hosted registry and found that they are contained in the image Manifest.

Unfortunately there seems to be no clean and elegant way to retrieve the labels directly (e.g. as a Map), instead they are stuffed into the legacy history collection, in the middle of a v1Compatibility attribute.

Is there a better way than to regex through it, as I find this quite a common use case and labels are a standard feature of docker…

I don’t understand why labels are treated as legacy and hidden in a compatibility section, instead of being included on the top level of Manifests, as the spec is quite new and labels have not been deprecated…?

So digging through the issues, esp. the registry search API in issue #206 “propose registry search functionality”, where the poor commenter really parses the manifest history manually, because inspecting and aggregating labels is regarded as a “resource hog” since it has to look through all layers of an image.

Seems there is also a newer, yet undocumented registry API in the works that will fix this, though. Any news on that one?

I have found a reply here.

In short, we need to fetch the blob of the “configuration layer”, which contains the container config entry as JSON with all the image-level metadata including labels.
Changing .container_config.Entrypoint to .container_config.Labels returns the image labels from the registry without downloading the whole image.

A specific solution for Gitlab would be:

TOKEN=$(curl -s "https://$username:$$IMAGE:*" | jq -r .token)
CONFIG_DIGEST=$(curl -s -H"Accept: application/vnd.docker.distribution.manifest.v2+json" -H"Authorization: Bearer $TOKEN" "$REGISTRY/v2/$IMAGE/manifests/$TAG" | jq -r .config.digest)
LABELS=$(curl -sL -H"Authorization: Bearer $TOKEN" "$REGISTRY/v2/$IMAGE/blobs/$CONFIG_DIGEST" | jq -r .container_config.Labels)
echo $LABELS