The use case is straightforward:

One: Git tags can be applied to a SHA at any time, and in particular long after that SHA has passed CICD. In particular it is common that not every git SHA will be tagged with a semantic version tag and it is relatively common that the version that needs to be shipped is an older commit. Here I’m assuming that version branches are not adopted for a project since for smaller teams that’s a lot of unnecessary overhead - and it makes CICD more complicated than just “ship specific commits from master” (this approach is pretty common in SaaS for small teams since patches can be always be deployed outside the normal CICD process).

Two: A docker tag should match a git tag for the sake of everybody’s sanity.

1 + 2 => It would make sense for a new docker tag to be applicable to an image at any time, e.g. after CICD is finished.

For this use case, downloading, building an image to add a semver tag is suboptimal. Especially when administering systems from low bandwidth environments (I know it’s hard to imagine but low bandwidth environments definitely still exist).

What’s more, applying a tag to an existing image without downloading the blobs is actually doable via the API (see message from @brodsky). What is not obvious from this thread is whether this is a supported feature and whether or not there’s some as yet unmentioned CLI capability for this.

@nathanleclaire can you clarify is this API functionality a supported feature and is there a way to do this in the CLI without downloading?