Skip to content

Instantly share code, notes, and snippets.

@achetronic

achetronic/get-docker-image-tag-by-sha.sh

Created July 2, 2022 19:19
Show Gist options
  • Save achetronic/2db363e6c2fbecd42ae67512fbea50ca to your computer and use it in GitHub Desktop.
Save achetronic/2db363e6c2fbecd42ae67512fbea50ca to your computer and use it in GitHub Desktop.
Download ZIP
Find the tag of a Docker image having only the SHA256
Raw
get-docker-image-tag-by-sha.sh
#!/bin/bash
SHA256_HASH="5bb4faffc8b35e2702b2ffa78e982b979d7b66db29bd55b0c58de8fa745df661"
for i in {1..1000}
do
echo "Looking into page: $i"
curl "https://registry.hub.docker.com/v2/repositories/apache/superset/tags/?page=$i" \
| jq '.results[] | select(.["images"][]["digest"] == "sha256:'${SHA256_HASH}'")'
done
@aryehb
Copy link

aryehb commented Jul 10, 2024

If you have the repo digest of the image (docker inspect --format='{{index .RepoDigests 0}}' $IMAGE), use this jq command:

jq '.results[] | select(.digest == "sha256:'${SHA256_HASH}'")'

To hide the curl download stats, use --silent --show-error

@ThomDietrich
Copy link

To find your SHA256_HASH:

 docker images --digests

@achetronic
Copy link
Author

@ThomDietrich @aryehb Thank you for the contribution mates!

This is used more as a life-saver trick when you only have the sha256 and you need to find the tag pointing to that digest in the repo to fix it in your deployment manifests

@Kyu
Copy link

Kyu commented Jan 11, 2025
edited
Loading

Putting it together:

SHA256_HASH='5bb4faffc8b35e2702b2ffa78e982b979d7b66db29bd55b0c58de8fa745df661'
NAMESPACE='apache'
REPO_NAME='superset'

for i in {1..1000}; do 
    if [ $i -eq 100 ]; then
        echo -e "\e[35mSleeping for 7 seconds on page $i...\e[0m"
        sleep 7
    fi
    echo "Looking into page: $i"
    result=$(curl -s "https://registry.hub.docker.com/v2/repositories/$NAMESPACE/$REPO_NAME/tags/?page=$i" | jq -r ".results[] | select(.[\"images\"][][\"digest\"] == \"sha256:$hash\" or .digest == \"sha256:$SHA256_HASH\")") || break
    if [ ! -z "$result" ]; then
        echo "$result" | jq '.'
        break
    fi
done

@net
Copy link

net commented Mar 13, 2025
edited
Loading

For official images like https://hub.docker.com/_/node the namespace is "library".

Also, I think @Kyu meant for $hash to be $SHA256_HASH. Fixed:

#!/bin/bash

SHA256_HASH="5bb4faffc8b35e2702b2ffa78e982b979d7b66db29bd55b0c58de8fa745df661"
NAMESPACE='apache'
REPO_NAME='superset'

for i in {1..1000}; do 
    if [ $i -eq 100 ]; then
        echo -e "\e[35mSleeping for 7 seconds on page $i...\e[0m"
        sleep 7
    fi

    echo "Looking into page: $i"

    result=$(
        curl -s "https://registry.hub.docker.com/v2/repositories/$NAMESPACE/$REPO_NAME/tags/?page=$i" \
        | jq -r ".results[] | select(.[\"images\"][][\"digest\"] == \"sha256:$SHA256_HASH\" or .digest == \"sha256:$SHA256_HASH\")"
    ) || break

    if [ ! -z "$result" ]; then
        echo "$result" | jq '.'
        break
    fi
done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment