I want to double tag docker images (latest + a version e.g. 1.3.0-78) at build/docker push time.

Then I want to deploy all my applications to kubernetes with the latest tag, if tests pass then look up the "real" tag (1.3.0-78) from the image digest I can get from kubernetes associated with the "latest", then create a manifest of all the docker tags as a release candidate.

Unfortunately, I haven't found a good way to find the "real" tag just based on a digest.

It appears you have to iterate all the tags in the entire repository and look for a matching digest. Given there can be hundreds or thousands of tags for a specific image this could take a really long time.

Here is a script that finds all the tags that have the same digest, but it's very slow:

REPOSITORY=$1
TARGET_TAG=$2


# find all tags
ALL_TAGS=$(curl -s  $REPOSITORY/tags/list | jq -r .tags[])

# get image digest for target
TARGET_DIGEST=$(curl -s -D -  -H "Accept: application/vnd.docker.distribution.manifest.v2+json"   $REPOSITORY/manifests/$TARGET_TAG | grep Docker-Content-Digest | cut -d ' ' -f 2)

# for each tags
for tag in ${ALL_TAGS[@]}; do
  echo "checking tag ${tag}"
  # get image digest
  digest=$(curl -s -D -  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" $REPOSITORY/manifests/$tag | grep Docker-Content-Digest | cut -d ' ' -f 2)

  # check digest
  if [[ $TARGET_DIGEST = $digest ]]; then
    echo "$tag $digest"
  fi
done

Does anyone have another approach?