ggcr: remote.Referrers returns http not found error directly

[otms61]

Describe the bug

When fetching referrers in an OCI registry that does not support the referrers API, an error is returned before handling the exception for errors in retrieving referrers.

When trying to get referrers for an image with no referrers, an transport.Error error is returned directly.

go-containerregistry/pkg/v1/remote/descriptor.go

Lines 330 to 344 in ed5c185

	// The registry doesn't support the Referrers API endpoint, so we'll use the fallback tag scheme.
	b, _, err := f.fetchManifest(ctx, fallbackTag(d), []types.MediaType{types.OCIImageIndex})
	if err != nil {
	return nil, err
	}
	var terr *transport.Error
	if ok := errors.As(err, &terr); ok && terr.StatusCode == http.StatusNotFound {
	// Not found just means there are no attachments yet. Start with an empty manifest.
	return &v1.IndexManifest{MediaType: types.OCIImageIndex}, nil
	}
	var im v1.IndexManifest
	if err := json.Unmarshal(b, &im); err != nil {
	return nil, err
	}

To Reproduce

call remote.Referrers on an image with the following conditions:

• registered in an OCI registry that does not support the referrers API
• the image has no referrers

For further details, see the test in the following PR:
#1648

Expected behavior

Return an empty manifest when the OCI registry returns a 404.

Additional context

I've been developing a tool that uses referrers API. I noticed that I need extra error handling when fetching referrers for an OCI registry that does not support referrers API.

aquasecurity/trivy-plugin-referrer#7

• Version of the module
  • v0.14.0
• Registry used (e.g., GCR, ECR, Quay)
  • registry:2
  • https://hub.docker.com/_/registry