Skip to content

Feat: Support referrers in an external repository #866

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sudo-bmitch merged 1 commit into from
Nov 29, 2024
Merged

Feat: Support referrers in an external repository #866

sudo-bmitch merged 1 commit into from
Nov 29, 2024

Conversation

@sudo-bmitch
Copy link
Contributor

@sudo-bmitch sudo-bmitch commented Nov 29, 2024

Fixes issue

Fixes #586.

Describe the change

Support referrers in an external repository. This allows organizations to maintain a repository of referrers separate from the upstream images. That can be useful for SBOM, signing, and vulnerability scans that are under separate security zones.

How to verify it

$ echo "Alpine Linux" | regctl artifact put --subject alpine ocidir://test/external:alpine-info --artifact-type application/example.contents

$ regctl artifact list alpine --external ocidir://test/external
Subject:        ocidir://test/external@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
                
Referrers:      
                
  Name:         ocidir://test/external@sha256:5f685e999e50aecd719512de9443c9bac27f60056580f6c3bdaf18d75c1c9ab3
  Digest:       sha256:5f685e999e50aecd719512de9443c9bac27f60056580f6c3bdaf18d75c1c9ab3
  MediaType:    application/vnd.oci.image.manifest.v1+json
  ArtifactType: application/example.contents

$ regctl artifact tree alpine --external ocidir://test/external
Ref: docker.io/library/alpine:latest
Digest: sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
Children:
  - sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85 [linux/amd64]
  - sha256:5fea95373b9ec85974843f31446fa6a9df4492dddae4e1cb056193c34a20a5be [unknown/unknown]
  - sha256:b4aef1a899e0271f06d948c9a8fa626ecdb2202d3a178bc14775dd559e23df8e [linux/arm/v6]
  - sha256:a4d1e27e63a9d6353046eb25a2f0ec02945012b217f4364cd83a73fe6dfb0b15 [unknown/unknown]
  - sha256:4fdafe217d0922f3c3e2b4f64cf043f8403a4636685cd9c51fea2cbd1f419740 [linux/arm/v7]
  - sha256:7f21ac2018d95b2c51a5779c1d5ca6c327504adc3b0fdc747a6725d30b3f13c2 [unknown/unknown]
  - sha256:ea3c5a9671f7b3f7eb47eab06f73bc6591df978b0d5955689a9e6f943aa368c0 [linux/arm64]
  - sha256:a8ba68c1a9e6eea8041b4b8f996c235163440808b9654a865976fdcbede0f433 [unknown/unknown]
  - sha256:dea9f02e103e837849f984d5679305c758aba7fea1b95b7766218597f61a05ab [linux/386]
  - sha256:3c6629bec05c8273a927d46b77428bf4a378dad911a0ae284887becdc149b734 [unknown/unknown]
  - sha256:0880443bffa028dfbbc4094a32dd6b7ac25684e4c0a3d50da9e0acae355c5eaf [linux/ppc64le]
  - sha256:bb48308f976b266e3ab39bbf9af84521959bd9c295d3c763690cf41f8df2a626 [unknown/unknown]
  - sha256:d76e6fbe348ff20c2931bb7f101e49379648e026de95dd37f96e00ce1909dcf7 [linux/riscv64]
  - sha256:dd807544365f6dc187cbe6de0806adce2ea9de3e7124717d1d8e8b7a18b77b64 [unknown/unknown]
  - sha256:b815fadf80495594eb6296a6af0bc647ae5f193e0044e07acec7e5b378c9ce2d [linux/s390x]
  - sha256:74681be74a280a88abb53ff1e048eb1fb624b30d0066730df6d8afd02ba82e01 [unknown/unknown]
Referrers:
  - sha256:5f685e999e50aecd719512de9443c9bac27f60056580f6c3bdaf18d75c1c9ab3: application/example.contents

$ regctl artifact get --subject alpine --external ocidir://test/external --filter-artifact-type application/example.contents
Alpine Linux

Changelog text

  • Feat: Support referrers in an external repository.

Please verify and check that the pull request fulfills the following requirements

  • Tests have been added or not applicable
  • Documentation has been added, updated, or not applicable
  • Changes have been rebased to main
  • Multiple commits to the same code have been squashed

@sudo-bmitch
Feat: Support referrers in an external repository
a8a9640 
This allows organizations to maintain a repository of referrers separate from the upstream images.

Signed-off-by: Brandon Mitchell <git@bmitch.net>
@sudo-bmitch sudo-bmitch merged commit 51fbbeb into regclient:main Nov 29, 2024
5 checks passed
@sudo-bmitch sudo-bmitch deleted the pr-referrer-external branch November 29, 2024 21:17
@BrewTestBot BrewTestBot mentioned this pull request Dec 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature] artifacts referring to subjects in different repositories

1 participant

@sudo-bmitch