open-component-model
diff --git a/‎bindings/go/oci/integration/go.mod‎
Lines changed: 3 additions & 0 deletions b/‎bindings/go/oci/integration/go.mod‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎bindings/go/oci/integration/go.sum‎
Lines changed: 6 additions & 0 deletions b/‎bindings/go/oci/integration/go.sum‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎bindings/go/oci/integration/integration_test.go‎
Lines changed: 153 additions & 0 deletions b/‎bindings/go/oci/integration/integration_test.go‎
Lines changed: 153 additions & 0 deletions
diff --git a/‎bindings/go/oci/repository.go‎
Lines changed: 1 addition & 1 deletion b/‎bindings/go/oci/repository.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bindings/go/oci/spec/transformation/v1alpha1/get_oci_artifact.go‎
Lines changed: 51 additions & 0 deletions b/‎bindings/go/oci/spec/transformation/v1alpha1/get_oci_artifact.go‎
Lines changed: 51 additions & 0 deletions
@@ -11,6 +11,8 @@ require (
 	github.com/testcontainers/testcontainers-go/modules/registry v0.40.0
 	golang.org/x/crypto v0.46.0
 	ocm.software/open-component-model/bindings/go/blob v0.0.11
+	ocm.software/open-component-model/bindings/go/configuration v0.0.9
+	ocm.software/open-component-model/bindings/go/credentials v0.0.7
 	ocm.software/open-component-model/bindings/go/ctf v0.3.0
 	ocm.software/open-component-model/bindings/go/descriptor/runtime v0.0.0-20260209114331-2c034a9e2912
 	ocm.software/open-component-model/bindings/go/descriptor/v2 v2.0.1-alpha9
@@ -82,5 +84,6 @@ require (
 	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	ocm.software/open-component-model/bindings/go/dag v0.0.6 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect
 )
@@ -181,8 +181,14 @@ gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 ocm.software/open-component-model/bindings/go/blob v0.0.11 h1:ASalU+M+PMgLGI6vQ1ZIWC65OOtN2a49qIMNR6BNONA=
 ocm.software/open-component-model/bindings/go/blob v0.0.11/go.mod h1:pZzaYptwTVBhicYp6z9vDY2K6KTwd5c+MuYoC3jr6s8=
+ocm.software/open-component-model/bindings/go/configuration v0.0.9 h1:bfgPD2G3fgmcbRYw0WXO3Fnx7+0G4gOV54JnYXgQY7w=
+ocm.software/open-component-model/bindings/go/configuration v0.0.9/go.mod h1:VZ8jQ3a6oTWyOpY09C7V3L0CfzKe9i1/Z4uJjLAVjN4=
+ocm.software/open-component-model/bindings/go/credentials v0.0.7 h1:pxf8fKSwWFiuvCjFrEfMODE4Vkyi+QexM/8x+mNdhcQ=
+ocm.software/open-component-model/bindings/go/credentials v0.0.7/go.mod h1:nWi5y4VhkAGaxfy6wNoLCde0saCu8ViHvjqBXHbe04U=
 ocm.software/open-component-model/bindings/go/ctf v0.3.0 h1:u1B26OgUvR+gzTwY0hTVdZgFIXv5uwdI8reEvCcjNV4=
 ocm.software/open-component-model/bindings/go/ctf v0.3.0/go.mod h1:skMxA1l7rZFhKsjn8CysSVG31zjmV95WaFqMVKRjHug=
+ocm.software/open-component-model/bindings/go/dag v0.0.6 h1:To76QJAmFD88C101oB/HgYvtomp8mm0270ewDLcVncw=
+ocm.software/open-component-model/bindings/go/dag v0.0.6/go.mod h1:mQbO95zYvX59VXNJGer4+wGsKY0BVI4FKwlR5BlPugM=
 ocm.software/open-component-model/bindings/go/descriptor/runtime v0.0.0-20260209114331-2c034a9e2912 h1:vuMu/Cnc8YZTHmFGJbGIAgDGhL8cHfVmS+eu1GF1/Fg=
 ocm.software/open-component-model/bindings/go/descriptor/runtime v0.0.0-20260209114331-2c034a9e2912/go.mod h1:w8DLZVNfVWjXt1Z1wBW+0sbz0r87jj8mfrT5gHco+BA=
 ocm.software/open-component-model/bindings/go/descriptor/v2 v2.0.1-alpha9 h1:SdQm6w7Lj0g+d+MaNXQQkpKUqOhFwUSzoUjzRyeKL0I=
 
@@ -34,20 +34,27 @@ import (
 
 	"ocm.software/open-component-model/bindings/go/blob"
 	"ocm.software/open-component-model/bindings/go/blob/filesystem"
+	filesystemaccess "ocm.software/open-component-model/bindings/go/blob/filesystem/spec/access"
 	"ocm.software/open-component-model/bindings/go/blob/inmemory"
+	filesystemv1alpha1 "ocm.software/open-component-model/bindings/go/configuration/filesystem/v1alpha1/spec"
+	"ocm.software/open-component-model/bindings/go/credentials"
 	"ocm.software/open-component-model/bindings/go/ctf"
 	descriptor "ocm.software/open-component-model/bindings/go/descriptor/runtime"
 	v2 "ocm.software/open-component-model/bindings/go/descriptor/v2"
 	"ocm.software/open-component-model/bindings/go/oci"
+	ociinmemory "ocm.software/open-component-model/bindings/go/oci/cache/inmemory"
 	ocictf "ocm.software/open-component-model/bindings/go/oci/ctf"
 	"ocm.software/open-component-model/bindings/go/oci/repository/provider"
+	"ocm.software/open-component-model/bindings/go/oci/repository/resource"
 	urlresolver "ocm.software/open-component-model/bindings/go/oci/resolver/url"
 	ocmoci "ocm.software/open-component-model/bindings/go/oci/spec/access"
 	v1 "ocm.software/open-component-model/bindings/go/oci/spec/access/v1"
 	"ocm.software/open-component-model/bindings/go/oci/spec/layout"
 	ctfrepospecv1 "ocm.software/open-component-model/bindings/go/oci/spec/repository/v1/ctf"
 	ocirepospecv1 "ocm.software/open-component-model/bindings/go/oci/spec/repository/v1/oci"
+	"ocm.software/open-component-model/bindings/go/oci/spec/transformation/v1alpha1"
 	"ocm.software/open-component-model/bindings/go/oci/tar"
+	"ocm.software/open-component-model/bindings/go/oci/transformer"
 	"ocm.software/open-component-model/bindings/go/repository"
 	ocmruntime "ocm.software/open-component-model/bindings/go/runtime"
 )
@@ -422,6 +429,57 @@ func Test_Integration_CTF_Lister(t *testing.T) {
 	require.Equal(t, expectedList, result)
 }
 
+// Test_Integration_Transformers needs a different setup than the other tests.
+// Reason being that transformer.GetOCIArtifact requires repository.ResourceRepository.
+// Since oci.Repository does not implement repository.ResourceRepository yet, we could not reuse the setup with
+// urlresolver.Resolver. We will be able to unify the testing setup once we refactored the oci Repositories
+// https://github.com/open-component-model/ocm-project/issues/774
+func Test_Integration_Transformers(t *testing.T) {
+	t.Parallel()
+	ctx := t.Context()
+
+	t.Logf("Starting transformers integration test")
+
+	// Setup credentials and htpasswd
+	password := generateRandomPassword(t, passwordLength)
+	htpasswd := generateHtpasswd(t, testUsername, password)
+
+	// Start containerized registry
+	t.Logf("Launching test registry (%s)...", distributionRegistryImage)
+	registryContainer, err := registry.Run(ctx, distributionRegistryImage,
+		registry.WithHtpasswd(htpasswd),
+		testcontainers.WithEnv(map[string]string{
+			"REGISTRY_VALIDATION_DISABLED": "true",
+			"REGISTRY_LOG_LEVEL":           "debug",
+		}),
+		testcontainers.WithLogger(log.TestLogger(t)),
+	)
+	r := require.New(t)
+	r.NoError(err)
+	t.Cleanup(func() {
+		r.NoError(testcontainers.TerminateContainer(registryContainer))
+	})
+	t.Logf("Test registry started")
+
+	t.Run("ociArtifact", func(t *testing.T) {
+		r := require.New(t)
+		registryAddress, err := registryContainer.HostAddress(ctx)
+		r.NoError(err)
+
+		reference := func(ref string) string {
+			return fmt.Sprintf("%s/%s", registryAddress, ref)
+		}
+
+		t.Run("get oci artifact", func(t *testing.T) {
+			resourceRepo := resource.NewResourceRepository(ociinmemory.New(), ociinmemory.New(), &filesystemv1alpha1.Config{})
+
+			t.Run("get oci transformation", func(t *testing.T) {
+				transformGetOCIArtifact(t, resourceRepo, testUsername, password, "ghcr.io/test:v1.0.0", reference("new-test:v1.0.0"))
+			})
+		})
+	})
+}
+
 func uploadDownloadLocalResourceOCILayout(t *testing.T, repo *oci.Repository, component string, version string) {
 	ctx := t.Context()
 	r := require.New(t)
@@ -946,3 +1004,98 @@ func getUsername(t *testing.T, gh string) (string, error) {
 
 	return structured["login"].(string), nil
 }
+
+func transformGetOCIArtifact(t *testing.T, repo repository.ResourceRepository, username, password, from, to string) {
+	ctx := t.Context()
+	r := require.New(t)
+
+	url, err := ocmruntime.ParseURLAndAllowNoScheme(to)
+	r.NoError(err)
+
+	toIdentity := ocmruntime.Identity{
+		"scheme":   "http",
+		"hostname": url.Hostname(),
+		"port":     url.Port(),
+		"type":     "OCIRepository",
+	}
+
+	originalData := []byte("foobar")
+
+	data, access := createSingleLayerOCIImage(t, originalData, from)
+	r.NotNil(access)
+
+	access.Type = ocmruntime.Type{
+		Name:    "ociArtifact",
+		Version: "v1",
+	}
+
+	blob := inmemory.New(bytes.NewReader(data))
+
+	resource := descriptor.Resource{
+		ElementMeta: descriptor.ElementMeta{
+			ObjectMeta: descriptor.ObjectMeta{
+				Name:    "test-resource",
+				Version: "v1.0.0",
+			},
+		},
+		Type:         "some-arbitrary-type-packed-in-image",
+		Access:       access,
+		CreationTime: descriptor.CreationTime(time.Now()),
+	}
+
+	targetAccess := resource.Access.DeepCopyTyped()
+	targetAccess.(*v1.OCIImage).ImageReference = fmt.Sprintf("http://%s", to)
+	resource.Access = targetAccess
+
+	credsMap := map[string]map[string]string{
+		toIdentity.String(): {
+			"username": username,
+			"password": password,
+		},
+	}
+	credsResolver := credentials.NewStaticCredentialsResolver(credsMap)
+	creds := credsMap[toIdentity.String()]
+	r.NotNil(creds)
+
+	newRes, err := repo.UploadResource(ctx, &resource, blob, creds)
+	r.NoError(err)
+	resource = *newRes
+
+	combinedScheme := ocmruntime.NewScheme()
+	v2.MustAddToScheme(combinedScheme)
+	filesystemaccess.MustAddToScheme(combinedScheme)
+	combinedScheme.MustRegisterWithAlias(&v1alpha1.GetOCIArtifact{}, v1alpha1.GetOCIArtifactV1alpha1)
+
+	transform := transformer.GetOCIArtifact{
+		Scheme:             combinedScheme,
+		Repository:         repo,
+		CredentialProvider: credsResolver,
+	}
+
+	v2Resource, err := descriptor.ConvertToV2Resource(ocmruntime.NewScheme(ocmruntime.WithAllowUnknown()), newRes)
+	r.NoError(err)
+
+	spec := &v1alpha1.GetOCIArtifact{
+		Type: ocmruntime.NewVersionedType(v1alpha1.GetOCIArtifactType, v1alpha1.Version),
+		ID:   "test-get-oci-transform",
+		Spec: &v1alpha1.GetOCIArtifactSpec{
+			Resource: v2Resource,
+		},
+	}
+
+	// Execute transformation
+	result, err := transform.Transform(ctx, spec)
+	require.NoError(t, err)
+	require.NotNil(t, result)
+
+	ociOutput, ok := result.(*v1alpha1.GetOCIArtifact)
+	require.True(t, ok)
+	require.NotNil(t, ociOutput)
+
+	require.NotNil(t, ociOutput.Output.File)
+	require.NotNil(t, ociOutput.Output.File.URI)
+
+	// must match pattern oci-artifact-%s.tar.gz
+	require.Regexp(t, `^oci-artifact-[a-f0-9]+\.tar\.gz$`, filepath.Base(ociOutput.Output.File.URI))
+	require.Equal(t, ociOutput.Output.File.MediaType, "application/vnd.ocm.software.oci.layout.v1+tar+gzip")
+}
@@ -281,7 +281,7 @@ func (repo *Repository) processOCIImageDigest(ctx context.Context, res *descript
 
 	var desc ociImageSpecV1.Descriptor
 	if pinnedDigest.String() == "" {
-		if desc, err = src.Resolve(ctx, resolved.String()); err != nil {
+		if desc, err = src.Resolve(ctx, resolved.ReferenceOrTag()); err != nil {
 			return nil, fmt.Errorf("failed to resolve reference to process digest %q: %w", typed.ImageReference, err)
 		}
 	} else {
 
@@ -0,0 +1,51 @@
+package v1alpha1
+
+import (
+	"ocm.software/open-component-model/bindings/go/blob/filesystem/spec/access/v1alpha1"
+	v2 "ocm.software/open-component-model/bindings/go/descriptor/v2"
+	"ocm.software/open-component-model/bindings/go/runtime"
+)
+
+const GetOCIArtifactType = "GetOCIArtifact"
+
+// GetOCIArtifact is a transformer specification to get an OCI artifact
+// from a remote OCI registry and buffer it to a file.
+// It contains the resource descriptor of the artifact to be retrieved and an optional output path.
+// If no output path is given, a temporary file will be created for buffering the artifact.
+// Spec: GetOCIArtifactSpec - the input specification of the transformation containing the resource descriptor and output path.
+// Output: GetOCIArtifactOutput - the output specification of the transformation containing the file access specification
+// for the downloaded artifact and the resource descriptor from the component.
+// +k8s:deepcopy-gen:interfaces=ocm.software/open-component-model/bindings/go/runtime.Typed
+// +k8s:deepcopy-gen=true
+// +ocm:typegen=true
+// +ocm:jsonschema-gen=true
+type GetOCIArtifact struct {
+	// +ocm:jsonschema-gen:enum=GetOCIArtifact/v1alpha1
+	Type   runtime.Type          `json:"type"`
+	ID     string                `json:"id"`
+	Spec   *GetOCIArtifactSpec   `json:"spec"`
+	Output *GetOCIArtifactOutput `json:"output,omitempty"`
+}
+
+// GetOCIArtifactOutput is the output specification of the
+// GetOCIArtifact transformation.
+// +k8s:deepcopy-gen=true
+// +ocm:jsonschema-gen=true
+type GetOCIArtifactOutput struct {
+	// File is the file access specification for the downloaded artifact
+	File v1alpha1.File `json:"file"`
+	// Resource is the resource descriptor from the component
+	Resource *v2.Resource `json:"resource"`
+}
+
+// GetOCIArtifactSpec is the input specification for the
+// GetOCIArtifact transformation.
+// +k8s:deepcopy-gen=true
+// +ocm:jsonschema-gen=true
+type GetOCIArtifactSpec struct {
+	// Resource is the resource descriptor to get the OCI artifact from.
+	Resource *v2.Resource `json:"resource"`
+	// OutputPath is the path where the artifact should be downloaded to.
+	// If empty, a temporary file will be created.
+	OutputPath string `json:"outputPath,omitempty"`
+}
Original file line number	Diff line number	Diff line change
`@@ -281,7 +281,7 @@ func (repo Repository) processOCIImageDigest(ctx context.Context, res descript`
`281`	`281`
`282`	`282`	`var desc ociImageSpecV1.Descriptor`
`283`	`283`	`if pinnedDigest.String() == "" {`
`284`		`- if desc, err = src.Resolve(ctx, resolved.String()); err != nil {`
	`284`	`+ if desc, err = src.Resolve(ctx, resolved.ReferenceOrTag()); err != nil {`
`285`	`285`	`return nil, fmt.Errorf("failed to resolve reference to process digest %q: %w", typed.ImageReference, err)`
`286`	`286`	`}`
`287`	`287`	`} else {`