From 08c92e12a4a2b05d0ea5abe055c7c01ba9964051 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 28 Mar 2024 16:22:18 -0400 Subject: [PATCH] chore: switch to use oci lib in defenseunicorns/pkg (#2404) ## Description switch to using the oci library at https://github.com/defenseunicorns/pkg. This would also close https://github.com/defenseunicorns/zarf/pull/2392 as we pull in an updated docker version Fixes #2251 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --- go.mod | 8 +- go.sum | 60 ++++--- src/cmd/initialize.go | 2 +- src/cmd/tools/zarf.go | 2 +- src/pkg/oci/common.go | 191 --------------------- src/pkg/oci/copier.go | 114 ------------ src/pkg/oci/fetch.go | 102 ----------- src/pkg/oci/manifest.go | 31 ---- src/pkg/oci/progress.go | 36 ---- src/pkg/oci/pull.go | 116 ------------- src/pkg/oci/push.go | 153 ----------------- src/pkg/oci/utils.go | 48 ------ src/pkg/packager/composer/oci.go | 2 +- src/pkg/packager/creator/normal.go | 2 +- src/pkg/packager/publish.go | 2 +- src/pkg/packager/sources/new.go | 2 +- src/pkg/zoci/common.go | 2 +- src/pkg/zoci/copier.go | 2 +- src/pkg/zoci/fetch.go | 2 +- src/pkg/zoci/pull.go | 2 +- src/pkg/zoci/push.go | 2 +- src/test/e2e/50_oci_publish_deploy_test.go | 2 +- 22 files changed, 53 insertions(+), 830 deletions(-) delete mode 100644 src/pkg/oci/common.go delete mode 100644 src/pkg/oci/copier.go delete mode 100644 src/pkg/oci/fetch.go delete mode 100644 src/pkg/oci/manifest.go delete mode 100644 src/pkg/oci/progress.go delete mode 100644 src/pkg/oci/pull.go delete mode 100644 src/pkg/oci/push.go delete mode 100644 src/pkg/oci/utils.go diff --git a/go.mod b/go.mod index 93febdd173..5568e67201 100644 --- a/go.mod +++ b/go.mod @@ -15,9 +15,9 @@ require ( github.com/anchore/stereoscope v0.0.1 github.com/anchore/syft v0.100.0 github.com/defenseunicorns/pkg/helpers v0.0.2 + github.com/defenseunicorns/pkg/oci v0.0.1 github.com/derailed/k9s v0.31.7 github.com/distribution/reference v0.5.0 - github.com/docker/cli v24.0.9+incompatible github.com/fairwindsops/pluto/v5 v5.18.4 github.com/fatih/color v1.16.0 github.com/fluxcd/helm-controller/api v0.37.4 @@ -46,7 +46,6 @@ require ( github.com/stretchr/testify v1.9.0 github.com/xeipuuv/gojsonschema v1.2.0 golang.org/x/crypto v0.21.0 - golang.org/x/sync v0.6.0 golang.org/x/term v0.18.0 helm.sh/helm/v3 v3.14.2 k8s.io/api v0.29.1 @@ -200,6 +199,7 @@ require ( github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect + github.com/docker/cli v26.0.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v24.0.9+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect @@ -259,7 +259,6 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.4 // indirect - github.com/gomodule/redigo v1.8.9 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/certificate-transparency-go v1.1.7 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect @@ -312,7 +311,7 @@ require ( github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.17.2 // indirect + github.com/klauspost/compress v1.17.4 // indirect github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect @@ -473,6 +472,7 @@ require ( golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.22.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect + golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect diff --git a/go.sum b/go.sum index f4ff7a837b..b6ba146210 100644 --- a/go.sum +++ b/go.sum @@ -300,8 +300,6 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/a8m/envsubst v1.4.2 h1:4yWIHXOLEJHQEFd4UjrWDrYeYlV7ncFWJOCBRLOZHQg= @@ -485,12 +483,6 @@ github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oM github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng= -github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/buildkite/agent/v3 v3.62.0 h1:yvzSjI8Lgifw883I8m9u8/L/Thxt4cLFd5aWPn3gg70= github.com/buildkite/agent/v3 v3.62.0/go.mod h1:jN6SokGXrVNNIpI0BGQ+j5aWeI3gin8F+3zwA5Q6gqM= github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKCLjWGtM= @@ -578,6 +570,7 @@ github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcs github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -602,6 +595,8 @@ github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 h1:gw github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6/go.mod h1:StKLYMmPj1R5yIs6CK49EkcW1TvUYuw5Vri+LRk7Dy8= github.com/defenseunicorns/pkg/helpers v0.0.2 h1:Axfk96vWkYQpya7E/JkghzwITu2F4GocpGm+mqEVcEg= github.com/defenseunicorns/pkg/helpers v0.0.2/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk= +github.com/defenseunicorns/pkg/oci v0.0.1 h1:EFRp3NeiwzhOWKpQ6mAxi0l9chnrAvDcIgjMr0o0fkM= +github.com/defenseunicorns/pkg/oci v0.0.1/go.mod h1:zVBgRjckEAhfdvbnQrnfOP/3M/GYJkIgWtJtY7pjYdo= github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da h1:ZOjWpVsFZ06eIhnh4mkaceTiVoktdU67+M7KDHJ268M= github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da/go.mod h1:B3tI9iGHi4imdLi4Asdha1Sc6feLMTfPLXh9IUYmysk= github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY= @@ -619,6 +614,8 @@ github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5js github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1/go.mod h1:+hnT3ywWDTAFrW5aE+u2Sa/wT555ZqwoCS+pk3p6ry4= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= @@ -628,14 +625,14 @@ github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1G github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= -github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= +github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiUFud7aeJCIQcgzugtwjyJo= +github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/cli v24.0.9+incompatible h1:OxbimnP/z+qVjDLpq9wbeFU3Nc30XhSe+LkwYQisD50= -github.com/docker/cli v24.0.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUyzJVPxD30I= +github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= @@ -895,8 +892,6 @@ github.com/golangplus/bytes v1.0.0/go.mod h1:AdRaCFwmc/00ZzELMWb01soso6W1R/++O1X github.com/golangplus/fmt v1.0.0/go.mod h1:zpM0OfbMCjPtd2qkTD/jX2MgiFCqklhSUFyDW44gVQE= github.com/golangplus/testing v1.0.0 h1:+ZeeiKZENNOMkTTELoSySazi+XaEhVO0mb+eanrSEUQ= github.com/golangplus/testing v1.0.0/go.mod h1:ZDreixUV3YzhoVraIDyOzHrr76p6NUh6k/pPg/Q3gYA= -github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws= -github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= @@ -1064,7 +1059,10 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= -github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= +github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= +github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= @@ -1153,8 +1151,8 @@ github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= -github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= -github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= @@ -1468,6 +1466,12 @@ github.com/rakyll/hey v0.1.4 h1:hhc8GIqHN4+rPFZvkM9lkCQGi7da0sINM83xxpFkbPA= github.com/rakyll/hey v0.1.4/go.mod h1:nAOTOo+L52KB9SZq/M6J18kxjto4yVtXQDjU2HgjUPI= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= +github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= +github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= +github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= +github.com/redis/go-redis/v9 v9.3.0 h1:RiVDjmig62jIWp7Kk4XVLs0hzV6pI3PyTnnL0cnn0u0= +github.com/redis/go-redis/v9 v9.3.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -1703,12 +1707,6 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= -github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI= -github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= -github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE= -github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= -github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY= -github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4= github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0= github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc= @@ -1733,20 +1731,36 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw= +go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 h1:P+/g8GpuJGYbOp2tAdKrIPUX9JO02q8Q0YNlHolpibA= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= +go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w= +go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgYCza3PXRUGEyCB++y1sAqm6guWFesk= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= +go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0= +go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q= go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= diff --git a/src/cmd/initialize.go b/src/cmd/initialize.go index cdb6ad05f6..0f8a1ee322 100644 --- a/src/cmd/initialize.go +++ b/src/cmd/initialize.go @@ -14,11 +14,11 @@ import ( "github.com/AlecAivazis/survey/v2" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/cmd/common" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/config/lang" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/packager" "github.com/defenseunicorns/zarf/src/pkg/packager/sources" "github.com/defenseunicorns/zarf/src/pkg/utils" diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 7cec63379d..54f5b18067 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -12,6 +12,7 @@ import ( "github.com/AlecAivazis/survey/v2" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/cmd/common" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/config/lang" @@ -19,7 +20,6 @@ import ( "github.com/defenseunicorns/zarf/src/internal/packager/helm" "github.com/defenseunicorns/zarf/src/pkg/cluster" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/packager/sources" "github.com/defenseunicorns/zarf/src/pkg/pki" "github.com/defenseunicorns/zarf/src/pkg/zoci" diff --git a/src/pkg/oci/common.go b/src/pkg/oci/common.go deleted file mode 100644 index e097427b53..0000000000 --- a/src/pkg/oci/common.go +++ /dev/null @@ -1,191 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "fmt" - "log/slog" - "net/http" - "strings" - - "github.com/defenseunicorns/pkg/helpers" - "github.com/docker/cli/cli/config" - "github.com/docker/cli/cli/config/configfile" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/registry" - "oras.land/oras-go/v2/registry/remote" - "oras.land/oras-go/v2/registry/remote/auth" -) - -const ( - // MultiOS is the OS used for multi-platform packages - MultiOS = "multi" -) - -// OrasRemote is a wrapper around the Oras remote repository that includes a progress bar for interactive feedback. -type OrasRemote struct { - repo *remote.Repository - root *Manifest - progTransport *helpers.Transport - targetPlatform *ocispec.Platform - log *slog.Logger -} - -// Modifier is a function that modifies an OrasRemote -type Modifier func(*OrasRemote) - -// WithPlainHTTP sets the plain HTTP flag for the remote -func WithPlainHTTP(plainHTTP bool) Modifier { - return func(o *OrasRemote) { - o.repo.PlainHTTP = plainHTTP - } -} - -// WithInsecureSkipVerify sets the insecure TLS flag for the remote -func WithInsecureSkipVerify(insecure bool) Modifier { - return func(o *OrasRemote) { - o.progTransport.Base.(*http.Transport).TLSClientConfig.InsecureSkipVerify = insecure - } -} - -// PlatformForArch sets the target architecture for the remote -func PlatformForArch(arch string) ocispec.Platform { - return ocispec.Platform{ - OS: MultiOS, - Architecture: arch, - } -} - -// WithUserAgent sets the user agent for the remote -func WithUserAgent(userAgent string) Modifier { - return func(o *OrasRemote) { - o.repo.Client.(*auth.Client).SetUserAgent(userAgent) - } -} - -// WithLogger sets the logger for the remote -func WithLogger(logger *slog.Logger) Modifier { - return func(o *OrasRemote) { - o.log = logger - } -} - -// NewOrasRemote returns an oras remote repository client and context for the given url. -// -// Registry auth is handled by the Docker CLI's credential store and checked before returning the client -func NewOrasRemote(url string, platform ocispec.Platform, mods ...Modifier) (*OrasRemote, error) { - ref, err := registry.ParseReference(strings.TrimPrefix(url, helpers.OCIURLPrefix)) - if err != nil { - return nil, fmt.Errorf("failed to parse OCI reference %q: %w", url, err) - } - transport := http.DefaultTransport.(*http.Transport).Clone() - client := auth.DefaultClient - client.Client.Transport = transport - o := &OrasRemote{ - repo: &remote.Repository{Client: client}, - progTransport: helpers.NewTransport(transport, nil), - targetPlatform: &platform, - log: slog.Default(), - } - - for _, mod := range mods { - mod(o) - } - - if err := o.setRepository(ref); err != nil { - return nil, err - } - - return o, nil -} - -// SetProgressWriter sets the progress writer for the remote -func (o *OrasRemote) SetProgressWriter(bar helpers.ProgressWriter) { - o.progTransport.ProgressBar = bar - o.repo.Client.(*auth.Client).Client.Transport = o.progTransport -} - -// ClearProgressWriter clears the progress writer for the remote -func (o *OrasRemote) ClearProgressWriter() { - o.progTransport.ProgressBar = nil - o.repo.Client.(*auth.Client).Client.Transport = o.progTransport -} - -// Repo gives you access to the underlying remote repository -func (o *OrasRemote) Repo() *remote.Repository { - return o.repo -} - -// Log gives you access to the OrasRemote logger -func (o *OrasRemote) Log() *slog.Logger { - return o.log -} - -// setRepository sets the repository for the remote as well as the auth client. -func (o *OrasRemote) setRepository(ref registry.Reference) error { - o.root = nil - - // patch docker.io to registry-1.docker.io - // this allows end users to use docker.io as an alias for registry-1.docker.io - if ref.Registry == "docker.io" { - ref.Registry = "registry-1.docker.io" - } - if ref.Registry == "🦄" || ref.Registry == "defenseunicorns" { - ref.Registry = "ghcr.io" - ref.Repository = "defenseunicorns/packages/" + ref.Repository - } - client, err := o.createAuthClient(ref) - if err != nil { - return err - } - - o.repo.Reference = ref - o.repo.Client = client - - return nil -} - -// createAuthClient returns an auth client for the given reference. -// -// The credentials are pulled using Docker's default credential store. -// -// TODO: instead of using Docker's cred store, should use the new one from ORAS to remove that dep -func (o *OrasRemote) createAuthClient(ref registry.Reference) (*auth.Client, error) { - - client := o.repo.Client.(*auth.Client) - o.log.Debug(fmt.Sprintf("Loading docker config file from default config location: %s for %s", config.Dir(), ref)) - cfg, err := config.Load(config.Dir()) - if err != nil { - return nil, err - } - if !cfg.ContainsAuth() { - o.log.Debug("no docker config file found") - return client, nil - } - - configs := []*configfile.ConfigFile{cfg} - - var key = ref.Registry - if key == "registry-1.docker.io" { - // Docker stores its credentials under the following key, otherwise credentials use the registry URL - key = "https://index.docker.io/v1/" - } - - authConf, err := configs[0].GetCredentialsStore(key).Get(key) - if err != nil { - return nil, fmt.Errorf("unable to get credentials for %s: %w", key, err) - } - - cred := auth.Credential{ - Username: authConf.Username, - Password: authConf.Password, - AccessToken: authConf.RegistryToken, - RefreshToken: authConf.IdentityToken, - } - - client.Credential = auth.StaticCredential(ref.Registry, cred) - - return client, nil -} diff --git a/src/pkg/oci/copier.go b/src/pkg/oci/copier.go deleted file mode 100644 index 6f2578f700..0000000000 --- a/src/pkg/oci/copier.go +++ /dev/null @@ -1,114 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "context" - "encoding/json" - "fmt" - "io" - "time" - - "github.com/defenseunicorns/pkg/helpers" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "golang.org/x/sync/errgroup" - "golang.org/x/sync/semaphore" -) - -// Copy copies an artifact from one OCI registry to another -func Copy(ctx context.Context, src *OrasRemote, dst *OrasRemote, - include func(d ocispec.Descriptor) bool, concurrency int, progressBar helpers.ProgressWriter) (err error) { - if progressBar == nil { - progressBar = helpers.DiscardProgressWriter{} - } - // create a new semaphore to limit concurrency - sem := semaphore.NewWeighted(int64(concurrency)) - - // fetch the source root manifest - srcRoot, err := src.FetchRoot(ctx) - if err != nil { - return err - } - - layers := helpers.Filter(srcRoot.Layers, include) - layers = append(layers, srcRoot.Config) - - start := time.Now() - - for idx, layer := range layers { - b, err := json.MarshalIndent(layer, "", " ") - if err != nil { - src.log.Debug(fmt.Sprintf("ERROR marshalling json: %s", err.Error())) - } - src.log.Debug(fmt.Sprintf("Copying layer: %s", string(b))) - if err := sem.Acquire(ctx, 1); err != nil { - return err - } - - // check if the layer already exists in the destination - exists, err := dst.repo.Exists(ctx, layer) - if err != nil { - return err - } - if exists { - src.log.Debug("Layer already exists in destination, skipping") - b := make([]byte, layer.Size) - progressBar.Write(b) - progressBar.UpdateTitle(fmt.Sprintf("[%d/%d] layers copied", idx+1, len(layers))) - sem.Release(1) - continue - } - - eg, ectx := errgroup.WithContext(ctx) - eg.SetLimit(2) - - // fetch the layer from the source - rc, err := src.repo.Fetch(ectx, layer) - if err != nil { - return err - } - - // create a new pipe so we can write to both the progressbar and the destination at the same time - pr, pw := io.Pipe() - - // TeeReader gets the data from the fetching layer and writes it to the PipeWriter - tr := io.TeeReader(rc, pw) - - // this goroutine is responsible for pushing the layer to the destination - eg.Go(func() error { - defer pw.Close() - - // get data from the TeeReader and push it to the destination - // push the layer to the destination - err = dst.repo.Push(ectx, layer, tr) - if err != nil { - return fmt.Errorf("failed to push layer %s to %s: %w", layer.Digest, dst.repo.Reference, err) - } - return nil - }) - - // this goroutine is responsible for updating the progressbar - eg.Go(func() error { - // read from the PipeReader to the progressbar - if _, err := io.Copy(progressBar, pr); err != nil { - return fmt.Errorf("failed to update progress on layer %s: %w", layer.Digest, err) - } - return nil - }) - - // wait for the goroutines to finish - if err := eg.Wait(); err != nil { - return err - } - sem.Release(1) - progressBar.UpdateTitle(fmt.Sprintf("[%d/%d] layers copied", idx+1, len(layers))) - } - - duration := time.Since(start) - src.log.Debug(fmt.Sprintf("Copied %s to %s with a concurrency of %d and took %s", - src.repo.Reference, dst.repo.Reference, concurrency, duration)) - - return nil -} diff --git a/src/pkg/oci/fetch.go b/src/pkg/oci/fetch.go deleted file mode 100644 index 332e256cef..0000000000 --- a/src/pkg/oci/fetch.go +++ /dev/null @@ -1,102 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "context" - "encoding/json" - "fmt" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2" - "oras.land/oras-go/v2/content" - - goyaml "github.com/goccy/go-yaml" -) - -// ResolveRoot returns the root descriptor for the remote repository -func (o *OrasRemote) ResolveRoot(ctx context.Context) (ocispec.Descriptor, error) { - // first try to resolve the reference into an OCI descriptor directly - desc, err := o.repo.Resolve(ctx, o.repo.Reference.Reference) - // if we succeeded and it's not an index, return it - // otherwise we will use oras.Resolve which will fetch the index, then resolve the manifest - // w/ the target platform - // - // this error is purposefully ignored, as we want to try oras.Resolve if the first attempt fails - if err == nil && desc.MediaType != ocispec.MediaTypeImageIndex { - return desc, nil - } - - if o.targetPlatform == nil && desc.MediaType == ocispec.MediaTypeImageIndex { - return ocispec.Descriptor{}, fmt.Errorf("%q resolved to an image index, but no target platform was specified", o.repo.Reference.Reference) - } - - resolveOpts := oras.ResolveOptions{ - TargetPlatform: o.targetPlatform, - } - // if the first attempt failed to resolve, or returned an index, try again with oras.Resolve - return oras.Resolve(ctx, o.repo, o.repo.Reference.Reference, resolveOpts) -} - -// FetchRoot fetches the root manifest from the remote repository. -func (o *OrasRemote) FetchRoot(ctx context.Context) (*Manifest, error) { - if o.root != nil { - return o.root, nil - } - // get the manifest descriptor - descriptor, err := o.ResolveRoot(ctx) - if err != nil { - return nil, err - } - - // fetch the manifest - root, err := o.FetchManifest(ctx, descriptor) - if err != nil { - return nil, err - } - o.root = root - return o.root, nil -} - -// FetchManifest fetches the manifest with the given descriptor from the remote repository. -func (o *OrasRemote) FetchManifest(ctx context.Context, desc ocispec.Descriptor) (manifest *Manifest, err error) { - return FetchUnmarshal[*Manifest](ctx, o.FetchLayer, json.Unmarshal, desc) -} - -// FetchLayer fetches the layer with the given descriptor from the remote repository. -func (o *OrasRemote) FetchLayer(ctx context.Context, desc ocispec.Descriptor) (bytes []byte, err error) { - return content.FetchAll(ctx, o.repo, desc) -} - -// FetchJSONFile fetches the given JSON file from the remote repository. -func FetchJSONFile[T any](ctx context.Context, fetcher func(ctx context.Context, desc ocispec.Descriptor) (bytes []byte, err error), manifest *Manifest, path string) (result T, err error) { - descriptor := manifest.Locate(path) - if IsEmptyDescriptor(descriptor) { - return result, fmt.Errorf("unable to find %s in the manifest", path) - } - return FetchUnmarshal[T](ctx, fetcher, json.Unmarshal, descriptor) -} - -// FetchYAMLFile fetches the given YAML file from the remote repository. -func FetchYAMLFile[T any](ctx context.Context, fetcher func(ctx context.Context, desc ocispec.Descriptor) (bytes []byte, err error), manifest *Manifest, path string) (result T, err error) { - descriptor := manifest.Locate(path) - if IsEmptyDescriptor(descriptor) { - return result, fmt.Errorf("unable to find %s in the manifest", path) - } - return FetchUnmarshal[T](ctx, fetcher, goyaml.Unmarshal, descriptor) -} - -// FetchUnmarshal fetches the given descriptor from the remote repository and unmarshals it. -func FetchUnmarshal[T any](ctx context.Context, fetcher func(ctx context.Context, desc ocispec.Descriptor) (bytes []byte, err error), unmarshaler func(data []byte, v interface{}) error, descriptor ocispec.Descriptor) (result T, err error) { - bytes, err := fetcher(ctx, descriptor) - if err != nil { - return result, err - } - err = unmarshaler(bytes, &result) - if err != nil { - return result, err - } - return result, nil -} diff --git a/src/pkg/oci/manifest.go b/src/pkg/oci/manifest.go deleted file mode 100644 index b2d9b8865a..0000000000 --- a/src/pkg/oci/manifest.go +++ /dev/null @@ -1,31 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "encoding/json" - "path/filepath" - - "github.com/defenseunicorns/pkg/helpers" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -// Manifest is a wrapper around the OCI manifest -type Manifest struct { - ocispec.Manifest -} - -// Locate returns the descriptor for the first layer with the given path or digest. -func (m *Manifest) Locate(pathOrDigest string) ocispec.Descriptor { - return helpers.Find(m.Layers, func(layer ocispec.Descriptor) bool { - // Convert from the OS path separator to the standard '/' for Windows support - return layer.Annotations[ocispec.AnnotationTitle] == filepath.ToSlash(pathOrDigest) || layer.Digest.Encoded() == pathOrDigest - }) -} - -// MarshalJSON returns the JSON encoding of the manifest. -func (m *Manifest) MarshalJSON() ([]byte, error) { - return json.Marshal(m.Manifest) -} diff --git a/src/pkg/oci/progress.go b/src/pkg/oci/progress.go deleted file mode 100644 index e377bd6e13..0000000000 --- a/src/pkg/oci/progress.go +++ /dev/null @@ -1,36 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "context" - "fmt" - - "github.com/defenseunicorns/pkg/helpers" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -// printLayerSkipped prints a debug message when a layer has been successfully skipped. -func (o *OrasRemote) printLayerSkipped(_ context.Context, desc ocispec.Descriptor) error { - return o.printLayer(desc, "skipped") -} - -// printLayerCopied prints a debug message when a layer has been successfully copied to/from a registry. -func (o *OrasRemote) printLayerCopied(_ context.Context, desc ocispec.Descriptor) error { - return o.printLayer(desc, "copied") -} - -// printLayer prints a debug message when a layer has been successfully published/pulled to/from a registry. -func (o *OrasRemote) printLayer(desc ocispec.Descriptor, suffix string) error { - title := desc.Annotations[ocispec.AnnotationTitle] - var layerInfo string - if title != "" { - layerInfo = fmt.Sprintf("%s %s", desc.Digest.Encoded()[:12], helpers.First30last30(title)) - } else { - layerInfo = fmt.Sprintf("%s [%s]", desc.Digest.Encoded()[:12], desc.MediaType) - } - o.log.Debug(fmt.Sprintf("%s (%s)", layerInfo, suffix)) - return nil -} diff --git a/src/pkg/oci/pull.go b/src/pkg/oci/pull.go deleted file mode 100644 index fba8cdbbc1..0000000000 --- a/src/pkg/oci/pull.go +++ /dev/null @@ -1,116 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "context" - "errors" - "os" - "path/filepath" - - "github.com/defenseunicorns/pkg/helpers" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2" -) - -// FileDescriptorExists returns true if the given file exists in the given directory with the expected SHA. -func (o *OrasRemote) FileDescriptorExists(desc ocispec.Descriptor, destinationDir string) bool { - rel := desc.Annotations[ocispec.AnnotationTitle] - destinationPath := filepath.Join(destinationDir, rel) - - info, err := os.Stat(destinationPath) - if err != nil { - return false - } - if info.IsDir() { - return false - } - if info.Size() != desc.Size { - return false - } - - f, err := os.Open(destinationPath) - if err != nil { - return false - } - defer f.Close() - - actual, err := helpers.GetSHA256Hash(f) - if err != nil { - return false - } - return actual == desc.Digest.Encoded() -} - -// CopyToTarget copies the given layers from the remote repository to the given target -func (o *OrasRemote) CopyToTarget(ctx context.Context, layers []ocispec.Descriptor, target oras.Target, copyOpts oras.CopyOptions) error { - shas := []string{} - for _, layer := range layers { - if len(layer.Digest.String()) > 0 { - shas = append(shas, layer.Digest.Encoded()) - } - } - - preCopy := copyOpts.PreCopy - copyOpts.PreCopy = func(ctx context.Context, desc ocispec.Descriptor) error { - if preCopy != nil { - if err := preCopy(ctx, desc); err != nil { - return err - } - } - for _, sha := range shas { - if sha == desc.Digest.Encoded() { - return nil - } - } - return oras.SkipNode - } - - _, err := oras.Copy(ctx, o.repo, o.repo.Reference.String(), target, o.repo.Reference.String(), copyOpts) - if err != nil { - return err - } - - return nil -} - -// PullPath pulls a layer from the remote repository and saves it to `destinationDir/annotationTitle`. -func (o *OrasRemote) PullPath(ctx context.Context, destinationDir string, desc ocispec.Descriptor) error { - b, err := o.FetchLayer(ctx, desc) - if err != nil { - return err - } - - rel := desc.Annotations[ocispec.AnnotationTitle] - if rel == "" { - return errors.New("failed to pull layer: layer is not a file") - } - - return os.WriteFile(filepath.Join(destinationDir, rel), b, helpers.ReadWriteUser) -} - -// PullPaths pulls multiple files from the remote repository and saves them to `destinationDir`. -func (o *OrasRemote) PullPaths(ctx context.Context, destinationDir string, paths []string) ([]ocispec.Descriptor, error) { - paths = helpers.Unique(paths) - root, err := o.FetchRoot(ctx) - if err != nil { - return nil, err - } - layersPulled := []ocispec.Descriptor{} - for _, path := range paths { - desc := root.Locate(path) - if !IsEmptyDescriptor(desc) { - layersPulled = append(layersPulled, desc) - if o.FileDescriptorExists(desc, destinationDir) { - continue - } - err = o.PullPath(ctx, destinationDir, desc) - if err != nil { - return nil, err - } - } - } - return layersPulled, nil -} diff --git a/src/pkg/oci/push.go b/src/pkg/oci/push.go deleted file mode 100644 index cda4a8974f..0000000000 --- a/src/pkg/oci/push.go +++ /dev/null @@ -1,153 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - - "github.com/opencontainers/image-spec/specs-go" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2" - "oras.land/oras-go/v2/content" - "oras.land/oras-go/v2/content/file" - "oras.land/oras-go/v2/errdef" -) - -// ConfigPartial is a partial OCI config that is used to create the manifest config. -// -// Unless specified, an empty manifest config will be used: `{}` -// which causes an error on Google Artifact Registry -// -// to negate this, we create a simple manifest config with some build metadata -type ConfigPartial struct { - Architecture string `json:"architecture"` - OCIVersion string `json:"ociVersion"` - Annotations map[string]string `json:"annotations,omitempty"` -} - -// PushLayer pushes the given layer (bytes) to the remote repository. -func (o *OrasRemote) PushLayer(ctx context.Context, b []byte, mediaType string) (*ocispec.Descriptor, error) { - desc := content.NewDescriptorFromBytes(mediaType, b) - return &desc, o.repo.Push(ctx, desc, bytes.NewReader(b)) -} - -// CreateAndPushManifestConfig pushes the manifest config with metadata to the remote repository. -func (o *OrasRemote) CreateAndPushManifestConfig(ctx context.Context, annotations map[string]string, configMediaType string) (*ocispec.Descriptor, error) { - if annotations[ocispec.AnnotationTitle] == "" { - return nil, fmt.Errorf("invalid annotations: please include value for %q", ocispec.AnnotationTitle) - } - manifestConfig := ConfigPartial{ - Architecture: o.targetPlatform.Architecture, - OCIVersion: specs.Version, - Annotations: annotations, - } - manifestConfigBytes, err := json.Marshal(manifestConfig) - if err != nil { - return nil, err - } - // If media type is not set it will be set to the default - return o.PushLayer(ctx, manifestConfigBytes, configMediaType) -} - -// PackAndTagManifest generates an OCI Image Manifest based on the given parameters -// pushes that manifest to the remote repository and returns the manifest descriptor. -func (o *OrasRemote) PackAndTagManifest(ctx context.Context, src *file.Store, descs []ocispec.Descriptor, - configDesc *ocispec.Descriptor, annotations map[string]string) (ocispec.Descriptor, error) { - packOpts := oras.PackManifestOptions{ - Layers: descs, - ConfigDescriptor: configDesc, - ManifestAnnotations: annotations, - } - - root, err := oras.PackManifest(ctx, src, oras.PackManifestVersion1_1_RC4, "", packOpts) - if err != nil { - return ocispec.Descriptor{}, err - } - if err = src.Tag(ctx, root, root.Digest.String()); err != nil { - return ocispec.Descriptor{}, err - } - - return root, nil -} - -// UpdateIndex updates the index for the given package. -func (o *OrasRemote) UpdateIndex(ctx context.Context, tag string, publishedDesc ocispec.Descriptor) error { - var index ocispec.Index - - o.repo.Reference.Reference = tag - // since ref has changed, need to reset root - o.root = nil - - _, err := o.repo.Resolve(ctx, o.repo.Reference.Reference) - if err != nil { - if errors.Is(err, errdef.ErrNotFound) { - index = ocispec.Index{ - MediaType: ocispec.MediaTypeImageIndex, - Versioned: specs.Versioned{ - SchemaVersion: 2, - }, - Manifests: []ocispec.Descriptor{ - { - MediaType: ocispec.MediaTypeImageManifest, - Digest: publishedDesc.Digest, - Size: publishedDesc.Size, - Platform: o.targetPlatform, - }, - }, - } - return o.pushIndex(ctx, &index, tag) - } - return err - } - - desc, rc, err := o.repo.FetchReference(ctx, tag) - if err != nil { - return err - } - defer rc.Close() - - b, err := content.ReadAll(rc, desc) - if err != nil { - return err - } - - if err := json.Unmarshal(b, &index); err != nil { - return err - } - - found := false - for idx, m := range index.Manifests { - if m.Platform != nil && m.Platform.Architecture == o.targetPlatform.Architecture { - index.Manifests[idx].Digest = publishedDesc.Digest - index.Manifests[idx].Size = publishedDesc.Size - index.Manifests[idx].Platform = o.targetPlatform - found = true - break - } - } - if !found { - index.Manifests = append(index.Manifests, ocispec.Descriptor{ - MediaType: ocispec.MediaTypeImageManifest, - Digest: publishedDesc.Digest, - Size: publishedDesc.Size, - Platform: o.targetPlatform, - }) - } - - return o.pushIndex(ctx, &index, tag) -} - -func (o *OrasRemote) pushIndex(ctx context.Context, index *ocispec.Index, tag string) error { - indexBytes, err := json.Marshal(index) - if err != nil { - return err - } - indexDesc := content.NewDescriptorFromBytes(ocispec.MediaTypeImageIndex, indexBytes) - return o.repo.Manifests().PushReference(ctx, indexDesc, bytes.NewReader(indexBytes), tag) -} diff --git a/src/pkg/oci/utils.go b/src/pkg/oci/utils.go deleted file mode 100644 index 07a506d15a..0000000000 --- a/src/pkg/oci/utils.go +++ /dev/null @@ -1,48 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package oci contains functions for interacting with artifacts stored in OCI registries. -package oci - -import ( - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2" -) - -// IsEmptyDescriptor returns true if the given descriptor is empty. -func IsEmptyDescriptor(desc ocispec.Descriptor) bool { - return desc.Digest == "" && desc.Size == 0 -} - -// RemoveDuplicateDescriptors removes duplicate descriptors from the given list. -func RemoveDuplicateDescriptors(descriptors []ocispec.Descriptor) []ocispec.Descriptor { - keys := make(map[string]bool) - list := []ocispec.Descriptor{} - for _, entry := range descriptors { - if IsEmptyDescriptor(entry) { - continue - } - if _, value := keys[entry.Digest.Encoded()]; !value { - keys[entry.Digest.Encoded()] = true - list = append(list, entry) - } - } - return list -} - -// SumDescsSize returns the size of all the descriptors added together -func SumDescsSize(descs []ocispec.Descriptor) int64 { - var sum int64 - for _, layer := range descs { - sum += layer.Size - } - return sum -} - -// GetDefaultCopyOpts returns the default copy options -func (o *OrasRemote) GetDefaultCopyOpts() oras.CopyOptions { - copyOpts := oras.DefaultCopyOptions - copyOpts.OnCopySkipped = o.printLayerSkipped - copyOpts.PostCopy = o.printLayerCopied - return copyOpts -} diff --git a/src/pkg/packager/composer/oci.go b/src/pkg/packager/composer/oci.go index 4dedc47c50..53fd42ad77 100644 --- a/src/pkg/packager/composer/oci.go +++ b/src/pkg/packager/composer/oci.go @@ -12,10 +12,10 @@ import ( "path/filepath" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/pkg/layout" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/utils" "github.com/defenseunicorns/zarf/src/pkg/zoci" "github.com/mholt/archiver/v3" diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go index 9581f873ac..5693d32d98 100644 --- a/src/pkg/packager/creator/normal.go +++ b/src/pkg/packager/creator/normal.go @@ -15,6 +15,7 @@ import ( "time" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/config/lang" "github.com/defenseunicorns/zarf/src/extensions/bigbang" @@ -25,7 +26,6 @@ import ( "github.com/defenseunicorns/zarf/src/internal/packager/sbom" "github.com/defenseunicorns/zarf/src/pkg/layout" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/packager/actions" "github.com/defenseunicorns/zarf/src/pkg/packager/sources" "github.com/defenseunicorns/zarf/src/pkg/transform" diff --git a/src/pkg/packager/publish.go b/src/pkg/packager/publish.go index 49e13f5dbd..899579332f 100644 --- a/src/pkg/packager/publish.go +++ b/src/pkg/packager/publish.go @@ -11,10 +11,10 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/pkg/layout" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/packager/creator" "github.com/defenseunicorns/zarf/src/pkg/packager/filters" "github.com/defenseunicorns/zarf/src/pkg/packager/sources" diff --git a/src/pkg/packager/sources/new.go b/src/pkg/packager/sources/new.go index a54b9f388b..c9b2e2438f 100644 --- a/src/pkg/packager/sources/new.go +++ b/src/pkg/packager/sources/new.go @@ -10,10 +10,10 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/pkg/layout" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/packager/filters" "github.com/defenseunicorns/zarf/src/pkg/zoci" "github.com/defenseunicorns/zarf/src/types" diff --git a/src/pkg/zoci/common.go b/src/pkg/zoci/common.go index e210f8c9c1..8a19d58cc7 100644 --- a/src/pkg/zoci/common.go +++ b/src/pkg/zoci/common.go @@ -7,9 +7,9 @@ package zoci import ( "log/slog" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/config" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) diff --git a/src/pkg/zoci/copier.go b/src/pkg/zoci/copier.go index 2e6f209f90..8ff5b26c69 100644 --- a/src/pkg/zoci/copier.go +++ b/src/pkg/zoci/copier.go @@ -9,8 +9,8 @@ import ( "context" "fmt" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "oras.land/oras-go/v2/content" ) diff --git a/src/pkg/zoci/fetch.go b/src/pkg/zoci/fetch.go index c00b1c3185..33f155059f 100644 --- a/src/pkg/zoci/fetch.go +++ b/src/pkg/zoci/fetch.go @@ -7,8 +7,8 @@ package zoci import ( "context" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/layout" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/types" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) diff --git a/src/pkg/zoci/pull.go b/src/pkg/zoci/pull.go index 6b89c58cb4..9fb7a8408a 100644 --- a/src/pkg/zoci/pull.go +++ b/src/pkg/zoci/pull.go @@ -10,8 +10,8 @@ import ( "path/filepath" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/layout" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/transform" "github.com/defenseunicorns/zarf/src/pkg/utils" "github.com/defenseunicorns/zarf/src/types" diff --git a/src/pkg/zoci/push.go b/src/pkg/zoci/push.go index e6397a0ee8..3f1bc2b265 100644 --- a/src/pkg/zoci/push.go +++ b/src/pkg/zoci/push.go @@ -9,9 +9,9 @@ import ( "fmt" "github.com/defenseunicorns/pkg/helpers" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/layout" "github.com/defenseunicorns/zarf/src/pkg/message" - "github.com/defenseunicorns/zarf/src/pkg/oci" "github.com/defenseunicorns/zarf/src/types" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "oras.land/oras-go/v2" diff --git a/src/test/e2e/50_oci_publish_deploy_test.go b/src/test/e2e/50_oci_publish_deploy_test.go index 220c3123b7..96f0d6c7f1 100644 --- a/src/test/e2e/50_oci_publish_deploy_test.go +++ b/src/test/e2e/50_oci_publish_deploy_test.go @@ -12,7 +12,7 @@ import ( "testing" "time" - "github.com/defenseunicorns/zarf/src/pkg/oci" + "github.com/defenseunicorns/pkg/oci" "github.com/defenseunicorns/zarf/src/pkg/zoci" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite"