This allows using the condition checker as a test helper with proper
test like assertion failure and stacktrace.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
On Ubuntu, and maybe some others, the
`TestOCIRepository_reconcileArtifact` test fails due to difference in
file permission, which results in different artifact checksum. This is
due to the default umask on ubuntu. Reset the permission of the testdata
to fix the test on ubuntu.
There's a similar fix in `TestGitRepositoryReconciler_reconcileArtifact`
test.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Reorders the object suspended check in all the reconcilers to allow
deletion of objects when they are suspended. Objects used to get stuck
on delete because the finalizers were not getting removed due to the
suspended state.
Adds a generic test for all the reconcilers to check if a suspended
source object can be delete.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Replace content config checksum with explicit artifact content config
observations. It makes the observations of the controller more
transparent and easier to debug.
Introduces `observedIgnore` and `observedLayerSelector` status fields.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
If implemented we fails when trying to verify with insecure set. This
will likely change once cosign add support for insecure registries.
Signed-off-by: Soule BA <soule@weave.works>
If implemented this enable passing a keychain, an authenticator and a
custom transport as remote.Option to the verifier. It enables contextual
login, self-signed certificates and insecure registries.
Signed-off-by: Soule BA <soule@weave.works>
refactor makeOptions
Reduce complexity by replacing the functional options with a flat out
conditional logic in makeOptions.
Signed-off-by: Soule BA <soule@weave.works>
This implements source ignore in OCIRepositoryReconcilers'
reconcileArtifact so that the ignore rules are considered when building
the artifact.
Adds tests based on the artifact checksum change when ignore rules are
applied.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Introduce contentConfigChecksum in the OCIRepository status to store a
checksum of the values that affect the source artifact. It is used to
detect when to rebuild an artifact when the spec changes.
The considerations for this are similar to the GitRepository
reconciler no-op clone implementation. Both reconcileSource and
reconcileArtifact need to consider the source configuration change
when deciding if the artifact in the storage is up-to-date.
Adds tests for reconcileSource and reconcileArtifact for the noop
cases.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- Fetch the upstream digest before validation and pulling
- Pull artifact only if the upstream digest is different from the one in storage
- Add the image tag to the revision string `<tag>/<digest-hex>` for a better UX
- Extract the layer processing to a dedicated function
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add on optional field to the `OCIRepository.spec.layerSelector` called `operation` that accepts one of the following values: `extract` or `copy`. When the operation is set to `copy`, instead of extracting the compressed layer, the controller copies the compressed blob as it is to storage, thus keeping the original content unaltered.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Hidde Beydals
Sunny
Stefan Prodan
Sanskar Jaiswal
Soule BA
Batuhan Apaydın
Furkan
Somtochi Onyekwere
Rashed Kamal