- cloud.google.com/go/storage to v1.28.0
- github.com/distribution/distribution/v3 to v3.0.0-20221108081720-e9a25da7a47e
- github.com/docker/cli to v20.10.21+incompatible
- github.com/google/go-containerregistry to v0.12.0
- github.com/google/go-containerregistry/pkg/authn/k8schain to v0.0.0-20221103173901-353a117661ae
- github.com/minio/minio-go/v7 to v7.0.43
- github.com/onsi/gomega to v1.24.0
- github.com/prometheus/client_golang to v1.14.0
- github.com/sigstore/sigstore to v1.4.5
- google.golang.org/api to v0.102.0
- k8s.io/utils to v0.0.0-20221107191617-1a15be271d1d
- sigs.k8s.io/cli-utils to v0.34.0
- sigs.k8s.io/controller-runtime to v0.13.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
Reorders the object suspended check in all the reconcilers to allow
deletion of objects when they are suspended. Objects used to get stuck
on delete because the finalizers were not getting removed due to the
suspended state.
Adds a generic test for all the reconcilers to check if a suspended
source object can be delete.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Replace content config checksum with explicit artifact content config
observations. It makes the observations of the controller more
transparent and easier to debug.
Introduces `observedIgnore` and `observedLayerSelector` status fields.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
If implemented we fails when trying to verify with insecure set. This
will likely change once cosign add support for insecure registries.
Signed-off-by: Soule BA <soule@weave.works>
If implemented this enable passing a keychain, an authenticator and a
custom transport as remote.Option to the verifier. It enables contextual
login, self-signed certificates and insecure registries.
Signed-off-by: Soule BA <soule@weave.works>
refactor makeOptions
Reduce complexity by replacing the functional options with a flat out
conditional logic in makeOptions.
Signed-off-by: Soule BA <soule@weave.works>
This implements source ignore in OCIRepositoryReconcilers'
reconcileArtifact so that the ignore rules are considered when building
the artifact.
Adds tests based on the artifact checksum change when ignore rules are
applied.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Introduce contentConfigChecksum in the OCIRepository status to store a
checksum of the values that affect the source artifact. It is used to
detect when to rebuild an artifact when the spec changes.
The considerations for this are similar to the GitRepository
reconciler no-op clone implementation. Both reconcileSource and
reconcileArtifact need to consider the source configuration change
when deciding if the artifact in the storage is up-to-date.
Adds tests for reconcileSource and reconcileArtifact for the noop
cases.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- Fetch the upstream digest before validation and pulling
- Pull artifact only if the upstream digest is different from the one in storage
- Add the image tag to the revision string `<tag>/<digest-hex>` for a better UX
- Extract the layer processing to a dedicated function
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add on optional field to the `OCIRepository.spec.layerSelector` called `operation` that accepts one of the following values: `extract` or `copy`. When the operation is set to `copy`, instead of extracting the compressed layer, the controller copies the compressed blob as it is to storage, thus keeping the original content unaltered.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Context in the reconcilers were overwritten earlier after adding new
log field `reconcileID` in the logger. Since the `reconcileID` is now
set by controller-runtime, this is no longer needed. The logger in the
context already has the field set and when the context is passed to
other functions, they too have the logger with the reconcileID set.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Hidde Beydals
Stefan Prodan
Sunny
Soule BA
Furkan
Batuhan Apaydın
Somtochi Onyekwere
Santosh Kaluskar
Rashed Kamal