-
Notifications
You must be signed in to change notification settings - Fork 1
Don't hard-code default main image tag #225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
+295
−32
Merged
Changes from all commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
b6c1232
Add new function LookupLatestReleaseTagsViaGitHub
b6c2f78
Add function LookupLatestTag, remove hard-coded fallback
379b02d
Adjust to new LookupMainImageTag API
d31062c
New constants package
2628d0b
Use new constants
b77eeb6
Use new constants package
4296af1
Use new constants package
6cc02e9
Increase context timeout in integration test
3c2fd19
LookupLatestTag
2151a15
VerifyImageExistence: Retry also on rate limiting
cf9d374
Add test for VerifyImageExistence NotFound behavior
aad4bed
Add REGISTRY_* env var names to constants package
bc46961
Use new constants in dockerauth package
bb1a3c8
New keychain respecting the REGISTRY_* env vars for go-containerregis…
dbd725e
Use custom keychain in ocihelper package
c3f1d5d
Use new helpers.LookupLatestTag in tests
5702216
Fix integration test
1efe853
Use t.Context()
a86a3c4
Prettier test log output
e93409e
Use t.Context()
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| package constants | ||
|
|
||
| const ( | ||
| DefaultRegistry = "quay.io/rhacs-eng" | ||
| GitHubStackroxRepo = "stackrox/stackrox" | ||
|
|
||
| EnvRegistryUsername = "REGISTRY_USERNAME" | ||
| EnvRegistryPassword = "REGISTRY_PASSWORD" | ||
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| //go:build integration | ||
|
|
||
| package helpers | ||
|
|
||
| import ( | ||
| "context" | ||
| "errors" | ||
| "fmt" | ||
| "net/http" | ||
| "testing" | ||
| "time" | ||
|
|
||
| "github.com/google/go-containerregistry/pkg/name" | ||
| "github.com/google/go-containerregistry/pkg/v1/remote" | ||
| "github.com/google/go-containerregistry/pkg/v1/remote/transport" | ||
| "github.com/stackrox/roxie/internal/constants" | ||
| "github.com/stackrox/roxie/internal/logger" | ||
| "github.com/stackrox/roxie/internal/ocihelper" | ||
| "github.com/stretchr/testify/assert" | ||
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| func TestLookupLatestTag_Integration(t *testing.T) { | ||
| log := logger.New() | ||
| ctx, cancel := context.WithTimeout(t.Context(), 2*time.Minute) | ||
| defer cancel() | ||
|
|
||
| tag, err := LookupLatestTag(ctx, log) | ||
| require.NoError(t, err) | ||
| require.NotEmpty(t, tag) | ||
|
|
||
| imageRef := fmt.Sprintf("%s/main:%s", constants.DefaultRegistry, tag) | ||
| ref, err := name.ParseReference(imageRef) | ||
| require.NoError(t, err) | ||
|
|
||
| _, err = remote.Head(ref, remote.WithContext(ctx), remote.WithAuthFromKeychain(ocihelper.Keychain)) | ||
| require.NoError(t, err, "image %s is not pullable", imageRef) | ||
|
|
||
| t.Logf("Latest pullable tag: %s (%s)", tag, imageRef) | ||
| } | ||
|
|
||
| func TestVerifyImageExistence_NotFound_Integration(t *testing.T) { | ||
| log := logger.New() | ||
| ctx, cancel := context.WithTimeout(t.Context(), 30*time.Second) | ||
| defer cancel() | ||
|
|
||
| madeUpImage := fmt.Sprintf("%s/main:99.99.99", constants.DefaultRegistry) | ||
| err := ocihelper.VerifyImageExistence(ctx, log, madeUpImage) | ||
| require.Error(t, err) | ||
|
|
||
| var te *transport.Error | ||
| require.True(t, errors.As(err, &te), "expected transport.Error, got %T", err) | ||
| assert.Equal(t, http.StatusNotFound, te.StatusCode) | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| package ocihelper | ||
|
|
||
| import ( | ||
| "os" | ||
|
|
||
| "github.com/google/go-containerregistry/pkg/authn" | ||
| "github.com/stackrox/roxie/internal/constants" | ||
| ) | ||
|
|
||
| // Keychain resolves registry credentials by checking REGISTRY_USERNAME/REGISTRY_PASSWORD | ||
| // environment variables first, then falling back to the default Docker keychain | ||
| // (~/.docker/config.json, credential helpers, etc.). | ||
| var Keychain = authn.NewMultiKeychain(&envKeychain{}, authn.DefaultKeychain) | ||
|
|
||
| type envKeychain struct{} | ||
|
|
||
| func (e *envKeychain) Resolve(target authn.Resource) (authn.Authenticator, error) { | ||
| username := os.Getenv(constants.EnvRegistryUsername) | ||
| password := os.Getenv(constants.EnvRegistryPassword) | ||
| if username == "" || password == "" { | ||
| return authn.Anonymous, nil | ||
|
coderabbitai[bot] marked this conversation as resolved.
|
||
| } | ||
| return authn.FromConfig(authn.AuthConfig{ | ||
| Username: username, | ||
| Password: password, | ||
| }), nil | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.