Merge branch 'main' into feat/jfrog-plugin

open-component-model · Dec 23, 2024 · 5793172 · 5793172
2 parents 6b2b379 + 2cb3187
commit 5793172
Show file tree

Hide file tree

Showing 55 changed files with 1,399 additions and 2,412 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -22,6 +22,7 @@ bin
 /hack
 /LICENSES
 /local
+/gen
 
 /pkg/test*
 
@@ -35,3 +36,4 @@ bin
 
 !go.*
 !**/*.go
+!.git
diff --git a/.github/workflows/components.yaml b/.github/workflows/components.yaml
@@ -33,6 +33,8 @@ env:
   components: '["ocmcli", "helminstaller", "helmdemo", "subchartsdemo", "ecrplugin", "jfrogplugin"]'
   IMAGE_PLATFORMS: 'linux/amd64 linux/arm64'
   PLATFORMS: 'windows/amd64 darwin/arm64 darwin/amd64 linux/amd64 linux/arm64'
+  BUILDX_CACHE_PUSH: false
+  BUILDX_CACHE_REF_BASE: ghcr.io/${{ github.repository }}/buildx-cache
 
 jobs:
   define-matrix:
@@ -66,6 +68,14 @@ jobs:
         with:
           go-version-file: '${{ github.workspace }}/go.mod'
           cache: false
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Get go environment for use with cache
         run: |
           echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
@@ -95,6 +105,8 @@ jobs:
           VERSION=${{ inputs.version }} \
           PLATFORMS="${{ env.PLATFORMS }}" \
           IMAGE_PLATFORMS="${{ env.IMAGE_PLATFORMS }}" \
+          BUILDX_CACHE_REF=${{ env.BUILDX_CACHE_REF_BASE }}:${{ matrix.component }} \
+          BUILDX_CACHE_PUSH=${{ env.BUILDX_CACHE_PUSH }} \
           make \
             ctf descriptor describe
       - name: Upload CTF

diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml
@@ -16,6 +16,7 @@ permissions:
 
 jobs:
   test:
+    if: github.event_name == 'push'
     name: Run tests
     uses: open-component-model/ocm-integrationtest/.github/workflows/integrationtest.yaml@main
     permissions:
@@ -24,4 +25,17 @@ jobs:
       packages: write
     secrets: inherit
     with:
-      ref: ${{ github.ref }}
+      ref: ${{ github.ref }}
+      repo: ${{ github.repository }}
+  test-pr:
+    if: github.event_name == 'pull_request_target'
+    name: Run tests
+    uses: open-component-model/ocm-integrationtest/.github/workflows/integrationtest.yaml@main
+    permissions:
+      contents: write
+      id-token: write
+      packages: write
+    secrets: inherit
+    with:
+      ref: ${{ github.event.pull_request.head.ref }}
+      repo: ${{ github.event.pull_request.head.repo.full_name }}
diff --git a/.github/workflows/publish-to-other-than-github.yaml b/.github/workflows/publish-to-other-than-github.yaml
@@ -55,7 +55,7 @@ jobs:
             --outputDirectory ${{ github.workspace }}/tap/Formula)
         mkdir -p ${{ github.workspace }}/tap/Aliases
         cd ${{ github.workspace }}/tap/Aliases
-        ln -s ../Formula/$(basename $formula) ./ocm
+        ln -sf ../Formula/$(basename $formula) ./ocm
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v7
       with:
@@ -147,6 +147,12 @@ jobs:
     steps:
     - name: Ensure proper version
       run: echo "RELEASE_VERSION=$(echo ${{ github.event.client_payload.version }})" >> $GITHUB_ENV
+    - name: Generate token
+      id: generate_token
+      uses: tibdex/github-app-token@v2
+      with:
+        app_id: ${{ secrets.OCMBOT_APP_ID }}
+        private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
     - name: Publish Release Event
       uses: peter-evans/repository-dispatch@v3
       with:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -122,7 +122,7 @@ jobs:
         token: ${{ steps.generate_token.outputs.token }}
 
     - name: Setup Syft
-      uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8
+      uses: anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9
 
     - name: Setup Cosign
       uses: sigstore/[email protected]

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,4 +2,4 @@
 
 We welcome many different types of contributions.
 
-Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/community/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.
+Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/.github/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.
diff --git a/Dockerfile b/Dockerfile
@@ -1,25 +1,28 @@
-FROM golang:1.23-alpine3.20 AS build
+FROM --platform=$BUILDPLATFORM golang:1.23-alpine3.20 AS build
+
+RUN apk add --no-cache make git
 
 WORKDIR /src
-RUN go env -w GOMODCACHE=/root/.cache/go-build
 
 COPY go.mod go.sum *.go VERSION ./
 
 ARG GO_PROXY="https://proxy.golang.org"
 ENV GOPROXY=${GO_PROXY}
-RUN --mount=type=cache,target=/root/.cache/go-build go mod download
+RUN go mod download
 
 COPY . .
-RUN --mount=type=cache,target=/root/.cache/go-build \
-	export VERSION=$(go run api/version/generate/release_generate.go print-rc-version) && \
-    export NOW=$(date -u +%FT%T%z) && \
-    go build -trimpath -ldflags \
-    "-s -w -X ocm.software/ocm/api/version.gitVersion=$VERSION -X ocm.software/ocm/api/version.buildDate=$NOW" \
-    -o /bin/ocm ./cmds/ocm/main.go
 
-FROM gcr.io/distroless/static-debian12:nonroot@sha256:d71f4b239be2d412017b798a0a401c44c3049a3ca454838473a4c32ed076bfea
+ENV BUILD_FLAGS="-trimpath"
+
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN make bin/ocm GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH}
+
+FROM gcr.io/distroless/static-debian12:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
 
-COPY --from=build /bin/ocm /usr/local/bin/ocm
+COPY --from=build /src/bin/ocm /usr/local/bin/ocm
 
 # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
 LABEL org.opencontainers.image.description="Open Component Model command line interface based on Distroless"

diff --git a/Makefile b/Makefile
@@ -26,12 +26,14 @@ SOURCES := $(shell go list -f '{{$$I:=.Dir}}{{range .GoFiles }}{{$$I}}/{{.}} {{e
 GOPATH                                         := $(shell go env GOPATH)
 
 NOW         := $(shell date -u +%FT%T%z)
-BUILD_FLAGS := "-s -w \
+LD_FLAGS := "-s -w \
  -X ocm.software/ocm/api/version.gitVersion=$(EFFECTIVE_VERSION) \
  -X ocm.software/ocm/api/version.gitTreeState=$(GIT_TREE_STATE) \
  -X ocm.software/ocm/api/version.gitCommit=$(COMMIT) \
  -X ocm.software/ocm/api/version.buildDate=$(NOW)"
 CGO_ENABLED := 0
+GOOS := $(shell go env GOOS)
+GOARCH := $(shell go env GOARCH)
 
 COMPONENTS ?= ocmcli helminstaller demoplugin ecrplugin helmdemo subchartsdemo
 
@@ -42,19 +44,19 @@ bin:
 	mkdir -p bin
 
 bin/ocm: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/ocm ./cmds/ocm
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/ocm ./cmds/ocm
 
 bin/helminstaller: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/helminstaller ./cmds/helminstaller
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/helminstaller ./cmds/helminstaller
 
 bin/demo: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/demo ./cmds/demoplugin
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/demo ./cmds/demoplugin
 
 bin/cliplugin: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/cliplugin ./cmds/cliplugin
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/cliplugin ./cmds/cliplugin
 
 bin/ecrplugin: bin $(SOURCES)
-	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags $(BUILD_FLAGS) -o bin/ecrplugin ./cmds/ecrplugin
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=$(GOOS) GOARCH=$(GOARCH) go build $(BUILD_FLAGS) -ldflags $(LD_FLAGS) -o bin/ecrplugin ./cmds/ecrplugin
 
 api: $(SOURCES)
 	go build ./api/...

diff --git a/NOTICE b/NOTICE
@@ -0,0 +1,18 @@
+# THIRD-PARTY LIBRARIES
+
+## MPL-2.0
+
+This project statically links the following [Mozilla Public License 2.0 (MPL-2.0)](https://www.mozilla.org/en-US/MPL/2.0/) libraries.
+The list contains the Go module path and the version of the library used.
+
+- github.com/hashicorp/errwrap-v1.1.0
+- github.com/hashicorp/go-cleanhttp-v0.5.2
+- github.com/hashicorp/go-multierror-v1.1.1
+- github.com/hashicorp/go-retryablehttp-v0.7.7
+- github.com/hashicorp/go-rootcerts-v1.0.2
+- github.com/hashicorp/go-secure-stdlib/strutil-configutil/v0.1.5
+- github.com/hashicorp/hcl-v1.0.1-vault-5
+- github.com/hashicorp/vault-client-go-v0.4.3
+- github.com/letsencrypt/boulder-v0.0.0-20241010192615-6692160cedfa
+
+Modifications to original MPL-2.0 files will be documented and made available.
diff --git a/README.md b/README.md
@@ -53,10 +53,9 @@ Install the latest release with
 - [Homebrew](#homebrew)
 - [NixOS](#nixos)
 - [AUR](#aur)
-- [Container](#container)
+- [Docker and Podman](#container)
 - [Chocolatey](#chocolatey)
 - [Winget](#winget)
-- [GitHub Releases](https://github.com/open-component-model/ocm/releases/latest)
 
 ### Bash
 

diff --git a/api/credentials/identity/hostpath/identity.go b/api/credentials/identity/hostpath/identity.go
@@ -157,3 +157,14 @@ func PathPrefix(id cpi.ConsumerIdentity) string {
 	}
 	return strings.TrimPrefix(id[ID_PATHPREFIX], "/")
 }
+
+func HostPort(id cpi.ConsumerIdentity) string {
+	if id == nil {
+		return ""
+	}
+	host := id[ID_HOSTNAME]
+	if port, ok := id[ID_PORT]; ok {
+		return host + ":" + port
+	}
+	return host
+}
diff --git a/api/oci/extensions/repositories/ocireg/blobs.go b/api/oci/extensions/repositories/ocireg/blobs.go
@@ -10,7 +10,7 @@ import (
 
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/extensions/attrs/cacheattr"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 )
@@ -23,20 +23,20 @@ type BlobContainer interface {
 
 type blobContainer struct {
 	accessio.StaticAllocatable
-	fetcher resolve.Fetcher
-	pusher  resolve.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mime    string
 }
 
 type BlobContainers struct {
 	lock    sync.Mutex
 	cache   accessio.BlobCache
-	fetcher resolve.Fetcher
-	pusher  resolve.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mimes   map[string]BlobContainer
 }
 
-func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher resolve.Pusher) *BlobContainers {
+func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher oras.Pusher) *BlobContainers {
 	return &BlobContainers{
 		cache:   cacheattr.Get(ctx),
 		fetcher: fetcher,
@@ -73,15 +73,15 @@ func (c *BlobContainers) Release() error {
 	return list.Result()
 }
 
-func newBlobContainer(mime string, fetcher resolve.Fetcher, pusher resolve.Pusher) *blobContainer {
+func newBlobContainer(mime string, fetcher oras.Fetcher, pusher oras.Pusher) *blobContainer {
 	return &blobContainer{
 		mime:    mime,
 		fetcher: fetcher,
 		pusher:  pusher,
 	}
 }
 
-func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher resolve.Fetcher, pusher resolve.Pusher) (BlobContainer, error) {
+func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher oras.Fetcher, pusher oras.Pusher) (BlobContainer, error) {
 	c := newBlobContainer(mime, fetcher, pusher)
 
 	if cache == nil {

diff --git a/api/oci/extensions/repositories/ocireg/namespace.go b/api/oci/extensions/repositories/ocireg/namespace.go
@@ -12,7 +12,7 @@ import (
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/cpi/support"
 	"ocm.software/ocm/api/oci/extensions/actions/oci-repository-prepare"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -22,10 +22,10 @@ import (
 type NamespaceContainer struct {
 	impl     support.NamespaceAccessImpl
 	repo     *RepositoryImpl
-	resolver resolve.Resolver
-	lister   resolve.Lister
-	fetcher  resolve.Fetcher
-	pusher   resolve.Pusher
+	resolver oras.Resolver
+	lister   oras.Lister
+	fetcher  oras.Fetcher
+	pusher   oras.Pusher
 	blobs    *BlobContainers
 	checked  bool
 }
@@ -69,7 +69,7 @@ func (n *NamespaceContainer) SetImplementation(impl support.NamespaceAccessImpl)
 	n.impl = impl
 }
 
-func (n *NamespaceContainer) getPusher(vers string) (resolve.Pusher, error) {
+func (n *NamespaceContainer) getPusher(vers string) (oras.Pusher, error) {
 	err := n.assureCreated()
 	if err != nil {
 		return nil, err
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,7 @@ bin @@
     /hack
     /LICENSES
     /local
+    /gen
     /pkg/test*
@@ Expand All / @@ -35,3 +36,4 @@ bin @@
     !go.*
     !**/*.go
+    !.git
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@

		We welcome many different types of contributions.

		Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/community/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.
		Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/.github/blob/main/CONTRIBUTING.md) for more information on how to get support from maintainers, find work to contribute, the Pull Request checklist, the Pull Request process, and other useful information on how to contribute to OCM.