Fix oci image

Dockerfile

@@ -7,7 +7,7 @@ COPY go.mod go.sum ./
 RUN go mod download
 
 COPY . ./
-RUN go build -o /reroller ./cmd
+RUN go build -o /reroller .
 
 FROM alpine:latest
 

go.mod

@@ -1,12 +1,62 @@
-module roob.re/reroller
+module github.com/newrelic-forks/reroller
 
-go 1.16
+go 1.20
 
 require (
-	github.com/sirupsen/logrus v1.8.1
+	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.12.0
-	k8s.io/api v0.24.1
-	k8s.io/apimachinery v0.24.1
-	k8s.io/client-go v0.24.1
+	github.com/spf13/viper v1.15.0
+	github.com/stretchr/testify v1.8.2
+	k8s.io/api v0.26.3
+	k8s.io/apimachinery v0.26.3
+	k8s.io/client-go v0.26.3
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/time v0.1.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )

cmd/main.go → main.go

@@ -1,14 +1,16 @@
 package main
 
 import (
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
 	"os"
 	"path"
-	"roob.re/reroller"
 	"strings"
 	"time"
+
+	reroller "github.com/newrelic-forks/reroller/src"
+
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
 )
 
 const hourFmt = "15:04"

registry/docker/docker.go → src/registry/docker/docker.go

@@ -19,8 +19,6 @@ func DockerLikeImageInfo(baseUrl string) func(image, tag string) ([]string, erro
 	baseUrl = strings.Trim(baseUrl, "/")
 
 	return func(image, tag string) ([]string, error) {
-		digests := make([]string, 0, 2)
-
 		manifestsUrl := fmt.Sprintf(baseUrl+"/%s/manifests/%s", image, tag)
 		headRsp, err := http.Head(manifestsUrl)
 		if err != nil {
@@ -50,9 +48,18 @@ func DockerLikeImageInfo(baseUrl string) func(image, tag string) ([]string, erro
 			req.Header.Set("Authorization", "Bearer "+token)
 		}
 
+		digests := []string{}
+
+		retDigests, err := ociDigests(req)
+		if err != nil {
+			return nil, fmt.Errorf("getting oci image digests from docker: %w", err)
+		}
+
+		digests = append(digests, retDigests...)
+
 		// Query the manifest list digest
 		req.Header.Set("Accept", "application/vnd.docker.distribution.manifest.list.v2+json")
-		retDigests, err := dockerContentDigest(req)
+		retDigests, err = dockerContentDigest(req)
 		if err != nil {
 			return nil, fmt.Errorf("getting manifest list from docker: %w", err)
 		}
@@ -63,11 +70,15 @@ func DockerLikeImageInfo(baseUrl string) func(image, tag string) ([]string, erro
 		req.Header.Set("Accept", "application/vnd.docker.distribution.manifest.v2+json")
 		retDigests, err = dockerContentDigest(req)
 		if err != nil {
-			return nil, fmt.Errorf("getting manifest list from docker: %w", err)
+			return nil, fmt.Errorf("getting manifest from docker: %w", err)
 		}
 
 		digests = append(digests, retDigests...)
 
+		if len(digests) == 0 {
+			return nil, fmt.Errorf("getting images digests for the docker image %s:%s", image, tag)
+		}
+
 		return digests, nil
 	}
 }
@@ -83,12 +94,48 @@ func dockerContentDigest(req *http.Request) ([]string, error) {
 
 	digest, found := resp.Header["Docker-Content-Digest"]
 	if !found {
-		return nil, fmt.Errorf("docker API did not return a content digest for this image")
+		// OCI images will not respond with the list of digest
+		return nil, nil
 	}
 
 	return digest, nil
 }
 
+func ociDigests(req *http.Request) ([]string, error) {
+	// https://github.com/moby/buildkit/issues/2251
+	acceptHeader := "application/vnd.oci.image.index.v1+json"
+	req.Header.Set("Accept", "application/vnd.oci.image.index.v1+json")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("querying dockerhub tags endpoint: %w", err)
+	}
+
+	defer resp.Body.Close()
+
+	if resp.Header.Get("Content-Type") != acceptHeader {
+		return nil, nil
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("reading response body: %w", err)
+	}
+
+	indexResp := &IndexResp{}
+
+	if err := json.Unmarshal(body, indexResp); err != nil {
+		return nil, fmt.Errorf("decoding response body: %w", err)
+	}
+
+	digests := []string{}
+
+	for _, manifest := range indexResp.Manifests {
+		digests = append(digests, manifest.Digest)
+	}
+
+	return digests, nil
+}
+
 func authUrl(wwwAuthenticate string) (*url.URL, error) {
 	if !strings.HasPrefix(wwwAuthenticate, "Bearer ") {
 		return nil, fmt.Errorf("www-authenticate header lacks Bearer prefix")

src/registry/docker/docker_test.go

@@ -0,0 +1,28 @@
+package docker_test
+
+import (
+	"testing"
+
+	"github.com/newrelic-forks/reroller/src/registry/docker"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_Dockerhub(t *testing.T) {
+	infofunc := docker.DockerLikeImageInfo(docker.BaseUrl)
+
+	digests, err := infofunc("newrelic/infrastructure-bundle", "1.0.0")
+	require.NoError(t, err)
+	require.Contains(t, digests, "sha256:7300aec653dbe8aaef96b92d2f8319a2cef8e03e99b4420ba846b46a1447ea6b")
+}
+
+func Test_Dockerhub_oci_image(t *testing.T) {
+	infofunc := docker.DockerLikeImageInfo(docker.BaseUrl)
+
+	// test buildkit image https://github.com/moby/buildkit/issues/2251
+	digests, err := infofunc("newrelic/infrastructure-bundle", "3.1.3")
+	require.NoError(t, err)
+	require.Contains(t, digests, "sha256:d52446ef1513dea9f5928937a268afbf8583e2877b53242345505e8b7eaca78d")
+	require.Contains(t, digests, "sha256:500ea42793487b8251d01047d843f971590da91dd6ca257c913e04adbd9e802e")
+	require.Contains(t, digests, "sha256:defe972d81b71f52a3c4fa30b5c6c192c950da7e937516d249429f7900d5f174")
+
+}

src/registry/docker/oci.go

@@ -0,0 +1,29 @@
+package docker
+
+// OCI index schema
+type IndexResp struct {
+	MediaType     string      `json:"mediaType"`
+	SchemaVersion int         `json:"schemaVersion"`
+	Manifests     []Manifests `json:"manifests"`
+}
+type Platform struct {
+	Architecture string `json:"architecture"`
+	Os           string `json:"os"`
+}
+type Platform0 struct {
+	Architecture string `json:"architecture"`
+	Os           string `json:"os"`
+	Variant      string `json:"variant"`
+}
+type Annotations struct {
+	VndDockerReferenceDigest string `json:"vnd.docker.reference.digest"`
+	VndDockerReferenceType   string `json:"vnd.docker.reference.type"`
+}
+type Manifests struct {
+	MediaType   string      `json:"mediaType"`
+	Digest      string      `json:"digest"`
+	Size        int         `json:"size"`
+	Platform    Platform    `json:"platform,omitempty"`
+	Platform0   Platform0   `json:"platform,omitempty"`
+	Annotations Annotations `json:"annotations,omitempty"`
+}

registry/ghcr/ghcr.go → src/registry/ghcr/ghcr.go

@@ -1,7 +1,7 @@
 package ghcr
 
 import (
-	"roob.re/reroller/registry/docker"
+	"github.com/newrelic-forks/reroller/src/registry/docker"
 )
 
 const (

registry/registry.go → src/registry/registry.go

@@ -2,11 +2,12 @@ package registry
 
 import (
 	"errors"
-	"roob.re/reroller/registry/docker"
-	"roob.re/reroller/registry/gcr"
-	"roob.re/reroller/registry/ghcr"
-	"roob.re/reroller/registry/quay"
 	"strings"
+
+	"github.com/newrelic-forks/reroller/src/registry/docker"
+	"github.com/newrelic-forks/reroller/src/registry/gcr"
+	"github.com/newrelic-forks/reroller/src/registry/ghcr"
+	"github.com/newrelic-forks/reroller/src/registry/quay"
 )
 
 func ImageDigests(image string) ([]string, error) {

reroller.go → src/reroller.go

@@ -3,16 +3,17 @@ package reroller
 import (
 	"context"
 	"errors"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/newrelic-forks/reroller/src/registry"
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	"roob.re/reroller/registry"
-	"strconv"
-	"strings"
-	"time"
 )
 
 const rerollerAnnotation = "reroller.roob.re/reroll"

rollout.go → src/rollout.go

@@ -2,12 +2,13 @@ package reroller
 
 import (
 	"context"
+	"time"
+
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/kubernetes"
-	"time"
 )
 
 const restartedAtAnnotation = "reroller.roob.re/restartedAt"