ghcr.io: List packages based on whether owner is an org or a user #180
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We were previously using releases to figure out tags for a Github package. I think this was wrong. Not all release tags will be pushed as package versions, and vice versa. Someone may choose to use GHCR without taking advantage of releases at all. I've modified it so that the client will check if the owner is a user or an org and then make the appropriate PackageGetAllVersions function call to retrieve the tags. I've also fixed a few other things I ran into while testing this: 1. Create the github client in `New` so that rate limiting and other goodness is reused across calls. 2. Fix `RepoImageFromPath`, so it will split the repository path into the 'owner' and 'repo' segments that `Tags` expects. Previously we would have got errors for subrepositories. 3. Update `TestRepoImage` to ensure it doesn't panic on unexpected inputs. 4. We don't need to use regex to match `ghcr.io` to `ghcr.io`. 5. If we're excluding `.att` tags then we should probably exclude `.sig` and `.sbom` too.
davidcollom
reviewed
Apr 23, 2024
davidcollom
reviewed
Apr 23, 2024
davidcollom
reviewed
Apr 23, 2024
|
Appreciate the contextual description at the top of the PR @ribbybibby. I've added issue / thoughts on the existing comments. I think it'd be good to merge and fix for users of ghcr.io. @davidcollom I'll defer to you for approval. My Go isn't good enough to properly review. But from a "this is what the PR tackles" perspective I give it 👍 |
davidcollom
approved these changes
Jun 6, 2024
There was a problem hiding this comment.
Thanks @ribbybibby for this! 👍 Sorry its taken some time, but I needed/wanted to verify a few usecases I've seen in the passed with ghcr... but I didn't have a cluster on hand that I could use to verify.
I've done this now and everything looked/worked perfectly 👌 Thanks!
davidcollom
approved these changes
Jun 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We were previously using releases to figure out tags for a Github package. I think this was wrong. Not all release tags will be pushed as package versions, and vice versa. Someone may choose to use GHCR without taking advantage of releases at all.
I've modified it so that the client will check if the owner is a user or an org and then make the appropriate
PackageGetAllVersionsfunction call to retrieve the tags.I've also fixed a few other things I ran into while testing this:
Newso that rate limiting and other goodness is reused across calls.RepoImageFromPath, so it will split the repository path into the 'owner' and 'repo' segments thatTagsexpects. Previously we would have got errors for subrepositories.TestRepoImageto ensure it doesn't panic on unexpected inputs.ghcr.iotoghcr.io..atttags then we should probably exclude.sigand.sbomtoo.Fixes #179, #175