improve OCI ref Parsing and Digest Resolution

[dheerajodha]

• This commit enhances the ociDescriptor function
  current approach to check OCI image URIs that are
  pinned by tag, as it just checks for presence of @

• So, now we make use of standard functions from the
  "go-containerregistry" package

resolves: EC-1312

[dheerajodha]

I didn't add test coverage for the happy path because the entry above already covers it.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.85%. Comparing base (ef350b8) to head (d228309).
Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2568      +/-   ##
==========================================
+ Coverage   68.73%   68.85%   +0.11%     
==========================================
  Files         101      101              
  Lines        8557     8569      +12     
==========================================
+ Hits         5882     5900      +18     
+ Misses       2675     2669       -6     

Flag	Coverage Δ
generative	68.85% <100.00%> (+0.11%)	⬆️
integration	68.85% <100.00%> (+0.11%)	⬆️
unit	68.85% <100.00%> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/rego/oci/oci.go	95.12% <100.00%> (+1.09%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dheerajodha]

/retest

[dheerajodha]

The build and test PLRs are stuck with message Expected — Waiting for status to be reported, and /retest didin't work, I'll push a commit to retrigger them

[dheerajodha]

still seeing the same status :/

[joejstuart]

Doesn't the resolveIfNeeded function on line 392 ensure uri contains a digest?

uri, err := resolveIfNeeded(client, string(uriValue))
if err != nil {
    logger.WithField("action", "resolveIfNeeded").Error(err)
    return nil, nil
}

[dheerajodha]

Doesn't the resolveIfNeeded function on line 392 ensure uri contains a digest?

Thanks! that's true, added a reply here in the Slack thread. resolveIfNeeded does resolve tag to a digest, but I still feel it can be improved by using standard library functions following OCI ref specs, especially here:

cli/internal/rego/oci/oci.go

Line 690 in b5fd51b

if !strings.Contains(uri, "@") {

Added the changes in the latest commit.

[simonbaird]

I gave it a little test like this:

$ make build && ./dist/ec --debug opa eval 'ec.oci.descriptor("registry.access.redhat.com/ubi9/python-39:latest")'

[dheerajodha]

@simonbaird or @joejstuart can you please merge this PR whenever you can? (I don't have the rights)
Thank you for your help and patience on this one!