open-policy-agent · jpreese · Feb 21, 2024 · Feb 20, 2024
diff --git a/downloader/oci_detector.go b/downloader/oci_detector.go
@@ -10,7 +10,7 @@ import (
 // them into URLs that the OCI getter can understand.
 type OCIDetector struct{}
 
-// Detect will detect if the source is an OCI registry
+// Detect will detect if the source is an OCI registry.
 func (d *OCIDetector) Detect(src, _ string) (string, bool, error) {
 	if len(src) == 0 {
 		return "", false, nil
@@ -33,6 +33,7 @@ func containsOCIRegistry(src string) bool {
 		regexp.MustCompile("azurecr.io"),
 		regexp.MustCompile("gcr.io"),
 		regexp.MustCompile("registry.gitlab.com"),
+		regexp.MustCompile("pkg.dev"),
 		regexp.MustCompile("[0-9]{12}.dkr.ecr.[a-z0-9-]*.amazonaws.com"),
 		regexp.MustCompile("^quay.io"),
 	}

diff --git a/downloader/oci_detector_test.go b/downloader/oci_detector_test.go
@@ -18,6 +18,11 @@ func TestOCIDetector_Detect(t *testing.T) {
 			"gcr.io/conftest/policies:tag",
 			"oci://gcr.io/conftest/policies:tag",
 		},
+		{
+			"should detect google artifact registry",
+			"region-docker.pkg.dev/conftest/policies:tag",
+			"oci://region-docker.pkg.dev/conftest/policies:tag",
+		},
 		{
 			"should detect ecr",
 			"123456789012.dkr.ecr.us-east-1.amazonaws.com/conftest/policies:tag",
@@ -69,17 +74,21 @@ func TestOCIDetector_Detect(t *testing.T) {
 			"oci://::1:32123/policies:tag",
 		},
 	}
+
 	pwd := "/pwd"
 	d := &OCIDetector{}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			out, ok, err := d.Detect(tt.input, pwd)
 			if err != nil {
 				t.Fatalf("OCIDetector.Detect() error = %v", err)
 			}
+
 			if !ok {
 				t.Fatal("OCIDetector.Detect() not ok, should have detected")
 			}
+
 			if out != tt.expected {
 				t.Errorf("OCIDetector.Detect() output = %v, want %v", out, tt.expected)
 			}