Skip to content

Add support for registry table prefix and location rewrite (without *, tag or digest yet)#542

Merged
jonesbusy merged 1 commit intooras-project:mainfrom
jonesbusy:feature/prefix-support
Feb 15, 2026
Merged

Add support for registry table prefix and location rewrite (without *, tag or digest yet)#542
jonesbusy merged 1 commit intooras-project:mainfrom
jonesbusy:feature/prefix-support

Conversation

@jonesbusy
Copy link
Collaborator

Description

Testing done

Submitter checklist

  • I have read and understood the CONTRIBUTING guide
  • I have run mvn license:update-file-header, mvn spotless:apply, pre-commit run -a, mvn clean install before opening the PR

@jonesbusy jonesbusy force-pushed the feature/prefix-support branch 2 times, most recently from 36b59d6 to d6f83ca Compare February 14, 2026 16:55
@codecov
Copy link

codecov bot commented Feb 14, 2026

Codecov Report

❌ Patch coverage is 92.15686% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.17%. Comparing base (9fff41e) to head (3e234f0).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/main/java/land/oras/auth/RegistriesConf.java 91.89% 1 Missing and 2 partials ⚠️
src/main/java/land/oras/Registry.java 66.66% 0 Missing and 1 partial ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main     #542      +/-   ##
============================================
+ Coverage     87.53%   88.17%   +0.63%     
- Complexity      753      763      +10     
============================================
  Files            42       42              
  Lines          2207     2241      +34     
  Branches        266      273       +7     
============================================
+ Hits           1932     1976      +44     
+ Misses          168      156      -12     
- Partials        107      109       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jonesbusy jonesbusy force-pushed the feature/prefix-support branch 6 times, most recently from 2542931 to 8e22a03 Compare February 15, 2026 09:17
@jonesbusy jonesbusy changed the title Add support for registry table prefix Add support for registry table prefix and location rewrite (without tag or digest yet) Feb 15, 2026
@jonesbusy jonesbusy added the enhancement New feature or request label Feb 15, 2026
@jonesbusy jonesbusy self-assigned this Feb 15, 2026
@jonesbusy jonesbusy marked this pull request as ready for review February 15, 2026 09:21
@jonesbusy jonesbusy requested a review from Copilot February 15, 2026 09:21
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for registry table prefix and location rewrite functionality to the ORAS Java SDK. The changes enable the SDK to match container references against configured registry prefixes (including wildcard patterns like *.example.com) and rewrite them to different registry locations. This is useful for scenarios like redirecting Docker Hub references to an internal mirror or AWS Public ECR.

Changes:

  • Added prefix field to RegistryConfig record to support prefix-based matching in addition to location-based matching
  • Implemented registry rewrite logic that replaces matched prefixes with configured locations in container references
  • Refactored isBlocked() and isInsecure() methods to accept ContainerRef instead of String for more precise matching
  • Added comprehensive test coverage for prefix matching, wildcard patterns, and rewrite functionality

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 10 comments.

Show a summary per file
File Description
src/main/java/land/oras/auth/RegistriesConf.java Core implementation: added prefix field, ParsedPrefix record, rewrite logic, and enhanced matching with wildcard support
src/main/java/land/oras/ContainerRef.java Updated to use registry rewrite in getEffectiveRegistry and isBlocked/isInsecure methods
src/main/java/land/oras/Registry.java Updated getRepositories to pass ContainerRef instead of String to isInsecure check
src/test/java/land/oras/auth/RegistryConfTest.java Added comprehensive tests for prefix matching, wildcards, rewrite logic, and multiple configuration scenarios
src/test/java/land/oras/RegistryWireMockTest.java Added test for prefix configuration in repository listing
src/test/java/land/oras/RegistryTest.java Moved unqualified registry test from ContainerRefTest (better location)
src/test/java/land/oras/ContainerRefTest.java Removed test that was moved to RegistryTest
src/test/java/land/oras/PublicECRITCase.java Added integration test for docker.io to public ECR rewrite scenario

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

// With blocked false
registry = new RegistriesConf.RegistryConfig("test", false, null);
registry = new RegistriesConf.RegistryConfig("localhost:5000", null, false, null);
assertFalse(registry.isBlocked(), "Registry should be blocked when blocked is false");
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incorrect assertion message. When blocked is false, the message should say "Registry should NOT be blocked when blocked is false" instead of "Registry should be blocked when blocked is false".

Suggested change
assertFalse(registry.isBlocked(), "Registry should be blocked when blocked is false");
assertFalse(registry.isBlocked(), "Registry should NOT be blocked when blocked is false");

Copilot uses AI. Check for mistakes.
}

// Path prefix match (namespace/repo)
String refPath = String.join("/", ref.getNamespace()) + "/" + ref.getRepository();
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line has a compilation error. String.join("/", ref.getNamespace()) is incorrect because ref.getNamespace() returns a @Nullable String, not a collection. String.join() expects either varargs of CharSequence or an Iterable.

The correct implementation should build the path by concatenating namespace and repository. Since ContainerRef.getFullRepository() already provides this functionality, this line should be simplified to:

String refPath = ref.getFullRepository();
Suggested change
String refPath = String.join("/", ref.getNamespace()) + "/" + ref.getRepository();
String refPath = ref.getFullRepository();

Copilot uses AI. Check for mistakes.
return ref;
}
String currentRefString = ref.toString();
String rewrittenRefString = currentRefString.replaceFirst(prefix, registry);
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The replaceFirst() method treats its first argument as a regex pattern, which could cause unexpected behavior if the prefix contains regex special characters like ., *, [, etc. For example, a prefix like example.com would match exampleXcom because . matches any character in regex.

Use replace() instead, which performs literal string replacement, or escape the prefix using Pattern.quote() if regex matching is needed.

Copilot uses AI. Check for mistakes.
: determineFirstUnqualifiedSearchRegistry(target);
}
return registry;
// The effective registry can we rewrotten by the registry configuration.
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo in comment: "rewrotten" should be "rewritten".

Suggested change
// The effective registry can we rewrotten by the registry configuration.
// The effective registry can be rewritten by the registry configuration.

Copilot uses AI. Check for mistakes.
public Repositories getRepositories() {
if (registry != null && getRegistriesConf().isInsecure(registry) && !this.isInsecure()) {
if (registry != null
&& getRegistriesConf().isInsecure(ContainerRef.parse(registry).forRegistry(registry))
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic is incorrect. ContainerRef.parse(registry) where registry is a string like "localhost:5000" will be parsed as an unqualified ContainerRef with repository="localhost:5000", not as a registry. The NAME_REGEX pattern requires a / after the registry part, so a plain registry string won't match the registry group.

Then calling .forRegistry(registry) sets the registry field to "localhost:5000", creating a confusing and incorrect ContainerRef like "localhost:5000/localhost:5000".

A better approach would be to create a dummy ContainerRef with the registry properly set, such as:

ContainerRef.parse(registry + "/dummy:latest")

or refactor to avoid this altogether.

Suggested change
&& getRegistriesConf().isInsecure(ContainerRef.parse(registry).forRegistry(registry))
&& getRegistriesConf()
.isInsecure(ContainerRef.parse("dummy:latest").forRegistry(registry))

Copilot uses AI. Check for mistakes.
@jonesbusy jonesbusy force-pushed the feature/prefix-support branch 4 times, most recently from 9d43db2 to edc0395 Compare February 15, 2026 12:27
Signed-off-by: Valentin Delaye <jonesbusy@users.noreply.github.com>
@jonesbusy jonesbusy force-pushed the feature/prefix-support branch from edc0395 to 3e234f0 Compare February 15, 2026 15:14
@jonesbusy jonesbusy changed the title Add support for registry table prefix and location rewrite (without tag or digest yet) Add support for registry table prefix and location rewrite (without *, tag or digest yet) Feb 15, 2026
@jonesbusy jonesbusy merged commit 9a83af5 into oras-project:main Feb 15, 2026
8 checks passed
@jonesbusy jonesbusy deleted the feature/prefix-support branch February 15, 2026 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants