Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oras go integration #50

Merged
merged 3 commits into from
Nov 9, 2021
Merged

Oras go integration #50

merged 3 commits into from
Nov 9, 2021

Conversation

etrexel
Copy link
Contributor

@etrexel etrexel commented Nov 5, 2021

This PR integrates the oras-go library for retrieving artifacts from remote repositories.

There is additionally a workaround to allow plugin verifiers (sbom in this case) to utilize built-in referrer store plugins (oras in this case). This unblocks the use case of verifying signatures against sboms, but should be revisited in the future when plugin architecture is addressed.

@etrexel
Integrate oras-go library
045bc3c
@etrexel
Fixed issue with retrieving manifests
a38e2e2
@etrexel
Add workaround for sbom verifier
cf7ac36 
This adds the ability to use built-in referrer store plugins from
the sbom verifier plugin
@etrexel etrexel linked an issue Nov 5, 2021 that may be closed by this pull request
Update to new referrers API as per ORAS artifact draft.1 spec #13
Closed
@sajayantony
Copy link
Contributor

sajayantony commented Nov 9, 2021
edited
Loading

Will rebase #53 once #50 is merged.

mnltejaswini
mnltejaswini reviewed Nov 9, 2021
View reviewed changes
config/config.json
@@ -4,7 +4,8 @@
"plugins": [
{
"name": "oras",
"useHttp": true
"useHttp": true,
"localCachePath": "./local_oras_cache"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this required by oras?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can try in-memory copies. I was using the local cache in the event that the contents that are fetched are large.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that this might change by the refactor that @shizhMSFT is doing we might be able to revisit this as a part of a follow up of taking the updated version of ORAS.

@sajayantony
Copy link
Contributor

Discussed with @mnltejaswini and we are going to merge this.

@sajayantony sajayantony merged commit 4c9ff75 into ratify-project:main Nov 9, 2021
bspaans pushed a commit to bspaans/ratify that referenced this pull request Oct 17, 2023
@etrexel
Oras go integration (ratify-project#50)
408fe2c 
* Integrate oras-go library

* Fixed issue with retrieving manifests

* Add workaround for sbom verifier

This adds the ability to use built-in referrer store plugins from
the sbom verifier plugin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mnltejaswini mnltejaswini mnltejaswini left review comments

@sajayantony sajayantony sajayantony approved these changes

@nathana1 nathana1 Awaiting requested review from nathana1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update to new referrers API as per ORAS artifact draft.1 spec
3 participants
@etrexel @sajayantony @mnltejaswini