From e29d851cc6c97908c7e149a994f897276f8ae945 Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Tue, 27 Sep 2022 05:26:14 -0700 Subject: [PATCH] fix(docker): reduce ECR Public max results to 1000 (#17946) --- lib/modules/datasource/docker/index.spec.ts | 52 +++++++++++++++++++++ lib/modules/datasource/docker/index.ts | 7 ++- 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/lib/modules/datasource/docker/index.spec.ts b/lib/modules/datasource/docker/index.spec.ts index 6406f6ceddedb7..76332d86c8acc2 100644 --- a/lib/modules/datasource/docker/index.spec.ts +++ b/lib/modules/datasource/docker/index.spec.ts @@ -1194,6 +1194,58 @@ describe('modules/datasource/docker/index', () => { }); }); + it('uses lower tag limit for ECR Public deps', async () => { + httpMock + .scope('https://public.ecr.aws') + .get('/v2/amazonlinux/amazonlinux/tags/list?n=1000') + .reply(401, '', { + 'www-authenticate': + 'Bearer realm="https://public.ecr.aws/token",service="public.ecr.aws",scope="aws"', + }) + .get('/token?service=public.ecr.aws&scope=aws') + .reply(200, { token: 'test' }); + httpMock + .scope('https://public.ecr.aws', { + reqheaders: { + authorization: 'Bearer test', + }, + }) + // The tag limit parameter `n` needs to be limited to 1000 for ECR Public + // See https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_DescribeRepositories.html#ecrpublic-DescribeRepositories-request-maxResults + .get('/v2/amazonlinux/amazonlinux/tags/list?n=1000') + .reply(200, { tags: ['some'] }, {}); + + httpMock + .scope('https://public.ecr.aws') + .get('/v2/') + .reply(401, '', { + 'www-authenticate': + 'Bearer realm="https://public.ecr.aws/token",service="public.ecr.aws",scope="aws"', + }) + .get( + '/token?service=public.ecr.aws&scope=repository:amazonlinux/amazonlinux:pull' + ) + .reply(200, { token: 'test' }); + httpMock + .scope('https://public.ecr.aws', { + reqheaders: { + authorization: 'Bearer test', + }, + }) + .get('/v2/amazonlinux/amazonlinux/manifests/some') + .reply(200); + + expect( + await getPkgReleases({ + datasource: DockerDatasource.id, + depName: 'public.ecr.aws/amazonlinux/amazonlinux', + }) + ).toEqual({ + registryUrl: 'https://public.ecr.aws', + releases: [], + }); + }); + describe('when making requests that interact with an ECR proxy', () => { it('resolves requests to ECR proxy', async () => { httpMock diff --git a/lib/modules/datasource/docker/index.ts b/lib/modules/datasource/docker/index.ts index 65a87195e2c28b..d9c5fc7c311c25 100644 --- a/lib/modules/datasource/docker/index.ts +++ b/lib/modules/datasource/docker/index.ts @@ -49,6 +49,7 @@ import { export const DOCKER_HUB = 'https://index.docker.io'; export const ecrRegex = regEx(/\d+\.dkr\.ecr\.([-a-z0-9]+)\.amazonaws\.com/); +export const ecrPublicRegex = regEx(/public\.ecr\.aws/); function isDockerHost(host: string): boolean { const regex = regEx(/(?:^|\.)docker\.io$/); @@ -818,7 +819,11 @@ export class DockerDatasource extends Datasource { let tags: string[] = []; // AWS ECR limits the maximum number of results to 1000 // See https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html#ECR-DescribeRepositories-request-maxResults - const limit = ecrRegex.test(registryHost) ? 1000 : 10000; + // See https://docs.aws.amazon.com/AmazonECRPublic/latest/APIReference/API_DescribeRepositories.html#ecrpublic-DescribeRepositories-request-maxResults + const limit = + ecrRegex.test(registryHost) || ecrPublicRegex.test(registryHost) + ? 1000 + : 10000; let url: | string | null = `${registryHost}/${dockerRepository}/tags/list?n=${limit}`;