Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(docker): support nvcr.io tag listing #17294

Merged
merged 2 commits into from Aug 21, 2022
Merged

fix(docker): support nvcr.io tag listing #17294

merged 2 commits into from Aug 21, 2022

Conversation

steved
Copy link
Contributor

@steved steved commented Aug 20, 2022
edited by viceice

Changes

Support nvcr.io image registry tag listing.

Context

Updating an nvcr.io image (nvidia/k8s-device-plugin in my particular case) fails with the following error:

DEBUG: Failed to get authHeaders for getTags lookup
DEBUG: Failed to look up dependency nvcr.io/nvidia/k8s-device-plugin (nvcr.io/nvidia/k8s-device-plugin)(packageFile="[...]/Dockerfile", dependency="nvcr.io/nvidia/k8s-device-plugin")

nvcr.io seems to deviate slightly from other image registries in that it does not return a service with the Www-authenticate header:

$ curl -v https://nvcr.io/v2/ |& grep Www
< Www-Authenticate: Bearer realm="https://nvcr.io/proxy_auth",scope=""

Returning an empty service query param back works fine:

$ curl -I 'https://nvcr.io/proxy_auth?service=&scope=repository:nvcr.io/nvidia/k8s-device-plugin:pull'
HTTP/1.1 200
...

The original change was made in #11942 and does not explain why service must be a string.

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@JamieMagee
Copy link
Contributor

Interesting! That change was originally made to satisfy the types required later. All the documentation I had found pointed to it being a required parameter:

Docker1:

$ curl -s -I https://index.docker.io/v2/ | grep -Fi www-authenticate
www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"

GCR:

$ curl -s -I https://mirror.gcr.io/v2/ | grep -Fi www-authenticate
www-authenticate: Bearer realm="https://mirror.gcr.io/v2/token",service="mirror.gcr.io"

MCR2

Footnotes

  1. https://docs.docker.com/registry/spec/auth/token/

  2. https://docs.microsoft.com/en-us/rest/api/containerregistry/access-tokens/get-from-login?tabs=HTTP

viceice
viceice requested changes Aug 20, 2022
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see open conversation

@rarkins rarkins enabled auto-merge (squash) August 21, 2022 05:38
@rarkins rarkins disabled auto-merge August 21, 2022 05:38
@rarkins rarkins enabled auto-merge (squash) August 21, 2022 05:39
@rarkins rarkins mentioned this pull request Aug 21, 2022
Closed
@rarkins rarkins merged commit 7fb2e72 into renovatebot:main Aug 21, 2022
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 32.169.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@JamieMagee JamieMagee JamieMagee approved these changes

@viceice viceice viceice approved these changes

@rarkins rarkins rarkins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No docker auth found - returning
5 participants
@steved @JamieMagee @renovate-release @viceice @rarkins