Migrate oras Go libraries to libs-go/ #28
Conversation
Signed-off-by: Josh Dolitsky <[email protected]>
initial unit tests
Refine readme
* Add pull command * Add push cmd
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
fix dependency issues for tests
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
push real contents test
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Avi Deitcher <[email protected]> Co-authored-by: Josh Dolitsky <[email protected]>
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.4.1 to 1.4.3. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/master/RELEASES.md) - [Commits](containerd/containerd@v1.4.1...v1.4.3) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix docker test * wrap params
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.6.1...v1.7.0) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
* check hard link * no following symbolic link * bug fix * add initial test to reproduce GHSA-g5v4-5x39-vwhx Signed-off-by: jdolitsky <[email protected]> * fix test for symbolic link * fix bug * add test for hardlink Signed-off-by: jdolitsky <[email protected]> * catch the parent folder * remove check for hard link for consistency * remove unncessary test for hard links * Revert "remove unncessary test for hard links" This reverts commit b3136611810f49074dfc6aef158b3d24466d2ed9. * Revert "remove check for hard link for consistency" This reverts commit d7b7346598c92ff9c430a42763d810b34d3f1ac2. * check links for all link types * add tests Co-authored-by: jdolitsky <[email protected]>
Signed-off-by: Avi Deitcher <[email protected]>
Update descriptor in the nameMap as well as in index.Manifests. nameMap used in the ListReferences operation and should return actual descriptor. Co-authored-by: Josh Dolitsky <[email protected]>
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 20.10.2+incompatible to 20.10.3+incompatible. - [Release notes](https://github.com/docker/cli/releases) - [Commits](docker/cli@v20.10.2...v20.10.3) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Avi Deitcher <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
|
The raises the question of whether ORAS should be both a set of reference libraries and a CLI. I think the big question you're asking is: can we close on a good place to host ORAS as it's had good adoption, needs an official LF type home. OCI or CNCF? We've previously discussed the value of it being in OCI. |
Ya. This an attempt to move the ball. I can also open the equivalent PR at a different location as well. Seeing as it builds heavily on containerd and distribution, might be more appropriate in CNCF-land. Perhaps tools in OCI should be pure to spec, vs. pulling in code established prior to spec finalization(s). |
|
re: ORAS + CNCF... it's a fairly simple lift and may make more sense than OCI tbh The next sandbox project review will be next month in March, all you need to do for ORAS is to apply here and ensure you meet the minimum bar around having a code of conduct, rough roadmap etc https://docs.google.com/forms/d/1bJhG1MuM981uQXcnBMv4Mj9yfV5_q5Kwk3qhBCLa_5A/edit |
|
Given that we've previously discussed accepting ORAS into OCI without reaching consensus, I'm 👎 on this PR. If you're looking to contribute ORAS to OCI, the appropriate path would be to reopen the discussion with the TOB. |
WIthin the TOB discussions, we did have specific action items to refactor the code, and refocus on the unique ORAS libraries and CLI. oras-project/oras#181 The question has been:
Josh is making a reasonable suggestion to add directly to the Artifacts repo. I still have this preference to submit to OCI, as it's so coupled to the distribution and artifacts specs. We've been focused on adding the next round of Artifact enhancements Once we get more traction on the new manifest, we'll be allocating time to enhance ORAS to support the new manifest. That should be the time we can address oras-project/oras#181 and other blocking issues. I think the question could be: |
|
I could see moving the pkg/oras folder over, but agree with the others that the rest of the CLI and other parts of the project are better off spun up as a standalone project that's donated to the CNCF rather than absorbed into the artifact spec. |
That's not really my understanding. We didn't reach consensus on accepting ORAS, and those were some suggestions if we wanted to revisit in the future. There was not consensus on "if you make these changes, we'll add ORAS to OCI". |
|
|
Commit history has been maintained, and all references to "deislabs" or "oras" removed.
See this discussion for more info: oras-project/oras#181