OCI Image Index for Zarf packages doesn't include the mediaType attribute #2351
Comments
5 tasks
|
Great catch, this will be fixed by #2235 which will likely be included in the next release |
|
Ah I see you opened a PR, even better. Thanks! |
Racer159
added a commit
that referenced
this issue
Mar 4, 2024
## Description Added the OCI Image Index's mediaType for completeness sake per the OCI spec and to work around a known Sonatype Nexus Repository bug. ## Related Issue Fixes #2351 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Co-authored-by: Wayne Starr <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe what should be investigated or refactored
Currently the OCI Image Index for Zarf packages doesn't include the mediaType attribute. While not technically required the OCI spec says it "SHOULD" be used (https://github.com/opencontainers/image-spec/blob/main/image-index.md).
Links to any relevant code
None.
Additional context
Currently the Sonatype Nexus Repository cleanup script expects the mediaType to be present in the OCI Image Index. When isn't present, the cleanup doesn't iterate through the listed manifests in the image index and thus treats the actual manifest for the Zarf package as orphaned and deletes it. Sonatype accepts this is a bug and has an issue for it but doesn't have an ETA for a fix. This is preventing us from using the latest Zarf to publish. While this is a fix to work around someone else's bug, since the spec says it should be set it feels like a good addition regardless.
The text was updated successfully, but these errors were encountered: