2022-03-30 10:42:47 +02:00
|
|
|
// Copyright 2022 The Gitea Authors. All rights reserved.
|
2022-11-27 13:20:29 -05:00
|
|
|
// SPDX-License-Identifier: MIT
|
2022-03-30 10:42:47 +02:00
|
|
|
|
|
|
|
|
package container
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"strings"
|
|
|
|
|
|
2025-03-27 19:40:14 +00:00
|
|
|
"forgejo.org/modules/json"
|
|
|
|
|
"forgejo.org/modules/packages/container/helm"
|
|
|
|
|
"forgejo.org/modules/validation"
|
2023-02-06 11:07:09 +01:00
|
|
|
|
|
|
|
|
oci "github.com/opencontainers/image-spec/specs-go/v1"
|
2022-03-30 10:42:47 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2022-07-28 05:59:39 +02:00
|
|
|
PropertyRepository = "container.repository"
|
2022-03-30 10:42:47 +02:00
|
|
|
PropertyDigest = "container.digest"
|
|
|
|
|
PropertyMediaType = "container.mediatype"
|
|
|
|
|
PropertyManifestTagged = "container.manifest.tagged"
|
|
|
|
|
PropertyManifestReference = "container.manifest.reference"
|
|
|
|
|
|
|
|
|
|
DefaultPlatform = "linux/amd64"
|
|
|
|
|
|
|
|
|
|
labelLicenses = "org.opencontainers.image.licenses"
|
|
|
|
|
labelURL = "org.opencontainers.image.url"
|
|
|
|
|
labelSource = "org.opencontainers.image.source"
|
|
|
|
|
labelDocumentation = "org.opencontainers.image.documentation"
|
|
|
|
|
labelDescription = "org.opencontainers.image.description"
|
|
|
|
|
labelAuthors = "org.opencontainers.image.authors"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type ImageType string
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
TypeOCI ImageType = "oci"
|
|
|
|
|
TypeHelm ImageType = "helm"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Name gets the name of the image type
|
|
|
|
|
func (it ImageType) Name() string {
|
|
|
|
|
switch it {
|
|
|
|
|
case TypeHelm:
|
|
|
|
|
return "Helm Chart"
|
|
|
|
|
default:
|
|
|
|
|
return "OCI / Docker"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Metadata represents the metadata of a Container package
|
|
|
|
|
type Metadata struct {
|
|
|
|
|
Type ImageType `json:"type"`
|
|
|
|
|
IsTagged bool `json:"is_tagged"`
|
|
|
|
|
Platform string `json:"platform,omitempty"`
|
|
|
|
|
Description string `json:"description,omitempty"`
|
|
|
|
|
Authors []string `json:"authors,omitempty"`
|
|
|
|
|
Licenses string `json:"license,omitempty"`
|
|
|
|
|
ProjectURL string `json:"project_url,omitempty"`
|
|
|
|
|
RepositoryURL string `json:"repository_url,omitempty"`
|
|
|
|
|
DocumentationURL string `json:"documentation_url,omitempty"`
|
|
|
|
|
Labels map[string]string `json:"labels,omitempty"`
|
|
|
|
|
ImageLayers []string `json:"layer_creation,omitempty"`
|
2023-04-02 11:53:37 +02:00
|
|
|
Manifests []*Manifest `json:"manifests,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Manifest struct {
|
|
|
|
|
Platform string `json:"platform"`
|
|
|
|
|
Digest string `json:"digest"`
|
|
|
|
|
Size int64 `json:"size"`
|
2022-03-30 10:42:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ParseImageConfig parses the metadata of an image config
|
2023-02-06 11:07:09 +01:00
|
|
|
func ParseImageConfig(mt string, r io.Reader) (*Metadata, error) {
|
|
|
|
|
if strings.EqualFold(mt, helm.ConfigMediaType) {
|
2022-03-30 10:42:47 +02:00
|
|
|
return parseHelmConfig(r)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// fallback to OCI Image Config
|
|
|
|
|
return parseOCIImageConfig(r)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func parseOCIImageConfig(r io.Reader) (*Metadata, error) {
|
|
|
|
|
var image oci.Image
|
|
|
|
|
if err := json.NewDecoder(r).Decode(&image); err != nil {
|
feat: support artifact uploads for OCI container packages (#8070)
# Fix OCI artifact uploads with`oras`
## Problem
ORAS (OCI Registry As Storage) artifact uploads were failing with several HTTP-related errors when pushing to Forgejo's container registry. This prevented users from storing OCI artifacts like `artifacthub-repo.yaml` in commands like `oras push [...] artifacthub-repo.yaml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml`.
This has been discussed previously in https://github.com/go-gitea/gitea/issues/25846
## Root Causes and Fixes
### 1. Missing Content-Length for Empty Blobs
**Issue**: Empty blobs (size 0) were not getting the required `Content-Length: 0` header, causing ORAS to fail with "unknown response Content-Length".
**Fix**: Changed the condition in `setResponseHeaders` from `if h.ContentLength != 0` to `if h.ContentLength >= 0` to ensure the Content-Length header is always set for valid blob sizes.
```go
// Before
if h.ContentLength != 0 {
resp.Header().Set("Content-Length", strconv.FormatInt(h.ContentLength, 10))
}
// After
if h.ContentLength >= 0 {
resp.Header().Set("Content-Length", strconv.FormatInt(h.ContentLength, 10))
}
```
### 2. Content-Length Mismatch in JSON Error Responses
**Issue**: The `jsonResponse` function was calling `WriteHeader()` before writing JSON content, causing "wrote more than the declared Content-Length" errors when the HTTP stack calculated a different Content-Length than what was actually written.
**Fix**: Modified `jsonResponse` to buffer JSON content first, calculate the exact Content-Length, then write the complete response.
### 3. Incomplete HTTP Responses in Error Handling
**Issue**: The `apiError` function was only setting response headers without writing any response body, causing EOF errors when clients expected a complete HTTP response.
**Fix**: Updated `apiError` to write proper JSON error responses following the OCI Distribution Specification format with `code` and `message` fields.
### 4. Empty Config Blob Handling for OCI Artifacts
**Issue**: OCI artifacts often have empty config blobs (required by spec but contain no data). The JSON decoder was failing with EOF when trying to parse these empty configs.
**Fix**: Added EOF handling in `parseOCIImageConfig` to return a valid default metadata object for empty config blobs.
```go
if err := json.NewDecoder(r).Decode(&image); err != nil {
// Handle empty config blobs (common in OCI artifacts)
if err == io.EOF {
return &Metadata{
Type: TypeOCI,
Platform: DefaultPlatform,
}, nil
}
return nil, err
}
```
## Testing
Verified that ORAS artifact uploads now work correctly:
```bash
oras push registry/owner/package:artifacthub.io \
--config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
artifacthub-repo.yaml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
```
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8070
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
2025-06-09 10:14:53 +02:00
|
|
|
// Handle empty config blobs (common in OCI artifacts)
|
|
|
|
|
if err == io.EOF {
|
|
|
|
|
return &Metadata{
|
|
|
|
|
Type: TypeOCI,
|
|
|
|
|
Platform: DefaultPlatform,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
2022-03-30 10:42:47 +02:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
platform := DefaultPlatform
|
|
|
|
|
if image.OS != "" && image.Architecture != "" {
|
|
|
|
|
platform = fmt.Sprintf("%s/%s", image.OS, image.Architecture)
|
|
|
|
|
if image.Variant != "" {
|
|
|
|
|
platform = fmt.Sprintf("%s/%s", platform, image.Variant)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
imageLayers := make([]string, 0, len(image.History))
|
|
|
|
|
for _, history := range image.History {
|
|
|
|
|
cmd := history.CreatedBy
|
|
|
|
|
if i := strings.Index(cmd, "#(nop) "); i != -1 {
|
|
|
|
|
cmd = strings.TrimSpace(cmd[i+7:])
|
|
|
|
|
}
|
2022-09-27 15:03:24 +02:00
|
|
|
if cmd != "" {
|
|
|
|
|
imageLayers = append(imageLayers, cmd)
|
|
|
|
|
}
|
2022-03-30 10:42:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
metadata := &Metadata{
|
|
|
|
|
Type: TypeOCI,
|
|
|
|
|
Platform: platform,
|
|
|
|
|
Licenses: image.Config.Labels[labelLicenses],
|
|
|
|
|
ProjectURL: image.Config.Labels[labelURL],
|
|
|
|
|
RepositoryURL: image.Config.Labels[labelSource],
|
|
|
|
|
DocumentationURL: image.Config.Labels[labelDocumentation],
|
|
|
|
|
Description: image.Config.Labels[labelDescription],
|
|
|
|
|
Labels: image.Config.Labels,
|
|
|
|
|
ImageLayers: imageLayers,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if authors, ok := image.Config.Labels[labelAuthors]; ok {
|
|
|
|
|
metadata.Authors = []string{authors}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !validation.IsValidURL(metadata.ProjectURL) {
|
|
|
|
|
metadata.ProjectURL = ""
|
|
|
|
|
}
|
|
|
|
|
if !validation.IsValidURL(metadata.RepositoryURL) {
|
|
|
|
|
metadata.RepositoryURL = ""
|
|
|
|
|
}
|
|
|
|
|
if !validation.IsValidURL(metadata.DocumentationURL) {
|
|
|
|
|
metadata.DocumentationURL = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return metadata, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func parseHelmConfig(r io.Reader) (*Metadata, error) {
|
|
|
|
|
var config helm.Metadata
|
|
|
|
|
if err := json.NewDecoder(r).Decode(&config); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
metadata := &Metadata{
|
|
|
|
|
Type: TypeHelm,
|
|
|
|
|
Description: config.Description,
|
|
|
|
|
ProjectURL: config.Home,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(config.Maintainers) > 0 {
|
|
|
|
|
authors := make([]string, 0, len(config.Maintainers))
|
|
|
|
|
for _, maintainer := range config.Maintainers {
|
|
|
|
|
authors = append(authors, maintainer.Name)
|
|
|
|
|
}
|
|
|
|
|
metadata.Authors = authors
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(config.Sources) > 0 && validation.IsValidURL(config.Sources[0]) {
|
|
|
|
|
metadata.RepositoryURL = config.Sources[0]
|
|
|
|
|
}
|
|
|
|
|
if !validation.IsValidURL(metadata.ProjectURL) {
|
|
|
|
|
metadata.ProjectURL = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return metadata, nil
|
|
|
|
|
}
|
