Skip to content

Commit

Permalink
De-duplicate attachment of OCI artifacts
Browse files Browse the repository at this point in the history 
In PSSECAUT-605, a user reports that there is some funny behavior that
is likely due to us invoking oras attach *twice* here.

There's no good reason to do it twice. Let's instead invoke it once,
without specifying the distribution spec, and let oras choose for us.
  • Loading branch information
@ralphbean
ralphbean committed Sep 22, 2024
1 parent cccb488 commit c746a25
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 12 deletions.
6 changes: 2 additions & 4 deletions task/clamav-scan/0.1/clamav-scan.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,10 +197,8 @@ spec:
echo "Selecting auth"
select-oci-auth $IMAGE_URL > $HOME/auth.json
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers API"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-api --artifact-type application/vnd.clamav "${IMAGE_URL}" "${args[@]}"
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers Tag"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-tag --artifact-type application/vnd.clamav "${IMAGE_URL}" "${args[@]}"
echo "Attaching to ${IMAGE_URL}"
oras attach --no-tty --registry-config "$HOME/auth.json" --artifact-type application/vnd.clamav "${IMAGE_URL}" "${args[@]}"
volumeMounts:
- mountPath: /work
name: work
Expand Down
6 changes: 2 additions & 4 deletions task/sast-snyk-check-oci-ta/0.2/sast-snyk-check-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,5 @@ spec:
echo "Selecting auth"
select-oci-auth $IMAGE_URL >$HOME/auth.json
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers API"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-api --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers Tag"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-tag --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
echo "Attaching to ${IMAGE_URL}"
oras attach --no-tty --registry-config "$HOME/auth.json" --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
6 changes: 2 additions & 4 deletions task/sast-snyk-check/0.2/sast-snyk-check.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,9 +122,7 @@ spec:
echo "Selecting auth"
select-oci-auth $IMAGE_URL > $HOME/auth.json
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers API"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-api --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers Tag"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-tag --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
echo "Attaching to ${IMAGE_URL}"
oras attach --no-tty --registry-config "$HOME/auth.json" --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
workspaces:
- name: workspace

0 comments on commit c746a25

Please sign in to comment.