- Update version-bump config for processors
- gomajor to v0.14.0
- gosec to v2.21.4
- syft to v1.13.0
- actions/checkout to v4.2.0
- docker/build-push-action to v6.8.0
- github/codeql-action to v3.26.9
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- ECR Helper to latest commit
- GCloud Helper to v2.1.25
- securego/gosec to v2.21.1
- Alpine to 3.20.3
- Go to 1.23.1
- davidanson/markdonlint-cli2 to v0.14.0
- golang.org/x/sys to v0.25.0
- golang.org/x/term to v0.24.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
A seek to the current location is used to monitor the progress, making it possible for the callback to panic from a data race.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Breaking: config.Host.Throttle() has been removed. Use scheme.Throttler instead.
Ideally the config should only have static config values.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
The current retry limits are imposed at the host level. This change prevents a single request from too many retries for various reasons, including flaky connections and logic loops in the code.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions/upload-artifact to v4.3.6
- anchore/sbom-action to v0.17.1
- docker/build-push-action to v6.7.0
- github/codeql-action to v3.26.3
- sigstore/cosign-installer to v3.6.0
- ECR credential helper to latest commit
- dominikh/go-tools to v0.5.1
- google/osv-scanner to v1.8.3
- sigstore/cosign to v2.4.0
- anchore/syft to v1.11.1
- Go to 1.21 - 1.23 (dropping 1.20 support)
- Zot to v2.1.1
- olareg to v0.1.1
- golang.org/x/sys to v0.24.0
- golang.org/x/term to v0.23.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
A registry server that is just a redirect to a real server that requires auth will now work.
Previously, auth was only sent to the first server, now it is only sent to the server that performed the auth.
The auth package itself was also refactored a bit, removing unneeded interfaces and reducing exported fields.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Logging in transport allows better debugging of each request, including redirects
- Backoff redesign better handles failed requests and slows down all requests
- Default rate limit is now removed
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Priority queue algorithm prefers a small entry (non-blob API), and 50/50 split of largest and oldest queued entries.
- Image reorder starts the blob copies sooner to avoid blocking on the tag listing for referrers or digest tags.
- pqueue.AcquireMulti releases queues in reverse order to minimize risk of an acquire blocked by a soon to release queue.
- Include type and size in the request for priority queue.
- Use expected request size to validate response.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Do not export next method.
- Document exported methods.
- Arbitrary seek is allowed since digest is not calculated here.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Breaking: This removes an undocumented API for deleting images from Hub.
Users that depend on that functionality should consider a Docker Hub alternative like hub-tool.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Breaking: Update scheme to use pqueue instead of throttle.
This is the first step to redesign the network requests for more efficiency.
Library users are unlikely to encounter issues with the scheme change since
both throttle and pqueue are internal packages, so it shouldn't be possible
to call their methods directly or specify their types in variables.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Some registries do not include the docker digest headers.
This should support referrers listing by tag on those registries.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
