Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update subst.go #13

Closed
wants to merge 24 commits into from
Closed

Update subst.go #13

wants to merge 24 commits into from

Conversation

hilmarf
Copy link
Owner

@hilmarf hilmarf commented Dec 19, 2024

What this PR does / why we need it

Which issue(s) this PR fixes

hilmarf and others added 17 commits January 7, 2025 17:01
@hilmarf
make generate
ea86379
@Skarlso
fix: do not handle root folder and the . folder (open-component-model…
5cc70b2 
…#1229)

<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it

#### Which issue(s) this PR fixes

Related to
open-component-model/ocm-project#359

Signed-off-by: Gergely Brautigam <[email protected]>
@jakobmoellerdev
feat(normalisation): jsonNormalisation/v3 and fixes to jsonNormalisat…
a93ecca 
…ion/v1 as well as jsonNormalisation/v2 (open-component-model#1218)

<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it

Package jsonv3 provides a normalization which is completely based on the
abstract (internal) version of the component descriptor and is therefore
agnostic of the final serialization format. Signatures using this
algorithm can be transferred among different schema versions, as long as
is able to handle the complete information using for the normalization.
jsonv2 is the predecessor of this version but had internal defaulting
logic that is no longer included as part of this normalization. Thus v3
should be preferred over v2. Note that between v2 and v3 differences can
occur mainly if the "extra identity" field is not unique, in which case
the v2 normalization opinionated on how to differentiate these items.
This no longer happens in v3, meaning the component descriptor is
normalized as is.

v2 and v1 were adjusted to accomodate the old(but new because forgotten)
legacy behavior in legacy.go. Without this, old signatures would not
work. This means this should be (at least partially) back-ported to the
last minor versioned released without this correction.

#### Which issue(s) this PR fixes
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
This issue fixes open-component-model#1214
and supercedes open-component-model#1217 as
a better solution longterm (by getting rid of the old normalization) and
shortterm (by achieving full backwards compatibility + introducing a
simple test case)

Note that this changes the default normalization algorithm to be
`jsonNormalisation/v3` instead of `jsonNormalisation/v1` as it is
important for users to migrate as soon as possible.
@jakobmoellerdev @Skarlso
feat: jfrog plugin + helm upload handler (open-component-model#1167)
ada5381 
<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it

Implements a JFrog Plugin that contains an uploader that is able to
upload to JFrog Helm Chart Repositories (different from OCI).

Example Reference Upload configuration:

```yaml
- type: credentials.config.ocm.software
  consumers:
  - identity:
      type: JFrogHelm
      hostname: int.repositories.cloud.sap
    credentials:
    - type: Credentials/v1
      properties:
        username: "your-user-here"
        password: "your-token-here"
- type: uploader.ocm.config.ocm.software
  registrations:
  - name: plugin/jfrog/JFrogHelm
    artifactType: helmChart
    priority: 200
    config:
      type: JFrogHelm/v1alpha1
      url: "your-artifactory-url-here"
      repository: "your-repository-here"
      # reindexAfterUpload: true # in case you want to force a reindex, requires admin repository credentials, off by default
```

The plugin will be installable with 

`ocm install plugin
ghcr.io/open-component-model/ocm//ocm.software/plugins/jfrogplugin`

as it is added to our parallel build list.

Since during development (while this PR does not get merged and we dont
have an RC) you cannot use this command, you can choose to either push
your own version of the plugin (there are commands in the new makefile),
or you can run (also in the new makefile):

```
make -C components/jfrogplugin install
```

which will do a build and install locally so you can use it without
fetching it remotely

Once added, you can run something like

```
ocm plugin get jfrog -oyaml
---
element:
  description: "ALPHA GRADE plugin providing custom functions related to interacting
    with JFrog Repositories (e.g. Artifactory).\n\nThis plugin is solely for interacting
    with JFrog Servers and cannot be used for generic repository types.\nThus, you
    should only consider this plugin if\n- You need to use a JFrog specific API\n-
    You cannot use any of the generic (non-jfrog) implementations.\n\nExamples:\n\nYou
    can configure the JFrog plugin as an Uploader in an ocm config file with:\n\n-
    type: uploader.ocm..config.ocm.software\n  registrations:\n  - name: plugin/jfrog/JFrogHelm\n
    \   artifactType: helmChart\n    priority: 200 # must be > 100 to be used over
    the default handler\n    config:\n      type: JFrogHelm/v1alpha1\n      # this
    is only a sample JFrog Server URL, do NOT append /artifactory\n      url: int.repositories.ocm.software
    \n      repository: ocm-helm-test\n"
  forwardLogging: true
  pluginName: jfrog
  pluginVersion: 0.20.0-dev+962ef1469035fbd7b855dff1ccb6ddfc06269745
  shortDescription: jfrog plugin
  uploaders:
  - constraints:
    - artifactType: helmChart
      contextType: ""
      mediaType: ""
      repositoryType: ""
    description: upload artifacts to JFrog HELM repositories by using the JFrog REST
      API.
    name: JFrogHelm
  version: v1
```

to introspect it.

The plugin is now able to be used by OCM.


The plugin registers itself for the mediaTypes of a Helm Chart TGZ as
well as OCI artifacts to convert them. Notably, the OCI artifact
conversion is lossy because the provenance data is omitted, so back and
forth conversion while maintaining digests might not always be possible
in a fully trusted environment

#### Which issue(s) this PR fixes
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->

fix open-component-model#1116

---------

Co-authored-by: Gergely Brautigam <[email protected]>
@hilmarf
chore: it's the year 2025 now! (open-component-model#1232)
4516eae
@hilmarf
Merge branch 'main' into fix/codespell_findings
ac5631e
@hilmarf
fix more
a1c2189
@hilmarf
valuemergehandler
4ef22c2
@hilmarf
getOutput
2497fe2
@hilmarf
codespell:ignore
5eeb935
@hilmarf
jfrogplugin
49145f0
@hilmarf
expressionNode
3f7944c
@hilmarf
ocmcmds
a594c9c
@hilmarf
is not
29c847e
@hilmarf
codespell:ignore
d4c58c4
@hilmarf
entry
024070b
@hilmarf
rm genericocireg_test
7dbee0d
@hilmarf hilmarf closed this Jan 9, 2025
@hilmarf hilmarf deleted the fix/codespell_findings branch January 10, 2025 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hilmarf @Skarlso @jakobmoellerdev