Skip to content

Commit

Permalink
Merge branch 'main' into add-final-blackduck-version
Browse files Browse the repository at this point in the history
  • Loading branch information
morri-son authored Oct 10, 2023
2 parents 20aedc8 + a5e2012 commit f4d09b4
Show file tree
Hide file tree
Showing 17 changed files with 166 additions and 14 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/blackduck_scan.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Blackduck Scan
name: Blackduck Scan PR
on:
pull_request:
branches: [main]
Expand All @@ -10,8 +10,10 @@ permissions:
checks: write

jobs:
build:
runs-on: [ ubuntu-latest ]
blackduck:
name: Black Duck SCA
runs-on: [ubuntu-latest]
- ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v3
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.5.0-dev
0.5.0-dev
9 changes: 8 additions & 1 deletion cmds/ocm/commands/ocmcmds/common/inputs/types/docker/spec.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
package docker

import (
"github.com/open-component-model/ocm/pkg/contexts/oci"
"github.com/open-component-model/ocm/pkg/contexts/oci/annotations"
"k8s.io/apimachinery/pkg/util/validation/field"

"github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/inputs"
Expand Down Expand Up @@ -64,7 +66,12 @@ func (s *Spec) GetBlob(ctx inputs.Context, info inputs.InputResourceInfo) (acces
if version == "" || version == "latest" {
version = info.ComponentVersion.GetVersion()
}
blob, err := artifactset.SynthesizeArtifactBlob(ns, version)
blob, err := artifactset.SynthesizeArtifactBlob(ns, version,
func(art oci.ArtifactAccess) error {
art.Artifact().SetAnnotation(annotations.COMPVERS_ANNOTATION, info.ComponentVersion.String())
return nil
},
)
if err != nil {
return nil, "", err
}
Expand Down
3 changes: 3 additions & 0 deletions cmds/ocm/commands/ocmcmds/common/inputs/types/docker/type.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package docker

import (
"github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/inputs"
"github.com/open-component-model/ocm/pkg/contexts/oci/annotations"
)

const TYPE = "docker"
Expand All @@ -17,6 +18,8 @@ func init() {
const usage = `
The path must denote an image tag that can be found in the local
docker daemon. The denoted image is packed as OCI artifact set.
The OCI image will contain an informational back link to the component version
using the manifest annotation <code>` + annotations.COMPVERS_ANNOTATION + `</code>.
This blob type specification supports the following fields:
- **<code>path</code>** *string*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package dockermulti
import (
"fmt"

"github.com/open-component-model/ocm/pkg/contexts/oci/annotations"
. "github.com/open-component-model/ocm/pkg/finalizer"

"github.com/opencontainers/go-digest"
Expand Down Expand Up @@ -102,6 +103,8 @@ func (s *Spec) GetBlob(ctx inputs.Context, info inputs.InputResourceInfo) (acces
index := artdesc.NewIndexArtifact()
i := 0

index.SetAnnotation(annotations.COMPVERS_ANNOTATION, info.ComponentVersion.String())

feedback := func(blob accessio.BlobAccess, art cpi.ArtifactAccess) error {
desc := artdesc.DefaultBlobDescriptor(blob)
if art.IsManifest() {
Expand Down Expand Up @@ -157,6 +160,7 @@ func (s *Spec) GetBlob(ctx inputs.Context, info inputs.InputResourceInfo) (acces
art, err = s.getVariant(ctx, &finalize, s.Variants[i])

if err == nil {
art.Artifact().SetAnnotation(annotations.COMPVERS_ANNOTATION, info.ComponentVersion.String())
blob, err = art.Blob()
if err == nil {
finalize.Close(art)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package dockermulti

import (
"github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/inputs"
"github.com/open-component-model/ocm/pkg/contexts/oci/annotations"
)

const TYPE = "dockermulti"
Expand All @@ -18,7 +19,10 @@ const usage = `
This input type describes the composition of a multi-platform OCI image.
The various variants are taken from the local docker daemon. They should be
built with the buildx command for cross platform docker builds.
The denoted images, as well as the wrapping image index is packed as OCI artifact set.
The denoted images, as well as the wrapping image index is packed as OCI
artifact set.
They will contain an informational back link to the component version
using the manifest annotation <code>` + annotations.COMPVERS_ANNOTATION + `</code>.
This blob type specification supports the following fields:
- **<code>variants</code>** *[]string*
Expand Down
4 changes: 2 additions & 2 deletions docs/names/labels.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ of label names:
Their format is described by the following regexp:

```regex
[a-z][a-zA-Z0-9]*
[a-z][-a-zA-Z0-9]*
```

- vendor specific labels
Expand All @@ -53,7 +53,7 @@ of label names:
So, the complete pattern looks as follows:

```
<DNS domain name>/[a-z][a-zA-Z0-9]*
<DNS domain name>/[a-z][-a-zA-Z0-9]*
```

Every label must define a specification of its attributes,
Expand Down
7 changes: 6 additions & 1 deletion docs/reference/ocm_add_resource-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,8 @@ with the field <code>type</code> in the <code>input</code> field:

The path must denote an image tag that can be found in the local
docker daemon. The denoted image is packed as OCI artifact set.
The OCI image will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>path</code>** *string*
Expand All @@ -258,7 +260,10 @@ with the field <code>type</code> in the <code>input</code> field:
This input type describes the composition of a multi-platform OCI image.
The various variants are taken from the local docker daemon. They should be
built with the buildx command for cross platform docker builds.
The denoted images, as well as the wrapping image index is packed as OCI artifact set.
The denoted images, as well as the wrapping image index is packed as OCI
artifact set.
They will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>variants</code>** *[]string*
Expand Down
7 changes: 6 additions & 1 deletion docs/reference/ocm_add_resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,8 @@ with the field <code>type</code> in the <code>input</code> field:

The path must denote an image tag that can be found in the local
docker daemon. The denoted image is packed as OCI artifact set.
The OCI image will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>path</code>** *string*
Expand All @@ -268,7 +270,10 @@ with the field <code>type</code> in the <code>input</code> field:
This input type describes the composition of a multi-platform OCI image.
The various variants are taken from the local docker daemon. They should be
built with the buildx command for cross platform docker builds.
The denoted images, as well as the wrapping image index is packed as OCI artifact set.
The denoted images, as well as the wrapping image index is packed as OCI
artifact set.
They will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>variants</code>** *[]string*
Expand Down
7 changes: 6 additions & 1 deletion docs/reference/ocm_add_source-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,8 @@ with the field <code>type</code> in the <code>input</code> field:

The path must denote an image tag that can be found in the local
docker daemon. The denoted image is packed as OCI artifact set.
The OCI image will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>path</code>** *string*
Expand All @@ -258,7 +260,10 @@ with the field <code>type</code> in the <code>input</code> field:
This input type describes the composition of a multi-platform OCI image.
The various variants are taken from the local docker daemon. They should be
built with the buildx command for cross platform docker builds.
The denoted images, as well as the wrapping image index is packed as OCI artifact set.
The denoted images, as well as the wrapping image index is packed as OCI
artifact set.
They will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>variants</code>** *[]string*
Expand Down
7 changes: 6 additions & 1 deletion docs/reference/ocm_add_sources.md
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,8 @@ with the field <code>type</code> in the <code>input</code> field:

The path must denote an image tag that can be found in the local
docker daemon. The denoted image is packed as OCI artifact set.
The OCI image will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>path</code>** *string*
Expand All @@ -265,7 +267,10 @@ with the field <code>type</code> in the <code>input</code> field:
This input type describes the composition of a multi-platform OCI image.
The various variants are taken from the local docker daemon. They should be
built with the buildx command for cross platform docker builds.
The denoted images, as well as the wrapping image index is packed as OCI artifact set.
The denoted images, as well as the wrapping image index is packed as OCI
artifact set.
They will contain an informational back link to the component version
using the manifest annotation <code>software.ocm/component-version</code>.

This blob type specification supports the following fields:
- **<code>variants</code>** *[]string*
Expand Down
27 changes: 27 additions & 0 deletions pkg/contexts/oci/annotations/annotations.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
// SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Open Component Model contributors.
//
// SPDX-License-Identifier: Apache-2.0

package annotations

import (
"github.com/open-component-model/ocm/pkg/contexts/oci/repositories/artifactset"
)

// MAINARTIFACT_ANNOTATION is the name of the OCI manifest annotation used to describe
// the main artifact identity in an artifact set..
const MAINARTIFACT_ANNOTATION = artifactset.MAINARTIFACT_ANNOTATION

// TAGS_ANNOTATION is the name of the OCI manifest annotation used to describe a set of
// tags assigned to a manifest in an artifact set.
const TAGS_ANNOTATION = artifactset.TAGS_ANNOTATION

const TYPE_ANNOTATION = artifactset.TYPE_ANNOTATION

// OCITAG_ANNOTATION is the name of the OCI manifest annotation used to describe a tag.
const OCITAG_ANNOTATION = artifactset.OCITAG_ANNOTATION

// COMPVERS_ANNOTATION is the name of the OCI manifest annotation used to describe
// the OCM identity of the origin of an OCI artifact. This is the identity of a
// component version `<component name>:<component version>`.
const COMPVERS_ANNOTATION = "software.ocm/component-version"
41 changes: 41 additions & 0 deletions pkg/contexts/oci/artdesc/artifact.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,47 @@ func (d *Artifact) Manifest() *Manifest {
return d.manifest
}

func (d *Artifact) SetAnnotation(name, value string) error {
return d.modifyAnnotation(func(annos *map[string]string) {
if *annos == nil {
*annos = map[string]string{}
}
(*annos)[name] = value
})
}

func (d *Artifact) DeleteAnnotation(name string) error {
return d.modifyAnnotation(func(annos *map[string]string) {
if *annos == nil {
return
}
delete(*annos, name)
if len(*annos) == 0 {
*annos = nil
}
})
}

func (d *Artifact) modifyAnnotation(mod func(annos *map[string]string)) error {
var annos map[string]string

switch {
case d.manifest != nil:
annos = d.manifest.Annotations
case d.index != nil:
annos = d.index.Annotations
default:
return errors.Newf("void artifact access")
}
mod(&annos)
if d.manifest != nil {
d.manifest.Annotations = annos
} else {
d.index.Annotations = annos
}
return nil
}

func (d *Artifact) ToBlobAccess() (accessio.BlobAccess, error) {
if d.IsManifest() {
return d.manifest.ToBlobAccess()
Expand Down
17 changes: 17 additions & 0 deletions pkg/contexts/oci/artdesc/index.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,23 @@ func (i *Index) MimeType() string {
return ArtifactMimeType(i.MediaType, MediaTypeImageIndex, legacy)
}

func (i *Index) SetAnnotation(name, value string) {
if i.Annotations == nil {
i.Annotations = map[string]string{}
}
i.Annotations[name] = value
}

func (i *Index) DeleteAnnotation(name string) {
if i.Annotations == nil {
return
}
delete(i.Annotations, name)
if len(i.Annotations) == 0 {
i.Annotations = nil
}
}

func (i *Index) ToBlobAccess() (accessio.BlobAccess, error) {
i.MediaType = i.MimeType()
data, err := json.Marshal(i)
Expand Down
17 changes: 17 additions & 0 deletions pkg/contexts/oci/artdesc/manifest.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,23 @@ func (m *Manifest) ToBlobAccess() (accessio.BlobAccess, error) {
return accessio.BlobAccessForData(m.MediaType, data), nil
}

func (m *Manifest) SetAnnotation(name, value string) {
if m.Annotations == nil {
m.Annotations = map[string]string{}
}
m.Annotations[name] = value
}

func (m *Manifest) DeleteAnnotation(name string) {
if m.Annotations == nil {
return
}
delete(m.Annotations, name)
if len(m.Annotations) == 0 {
m.Annotations = nil
}
}

////////////////////////////////////////////////////////////////////////////////

func DecodeManifest(data []byte) (*Manifest, error) {
Expand Down
11 changes: 10 additions & 1 deletion pkg/contexts/oci/repositories/artifactset/utils_synthesis.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,24 @@ func TransferArtifact(art cpi.ArtifactAccess, set cpi.ArtifactSink, tags ...stri
return transfer.TransferArtifact(art, set, tags...)
}

type ArtifactModifier func(access cpi.ArtifactAccess) error

// SynthesizeArtifactBlob synthesizes an artifact blob incorporating all side artifacts.
// To support extensions like cosign, we need the namespace access her to find
// additionally objects associated by tags.
func SynthesizeArtifactBlob(ns cpi.NamespaceAccess, ref string) (ArtifactBlob, error) {
func SynthesizeArtifactBlob(ns cpi.NamespaceAccess, ref string, mod ...ArtifactModifier) (ArtifactBlob, error) {
art, err := ns.GetArtifact(ref)
if err != nil {
return nil, GetArtifactError{Original: err, Ref: ref}
}
defer art.Close()

for _, m := range mod {
err = m(art)
if err != nil {
return nil, err
}
}
return SynthesizeArtifactBlobForArtifact(art, ref)
}

Expand Down
3 changes: 2 additions & 1 deletion pkg/contexts/oci/repositories/ocireg/repository.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,8 +143,9 @@ func (r *RepositoryImpl) getResolver(comp string) (resolve.Resolver, error) {
return "", "", nil
},
DefaultScheme: r.info.Scheme,
//nolint:gosec // used like the default, there are OCI servers (quay.io) not working with min version.
DefaultTLS: &tls.Config{
MinVersion: tls.VersionTLS13,
// MinVersion: tls.VersionTLS13,
RootCAs: func() *x509.CertPool {
var rootCAs *x509.CertPool
if creds != nil {
Expand Down

0 comments on commit f4d09b4

Please sign in to comment.