allow adding additional tags to OCI index and manifests (#111)

* add a retry_on_error decoration for gardenlinux.oci

* add make targets test-debug and test-trace

adds the possibility to get debug logs for pytest
e.g. debug which OCI tags exist

* generate test data in a pythonic way

add create_test_data to conftest
remove generate_test_certificates from helper as it is on conftest already

* add gardenlinux.oci.registry.push_additional_tags_manifest

enables pushing additional tags to OCI manifest

* update gardenlinux.oci.registry.update_index

enables pushing additional tags to OCI index

* rename src/gardenlinux/oci/helper.py src/gardenlinux/oci/wrapper.py

Author: yeoldegrove

Makefile

@@ -46,6 +46,12 @@ install-test: install-dev
 test: install-test
 	$(POETRY) run pytest -k "not kms"
 
+test-debug: install-test
+	$(POETRY) run pytest -k "not kms" -vvv -s
+
+test-trace: install-test
+	$(POETRY) run pytest -k "not kms" -vvv --log-cli-level=DEBUG
+
 format: install-dev
 	$(POETRY) run black --extend-exclude test-data/gardenlinux .
 

poetry.lock

@@ -8,7 +8,7 @@ readme = "README.md"
 packages = [{include = "gardenlinux", from="src"}, {include = "python_gardenlinux_lib", from="src"}]
 
 [tool.poetry.dependencies]
-python = "^3.10"
+python = "^3.13"
 networkx = "^3.3"
 PyYAML = "^6.0.2"
 pytest = "^8.3.2"
@@ -19,11 +19,12 @@ oras = { git  = "https://github.com/oras-project/oras-py.git", rev="caf8db5b2793
 python-dotenv = "^1.0.1"
 cryptography = "^44.0.0"
 boto3 = "*"
+click = "^8.2.0"
+pygments = "^2.19.1"
 
 [tool.poetry.group.dev.dependencies]
 bandit = "^1.8.3"
 black = "^24.8.0"
-opencontainers = "^0.0.14"
 
 [tool.poetry.group.docs.dependencies]
 sphinx-rtd-theme = "^2.0.0"

pyproject.toml

@@ -166,3 +166,4 @@
 
 OCI_ANNOTATION_SIGNATURE_KEY = "io.gardenlinux.oci.signature"
 OCI_ANNOTATION_SIGNED_STRING_KEY = "io.gardenlinux.oci.signed-string"
+OCI_IMAGE_INDEX_MEDIA_TYPE = "application/vnd.oci.image.index.v1+json"

src/gardenlinux/constants.py

@@ -5,6 +5,8 @@
 
 from ..constants import ARCHS
 
+from .parser import Parser
+
 
 class CName(object):
     def __init__(self, cname, arch=None, version=None):
@@ -66,6 +68,10 @@ def commit_id(self) -> Optional[str]:
     def flavor(self) -> str:
         return self._flavor
 
+    @property
+    def feature_set(self) -> str:
+        return Parser().filter_as_string(self.flavor)
+
     @property
     def version(self) -> Optional[str]:
         return self._version

src/gardenlinux/features/cname.py

@@ -18,12 +18,17 @@
 
 
 class Parser(object):
+    _GARDENLINUX_ROOT: str = "."
+
     def __init__(
         self,
-        gardenlinux_root: str = ".",
-        feature_dir_name: str = "features",
+        gardenlinux_root: Optional[str] = None,
+        feature_dir_name: Optional[str] = "features",
         logger: Optional[logging.Logger] = None,
     ):
+        if gardenlinux_root is None:
+            gardenlinux_root = Parser._GARDENLINUX_ROOT
+
         feature_base_dir = os.path.join(gardenlinux_root, feature_dir_name)
 
         if not os.access(feature_base_dir, os.R_OK):
@@ -248,6 +253,10 @@ def filter_func(a, b):
     def _get_graph_node_type(node):
         return node.get("content", {}).get("type")
 
+    @staticmethod
+    def set_default_gardenlinux_root_dir(root_dir):
+        Parser._GARDENLINUX_ROOT = root_dir
+
     @staticmethod
     def sort_graph_nodes(graph):
         def key_function(node):

src/gardenlinux/features/parser.py

@@ -1 +1,8 @@
 # -*- coding: utf-8 -*-
+
+from .container import Container
+from .index import Index
+from .layer import Layer
+from .manifest import Manifest
+
+__all__ = ["Container", "Index", "Layer", "Manifest"]

src/gardenlinux/oci/__init__.py

@@ -5,7 +5,7 @@
 
 from pygments.lexer import default
 
-from .registry import GlociRegistry
+from .container import Container
 
 
 @click.group()
@@ -58,6 +58,12 @@ def cli():
     default=False,
     help="Use HTTP to communicate with the registry",
 )
+@click.option(
+    "--additional_tag",
+    required=False,
+    multiple=True,
+    help="Additional tag to push the manifest with",
+)
 def push_manifest(
     container,
     version,
@@ -68,19 +74,23 @@ def push_manifest(
     cosign_file,
     manifest_file,
     insecure,
+    additional_tag,
 ):
     """push artifacts from a dir to a registry, get the index-entry for the manifest in return"""
-    container_name = f"{container}:{version}"
-    registry = GlociRegistry(
-        container_name=container_name,
+    container = Container(
+        f"{container}:{version}",
         token=os.getenv("GL_CLI_REGISTRY_TOKEN"),
         insecure=insecure,
     )
-    digest = registry.push_from_dir(
-        arch, version, cname, directory, manifest_file, commit=commit
+
+    manifest = container.read_or_generate_manifest(cname, arch, version, commit)
+
+    container.push_manifest_and_artifacts_from_directory(
+        manifest, directory, manifest_file, additional_tag
     )
+
     if cosign_file:
-        print(digest, file=open(cosign_file, "w"))
+        print(manifest.digest, file=open(cosign_file, "w"))
 
 
 @cli.command()
@@ -108,15 +118,21 @@ def push_manifest(
     default=False,
     help="Use HTTP to communicate with the registry",
 )
-def update_index(container, version, manifest_folder, insecure):
+@click.option(
+    "--additional_tag",
+    required=False,
+    multiple=True,
+    help="Additional tag to push the index with",
+)
+def update_index(container, version, manifest_folder, insecure, additional_tag):
     """push a index entry from a list of files to an index"""
-    container_name = f"{container}:{version}"
-    registry = GlociRegistry(
-        container_name=container_name,
+    container = Container(
+        f"{container}:{version}",
         token=os.getenv("GL_CLI_REGISTRY_TOKEN"),
         insecure=insecure,
     )
-    registry.update_index(manifest_folder)
+
+    container.push_index_from_directory(manifest_folder, additional_tag)
 
 
 def main():