Adding support for GHCR custom domains for using Github Enterprise

Author: David Collom

.dockerignore

@@ -0,0 +1,4 @@
+bin
+coverage.out
+*.md
+.git

cmd/app/options.go

@@ -37,6 +37,7 @@ const (
 	envGCRAccessToken = "GCR_TOKEN"
 
 	envGHCRAccessToken = "GHCR_TOKEN"
+	envGHCRHostname    = "GHCR_HOSTNAME"
 
 	envQuayToken = "QUAY_TOKEN"
 
@@ -207,6 +208,12 @@ func (o *Options) addAuthFlags(fs *pflag.FlagSet) {
 			"Personal Access token for read access to GHCR releases (%s_%s).",
 			envPrefix, envGHCRAccessToken,
 		))
+	fs.StringVar(&o.Client.GHCR.Hostname,
+		"gchr-hostname", "",
+		fmt.Sprintf(
+			"Override hostname for Github Enterprise instances (%s_%s).",
+			envPrefix, envGHCRHostname,
+		))
 	///
 
 	/// Quay
@@ -291,6 +298,7 @@ func (o *Options) complete() {
 		{envGCRAccessToken, &o.Client.GCR.Token},
 
 		{envGHCRAccessToken, &o.Client.GHCR.Token},
+		{envGHCRHostname, &o.Client.GHCR.Hostname},
 
 		{envQuayToken, &o.Client.Quay.Token},
 	} {

deploy/charts/version-checker/README.md

@@ -34,6 +34,7 @@ A Helm chart for version-checker
 | extraVolumeMounts | list | `[]` | Allow for extra Volume Mounts to version-checkers container |
 | extraVolumes | list | `[]` | Allow for extra Volumes to be associated to the pod |
 | gcr.token | string | `nil` | Access token for read access to private GCR registries |
+| ghcr.hostname | string | `nil` | Hostname for Github Enterprise to override the default ghcr domains. |
 | ghcr.token | string | `nil` | Personal Access token for read access to GHCR releases |
 | image.imagePullSecret | string | `nil` | Pull secrects - name of existing secret |
 | image.pullPolicy | string | `"IfNotPresent"` | Set the Image Pull Policy |

deploy/charts/version-checker/templates/secret.yaml

@@ -1,4 +1,5 @@
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.ghcr.hostname .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+---
 apiVersion: v1
 data:
   # ACR
@@ -43,6 +44,9 @@ data:
   {{- if .Values.ghcr.token }}
   ghcr.token: {{ .Values.ghcr.token | b64enc }}
   {{- end}}
+  {{- if .Values.ghcr.hostname }}
+  ghcr.hostname: {{ .Values.ghcr.hostname | b64enc }}
+  {{- end}}
 
   # Quay
   {{- if .Values.quay.token }}

deploy/charts/version-checker/values.yaml

@@ -88,6 +88,8 @@ gcr:
 ghcr:
   # -- (string) Personal Access token for read access to GHCR releases
   token:
+  # -- (string) Hostname for Github Enterprise to override the default ghcr domains.
+  hostname:
 
 # Quay.io Registry Credentials Configuration
 quay:

pkg/client/docker/docker.go

@@ -138,7 +138,7 @@ func (c *Client) doRequest(ctx context.Context, url string) (*TagResponse, error
 
 	resp, err := c.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get docker image: %s", err)
+		return nil, fmt.Errorf("failed to get %q image: %s", c.Name(), err)
 	}
 	defer resp.Body.Close()
 

pkg/client/gcr/gcr.go

@@ -58,7 +58,7 @@ func (c *Client) Tags(ctx context.Context, host, repo, image string) ([]api.Imag
 
 	resp, err := c.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get docker image: %w", err)
+		return nil, fmt.Errorf("failed to get %q image: %w", c.Name(), err)
 	}
 	defer resp.Body.Close()
 

pkg/client/ghcr/ghcr.go

@@ -6,13 +6,15 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/gofri/go-github-ratelimit/github_ratelimit"
-	"github.com/google/go-github/v62/github"
 	"github.com/jetstack/version-checker/pkg/api"
+
+	"github.com/gofri/go-github-ratelimit/github_ratelimit"
+	"github.com/google/go-github/v70/github"
 )
 
 type Options struct {
-	Token string
+	Token    string
+	Hostname string
 }
 
 type Client struct {
@@ -32,6 +34,12 @@ func New(opts Options) *Client {
 		panic(err)
 	}
 	client := github.NewClient(ghRateLimiter).WithAuthToken(opts.Token)
+	if opts.Hostname != "" {
+		client, err = client.WithEnterpriseURLs(fmt.Sprintf("https://%s/", opts.Hostname), fmt.Sprintf("https://%s/api/uploads/", opts.Hostname))
+		if err != nil {
+			panic(fmt.Errorf("setting enterprise URLs: %w", err))
+		}
+	}
 
 	return &Client{
 		client:     client,
@@ -87,8 +95,8 @@ func (c *Client) determineGetAllVersionsFunc(ctx context.Context, owner, repo st
 
 func (c *Client) buildPackageListOptions() *github.PackageListOptions {
 	return &github.PackageListOptions{
-		PackageType: github.String("container"),
-		State:       github.String("active"),
+		PackageType: github.Ptr("container"),
+		State:       github.Ptr("active"),
 		ListOptions: github.ListOptions{
 			PerPage: 100,
 		},
@@ -98,25 +106,28 @@ func (c *Client) buildPackageListOptions() *github.PackageListOptions {
 func (c *Client) extractImageTags(versions []*github.PackageVersion) []api.ImageTag {
 	var tags []api.ImageTag
 	for _, ver := range versions {
-		if len(ver.Metadata.Container.Tags) == 0 {
-			continue
-		}
+		if meta, ok := ver.GetMetadata(); ok {
 
-		sha := ""
-		if strings.HasPrefix(*ver.Name, "sha") {
-			sha = *ver.Name
-		}
-
-		for _, tag := range ver.Metadata.Container.Tags {
-			if c.shouldSkipTag(tag) {
+			if len(meta.Container.Tags) == 0 {
 				continue
 			}
 
-			tags = append(tags, api.ImageTag{
-				Tag:       tag,
-				SHA:       sha,
-				Timestamp: ver.CreatedAt.Time,
-			})
+			sha := ""
+			if strings.HasPrefix(*ver.Name, "sha") {
+				sha = *ver.Name
+			}
+
+			for _, tag := range meta.Container.Tags {
+				if c.shouldSkipTag(tag) {
+					continue
+				}
+
+				tags = append(tags, api.ImageTag{
+					Tag:       tag,
+					SHA:       sha,
+					Timestamp: ver.CreatedAt.Time,
+				})
+			}
 		}
 	}
 	return tags

pkg/client/ghcr/ghcr_test.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/google/go-github/v62/github"
+	"github.com/google/go-github/v70/github"
 	"github.com/jarcoal/httpmock"
 	"github.com/stretchr/testify/assert"
 )

pkg/client/ghcr/path.go

@@ -1,16 +1,27 @@
 package ghcr
 
 import (
+	"regexp"
 	"strings"
 )
 
+const (
+	HostRegTempl = `^(containers\.[a-zA-Z0-9-]+\.ghe\.com|ghcr\.io)$`
+)
+
+var HostReg = regexp.MustCompile(HostRegTempl)
+
 func (c *Client) IsHost(host string) bool {
 	// Package API requires Authentication
 	// This forces the Client to use the fallback method
 	if c.opts.Token == "" {
 		return false
 	}
-	return host == "ghcr.io"
+	// If we're using a custom hostname.
+	if c.opts.Hostname != "" && c.opts.Hostname == host {
+		return true
+	}
+	return HostReg.MatchString(host)
 }
 
 func (c *Client) RepoImageFromPath(path string) (string, string) {