Adding support for GHCR custom domains for using Github Enterprise

.dockerignore

@@ -0,0 +1,4 @@
+bin
+coverage.out
+*.md
+.git

.github/workflows/build-test.yaml

@@ -2,9 +2,7 @@ name: Test & Build
 on:
   pull_request:
     branches:
-      - 'main'
-    paths:
-      - "!README.md"
+      - "main"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -13,9 +11,9 @@ concurrency:
 jobs:
   lint:
     permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
-      checks: write  # for golangci/golangci-lint-action to annotate Pull Requests
+      contents: read # for actions/checkout to fetch code
+      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
+      checks: write # for golangci/golangci-lint-action to annotate Pull Requests
     name: Lint Go code
     runs-on: ubuntu-latest
     steps:
@@ -26,7 +24,7 @@ jobs:
         with:
           go-version-file: go.mod
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837      # v6.5.0
+        uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0
         with:
           version: v1.54
           args: --timeout 10m --exclude SA5011 --verbose --issues-exit-code=0
@@ -39,40 +37,41 @@ jobs:
       - id: govulncheck
         uses: golang/govulncheck-action@v1
         with:
-           go-version-file: go.mod
-           go-package: ./...
+          go-version-file: go.mod
+          go-package: ./...
 
   test:
     name: Run unit tests for Go packages
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4 # v3.5.3
-    - name: Setup Go
-      uses: actions/setup-go@v5
-      with:
-        go-version-file: go.mod
+      - name: Checkout code
+        uses: actions/checkout@v4 # v3.5.3
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
 
-    - name: Download and required packages
-      run: |
-        make deps
+      - name: Download and required packages
+        run: |
+          make deps
 
-    - name: Run all unit tests
-      run: make test
+      - name: Run all unit tests
+        run: make test
 
-    - name: check test coverage
-      uses: vladopajic/go-test-coverage@v2
-      with:
-        config: ./.testcoverage.yml
+      - name: check test coverage
+        uses: vladopajic/go-test-coverage@v2
+        with:
+          config: ./.testcoverage.yml
 
-    - name: Trigger Coverage update
-      uses: ./coverage-badge.yaml
+      - name: Trigger Coverage update
+        uses: ./.github/workflows/coverage-badge.yaml
+        continue-on-error: true
 
-    - name: Generate code coverage artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: code-coverage
-        path: coverage.out
+      - name: Generate code coverage artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: code-coverage
+          path: coverage.out
 
   build:
     needs:
@@ -87,33 +86,33 @@ jobs:
           - linux/arm64
     name: Build Images
     steps:
-    - name: Checkout code
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      with:
-        platforms: ${{ matrix.platform }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: ${{ matrix.platform }}
 
-    - name: Build Images
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        platforms: ${{ matrix.platform }}
-        load: true
-        push: false
-        tags: quay.io/jetstack/version-checker:${{github.sha}}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
+      - name: Build Images
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: ${{ matrix.platform }}
+          load: true
+          push: false
+          tags: quay.io/jetstack/version-checker:${{github.sha}}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/[email protected]
-      with:
-        image-ref: 'quay.io/jetstack/version-checker:${{github.sha}}'
-        format: 'table'
-        exit-code: '1'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: "quay.io/jetstack/version-checker:${{github.sha}}"
+          format: "table"
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"

.github/workflows/release.yaml

@@ -12,7 +12,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  prepair-release:
+  prepare-release:
     # Don't push back to a tag!
     if: ${{ !startsWith(github.ref, 'refs/tags/') }}
     name: Prepair release
@@ -108,7 +108,6 @@ jobs:
           get_diff: false
           allow_no_diff: false
 
-
   helm-release:
     runs-on: ubuntu-latest
     steps:
@@ -158,7 +157,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
-          platforms: ${{ matrix.platform }}
+          platforms: linux/amd64,linux/arm64
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3

cmd/app/options.go

@@ -37,6 +37,7 @@ const (
 	envGCRAccessToken = "GCR_TOKEN"
 
 	envGHCRAccessToken = "GHCR_TOKEN"
+	envGHCRHostname    = "GHCR_HOSTNAME"
 
 	envQuayToken = "QUAY_TOKEN"
 
@@ -207,6 +208,12 @@ func (o *Options) addAuthFlags(fs *pflag.FlagSet) {
 			"Personal Access token for read access to GHCR releases (%s_%s).",
 			envPrefix, envGHCRAccessToken,
 		))
+	fs.StringVar(&o.Client.GHCR.Hostname,
+		"gchr-hostname", "",
+		fmt.Sprintf(
+			"Override hostname for Github Enterprise instances (%s_%s).",
+			envPrefix, envGHCRHostname,
+		))
 	///
 
 	/// Quay
@@ -291,6 +298,7 @@ func (o *Options) complete() {
 		{envGCRAccessToken, &o.Client.GCR.Token},
 
 		{envGHCRAccessToken, &o.Client.GHCR.Token},
+		{envGHCRHostname, &o.Client.GHCR.Hostname},
 
 		{envQuayToken, &o.Client.Quay.Token},
 	} {

deploy/charts/version-checker/README.md

@@ -34,6 +34,7 @@ A Helm chart for version-checker
 | extraVolumeMounts | list | `[]` | Allow for extra Volume Mounts to version-checkers container |
 | extraVolumes | list | `[]` | Allow for extra Volumes to be associated to the pod |
 | gcr.token | string | `nil` | Access token for read access to private GCR registries |
+| ghcr.hostname | string | `nil` | Hostname for Github Enterprise to override the default ghcr domains. |
 | ghcr.token | string | `nil` | Personal Access token for read access to GHCR releases |
 | image.imagePullSecret | string | `nil` | Pull secrects - name of existing secret |
 | image.pullPolicy | string | `"IfNotPresent"` | Set the Image Pull Policy |

deploy/charts/version-checker/templates/secret.yaml

@@ -1,4 +1,5 @@
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.ghcr.hostname .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+---
 apiVersion: v1
 data:
   # ACR
@@ -43,6 +44,9 @@ data:
   {{- if .Values.ghcr.token }}
   ghcr.token: {{ .Values.ghcr.token | b64enc }}
   {{- end}}
+  {{- if .Values.ghcr.hostname }}
+  ghcr.hostname: {{ .Values.ghcr.hostname | b64enc }}
+  {{- end}}
 
   # Quay
   {{- if .Values.quay.token }}

deploy/charts/version-checker/values.yaml

@@ -88,6 +88,8 @@ gcr:
 ghcr:
   # -- (string) Personal Access token for read access to GHCR releases
   token:
+  # -- (string) Hostname for Github Enterprise to override the default ghcr domains.
+  hostname:
 
 # Quay.io Registry Credentials Configuration
 quay:

go.mod

@@ -32,9 +32,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.59
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.41.0
 	github.com/gofri/go-github-ratelimit v1.1.0
-	github.com/google/go-cmp v0.6.0
+	github.com/google/go-cmp v0.7.0
 	github.com/google/go-containerregistry v0.20.3
-	github.com/google/go-github/v62 v62.0.0
+	github.com/google/go-github/v70 v70.0.0
 	github.com/jarcoal/httpmock v1.3.1
 	github.com/stretchr/testify v1.10.0
 )

go.sum

@@ -101,12 +101,12 @@ github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63Kqpo
 github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI=
 github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI=
-github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4=
-github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4=
+github.com/google/go-github/v70 v70.0.0 h1:/tqCp5KPrcvqCc7vIvYyFYTiCGrYvaWoYMGHSQbo55o=
+github.com/google/go-github/v70 v70.0.0/go.mod h1:xBUZgo8MI3lUL/hwxl3hlceJW1U8MVnXP3zUyI+rhQY=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

pkg/client/docker/docker.go

@@ -138,7 +138,7 @@ func (c *Client) doRequest(ctx context.Context, url string) (*TagResponse, error
 
 	resp, err := c.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get docker image: %s", err)
+		return nil, fmt.Errorf("failed to get %q image: %s", c.Name(), err)
 	}
 	defer resp.Body.Close()
 

pkg/client/gcr/gcr.go

@@ -58,7 +58,7 @@ func (c *Client) Tags(ctx context.Context, host, repo, image string) ([]api.Imag
 
 	resp, err := c.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get docker image: %w", err)
+		return nil, fmt.Errorf("failed to get %q image: %w", c.Name(), err)
 	}
 	defer resp.Body.Close()
 

pkg/client/ghcr/ghcr.go

@@ -6,13 +6,15 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/gofri/go-github-ratelimit/github_ratelimit"
-	"github.com/google/go-github/v62/github"
 	"github.com/jetstack/version-checker/pkg/api"
+
+	"github.com/gofri/go-github-ratelimit/github_ratelimit"
+	"github.com/google/go-github/v70/github"
 )
 
 type Options struct {
-	Token string
+	Token    string
+	Hostname string
 }
 
 type Client struct {
@@ -32,6 +34,12 @@ func New(opts Options) *Client {
 		panic(err)
 	}
 	client := github.NewClient(ghRateLimiter).WithAuthToken(opts.Token)
+	if opts.Hostname != "" {
+		client, err = client.WithEnterpriseURLs(fmt.Sprintf("https://%s/", opts.Hostname), fmt.Sprintf("https://%s/api/uploads/", opts.Hostname))
+		if err != nil {
+			panic(fmt.Errorf("setting enterprise URLs: %w", err))
+		}
+	}
 
 	return &Client{
 		client:     client,
@@ -87,8 +95,8 @@ func (c *Client) determineGetAllVersionsFunc(ctx context.Context, owner, repo st
 
 func (c *Client) buildPackageListOptions() *github.PackageListOptions {
 	return &github.PackageListOptions{
-		PackageType: github.String("container"),
-		State:       github.String("active"),
+		PackageType: github.Ptr("container"),
+		State:       github.Ptr("active"),
 		ListOptions: github.ListOptions{
 			PerPage: 100,
 		},
@@ -98,25 +106,28 @@ func (c *Client) buildPackageListOptions() *github.PackageListOptions {
 func (c *Client) extractImageTags(versions []*github.PackageVersion) []api.ImageTag {
 	var tags []api.ImageTag
 	for _, ver := range versions {
-		if len(ver.Metadata.Container.Tags) == 0 {
-			continue
-		}
+		if meta, ok := ver.GetMetadata(); ok {
 
-		sha := ""
-		if strings.HasPrefix(*ver.Name, "sha") {
-			sha = *ver.Name
-		}
-
-		for _, tag := range ver.Metadata.Container.Tags {
-			if c.shouldSkipTag(tag) {
+			if len(meta.Container.Tags) == 0 {
 				continue
 			}
 
-			tags = append(tags, api.ImageTag{
-				Tag:       tag,
-				SHA:       sha,
-				Timestamp: ver.CreatedAt.Time,
-			})
+			sha := ""
+			if strings.HasPrefix(*ver.Name, "sha") {
+				sha = *ver.Name
+			}
+
+			for _, tag := range meta.Container.Tags {
+				if c.shouldSkipTag(tag) {
+					continue
+				}
+
+				tags = append(tags, api.ImageTag{
+					Tag:       tag,
+					SHA:       sha,
+					Timestamp: ver.CreatedAt.Time,
+				})
+			}
 		}
 	}
 	return tags

pkg/client/ghcr/ghcr_test.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/google/go-github/v62/github"
+	"github.com/google/go-github/v70/github"
 	"github.com/jarcoal/httpmock"
 	"github.com/stretchr/testify/assert"
 )