Skip to content

Add OCI registry browser #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aktech merged 5 commits into from
Feb 11, 2026
Merged

Add OCI registry browser #97

aktech merged 5 commits into from
Feb 11, 2026

Conversation

@aktech
Copy link
Member

@aktech aktech commented Feb 11, 2026
edited
Loading

Users can now browse OCI registries, view repositories/tags, and import environments as workspaces directly from the UI.

Backend

  • New OCI browser library (internal/oci/browser.go) with catalog listing, tag listing, and environment pulling
  • Quay.io fallback: /v2/_catalog is not supported by Quay.io, so we hit their REST API (/api/v1/repository?namespace=...&public=true) instead
  • New api_token field on registry model — Quay.io robot account creds don't work for their REST API, so admins can set a separate OAuth token for listing private repos
  • Fixed URL parsing for registry URLs with namespace paths (e.g. quay.io/nebari was producing double-namespaced refs like quay.io/nebari/nebari/repo)

API

Method Path Description
GET /registries/:id/repositories List repos (catalog → Quay API → DB publications)
GET /registries/:id/tags?repo=org/name List tags
POST /registries/:id/import Pull env from tag, create workspace

Frontend

  • New Registries page: registries → repositories → tags drill-down
  • Public/Private visibility badges on repository list
  • Import dialog creates a workspace from a selected tag
  • Manual repo path input for repos not discoverable via catalog
  • API Token field added to admin Create/Edit registry dialogs

Known limitations

  • Private repo listing requires a Quay.io OAuth Application Token (robot creds only work for push/pull)
Screenshot 2026-02-11 at 16 21 23 Screenshot 2026-02-11 at 16 21 39

@aktech
Add OCI registry browser library
57d1ed0 
Adds functions for browsing OCI registries:
- ParseRegistryURL: splits URLs like "quay.io/nebari" into host and namespace
- ListRepositories: queries the standard /v2/_catalog endpoint
- ListRepositoriesViaQuayAPI: fallback for Quay.io which does not support
  /v2/_catalog, uses the Quay.io REST API with public=true and optional
  Bearer token auth for private repos
- ListTags: lists tags for a given repository
- PullEnvironment: fetches pixi.toml and pixi.lock layers from a manifest
- RepositoryInfo now includes an is_public field from the Quay.io API
@aktech
Add API token field to registry model and handlers
45230ba 
Quay.io robot account credentials (username/password) work for Docker
push/pull but not for the Quay.io REST API. Adds a separate api_token
field so admins can configure an OAuth Application Token for listing
private repositories.

- New APIToken field on OCIRegistry model (json:"-", never serialized)
- GORM AutoMigrate will add the column automatically
- Responses expose has_api_token boolean, never the actual value
- ListPublicRegistries masks both username and has_api_token for
  non-admin users
- Create and Update handlers accept and persist the new field
@aktech
Add registry browse and import API endpoints
c21879c 
Three new endpoints under /api/v1/registries/:id (authenticated):
- GET /repositories: lists repos via OCI catalog, falls back to Quay.io
  API for quay.io hosts (using api_token for private repos), then merges
  known publications from DB. Supports search filtering.
- GET /tags?repo=org/name: lists tags for a repository
- POST /import: pulls pixi.toml/pixi.lock from a tag and creates a
  new workspace

All handlers use ParseRegistryURL to correctly handle registry URLs
that include a namespace path (e.g. quay.io/nebari).
@aktech
Fix registry URL parsing in publish handler
179150b 
Use ParseRegistryURL to separate host from namespace when constructing
the repository reference and setting RegistryHost for publishing. This
fixes broken OCI references when the registry URL contains a path
component (e.g. quay.io/nebari would previously produce
quay.io/nebari/nebari/repo instead of quay.io/nebari/repo).
@aktech
Add registries browse page and admin API token fields
1f6486d 
New Registries page with three-level drill-down:
- Registry list with Browse button
- Repository list with search, manual path entry, and visibility
  badges (Public/Private) from the Quay.io API response
- Tag list with Import button and workspace name dialog

Other frontend changes:
- API client functions and React Query hooks for browse/import
- RegistryRepository type now includes is_public field
- Registries nav tab uses device-ipad-horizontal-search icon
- Admin Create/Edit registry dialogs include an API Token field
  with help text explaining its purpose for Quay.io private repos
- OCIRegistry type includes has_api_token boolean, Edit dialog
  shows hint when a token is already configured
@aktech aktech changed the title Add OCI registry browser library Add OCI registry browser Feb 11, 2026
@aktech aktech merged commit 1c7c5f5 into main Feb 11, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aktech