add gcr.io and pkg.dev to valid docker regstry domain #463
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
takaidohigasi
force-pushed
the
add-gcr-io-to-valid-docker-regstry-domain
branch
from
f3d455e to
7f545e5
Compare
takaidohigasi
changed the title
takaidohigasi
force-pushed
the
add-gcr-io-to-valid-docker-regstry-domain
branch
from
7f545e5 to
d3e7407
Compare
rhysd
approved these changes
Oct 21, 2024
project-mirrors-bot-tu bot
pushed a commit
to project-mirrors/forgejo-runner
that referenced
this pull request
Aug 2, 2025
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) | `v1.6.27` -> `v1.7.7` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>rhysd/actionlint (github.com/rhysd/actionlint)</summary> ### [`v1.7.7`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v177---2025-01-19) [Compare Source](rhysd/actionlint@v1.7.6...v1.7.7) - Support runner labels for [Linux arm64 hosted runners](https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/). ([#​503](rhysd/actionlint#503), [#​504](rhysd/actionlint#504), thanks [@​martincostello](https://github.com/martincostello)) - `ubuntu-24.04-arm` - `ubuntu-22.04-arm` - Update Go dependencies to the latest. - Update the popular actions data set to the latest. - Add Linux arm64 job to the CI workflow. Now actionlint is tested on the platform. ([#​507](rhysd/actionlint#507), thanks [@​cclauss](https://github.com/cclauss)) \[Changes]\[v1.7.7] <a id="v1.7.6"></a> ### [`v1.7.6`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v176---2025-01-04) [Compare Source](rhysd/actionlint@v1.7.5...v1.7.6) - Using contexts at specific workflow keys is incorrectly reported as not allowed. Affected workflow keys are as follows. ([#​495](rhysd/actionlint#495), [#​497](rhysd/actionlint#497), [#​498](rhysd/actionlint#498), [#​500](rhysd/actionlint#500)) - `jobs.<job_id>.steps.with.args` - `jobs.<job_id>.steps.with.entrypoint` - `jobs.<job_id>.services.<service_id>.env` - Update Go dependencies to the latest. \[Changes]\[v1.7.6] <a id="v1.7.5"></a> ### [`v1.7.5`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v175---2024-12-28) [Compare Source](rhysd/actionlint@v1.7.4...v1.7.5) - Strictly check available contexts in `${{ }}` placeholders following the ['Context availability' table](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#context-availability) in the official document. - For example, `jobs.<job_id>.defaults.run.shell` allows `env` context but `shell` workflow keys in other places allow no context. ```yaml defaults: run: ``` ### ERROR: No context is available here ``` shell: ${{ env.SHELL }} jobs: test: runs-on: ubuntu-latest defaults: run: ``` ### OK: 'env' context is available here ``` shell: ${{ env.SHELL }} steps: - run: echo hello ``` ### ERROR: No context is available here ```` shell: ${{ env.SHELL}} ``` ```` - Check a string literal passed to `fromJSON()` call. This pattern is [popular](https://github.com/search?q=fromJSON%28%27+lang%3Ayaml\&type=code) to create array or object constants because GitHub Actions does not provide the literal syntax for them. See the [document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#contexts-and-built-in-functions) for more details. ([#​464](rhysd/actionlint#464)) ```yaml jobs: test: ``` ### ERROR: Key 'mac' does not exist in the object returned by the fromJSON() ``` runs-on: ${{ fromJSON('{"win":"windows-latest","linux":"ubuntul-latest"}')['mac'] }} steps: - run: echo This is a special branch! ``` ### ERROR: Broken JSON string passed to fromJSON. ``` if: contains(fromJSON('["main","release","dev"'), github.ref_name) ``` ```` - Allow passing command arguments to `-shellcheck` argument. ([#​483](rhysd/actionlint#483), thanks [@​anuraaga](https://github.com/anuraaga)) - This is useful when you want to use alternative build of shellcheck like [go-shellcheck](https://github.com/wasilibs/go-shellcheck/). ```sh actionlint -shellcheck="go run github.com/wasilibs/go-shellcheck/cmd/shellcheck@latest" ``` - Support undocumented `repository_visibility`, `artifact_cache_size_limit`, `step_summary`, `output`, `state` properties in `github` context. ([#​489](rhysd/actionlint#489), thanks [@​rasa](https://github.com/rasa) for adding `repository_visibility` property) - Remove `macos-12` runner label from known labels because it was [dropped](actions/runner-images#10721) from GitHub-hosted runners on Dec. 3 and is no longer available. - Add `windows-2025` runner label to the known labels. The runner is in [public preview](https://github.blog/changelog/2024-12-19-windows-server-2025-is-now-in-public-preview/). ([#​491](rhysd/actionlint#491), thanks [@​ericcornelissen](https://github.com/ericcornelissen)) - Add `black` to the list of colors for `branding.color` action metadata. ([#​485](rhysd/actionlint#485), thanks [@​eifinger](https://github.com/eifinger)) - Add `table` to the list of icons for `branding.icon` action metadata. - Fix parsing escaped `{` in `format()` function call's first argument. - Fix the incorrect `join()` function overload. `join(s1: string, s2: string)` was wrongly accepted. - Update popular actions data set to the latest. - Add `download-artifact/v3-node20` to the data set. ([#​468](rhysd/actionlint#468)) - Fix missing the `reviewdog/action-hadolint@v1` action input. ([#​487](rhysd/actionlint#487), thanks [@​mi-wada](https://github.com/mi-wada)) - Link to the documents of the stable version in actionlint `man` page and `-help` output. - Refactor `LintStdin()` API example and some unit tests. ([#​472](rhysd/actionlint#472), [#​475](rhysd/actionlint#475), thanks [@​alexandear](https://github.com/alexandear)) - Improve the configuration example in `actionlint.yaml` document to explain glob patterns for `paths`. ([#​481](rhysd/actionlint#481)) [Changes][v1.7.5] <a id="v1.7.4"></a> ```` ### [`v1.7.4`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v174---2024-11-04) [Compare Source](rhysd/actionlint@v1.7.3...v1.7.4) - Disallow the usage of popular actions that run on `node16` runner. The `node16` runner [will reach the end of life on November 12](https://github.blog/changelog/2024-09-25-end-of-life-for-actions-node16/). - In case of the error, please update your actions to the latest version so that they run on the latest `node20` runner. - If you're using self-hosted runner and you cannot upgrade your runner to `node20` soon, please consider to ignore the error by the `paths` configuration described below. - If you're using `actions/upload-artifact@v3` and `actions/download-artifact@v3` on GHES, please replace them with `actions/upload-artifact@v3-node20` and `actions/download-artifact@v3-node20`. ([#​468](rhysd/actionlint#468)) - Provide the configuration for ignoring errors by regular expressions in `actionlint.yml` (or `actionlint.yaml`). Please see the [document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/config.md) for more details. ([#​217](rhysd/actionlint#217), [#​342](rhysd/actionlint#342)) - The `paths` is a mapping from the file path glob pattern to the corresponding configuration. The `ignore` configuration is a list of regular expressions to match error messages (similar to the `-ignore` command line option). ```yaml paths: ``` ### This pattern matches any YAML file under the '.github/workflows/' directory. ``` .github/workflows/**/*.yaml: ignore: ``` ### Ignore the specific error from shellcheck ``` - 'shellcheck reported issue in this script: SC2086:.+' ``` ### This pattern only matches '.github/workflows/release.yaml' file. ``` .github/workflows/release.yaml: ignore: ``` ### Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment. ```` - 'the runner of ".+" action is too old to run on GitHub Actions' ``` ```` - This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added. - Untrusted inputs check is safely skipped inside specific function calls. ([#​459](rhysd/actionlint#459), thanks [@​IlyaGulya](https://github.com/IlyaGulya)) - For example, the following step contains the untrusted input `github.head_ref`, but it is safe because it's passed to the `contains()` argument. ```yaml - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT" ``` - For more details, please read the [rule document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#untrusted-inputs). - Recognize `gcr.io` and `gcr.dev` as the correct container registry hosts. ([#​463](rhysd/actionlint#463), thanks [@​takaidohigasi](https://github.com/takaidohigasi)) - Note that it is recommended explicitly specifying the scheme like `docker://gcr.io/...`. - Remove `macos-x.0` runner labels which are no longer available. ([#​452](rhysd/actionlint#452)) - Disable shellcheck [`SC2043`](https://www.shellcheck.net/wiki/SC2043) rule because it can cause false positives on checking `run:`. ([#​355](rhysd/actionlint#355)) - The [rule document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#check-shellcheck-integ) was updated as well. ([#​466](rhysd/actionlint#466), thanks [@​risu729](https://github.com/risu729)) - Fix the error message was not deterministic when detecting cycles in `needs` dependencies. - Fix the check for `format()` function was not applied when the function name contains upper case like `Format()`. Note that function names in `${{ }}` placeholders are case-insensitive. - Update the popular actions data set to the latest. - This includes the [new `ref` and `commit` outputs](actions/checkout#1180) of `actions/checkout`. - Add [`actions/cache/save`](https://github.com/actions/cache/tree/main/save) and [`actions/cache/restore`](https://github.com/actions/cache/tree/main/restore) to the popular actions data set. - Links in the [README.md](https://github.com/rhysd/actionlint/blob/main/README.md) now point to the document of the latest version tag instead of HEAD of `main` branch. - Add [`Linter.LintStdin`](https://pkg.go.dev/github.com/rhysd/actionlint#Linter.LintStdin) method dedicated to linting STDIN instead of handling STDIN in `Command`. - (Dev) Add new [`check-checks` script](https://github.com/rhysd/actionlint/tree/main/scripts/check-checks) to maintain the ['Checks' document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md). It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the [document](https://github.com/rhysd/actionlint/blob/main/scripts/check-checks/README.md) for more details. [Documentation](https://github.com/rhysd/actionlint/tree/v1.7.4/docs) \[Changes]\[v1.7.4] <a id="v1.7.3"></a> ### [`v1.7.3`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v173---2024-09-29) [Compare Source](rhysd/actionlint@v1.7.2...v1.7.3) - Remove `macos-11` runner labels because [macOS 11 runner was dropped on 6/28/2024](https://github.blog/changelog/2024-05-20-actions-upcoming-changes-to-github-hosted-macos-runners/#macos-11-deprecation-and-removal). ([#​451](rhysd/actionlint#451), thanks [@​muzimuzhi](https://github.com/muzimuzhi)) - Support `macos-15`, `macos-15-large`, and `macos-15-xlarge` runner labels. The macOS 15 runner is not globally available yet, but [they are available in beta](https://github.com/actions/runner-images?tab=readme-ov-file#available-images). ([#​453](rhysd/actionlint#453), thanks [@​muzimuzhi](https://github.com/muzimuzhi)) - Release artifact includes checksums for the released binaries. The file name is `actionlint_{version}_checksums.txt`. ([#​449](rhysd/actionlint#449)) - For example, the checksums for v1.7.3 can be found [here](https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_checksums.txt). - Fix `download-path` output is missing in `actions/download-artifact@v3` action. ([#​442](rhysd/actionlint#442)) - Note that the latest version `actions/download-artifact@v4` was not affected by this issue. - Support Go 1.23. [Documentation](https://github.com/rhysd/actionlint/blob/v1.7.3/docs/checks.md) \[Changes]\[v1.7.3] <a id="v1.7.2"></a> ### [`v1.7.2`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v172---2024-09-23) [Compare Source](rhysd/actionlint@v1.7.1...v1.7.2) - Fix child processes to run in parallel. - Update the popular actions data set to the latest. ([#​442](rhysd/actionlint#442), [#​445](rhysd/actionlint#445), [#​446](rhysd/actionlint#446), [#​447](rhysd/actionlint#447), thanks [@​maikelvdh](https://github.com/maikelvdh)) - Add support for checking branch filters on [`merge_group` event](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#merge_group). ([#​448](rhysd/actionlint#448), thanks [@​muzimuzhi](https://github.com/muzimuzhi)) - [The playground](https://rhysd.github.io/actionlint/) now supports both light and dark modes and automatically applies the system's theme. - Fix releasing a failure on making a new winget package. ([#​438](rhysd/actionlint#438), thanks [@​vedantmgoyal9](https://github.com/vedantmgoyal9)) \[Changes]\[v1.7.2] <a id="v1.7.1"></a> ### [`v1.7.1`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v171---2024-05-28) [Compare Source](rhysd/actionlint@v1.7.0...v1.7.1) - Support `ubuntu-24.04` runner label, which was [recently introduced as beta](https://github.blog/changelog/2024-05-14-github-hosted-runners-public-beta-of-ubuntu-24-04-is-now-available/). ([#​425](rhysd/actionlint#425), thanks [@​bitcoin-tools](https://github.com/bitcoin-tools)) - Remove the support for `macos-10` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/). - Remove the support for `windows-2016` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/). - Document URLs used in help output and links in the playground prefer specific version tag rather than `main` branch. For example, - Before: https://github.com/rhysd/actionlint/tree/main/docs - After: https://github.com/rhysd/actionlint/tree/v1.7.1/docs - Fix actionlint wrongly reports an error when using `ghcr.io` or `docker.io` at `image` field of action metadata file of Docker action without `docker://` scheme. ([#​428](rhysd/actionlint#428)) ```yaml runs: using: 'docker' ``` ### This should be OK ``` image: 'ghcr.io/user/repo:latest' ``` ``` - Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#​422](rhysd/actionlint#422)) - Fix an error message when invalid escaping is found in globs. - The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1. - Current actionlint version is shown in the heading. - The color theme is changed to the official dark theme. - The list of useful links is added to the bottom of the page as 'Resources' section. [Changes][v1.7.1] <a id="v1.7.0"></a> ``` ### [`v1.7.0`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---2024-05-08) [Compare Source](rhysd/actionlint@v1.6.27...v1.7.0) - From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet. - It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on. ```yaml name: 'My action' author: '...' ``` ### ERROR: 'description' section is missing ``` branding: ``` ### ERROR: Invalid icon name ``` icon: dog runs: ``` ### ERROR: Node.js runtime version is too old ``` using: 'node12' ``` ### ERROR: The source file being run by this action does not exist ``` main: 'this-file-does-not-exist.js' ``` ### ERROR: 'env' configuration is only allowed for Docker actions ```` env: SOME_VAR: SOME_VALUE ``` ```` - actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead. - Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected. - Add `runner.environment` property. ([#​412](rhysd/actionlint#412)) ```yaml - run: echo 'Run by GitHub-hosted runner' if: runner.environment == 'github-hosted' ``` - Using outdated popular actions is now detected at error. See [the document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details. - Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`. ```yaml ``` ### ERROR: actions/checkout@v2 is using the outdated runner 'node12' ```` - uses: actions/checkout@v2 ``` ```` - Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#​418](rhysd/actionlint#418), thanks [@​bdehamer](https://github.com/bdehamer)) ```yaml permissions: id-token: write contents: read attestations: write ``` - Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details. ```yaml on: workflow_call: inputs: timeout: type: boolean jobs: test: runs-on: ubuntu-latest steps: - run: echo 'called!' ``` ### ERROR: Comparing string to object is always evaluated to false ``` if: ${{ github.event == 'workflow_call' }} - run: echo 'timeout is too long' ``` ### ERROR: Comparing boolean value with `>` doesn't make sense ``` if: ${{ inputs.timeout > 60 }} ``` ```` - Follow the update that `macos-latest` is now an alias to `macos-14` runner. - Support a custom python shell by `pyflakes` rule. - Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#​416](rhysd/actionlint#416)) - Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#​384](rhysd/actionlint#384)) - For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value. ```yaml timeout-minutes: ${{ env.FOO && 10 || 60 }} ``` - Fix `${{ }}` placeholder is not available at `jobs.<job_id>.services`. ([#​402](rhysd/actionlint#402)) ```yaml jobs: test: services: ${{ fromJSON('...') }} runs-on: ubuntu-latest steps: - run: ... ```` - Do not check outputs of `google-github-actions/get-secretmanager-secrets` because this action sets outputs dynamically. ([#​404](rhysd/actionlint#404)) - Fix `defaults.run` is ignored on detecting the shell used in `run:`. ([#​409](rhysd/actionlint#409)) ```yaml defaults: run: shell: pwsh jobs: test: runs-on: ubuntu-latest steps: ``` ### This was wrongly detected as bash script ``` - run: $Env:FOO = "FOO" ``` ```` - Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#​411](rhysd/actionlint#411)) ```yaml - run: print( shell: python ```` - Skip checking `exclude:` items in `matrix:` when they are constructed from `${{ }}` dynamically. ([#​414](rhysd/actionlint#414)) ```yaml matrix: foo: ['a', 'b'] exclude: ``` ### actionlint complained this value didn't exist in matrix combinations ``` - foo: ${{ env.EXCLUDE_FOO }} ``` ```` - Fix checking `exclude:` items when `${{ }}` is used in nested arrays at matrix items. ```yaml matrix: foo: - ["${{ fromJSON('...') }}"] exclude: ### actionlint complained this value didn't match to any matrix combinations - foo: ['foo'] ```` - Update popular actions data set. New major versions are added and the following actions are newly added. - `peaceiris/actions-hugo` - `actions/attest-build-provenance` - `actions/add-to-project` - `octokit/graphql-action` - Update Go dependencies to the latest. - Reduce the size of `actionlint` executable by removing redundant data from popular actions data set. - x86\_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller). - Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller). - Describe how to [integrate actionlint to Pulsar Edit](https://web.pulsar-edit.dev/packages/linter-github-actions) in [the document](https://github.com/rhysd/actionlint/blob/main/docs/usage.md#pulsar-edit). ([#​408](rhysd/actionlint#408), thanks [@​mschuchard](https://github.com/mschuchard)) - Update outdated action versions in the usage document. ([#​413](rhysd/actionlint#413), thanks [@​naglis](https://github.com/naglis)) \[Changes]\[v1.7.0] <a id="v1.6.27"></a> </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/791 Reviewed-by: earl-warren <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WHAT
SSIA
Note
gcr.io and pkg.dev is docker registry domain for GCP
https://cloud.google.com/container-registry/docs/overview
https://cloud.google.com/artifact-registry/docs