Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCI Image Index for Zarf packages doesn't include the mediaType attribute #2351

Closed
mdaizcorbe opened this issue Mar 4, 2024 · 2 comments · Fixed by #2352
Closed

OCI Image Index for Zarf packages doesn't include the mediaType attribute #2351

mdaizcorbe opened this issue Mar 4, 2024 · 2 comments · Fixed by #2352
Labels
tech-debt 💳 Debt that the team has charged and needs to repay

Comments

@mdaizcorbe
Copy link
Contributor

Describe what should be investigated or refactored

Currently the OCI Image Index for Zarf packages doesn't include the mediaType attribute. While not technically required the OCI spec says it "SHOULD" be used (https://github.com/opencontainers/image-spec/blob/main/image-index.md).

Links to any relevant code

None.

Additional context

Currently the Sonatype Nexus Repository cleanup script expects the mediaType to be present in the OCI Image Index. When isn't present, the cleanup doesn't iterate through the listed manifests in the image index and thus treats the actual manifest for the Zarf package as orphaned and deletes it. Sonatype accepts this is a bug and has an issue for it but doesn't have an ETA for a fix. This is preventing us from using the latest Zarf to publish. While this is a fix to work around someone else's bug, since the spec says it should be set it feels like a good addition regardless.
@mdaizcorbe mdaizcorbe added the tech-debt 💳 Debt that the team has charged and needs to repay label Mar 4, 2024
@mdaizcorbe mdaizcorbe mentioned this issue Mar 4, 2024
Merged
5 tasks
@AustinAbro321
Copy link
Contributor

Great catch, this will be fixed by #2235 which will likely be included in the next release

@AustinAbro321
Copy link
Contributor

Ah I see you opened a PR, even better. Thanks!

Racer159 added a commit that referenced this issue Mar 4, 2024
@mdaizcorbe @Racer159
fix: added OCI Image Index mediaType (#2352)
ac703d5 
## Description

Added the OCI Image Index's mediaType for completeness sake per the OCI
spec and to work around a known Sonatype Nexus Repository bug.

## Related Issue

Fixes #2351

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed

Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tech-debt 💳 Debt that the team has charged and needs to repay
Projects
No open projects
Zarf Project Board
Status: Closed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: added OCI Image Index mediaType mdaizcorbe/zarf
2 participants
@mdaizcorbe @AustinAbro321