zot/pkg/extensions/sync/references/cosign.go

//go:build sync
// +build sync

package references

import (
	"context"
	"errors"
	"fmt"
	"net/http"
	"strings"

	godigest "github.com/opencontainers/go-digest"
	ispec "github.com/opencontainers/image-spec/specs-go/v1"
	"github.com/sigstore/cosign/v2/pkg/oci/remote"

	zerr "zotregistry.dev/zot/errors"
	"zotregistry.dev/zot/pkg/common"
	"zotregistry.dev/zot/pkg/extensions/sync/constants"
	client "zotregistry.dev/zot/pkg/extensions/sync/httpclient"
	"zotregistry.dev/zot/pkg/log"
	"zotregistry.dev/zot/pkg/meta"
	mTypes "zotregistry.dev/zot/pkg/meta/types"
	"zotregistry.dev/zot/pkg/storage"
)

type CosignReference struct {
	client          *client.Client
	storeController storage.StoreController
	metaDB          mTypes.MetaDB
	log             log.Logger
}

func NewCosignReference(httpClient *client.Client, storeController storage.StoreController,
	metaDB mTypes.MetaDB, log log.Logger,
) CosignReference {
	return CosignReference{
		client:          httpClient,
		storeController: storeController,
		metaDB:          metaDB,
		log:             log,
	}
}

func (ref CosignReference) Name() string {
	return constants.Cosign
}

func (ref CosignReference) IsSigned(ctx context.Context, upstreamRepo, subjectDigestStr string) bool {
	cosignSignatureTag := getCosignSignatureTagFromSubjectDigest(subjectDigestStr)
	_, _, err := ref.getManifest(ctx, upstreamRepo, cosignSignatureTag)

	return err == nil
}

func (ref CosignReference) canSkipReferences(localRepo, digest string, manifest *ispec.Manifest) (
	bool, error,
) {
	if manifest == nil {
		return true, nil
	}

	imageStore := ref.storeController.GetImageStore(localRepo)

	// check cosign signature already synced
	_, localDigest, _, err := imageStore.GetImageManifest(localRepo, digest)
	if err != nil {
		if errors.Is(err, zerr.ErrManifestNotFound) {
			return false, nil
		}

		ref.log.Error().Str("errorType", common.TypeOf(err)).Err(err).
			Str("repository", localRepo).Str("reference", digest).
			Msg("couldn't get local cosign manifest")

		return false, err
	}

	if localDigest.String() != digest {
		return false, nil
	}

	ref.log.Info().Str("repository", localRepo).Str("reference", digest).
		Msg("skipping syncing cosign reference, already synced")

	return true, nil
}

func (ref CosignReference) SyncReferences(ctx context.Context, localRepo, remoteRepo, subjectDigestStr string) (
	[]godigest.Digest, error,
) {
	cosignTags := getCosignTagsFromSubjectDigest(subjectDigestStr)

	refsDigests := make([]godigest.Digest, 0, len(cosignTags))

	for _, cosignTag := range cosignTags {
		manifest, manifestBuf, err := ref.getManifest(ctx, remoteRepo, cosignTag)
		if err != nil {
			if errors.Is(err, zerr.ErrSyncReferrerNotFound) {
				continue
			}

			return refsDigests, err
		}

		digest := godigest.FromBytes(manifestBuf)

		skip, err := ref.canSkipReferences(localRepo, digest.String(), manifest)
		if err != nil {
			ref.log.Error().Err(err).Str("repository", localRepo).Str("subject", subjectDigestStr).
				Msg("couldn't check if the remote image cosign reference can be skipped")
		}

		if skip {
			refsDigests = append(refsDigests, digest)

			continue
		}

		imageStore := ref.storeController.GetImageStore(localRepo)

		ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).
			Msg("syncing cosign reference for image")

		for _, blob := range manifest.Layers {
			if err := syncBlob(ctx, ref.client, imageStore, localRepo, remoteRepo, blob.Digest, ref.log); err != nil {
				return refsDigests, err
			}
		}

		// sync config blob
		if err := syncBlob(ctx, ref.client, imageStore, localRepo, remoteRepo, manifest.Config.Digest, ref.log); err != nil {
			return refsDigests, err
		}

		// push manifest
		referenceDigest, _, err := imageStore.PutImageManifest(localRepo, cosignTag,
			ispec.MediaTypeImageManifest, manifestBuf)
		if err != nil {
			ref.log.Error().Str("errorType", common.TypeOf(err)).
				Str("repository", localRepo).Str("subject", subjectDigestStr).
				Err(err).Msg("couldn't upload cosign reference manifest for image")

			return refsDigests, err
		}

		refsDigests = append(refsDigests, digest)

		ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).
			Msg("successfully synced cosign reference for image")

		if ref.metaDB != nil {
			ref.log.Debug().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb").
				Msg("trying to sync cosign reference for image")

			err = meta.SetImageMetaFromInput(ctx, localRepo, cosignTag, ispec.MediaTypeImageManifest,
				referenceDigest, manifestBuf, ref.storeController.GetImageStore(localRepo),
				ref.metaDB, ref.log)
			if err != nil {
				return refsDigests, fmt.Errorf("failed to set metadata for cosign reference in '%s@%s': %w",
					localRepo, subjectDigestStr, err)
			}

			ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb").
				Msg("successfully added cosign reference for image")
		}
	}

	return refsDigests, nil
}

func (ref CosignReference) getManifest(ctx context.Context, repo, cosignTag string) (*ispec.Manifest, []byte, error) {
	var cosignManifest ispec.Manifest

	body, _, statusCode, err := ref.client.MakeGetRequest(ctx, &cosignManifest, ispec.MediaTypeImageManifest,
		"v2", repo, "manifests", cosignTag)
	if err != nil {
		if statusCode == http.StatusNotFound {
			ref.log.Debug().Str("errorType", common.TypeOf(err)).
				Str("repository", repo).Str("tag", cosignTag).
				Err(err).Msg("couldn't find any cosign manifest for image")

			return nil, nil, zerr.ErrSyncReferrerNotFound
		}

		return nil, nil, err
	}

	return &cosignManifest, body, nil
}

func getCosignSignatureTagFromSubjectDigest(digestStr string) string {
	return strings.Replace(digestStr, ":", "-", 1) + "." + remote.SignatureTagSuffix
}

func getCosignSBOMTagFromSubjectDigest(digestStr string) string {
	return strings.Replace(digestStr, ":", "-", 1) + "." + remote.SBOMTagSuffix
}

func getCosignTagsFromSubjectDigest(digestStr string) []string {
	var cosignTags []string

	// signature tag
	cosignTags = append(cosignTags, getCosignSignatureTagFromSubjectDigest(digestStr))
	// sbom tag
	cosignTags = append(cosignTags, getCosignSBOMTagFromSubjectDigest(digestStr))

	return cosignTags
}

// this function will check if tag is a cosign tag (signature or sbom).
func IsCosignTag(tag string) bool {
	if strings.HasPrefix(tag, "sha256-") &&
		(strings.HasSuffix(tag, remote.SignatureTagSuffix) || strings.HasSuffix(tag, remote.SBOMTagSuffix)) {
		return true
	}

	return false
}
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`//go:build sync`
			`// +build sync`

			`package references`

			`import (`
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`"context"`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`"errors"`
			`"fmt"`
			`"net/http"`
			`"strings"`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`godigest "github.com/opencontainers/go-digest"`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`ispec "github.com/opencontainers/image-spec/specs-go/v1"`
			`"github.com/sigstore/cosign/v2/pkg/oci/remote"`

refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187) Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2024-01-31 23:34:07 -05:00			`zerr "zotregistry.dev/zot/errors"`
			`"zotregistry.dev/zot/pkg/common"`
			`"zotregistry.dev/zot/pkg/extensions/sync/constants"`
			`client "zotregistry.dev/zot/pkg/extensions/sync/httpclient"`
			`"zotregistry.dev/zot/pkg/log"`
			`"zotregistry.dev/zot/pkg/meta"`
			`mTypes "zotregistry.dev/zot/pkg/meta/types"`
			`"zotregistry.dev/zot/pkg/storage"`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`)`

			`type CosignReference struct {`
			`client *client.Client`
			`storeController storage.StoreController`
feat(refator): refactoring repodb into meta (#1626) Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> 2023-07-18 12:27:26 -05:00			`metaDB mTypes.MetaDB`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`log log.Logger`
			`}`

			`func NewCosignReference(httpClient *client.Client, storeController storage.StoreController,`
feat(refator): refactoring repodb into meta (#1626) Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> 2023-07-18 12:27:26 -05:00			`metaDB mTypes.MetaDB, log log.Logger,`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`) CosignReference {`
			`return CosignReference{`
			`client: httpClient,`
			`storeController: storeController,`
feat(refator): refactoring repodb into meta (#1626) Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> 2023-07-18 12:27:26 -05:00			`metaDB: metaDB,`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`log: log,`
			`}`
			`}`

			`func (ref CosignReference) Name() string {`
			`return constants.Cosign`
			`}`

feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`func (ref CosignReference) IsSigned(ctx context.Context, upstreamRepo, subjectDigestStr string) bool {`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`cosignSignatureTag := getCosignSignatureTagFromSubjectDigest(subjectDigestStr)`
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`_, _, err := ref.getManifest(ctx, upstreamRepo, cosignSignatureTag)`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00
			`return err == nil`
			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`func (ref CosignReference) canSkipReferences(localRepo, digest string, manifest *ispec.Manifest) (`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`bool, error,`
			`) {`
			`if manifest == nil {`
			`return true, nil`
			`}`

			`imageStore := ref.storeController.GetImageStore(localRepo)`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`// check cosign signature already synced`
			`_, localDigest, _, err := imageStore.GetImageManifest(localRepo, digest)`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`if err != nil {`
			`if errors.Is(err, zerr.ErrManifestNotFound) {`
			`return false, nil`
			`}`

			`ref.log.Error().Str("errorType", common.TypeOf(err)).Err(err).`
feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`Str("repository", localRepo).Str("reference", digest).`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`Msg("couldn't get local cosign manifest")`

			`return false, err`
			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`if localDigest.String() != digest {`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`return false, nil`
			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`ref.log.Info().Str("repository", localRepo).Str("reference", digest).`
			`Msg("skipping syncing cosign reference, already synced")`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00
			`return true, nil`
			`}`

feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`func (ref CosignReference) SyncReferences(ctx context.Context, localRepo, remoteRepo, subjectDigestStr string) (`
			`[]godigest.Digest, error,`
			`) {`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`cosignTags := getCosignTagsFromSubjectDigest(subjectDigestStr)`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`refsDigests := make([]godigest.Digest, 0, len(cosignTags))`

refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`for _, cosignTag := range cosignTags {`
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`manifest, manifestBuf, err := ref.getManifest(ctx, remoteRepo, cosignTag)`
feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`if err != nil {`
			`if errors.Is(err, zerr.ErrSyncReferrerNotFound) {`
			`continue`
			`}`

			`return refsDigests, err`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`digest := godigest.FromBytes(manifestBuf)`

			`skip, err := ref.canSkipReferences(localRepo, digest.String(), manifest)`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`if err != nil {`
			`ref.log.Error().Err(err).Str("repository", localRepo).Str("subject", subjectDigestStr).`
			`Msg("couldn't check if the remote image cosign reference can be skipped")`
			`}`

			`if skip {`
feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`refsDigests = append(refsDigests, digest)`

refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`continue`
			`}`

			`imageStore := ref.storeController.GetImageStore(localRepo)`

			`ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).`
			`Msg("syncing cosign reference for image")`

			`for _, blob := range manifest.Layers {`
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`if err := syncBlob(ctx, ref.client, imageStore, localRepo, remoteRepo, blob.Digest, ref.log); err != nil {`
feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return refsDigests, err`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`
			`}`

			`// sync config blob`
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`if err := syncBlob(ctx, ref.client, imageStore, localRepo, remoteRepo, manifest.Config.Digest, ref.log); err != nil {`
feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return refsDigests, err`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

			`// push manifest`
			`referenceDigest, _, err := imageStore.PutImageManifest(localRepo, cosignTag,`
			`ispec.MediaTypeImageManifest, manifestBuf)`
			`if err != nil {`
			`ref.log.Error().Str("errorType", common.TypeOf(err)).`
			`Str("repository", localRepo).Str("subject", subjectDigestStr).`
			`Err(err).Msg("couldn't upload cosign reference manifest for image")`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return refsDigests, err`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`refsDigests = append(refsDigests, digest)`

refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).`
			`Msg("successfully synced cosign reference for image")`

feat(refator): refactoring repodb into meta (#1626) Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> 2023-07-18 12:27:26 -05:00			`if ref.metaDB != nil {`
refactor(test): add lint rule for messages starting with the component (#2045) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2023-12-08 03:05:02 -05:00			`ref.log.Debug().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb").`
			`Msg("trying to sync cosign reference for image")`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00
feat(retention): added image retention policies (#1866) feat(metaDB): add more image statistics info Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-11-01 11:16:18 -05:00			`err = meta.SetImageMetaFromInput(ctx, localRepo, cosignTag, ispec.MediaTypeImageManifest,`
refactor(metadb): improve UX by speeding up metadb serialize/deserialize (#1842) Use protocol buffers and update the metadb interface to better suit our search needs Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com> 2023-10-30 15:06:04 -05:00			`referenceDigest, manifestBuf, ref.storeController.GetImageStore(localRepo),`
			`ref.metaDB, ref.log)`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`if err != nil {`
feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return refsDigests, fmt.Errorf("failed to set metadata for cosign reference in '%s@%s': %w",`
			`localRepo, subjectDigestStr, err)`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

refactor(test): add lint rule for messages starting with the component (#2045) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> Signed-off-by: Andrei Aaron <aaaron@luxoft.com> 2023-12-08 03:05:02 -05:00			`ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb").`
			`Msg("successfully added cosign reference for image")`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`
			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return refsDigests, nil`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`func (ref CosignReference) getManifest(ctx context.Context, repo, cosignTag string) (*ispec.Manifest, []byte, error) {`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`var cosignManifest ispec.Manifest`

feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-09-05 11:48:56 -05:00			`body, _, statusCode, err := ref.client.MakeGetRequest(ctx, &cosignManifest, ispec.MediaTypeImageManifest,`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`"v2", repo, "manifests", cosignTag)`
			`if err != nil {`
			`if statusCode == http.StatusNotFound {`
			`ref.log.Debug().Str("errorType", common.TypeOf(err)).`
			`Str("repository", repo).Str("tag", cosignTag).`
			`Err(err).Msg("couldn't find any cosign manifest for image")`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return nil, nil, zerr.ErrSyncReferrerNotFound`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return nil, nil, err`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

feat(sync): sync references(signatures/artifacts) recursively (#1500) sync now also pulls chained artifacts recursively eg: image->sbom->sbom signature image->artifact->artifact Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-06-16 12:27:33 -05:00			`return &cosignManifest, body, nil`
refactor(sync): use task scheduler (#1301) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2023-05-31 12:26:23 -05:00			`}`

			`func getCosignSignatureTagFromSubjectDigest(digestStr string) string {`
			`return strings.Replace(digestStr, ":", "-", 1) + "." + remote.SignatureTagSuffix`
			`}`

			`func getCosignSBOMTagFromSubjectDigest(digestStr string) string {`
			`return strings.Replace(digestStr, ":", "-", 1) + "." + remote.SBOMTagSuffix`
			`}`

			`func getCosignTagsFromSubjectDigest(digestStr string) []string {`
			`var cosignTags []string`

			`// signature tag`
			`cosignTags = append(cosignTags, getCosignSignatureTagFromSubjectDigest(digestStr))`
			`// sbom tag`
			`cosignTags = append(cosignTags, getCosignSBOMTagFromSubjectDigest(digestStr))`

			`return cosignTags`
			`}`

			`// this function will check if tag is a cosign tag (signature or sbom).`
			`func IsCosignTag(tag string) bool {`
			`if strings.HasPrefix(tag, "sha256-") &&`
			`(strings.HasSuffix(tag, remote.SignatureTagSuffix) \|\| strings.HasSuffix(tag, remote.SBOMTagSuffix)) {`
			`return true`
			`}`

			`return false`
			`}`