Skip to content
This repository has been archived by the owner on Jul 18, 2023. It is now read-only.

Migrate oras Go libraries to libs-go/ #28

Closed
wants to merge 151 commits into from

Conversation

jdolitsky
Copy link
Member

Commit history has been maintained, and all references to "deislabs" or "oras" removed.

See this discussion for more info: oras-project/oras#181

shizhMSFT and others added 30 commits December 24, 2018 11:24
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Refine readme
* Add pull command

* Add push cmd
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
deitch and others added 21 commits November 17, 2020 12:38
Signed-off-by: Avi Deitcher <avi@deitcher.net>

Co-authored-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.4.1 to 1.4.3.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/master/RELEASES.md)
- [Commits](containerd/containerd@v1.4.1...v1.4.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix docker test

* wrap params
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.6.1...v1.7.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
* check hard link

* no following symbolic link

* bug fix

* add initial test to reproduce GHSA-g5v4-5x39-vwhx

Signed-off-by: jdolitsky <393494+jdolitsky@users.noreply.github.com>

* fix test for symbolic link

* fix bug

* add test for hardlink

Signed-off-by: jdolitsky <393494+jdolitsky@users.noreply.github.com>

* catch the parent folder

* remove check for hard link for consistency

* remove unncessary test for hard links

* Revert "remove unncessary test for hard links"

This reverts commit b3136611810f49074dfc6aef158b3d24466d2ed9.

* Revert "remove check for hard link for consistency"

This reverts commit d7b7346598c92ff9c430a42763d810b34d3f1ac2.

* check links for all link types

* add tests

Co-authored-by: jdolitsky <393494+jdolitsky@users.noreply.github.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Update descriptor in the nameMap as well as in index.Manifests.

nameMap used in the ListReferences operation and should return actual descriptor.

Co-authored-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 20.10.2+incompatible to 20.10.3+incompatible.
- [Release notes](https://github.com/docker/cli/releases)
- [Commits](docker/cli@v20.10.2...v20.10.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
@SteveLasker
Copy link
Contributor

The raises the question of whether ORAS should be both a set of reference libraries and a CLI.
See; Discussion: ORAS to split go-libraries and ORAS binary, with a 3rd Ref Implementation #181

I think the big question you're asking is: can we close on a good place to host ORAS as it's had good adoption, needs an official LF type home. OCI or CNCF? We've previously discussed the value of it being in OCI.

@jdolitsky
Copy link
Member Author

I think the big question you're asking is: can we close on a good place to host ORAS as it's had good adoption, needs an official LF type home. OCI or CNCF? We've previously discussed the value of it being in OCI.

Ya.

This an attempt to move the ball. I can also open the equivalent PR at a different location as well.

Seeing as it builds heavily on containerd and distribution, might be more appropriate in CNCF-land. Perhaps tools in OCI should be pure to spec, vs. pulling in code established prior to spec finalization(s).

@caniszczyk
Copy link
Collaborator

re: ORAS + CNCF... it's a fairly simple lift and may make more sense than OCI tbh

The next sandbox project review will be next month in March, all you need to do for ORAS is to apply here and ensure you meet the minimum bar around having a code of conduct, rough roadmap etc https://docs.google.com/forms/d/1bJhG1MuM981uQXcnBMv4Mj9yfV5_q5Kwk3qhBCLa_5A/edit

@samuelkarp
Copy link
Member

Given that we've previously discussed accepting ORAS into OCI without reaching consensus, I'm 👎 on this PR. If you're looking to contribute ORAS to OCI, the appropriate path would be to reopen the discussion with the TOB.

@SteveLasker
Copy link
Contributor

If you're looking to contribute ORAS to OCI, the appropriate path would be to reopen the discussion with the TOB.

WIthin the TOB discussions, we did have specific action items to refactor the code, and refocus on the unique ORAS libraries and CLI. oras-project/oras#181

The question has been:

  • who can take some time to do this work
  • what does the refactoring look like?

Josh is making a reasonable suggestion to add directly to the Artifacts repo.

I still have this preference to submit to OCI, as it's so coupled to the distribution and artifacts specs. We've been focused on adding the next round of Artifact enhancements

Once we get more traction on the new manifest, we'll be allocating time to enhance ORAS to support the new manifest. That should be the time we can address oras-project/oras#181 and other blocking issues.

I think the question could be:
Is there a pressing issue to solve the ORAS location now?
Can we adapt as we update with Artifact enhancements

@sudo-bmitch
Copy link

I could see moving the pkg/oras folder over, but agree with the others that the rest of the CLI and other parts of the project are better off spun up as a standalone project that's donated to the CNCF rather than absorbed into the artifact spec.

@samuelkarp
Copy link
Member

WIthin the TOB discussions, we did have specific action items to refactor the code, and refocus on the unique ORAS libraries and CLI.

That's not really my understanding. We didn't reach consensus on accepting ORAS, and those were some suggestions if we wanted to revisit in the future. There was not consensus on "if you make these changes, we'll add ORAS to OCI".

@jdolitsky
Copy link
Member Author

oras

@jdolitsky jdolitsky closed this Feb 10, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.