Support Remote Package for Composable Packages #381
Labels
enhancement ✨
New feature or request
needs-docs
PR Label - Docs required to merge
needs-tests
PR Label - Tests required to merge
packager
Comments
mike-winberry
added
enhancement ✨
jeff-mccoy
changed the title
5 tasks
|
Closing as a dupe of #1060 |
Noxsios
added a commit
that referenced
this issue
Mar 1, 2023
## Description ### 💲 `zarf package publish` This PR adds a new `zarf package publish` command. This command will publish a fully built (via `zarf package create`) Zarf package to an OCI compliant registry using the oras library. The command's usage is based off of how Helm's `helm push` command operates and has many of the same restrictions. <https://v3.helm.sh/docs/topics/registries/#the-push-subcommand> ``` $ zarf package publish [PATH_TO_TAR] [REGISTRY_URL] $ zarf package publish zarf-package-strimzi.tar oci://localhost:666/defenseunicorns ``` #### CLI Syntax restrictions: - The OCI URL _must_ start with `oci://` - A basename/version _cannot_ be provided, as it is derived from information present in the built `zarf.yaml` where it _must_ be set. - The command may return an error, permission denied, if the repository does not exist, ie `defenseunicorns/strimzi` as an example on Docker Hub. - A `zarf tools registry login` must be done prior as this will inherit the credentials from docker's cred system (defaultly located at `~/.docker`), or users can create a Docker compatible `config.json` and point its directory: ```sh # example symlinking podman $ mkdir ~/.docker/ $ ln -s $XDG_RUNTIME_DIR/containers/auth.json ~/.docker/config.json $ zarf package publish <...> ``` ### 💲 `zarf package deploy oci://` This PR also adds a new `deploy oci://` feature. This command uses the existing `deploy` system, but does some slightly different behavior from `sget://`. oras is used to pull the package layer by layer to the temp directory. There is no need to unarchive, as the package is already in an uncompressed state. The temp path is then used by the packager to deploy the package as though it is a local package. Usage is denoted in the following example: ``` $ zarf package deploy oci://REGISTRY/NAMESPACE/NAME:VERSION $ zarf package deploy oci://docker.io/defenseunicorns/strimzi:v0.24.0-arm64 $ zarf package deploy oci://localhost:666/strimzi:v0.24.0-arm64 --insecure ``` ### 💲 `zarf package inspect oci://` This PR also adds a new `inspect oci://` feature. ``` $ zarf package inspect oci://docker.io/defenseunicorns/strimzi tags: - v0.23.5-14-arm64 latest: tag: v0.23.5-14-arm64 descriptor: mediaType: application/vnd.oci.image.manifest.v1+json digest: sha256:340f489a105e476f846203e6844b2738f2924fc608522711761a21b176d6b67f size: 41817 ``` ## Related Issue Relates to #1298 Fixes #381 Fixes #823 Blocked by #1331 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
Noxsios
added a commit
that referenced
this issue
Mar 1, 2023
## Description ### 💲 `zarf package publish` This PR adds a new `zarf package publish` command. This command will publish a fully built (via `zarf package create`) Zarf package to an OCI compliant registry using the oras library. The command's usage is based off of how Helm's `helm push` command operates and has many of the same restrictions. <https://v3.helm.sh/docs/topics/registries/#the-push-subcommand> ``` $ zarf package publish [PATH_TO_TAR] [REGISTRY_URL] $ zarf package publish zarf-package-strimzi.tar oci://localhost:666/defenseunicorns ``` #### CLI Syntax restrictions: - The OCI URL _must_ start with `oci://` - A basename/version _cannot_ be provided, as it is derived from information present in the built `zarf.yaml` where it _must_ be set. - The command may return an error, permission denied, if the repository does not exist, ie `defenseunicorns/strimzi` as an example on Docker Hub. - A `zarf tools registry login` must be done prior as this will inherit the credentials from docker's cred system (defaultly located at `~/.docker`), or users can create a Docker compatible `config.json` and point its directory: ```sh # example symlinking podman $ mkdir ~/.docker/ $ ln -s $XDG_RUNTIME_DIR/containers/auth.json ~/.docker/config.json $ zarf package publish <...> ``` ### 💲 `zarf package deploy oci://` This PR also adds a new `deploy oci://` feature. This command uses the existing `deploy` system, but does some slightly different behavior from `sget://`. oras is used to pull the package layer by layer to the temp directory. There is no need to unarchive, as the package is already in an uncompressed state. The temp path is then used by the packager to deploy the package as though it is a local package. Usage is denoted in the following example: ``` $ zarf package deploy oci://REGISTRY/NAMESPACE/NAME:VERSION $ zarf package deploy oci://docker.io/defenseunicorns/strimzi:v0.24.0-arm64 $ zarf package deploy oci://localhost:666/strimzi:v0.24.0-arm64 --insecure ``` ### 💲 `zarf package inspect oci://` This PR also adds a new `inspect oci://` feature. ``` $ zarf package inspect oci://docker.io/defenseunicorns/strimzi tags: - v0.23.5-14-arm64 latest: tag: v0.23.5-14-arm64 descriptor: mediaType: application/vnd.oci.image.manifest.v1+json digest: sha256:340f489a105e476f846203e6844b2738f2924fc608522711761a21b176d6b67f size: 41817 ``` ## Related Issue Relates to #1298 Fixes #381 Fixes #823 Blocked by #1331 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
Noxsios
added a commit
that referenced
this issue
Mar 8, 2023
## Description ### 💲 `zarf package publish` This PR adds a new `zarf package publish` command. This command will publish a fully built (via `zarf package create`) Zarf package to an OCI compliant registry using the oras library. The command's usage is based off of how Helm's `helm push` command operates and has many of the same restrictions. <https://v3.helm.sh/docs/topics/registries/#the-push-subcommand> ``` $ zarf package publish [PATH_TO_TAR] [REGISTRY_URL] $ zarf package publish zarf-package-strimzi.tar oci://localhost:666/defenseunicorns ``` #### CLI Syntax restrictions: - The OCI URL _must_ start with `oci://` - A basename/version _cannot_ be provided, as it is derived from information present in the built `zarf.yaml` where it _must_ be set. - The command may return an error, permission denied, if the repository does not exist, ie `defenseunicorns/strimzi` as an example on Docker Hub. - A `zarf tools registry login` must be done prior as this will inherit the credentials from docker's cred system (defaultly located at `~/.docker`), or users can create a Docker compatible `config.json` and point its directory: ```sh # example symlinking podman $ mkdir ~/.docker/ $ ln -s $XDG_RUNTIME_DIR/containers/auth.json ~/.docker/config.json $ zarf package publish <...> ``` ### 💲 `zarf package deploy oci://` This PR also adds a new `deploy oci://` feature. This command uses the existing `deploy` system, but does some slightly different behavior from `sget://`. oras is used to pull the package layer by layer to the temp directory. There is no need to unarchive, as the package is already in an uncompressed state. The temp path is then used by the packager to deploy the package as though it is a local package. Usage is denoted in the following example: ``` $ zarf package deploy oci://REGISTRY/NAMESPACE/NAME:VERSION $ zarf package deploy oci://docker.io/defenseunicorns/strimzi:v0.24.0-arm64 $ zarf package deploy oci://localhost:666/strimzi:v0.24.0-arm64 --insecure ``` ### 💲 `zarf package inspect oci://` This PR also adds a new `inspect oci://` feature. ``` $ zarf package inspect oci://docker.io/defenseunicorns/strimzi tags: - v0.23.5-14-arm64 latest: tag: v0.23.5-14-arm64 descriptor: mediaType: application/vnd.oci.image.manifest.v1+json digest: sha256:340f489a105e476f846203e6844b2738f2924fc608522711761a21b176d6b67f size: 41817 ``` ## Related Issue Relates to #1298 Fixes #381 Fixes #823 Blocked by #1331 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
Noxsios
added a commit
that referenced
this issue
Mar 8, 2023
## Description ### 💲 `zarf package publish` This PR adds a new `zarf package publish` command. This command will publish a fully built (via `zarf package create`) Zarf package to an OCI compliant registry using the oras library. The command's usage is based off of how Helm's `helm push` command operates and has many of the same restrictions. <https://v3.helm.sh/docs/topics/registries/#the-push-subcommand> ``` $ zarf package publish [PATH_TO_TAR] [REGISTRY_URL] $ zarf package publish zarf-package-strimzi.tar oci://localhost:666/defenseunicorns ``` #### CLI Syntax restrictions: - The OCI URL _must_ start with `oci://` - A basename/version _cannot_ be provided, as it is derived from information present in the built `zarf.yaml` where it _must_ be set. - The command may return an error, permission denied, if the repository does not exist, ie `defenseunicorns/strimzi` as an example on Docker Hub. - A `zarf tools registry login` must be done prior as this will inherit the credentials from docker's cred system (defaultly located at `~/.docker`), or users can create a Docker compatible `config.json` and point its directory: ```sh # example symlinking podman $ mkdir ~/.docker/ $ ln -s $XDG_RUNTIME_DIR/containers/auth.json ~/.docker/config.json $ zarf package publish <...> ``` ### 💲 `zarf package deploy oci://` This PR also adds a new `deploy oci://` feature. This command uses the existing `deploy` system, but does some slightly different behavior from `sget://`. oras is used to pull the package layer by layer to the temp directory. There is no need to unarchive, as the package is already in an uncompressed state. The temp path is then used by the packager to deploy the package as though it is a local package. Usage is denoted in the following example: ``` $ zarf package deploy oci://REGISTRY/NAMESPACE/NAME:VERSION $ zarf package deploy oci://docker.io/defenseunicorns/strimzi:v0.24.0-arm64 $ zarf package deploy oci://localhost:666/strimzi:v0.24.0-arm64 --insecure ``` ### 💲 `zarf package inspect oci://` This PR also adds a new `inspect oci://` feature. ``` $ zarf package inspect oci://docker.io/defenseunicorns/strimzi tags: - v0.23.5-14-arm64 latest: tag: v0.23.5-14-arm64 descriptor: mediaType: application/vnd.oci.image.manifest.v1+json digest: sha256:340f489a105e476f846203e6844b2738f2924fc608522711761a21b176d6b67f size: 41817 ``` ## Related Issue Relates to #1298 Fixes #381 Fixes #823 Blocked by #1331 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com> Signed-off-by: razzle <harry@razzle.cloud>
Racer159
added a commit
that referenced
this issue
Mar 8, 2023
## Description ### 💲 `zarf package publish` This PR adds a new `zarf package publish` command. This command will publish a fully built (via `zarf package create`) Zarf package to an OCI compliant registry using the oras library. The command's usage is based off of how Helm's `helm push` command operates and has many of the same restrictions. <https://v3.helm.sh/docs/topics/registries/#the-push-subcommand> ``` $ zarf package publish [PATH_TO_TAR] [REGISTRY_URL] $ zarf package publish zarf-package-strimzi.tar oci://localhost:666/defenseunicorns ``` #### CLI Syntax restrictions: - The OCI URL _must_ start with `oci://` - A basename/version _cannot_ be provided, as it is derived from information present in the built `zarf.yaml` where it _must_ be set. - The command may return an error, permission denied, if the repository does not exist, ie `defenseunicorns/strimzi` as an example on Docker Hub. - A `zarf tools registry login` must be done prior as this will inherit the credentials from docker's cred system (defaultly located at `~/.docker`), or users can create a Docker compatible `config.json` and point its directory: ```sh # example symlinking podman $ mkdir ~/.docker/ $ ln -s $XDG_RUNTIME_DIR/containers/auth.json ~/.docker/config.json $ zarf package publish <...> ``` ### 💲 `zarf package deploy oci://` This PR also adds a new `deploy oci://` feature. This command uses the existing `deploy` system, but does some slightly different behavior from `sget://`. oras is used to pull the package layer by layer to the temp directory. There is no need to unarchive, as the package is already in an uncompressed state. The temp path is then used by the packager to deploy the package as though it is a local package. Usage is denoted in the following example: ``` $ zarf package deploy oci://REGISTRY/NAMESPACE/NAME:VERSION $ zarf package deploy oci://docker.io/defenseunicorns/strimzi:v0.24.0-arm64 $ zarf package deploy oci://localhost:666/strimzi:v0.24.0-arm64 --insecure ``` ### 💲 `zarf package inspect oci://` This PR also adds a new `inspect oci://` feature. ``` $ zarf package inspect oci://docker.io/defenseunicorns/strimzi tags: - v0.23.5-14-arm64 latest: tag: v0.23.5-14-arm64 descriptor: mediaType: application/vnd.oci.image.manifest.v1+json digest: sha256:340f489a105e476f846203e6844b2738f2924fc608522711761a21b176d6b67f size: 41817 ``` ## Related Issue Relates to #1298 Fixes #381 Fixes #823 Blocked by #1331 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
Racer159
added a commit
that referenced
this issue
Mar 8, 2023
## Description ### 💲 `zarf package publish` This PR adds a new `zarf package publish` command. This command will publish a fully built (via `zarf package create`) Zarf package to an OCI compliant registry using the oras library. The command's usage is based off of how Helm's `helm push` command operates and has many of the same restrictions. <https://v3.helm.sh/docs/topics/registries/#the-push-subcommand> ``` $ zarf package publish [PATH_TO_TAR] [REGISTRY_URL] $ zarf package publish zarf-package-strimzi.tar oci://localhost:666/defenseunicorns ``` #### CLI Syntax restrictions: - The OCI URL _must_ start with `oci://` - A basename/version _cannot_ be provided, as it is derived from information present in the built `zarf.yaml` where it _must_ be set. - The command may return an error, permission denied, if the repository does not exist, ie `defenseunicorns/strimzi` as an example on Docker Hub. - A `zarf tools registry login` must be done prior as this will inherit the credentials from docker's cred system (defaultly located at `~/.docker`), or users can create a Docker compatible `config.json` and point its directory: ```sh # example symlinking podman $ mkdir ~/.docker/ $ ln -s $XDG_RUNTIME_DIR/containers/auth.json ~/.docker/config.json $ zarf package publish <...> ``` ### 💲 `zarf package deploy oci://` This PR also adds a new `deploy oci://` feature. This command uses the existing `deploy` system, but does some slightly different behavior from `sget://`. oras is used to pull the package layer by layer to the temp directory. There is no need to unarchive, as the package is already in an uncompressed state. The temp path is then used by the packager to deploy the package as though it is a local package. Usage is denoted in the following example: ``` $ zarf package deploy oci://REGISTRY/NAMESPACE/NAME:VERSION $ zarf package deploy oci://docker.io/defenseunicorns/strimzi:v0.24.0-arm64 $ zarf package deploy oci://localhost:666/strimzi:v0.24.0-arm64 --insecure ``` ### 💲 `zarf package inspect oci://` This PR also adds a new `inspect oci://` feature. ``` $ zarf package inspect oci://docker.io/defenseunicorns/strimzi tags: - v0.23.5-14-arm64 latest: tag: v0.23.5-14-arm64 descriptor: mediaType: application/vnd.oci.image.manifest.v1+json digest: sha256:340f489a105e476f846203e6844b2738f2924fc608522711761a21b176d6b67f size: 41817 ``` ## Related Issue Relates to #1298 Fixes #381 Fixes #823 Blocked by #1331 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to expand on the current composability of zarf packages the user should be able to pull zarf.yaml and dependencies from the web. Consideration should be taken for how versioning would be handled in addition to how a SHASUM or signature configuration will be required.
The text was updated successfully, but these errors were encountered: