zarf-dev · Noxsios · Mar 1, 2023 · Feb 6, 2023 · Feb 6, 2023 · Feb 6, 2023
diff --git a/go.mod b/go.mod
@@ -19,6 +19,7 @@ require (
 	github.com/goccy/go-yaml v1.9.8
 	github.com/google/go-containerregistry v0.13.0
 	github.com/mholt/archiver/v3 v3.5.1
+	github.com/opencontainers/image-spec v1.1.0-rc2
 	github.com/otiai10/copy v1.9.0
 	github.com/pkg/errors v0.9.1
 	github.com/pterm/pterm v0.12.54
@@ -32,6 +33,7 @@ require (
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v0.26.1
 	k8s.io/klog/v2 v2.90.0
+	oras.land/oras-go/v2 v2.0.0
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/yaml v1.3.0
@@ -262,7 +264,6 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect

diff --git a/go.sum b/go.sum
@@ -2671,6 +2671,8 @@ modernc.org/z v1.5.1 h1:RTNHdsrOpeoSeOF4FbzTo8gBYByaJ5xT7NgZ9ZqRiJM=
 modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8=
 oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
 oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
+oras.land/oras-go/v2 v2.0.0 h1:+LRAz92WF7AvYQsQjPEAIw3Xb2zPPhuydjpi4pIHmc0=
+oras.land/oras-go/v2 v2.0.0/go.mod h1:iVExH1NxrccIxjsiq17L91WCZ4KIw6jVQyCLsZsu1gc=
 pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

diff --git a/src/cmd/package.go b/src/cmd/package.go
@@ -195,6 +195,28 @@ var packageRemoveCmd = &cobra.Command{
 	},
 }
 
+var packagePublishCmd = &cobra.Command{
+	Use:     "publish [PACKAGE]",
+	Short:   "Publish a Zarf package to a remote registry",
+	Long: "Publish a Zarf package to a remote registry\n" +
+		"Publishes a compiled package file to a remote registry. " +
+		"By default, the package will be published to the registry " +
+		"specified in the package's zarf.yaml file.",
+	Args: cobra.MaximumNArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		pkgConfig.PublishOpts.PackagePath = choosePackage(args)
+
+		// Configure the packager
+		pkgClient := packager.NewOrDie(&pkgConfig)
+		defer pkgClient.ClearTempPaths()
+
+		// Publish the package
+		if err := pkgClient.Publish(); err != nil {
+			message.Fatalf(err, "Failed to publish package: %s", err.Error())
+		}
+	},
+}
+
 func choosePackage(args []string) string {
 	if len(args) > 0 {
 		return args[0]
@@ -229,11 +251,13 @@ func init() {
 	packageCmd.AddCommand(packageInspectCmd)
 	packageCmd.AddCommand(packageRemoveCmd)
 	packageCmd.AddCommand(packageListCmd)
+	packageCmd.AddCommand(packagePublishCmd)
 
 	bindCreateFlags()
 	bindDeployFlags()
 	bindInspectFlags()
 	bindRemoveFlags()
+	bindPublishFlags()
 }
 
 func bindCreateFlags() {
@@ -288,3 +312,10 @@ func bindRemoveFlags() {
 	removeFlags.StringVar(&pkgConfig.DeployOpts.Components, "components", v.GetString(V_PKG_DEPLOY_COMPONENTS), "Comma-separated list of components to uninstall")
 	_ = packageRemoveCmd.MarkFlagRequired("confirm")
 }
+
+func bindPublishFlags() {
+	publishFlags := packagePublishCmd.Flags()
+	publishFlags.StringVar(&pkgConfig.PublishOpts.RegistryURL, "registry", "", "URL of the registry to publish the package to")
+	publishFlags.BoolVar(&pkgConfig.PublishOpts.Insecure, "insecure", false, "Allow insecure connections to the registry")
+	publishFlags.IntVar(&pkgConfig.PublishOpts.Concurrency, "concurrency", 3, "Number of concurrent uploads to the registry")
+}
diff --git a/src/pkg/packager/publish.go b/src/pkg/packager/publish.go
@@ -0,0 +1,226 @@
+package packager
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"path/filepath"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+
+	"oras.land/oras-go/v2"
+	"oras.land/oras-go/v2/content"
+	"oras.land/oras-go/v2/content/file"
+	"oras.land/oras-go/v2/registry/remote"
+	"oras.land/oras-go/v2/registry/remote/errcode"
+)
+
+// NOTES:
+// - This is a WIP, not yet functional
+// - This is a copy of the oras example code, with some modifications
+//
+// replace comments w/ CLI args where appropriate
+// replace fmt.Printf w/ message.Debug
+
+var zarfMediaType = "application/vnd.zarf.layer.v1+tar.zst"
+
+func (p *Packager) Publish() error {
+	registry := "localhost:666"
+
+	name := p.cfg.Pkg.Metadata.Name
+	ver := p.cfg.Pkg.Metadata.Version
+	arch := p.cfg.Pkg.Metadata.Architecture
+	ref := fmt.Sprintf("%s/%s:%s-%s", registry, name, ver, arch)
+
+	pathRoot := p.tmp.Base
+
+	ctx := context.Background()
+
+	glob := func(path string) []string {
+		paths, _ := filepath.Glob(filepath.Join(pathRoot, path))
+		return paths
+	}
+	paths := []string{
+		filepath.Join(pathRoot, "checksums.txt"),
+		filepath.Join(pathRoot, "zarf.yaml"),
+		filepath.Join(pathRoot, "sboms.tar.zst"),
+	}
+	paths = append(paths, glob("components/*.tar.zst")...)
+	paths = append(paths, glob("images/*")...)
+
+	store, err := file.New("")
+	if err != nil {
+		panic(err)
+	}
+	defer store.Close()
+	descs, err := loadFiles(ctx, store, nil, paths)
+	if err != nil {
+		panic(err)
+	}
+	packOpts := oras.PackOptions{}
+	pack := func() (ocispec.Descriptor, error) {
+		// note the empty string for the artifactType
+		root, err := oras.Pack(ctx, store, "", descs, packOpts)
+		if err != nil {
+			return ocispec.Descriptor{}, err
+		}
+		if err = store.Tag(ctx, root, root.Digest.String()); err != nil {
+			return ocispec.Descriptor{}, err
+		}
+		return root, nil
+	}
+
+	// prepare push
+	dst, err := remote.NewRepository(ref)
+	if err != nil {
+		panic(err)
+	}
+
+	if p.cfg.PublishOpts.Insecure {
+		dst.PlainHTTP = true
+	}
+	copyOpts := oras.DefaultCopyOptions
+	if p.cfg.PublishOpts.Concurrency > copyOpts.Concurrency {
+		copyOpts.Concurrency = p.cfg.PublishOpts.Concurrency
+	}
+	copy := func(root ocispec.Descriptor) error {
+		fmt.Printf("%v\n", root)
+		if tag := dst.Reference.Reference; tag == "" {
+			err = oras.CopyGraph(ctx, store, dst, root, copyOpts.CopyGraphOptions)
+		} else {
+			_, err = oras.Copy(ctx, store, root.Digest.String(), dst, tag, copyOpts)
+		}
+		return err
+	}
+
+	// push
+	root, err := pushArtifact(dst, pack, &packOpts, copy, &copyOpts.CopyGraphOptions)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("Pushed", root.Digest, "to", dst.Reference.String())
+	return nil
+}
+
+type packFunc func() (ocispec.Descriptor, error)
+type copyFunc func(desc ocispec.Descriptor) error
+
+// taken from https://github.com/oras-project/oras/blob/main/cmd/oras/push.go
+func pushArtifact(dst oras.Target, pack packFunc, packOpts *oras.PackOptions, copy copyFunc, copyOpts *oras.CopyGraphOptions) (ocispec.Descriptor, error) {
+	root, err := pack()
+	if err != nil {
+		return ocispec.Descriptor{}, err
+	}
+
+	copyRootAttempted := false
+	preCopy := copyOpts.PreCopy
+	copyOpts.PreCopy = func(ctx context.Context, desc ocispec.Descriptor) error {
+		if content.Equal(root, desc) {
+			// copyRootAttempted helps track whether the returned error is
+			// generated from copying root.
+			copyRootAttempted = true
+		}
+		if preCopy != nil {
+			return preCopy(ctx, desc)
+		}
+		return nil
+	}
+
+	// push
+	if err = copy(root); err == nil {
+		return root, nil
+	}
+
+	if !copyRootAttempted || root.MediaType != ocispec.MediaTypeArtifactManifest ||
+		!isManifestUnsupported(err) {
+		return ocispec.Descriptor{}, err
+	}
+
+	if repo, ok := dst.(*remote.Repository); ok {
+		// assumes referrers API is not supported since OCI artifact
+		// media type is not supported
+		repo.SetReferrersCapability(false)
+	}
+	packOpts.PackImageManifest = true
+	root, err = pack()
+	if err != nil {
+		return ocispec.Descriptor{}, err
+	}
+
+	copyOpts.FindSuccessors = func(ctx context.Context, fetcher content.Fetcher, node ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+		if content.Equal(node, root) {
+			// skip non-config
+			content, err := content.FetchAll(ctx, fetcher, root)
+			if err != nil {
+				return nil, err
+			}
+			var manifest ocispec.Manifest
+			if err := json.Unmarshal(content, &manifest); err != nil {
+				return nil, err
+			}
+			return []ocispec.Descriptor{manifest.Config}, nil
+		}
+
+		// config has no successors
+		return nil, nil
+	}
+	if err = copy(root); err != nil {
+		return ocispec.Descriptor{}, err
+	}
+	return root, nil
+}
+
+// taken from https://github.com/oras-project/oras/blob/main/cmd/oras/file.go
+func loadFiles(ctx context.Context, store *file.Store, annotations map[string]map[string]string, fileRefs []string) ([]ocispec.Descriptor, error) {
+	var files []ocispec.Descriptor
+	for _, filename := range fileRefs {
+		// get shortest absolute path as unique name
+		name := filepath.Clean(filename)
+		if !filepath.IsAbs(name) {
+			name = filepath.ToSlash(name)
+		}
+
+		// fmt.Println("Preparing", name)
+		file, err := store.Add(ctx, name, zarfMediaType, filename)
+		if err != nil {
+			return nil, err
+		}
+		if value, ok := annotations[filename]; ok {
+			if file.Annotations == nil {
+				file.Annotations = value
+			} else {
+				for k, v := range value {
+					file.Annotations[k] = v
+				}
+			}
+		}
+		files = append(files, file)
+	}
+	if len(files) == 0 {
+		fmt.Println("Uploading empty artifact")
+	}
+	return files, nil
+}
+
+func isManifestUnsupported(err error) bool {
+	var errResp *errcode.ErrorResponse
+	if !errors.As(err, &errResp) || errResp.StatusCode != http.StatusBadRequest {
+		return false
+	}
+
+	var errCode errcode.Error
+	if !errors.As(errResp, &errCode) {
+		return false
+	}
+
+	// As of November 2022, ECR is known to return UNSUPPORTED error when
+	// putting an OCI artifact manifest.
+	switch errCode.Code {
+	case errcode.ErrorCodeManifestInvalid, errcode.ErrorCodeUnsupported:
+		return true
+	}
+	return false
+}
+
diff --git a/src/types/packager.go b/src/types/packager.go
@@ -15,6 +15,9 @@ type PackagerConfig struct {
 	// InitOpts tracks user-defined values for the active Zarf initialization.
 	InitOpts ZarfInitOptions
 
+	// PublishOpts tracks user-defined options used to publish the package
+	PublishOpts ZarfPublishOptions
+
 	// Track if CLI prompts should be generated
 	IsInteractive bool
 

diff --git a/src/types/runtime.go b/src/types/runtime.go
@@ -21,6 +21,14 @@ type ZarfDeployOptions struct {
 	SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template against the Zarf package being used"`
 }
 
+// ZarfPublishOptions tracks the user-defined preferences during a package publish.
+type ZarfPublishOptions struct {
+	PackagePath string `json:"packagePath" jsonschema:"description=Location where a Zarf package to publish can be found"`
+	RegistryURL string `json:"registryURL" jsonschema:"description=URL of the registry to publish the package to"`
+	Insecure    bool   `json:"insecure" jsonschema:"description=Allow insecure connections for remote registries"`
+	Concurrency int    `json:"concurrency" jsonschema:"description=Number of concurrent uploads to perform"`
+}
+
 // ZarfInitOptions tracks the user-defined options during cluster initialization.
 type ZarfInitOptions struct {
 	// Zarf init is installing the k3s component