Fix oci image

[gsanchezgavier]

Reroller fails to get image digests when are generated by Buildkit (OCI). Some extra details

[roobre]

Left some suggestions. Overall I'm not super happy with moving things to src, but I abandoned this project first so I won't be pestering about style guides :P

[roobre]

Multiple functions mutating this request can be a bit error prone, I'd be weary of this.

[gsanchezgavier]

yes is not the best way I agree, TBH I just extended the current code to contemplate this case, didn't want to do a bigger refactor for this knowing that we will replace it soon.

[gsanchezgavier]

oh the request! you are right i didn't pay attention to that , I guess was a way to reuse auth, I will improve it Set replace the previous values , so not ideal but no bug here I think

[roobre]

Do we need both OCI-formatted digests and v2 manifest digests?

[gsanchezgavier]

I kept both to avoid breaking changes on the non oci images.

[roobre]

Rather than calling dockerContentDigest unconditionally and muting this error, would it be better to avoid calling dockerContentDigest at all if OCI digests are found?

[gsanchezgavier]

I'm not completely sure about it (is a bit blurry to me how this API works) so I followed the existing mechanism that was adding digest to the array.

[roobre]

Seems like this should be an error or at least a log, wouldn't it?

[gsanchezgavier]

the api return different content-type event if the accept header is set to the image one. this was a quick way to filter this responses, but I didn't want to log error since this is expected and logging this will pollute the logs.

[roobre]

Could we split this to a second test? That way we will know which one is failing.

[gsanchezgavier]

Left some suggestions. Overall I'm not super happy with moving things to src, but I abandoned this project first so I won't be pestering about style guides :P

oh the reason for that was to have the possibility to do a go run to quickly test without having the image.

[kang-makes]

The hack Just Works ™️ but as there is a plan to decommission the canaries reroller I would prefer to just have it working that having a perfect solution.

I left a couple of comments that are worrying me a bit tho.

[kang-makes]

Suggested change

	- uses: docker/login-action@v1
	with:
	username: roobre
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

[kang-makes]

Suggested change

	- name: Build docker image
	run: |
	docker build . -t roobre/reroller:${DOCKER_IMAGE_TAG}
	docker tag roobre/reroller:${DOCKER_IMAGE_TAG} roobre/reroller:latest
	- name: Build docker image
	run: |
	docker build . -t ghcr.io/${{ github.repository }}:${DOCKER_IMAGE_TAG}
	docker tag ghcr.io/${{ github.repository }}:${DOCKER_IMAGE_TAG} ghcr.io/${{ github.repository }}:latest

[kang-makes]

Suggested change

	- name: Push docker image
	run: |
	docker push roobre/reroller:${DOCKER_IMAGE_TAG}
	docker push roobre/reroller:latest
	- name: Push docker image
	run: |
	docker push ghcr.io/${{ github.repository }}:${DOCKER_IMAGE_TAG}
	docker push ghcr.io/${{ github.repository }}:latest

[kang-makes]

GitHub has an OCI registry per repo. Instead of publishing to Roobre's registry, we can still publish to the GitHub one.

This way you will neither need to upload the image to your account nor we will not need a secret to upload to new relic's registry. We will be able to archive this repository easily too.

[gsanchezgavier]

oh this is a very good one, I will do that.

[kang-makes]

We are having issues with Go 1.20 and Alpine. We think that it is because we are compiling with CGO_ENABLED=1 but it might be more things failing. I would stick to 1.19 for now.

[gsanchezgavier]

I will open another PR with just the changes we finally need. removing the package arrangement that I did to the go run thing