Split publishing and loading

This untangles daemon from remote when publishing a bit more, which will make it easier to move towards lazily producing these images, which will make it easier to avoid building things entirely. Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
chainguard-dev · Jun 6, 2023 · d21c82b · d21c82b
1 parent e6a8234
commit d21c82b
Show file tree

Hide file tree

Showing 4 changed files with 172 additions and 188 deletions.
diff --git a/go.mod b/go.mod
@@ -3,7 +3,6 @@ module chainguard.dev/apko
 go 1.19
 
 require (
-	github.com/avast/retry-go v3.0.0+incompatible
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220920003936-cd2dbcbbab49
 	github.com/chainguard-dev/go-apk v0.0.0-20230605180416-2829525a7136
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08

diff --git a/go.sum b/go.sum
@@ -47,8 +47,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
-github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
 github.com/aws/aws-sdk-go-v2 v1.16.15/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k=
 github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k=
 github.com/aws/aws-sdk-go-v2 v1.17.8 h1:GMupCNNI7FARX27L7GjCJM8NgivWbRgpjNI/hOQjFS8=

diff --git a/internal/cli/publish.go b/internal/cli/publish.go
@@ -27,6 +27,7 @@ import (
 	"github.com/chrismellard/docker-credential-acr-env/pkg/credhelper"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/authn/github"
+	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/google"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/spf13/cobra"
@@ -220,8 +221,25 @@ func PublishCmd(ctx context.Context, outputRefs string, archs []types.Architectu
 	if logger == nil {
 		logger = log.NewLogger(os.Stderr)
 	}
+
+	if local {
+		// TODO: We shouldn't even need to build the index if we're loading a single image.
+		ref, err := oci.LoadIndex(ctx, idx, logger, tags)
+		if err != nil {
+			return fmt.Errorf("loading index: %w", err)
+		}
+		logger.Printf("using local option, exiting early")
+		fmt.Println(ref.String())
+		return nil
+	}
+
 	// publish each arch-specific image
-	refs, err := oci.PublishImagesFromIndex(ctx, idx, local, shouldPushTags, logger, tags, ropt...)
+	// TODO: This should just happen as part of PublishIndex.
+	ref, err := name.ParseReference(tags[0])
+	if err != nil {
+		return fmt.Errorf("parsing %q as tag: %w", tags[0], err)
+	}
+	refs, err := oci.PublishImagesFromIndex(ctx, idx, logger, ref.Context(), ropt...)
 	if err != nil {
 		return fmt.Errorf("publishing images from index: %w", err)
 	}
@@ -230,7 +248,7 @@ func PublishCmd(ctx context.Context, outputRefs string, archs []types.Architectu
 	}
 
 	// publish the index
-	finalDigest, _, err := oci.PublishIndex(ctx, idx, logger, local, shouldPushTags, tags, ropt...)
+	finalDigest, err := oci.PublishIndex(ctx, idx, logger, shouldPushTags, tags, ropt...)
 	if err != nil {
 		return fmt.Errorf("publishing image index: %w", err)
 	}
@@ -245,13 +263,6 @@ func PublishCmd(ctx context.Context, outputRefs string, archs []types.Architectu
 		}
 	}
 
-	// If saving local, exit early (no SBOMs etc.)
-	if local {
-		logger.Printf("using local option, exiting early")
-		fmt.Println(strings.Split(finalDigest.String(), "@")[0])
-		return nil
-	}
-
 	if !shouldPushTags {
 		allTags := tags
 		allTags = append(allTags, additionalTags...)
@@ -274,11 +285,13 @@ func PublishCmd(ctx context.Context, outputRefs string, archs []types.Architectu
 			return fmt.Errorf("failed to write tags: %w", err)
 		}
 	} else {
+		// TODO: Why does this happen separately from PublishIndex?
 		skipLocalCopy := strings.HasPrefix(finalDigest.Name(), fmt.Sprintf("%s/", oci.LocalDomain))
-		var g errgroup.Group
+		g, ctx := errgroup.WithContext(ctx)
 		for _, at := range additionalTags {
 			at := at
 			if skipLocalCopy {
+				// TODO: We probably don't need this now that we return early.
 				logger.Warnf("skipping local domain tag %s", at)
 				continue
 			}
@@ -294,6 +307,8 @@ func PublishCmd(ctx context.Context, outputRefs string, archs []types.Architectu
 	// publish each arch-specific sbom
 	// publish the index sbom
 	if wantSBOM {
+		// TODO: Why aren't these just attached to idx?
+
 		// all sboms will be in the same directory
 		if err := oci.PostAttachSBOMsFromIndex(
 			ctx, idx, sboms, logger, tags, ropt...,