feat: handle attested images

Author: 0x416e746f6e

config/destination.go

@@ -75,7 +75,7 @@ func (cfg *Destination) Validate() error {
 	return utils.FlattenErrors(errs)
 }
 
-func (cfg *Destination) HasPlatform(p string) bool {
-	_, has := cfg.platforms[p]
+func (cfg *Destination) HasPlatform(p *cr.Platform) bool {
+	_, has := cfg.platforms[p.String()] // TODO: enable globbing and matching
 	return has
 }

job/sync_container_registry_package.go

@@ -57,10 +57,13 @@ func (j *SyncContainerRegistryPackage) GetDestinations() []*config.Destination {
 }
 
 func (j *SyncContainerRegistryPackage) GetDestinationReference(dst *config.Destination) string {
-	if *j.Package.PackageVersion.ContainerMetadata.Tag.Name == "" {
-		return dst.Path + "/" + dst.Package + "@" + *j.Package.PackageVersion.ContainerMetadata.Tag.Digest
+	tag := *j.Package.PackageVersion.ContainerMetadata.Tag.Name
+	if tag == "" {
+		tag = strings.ReplaceAll(
+			*j.Package.PackageVersion.ContainerMetadata.Tag.Digest, ":", "-",
+		)
 	}
-	return dst.Path + "/" + dst.Package + ":" + *j.Package.PackageVersion.ContainerMetadata.Tag.Name
+	return dst.Path + "/" + dst.Package + ":" + tag
 }
 
 func (j *SyncContainerRegistryPackage) GetDigest() string {

server/download_github_container.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/flashbots/gh-artifacts-sync/job"
@@ -30,9 +31,9 @@ func (s *Server) downloadGithubContainer(
 
 	var downloadsDir string
 	{ // create container downloads dir
-		downloadsDir = filepath.Join(
-			s.cfg.Dir.Downloads, j.GetRepoOwner(), j.GetRepo(), "containers", j.GetPackageName(), j.GetTag(),
-		)
+		downloadsDir = strings.ReplaceAll(filepath.Join(
+			s.cfg.Dir.Downloads, j.GetRepoOwner(), j.GetRepo(), "containers", j.GetPackageName(), j.GetDigest(),
+		), ":", "-")
 		if err := os.MkdirAll(downloadsDir, 0750); err != nil {
 			return "", fmt.Errorf("failed to create container download directory: %s: %w",
 				downloadsDir, err,
@@ -89,7 +90,7 @@ func (s *Server) downloadGithubContainer(
 		desc = _desc
 	}
 
-	var images = make(map[string]cr.Image)
+	var images = make(map[string][]cr.Image)
 	{ // get images
 		switch {
 		case desc.MediaType.IsImage():
@@ -98,16 +99,21 @@ func (s *Server) downloadGithubContainer(
 				return "", fmt.Errorf("failed to retrieve container image: %w", err)
 			}
 
-			platform := ""
+			platform := "unknown/unknown"
 			if desc.Platform != nil {
 				platform = desc.Platform.String()
 			}
-
-			if _, exists := images[platform]; exists {
-				return "", fmt.Errorf("invalid container image: duplicate platform: %s", platform)
+			if _, exists := images[platform]; !exists {
+				images[platform] = make([]cr.Image, 0)
 			}
 
-			images[platform] = image
+			images[platform] = append(images[platform], image)
+
+			l.Debug("Downloaded a manifest",
+				zap.String("digest", desc.Digest.String()),
+				zap.String("platform", platform),
+				zap.Any("annotations", desc.Annotations),
+			)
 
 		case desc.MediaType.IsIndex():
 			index, err := crremote.Index(ref, crremote.WithAuth(auth))
@@ -122,24 +128,39 @@ func (s *Server) downloadGithubContainer(
 				)
 			}
 
+			l.Debug("Downloaded an index",
+				zap.String("digest", desc.Digest.String()),
+				zap.String("reference", ref.Name()),
+				zap.Any("annotations", indexManifest.Annotations),
+			)
+
 			for _, desc := range indexManifest.Manifests {
-				if !desc.MediaType.IsImage() || desc.Platform == nil {
+				if !desc.MediaType.IsImage() {
 					continue
 				}
 
-				platform := desc.Platform.String()
-				if _, exists := images[platform]; exists {
-					return "", fmt.Errorf("invalid container image: duplicate platform: %s", platform)
-				}
-
 				image, err := index.Image(desc.Digest)
 				if err != nil {
 					return "", fmt.Errorf("failed to get image from an index: %s: %s: %w",
 						j.GetPackageUrl(), desc.Digest, err,
 					)
 				}
 
-				images[platform] = image
+				platform := "unknown/unknown"
+				if desc.Platform != nil {
+					platform = desc.Platform.String()
+				}
+				if _, exists := images[platform]; !exists {
+					images[platform] = make([]cr.Image, 0)
+				}
+
+				images[platform] = append(images[platform], image)
+
+				l.Debug("Downloaded a manifest",
+					zap.String("digest", desc.Digest.String()),
+					zap.String("platform", platform),
+					zap.Any("annotations", desc.Annotations),
+				)
 			}
 		}
 	}
@@ -167,35 +188,35 @@ func (s *Server) downloadGithubContainer(
 		zipper := zip.NewWriter(file)
 		defer zipper.Close()
 
-		for platform, image := range images {
-			digest, err := image.Digest()
-			if err != nil {
-				return "", fmt.Errorf("failed to get image digest: %s: %w",
-					j.GetPackageUrl(), err,
-				)
-			}
+		for platform, _images := range images {
+			for _, image := range _images {
+				digest, err := image.Digest()
+				if err != nil {
+					return "", fmt.Errorf("failed to get image digest: %s: %w",
+						j.GetPackageUrl(), err,
+					)
+				}
 
-			stream, err := zipper.Create(filepath.Join(platform, digest.Hex+".tar"))
-			if err != nil {
-				return "", fmt.Errorf("failed to create add container tarball to file: %w", err)
-			}
+				stream, err := zipper.Create(filepath.Join(platform, digest.Hex+".tar"))
+				if err != nil {
+					return "", fmt.Errorf("failed to create add container tarball to file: %w", err)
+				}
 
-			l.Debug("Downloading container image...",
-				zap.String("digest", digest.String()),
-				zap.String("platform", platform),
-			)
+				l.Debug("Archiving container manifest...",
+					zap.String("digest", digest.String()),
+				)
 
-			start := time.Now()
+				start := time.Now()
 
-			if err := crtarball.Write(ref, image, stream); err != nil {
-				return "", fmt.Errorf("failed to write container tarball: %w", err)
-			}
+				if err := crtarball.Write(ref, image, stream); err != nil {
+					return "", fmt.Errorf("failed to write container tarball: %w", err)
+				}
 
-			l.Info("Downloaded a container image",
-				zap.String("digest", digest.String()),
-				zap.String("platform", platform),
-				zap.Duration("duration", time.Since(start)),
-			)
+				l.Info("Archived a container manifest",
+					zap.String("digest", digest.String()),
+					zap.Duration("duration", time.Since(start)),
+				)
+			}
 		}
 	}
 

server/remove.go

@@ -17,27 +17,27 @@ func (s *Server) RemoveDownload(ctx context.Context, path string) {
 	switch s.cfg.SoftDelete.Downloads {
 	default:
 		target := filepath.Join(s.cfg.SoftDelete.Downloads, filepath.Base(path))
-		err := os.Rename(path, target)
-		if err == nil || errors.Is(err, os.ErrNotExist) {
-			return
+		if err := os.Rename(path, target); err != nil && !errors.Is(err, os.ErrNotExist) {
+			l.Error("Failed to soft-delete downloaded file, will try hard-deleting...",
+				zap.Error(err),
+				zap.String("path", path),
+				zap.String("target", target),
+			)
 		}
-		l.Error("Failed to soft-delete downloaded file, will try hard-deleting...",
-			zap.Error(err),
-			zap.String("path", path),
-			zap.String("target", target),
-		)
 		fallthrough
 
 	case "":
-		err := os.Remove(path)
-		if err == nil || errors.Is(err, os.ErrNotExist) {
-			return
+		if err := os.Remove(path); err != nil && !errors.Is(err, os.ErrNotExist) {
+			l.Error("Failed to remove downloaded file",
+				zap.Error(err),
+				zap.String("path", path),
+			)
 		}
-		l.Error("Failed to remove downloaded file",
-			zap.Error(err),
-			zap.String("path", path),
-		)
 	}
+
+	l.Debug("Removed a downloaded file",
+		zap.String("path", path),
+	)
 }
 
 func (s *Server) RemoveJob(ctx context.Context, j job.Job) {
@@ -46,25 +46,25 @@ func (s *Server) RemoveJob(ctx context.Context, j job.Job) {
 	switch s.cfg.SoftDelete.Jobs {
 	default:
 		target := filepath.Join(s.cfg.SoftDelete.Jobs, filepath.Base(job.Path(j)))
-		err := os.Rename(job.Path(j), target)
-		if err == nil || errors.Is(err, os.ErrNotExist) {
-			return
+		if err := os.Rename(job.Path(j), target); err != nil && !errors.Is(err, os.ErrNotExist) {
+			l.Error("Failed to soft-delete persisted job, will try hard-deleting...",
+				zap.Error(err),
+				zap.String("path", job.Path(j)),
+				zap.String("target", target),
+			)
 		}
-		l.Error("Failed to soft-delete persisted job, will try hard-deleting...",
-			zap.Error(err),
-			zap.String("path", job.Path(j)),
-			zap.String("target", target),
-		)
 		fallthrough
 
 	case "":
-		err := os.Remove(job.Path(j))
-		if err == nil || errors.Is(err, os.ErrNotExist) {
-			return
+		if err := os.Remove(job.Path(j)); err != nil && errors.Is(err, os.ErrNotExist) {
+			l.Error("Failed to remove persisted job",
+				zap.Error(err),
+				zap.String("path", job.Path(j)),
+			)
 		}
-		l.Error("Failed to remove persisted job",
-			zap.Error(err),
-			zap.String("path", job.Path(j)),
-		)
 	}
+
+	l.Debug("Removed persisted job",
+		zap.String("path", job.Path(j)),
+	)
 }