Add support for OCI image indexes in Dependency Proxy
What does this MR do and why?
This is a fix for Dependency proxy fails to pull OCI image indexes (#385217 - closed). Please read the issue description to understand the problem, the solution, and how it was implemented.
Screenshots or screen recordings
Screenshots included in the How to set up and validate locally section.
How to set up and validate locally
Assumptions
- GDK set up with an Ultimate license and configured as described here;
- Docker-compatible client installed (Docker CLI, colima, etc.);
- GitLab Rails listening on
gdk.test:3000(can be other, just replace it on the instructions as needed); -
gitlab-orggroup with the Dependency Proxy enabled.
Before
Running the master version of this repository (before this MR is merged), confirm that:
-
It IS possible to pull non-OCI index images:
❯ docker pull gdk.test:3000/gitlab-org/dependency_proxy/containers/alpine Using default tag: latest latest: Pulling from gitlab-org/dependency_proxy/containers/alpine Digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 Status: Image is up to date for gdk.test:3000/gitlab-org/dependency_proxy/containers/alpine:latest gdk.test:3000/gitlab-org/dependency_proxy/containers/alpine:latest -
It IS NOT possible to pull OCI index images:
❯ docker pull gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir Using default tag: latest Error response from daemon: manifest for gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir:latest not found: manifest unknown: OCI index found, but accept header does not support OCI indexes -
Only the non-OCI index images show up in the UI:
After
Running this branch's version (master-patch-5435), confirm that:
-
It IS possible to pull non-OCI index images already cached (sanity check):
❯ docker pull gdk.test:3000/gitlab-org/dependency_proxy/containers/alpine Using default tag: latest latest: Pulling from gitlab-org/dependency_proxy/containers/alpine Digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 Status: Image is up to date for gdk.test:3000/gitlab-org/dependency_proxy/containers/alpine:latest gdk.test:3000/gitlab-org/dependency_proxy/containers/alpine:latest -
It IS possible to pull non-OCI index images not yet cached (sanity check):
❯ docker pull gdk.test:3000/gitlab-org/dependency_proxy/containers/busybox Using default tag: latest latest: Pulling from gitlab-org/dependency_proxy/containers/busybox 1487bff95222: Pull complete Digest: sha256:2c8ed5408179ff4f53242a4bdd2706110ce000be239fe37a61be9c52f704c437 Status: Downloaded newer image for gdk.test:3000/gitlab-org/dependency_proxy/containers/busybox:latest gdk.test:3000/gitlab-org/dependency_proxy/containers/busybox:latest -
It IS possible to pull OCI index images not yet cached (fix):
❯ docker pull gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir Using default tag: latest latest: Pulling from gitlab-org/dependency_proxy/containers/grafana/mimir Digest: sha256:63d891f40d575825d4d22a595a5e71c2bb7b4786bb8539e3d893e0fe0f3139bf Status: Image is up to date for gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir:latest gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir:latest -
It IS possible to pull OCI index images already cached (sanity check):
❯ docker pull gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir Using default tag: latest latest: Pulling from gitlab-org/dependency_proxy/containers/grafana/mimir Digest: sha256:63d891f40d575825d4d22a595a5e71c2bb7b4786bb8539e3d893e0fe0f3139bf Status: Image is up to date for gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir:latest gdk.test:3000/gitlab-org/dependency_proxy/containers/grafana/mimir:latest -
All cached images show up in the UI:
We found a non-blocking frontend issue now: Adds digest label & copy button for dependency ... (#396383 - closed).
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.