Skip to content

feat(system_imaging): stage disk images from oras:// artifacts#206

Merged
safl merged 1 commit into
mainfrom
feat-system-imaging-oras
Jun 29, 2026
Merged

feat(system_imaging): stage disk images from oras:// artifacts#206
safl merged 1 commit into
mainfrom
feat-system-imaging-oras

Conversation

@safl

@safl safl commented Jun 28, 2026

Copy link
Copy Markdown
Collaborator

cijoe's system-imaging can build a disk image from a cloud image and download a
prebuilt one from a URL, but it cannot consume an image published as an oras://
artifact (an OCI registry blob), which is how the nosi guest-images are shipped.
Such artifacts have no stable download URL, so consumers have each reimplemented
the bearer-token resolution to fetch them.

This adds a diskimage_from_oras script to the system-imaging plugin. For each
system-imaging.images. that declares an oras source, it resolves the
reference with withcache.oras, pulls the blob with curl (retrying and resuming,
which matters against ghcr throttling), decompresses it, and converts it to the
qcow2 at disk.path. The pull is skipped when the pinned image is already staged,
keyed on the content digest. withcache becomes a dependency, so any environment
that has cijoe (including the nosi container) has it too.

Consumers can then drop their own staging scripts and point a
system_imaging.diskimage_from_oras step at the oras reference. Validated with
black, isort, ruff, and mypy, plus unit tests for the digest-keyed skip and the
image selection.

oras artifacts have no stable download URL, so consumers such as the nosi
guest images each reimplemented the bearer-token dance to fetch them. Add
a diskimage_from_oras script that resolves an image's oras source with
withcache, pulls and decompresses the blob with curl, and converts it to
the qcow2 at disk.path. The pull is skipped when the pinned image is
already staged, keyed on the content digest. withcache becomes a runtime
dependency.

Signed-off-by: Simon A. F. Lund <os@safl.dk>
@coveralls

Copy link
Copy Markdown

Coverage Report for CI Build 28317793638

Coverage decreased (-1.2%) to 77.368%

Details

  • Coverage decreased (-1.2%) from the base build.
  • Patch coverage: 45 uncovered changes across 1 file (34 of 79 lines covered, 43.04%).
  • No coverage regressions found.

Uncovered Changes

File Changed Covered %
src/cijoe/system_imaging/scripts/diskimage_from_oras.py 79 34 43.04%

Coverage Regressions

No coverage regressions found.


Coverage Stats

Coverage Status
Relevant Lines: 2228
Covered Lines: 1671
Line Coverage: 75.0%
Relevant Branches: 401
Covered Branches: 363
Branch Coverage: 90.52%
Branches in Coverage %: Yes
Coverage Strength: 0.75 hits per line

💛 - Coveralls

@naddinadja naddinadja left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! :)

@safl safl merged commit ca052dc into main Jun 29, 2026
30 checks passed
@safl safl deleted the feat-system-imaging-oras branch June 29, 2026 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants