feat(system_imaging): stage disk images from oras:// artifacts#206
Merged
Conversation
oras artifacts have no stable download URL, so consumers such as the nosi guest images each reimplemented the bearer-token dance to fetch them. Add a diskimage_from_oras script that resolves an image's oras source with withcache, pulls and decompresses the blob with curl, and converts it to the qcow2 at disk.path. The pull is skipped when the pinned image is already staged, keyed on the content digest. withcache becomes a runtime dependency. Signed-off-by: Simon A. F. Lund <os@safl.dk>
Coverage Report for CI Build 28317793638Coverage decreased (-1.2%) to 77.368%Details
Uncovered Changes
Coverage RegressionsNo coverage regressions found. Coverage Stats
💛 - Coveralls |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cijoe's system-imaging can build a disk image from a cloud image and download a
prebuilt one from a URL, but it cannot consume an image published as an oras://
artifact (an OCI registry blob), which is how the nosi guest-images are shipped.
Such artifacts have no stable download URL, so consumers have each reimplemented
the bearer-token resolution to fetch them.
This adds a diskimage_from_oras script to the system-imaging plugin. For each
system-imaging.images. that declares an oras source, it resolves the
reference with withcache.oras, pulls the blob with curl (retrying and resuming,
which matters against ghcr throttling), decompresses it, and converts it to the
qcow2 at disk.path. The pull is skipped when the pinned image is already staged,
keyed on the content digest. withcache becomes a dependency, so any environment
that has cijoe (including the nosi container) has it too.
Consumers can then drop their own staging scripts and point a
system_imaging.diskimage_from_oras step at the oras reference. Validated with
black, isort, ruff, and mypy, plus unit tests for the digest-keyed skip and the
image selection.