attest/pkg/mirror/mirror.go

package mirror

import (
	"fmt"
	"log"
	"os"

	"github.com/docker/attest/internal/embed"
	"github.com/docker/attest/pkg/tuf"
	"github.com/google/go-containerregistry/pkg/authn"
	"github.com/google/go-containerregistry/pkg/name"
	v1 "github.com/google/go-containerregistry/pkg/v1"
	"github.com/google/go-containerregistry/pkg/v1/empty"
	"github.com/google/go-containerregistry/pkg/v1/layout"
	"github.com/google/go-containerregistry/pkg/v1/remote"
)

func NewTufMirror(root []byte, tufPath, metadataURL, targetsURL string) (*TufMirror, error) {
	if root == nil {
		root = embed.DefaultRoot
	}
	tufClient, err := tuf.NewTufClient(root, tufPath, metadataURL, targetsURL)
	if err != nil {
		return nil, fmt.Errorf("failed to create TUF client: %w", err)
	}
	return &TufMirror{TufClient: tufClient, tufPath: tufPath, metadataURL: metadataURL, targetsURL: targetsURL}, nil
}

func PushToRegistry(image any, imageName string) error {
	// Parse the image name
	ref, err := name.ParseReference(imageName)
	if err != nil {
		log.Fatalf("Failed to parse image name: %v", err)
	}
	// Get the authenticator from the default Docker keychain
	auth, err := authn.DefaultKeychain.Resolve(ref.Context())
	if err != nil {
		log.Fatalf("Failed to get authenticator: %v", err)
	}
	// Push the image to the registry
	switch image := image.(type) {
	case *v1.Image:
		if err := remote.Write(ref, *image, remote.WithAuth(auth)); err != nil {
			return fmt.Errorf("failed to push image %s: %w", imageName, err)
		}
	case *v1.ImageIndex:
		if err := remote.WriteIndex(ref, *image, remote.WithAuth(auth)); err != nil {
			return fmt.Errorf("failed to push image index %s: %w", imageName, err)
		}
	default:
		return fmt.Errorf("unknown image type: %T", image)
	}
	return nil
}

func SaveAsOCILayout(image any, path string) error {
	// Save the image to the local filesystem
	err := os.MkdirAll(path, os.FileMode(0744))
	if err != nil {
		return fmt.Errorf("failed to create directory: %w", err)
	}
	switch image := image.(type) {
	case *v1.Image:
		index := empty.Index
		l, err := layout.Write(path, index)
		if err != nil {
			return fmt.Errorf("failed to create index: %w", err)
		}
		err = l.AppendImage(*image)
		if err != nil {
			return fmt.Errorf("failed to append image to index: %w", err)
		}
	case *v1.ImageIndex:
		_, err := layout.Write(path, *image)
		if err != nil {
			return fmt.Errorf("failed to create index: %w", err)
		}
	default:
		return fmt.Errorf("unknown image type: %T", image)
	}
	return nil
}