feat: allow specifying protocol (#133)

bazel-contrib · Mar 30, 2023 · ffc0636 · ffc0636
1 parent c763432
commit ffc0636
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/e2e/custom_registry/WORKSPACE b/e2e/custom_registry/WORKSPACE
@@ -27,7 +27,7 @@ load("@rules_oci//oci:pull.bzl", "oci_pull")
 
 oci_pull(
     name = "debian",
-    image = "index.docker.io/library/debian",
+    image = "https://index.docker.io/library/debian",
     platforms = [
         "linux/arm64",
         "linux/amd64",

diff --git a/oci/pull.bzl b/oci/pull.bzl
@@ -168,10 +168,18 @@ _SUPPORTED_MEDIA_TYPES = {
 }
 
 def _parse_reference(reference):
+    protocol = "https"
+    protocol_idx = reference.find("://")
+    if protocol_idx != -1:
+        protocol = reference[:protocol_idx]
+        reference = reference[protocol_idx + 3:]
+        if protocol != "http" and protocol != "https":
+            fail("`{}` is not an allowed protocol. protocol can be either `http` or `https`".format(protocol))
     firstslash = reference.find("/")
     registry = reference[:firstslash]
     repository = reference[firstslash + 1:]
-    return registry, repository
+
+    return registry, repository, protocol
 
 def _is_tag(str):
     return str.find(":") == -1
@@ -189,13 +197,14 @@ def _download(rctx, identifier, output, resource = "blobs"):
     if resource != "blobs" and resource != "manifests":
         fail("resource must be blobs or manifests")
 
-    registry, repository = _parse_reference(rctx.attr.image)
+    registry, repository, protocol = _parse_reference(rctx.attr.image)
 
     auth = _auth_basic(rctx, registry, repository, identifier)
 
     # Construct the URL to fetch from remote, see
     # https://github.com/google/go-containerregistry/blob/62f183e54939eabb8e80ad3dbc787d7e68e68a43/pkg/v1/remote/descriptor.go#L234
-    registry_url = "https://{registry}/v2/{repository}/{resource}/{identifier}".format(
+    registry_url = "{protocol}://{registry}/v2/{repository}/{resource}/{identifier}".format(
+        protocol = protocol,
         registry = registry,
         repository = repository,
         resource = resource,
@@ -240,7 +249,11 @@ Falling back to using `crane manifest`. The result will not be cached. See https
         crane = _crane_label(rctx)
         tag_or_digest = ":" if _is_tag(identifier) else "@"
 
-        result = rctx.execute([crane, "manifest", "{}{}{}".format(rctx.attr.image, tag_or_digest, identifier), "--platform=all"])
+        registry, repository, protocol = _parse_reference(rctx.attr.image)
+        cmd = [crane, "manifest", "{}/{}{}{}".format(registry, repository, tag_or_digest, identifier), "--platform=all"]
+        if protocol == "http":
+            cmd.append("--insecure")
+        result = rctx.execute(cmd)
 
         # overwrite the file with new manifest downloaded through crane
         rctx.file(output, result.stdout)