-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add regression testing and reorganize auth precedence levels httpOCIRegistry
#482
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joshspicer
force-pushed
the
joshspicer/reorganize-auth
branch
from
April 7, 2023 17:36
b497d80
to
efcd6a2
Compare
joshspicer
changed the title
Reorganize auth precedence levels in httpOCIRegistry
Add regression testing and reorganize auth precedence levels for Apr 10, 2023
httpOCIRegistry
joshspicer
changed the title
Add regression testing and reorganize auth precedence levels for
Add regression testing, reorganize auth precedence levels, and fix behavior bugs for Apr 10, 2023
httpOCIRegistry
httpOCIRegistry
joshspicer
changed the title
Add regression testing, reorganize auth precedence levels, and fix behavior bugs for
Add regression testing and reorganize auth precedence levels Apr 10, 2023
httpOCIRegistry
httpOCIRegistry
… tests that do and do not have access to secrets'
chrmarti
previously approved these changes
Apr 14, 2023
samruddhikhandale
approved these changes
Apr 14, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
related: #473, #468
Changes here are primarily around re-structuring the different auth strategies to rely more on the standard docker auth strategies (docker config file and docker credential helper), and less on the registry-specific strategies that previously held higher precedence.
The precedence order is now (encoded in
getCredential(...)
:DEVCONTAINERS_OCI_AUTH
environment variableTwo new minor changes have also been added:
GITHUB_HOST
is set to something other thangithub.com
,GITHUB_TOKEN
is not used for ghcr.io (useful for GitHub Enterprise instances, among other cases). Reported in Pulling features from ghcr.io breaks when GHE token is set #473DOCKER_CONFIG
can be set to change the path that the docker config file is looked for (https://docs.docker.com/engine/reference/commandline/cli/#change-the-docker-directory). (This is immediately useful in the tests outlined below).This change also introduces significant changes to the
registryCompatibilityOCI.test.ts
test, introducing a way to quickly add "testPlans" (new registries) with different forms of provided auth. This PR introduces four "testPlans", testing both AzureCR and GHCR both anonymous and with some form of auth.Since we want folks to be able to fork this repo and run all the tests without failure, the tests will automatically skip if there is a set
useAuthStrategy
and no accompanyingauthStrategyKey
(environment variable, containing a credential if needed for the test and parsed account according to theuseAuthStrategy
enum). This lets us add in the necessary secrets to our GitHub Action CI tests without introducing flakey tests to other contributors who may have forks of this repo. Mocha has a way to mark tests as "skipped", which is what we use here.In CI on this repository the above
authStrategyKey
variables are set, so no tests should be skipped (as seen here)