oci multi image support

[Vincinator]

Figure out a way to put all garden linux flavours in a single oci image endpoint.

ghcr.io/gardenlinux/gardenlinux:1443 would contain all image flavours, by utilising oci-index and platform manifests.

[Vincinator]

Oras Python does not support oci-index. It is not implemented, but can be manually extended in our gl-oci tool.

Need to check if we extend oci-index functionality or if we need to shift to a different library :(

[Vincinator]

Looks possible to implement, just json handling (generation, verification) and eventually posting a json to an endpoint.

image manifests must later be added to a central list of the index, which is also just download index, append manifest metadata to index, verify index, upload updated index, done.

[Vincinator]

✅ Implemented creation of oci Index

Now we need to utilise the OCI Registry v2 API endpoint to post an index.
documented here https://github.com/opencontainers/distribution-spec/blob/main/spec.md

[Vincinator]

v2/<containername>/refferers/<digest> can be used to retrieve an index, but Posting is not allowed.

ValueError: Issue with http://localhost:8081/v2/examplecontainer2/referrers/latest: Method Not Allowed

[Vincinator]

✅ OCI-Index creation and pushing to registry implemented. It is done by sending an appropriate request against the manifests endpoint, but setting the Accept header to allow index manifest type

TODO: when attaching a layer, we can not attach it to the root of the container anymore, because it is no longer just a manifest, but a oci-index referencing multiple manifests. The gl-oci tool needs input to decide which manifest the layer needs to be attached to. Easy option is use the digest, but we also need the convenient option is to use a custom annotation that stores the canonical name (cname) of the garden linux flavour. The convenient option is required because the pipeline does not know the mapping between the digest and cname, so we store it in the oct-manifest itself.

[Vincinator]

TODO: Need proper digest calculation and possible re-calculation if attaching a new layer.

[Vincinator]

Calculation is done as described in commit message https://github.com/gardenlinux/gl-oci/commit/7830efa8a1c83db9924a6d94d1f8939d447b80a5

[Vincinator]

When updating an existing manifest with new layers, the digest needs to be re-calculated. This is done by the registry, since we do not include the digest in the manifest to avoid mismatch of digest between registry and digest attribute of manifest itself.

TODO: We need to update the OCI index accordingly with the updated manifest digest.

[Vincinator]

Task is done.

• can upload multiple manifests
• manage index
• update index if a layer is attached to an existing manifest, which triggers a digest re-calculation and thus triggered index update