search

jetstack / version-checker

Kubernetes utility for exposing image versions in use, compared to latest available upstream, as metrics.
https://jetstack.io
Apache License 2.0
661 stars 76 forks source link

Github client uses releases rather than packages for user repositories #175

Open ribbybibby opened 2 months ago

ribbybibby commented 2 months ago

The Github client implementation seems to use releases to infer tags for Github packages at the user scope. It may be the case that release tags and tags in a ghcr repo align, but that is not necessarily the case.

I think we should be using the Packages API rather than the Releases API.

https://docs.github.com/en/rest/packages/packages?apiVersion=2022-11-28#list-packages-for-a-user

davidcollom commented 2 weeks ago

The challenge with using the packages API is that projects such as kyverno/kyverno have over 8k packages, over 223 releases which makes things harder from the Packages API vs the Releases API...

The Releases API is the most efficient approach, with a potential fallback to Packages (And/Or configurable via annotations.

Githubs API Rate limiting is something to consider here! Whilst Releases vs Packages might now always align.. the vast majority of times, Releases are updated/maintained and there are significantly fewer API Calls.

However, we have no way of passing custom configurations or options to the clients right now which would increase the complexity of any PR.