Open ribbybibby opened 7 months ago
The challenge with using the packages API is that projects such as kyverno/kyverno have over 8k packages, over 223 releases which makes things harder from the Packages API vs the Releases API...
The Releases API is the most efficient approach, with a potential fallback to Packages (And/Or configurable via annotations.
Githubs API Rate limiting is something to consider here! Whilst Releases vs Packages might now always align.. the vast majority of times, Releases are updated/maintained and there are significantly fewer API Calls.
However, we have no way of passing custom configurations or options to the clients right now which would increase the complexity of any PR.
The Github client implementation seems to use releases to infer tags for Github packages at the user scope. It may be the case that release tags and tags in a ghcr repo align, but that is not necessarily the case.
I think we should be using the Packages API rather than the Releases API.
https://docs.github.com/en/rest/packages/packages?apiVersion=2022-11-28#list-packages-for-a-user