fix: Use the right command to pull policies from oci registry

open-policy-agent / conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language

https://conftest.dev

Other

2.85k stars 303 forks source link

fix: Use the right command to pull policies from oci registry #920

Closed gasparev closed 7 months ago

gasparev commented 7 months ago

Fixes #919

jalseth commented 7 months ago

Is this necessary? The CI attached to this PR works without the oci:// prefix.

gasparev commented 7 months ago

Is this necessary? The CI attached to this PR works without the oci:// prefix.

It's needed to pull from the GCP Artifact Registry at least

jpreese commented 7 months ago

When using push and pull the protocol doesn't have to be oci so it doesn't feel like putting it in the documentation is the right move. The protocol could also be https://, file://, etc.

What is an example from pulling from Google Artifact Registry? It may be an issue in how we are detecting the URL, e.g. https://github.com/open-policy-agent/conftest/blob/master/downloader/oci_detector.go#L31

gasparev commented 7 months ago

When using push and pull the protocol doesn't have to be oci so it doesn't feel like putting it in the documentation is the right move. The protocol could also be https://, file://, etc.

What is an example from pulling from Google Artifact Registry? It may be an issue in how we are detecting the URL, e.g. https://github.com/open-policy-agent/conftest/blob/master/downloader/oci_detector.go#L31

That explains the issue I see. Host names for Artifact Registry Docker hosts end in -docker.pkg.dev.