Previous to this commit, Client::push would return a Result<String> object. The embedded String would be the URL of the image just pushed to the registry.
There are however more URLs that are returned by an OCI registry upon a successful push: image URL, config URL and manifest URL.
These URLs cab be useful too, hence the code has been changed so that all of them are returned back.
The manifest URL for example can be pretty useful. The URL contains the manifest digest of the image, which can be used to pull the contents in an immutable way.
Having the manifest digest at hand is useful also when a freshly pushed OCI image/artifact has to be signed with something like Sigstore.
In that case, it's a best practice to sign the content by its immutable address, rather than by its tag.
Having the Client::push API return the manifest digest allows safer signing of contents that prevents both race conditions and malicious actors (including the registry).
Previous to this commit,
Client::push
would return aResult<String>
object. The embedded String would be the URL of the image just pushed to the registry.There are however more URLs that are returned by an OCI registry upon a successful push: image URL, config URL and manifest URL. These URLs cab be useful too, hence the code has been changed so that all of them are returned back.
The manifest URL for example can be pretty useful. The URL contains the manifest digest of the image, which can be used to pull the contents in an immutable way.
Having the manifest digest at hand is useful also when a freshly pushed OCI image/artifact has to be signed with something like Sigstore. In that case, it's a best practice to sign the content by its immutable address, rather than by its tag.
Having the
Client::push
API return the manifest digest allows safer signing of contents that prevents both race conditions and malicious actors (including the registry).For more details check this detailed blog post about Sigstore: https://blog.chainguard.dev/zero-friction-keyless-signing-with-github-actions/