Closed bdehamer closed 4 months ago
Latest commit: a7dcff528d1e1fc58994b7f5645fd2f652299340
The changes in this PR will be included in the next version bump.
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
@ejahnGithub
gtm! should we also contain these 2
- application/vnd.docker.image.rootfs.diff.tar.gzip
- application/vnd.docker.container.image.v1+json
Those media types may be used when retrieving blobs, but would never appear in response to the /manifests
API so are not relevant here.
When an image is pushed to a registry, the tagged manifest may use any of a number of different content types:
When the OCI client in this package goes to verify the image digest, it needs to explicitly identify the different content types that it will accept. If the content type which was used to push the image is not present in the
Accept
header of the request, the repository will return a 404 -- making it appear it seem that the image does not exist.The change here is simply to expand the list of media types sent in the
Accept
header to encompass ALL of the types we may encounter in the wild -- ensuring that we can resolve the image regardless of its associated media type.See: https://github.com/actions/attest-build-provenance/issues/73