Detect registries with referrers API support

[bdehamer]

Summary

Updates the attachArtifactToImage function in the @sigstore/oci package to better detect registries which support the OCI referrers API.

Previously we were depending on the presence of the OCI-Subject header in response to uploading the artifact manifest to determine if the registry supported the referrers API. This was not a reliable method as some registries (AWS ECR) will return this header even when they do NOT support the referrers API.

As a fix, we're now pinging the referrers API directly to see if we get a 200 response. If we do, we can be confident that the registry supports the referrers API.

[changeset-bot[bot]]

🦋 Changeset detected

Latest commit: f7c876acc46501d8c4fcaf90650c01dbb076619b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

| Name | Type | | ------------- | ----- | | @sigstore/oci | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR