Closed bdehamer closed 3 months ago
Latest commit: f7c876acc46501d8c4fcaf90650c01dbb076619b
The changes in this PR will be included in the next version bump.
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
Summary
Updates the
attachArtifactToImage
function in the@sigstore/oci
package to better detect registries which support the OCI referrers API.Previously we were depending on the presence of the
OCI-Subject
header in response to uploading the artifact manifest to determine if the registry supported the referrers API. This was not a reliable method as some registries (AWS ECR) will return this header even when they do NOT support the referrers API.As a fix, we're now pinging the referrers API directly to see if we get a 200 response. If we do, we can be confident that the registry supports the referrers API.