bump github.com/moby/buildkit to v0.13.0 (#351)

* bump github.com/moby/buildkit to v0.13.0 Signed-off-by: Nianyu Shen <nianyu@spectrocloud.com> * fix: update dep usage based on newer version Signed-off-by: Nianyu Shen <nianyu@spectrocloud.com> * remove empty line Signed-off-by: Nianyu Shen <nianyu@spectrocloud.com> * ci: bump golang to 1.21.x * Bump moby * debug --------- Signed-off-by: Nianyu Shen <nianyu@spectrocloud.com> Co-authored-by: Nianyu Shen <nianyu@spectrocloud.com>
2025-09-27 07:33:24 +00:00 · 2024-03-15 09:26:32 +01:00
parent c47bf4833a
commit 4c788ccbd1
1779 changed files with 127547 additions and 71408 deletions
--- a/vendor/github.com/google/go-containerregistry/pkg/crane/options.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/options.go
@@ -16,6 +16,7 @@ package crane

 import (
 	"context"
+	"crypto/tls"
 	"net/http"

 	"github.com/google/go-containerregistry/pkg/authn"
@@ -29,6 +30,10 @@ type Options struct {
 	Name     []name.Option
 	Remote   []remote.Option
 	Platform *v1.Platform
+	Keychain authn.Keychain
+
+	transport http.RoundTripper
+	insecure  bool
 }

 // GetOptions exposes the underlying []remote.Option, []name.Option, and
@@ -44,10 +49,24 @@ func makeOptions(opts ...Option) Options {
 		Remote: []remote.Option{
 			remote.WithAuthFromKeychain(authn.DefaultKeychain),
 		},
+		Keychain: authn.DefaultKeychain,
 	}
+
 	for _, o := range opts {
 		o(&opt)
 	}
+
+	// Allow for untrusted certificates if the user
+	// passed Insecure but no custom transport.
+	if opt.insecure && opt.transport == nil {
+		transport := remote.DefaultTransport.(*http.Transport).Clone()
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: true, //nolint: gosec
+		}
+
+		WithTransport(transport)(&opt)
+	}
+
 	return opt
 }

@@ -55,16 +74,21 @@ func makeOptions(opts ...Option) Options {
 type Option func(*Options)

 // WithTransport is a functional option for overriding the default transport
-// for remote operations.
+// for remote operations. Setting a transport will override the Insecure option's
+// configuration allowing for image registries to use untrusted certificates.
 func WithTransport(t http.RoundTripper) Option {
 	return func(o *Options) {
 		o.Remote = append(o.Remote, remote.WithTransport(t))
+		o.transport = t
 	}
 }

 // Insecure is an Option that allows image references to be fetched without TLS.
+// This will also allow for untrusted (e.g. self-signed) certificates in cases where
+// the default transport is used (i.e. when WithTransport is not used).
 func Insecure(o *Options) {
 	o.Name = append(o.Name, name.Insecure)
+	o.insecure = true
 }

 // WithPlatform is an Option to specify the platform.
@@ -86,6 +110,7 @@ func WithAuthFromKeychain(keys authn.Keychain) Option {
 	return func(o *Options) {
 		// Replace the default keychain at position 0.
 		o.Remote[0] = remote.WithAuthFromKeychain(keys)
+		o.Keychain = keys
 	}
 }

@@ -108,6 +133,14 @@ func WithUserAgent(ua string) Option {
 	}
 }

+// WithNondistributable is an option that allows pushing non-distributable
+// layers.
+func WithNondistributable() Option {
+	return func(o *Options) {
+		o.Remote = append(o.Remote, remote.WithNondistributable)
+	}
+}
+
 // WithContext is a functional option for setting the context.
 func WithContext(ctx context.Context) Option {
 	return func(o *Options) {