fix extract for oci files#529
Merged
zackbradys merged 2 commits intohauler-dev:mainfrom Mar 10, 2026
Merged
Conversation
Signed-off-by: Adam Martin <[email protected]>
amartin120
added
bug
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes hauler store extract for OCI artifacts that use custom layer media types (but still use standard OCI/Docker image config media types), ensuring titled layers are written to disk instead of being silently discarded.
Changes:
- Update
FromManifestto route OCI/Docker-config manifests toFiles()when layerAnnotationTitleis present, otherwise keepImages()behavior. - Introduce a
DefaultCatchAllmapper key plus aDefault()mapper for unknown config types (write blobs by title or digest). - Update the file-store pusher to fall back to the catch-all mapper and to treat
""filenames as “discard”.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| internal/mapper/mappers.go | Adds title-based selection logic, introduces DefaultCatchAll + Default() catch-all mapper, and extends Files() with a catch-all for custom layer media types. |
| internal/mapper/filestore.go | Adds catch-all mapper fallback during push and discards descriptors when mapper returns an empty filename. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Adam Martin <[email protected]>
zackbradys
approved these changes
Mar 10, 2026
zackbradys
added a commit
that referenced
this pull request
Apr 8, 2026
* fix: handling of file referenced dependencies without repository field (#514) co-authored-by: devleitner <[email protected]> * bump go.opentelemetry.io/otel/sdk (#520) bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go). updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.40.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dev.md file (#521) * smaller changes and updates for v1.4.2 release (#524) * smaller changes and updates for v1.4.2 release * removed unused env variable * over-"haul": replace oras v1 and cosign fork with native containerd-based implementation (#515) * remove oras from hauler Signed-off-by: Adam Martin <[email protected]> * remove cosign fork and use upstream cosign for verification Signed-off-by: Adam Martin <[email protected]> * added support for oci referrers Signed-off-by: Adam Martin <[email protected]> * updated README.md projects list Signed-off-by: Adam Martin <[email protected]> * updates for copilot PR review Signed-off-by: Adam Martin <[email protected]> * bug fix for unsafe type assertions Signed-off-by: Adam Martin <[email protected]> * bug fix for http getter and dead code Signed-off-by: Adam Martin <[email protected]> * fixes for more clarity and better error handling Signed-off-by: Adam Martin <[email protected]> * bug fix for resource leaks and unchecked errors Signed-off-by: Adam Martin <[email protected]> * bug fix for rewrite logic for docker.io images due to cosign removal Signed-off-by: Adam Martin <[email protected]> * bug fix for sigs and referrers Signed-off-by: Adam Martin <[email protected]> * bug fix for index.json missing mediatype Signed-off-by: Adam Martin <[email protected]> * bug fix to make sure manifest.json doesnt include anything other than actual container images Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * bump github.com/docker/cli in the go_modules group across 1 directory (#526) bumps the go_modules group with 1 update in the / directory: [github.com/docker/cli](https://github.com/docker/cli). updates `github.com/docker/cli` from 29.0.3+incompatible to 29.2.0+incompatible - [Commits](docker/cli@v29.0.3...v29.2.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.2.0+incompatible dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * removed deprecated code (#528) * removed deprecated code * removed all supported for v1alpha1 * fix extract for oci files (#529) * fix extract for oci files Signed-off-by: Adam Martin <[email protected]> * have extract guard against path traversal Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * improved test coverage (#530) * improved test coverage Signed-off-by: Adam Martin <[email protected]> * adjusted mapper_test for oddball oci files Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * adjust extract to handle an image index appropriately (#531) * adjust extract to handle images and image indices appropriately Signed-off-by: Adam Martin <[email protected]> * updates for review feedback Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * fix dockerhub default host bug (#534) Signed-off-by: Adam Martin <[email protected]> * adjust hauler's kind annotation to not reflect cosign (#535) Signed-off-by: Adam Martin <[email protected]> * bump google.golang.org/grpc in the go_modules group across 1 directory (#536) bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). updates `google.golang.org/grpc` from 1.78.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.78.0...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add cherry-pick workflow for release branches (#533) this workflow automates cherry-picking changes from merged pull requests to specified release branches based on comments... it handles permission checks, version parsing, and conflict resolution during the cherry-pick process. Signed-off-by: Camryn Carter <[email protected]> * images.txt testdata file (#539) * fix keep registry logic (#537) * fixed keep registry logic * trim library/ * updated test * test updates * option to sync images.txt files natively (#538) * sync images.txt files * test worklflow sync w image list * images.txt * chunk the haul (#519) * chunk the haul * validate numeric suffix on join * enforce valid chunk size * containerd warning * updated test.go files * bump github.com/go-jose/go-jose/v4 (#542) bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * allow multiple prefix references (#532) * allow multiple prefix references * fixed some duplications * add optional flag for excluding extra artifacts when pulling from a registry (#541) * add optional flag for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <[email protected]> * add optional flag to charts for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Adam Martin <[email protected]> Signed-off-by: Camryn Carter <[email protected]> Co-authored-by: devLeitner <[email protected]> Co-authored-by: devleitner <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Camryn Carter <[email protected]> Co-authored-by: Adam Martin <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please check below, if the PR fulfills these requirements:
Associated Links:
Types of Changes:
Proposed Changes:
hauler store extractcertain custom media-typed OCI artifacts pulled from a registry.Verification/Testing of Changes:
Additional Context: