-
Notifications
You must be signed in to change notification settings - Fork 18.9k
Expand file tree
/
Copy pathimage_push.go
More file actions
98 lines (86 loc) · 3 KB
/
image_push.go
File metadata and controls
98 lines (86 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package client
import (
"context"
"encoding/json"
"errors"
"fmt"
"io"
"iter"
"net/http"
"net/url"
cerrdefs "github.com/containerd/errdefs"
"github.com/distribution/reference"
"github.com/moby/moby/api/types/jsonstream"
"github.com/moby/moby/api/types/registry"
"github.com/moby/moby/client/internal"
)
type ImagePushResponse interface {
io.ReadCloser
JSONMessages(ctx context.Context) iter.Seq2[jsonstream.Message, error]
Wait(ctx context.Context) error
}
// ImagePush requests the docker host to push an image to a remote registry.
// It executes the privileged function if the operation is unauthorized
// and it tries one more time.
// Callers can
// - use [ImagePushResponse.Wait] to wait for push to complete
// - use [ImagePushResponse.JSONMessages] to monitor pull progress as a sequence
// of JSONMessages, [ImagePushResponse.Close] does not need to be called in this case.
// - use the [io.Reader] interface and call [ImagePushResponse.Close] after processing.
func (cli *Client) ImagePush(ctx context.Context, image string, options ImagePushOptions) (ImagePushResponse, error) {
ref, err := reference.ParseNormalizedNamed(image)
if err != nil {
return nil, err
}
if _, ok := ref.(reference.Digested); ok {
return nil, errors.New("cannot push a digest reference")
}
query := url.Values{}
if !options.All {
ref = reference.TagNameOnly(ref)
if tagged, ok := ref.(reference.Tagged); ok {
query.Set("tag", tagged.Tag())
}
}
if options.Platform != nil {
if err := cli.requiresVersion(ctx, "1.46", "platform"); err != nil {
return nil, err
}
p := *options.Platform
pJson, err := json.Marshal(p)
if err != nil {
return nil, fmt.Errorf("invalid platform: %v", err)
}
query.Set("platform", string(pJson))
}
resp, err := cli.tryImagePush(ctx, ref.Name(), query, staticAuth(options.RegistryAuth))
if cerrdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil {
resp, err = cli.tryImagePush(ctx, ref.Name(), query, options.PrivilegeFunc)
}
if err != nil {
return nil, err
}
return internal.NewJSONMessageStream(resp.Body), nil
}
func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, resolveAuth registry.RequestAuthConfig) (*http.Response, error) {
hdr := http.Header{}
if resolveAuth != nil {
registryAuth, err := resolveAuth(ctx)
if err != nil {
return nil, err
}
if registryAuth != "" {
hdr.Set(registry.AuthHeader, registryAuth)
}
}
// Always send a body (which may be an empty JSON document ("{}")) to prevent
// EOF errors on older daemons which had faulty fallback code for handling
// authentication in the body when no auth-header was set, resulting in;
//
// Error response from daemon: bad parameters and missing X-Registry-Auth: invalid X-Registry-Auth header: EOF
//
// We use [http.NoBody], which gets marshaled to an empty JSON document.
//
// see: https://github.com/moby/moby/commit/ea29dffaa541289591aa44fa85d2a596ce860e16
return cli.post(ctx, "/images/"+imageID+"/push", query, http.NoBody, hdr)
}