Breaking Changes

Breaking changes are limited to the SDK in src/pkg/images

• ImageWithManifest type removed → replaced by PulledImage. Pull and UnPack now return this type.
  • Old: struct { Image transform.Image; Manifest ocispec.Manifest }
  • New: struct { Image transform.Image } — the Manifest field is gone. SDK users who relied on the returned manifest must fetch it themselves from the OCI store.
• PushOptions.Arch field removed. I believe this was never actually needed, we can just push the architectures that the layout includes.

Description

This implements pulling image indexes. It adds a version requirements so that Zarf can correctly pull the sha'd images. It also changes the deploy check to allow deploying to any node when an index sha image exists in the package.

When there are multiple container images pointed to an index, Zarf will create an SBOM for each image.

Pulling Indexes place a minimumVersionRequirement of v0.76.0. Also due to our pull logic not properly handling indexes, Zarf will panic if it tries to pull a package with indexes before this change.

I considered adding a metadata field, or requiring .metadata.architecture: multi for index pulls, but I think that will cause more confusion than improvements to the UX. We don't block users from pulling sha's of different digests. I'm hoping the log of the platform during pull will be enough of an indicator to those using index sha's mistakenly.

Related Issue

Relates to #2425. I'll probably close this is merged, but I want to comment on how this doesn't implement tags or specific architectures and ask the issue thread to make an issue if this is a feature they desire.

Checklist before merging

• Test, docs, adr added or updated as needed
• Contributor Guide Steps followed
• [ ]