Merge pull request #3 from cert-manager/library_simplify

cert-manager-prow[bot] · web-flow · commit df69a6079f1d · 2025-04-29T09:53:41.000Z
Make the logic in pkg/ more easily reusable in other libraries
diff --git a/cmd/append_layers.go b/cmd/append_layers.go
@@ -19,6 +19,7 @@ package cmd
 import (
 	"archive/tar"
 	"bytes"
+	"fmt"
 	"io"
 	"io/fs"
 	"os"
@@ -59,13 +60,12 @@ var CommandAppendLayers = cobra.Command{
 			}
 
 			index, err = pkg.MutateOCITree(
-				index,
-				func(index v1.ImageIndex) v1.ImageIndex {
-					return index
-				},
-				func(img v1.Image) v1.Image {
+				index, nil,
+				func(img v1.Image) (v1.Image, error) {
 					imgMediaType, err := img.MediaType()
-					must("could not get image media type", err)
+					if err != nil {
+						return nil, fmt.Errorf("could not get image media type: %w", err)
+					}
 
 					layerType := types.DockerLayer
 					if imgMediaType == types.OCIManifestSchema1 {
@@ -74,17 +74,19 @@ var CommandAppendLayers = cobra.Command{
 
 					for _, untypedLayer := range layers {
 						layer, err := untypedLayer.ToLayer(layerType)
-						must("could not load image layer", err)
+						if err != nil {
+							return nil, fmt.Errorf("could not load image layer: %w", err)
+						}
 
 						img, err = mutate.AppendLayers(img, layer)
-						must("could not append layer", err)
+						if err != nil {
+							return nil, fmt.Errorf("could not append layer: %w", err)
+						}
 					}
 
-					return img
-				},
-				func(descriptor v1.Descriptor) v1.Descriptor {
-					return descriptor
+					return img, nil
 				},
+				nil,
 			)
 			must("could not modify oci tree", err)
 
diff --git a/cmd/convert_to_docker_tar.go b/cmd/convert_to_docker_tar.go
@@ -17,6 +17,7 @@ limitations under the License.
 package cmd
 
 import (
+	"fmt"
 	"runtime"
 
 	"github.com/google/go-containerregistry/pkg/name"
@@ -43,9 +44,34 @@ var CommandConvertToDockerTar = cobra.Command{
 		index, err := ociLayout.ImageIndex()
 		must("could not load oci image index", err)
 
-		images, err := pkg.FindImagesInOCITree(index, func(desc v1.Descriptor) bool {
-			return desc.Platform != nil && desc.Platform.Architecture == runtime.GOARCH
-		})
+		var images []v1.Image
+		err = pkg.SearchOCITree(index, nil,
+			func(descriptors []*v1.Descriptor, image v1.Image) error {
+				var platform *v1.Platform
+
+				for _, desc := range descriptors {
+					if desc.Platform != nil {
+						platform = desc.Platform
+					}
+				}
+
+				{
+					cfg, err := image.ConfigFile()
+					if err != nil {
+						return fmt.Errorf("could not load image config: %w", err)
+					}
+					if imgPlatform := cfg.Platform(); imgPlatform != nil {
+						platform = imgPlatform
+					}
+				}
+
+				if platform != nil && platform.Architecture == runtime.GOARCH {
+					images = append(images, image)
+				}
+
+				return nil
+			},
+		)
 		must("could not find images", err)
 
 		switch {
diff --git a/cmd/reset_annotations.go b/cmd/reset_annotations.go
@@ -17,6 +17,8 @@ limitations under the License.
 package cmd
 
 import (
+	"fmt"
+
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/layout"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
@@ -41,21 +43,25 @@ var CommandResetLabelsAndAnnotations = cobra.Command{
 
 			index, err = pkg.MutateOCITree(
 				index,
-				func(index v1.ImageIndex) v1.ImageIndex {
-					return pkg.ReplaceImageIndexAnnotations(index, map[string]string{})
-				}, func(image v1.Image) v1.Image {
+				func(index v1.ImageIndex) (v1.ImageIndex, error) {
+					return pkg.ReplaceImageIndexAnnotations(index, map[string]string{}), nil
+				}, func(image v1.Image) (v1.Image, error) {
 					configFile, err := image.ConfigFile()
-					must("could not parse config file", err)
+					if err != nil {
+						return nil, fmt.Errorf("could not parse config file: %w", err)
+					}
 
 					configFile.Config.Labels = map[string]string{}
 
 					image, err = mutate.ConfigFile(image, configFile)
-					must("could not replace config file", err)
+					if err != nil {
+						return nil, fmt.Errorf("could not replace config file: %w", err)
+					}
 
-					return pkg.ReplaceImageAnnotations(image, map[string]string{})
-				}, func(descriptor v1.Descriptor) v1.Descriptor {
+					return pkg.ReplaceImageAnnotations(image, map[string]string{}), nil
+				}, func(descriptor v1.Descriptor) (v1.Descriptor, error) {
 					descriptor.Annotations = map[string]string{}
-					return descriptor
+					return descriptor, nil
 				},
 			)
 			must("could not modify oci tree", err)
diff --git a/pkg/find_images.go b/pkg/find_images.go
diff --git a/pkg/mutate_oci.go b/pkg/mutate_oci.go
@@ -24,9 +24,9 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
 )
 
-type IndexMutateFn func(index v1.ImageIndex) v1.ImageIndex
-type ImageMutateFn func(image v1.Image) v1.Image
-type DescriptorMutateFn func(descriptor v1.Descriptor) v1.Descriptor
+type IndexMutateFn func(index v1.ImageIndex) (v1.ImageIndex, error)
+type ImageMutateFn func(image v1.Image) (v1.Image, error)
+type DescriptorMutateFn func(descriptor v1.Descriptor) (v1.Descriptor, error)
 
 func MutateOCITree(
 	index v1.ImageIndex,
@@ -49,8 +49,12 @@ func MutateOCITree(
 				return nil, fmt.Errorf("could not load oci image from digest: %w", err)
 			}
 
-			childImg = mutImageFn(childImg)
-
+			if mutImageFn != nil {
+				childImg, err = mutImageFn(childImg)
+				if err != nil {
+					return nil, fmt.Errorf("could not mutate oci image: %w", err)
+				}
+			}
 			child = childImg
 		case descriptor.MediaType.IsIndex():
 			childIndex, err := index.ImageIndex(descriptor.Digest)
@@ -62,31 +66,43 @@ func MutateOCITree(
 			if err != nil {
 				return nil, err
 			}
-
 			child = childIndex
 		default:
 			continue
 		}
 
-		digest, err := child.Digest()
+		oldDigest := descriptor.Digest
+		newDigest, err := child.Digest()
 		if err != nil {
 			return nil, fmt.Errorf("could not get image digest: %w", err)
 		}
-
-		size, err := child.Size()
+		newSize, err := child.Size()
 		if err != nil {
 			return nil, fmt.Errorf("could not get image size: %w", err)
 		}
 
+		descriptor.Digest = newDigest
+		descriptor.Size = newSize
+		if mutDescriptorFn != nil {
+			descriptor, err = mutDescriptorFn(descriptor)
+			if err != nil {
+				return nil, fmt.Errorf("could not mutate descriptor: %w", err)
+			}
+		}
+
 		// Remove descriptor from index and re-add descriptor
-		index = mutate.RemoveManifests(index, match.Digests(descriptor.Digest))
-		descriptor.Digest = digest
-		descriptor.Size = size
+		index = mutate.RemoveManifests(index, match.Digests(oldDigest))
 		index = mutate.AppendManifests(index, mutate.IndexAddendum{
 			Add:        child,
-			Descriptor: mutDescriptorFn(descriptor),
+			Descriptor: descriptor,
 		})
 	}
 
-	return mutIndexFn(index), nil
+	if mutIndexFn != nil {
+		index, err = mutIndexFn(index)
+		if err != nil {
+			return nil, fmt.Errorf("could not mutate index: %w", err)
+		}
+	}
+	return index, nil
 }
diff --git a/pkg/search_oci.go b/pkg/search_oci.go
@@ -0,0 +1,83 @@
+/*
+Copyright 2025 The cert-manager Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package pkg
+
+import (
+	"fmt"
+	"slices"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+)
+
+type IndexSearchFn func(descriptors []*v1.Descriptor, index v1.ImageIndex) error
+type ImageSearchFn func(descriptors []*v1.Descriptor, image v1.Image) error
+
+func SearchOCITree(
+	index v1.ImageIndex,
+	searchIndexFn IndexSearchFn,
+	searchImageFn ImageSearchFn,
+) error {
+	return searchOCITree(index, nil, searchIndexFn, searchImageFn)
+}
+
+func searchOCITree(
+	index v1.ImageIndex,
+	descriptors []*v1.Descriptor,
+	searchIndexFn IndexSearchFn,
+	searchImageFn ImageSearchFn,
+) error {
+	manifest, err := index.IndexManifest()
+	if err != nil {
+		return fmt.Errorf("could not load oci image manifest: %w", err)
+	}
+
+	for _, descriptor := range manifest.Manifests {
+		childDescriptors := append(slices.Clip(descriptors), &descriptor)
+		switch {
+		case descriptor.MediaType.IsImage():
+			childImg, err := index.Image(descriptor.Digest)
+			if err != nil {
+				return fmt.Errorf("could not load oci image from digest: %w", err)
+			}
+
+			if searchImageFn != nil {
+				if err := searchImageFn(childDescriptors, childImg); err != nil {
+					return fmt.Errorf("could not mutate oci image: %w", err)
+				}
+			}
+		case descriptor.MediaType.IsIndex():
+			childIndex, err := index.ImageIndex(descriptor.Digest)
+			if err != nil {
+				return fmt.Errorf("could not load oci image index from digest: %w", err)
+			}
+
+			if err := searchOCITree(childIndex, childDescriptors, searchIndexFn, searchImageFn); err != nil {
+				return err
+			}
+		default:
+			continue
+		}
+	}
+
+	if searchIndexFn != nil {
+		if err := searchIndexFn(descriptors, index); err != nil {
+			return fmt.Errorf("could not mutate index: %w", err)
+		}
+	}
+
+	return nil
+}
diff --git a/test/test.Dockerfile b/test/test.Dockerfile
