go.mod: bump github.com/docker/docker, docker/ci v28.5.0-dev #13093
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thaJeztah
force-pushed
the
use_transitional
branch
2 times, most recently
from
3a677c9 to
8732a2c
Compare
thaJeztah
changed the title
Rewrite to remove the `github.com/docker/docker/registry` dependency, which will not be included in the upcoming "api" and "client" modules, and will not be a public package in the module used for the daemon itself. 1. don't call "/info" API endpoint to get default registry The `IndexServerAddress` in the `/info` endpoint was added as part of the initial Windows implementation of the engine. For legal reasons, Microsoft Windows (and thus Docker images based on Windows) were not allowed to be distributed through non-Microsoft infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io" registry was created to serve Windows images. Using separate registries was not an ideal solution, and a more permanent solution was created by introducing "foreign image layers" in the distribution spec, after which the "registry-win-tp3.docker.io" ceased to exist, and removed from the engine through docker/docker PR 21100. However, the `ElectAuthServer` was left in place, quoting from that PR; > make the client check which default registry the daemon uses is still > more correct than leaving it up to the client, even if it won't technically > matter after this PR. There may be some backward compatibility scenarios > where `ElectAuthServer` [sic] is still helpful. That comment was 10 Years ago, and the CLI stopped using this information, as the default registry is not configurable, so in practice was a static value. (see docker/cli@b4ca1c7). 2. replace `ParseRepositoryInfo` and `GetAuthConfigKey` with local impl The `ParseRepositoryInfo` function was originally implemented for use by the daemon itself. It returns a `RepositoryInfo` struct that holds information about the repository and the registry the repository can be found in. As it was written for use by the daemon, it also was designed to be used in combination with the daemon's configuration (such as mirrors, and insecure registries). If no daemon configuration is present, which would be the case when used in a CLI, it uses fallback logic as used in the daemon to detect if the registry is running on a localhost / loopback address, because such addresses are allowed to be "insecure" by default; this includes resolving the IP-address of the host (if it's not an IP-address). Unfortunately, these functions (and related types) were reused in the CLI and many other places, which resulted in those types to be deeply ingrained in interfaces and (external) code. For compose; it was only used to get the "auth-config key" to use for looking up auth information from the credentials store, which still needs special handling for the "default" (docker hub) domain, which unlike other image references doesn't use the hostname included in the image reference for the actual registry (and key for storing auth). For those that want to follow along; First, note that `GetAuthConfig` only requires a `registry.IndexInfo`, so not the whole `RepositoryInfo` struct; https://github.com/moby/moby/blob/v28.3.3/registry/types.go#L8-L24 From the `registry.IndexInfo` it only uses the `IsOfficial` and `Name` fields; https://github.com/moby/moby/blob/v28.3.3/registry/config.go#L390-L395 But to get the `IndexInfo`, `ParseRepositoryInfo` is needed, which first takes the image reference's "domain name" (e.g. `docker.io`); https://github.com/moby/moby/blob/v28.3.3/registry/config.go#L421 This gets "normalized" for some cases where the `info.IndexServerAddress` was incorrectly assumed to be the canonical domain for Docker Hub registry, and which _does_ happen to also be accessible as a "v2" registry. https://github.com/moby/moby/blob/v28.3.3/registry/config.go#L334-L341 After normalizing, it checks if it's a docker hub address ("docker.io" after normalizing); Docker Hub is always required to use a secure connection, so no detection happens, and the `Official` field is set to indicate it's Docker Hub (this code path was already simplified as historically it would try to find daemon configuration (or otherwise use a default) for Mirror configuration; https://github.com/moby/moby/blob/v28.3.3/registry/config.go#L420-L443 For non-Docker Hub registries, it also sets the name, and attempts to detect if the registry is allowed to be "insecure"; https://github.com/moby/moby/blob/v28.3.3/registry/config.go#L435-L442 Which (as mentioned) involves parsing the address and, if needed, resolving the hostname https://github.com/moby/moby/blob/v28.3.3/registry/config.go#L445-L481 As `Insecure` is not used for looking up the auth-config key, all of the above can be reduced to; - Is the hostname obtained from the image reference "docker.io" (after normalizing)? - If so, use the special `https://index.docker.io/v1/` as auth-config key (another horrible remnant) - Otherwise use the hostname obtained from the image reference as-is Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
use_transitional
branch
from
8732a2c to
7b36de6
Compare
Testing the transitional "v28.4" release, which updates the v28.x version to migrate to the new moby/api and moby/client modules. Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
use_transitional
branch
from
7b36de6 to
1d92b9e
Compare
thaJeztah
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Testing the transitional "v28.5" release, which updates the v28.x
version to migrate to the new moby/api and moby/client modules.
testing;
in this variant, buildx has not been updated, and no local changes were made to either compose or buildx. Without this transitional package, compose fails to build if other dependencies (buildx in this case) have not transitioned to the new modules;
This variant aliases the old API package to the new module, so the API package only contains aliases (except for some things that should be pinned);
tree vendor/github.com/docker/docker/api vendor/github.com/docker/docker/api ├── README.md ├── common.go ├── swagger-gen.yaml ├── swagger.yaml └── types ├── aliases.go ├── auxprogress │ └── aliases.go ├── blkiodev │ └── aliases.go ├── build │ └── aliases.go ├── checkpoint │ └── aliases.go ├── common │ └── aliases.go ├── container │ └── aliases.go ├── events │ └── aliases.go ├── filters │ └── aliases.go ├── image │ └── aliases.go ├── mount │ └── aliases.go ├── network │ └── aliases.go ├── registry │ └── aliases.go ├── swarm │ └── aliases.go ├── system │ └── aliases.go ├── time │ └── aliases.go ├── types_deprecated.go ├── versions │ └── aliases.go └── volume └── aliases.goUnder the hood, it's already using the new module (
github.com/moby/moby/api);tree -d vendor/github.com/moby/moby/api vendor/github.com/moby/moby/api ├── stdcopy └── types ├── auxprogress ├── blkiodev ├── build ├── checkpoint ├── common ├── container ├── events ├── filters ├── image ├── mount ├── network ├── registry ├── storage ├── strslice ├── swarm │ └── runtime ├── system ├── time ├── versions └── volume(I'm using vendoring purely to show / illustrate what's used)
What I did
Related issue
(not mandatory) A picture of a cute animal, if possible in relation to what you did