-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support uploading an ORAS Artifact Manifest type without a subject #361
Comments
Linking oras-project/distribution#9 |
Fixes oras-project#361 Does NOT fix oras-project/oras-go#206; since this client does not use the go library.
Fixes oras-project#361 Does NOT fix oras-project/oras-go#206; since this client does not use the go library. Signed-off-by: Nima Talebi <[email protected]>
Fixes oras-project#361 Does NOT fix oras-project/oras-go#206; since this client does not use the go library. Signed-off-by: Nima Talebi <[email protected]>
Fixes oras-project#361 Does NOT fix oras-project/oras-go#206; since this client does not use the go library. Signed-off-by: Nima Talebi <[email protected]>
The command above now can be substituted by
This command without I'm currently working on supporting this feature. |
Thanks @yuehaoliang-microsoft, Regardless of which manifest is used to persist, I'd suggest we use the
That pushing of artifacts that only contain annotations are being used to create root references for supply chain artifacts that represent non-deployed scenarios. For instance, we need to support shipping an SBOM for the Office 365 service. The user would push an artifact, with a reference of |
Thank you for your response, Steve! To clarify our previous thought (as discussed with @qweeah):
This command will push an For my understanding for your new suggestion, you'd like the the However, the subject of this issue mentioned that "uploading an ORAS artifact manifest type without a subject", so I'd like to confirm which type of manifest is preferred now. Also, a little confusion of my own, using Pushing of artifacts with annotations is out of scope for this issue, @junczhuMSFT is working on it. Please refer to #362. UPDATE:OCI Artifact and ORAS Artifact here it says
Therefore, using |
@SteveLasker Forgot to pin you in the above comments. Need some confirmation to continue the implementation. Thank you!! |
@SteveLasker I have few comments and elaborations on your suggestions.
The artifact type is different from the media type. However, given the fact that we use
Did you mean |
Thanks @shizhMSFT
Can you explain this? What I'm suggesting is we always present You bring up a good point that we need to account for scnearios when the user passes in
Your wording is more accurate. I couldn't think of another reason to call |
It is a separate issue. If we always present |
Would like to hear more. |
@SteveLasker Wait... There is an UX conflict. When the user do oras push --artifact-type some/type some/repo blablabla.txt we should always push an oras artifact manifest as long as |
To be clear, the changes are summarized as follows
2 PRs are required to address above changes. |
Closing as discussed with @SteveLasker that UX for uploading an ORAS artifact manifest without a subject is not supported in CLI. |
Repro Steps
Assuming you have $IMAGE, the following command works:
However, if I want to upload a readme file, that doesn't have a
subject
, I'm unable to exclude the--subject
field:The text was updated successfully, but these errors were encountered: