Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/google/go-containerregistry

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/google/go-containerregistry

  • v0.20.2
  • Source
  • Go
  • Socket score

Version published
Created
Source

go-containerregistry

GitHub Actions Build Status GoDoc Code Coverage

Introduction

This is a golang library for working with container registries. It's largely based on the Python library of the same name.

The following diagram shows the main types that this library handles. OCI image representation

Philosophy

The overarching design philosophy of this library is to define interfaces that present an immutable view of resources (e.g. Image, Layer, ImageIndex), which can be backed by a variety of medium (e.g. registry, tarball, daemon, ...).

To complement these immutable views, we support functional mutations that produce new immutable views of the resulting resource (e.g. mutate). The end goal is to provide a set of versatile primitives that can compose to do extraordinarily powerful things efficiently and easily.

Both the resource views and mutations may be lazy, eager, memoizing, etc, and most are optimized for common paths based on the tooling we have seen in the wild (e.g. writing new images from disk to the registry as a compressed tarball).

Experiments

Over time, we will add new functionality under experimental environment variables listed here.

Env VarValue(s)What is does
GGCR_EXPERIMENT_ESTARGZ"1"⚠️DEPRECATED⚠️: When enabled this experiment will direct tarball.LayerFromOpener to emit estargz compatible layers, which enable them to be lazily loaded by an appropriately configured containerd.

v1.Image

Sources
Sinks

v1.ImageIndex

Sources
Sinks

v1.Layer

Sources
Sinks

Overview

mutate

The simplest use for these libraries is to read from one source and write to another.

For example,

  • crane pull is remote.Image -> tarball.Write,
  • crane push is tarball.Image -> remote.Write,
  • crane cp is remote.Image -> remote.Write.

However, often you actually want to change something about an image. This is the purpose of the mutate package, which exposes some commonly useful things to change about an image.

partial

If you're trying to use this library with a different source or sink than it already supports, it can be somewhat cumbersome. The Image and Layer interfaces are pretty wide, with a lot of redundant information. This is somewhat by design, because we want to expose this information as efficiently as possible where we can, but again it is a pain to implement yourself.

The purpose of the partial package is to make implementing a v1.Image much easier, by filling in all the derived accessors for you if you implement a minimal subset of v1.Image.

transport

You might think our abstractions are bad and you just want to authenticate and send requests to a registry.

This is the purpose of the transport and authn packages.

Tools

This repo hosts some tools built on top of the library.

crane

crane is a tool for interacting with remote images and registries.

gcrane

gcrane is a GCR-specific variant of crane that has richer output for the ls subcommand and some basic garbage collection support.

krane

krane is a drop-in replacement for crane that supports common Kubernetes-based workload identity mechanisms using k8schain as a fallback to traditional authentication mechanisms.

k8schain

k8schain implements the authentication semantics used by kubelets in a way that is easily consumable by this library.

k8schain is not a standalone tool, but it is linked here for visibility.

Emeritus: ko

This tool was originally developed in this repo but has since been moved to its own repo.

FAQs

Package last updated on 06 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc