Merge pull request #262 from concourse/bump-go-containerregistry

Bump go-containerregistry v0.1.3 -> v0.4.0 & use remote.MultiWrite

commands/out.go

@@ -186,61 +186,70 @@ func (o *Out) Execute() error {
 }
 
 func put(req resource.OutRequest, img v1.Image, tags []name.Tag) error {
-	auth := &authn.Basic{
-		Username: req.Source.Username,
-		Password: req.Source.Password,
+	images := map[name.Reference]remote.Taggable{}
+	var identifiers []string
+	for _, tag := range tags {
+		images[tag] = img
+		identifiers = append(identifiers, tag.Identifier())
 	}
 
-	var notaryConfigDir string
-	var err error
+	logrus.Infof("pushing tag(s) %s", strings.Join(identifiers, ", "))
+	err := remote.MultiWrite(images, remote.WithAuth(createAuth(req)))
+	if err != nil {
+		return fmt.Errorf("pushing tag(s): %w", err)
+	}
+
+	logrus.Info("pushed")
+
 	if req.Source.ContentTrust != nil {
-		notaryConfigDir, err = req.Source.ContentTrust.PrepareConfigDir()
+		err = signImages(req, img, tags)
 		if err != nil {
-			return fmt.Errorf("prepare notary-config-dir: %w", err)
+			return fmt.Errorf("signing image(s): %w", err)
 		}
 	}
 
-	for _, tag := range tags {
-		logrus.Infof("pushing to tag %s", tag.Identifier())
+	return nil
+}
+
+func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error {
+	var notaryConfigDir string
+	var err error
+	notaryConfigDir, err = req.Source.ContentTrust.PrepareConfigDir()
+	if err != nil {
+		return fmt.Errorf("prepare notary-config-dir: %w", err)
+	}
 
-		err = remote.Write(tag, img, remote.WithAuth(auth))
+	for _, tag := range tags {
+		trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createAuth(req))
 		if err != nil {
-			return fmt.Errorf("tag image: %w", err)
+			return fmt.Errorf("create TrustedGcrRepository: %w", err)
 		}
 
-		logrus.Info("pushed")
-
-		if notaryConfigDir != "" {
-			trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, auth)
-			if err != nil {
-				return fmt.Errorf("create TrustedGcrRepository: %w", err)
-			}
-
-			logrus.Info("signing image")
+		logrus.Infof("signing image with tag: %s", tag.Identifier())
 
-			err = trustedRepo.SignImage(img)
-			if err != nil {
-				logrus.Errorf("failed to sign image: %s", err)
-			}
+		err = trustedRepo.SignImage(img)
+		if err != nil {
+			logrus.Errorf("failed to sign image: %s", err)
 		}
 	}
 
 	return nil
 }
 
-func aliasesToBump(req resource.OutRequest, repo name.Repository, ver *semver.Version) ([]name.Tag, error) {
-	variant := req.Source.Variant
-
-	auth := &authn.Basic{
+// It's okay if both are blank. It will become an Anonymous Authenticator in
+// that case.
+func createAuth(req resource.OutRequest) *authn.Basic {
+	return &authn.Basic{
 		Username: req.Source.Username,
 		Password: req.Source.Password,
 	}
+}
 
-	opts := []remote.Option{}
+func aliasesToBump(req resource.OutRequest, repo name.Repository, ver *semver.Version) ([]name.Tag, error) {
+	variant := req.Source.Variant
 
-	if auth.Username != "" && auth.Password != "" {
-		opts = append(opts, remote.WithAuth(auth))
-	}
+	opts := []remote.Option{}
+	opts = append(opts, remote.WithAuth(createAuth(req)))
 
 	versions, err := remote.List(repo, opts...)
 	if err != nil {

go.mod

@@ -7,8 +7,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/concourse/go-archive v1.0.1
 	github.com/fatih/color v1.9.0
-	github.com/google/go-containerregistry v0.1.3
-	github.com/kr/pretty v0.2.0 // indirect
+	github.com/google/go-containerregistry v0.4.0
 	github.com/lib/pq v1.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.6 // indirect
 	github.com/mitchellh/mapstructure v1.3.1 // indirect