containerify 3.0.1 → 3.1.1

package/README.md

@@ -45,7 +45,7 @@ This will take the `nginx:alpine` image, and copy the files from `./dist/` into
 
 1. Create the repository in GitLab
 2. Login using your username and password, [CI-credentials](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html), or [obtain a token from GitLab](https://docs.gitlab.com/ee/api/container_registry.html#obtain-token-from-gitlab)
-3. Example using CI-credentials `containerify --toToken "Basic $(echo -n '${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}' | base64)" --to registry.gitlab.com/<Gitlab organisation>/<repository>:<tag>`
+3. Example using CI-credentials `containerify --toToken "Basic $(echo -n "${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}" | base64)" --to registry.gitlab.com/<Gitlab organisation>/<repository>:<tag>`
 
 ### Command line options
 
@@ -80,6 +80,7 @@ Options:
   --setTimeStamp <timestamp>     Optional: Set a specific ISO 8601 timestamp on all entries (e.g. git commit hash). Default: 1970 in tar files, and current time on manifest/config
   --verbose                      Verbose logging
   --allowInsecureRegistries      Allow insecure registries (with self-signed/untrusted cert)
+  --allowNoPushAuth              Allow pushing images without authentication/token if the registry allows it
   --customContent <dirs/files>   Optional: Skip normal node_modules and applayer and include specified root folder files/directories instead. You can specify as
                                  local-path:absolute-container-path if you want to place it in a specific location
   --extraContent <dirs/files>    Optional: Add specific content. Specify as local-path:absolute-container-path,local-path2:absolute-container-path2 etc

package/lib/cli.js

@@ -53,6 +53,7 @@ const possibleArgs = {
     "--setTimeStamp <timestamp>": "Optional: Set a specific ISO 8601 timestamp on all entries (e.g. git commit hash). Default: 1970 in tar files, and current time on manifest/config",
     "--verbose": "Verbose logging",
     "--allowInsecureRegistries": "Allow insecure registries (with self-signed/untrusted cert)",
+    "--allowNoPushAuth": "Allow pushing images without a authentication/token to registries that allow it",
     "--customContent <dirs/files>": "Optional: Skip normal node_modules and applayer and include specified root folder files/directories instead. You can specify as local-path:absolute-container-path if you want to place it in a specific location",
     "--extraContent <dirs/files>": "Optional: Add specific content. Specify as local-path:absolute-container-path,local-path2:absolute-container-path2 etc",
     "--layerOwner <gid:uid>": "Optional: Set specific gid and uid on files in the added layers",
@@ -196,7 +197,7 @@ exitWithErrorIf(!options.folder, "--folder must be specified");
 exitWithErrorIf(!options.fromImage, "--fromImage must be specified");
 exitWithErrorIf(!options.toImage, "--toImage must be specified");
 exitWithErrorIf(!options.toRegistry && !options.toTar && !options.toDocker, "Must specify either --toTar, --toRegistry or --toDocker");
-exitWithErrorIf(!!options.toRegistry && !options.toToken, "A token must be given when uploading to docker hub");
+exitWithErrorIf(!!options.toRegistry && !options.toToken && !options.allowNoPushAuth, "A token must be provided when uploading images");
 if (options.toRegistry && !options.toRegistry.endsWith("/"))
     options.toRegistry += "/";
 if (options.fromRegistry && !options.fromRegistry.endsWith("/"))
@@ -250,9 +251,6 @@ function run(options) {
             yield tarExporter_1.default.saveToTar(todir, tmpdir, options.toTar, [options.toImage], options);
         }
         if (options.toRegistry) {
-            if (!options.token && allowInsecure == types_1.InsecureRegistrySupport.NO) {
-                throw new Error("Need auth token to upload to " + options.toRegistry);
-            }
             const toRegistry = yield (0, registry_1.createRegistry)(options.toRegistry, options.toImage, allowInsecure, options.toToken, options.optimisticToRegistryCheck);
             yield toRegistry.upload(options.toImage, todir, options.doCrossMount, originalManifest, options.fromImage);
         }

package/lib/registry.js

@@ -98,11 +98,13 @@ function uploadContent(uploadUrl, file, fileConfig, allowInsecure, auth, content
         let url = uploadUrl;
         if (fileConfig.digest)
             url += (url.indexOf("?") == -1 ? "?" : "&") + "digest=" + fileConfig.digest;
-        const options = (0, httpRequest_1.createHttpOptions)("PUT", url, {
-            authorization: auth,
+        const headers = {
             "content-length": fileConfig.size,
             "content-type": contentType,
-        });
+        };
+        if (auth)
+            headers.authorization = auth;
+        const options = (0, httpRequest_1.createHttpOptions)("PUT", url, headers);
         logger_1.default.debug(options.method, url);
         const req = (0, httpRequest_1.request)(options, allowInsecure, (res) => {
             var _a;
@@ -128,19 +130,12 @@ function processToken(registryBaseUrl, allowInsecure, imagePath, token) {
     return __awaiter(this, void 0, void 0, function* () {
         const { hostname } = URL.parse(registryBaseUrl);
         const image = (0, utils_1.parseImage)(imagePath);
-        if ((hostname === null || hostname === void 0 ? void 0 : hostname.endsWith(".docker.io")) && !token) {
-            const resp = yield (0, httpRequest_1.dlJson)(`https://auth.docker.io/token?service=registry.docker.io&scope=repository:${image.path}:pull`, {}, allowInsecure);
-            return `Bearer ${resp.token}`;
-        }
-        if ((hostname === null || hostname === void 0 ? void 0 : hostname.endsWith(".gitlab.com")) && (token === null || token === void 0 ? void 0 : token.startsWith("Basic"))) {
-            if (token === null || token === void 0 ? void 0 : token.includes(":")) {
-                token = "Basic " + Buffer.from(token === null || token === void 0 ? void 0 : token.replace("Basic ", "")).toString("base64");
-            }
-            const resp = yield (0, httpRequest_1.dlJson)(`https://gitlab.com/jwt/auth?service=container_registry&scope=repository:${image.path}:pull,push`, { Authorization: token }, allowInsecure);
-            return `Bearer ${resp.token}`;
-        }
+        if ((hostname === null || hostname === void 0 ? void 0 : hostname.endsWith(".docker.io")) && !token)
+            return getDockerToken(image.path, allowInsecure);
         if (!token)
             return ""; //We allow to pull from tokenless registries
+        if ((hostname === null || hostname === void 0 ? void 0 : hostname.endsWith(".gitlab.com")) && token.startsWith("Basic "))
+            return getGitLabToken(token, image.path, allowInsecure);
         if (token.startsWith("Basic "))
             return token;
         if (token.startsWith("ghp_"))
@@ -148,6 +143,21 @@ function processToken(registryBaseUrl, allowInsecure, imagePath, token) {
         return "Bearer " + token;
     });
 }
+function getDockerToken(imagePath, allowInsecure) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const resp = yield (0, httpRequest_1.dlJson)(`https://auth.docker.io/token?service=registry.docker.io&scope=repository:${imagePath}:pull`, {}, allowInsecure);
+        return `Bearer ${resp.token}`;
+    });
+}
+function getGitLabToken(token, imagePath, allowInsecure) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (token.includes(":")) {
+            token = "Basic " + Buffer.from(token === null || token === void 0 ? void 0 : token.replace("Basic ", "")).toString("base64");
+        }
+        const resp = yield (0, httpRequest_1.dlJson)(`https://gitlab.com/jwt/auth?service=container_registry&scope=repository:${imagePath}:pull,push`, { Authorization: token }, allowInsecure);
+        return `Bearer ${resp.token}`;
+    });
+}
 function createRegistry(registryBaseUrl, imagePath, allowInsecure, auth, optimisticToRegistryCheck = false) {
     return __awaiter(this, void 0, void 0, function* () {
         const token = yield processToken(registryBaseUrl, allowInsecure, imagePath, auth);
@@ -171,7 +181,8 @@ function createRegistry(registryBaseUrl, imagePath, allowInsecure, auth, optimis
                     const url = `${registryBaseUrl}${image.path}/blobs/uploads/${parameters.size > 0 ? "?" + parameters : ""}`;
                     const options = URL.parse(url);
                     options.method = "POST";
-                    options.headers = { authorization: auth };
+                    if (token)
+                        options.headers = { authorization: token };
                     (0, httpRequest_1.request)(options, allowInsecure, (res) => {
                         logger_1.default.debug("POST", `${url}`, res.statusCode);
                         if (res.statusCode == 202) {

package/lib/types.d.ts

@@ -79,6 +79,7 @@ export type Options = {
     setTimeStamp?: string;
     verbose?: boolean;
     allowInsecureRegistries?: boolean;
+    allowNoPushAuth?: boolean;
     customContent: Record<string, string>;
     extraContent: Record<string, string>;
     layerOwner?: string;

package/lib/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "3.0.1";
+export declare const VERSION = "3.1.1";

package/lib/version.js

@@ -1,4 +1,4 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
-exports.VERSION = "3.0.1";
+exports.VERSION = "3.1.1";

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "containerify",
-	"version": "3.0.1",
+	"version": "3.1.1",
 	"description": "Build node.js docker images without docker",
 	"main": "./lib/cli.js",
 	"scripts": {
@@ -12,12 +12,16 @@
 		"check": "npm run lint && npm run typecheck",
 		"dev": "tsc --watch",
 		"integrationTest": "cd tests/integration/ && ./test.sh",
-		"registryTest": "cd tests/localtest/ && ./test.sh"
+		"registryTest": "cd tests/localtest/ && ./test.sh && ./test-insecure.sh",
+		"allTests": "npm run integrationTest && npm run registryTest"
 	},
 	"bin": {
 		"containerify": "./lib/cli.js"
 	},
 	"author": "Erlend Oftedal <erlend@oftedal.no>",
+	"contributors": [
+		"Vegard S. Hagen <vegard@stonegarden.dev>"
+	],
 	"license": "Apache-2.0",
 	"repository": {
 		"type": "git",