mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14191 Commits
17 Branches
Tree: e81ccc406b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e81ccc406b'
${ noResults }
gitea/tests/integration/api_packages_container_test.go

api_packages_container_test.go 28KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"bytes"

  8. 	"crypto/sha256"

  9. 	"encoding/base64"

  10. 	"fmt"

  11. 	"net/http"

  12. 	"strings"

  13. 	"sync"

  14. 	"testing"

  15. 

  16. 	"code.gitea.io/gitea/models/db"

  17. 	packages_model "code.gitea.io/gitea/models/packages"

  18. 	container_model "code.gitea.io/gitea/models/packages/container"

  19. 	"code.gitea.io/gitea/models/unittest"

  20. 	user_model "code.gitea.io/gitea/models/user"

  21. 	container_module "code.gitea.io/gitea/modules/packages/container"

  22. 	"code.gitea.io/gitea/modules/packages/container/oci"

  23. 	"code.gitea.io/gitea/modules/setting"

  24. 	api "code.gitea.io/gitea/modules/structs"

  25. 	"code.gitea.io/gitea/tests"

  26. 

  27. 	"github.com/stretchr/testify/assert"

  28. )

  29. 

  30. func TestPackageContainer(t *testing.T) {

  31. 	defer tests.PrepareTestEnv(t)()

  32. 

  33. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  34. 

  35. 	has := func(l packages_model.PackagePropertyList, name string) bool {

  36. 		for _, pp := range l {

  37. 			if pp.Name == name {

  38. 				return true

  39. 			}

  40. 		}

  41. 		return false

  42. 	}

  43. 	getAllByName := func(l packages_model.PackagePropertyList, name string) []string {

  44. 		values := make([]string, 0, len(l))

  45. 		for _, pp := range l {

  46. 			if pp.Name == name {

  47. 				values = append(values, pp.Value)

  48. 			}

  49. 		}

  50. 		return values

  51. 	}

  52. 

  53. 	images := []string{"test", "te/st"}

  54. 	tags := []string{"latest", "main"}

  55. 	multiTag := "multi"

  56. 

  57. 	unknownDigest := "sha256:0000000000000000000000000000000000000000000000000000000000000000"

  58. 

  59. 	blobDigest := "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"

  60. 	blobContent, _ := base64.StdEncoding.DecodeString(`H4sIAAAJbogA/2IYBaNgFIxYAAgAAP//Lq+17wAEAAA=`)

  61. 

  62. 	configDigest := "sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d"

  63. 	configContent := `{"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/true"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"container":"b89fe92a887d55c0961f02bdfbfd8ac3ddf66167db374770d2d9e9fab3311510","container_config":{"Hostname":"b89fe92a887d","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"/true\"]"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"created":"2022-01-01T00:00:00.000000000Z","docker_version":"20.10.12","history":[{"created":"2022-01-01T00:00:00.000000000Z","created_by":"/bin/sh -c #(nop) COPY file:0e7589b0c800daaf6fa460d2677101e4676dd9491980210cb345480e513f3602 in /true "},{"created":"2022-01-01T00:00:00.000000001Z","created_by":"/bin/sh -c #(nop)  CMD [\"/true\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:0ff3b91bdf21ecdf2f2f3d4372c2098a14dbe06cd678e8f0a85fd4902d00e2e2"]}}`

  64. 

  65. 	manifestDigest := "sha256:4f10484d1c1bb13e3956b4de1cd42db8e0f14a75be1617b60f2de3cd59c803c6"

  66. 	manifestContent := `{"schemaVersion":2,"mediaType":"` + oci.MediaTypeDockerManifest + `","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d","size":1069},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","size":32}]}`

  67. 

  68. 	untaggedManifestDigest := "sha256:4305f5f5572b9a426b88909b036e52ee3cf3d7b9c1b01fac840e90747f56623d"

  69. 	untaggedManifestContent := `{"schemaVersion":2,"mediaType":"` + oci.MediaTypeImageManifest + `","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d","size":1069},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","size":32}]}`

  70. 

  71. 	indexManifestDigest := "sha256:bab112d6efb9e7f221995caaaa880352feb5bd8b1faf52fae8d12c113aa123ec"

  72. 	indexManifestContent := `{"schemaVersion":2,"mediaType":"` + oci.MediaTypeImageIndex + `","manifests":[{"mediaType":"` + oci.MediaTypeDockerManifest + `","digest":"` + manifestDigest + `","platform":{"os":"linux","architecture":"arm","variant":"v7"}},{"mediaType":"` + oci.MediaTypeImageManifest + `","digest":"` + untaggedManifestDigest + `","platform":{"os":"linux","architecture":"arm64","variant":"v8"}}]}`

  73. 

  74. 	anonymousToken := ""

  75. 	userToken := ""

  76. 

  77. 	t.Run("Authenticate", func(t *testing.T) {

  78. 		type TokenResponse struct {

  79. 			Token string `json:"token"`

  80. 		}

  81. 

  82. 		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}

  83. 

  84. 		t.Run("Anonymous", func(t *testing.T) {

  85. 			defer tests.PrintCurrentTest(t)()

  86. 

  87. 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))

  88. 			resp := MakeRequest(t, req, http.StatusUnauthorized)

  89. 

  90. 			assert.ElementsMatch(t, authenticate, resp.Header().Values("WWW-Authenticate"))

  91. 

  92. 			req = NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))

  93. 			resp = MakeRequest(t, req, http.StatusOK)

  94. 

  95. 			tokenResponse := &TokenResponse{}

  96. 			DecodeJSON(t, resp, &tokenResponse)

  97. 

  98. 			assert.NotEmpty(t, tokenResponse.Token)

  99. 

  100. 			anonymousToken = fmt.Sprintf("Bearer %s", tokenResponse.Token)

  101. 

  102. 			req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))

  103. 			addTokenAuthHeader(req, anonymousToken)

  104. 			MakeRequest(t, req, http.StatusOK)

  105. 		})

  106. 

  107. 		t.Run("User", func(t *testing.T) {

  108. 			defer tests.PrintCurrentTest(t)()

  109. 

  110. 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))

  111. 			resp := MakeRequest(t, req, http.StatusUnauthorized)

  112. 

  113. 			assert.ElementsMatch(t, authenticate, resp.Header().Values("WWW-Authenticate"))

  114. 

  115. 			req = NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))

  116. 			req = AddBasicAuthHeader(req, user.Name)

  117. 			resp = MakeRequest(t, req, http.StatusOK)

  118. 

  119. 			tokenResponse := &TokenResponse{}

  120. 			DecodeJSON(t, resp, &tokenResponse)

  121. 

  122. 			assert.NotEmpty(t, tokenResponse.Token)

  123. 

  124. 			userToken = fmt.Sprintf("Bearer %s", tokenResponse.Token)

  125. 

  126. 			req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))

  127. 			addTokenAuthHeader(req, userToken)

  128. 			MakeRequest(t, req, http.StatusOK)

  129. 		})

  130. 	})

  131. 

  132. 	t.Run("DetermineSupport", func(t *testing.T) {

  133. 		defer tests.PrintCurrentTest(t)()

  134. 

  135. 		req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))

  136. 		addTokenAuthHeader(req, userToken)

  137. 		resp := MakeRequest(t, req, http.StatusOK)

  138. 		assert.Equal(t, "registry/2.0", resp.Header().Get("Docker-Distribution-Api-Version"))

  139. 	})

  140. 

  141. 	for _, image := range images {

  142. 		t.Run(fmt.Sprintf("[Image:%s]", image), func(t *testing.T) {

  143. 			url := fmt.Sprintf("%sv2/%s/%s", setting.AppURL, user.Name, image)

  144. 

  145. 			t.Run("UploadBlob/Monolithic", func(t *testing.T) {

  146. 				defer tests.PrintCurrentTest(t)()

  147. 

  148. 				req := NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url))

  149. 				addTokenAuthHeader(req, anonymousToken)

  150. 				MakeRequest(t, req, http.StatusUnauthorized)

  151. 

  152. 				req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", url, unknownDigest), bytes.NewReader(blobContent))

  153. 				addTokenAuthHeader(req, userToken)

  154. 				MakeRequest(t, req, http.StatusBadRequest)

  155. 

  156. 				req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", url, blobDigest), bytes.NewReader(blobContent))

  157. 				addTokenAuthHeader(req, userToken)

  158. 				resp := MakeRequest(t, req, http.StatusCreated)

  159. 

  160. 				assert.Equal(t, fmt.Sprintf("/v2/%s/%s/blobs/%s", user.Name, image, blobDigest), resp.Header().Get("Location"))

  161. 				assert.Equal(t, blobDigest, resp.Header().Get("Docker-Content-Digest"))

  162. 

  163. 				pv, err := packages_model.GetInternalVersionByNameAndVersion(db.DefaultContext, user.ID, packages_model.TypeContainer, image, container_model.UploadVersion)

  164. 				assert.NoError(t, err)

  165. 

  166. 				pfs, err := packages_model.GetFilesByVersionID(db.DefaultContext, pv.ID)

  167. 				assert.NoError(t, err)

  168. 				assert.Len(t, pfs, 1)

  169. 

  170. 				pb, err := packages_model.GetBlobByID(db.DefaultContext, pfs[0].BlobID)

  171. 				assert.NoError(t, err)

  172. 				assert.EqualValues(t, len(blobContent), pb.Size)

  173. 			})

  174. 

  175. 			t.Run("UploadBlob/Chunked", func(t *testing.T) {

  176. 				defer tests.PrintCurrentTest(t)()

  177. 

  178. 				req := NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url))

  179. 				addTokenAuthHeader(req, userToken)

  180. 				resp := MakeRequest(t, req, http.StatusAccepted)

  181. 

  182. 				uuid := resp.Header().Get("Docker-Upload-Uuid")

  183. 				assert.NotEmpty(t, uuid)

  184. 

  185. 				pbu, err := packages_model.GetBlobUploadByID(db.DefaultContext, uuid)

  186. 				assert.NoError(t, err)

  187. 				assert.EqualValues(t, 0, pbu.BytesReceived)

  188. 

  189. 				uploadURL := resp.Header().Get("Location")

  190. 				assert.NotEmpty(t, uploadURL)

  191. 

  192. 				req = NewRequestWithBody(t, "PATCH", setting.AppURL+uploadURL[1:]+"000", bytes.NewReader(blobContent))

  193. 				addTokenAuthHeader(req, userToken)

  194. 				MakeRequest(t, req, http.StatusNotFound)

  195. 

  196. 				req = NewRequestWithBody(t, "PATCH", setting.AppURL+uploadURL[1:], bytes.NewReader(blobContent))

  197. 				addTokenAuthHeader(req, userToken)

  198. 

  199. 				req.Header.Set("Content-Range", "1-10")

  200. 				MakeRequest(t, req, http.StatusRequestedRangeNotSatisfiable)

  201. 

  202. 				contentRange := fmt.Sprintf("0-%d", len(blobContent)-1)

  203. 				req.Header.Set("Content-Range", contentRange)

  204. 				resp = MakeRequest(t, req, http.StatusAccepted)

  205. 

  206. 				assert.Equal(t, uuid, resp.Header().Get("Docker-Upload-Uuid"))

  207. 				assert.Equal(t, contentRange, resp.Header().Get("Range"))

  208. 

  209. 				uploadURL = resp.Header().Get("Location")

  210. 

  211. 				req = NewRequest(t, "GET", setting.AppURL+uploadURL[1:])

  212. 				addTokenAuthHeader(req, userToken)

  213. 				resp = MakeRequest(t, req, http.StatusNoContent)

  214. 

  215. 				assert.Equal(t, uuid, resp.Header().Get("Docker-Upload-Uuid"))

  216. 				assert.Equal(t, fmt.Sprintf("0-%d", len(blobContent)), resp.Header().Get("Range"))

  217. 

  218. 				pbu, err = packages_model.GetBlobUploadByID(db.DefaultContext, uuid)

  219. 				assert.NoError(t, err)

  220. 				assert.EqualValues(t, len(blobContent), pbu.BytesReceived)

  221. 

  222. 				req = NewRequest(t, "PUT", fmt.Sprintf("%s?digest=%s", setting.AppURL+uploadURL[1:], blobDigest))

  223. 				addTokenAuthHeader(req, userToken)

  224. 				resp = MakeRequest(t, req, http.StatusCreated)

  225. 

  226. 				assert.Equal(t, fmt.Sprintf("/v2/%s/%s/blobs/%s", user.Name, image, blobDigest), resp.Header().Get("Location"))

  227. 				assert.Equal(t, blobDigest, resp.Header().Get("Docker-Content-Digest"))

  228. 

  229. 				t.Run("Cancel", func(t *testing.T) {

  230. 					defer tests.PrintCurrentTest(t)()

  231. 

  232. 					req := NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", url))

  233. 					addTokenAuthHeader(req, userToken)

  234. 					resp := MakeRequest(t, req, http.StatusAccepted)

  235. 

  236. 					uuid := resp.Header().Get("Docker-Upload-Uuid")

  237. 					assert.NotEmpty(t, uuid)

  238. 

  239. 					uploadURL := resp.Header().Get("Location")

  240. 					assert.NotEmpty(t, uploadURL)

  241. 

  242. 					req = NewRequest(t, "GET", setting.AppURL+uploadURL[1:])

  243. 					addTokenAuthHeader(req, userToken)

  244. 					resp = MakeRequest(t, req, http.StatusNoContent)

  245. 

  246. 					assert.Equal(t, uuid, resp.Header().Get("Docker-Upload-Uuid"))

  247. 					assert.Equal(t, "0-0", resp.Header().Get("Range"))

  248. 

  249. 					req = NewRequest(t, "DELETE", setting.AppURL+uploadURL[1:])

  250. 					addTokenAuthHeader(req, userToken)

  251. 					MakeRequest(t, req, http.StatusNoContent)

  252. 

  253. 					req = NewRequest(t, "GET", setting.AppURL+uploadURL[1:])

  254. 					addTokenAuthHeader(req, userToken)

  255. 					MakeRequest(t, req, http.StatusNotFound)

  256. 				})

  257. 			})

  258. 

  259. 			for _, tag := range tags {

  260. 				t.Run(fmt.Sprintf("[Tag:%s]", tag), func(t *testing.T) {

  261. 					t.Run("UploadManifest", func(t *testing.T) {

  262. 						defer tests.PrintCurrentTest(t)()

  263. 

  264. 						req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", url, configDigest), strings.NewReader(configContent))

  265. 						addTokenAuthHeader(req, userToken)

  266. 						MakeRequest(t, req, http.StatusCreated)

  267. 

  268. 						req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", url, tag), strings.NewReader(manifestContent))

  269. 						addTokenAuthHeader(req, anonymousToken)

  270. 						req.Header.Set("Content-Type", oci.MediaTypeDockerManifest)

  271. 						MakeRequest(t, req, http.StatusUnauthorized)

  272. 

  273. 						req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", url, tag), strings.NewReader(manifestContent))

  274. 						addTokenAuthHeader(req, userToken)

  275. 						req.Header.Set("Content-Type", oci.MediaTypeDockerManifest)

  276. 						resp := MakeRequest(t, req, http.StatusCreated)

  277. 

  278. 						assert.Equal(t, manifestDigest, resp.Header().Get("Docker-Content-Digest"))

  279. 

  280. 						pv, err := packages_model.GetVersionByNameAndVersion(db.DefaultContext, user.ID, packages_model.TypeContainer, image, tag)

  281. 						assert.NoError(t, err)

  282. 

  283. 						pd, err := packages_model.GetPackageDescriptor(db.DefaultContext, pv)

  284. 						assert.NoError(t, err)

  285. 						assert.Nil(t, pd.SemVer)

  286. 						assert.Equal(t, image, pd.Package.Name)

  287. 						assert.Equal(t, tag, pd.Version.Version)

  288. 						assert.ElementsMatch(t, []string{strings.ToLower(user.LowerName + "/" + image)}, getAllByName(pd.PackageProperties, container_module.PropertyRepository))

  289. 						assert.True(t, has(pd.VersionProperties, container_module.PropertyManifestTagged))

  290. 

  291. 						assert.IsType(t, &container_module.Metadata{}, pd.Metadata)

  292. 						metadata := pd.Metadata.(*container_module.Metadata)

  293. 						assert.Equal(t, container_module.TypeOCI, metadata.Type)

  294. 						assert.Len(t, metadata.ImageLayers, 2)

  295. 						assert.Empty(t, metadata.MultiArch)

  296. 

  297. 						assert.Len(t, pd.Files, 3)

  298. 						for _, pfd := range pd.Files {

  299. 							switch pfd.File.Name {

  300. 							case container_model.ManifestFilename:

  301. 								assert.True(t, pfd.File.IsLead)

  302. 								assert.Equal(t, oci.MediaTypeDockerManifest, pfd.Properties.GetByName(container_module.PropertyMediaType))

  303. 								assert.Equal(t, manifestDigest, pfd.Properties.GetByName(container_module.PropertyDigest))

  304. 							case strings.Replace(configDigest, ":", "_", 1):

  305. 								assert.False(t, pfd.File.IsLead)

  306. 								assert.Equal(t, "application/vnd.docker.container.image.v1+json", pfd.Properties.GetByName(container_module.PropertyMediaType))

  307. 								assert.Equal(t, configDigest, pfd.Properties.GetByName(container_module.PropertyDigest))

  308. 							case strings.Replace(blobDigest, ":", "_", 1):

  309. 								assert.False(t, pfd.File.IsLead)

  310. 								assert.Equal(t, "application/vnd.docker.image.rootfs.diff.tar.gzip", pfd.Properties.GetByName(container_module.PropertyMediaType))

  311. 								assert.Equal(t, blobDigest, pfd.Properties.GetByName(container_module.PropertyDigest))

  312. 							default:

  313. 								assert.Fail(t, "unknown file: %s", pfd.File.Name)

  314. 							}

  315. 						}

  316. 

  317. 						req = NewRequest(t, "GET", fmt.Sprintf("%s/manifests/%s", url, tag))

  318. 						addTokenAuthHeader(req, userToken)

  319. 						MakeRequest(t, req, http.StatusOK)

  320. 

  321. 						pv, err = packages_model.GetVersionByNameAndVersion(db.DefaultContext, user.ID, packages_model.TypeContainer, image, tag)

  322. 						assert.NoError(t, err)

  323. 						assert.EqualValues(t, 1, pv.DownloadCount)

  324. 

  325. 						// Overwrite existing tag should keep the download count

  326. 						req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", url, tag), strings.NewReader(manifestContent))

  327. 						addTokenAuthHeader(req, userToken)

  328. 						req.Header.Set("Content-Type", oci.MediaTypeDockerManifest)

  329. 						MakeRequest(t, req, http.StatusCreated)

  330. 

  331. 						pv, err = packages_model.GetVersionByNameAndVersion(db.DefaultContext, user.ID, packages_model.TypeContainer, image, tag)

  332. 						assert.NoError(t, err)

  333. 						assert.EqualValues(t, 1, pv.DownloadCount)

  334. 					})

  335. 

  336. 					t.Run("HeadManifest", func(t *testing.T) {

  337. 						defer tests.PrintCurrentTest(t)()

  338. 

  339. 						req := NewRequest(t, "HEAD", fmt.Sprintf("%s/manifests/unknown-tag", url))

  340. 						addTokenAuthHeader(req, userToken)

  341. 						MakeRequest(t, req, http.StatusNotFound)

  342. 

  343. 						req = NewRequest(t, "HEAD", fmt.Sprintf("%s/manifests/%s", url, tag))

  344. 						addTokenAuthHeader(req, userToken)

  345. 						resp := MakeRequest(t, req, http.StatusOK)

  346. 

  347. 						assert.Equal(t, fmt.Sprintf("%d", len(manifestContent)), resp.Header().Get("Content-Length"))

  348. 						assert.Equal(t, manifestDigest, resp.Header().Get("Docker-Content-Digest"))

  349. 					})

  350. 

  351. 					t.Run("GetManifest", func(t *testing.T) {

  352. 						defer tests.PrintCurrentTest(t)()

  353. 

  354. 						req := NewRequest(t, "GET", fmt.Sprintf("%s/manifests/unknown-tag", url))

  355. 						addTokenAuthHeader(req, userToken)

  356. 						MakeRequest(t, req, http.StatusNotFound)

  357. 

  358. 						req = NewRequest(t, "GET", fmt.Sprintf("%s/manifests/%s", url, tag))

  359. 						addTokenAuthHeader(req, userToken)

  360. 						resp := MakeRequest(t, req, http.StatusOK)

  361. 

  362. 						assert.Equal(t, fmt.Sprintf("%d", len(manifestContent)), resp.Header().Get("Content-Length"))

  363. 						assert.Equal(t, oci.MediaTypeDockerManifest, resp.Header().Get("Content-Type"))

  364. 						assert.Equal(t, manifestDigest, resp.Header().Get("Docker-Content-Digest"))

  365. 						assert.Equal(t, manifestContent, resp.Body.String())

  366. 					})

  367. 				})

  368. 			}

  369. 

  370. 			t.Run("UploadUntaggedManifest", func(t *testing.T) {

  371. 				defer tests.PrintCurrentTest(t)()

  372. 

  373. 				req := NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", url, untaggedManifestDigest), strings.NewReader(untaggedManifestContent))

  374. 				addTokenAuthHeader(req, userToken)

  375. 				req.Header.Set("Content-Type", oci.MediaTypeImageManifest)

  376. 				resp := MakeRequest(t, req, http.StatusCreated)

  377. 

  378. 				assert.Equal(t, untaggedManifestDigest, resp.Header().Get("Docker-Content-Digest"))

  379. 

  380. 				req = NewRequest(t, "HEAD", fmt.Sprintf("%s/manifests/%s", url, untaggedManifestDigest))

  381. 				addTokenAuthHeader(req, userToken)

  382. 				resp = MakeRequest(t, req, http.StatusOK)

  383. 

  384. 				assert.Equal(t, fmt.Sprintf("%d", len(untaggedManifestContent)), resp.Header().Get("Content-Length"))

  385. 				assert.Equal(t, untaggedManifestDigest, resp.Header().Get("Docker-Content-Digest"))

  386. 

  387. 				pv, err := packages_model.GetVersionByNameAndVersion(db.DefaultContext, user.ID, packages_model.TypeContainer, image, untaggedManifestDigest)

  388. 				assert.NoError(t, err)

  389. 

  390. 				pd, err := packages_model.GetPackageDescriptor(db.DefaultContext, pv)

  391. 				assert.NoError(t, err)

  392. 				assert.Nil(t, pd.SemVer)

  393. 				assert.Equal(t, image, pd.Package.Name)

  394. 				assert.Equal(t, untaggedManifestDigest, pd.Version.Version)

  395. 				assert.ElementsMatch(t, []string{strings.ToLower(user.LowerName + "/" + image)}, getAllByName(pd.PackageProperties, container_module.PropertyRepository))

  396. 				assert.False(t, has(pd.VersionProperties, container_module.PropertyManifestTagged))

  397. 

  398. 				assert.IsType(t, &container_module.Metadata{}, pd.Metadata)

  399. 

  400. 				assert.Len(t, pd.Files, 3)

  401. 				for _, pfd := range pd.Files {

  402. 					if pfd.File.Name == container_model.ManifestFilename {

  403. 						assert.True(t, pfd.File.IsLead)

  404. 						assert.Equal(t, oci.MediaTypeImageManifest, pfd.Properties.GetByName(container_module.PropertyMediaType))

  405. 						assert.Equal(t, untaggedManifestDigest, pfd.Properties.GetByName(container_module.PropertyDigest))

  406. 					}

  407. 				}

  408. 			})

  409. 

  410. 			t.Run("UploadIndexManifest", func(t *testing.T) {

  411. 				defer tests.PrintCurrentTest(t)()

  412. 

  413. 				req := NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", url, multiTag), strings.NewReader(indexManifestContent))

  414. 				addTokenAuthHeader(req, userToken)

  415. 				req.Header.Set("Content-Type", oci.MediaTypeImageIndex)

  416. 				resp := MakeRequest(t, req, http.StatusCreated)

  417. 

  418. 				assert.Equal(t, indexManifestDigest, resp.Header().Get("Docker-Content-Digest"))

  419. 

  420. 				pv, err := packages_model.GetVersionByNameAndVersion(db.DefaultContext, user.ID, packages_model.TypeContainer, image, multiTag)

  421. 				assert.NoError(t, err)

  422. 

  423. 				pd, err := packages_model.GetPackageDescriptor(db.DefaultContext, pv)

  424. 				assert.NoError(t, err)

  425. 				assert.Nil(t, pd.SemVer)

  426. 				assert.Equal(t, image, pd.Package.Name)

  427. 				assert.Equal(t, multiTag, pd.Version.Version)

  428. 				assert.ElementsMatch(t, []string{strings.ToLower(user.LowerName + "/" + image)}, getAllByName(pd.PackageProperties, container_module.PropertyRepository))

  429. 				assert.True(t, has(pd.VersionProperties, container_module.PropertyManifestTagged))

  430. 

  431. 				assert.ElementsMatch(t, []string{manifestDigest, untaggedManifestDigest}, getAllByName(pd.VersionProperties, container_module.PropertyManifestReference))

  432. 

  433. 				assert.IsType(t, &container_module.Metadata{}, pd.Metadata)

  434. 				metadata := pd.Metadata.(*container_module.Metadata)

  435. 				assert.Equal(t, container_module.TypeOCI, metadata.Type)

  436. 				assert.Contains(t, metadata.MultiArch, "linux/arm/v7")

  437. 				assert.Equal(t, manifestDigest, metadata.MultiArch["linux/arm/v7"])

  438. 				assert.Contains(t, metadata.MultiArch, "linux/arm64/v8")

  439. 				assert.Equal(t, untaggedManifestDigest, metadata.MultiArch["linux/arm64/v8"])

  440. 

  441. 				assert.Len(t, pd.Files, 1)

  442. 				assert.True(t, pd.Files[0].File.IsLead)

  443. 				assert.Equal(t, oci.MediaTypeImageIndex, pd.Files[0].Properties.GetByName(container_module.PropertyMediaType))

  444. 				assert.Equal(t, indexManifestDigest, pd.Files[0].Properties.GetByName(container_module.PropertyDigest))

  445. 			})

  446. 

  447. 			t.Run("UploadBlob/Mount", func(t *testing.T) {

  448. 				defer tests.PrintCurrentTest(t)()

  449. 

  450. 				req := NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads?mount=%s", url, unknownDigest))

  451. 				addTokenAuthHeader(req, userToken)

  452. 				MakeRequest(t, req, http.StatusAccepted)

  453. 

  454. 				req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads?mount=%s", url, blobDigest))

  455. 				addTokenAuthHeader(req, userToken)

  456. 				resp := MakeRequest(t, req, http.StatusCreated)

  457. 

  458. 				assert.Equal(t, fmt.Sprintf("/v2/%s/%s/blobs/%s", user.Name, image, blobDigest), resp.Header().Get("Location"))

  459. 				assert.Equal(t, blobDigest, resp.Header().Get("Docker-Content-Digest"))

  460. 			})

  461. 

  462. 			t.Run("HeadBlob", func(t *testing.T) {

  463. 				defer tests.PrintCurrentTest(t)()

  464. 

  465. 				req := NewRequest(t, "HEAD", fmt.Sprintf("%s/blobs/%s", url, unknownDigest))

  466. 				addTokenAuthHeader(req, userToken)

  467. 				MakeRequest(t, req, http.StatusNotFound)

  468. 

  469. 				req = NewRequest(t, "HEAD", fmt.Sprintf("%s/blobs/%s", url, blobDigest))

  470. 				addTokenAuthHeader(req, userToken)

  471. 				resp := MakeRequest(t, req, http.StatusOK)

  472. 

  473. 				assert.Equal(t, fmt.Sprintf("%d", len(blobContent)), resp.Header().Get("Content-Length"))

  474. 				assert.Equal(t, blobDigest, resp.Header().Get("Docker-Content-Digest"))

  475. 

  476. 				req = NewRequest(t, "HEAD", fmt.Sprintf("%s/blobs/%s", url, blobDigest))

  477. 				addTokenAuthHeader(req, anonymousToken)

  478. 				MakeRequest(t, req, http.StatusOK)

  479. 			})

  480. 

  481. 			t.Run("GetBlob", func(t *testing.T) {

  482. 				defer tests.PrintCurrentTest(t)()

  483. 

  484. 				req := NewRequest(t, "GET", fmt.Sprintf("%s/blobs/%s", url, unknownDigest))

  485. 				addTokenAuthHeader(req, userToken)

  486. 				MakeRequest(t, req, http.StatusNotFound)

  487. 

  488. 				req = NewRequest(t, "GET", fmt.Sprintf("%s/blobs/%s", url, blobDigest))

  489. 				addTokenAuthHeader(req, userToken)

  490. 				resp := MakeRequest(t, req, http.StatusOK)

  491. 

  492. 				assert.Equal(t, fmt.Sprintf("%d", len(blobContent)), resp.Header().Get("Content-Length"))

  493. 				assert.Equal(t, blobDigest, resp.Header().Get("Docker-Content-Digest"))

  494. 				assert.Equal(t, blobContent, resp.Body.Bytes())

  495. 			})

  496. 

  497. 			t.Run("GetTagList", func(t *testing.T) {

  498. 				defer tests.PrintCurrentTest(t)()

  499. 

  500. 				cases := []struct {

  501. 					URL          string

  502. 					ExpectedTags []string

  503. 					ExpectedLink string

  504. 				}{

  505. 					{

  506. 						URL:          fmt.Sprintf("%s/tags/list", url),

  507. 						ExpectedTags: []string{"latest", "main", "multi"},

  508. 						ExpectedLink: fmt.Sprintf(`</v2/%s/%s/tags/list?last=multi>; rel="next"`, user.Name, image),

  509. 					},

  510. 					{

  511. 						URL:          fmt.Sprintf("%s/tags/list?n=0", url),

  512. 						ExpectedTags: []string{},

  513. 						ExpectedLink: "",

  514. 					},

  515. 					{

  516. 						URL:          fmt.Sprintf("%s/tags/list?n=2", url),

  517. 						ExpectedTags: []string{"latest", "main"},

  518. 						ExpectedLink: fmt.Sprintf(`</v2/%s/%s/tags/list?last=main&n=2>; rel="next"`, user.Name, image),

  519. 					},

  520. 					{

  521. 						URL:          fmt.Sprintf("%s/tags/list?last=main", url),

  522. 						ExpectedTags: []string{"multi"},

  523. 						ExpectedLink: fmt.Sprintf(`</v2/%s/%s/tags/list?last=multi>; rel="next"`, user.Name, image),

  524. 					},

  525. 					{

  526. 						URL:          fmt.Sprintf("%s/tags/list?n=1&last=latest", url),

  527. 						ExpectedTags: []string{"main"},

  528. 						ExpectedLink: fmt.Sprintf(`</v2/%s/%s/tags/list?last=main&n=1>; rel="next"`, user.Name, image),

  529. 					},

  530. 				}

  531. 

  532. 				for _, c := range cases {

  533. 					req := NewRequest(t, "GET", c.URL)

  534. 					addTokenAuthHeader(req, userToken)

  535. 					resp := MakeRequest(t, req, http.StatusOK)

  536. 

  537. 					type TagList struct {

  538. 						Name string   `json:"name"`

  539. 						Tags []string `json:"tags"`

  540. 					}

  541. 

  542. 					tagList := &TagList{}

  543. 					DecodeJSON(t, resp, &tagList)

  544. 

  545. 					assert.Equal(t, user.Name+"/"+image, tagList.Name)

  546. 					assert.Equal(t, c.ExpectedTags, tagList.Tags)

  547. 					assert.Equal(t, c.ExpectedLink, resp.Header().Get("Link"))

  548. 				}

  549. 

  550. 				req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s?type=container&q=%s", user.Name, image))

  551. 				resp := MakeRequest(t, req, http.StatusOK)

  552. 

  553. 				var apiPackages []*api.Package

  554. 				DecodeJSON(t, resp, &apiPackages)

  555. 				assert.Len(t, apiPackages, 4) // "latest", "main", "multi", "sha256:..."

  556. 			})

  557. 

  558. 			t.Run("Delete", func(t *testing.T) {

  559. 				t.Run("Blob", func(t *testing.T) {

  560. 					defer tests.PrintCurrentTest(t)()

  561. 

  562. 					req := NewRequest(t, "DELETE", fmt.Sprintf("%s/blobs/%s", url, blobDigest))

  563. 					addTokenAuthHeader(req, userToken)

  564. 					MakeRequest(t, req, http.StatusAccepted)

  565. 

  566. 					req = NewRequest(t, "HEAD", fmt.Sprintf("%s/blobs/%s", url, blobDigest))

  567. 					addTokenAuthHeader(req, userToken)

  568. 					MakeRequest(t, req, http.StatusNotFound)

  569. 				})

  570. 

  571. 				t.Run("ManifestByDigest", func(t *testing.T) {

  572. 					defer tests.PrintCurrentTest(t)()

  573. 

  574. 					req := NewRequest(t, "DELETE", fmt.Sprintf("%s/manifests/%s", url, untaggedManifestDigest))

  575. 					addTokenAuthHeader(req, userToken)

  576. 					MakeRequest(t, req, http.StatusAccepted)

  577. 

  578. 					req = NewRequest(t, "HEAD", fmt.Sprintf("%s/manifests/%s", url, untaggedManifestDigest))

  579. 					addTokenAuthHeader(req, userToken)

  580. 					MakeRequest(t, req, http.StatusNotFound)

  581. 				})

  582. 

  583. 				t.Run("ManifestByTag", func(t *testing.T) {

  584. 					defer tests.PrintCurrentTest(t)()

  585. 

  586. 					req := NewRequest(t, "DELETE", fmt.Sprintf("%s/manifests/%s", url, multiTag))

  587. 					addTokenAuthHeader(req, userToken)

  588. 					MakeRequest(t, req, http.StatusAccepted)

  589. 

  590. 					req = NewRequest(t, "HEAD", fmt.Sprintf("%s/manifests/%s", url, multiTag))

  591. 					addTokenAuthHeader(req, userToken)

  592. 					MakeRequest(t, req, http.StatusNotFound)

  593. 				})

  594. 			})

  595. 		})

  596. 	}

  597. 

  598. 	// https://github.com/go-gitea/gitea/issues/19586

  599. 	t.Run("ParallelUpload", func(t *testing.T) {

  600. 		defer tests.PrintCurrentTest(t)()

  601. 

  602. 		url := fmt.Sprintf("%sv2/%s/parallel", setting.AppURL, user.Name)

  603. 

  604. 		var wg sync.WaitGroup

  605. 		for i := 0; i < 10; i++ {

  606. 			wg.Add(1)

  607. 

  608. 			content := []byte{byte(i)}

  609. 			digest := fmt.Sprintf("sha256:%x", sha256.Sum256(content))

  610. 

  611. 			go func() {

  612. 				defer wg.Done()

  613. 

  614. 				req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", url, digest), bytes.NewReader(content))

  615. 				addTokenAuthHeader(req, userToken)

  616. 				resp := MakeRequest(t, req, http.StatusCreated)

  617. 

  618. 				assert.Equal(t, digest, resp.Header().Get("Docker-Content-Digest"))

  619. 			}()

  620. 		}

  621. 		wg.Wait()

  622. 	})

  623. 

  624. 	t.Run("OwnerNameChange", func(t *testing.T) {

  625. 		defer tests.PrintCurrentTest(t)()

  626. 

  627. 		checkCatalog := func(owner string) func(t *testing.T) {

  628. 			return func(t *testing.T) {

  629. 				defer tests.PrepareTestEnv(t)()

  630. 

  631. 				req := NewRequest(t, "GET", fmt.Sprintf("%sv2/_catalog", setting.AppURL))

  632. 				addTokenAuthHeader(req, userToken)

  633. 				resp := MakeRequest(t, req, http.StatusOK)

  634. 

  635. 				type RepositoryList struct {

  636. 					Repositories []string `json:"repositories"`

  637. 				}

  638. 

  639. 				repoList := &RepositoryList{}

  640. 				DecodeJSON(t, resp, &repoList)

  641. 

  642. 				assert.Len(t, repoList.Repositories, len(images))

  643. 				names := make([]string, 0, len(images))

  644. 				for _, image := range images {

  645. 					names = append(names, strings.ToLower(owner+"/"+image))

  646. 				}

  647. 				assert.ElementsMatch(t, names, repoList.Repositories)

  648. 			}

  649. 		}

  650. 

  651. 		t.Run(fmt.Sprintf("Catalog[%s]", user.LowerName), checkCatalog(user.LowerName))

  652. 

  653. 		session := loginUser(t, user.Name)

  654. 

  655. 		newOwnerName := "newUsername"

  656. 

  657. 		req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{

  658. 			"_csrf":    GetCSRF(t, session, "/user/settings"),

  659. 			"name":     newOwnerName,

  660. 			"email":    "user2@example.com",

  661. 			"language": "en-US",

  662. 		})

  663. 		session.MakeRequest(t, req, http.StatusSeeOther)

  664. 

  665. 		t.Run(fmt.Sprintf("Catalog[%s]", newOwnerName), checkCatalog(newOwnerName))

  666. 

  667. 		req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{

  668. 			"_csrf":    GetCSRF(t, session, "/user/settings"),

  669. 			"name":     user.Name,

  670. 			"email":    "user2@example.com",

  671. 			"language": "en-US",

  672. 		})

  673. 		session.MakeRequest(t, req, http.StatusSeeOther)

  674. 	})

  675. }