scottwittenburg/list_oci_tags.sh

## list_oci_tags.sh
#!/bin/bash

################################################################################
#
# Test how various oci registries handle pagination of tag listing.  In
# order to make these requests, authorization must first be obtained,
# which I have done by following the steps described here:
#
#     https://distribution.github.io/distribution/spec/auth/token/
#
# For private registries requiring authentication, you must first:
#
#     $ export BASIC_AUTH_TOKEN=$(echo -n "<username>:<patorpwd>" | base64)
#
# For public registries, you still need to request a token, but you do
# not need to authenticate that request, so:
#
#     $ unset BASIC_AUTH_TOKEN
#
################################################################################

#                    Gitlab
# Private registry, requires client to authenticate
# DOMAIN="registry.gitlab.com"
# NAME="scott.wittenburg/vtk-based-project"

#                  DockerHub
# Public registry, allows anonymous client access
# DOMAIN="registry-1.docker.io"
# NAME="pytorch/pytorch"

#                   Github
# Public registry, allows anonymous client access
DOMAIN="ghcr.io"
NAME="spack/github-actions-buildcache"


# Url for the resource we eventually want to access
TAGS_URL="https://${DOMAIN}/v2/${NAME}/tags/list"

# First we have to make a request to trigger the auth challenge, which contains
# a header letting us know what to put in our token request
auth_response=$(curl -v "${TAGS_URL}" 2>&1 | grep -E "^< www-authenticate: .+$")
regex="realm=\"([^\"]+)\",service=\"([^\"]+)\",scope=\"([^\"]+)\""

if [[ "${auth_response}" =~ ${regex} ]]; then
  TOKEN_URL="${BASH_REMATCH[1]}?service=${BASH_REMATCH[2]}&scope=${BASH_REMATCH[3]}"
else
  echo "Error: unable to parse www-authenticate header: ${auth_response}"
  exit 1
fi

# Maybe create a Basic auth header
if [ ! -z $BASIC_AUTH_TOKEN ]; then
    auth_header="-H \"Authorization: Basic ${BASIC_AUTH_TOKEN}\""
else
    auth_header=""
fi

# Request a token for the appropriate realm, service, and scope
request_token_cmd="curl --silent ${auth_header} \"${TOKEN_URL}\""
token_response=$(bash -c "$request_token_cmd")
token=$(echo ${token_response} | jq '.token')

# Use the token to access the resource we wanted in the first place
authenticated_request_cmd="curl -v --raw -H \"Authorization: Bearer ${token}\" \"${TAGS_URL}?n=10\""

bash -c "$authenticated_request_cmd"
	#!/bin/bash

	################################################################################
	#
	# Test how various oci registries handle pagination of tag listing. In
	# order to make these requests, authorization must first be obtained,
	# which I have done by following the steps described here:
	#
	# https://distribution.github.io/distribution/spec/auth/token/
	#
	# For private registries requiring authentication, you must first:
	#
	# $ export BASIC_AUTH_TOKEN=$(echo -n "<username>:<patorpwd>" \| base64)
	#
	# For public registries, you still need to request a token, but you do
	# not need to authenticate that request, so:
	#
	# $ unset BASIC_AUTH_TOKEN
	#
	################################################################################

	# Gitlab
	# Private registry, requires client to authenticate
	# DOMAIN="registry.gitlab.com"
	# NAME="scott.wittenburg/vtk-based-project"

	# DockerHub
	# Public registry, allows anonymous client access
	# DOMAIN="registry-1.docker.io"
	# NAME="pytorch/pytorch"

	# Github
	# Public registry, allows anonymous client access
	DOMAIN="ghcr.io"
	NAME="spack/github-actions-buildcache"


	# Url for the resource we eventually want to access
	TAGS_URL="https://${DOMAIN}/v2/${NAME}/tags/list"

	# First we have to make a request to trigger the auth challenge, which contains
	# a header letting us know what to put in our token request
	auth_response=$(curl -v "${TAGS_URL}" 2>&1 \| grep -E "^< www-authenticate: .+$")
	regex="realm=\"([^\"]+)\",service=\"([^\"]+)\",scope=\"([^\"]+)\""

	if [[ "${auth_response}" =~ ${regex} ]]; then
	TOKEN_URL="${BASH_REMATCH[1]}?service=${BASH_REMATCH[2]}&scope=${BASH_REMATCH[3]}"
	else
	echo "Error: unable to parse www-authenticate header: ${auth_response}"
	exit 1
	fi

	# Maybe create a Basic auth header
	if [ ! -z $BASIC_AUTH_TOKEN ]; then
	auth_header="-H \"Authorization: Basic ${BASIC_AUTH_TOKEN}\""
	else
	auth_header=""
	fi

	# Request a token for the appropriate realm, service, and scope
	request_token_cmd="curl --silent ${auth_header} \"${TOKEN_URL}\""
	token_response=$(bash -c "$request_token_cmd")
	token=$(echo ${token_response} \| jq '.token')

	# Use the token to access the resource we wanted in the first place
	authenticated_request_cmd="curl -v --raw -H \"Authorization: Bearer ${token}\" \"${TAGS_URL}?n=10\""

	bash -c "$authenticated_request_cmd"