From c73e71b0180993606adac5ef9bf30408581c1ba0 Mon Sep 17 00:00:00 2001
From: Ramkumar Chinchani <rchincha@cisco.com>
Date: Fri, 4 Feb 2022 17:44:16 +0000
Subject: [PATCH] ci/cd: add a basic push-pull testing using client tools

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---
 .github/workflows/ecosystem-tools.yaml | 46 ++++++++++++++++++++++++++
 Makefile                               | 24 +++++++++++++-
 pkg/storage/storage_fs.go              | 10 ++++--
 3 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/ecosystem-tools.yaml

diff --git a/.github/workflows/ecosystem-tools.yaml b/.github/workflows/ecosystem-tools.yaml
new file mode 100644
index 00000000..a7a9a73f
--- /dev/null
+++ b/.github/workflows/ecosystem-tools.yaml
@@ -0,0 +1,46 @@
+name: "Ecosystem client tools"
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches: [main]
+  release:
+    types:
+      - published
+
+jobs:
+  client-tools:
+    name: Check client tools
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.17.x
+      - name: Install dependencies
+        run: |
+          cd $GITHUB_WORKSPACE
+          go get -u github.com/swaggo/swag/cmd/swag
+          go mod download
+          sudo apt-get update
+          sudo apt-get -y install rpm uidmap
+          # install skopeo
+          . /etc/os-release
+          echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+          curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
+          sudo apt-get update
+          sudo apt-get -y upgrade
+          sudo apt-get -y install skopeo
+          # install notation
+          curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.1-alpha.1/notation_0.7.1-alpha.1_linux_amd64.tar.gz
+          sudo tar xvzf notation.tar.gz -C /usr/bin notation
+          # install oras
+          curl -LO https://github.com/oras-project/oras/releases/download/v0.12.0/oras_0.12.0_linux_amd64.tar.gz
+          mkdir -p oras-install/
+          tar -zxf oras_0.12.0_*.tar.gz -C oras-install/
+          sudo mv oras-install/oras /usr/bin/
+          rm -rf oras_0.12.0_*.tar.gz oras-install/
+      - name: Run push-pull tests
+        run: |
+            make push-pull
diff --git a/Makefile b/Makefile
index 86421065..4719b684 100644
--- a/Makefile
+++ b/Makefile
@@ -15,7 +15,7 @@ ARCH ?= amd64
 BENCH_OUTPUT ?= stdout
 
 .PHONY: all
-all: swagger binary binary-minimal binary-debug binary-arch binary-arch-minimal cli cli-arch bench bench-arch exporter-minimal verify-config test test-clean check
+all: swagger binary binary-minimal binary-debug binary-arch binary-arch-minimal cli cli-arch bench bench-arch exporter-minimal verify-config test covhtml test-clean check
 
 .PHONY: binary-minimal
 binary-minimal: swagger
@@ -79,6 +79,28 @@ run-bench: binary bench
 	bin/zb -c 10 -n 100 -o $(BENCH_OUTPUT) http://localhost:8080
 	killall zot
 
+.PHONY: push-pull
+push-pull: binary check-skopeo
+	bin/zot serve examples/config-minimal.json &
+	sleep 5
+	# skopeo push/pull
+	skopeo --debug copy --format=oci --dest-tls-verify=false docker://ghcr.io/project-zot/golang:1.17 docker://localhost:8080/golang:1.17
+	skopeo --debug copy --src-tls-verify=false docker://localhost:8080/golang:1.17 oci:golang:1.17
+	# oras artifacts
+	echo "{\"name\":\"foo\",\"value\":\"bar\"}" > config.json
+	echo "hello world" > artifact.txt
+	oras push localhost:8080/hello-artifact:v2 \
+	    --manifest-config config.json:application/vnd.acme.rocket.config.v1+json \
+		      artifact.txt:text/plain -d -v
+	rm -f artifact.txt # first delete the file
+	oras pull localhost:8080/hello-artifact:v2 -d -v -a
+	grep -q "hello world" artifact.txt  # should print "hello world"
+	if [ $? -ne 0 ]; then \
+		killall zot; \
+		exit 1; \
+	fi
+	killall zot
+
 .PHONY: test-clean
 test-clean:
 	$(shell sudo rm -rf /etc/containers/certs.d/127.0.0.1:8089/)
diff --git a/pkg/storage/storage_fs.go b/pkg/storage/storage_fs.go
index 5d37a52e..38b0d921 100644
--- a/pkg/storage/storage_fs.go
+++ b/pkg/storage/storage_fs.go
@@ -551,9 +551,13 @@ func (is *ImageStoreFS) PutImageManifest(repo string, reference string, mediaTyp
 			return "", zerr.ErrBadManifest
 		}
 
-		digest, err := is.validateOCIManifest(repo, reference, &manifest)
-		if err != nil {
-			return digest, err
+		if manifest.Config.MediaType == ispec.MediaTypeImageConfig {
+			digest, err := is.validateOCIManifest(repo, reference, &manifest)
+			if err != nil {
+				is.log.Error().Err(err).Msg("invalid oci image manifest")
+
+				return digest, err
+			}
 		}
 	} else if mediaType == artifactspec.MediaTypeArtifactManifest {
 		var m notation.Descriptor