fix: don't allow blobs to be deleted if in use (#1559)

dist-spec APIs independently allow deletion of blobs and manifests. Doing the former when in use by an image manifest or index is simply error-prone. So disallow it. Fixes issue #1509 Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2026-06-16 04:17:55 +08:00 · 2023-07-10 12:24:45 +03:00
parent b22989cfe0
commit cda6916b45
11 changed files with 560 additions and 38 deletions
@@ -34,8 +34,19 @@ jobs:
          RUNNER_TRACKING_ID="" && ./bin/zot-linux-amd64 serve examples/config-conformance.json &
          IP=`hostname -I | awk '{print $1}'`
          echo "SERVER_URL=http://${IP}:8080" >> $GITHUB_ENV
-    - name: Run OCI Distribution Spec conformance tests
-      uses: opencontainers/distribution-spec@main
+    - uses: actions/checkout@v3
+      with:
+        # TODO: change to upstream once the foloowing PR is merged:
+        # https://github.com/opencontainers/distribution-spec/pull/436
+        repository: sudo-bmitch/distribution-spec
+        ref: pr-conformance-index-subject
+        path: distribution-spec
+    - name: build conformance binary from main
+      run: |
+        (cd distribution-spec/ && make conformance-binary)
+        mv distribution-spec/output/conformance.test .
+        rm -rf distribution-spec/
+    - name: run conformance
      env:
        OCI_ROOT_URL: ${{ env.SERVER_URL }}
        OCI_NAMESPACE: oci-conformance/distribution-test
@@ -44,13 +55,14 @@ jobs:
        OCI_TEST_CONTENT_DISCOVERY: 1
        OCI_TEST_CONTENT_MANAGEMENT: 1
        OCI_REFERRERS: 1
-        OCI_HIDE_SKIPPED_WORKFLOWS: 1
+        OCI_CROSSMOUNT_NAMESPACE: oci-conformance/crossmount-test
+      run: |
+        ./conformance.test 
    - run: mkdir -p .out/ && mv {report.html,junit.xml} .out/
      if: always()
-      #run: docker run --rm -v $(pwd)/results:/results -w /results -e OCI_ROOT_URL=${{ env.OCI_ROOT_URL }} -e OCI_NAMESPACE="anuvu/zot" -e OCI_TEST_PULL=1 -e OCI_TEST_PUSH=1 -e OCI_TEST_CONTENT_DISCOVERY=1 -e OCI_TEST_CONTENT_MANAGEMENT=1 -e OCI_HIDE_SKIPPED_WORKFLOWS=0 -e OCI_DEBUG="true" ghcr.io/opencontainers/distribution-spec/conformance:db4cc68
    - name: Upload test results zip as build artifact
      uses: actions/upload-artifact@v3
      with:
        name: oci-test-results-${{ github.sha }}
        path: .out/
-      if: github.event == 'push'
+      if: github.event_name == 'push'