Bump github.com/google/go-containerregistry from 0.10.0 to 0.12.0

[dependabot]

Bumps github.com/google/go-containerregistry from 0.10.0 to 0.12.0.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.12.0

Changelog

• 9b4fdd50 Bump actions/setup-go from 2 to 3 (#1463)
• 7268da01 Bump actions/stale from 5 to 6 (#1452)
• 7196cf3d Bump aws-actions/configure-aws-credentials from 1.6.1 to 1.7.0 (#1424)
• 8eae069f Bump codecov/codecov-action from 3.1.0 to 3.1.1 (#1453)
• 969699e7 Bump deps using ./hack/bump-deps.sh (#1467)
• c1f9836a Bump opencontainers/image-spec (#1423)
• 49cdb8b4 Correct usage of authn.NewKeychainFromHelper in docs (#1419)
• 3ba4c511 Fix tar PAX format handling (#1414)
• 24a1c335 Ignore docker config if it's a directory (#1420)
• a0f66878 Make ErrBadName checkable via errors.Is() (#1462)
• 19e3eff7 Retry ECONNRESET errors (#1415)
• 5749ee68 Support the platform specific authentication of krane in "auth get" command (#1413)
• e3b94c7e allow remote.DefaultTransport to be overridden by an http.RoundTripper (#1449)
• f981b4c0 deps: update goreleaser-action for bug (#1444)
• 771a9b44 e2e: pull and export stdin and stdout (#1436)
• 87b3a796 feat: Add krane to release archive (#1443)
• 2859a0d0 feat: generate slsa provenance on github release artifacts (#1438)
• 9a5c14ad fix crane's root.go after DefaultTransport change (#1450)
• 2b54510b fix: consider base image media type when appending layers (#1437)
• d3ed4089 registry: implement blob deletion (#1432)
• 3413eb6c registry: implement pagination (#1430)
• e2d575cf update crane installation instructions and release verification (#1440)

Container Images

https://gcr.io/go-containerregistry/crane:v0.12.0 https://gcr.io/go-containerregistry/gcrane:v0.12.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.12.0
docker pull gcr.io/go-containerregistry/gcrane:v0.12.0

v0.11.0

Changelog

• b7b4eada Add unit test covering .dockerconfigjson secrets (#1335)
• 31786c6c Bump deps using ./hack/bump-deps.sh (#1410)
• f79ec219 Deprecate transport.New (#1337)
• 2b1087ab Do not check /v2 endpoint on registry when RoundTripper is provided (#1396)
• 59b5c06e Don't annotate refs by default, switch to OCI key (#1401)
• ddd39fb9 Fall back to no mount if registry misbehaves (#1406)
• d187a716 Implement crane edit (#1403)
• 4d7b65b0 Include builds for Go 1.18 in CI matrixes (#1319)
• 03194c5a Preserve descriptors when writing to layout (#1400)
• 53e6bea5 Redact sensitive information in redirected URLs (#1408)
• ae256b58 Use go-digest to validate digests (#1395)
• 86f0c4a3 Wrap progress updates in a mutex (#1402)

... (truncated)

Commits

• 3413eb6 registry: implement pagination (#1430)
• d3ed408 registry: implement blob deletion (#1432)
• 969699e Bump deps using ./hack/bump-deps.sh (#1467)
• 9b4fdd5 Bump actions/setup-go from 2 to 3 (#1463)
• a0f6687 Make ErrBadName checkable via errors.Is() (#1462)
• 7268da0 Bump actions/stale from 5 to 6 (#1452)
• 8eae069 Bump codecov/codecov-action from 3.1.0 to 3.1.1 (#1453)
• 9a5c14a fix crane's root.go after DefaultTransport change (#1450)
• e3b94c7 allow remote.DefaultTransport to be overridden by an http.RoundTripper (#1449)
• f981b4c deps: update goreleaser-action for bug (#1444)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a redhat-openshift-ecosystem member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[dcibot]

• FAILURE
  from Bump github.com/google/go-containerregistry from 0.10.0 to 0.12.0 #804

[coveralls]

Coverage remained the same at 84.5% when pulling 187295c on dependabot/go_modules/github.com/google/go-containerregistry-0.12.0 into 77ff45a on main.

[openshift-ci]

@sebrandon1: changing LGTM is restricted to collaborators

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[acornett21]

/ok-to-test

[acornett21]

Here is the diff on this, we should give this a once over to make sure nothing is glaring.

@bcrochet @komish I don't see anything that we use changing, they do change how DOCKER_CONFIG is used (for a lack of a better word), but since we use our own auth and don't use theirs to read this in, shouldn't be an issue. They also now allow to use/change out the Transport to a RoundTripper, but aside from that nothing else is glaring. LMK if you see something that could be breaking.

[bcrochet]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: acornett21, bcrochet, dependabot[bot], sebrandon1

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [acornett21,bcrochet]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/f398e8d4-8c0e-4f0e-8a15-0b8ff570a6c8/jobStates
  from Bump github.com/google/go-containerregistry from 0.10.0 to 0.12.0 #804