You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the Sonatype Nexus Repository cleanup script expects the mediaType to be present in the OCI Image Index. When isn't present, the cleanup doesn't iterate through the listed manifests in the image index and thus treats the actual manifest for the Zarf package as orphaned and deletes it. Sonatype accepts this is a bug and has an issue for it but doesn't have an ETA for a fix. This is preventing us from using the latest Zarf to publish. While this is a fix to work around someone else's bug, since the spec says it should be set it feels like a good addition regardless.
The text was updated successfully, but these errors were encountered:
## Description
Added the OCI Image Index's mediaType for completeness sake per the OCI
spec and to work around a known Sonatype Nexus Repository bug.
## Related Issue
Fixes#2351
## Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)
## Checklist before merging
- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Describe what should be investigated or refactored
Currently the OCI Image Index for Zarf packages doesn't include the mediaType attribute. While not technically required the OCI spec says it "SHOULD" be used (https://github.com/opencontainers/image-spec/blob/main/image-index.md).
Links to any relevant code
None.
Additional context
Currently the Sonatype Nexus Repository cleanup script expects the mediaType to be present in the OCI Image Index. When isn't present, the cleanup doesn't iterate through the listed manifests in the image index and thus treats the actual manifest for the Zarf package as orphaned and deletes it. Sonatype accepts this is a bug and has an issue for it but doesn't have an ETA for a fix. This is preventing us from using the latest Zarf to publish. While this is a fix to work around someone else's bug, since the spec says it should be set it feels like a good addition regardless.
The text was updated successfully, but these errors were encountered: