mirror of
https://github.com/containrrr/watchtower.git
synced 2025-02-13 19:42:16 +02:00
5983d58d7c
Log based on registry known-poor support of HEAD in checking container manifest. Some private registries do not support HEAD (E.G. GitLab Container Registry). With the current config, this log message is causing a notification to be sent for each container hosted in a registry lacking HEAD support. log.Debug or log.Warning for failed HTTP HEAD-check based on registry hostname where HEAD-check is known to fail. For Docker Hub, a failed HEAD leading to a "regular pull" may count against a user's call-quota whereas other registry implementations do not support HEAD, or whose container manifest may be in a different location.
60 lines
1.8 KiB
Go
60 lines
1.8 KiB
Go
package registry
|
|
|
|
import (
|
|
"github.com/containrrr/watchtower/pkg/registry/helpers"
|
|
watchtowerTypes "github.com/containrrr/watchtower/pkg/types"
|
|
ref "github.com/docker/distribution/reference"
|
|
"github.com/docker/docker/api/types"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// GetPullOptions creates a struct with all options needed for pulling images from a registry
|
|
func GetPullOptions(imageName string) (types.ImagePullOptions, error) {
|
|
auth, err := EncodedAuth(imageName)
|
|
log.Debugf("Got image name: %s", imageName)
|
|
if err != nil {
|
|
return types.ImagePullOptions{}, err
|
|
}
|
|
|
|
if auth == "" {
|
|
return types.ImagePullOptions{}, nil
|
|
}
|
|
log.Tracef("Got auth value: %s", auth)
|
|
|
|
return types.ImagePullOptions{
|
|
RegistryAuth: auth,
|
|
PrivilegeFunc: DefaultAuthHandler,
|
|
}, nil
|
|
}
|
|
|
|
// DefaultAuthHandler will be invoked if an AuthConfig is rejected
|
|
// It could be used to return a new value for the "X-Registry-Auth" authentication header,
|
|
// but there's no point trying again with the same value as used in AuthConfig
|
|
func DefaultAuthHandler() (string, error) {
|
|
log.Debug("Authentication request was rejected. Trying again without authentication")
|
|
return "", nil
|
|
}
|
|
|
|
// WarnOnAPIConsumption will return true if the registry is known-expected
|
|
// to respond well to HTTP HEAD in checking the container digest -- or if there
|
|
// are problems parsing the container hostname.
|
|
// Will return false if behavior for container is unknown.
|
|
func WarnOnAPIConsumption(container watchtowerTypes.Container) bool {
|
|
|
|
normalizedName, err := ref.ParseNormalizedNamed(container.ImageName())
|
|
if err != nil {
|
|
return true
|
|
}
|
|
|
|
containerHost, err := helpers.NormalizeRegistry(normalizedName.String())
|
|
if err != nil {
|
|
return true
|
|
}
|
|
|
|
if containerHost == "index.docker.io" || containerHost == "ghcr.io" {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|