Skip to content

feat: OCI registry support via cocoon-common (select with OCI_REGISTRY)#26

Merged
CMGS merged 8 commits into
mainfrom
feat/oci-registry
Jul 1, 2026
Merged

feat: OCI registry support via cocoon-common (select with OCI_REGISTRY)#26
CMGS merged 8 commits into
mainfrom
feat/oci-registry

Conversation

@CMGS

@CMGS CMGS commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Moves vk's snapshot/cloud-image registry code to cocoon-common and makes vk
OCI-only — it now imports zero epoch. Advances #25.

Depends on cocoon-common#4 (shared oci + snapshot/cloudimg/manifest packages). Pinned via go get cocoon-common@<sha>; moves to a tag once #4 merges.

What changed

  • Abstract the registry behind an interface, add a go-containerregistry OCI client, drop epoch's /dl/ (cloud images boot from a local import).
  • Switch to cocoon-common (oci.Registry + the shared bridge packages); remove vk's local OCI client + all epoch/* imports.
  • Drop the epoch backend: buildRegistry now requires OCI_REGISTRY. epoch is gone from go.mod.

Deploy note

OCI_REGISTRY is now required — deploy after the epoch→AR migration completes and the env is set.

Quality

Each commit: build (go.work + GOWORK=off) / vet / test / lint (both GOOS, 0) green, /code + /simplify, go test -race clean. No trailers.

CMGS added 6 commits July 1, 2026 11:40
…nterface

Decouple vk from epoch's concrete *registryclient.Client so a standard-OCI
backend can drop in (issue #25). The new snapshots.Registry composes epoch's
snapshot Uploader/Downloader plus BaseURL and DeleteManifest; Pusher, Puller,
blobReader and Provider hold the interface. No behavior change — main.go still
wires the concrete client, which satisfies it.
…istry)

OCIRegistry implements snapshots.Registry against any OCI Distribution
registry (e.g. Artifact Registry) using standard upload sessions + keychain
auth, so vk can drop epoch's bespoke server (issue #25). streamLayer pushes a
multi-GB blob without buffering; rawManifest carries the custom artifactType
bytes. Round-trip tested against an in-memory registry.
…rom local import

ensureRunImage now imports a cloud-image artifact and returns a local ref
(repo:tag) instead of rewriting to <base>/dl/{repo}/{tag}, so booting works
against any standard OCI registry, not just epoch's server (issue #25).
Removes canonicalCloudImgURL and BaseURL (its only user) from the Registry
interface and OCIRegistry.
buildRegistry returns a standard-OCI client (OCI_REGISTRY set) or epoch's
client, so vk can run against Artifact Registry without epoch (issue #25).
The OCI keychain resolves GCP ADC (google.Keychain) then docker config, so
GCE nodes authenticate to AR with no bundled credential helper.
PullCloudImage, EnsureCloudImage and their fetchCloudImageManifest helper had
no callers once the boot path settled on EnsureCloudImageFromRaw; drop them
plus the now-unused io/manifest imports, and repoint two stale comments.
Drop vk's local OCIRegistry + Registry interface and the epoch/{snapshot,
cloudimg,manifest,utils} imports in favor of cocoon-common (oci.Registry
backend + the shared snapshot/cloudimg/manifest packages). epoch is now
imported only for registryclient, the transitional backend kept until the
data migration completes. Neutralizes stale epoch references in comments,
metrics, events, and the README.
@CMGS CMGS changed the title feat: standard OCI registry support (drop /dl/, select via OCI_REGISTRY) feat: OCI registry support via cocoon-common (select with OCI_REGISTRY) Jul 1, 2026
CMGS added 2 commits July 1, 2026 14:33
vk now imports zero epoch: buildRegistry requires OCI_REGISTRY and always
builds a cocoon-common oci client (GCP ADC then docker config). Removes the
registryclient fallback, EPOCH_URL/TOKEN, and the dual-backend log. Tests use
a fakeRegistry stub; the epoch dependency is gone from go.mod. Bumps
cocoon-common to the HasBlob/ImportImage rename.
@CMGS CMGS merged commit 69f053b into main Jul 1, 2026
2 checks passed
@CMGS CMGS deleted the feat/oci-registry branch July 1, 2026 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant