feat: serve local docker repos as a real registry
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful

Local docker repos previously had no write path — the /v2 Docker Registry
API only proxied to upstreams. This makes a local docker repo a genuine
registry so `docker push`/`docker pull` (and podman/skopeo/buildah) work
against it directly, matching the project principle that a local repo is the
real thing rather than a mirror.

- Implement the Docker Registry HTTP API V2 write/read half for local docker
  repos: blob uploads (monolithic and chunked POST/PATCH/PUT), manifest push,
  tags list, and blob/manifest GET/HEAD.
- Store blobs and manifests through the existing content-addressable store;
  keep a local_files reference per (repo, image) so the GC does not reap them.
  Tags are mutable (UpsertLocalFile); digests and blobs are immutable.
- Dispatch /v2 reads to the local handler for local docker repos and fall
  through to the upstream proxy otherwise; writes are local-docker only.
- Add UpsertLocalFile for mutable tag references.
- Cover the push/pull round-trip with a dockerised e2e test and unit-test the
  registry path parser. Document the registry in the README.
This commit is contained in:
2026-07-04 22:33:43 +10:00
parent 936cf8846a
commit 26b405a948
7 changed files with 754 additions and 4 deletions
+50
View File
@@ -0,0 +1,50 @@
package v1
import "testing"
func TestParseDockerPath(t *testing.T) {
tests := []struct {
name string
rest string
wantOK bool
wantImage string
wantKind string
wantRef string
}{
{"start upload trailing slash", "team/app/blobs/uploads/", true, "team/app", "upload", ""},
{"start upload no slash", "team/app/blobs/uploads", true, "team/app", "upload", ""},
{"patch upload with uuid", "team/app/blobs/uploads/abc-123", true, "team/app", "upload", "abc-123"},
{"single-segment image upload", "app/blobs/uploads/", true, "app", "upload", ""},
{"blob by digest", "team/app/blobs/sha256:deadbeef", true, "team/app", "blob", "sha256:deadbeef"},
{"manifest by tag", "team/app/manifests/v1.0.0", true, "team/app", "manifest", "v1.0.0"},
{"manifest by digest", "team/app/manifests/sha256:cafe", true, "team/app", "manifest", "sha256:cafe"},
{"tags list", "team/app/tags/list", true, "team/app", "tags", ""},
{"leading slash tolerated", "/team/app/manifests/latest", true, "team/app", "manifest", "latest"},
{"deep image name", "a/b/c/manifests/latest", true, "a/b/c", "manifest", "latest"},
{"unrecognised", "team/app/whatever", false, "", "", ""},
{"tags list without image", "tags/list", false, "", "", ""},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
got, ok := parseDockerPath(tc.rest)
if ok != tc.wantOK {
t.Fatalf("ok = %v, want %v", ok, tc.wantOK)
}
if !tc.wantOK {
return
}
if got.image != tc.wantImage || got.kind != tc.wantKind || got.ref != tc.wantRef {
t.Fatalf("got %+v, want image=%q kind=%q ref=%q", got, tc.wantImage, tc.wantKind, tc.wantRef)
}
})
}
}
func TestIsDigest(t *testing.T) {
if !isDigest("sha256:abc") {
t.Fatal("sha256: prefix should be a digest")
}
if isDigest("v1.0.0") {
t.Fatal("a tag is not a digest")
}
}