Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ANE-2243): use correct Docker Hub registry API endpoint #1500

Merged
merged 6 commits into from
Jan 31, 2025
Merged

fix(ANE-2243): use correct Docker Hub registry API endpoint #1500

merged 6 commits into from
Jan 31, 2025

Conversation

ryanlink
Copy link
Contributor

@ryanlink ryanlink commented Jan 30, 2025
edited
Loading

Overview

When analyzing Docker images from Docker Hub, we now correctly use registry-1.docker.io instead of index.docker.io as the API endpoint. This fixes a 403 error that occurred when trying to analyze Docker images.

The change distinguishes between:

  • index.docker.io: Used for parsing Docker image references
  • registry-1.docker.io: Used for making actual API requests

Jira: ANE-2243

Acceptance criteria

This command should work rather than giving a 403 error:

fossa container analyze docker.io/grafana/loki:2.9.4

Testing plan

I just tested the CI-built binary, and it satisfies the AC.
image

Risks

Highlight any areas that you're unsure of, want feedback on, or want reviewers to pay particular attention to.

Example: I'm not sure I did X correctly, can reviewers please double-check that for me?

Metrics

Is this change something that can or should be tracked? If so, can we do it today? And how? If its easy, do it

References

Jira: ANE-2243
Slack: https://teamfossa.slack.com/archives/C022TQ8EWD7/p1737577045680139

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

ryan link and others added 4 commits January 30, 2025 14:25
fix(ANE-2243): use correct Docker Hub registry API endpoint
78fdb3e 
When analyzing Docker images from Docker Hub, we now correctly use registry-1.docker.io
instead of index.docker.io as the API endpoint. This fixes a 403 error that occurred
when trying to analyze Docker images.

The change distinguishes between:
- index.docker.io: Used for parsing Docker image references
- registry-1.docker.io: Used for making actual API requests

Jira: ANE-2243
@ryanlink
Revert allow-newer additions to cabal.project
89373b3
@ryanlink
Update Changelog.md
a3afd00
fix: remove unused import
79b32c8
@ryanlink ryanlink marked this pull request as ready for review January 30, 2025 21:37
@ryanlink ryanlink requested a review from a team as a code owner January 30, 2025 21:37
@ryanlink ryanlink requested a review from nficca January 30, 2025 21:37
@ryanlink
Copy link
Contributor Author

not sure why link-check in CI deems https://hoogle.haskell.org a dead link or 403, it works fine.

chore: ignore hoogle.haskell.org in link checker
b671034 
The link checker sometimes fails on hoogle.haskell.org due to rate limiting
or other issues, but the link is known to be valid. Add it to the ignored
patterns.
nficca
nficca approved these changes Jan 30, 2025
View reviewed changes
Copy link
Contributor

@nficca nficca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks pretty safe to me!

Also, I'm not sure why that lint was failing either, or how your changes would have affected it at all. I'll tag @csasarak on this in case maybe he knows and/or has other thoughts on these changes.

@csasarak
Copy link
Contributor

Please don't remove links in order to fix the link check lint, can you revert that commit?

Link checks aren't required to merge, but it is a good advisory for us if we notice a link consistently failing over a longer period of time.

@ryanlink
Copy link
Contributor Author

@csasarak done, sorry about that! Didn't realize it wasn't blocking.

@ryanlink ryanlink enabled auto-merge (squash) January 30, 2025 23:36
@ryanlink ryanlink merged commit 39cdf41 into master Jan 31, 2025
18 of 19 checks passed
@ryanlink ryanlink deleted the fix/ANE-2243-docker-registry-url branch January 31, 2025 16:06
@csasarak
Copy link
Contributor

It's no problem. It's not obvious that it isn't required and the link check has value but it's definitely flake-y. Mainly when it fails we just have a look at which link it was and see if we can access it from somewhere other than GH like you did. Usually you can and in that case it's safe to bypass. If you can't access it, you can still merge but we'd want to keep that in mind and see if it comes back later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nficca nficca nficca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ryanlink @csasarak @nficca