Library to manage VM's on hosts - mirror
- Rust 94.1%
- Shell 5.8%
- Makefile 0.1%
7484caad0bPreviously resolve_auth() only knew about ghcr.io/GITHUB_TOKEN, leaving
every other private registry on anonymous — fine for public images, but
solstice-ci's orchestrator pulls catalog and base qcow2 layers from
private Forgejo packages on code.aopc.cloud and was hitting 401.
Add two env-driven auth paths, applied to any non-ghcr registry:
OCI_AUTH_FILE=/path/to/auth.json
JSON shaped like refraction-forger's auth file:
{"username": "...", "password": "..."} or
{"token": "..."} (username defaults to "forger")
'password' and 'token' are interchangeable, matching forger's
resolve_auth so the same file can drive push and pull.
REGISTRY_USERNAME / REGISTRY_TOKEN
Inline alternative for compose-style deployments. REGISTRY_TOKEN
is the password; REGISTRY_USERNAME defaults to "forger".
Also expose fetch_manifest_digest(reference) so callers (e.g. solstice
orchestrator) can probe for tag rolls before re-pulling a multi-GB
qcow2 layer. Internally pulls just the manifest, no blobs.
Tests still pass — they exercise the ghcr / anonymous fallthrough,
which my new code preserves verbatim when the env vars are unset.
|
||
|---|---|---|
| brand/nebula-vm | ||
| crates | ||
| docs | ||
| scripts | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| Makefile | ||
| VMFile.kdl | ||