in builder/digest_remote.go [30:92]
func (d *remoteDigest) PopulateDigest(ctx context.Context, ref *image.Reference) error {
if ref == nil {
return nil
}
if ref.Digest != "" {
return nil
}
if ref.Reference == NoBaseImageSpecifierLatest {
return nil
}
config := docker.RegistryHost{
Client: http.DefaultClient,
Scheme: "https",
Path: "/v2",
// NOTE: it requires both pull and resolve capabilities to get the digest
Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
}
if cred, ok := d.registryCreds[ref.Registry]; ok {
if cred.Username.ResolvedValue == "" || cred.Password.ResolvedValue == "" {
return fmt.Errorf("error fetching credentials for '%s'", ref.Registry)
}
config.Authorizer = docker.NewDockerAuthorizer(
docker.WithAuthCreds(func(hostName string) (string, string, error) {
if hostName != ref.Registry {
return "", "", fmt.Errorf("hostName '%s' does not match the registry '%s'", hostName, ref.Registry)
}
return cred.Username.ResolvedValue, cred.Password.ResolvedValue, nil
}),
)
} else {
config.Authorizer = docker.NewDockerAuthorizer(
docker.WithAuthCreds(func(hostName string) (string, string, error) {
if hostName != ref.Registry {
return "", "", fmt.Errorf("hostName '%s' does not match the registry '%s'", hostName, ref.Registry)
}
// NOTE: empty credential for anonymous access
return "", "", nil
}),
)
}
opts := docker.ResolverOptions{
Hosts: func(hostName string) ([]docker.RegistryHost, error) {
config.Host = hostName
return []docker.RegistryHost{config}, nil
},
}
resolver := docker.NewResolver(opts)
imageRef, err := getReferencePath(ref)
if err != nil {
return err
}
_, desc, err := resolver.Resolve(ctx, imageRef)
if err != nil {
return errors.Wrapf(err, "Failed to Resolve the reference '%s'", ref.Reference)
}
ref.Digest = desc.Digest.String()
return nil
}