Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release n...

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.0.0 to 3.1.0.
...

* check and use the latest go available

Signed-off-by: cpanato <[email protected]>

* update...

* bump require blocks to point to latest main (892d7a8)

* run go mod tidy again

* authn.kubernetes.Resolve now behaves exactly like Kubernetes

Prior we weren't matching host...

Co-authored-by: Eric Stroczynski <[email protected]>

Co-authored-by: Eric Stroczynski <[email protected]>

This speeds up instances where the credentials are in image pull secrets

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.1.0 to 3.0.0.
...

Bumps [actions/stale](https://github.com/actions/stale) from 4 to 5.
- [Release notes](https://...

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](ht...

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from...

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](ht...

This is an attempt to work around some interesting behavior from
DockerHub.

> This query par...

* crane export: Read tarball from a file

A working concept that reads the image from "test.ta...

* Add rebase_test.sh to hack/presubmit.sh

* look for -eq 0 instead of -ne 1

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 2 t...

Currently we just fail outright if the registry returns a 500 during a
blob HEAD because it's n...

* Add GitHub Action to automatically bump deps

* Disable dependabot

* Add output option to mutate to save to a tar file and not push to a registry (same as append)
...

* Take advantage of Chainguard maintained versions of various actions.

I created these so we ...

GitHub Actions recently updated the Windows version used by
windows-latest, which is no longer ...

* Bump deps, add script to make it easier

* Bump deps

* Check docker config auths for repo and registry

This enables the case where a config's auth...

* LayerFromReader: buffer contents to a temp file instead of in memory

* Add deprecation warn...

This should reduce log spam to stderr for clients using google.Keychain
when they don't have Go...

* Fallback to anonymous if env or gcloud are not configured

Debug-log env or gcloud errors in...

- if GITHUB_TOKEN env var is set, and registry is ghcr.io, use the
token as a password.
- if...

Currently, daemon.Image is so lazy that non-existent images don't return
an error. This changes...

* Implement Platform.String and v1.ParsePlatform

* Remove support for osfeatures and features...

* bump containerd to 1.5.9

* tidy deps in other modules

* go get -u image-spec@main

We see EOF when the server closes a connection without sending an
appropriate "Connection: clos...

* Fix NewKeychainFromHelper

- only pass RegistryStr, since helpers don't expect to see repo p...

Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-crede...

* Bump acr cred helper dep

This picks up
https://github.com/chrismellard/docker-credential-a...

This is similar to what happens when the package looks for Docker's
config.json, it ignores any...

* Bump ecr-login to v0.6.0

* go mod download to fix presubmit

* return transport errors that support errors.Is

* run update codegen

* fix cmd/krane/go.mod and include it in hack/presubmit.sh

* gitignore binaries in cmd/, sinc...

Minor typo mistake

* Add layout.WriteLayer for streaming layers and undersized layers from incomplete downloads

...

* Add pkg/authn/kubernetes

This takes the Kubernetes client-go parts from k8schain, removes t...

This uses github OIDC federation to impersonate an AWS role on an account owned by Chainguard, I...

* crane pull: support pulling index to OCI Layout

Prior to this, we'd also resolve an index t...

* Add docker cred helper adapter in pkg/authn

* authn.NewFromHelper -> authn.NewKeychainFromH...

For registries that return a structured error containing UNAVAILABLE, we
weren't retrying becau...

This adds a `krane` tool, which is effectively `crane` with a multi-keychain that prefers defaul...

This adds an `--image-refs` flag to `crane push` similar to the flag
I recently added to `ko`, ...

* Pluggable blob storage for pkg/registry

Features:
- supports redirects if the blob handler...

* crane push: Support OCI layout

Detect if the first argument is a directory. If so, attempt ...

This removes the --osversion flag, and lets users specify the osversion
in the --platform flag ...

Previously we would eschew any kind of wrapper if the ping returned a
200, but this means we do...

Default second arg to stdout so I don't have to type "-".

For images with a single layer, avo...

* Added env vars and optional layers to mutate cmd

* Fixing nits

* mutate: update flag for...

* Accept multiple entrypoint values in crane mutate

Also add e2e test that runs an image prod...

* WIP: add mutate.Windows

Also:
- support layer windowsification in `crane append` and `cran...

* Add depcheck test that pkg/registry has light dependencies

Also depcheck that cmd/{g}crane ...

* update github.com/opencontainers/image-spec to HEAD

Signed-off-by: Jake Sanders <jsand@goog...

* Revert "Revert "Check for Podman's auth.json in DefaultKeychain (#1181)" (#1184)"

This reve...

This reverts commit 309df099955fd39ceecfdaf7bb1a62122794c39d.

* Check for Podman's auth.json in DefaultKeychain

* Prefer DOCKER_CONFIG, fallback to Podman ...

With the current argument type, a common in a label value (a reasonable thing to have)
will be ...

Signed-off-by: vsoch <[email protected]>

Co-authored-by: vsoch <[email protected]...

* Revert "Give the ping context a timeout. (#1163)"

This reverts commit 080751a76415bb3d4af18...

* Adding OS version to Crane for better Windows support.

Windows images present some unique c...

Noticed while pushing nested indexes, we lose authentication options
when attempting to upload ...

* Add check for missing CreatedBy in canonical image

* Remember CreatedBy in mutate.Canonical...

* Bump docker/docker dependency to v20.10.10

* also go mod download in k8schain

* Enable some more golangci-lint checks, fix findings

There's still quite a bit of errchecks ...

Debugging why requests to an insecure registry seem to hang, I noticed that there are 3+ request...