From c00f2632cf25b0c3bfcbd1db3b7de4c543c7f586 Mon Sep 17 00:00:00 2001
From: Chris Bandy <bandy.chris@gmail.com>
Date: Wed, 9 Oct 2024 11:20:42 -0500
Subject: [PATCH] Produce a manifest with a non-zero config

Some OCI registry implementations do not know how to handle completely
empty manifest config. ORAS knows what to do in this case.

See: https://github.com/opencontainers/image-spec/blob/v1.1.0/manifest.md#guidance-for-an-empty-descriptor
---
 .github/workflows/release.yaml | 4 ++--
 scripts/verify-bundle.go       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 94ef1ef6..e8c11e1e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -27,7 +27,7 @@ jobs:
           tags=(latest ${{ env.RELEASE_VERSION}} ${{env.MINOR_VERSION }} ${{ env.MAJOR_VERSION }})
           for tag in ${tags[@]}; do
               oras push ghcr.io/aquasecurity/trivy-policies:${tag} \
-              --config /dev/null:application/vnd.cncf.openpolicyagent.config.v1+json \
+              --artifact-type application/vnd.cncf.openpolicyagent.config.v1+json \
               --annotation "org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
               --annotation "org.opencontainers.image.revision=$GITHUB_SHA" \
               bundle.tar.gz:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip
@@ -37,6 +37,6 @@ jobs:
           tags=(latest ${{ env.RELEASE_VERSION}} ${{env.MINOR_VERSION }} ${{ env.MAJOR_VERSION }})
           for tag in ${tags[@]}; do
               oras push ghcr.io/${{ github.repository }}:${tag} \
-              --config /dev/null:application/vnd.cncf.openpolicyagent.config.v1+json \
+              --artifact-type application/vnd.cncf.openpolicyagent.config.v1+json \
               bundle.tar.gz:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip
           done
diff --git a/scripts/verify-bundle.go b/scripts/verify-bundle.go
index fa83c25e..e3946c3c 100644
--- a/scripts/verify-bundle.go
+++ b/scripts/verify-bundle.go
@@ -14,7 +14,7 @@ import (
 )
 
 var bundlePath = "bundle.tar.gz"
-var OrasPush = []string{"--config", "/dev/null:application/vnd.cncf.openpolicyagent.config.v1+json", fmt.Sprintf("%s:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip", bundlePath)}
+var OrasPush = []string{"--artifact-type", "application/vnd.cncf.openpolicyagent.config.v1+json", fmt.Sprintf("%s:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip", bundlePath)}
 var supportedTrivyVersions = []string{"latest", "canary"} // TODO: add more versions
 
 func createRegistryContainer(ctx context.Context) (testcontainers.Container, string) {