Produce a manifest with a non-zero config #270
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I could not copy
trivy-checks
into Harbor today because Harbor does not understand a"size":0
manifest config.The OCI image spec calls out this case and recommends sending an empty JSON object instead: https://github.com/opencontainers/image-spec/blob/v1.1.0/manifest.md#guidance-for-an-empty-descriptor
ORAS knows what to do with these things, so this change uses it the same way as
trivy-db
: https://github.com/aquasecurity/trivy-db/blob/32c63a9af03ffd449a6ffb4471745b6ec9714875/.github/workflows/cron.yml#L73Here's a discussion about the OPA bundle format showing similar: open-policy-agent/opa#1413 (comment)