Skip certain object typtes during sync

[sudermanjr]

I'm using skopeo to sync some images from a GCR repo back to an older quay repo we have. We have cosign signatures in the new GCR repository. I know that quay doesn't support those, and I also know that skopeo doesn't support non-container images (which is fine).

Ideally, I would just be able to skip those. The --keep-going flag gets me most of the way there, but then I still get an exit code of 1. I still want to be alerted if this job fails (I'm using k8s cronjobs), but I don't want to fail because of just this.

I see two potential solutions here:

1. A different exit code for this type of failure. Not sure how easy/feasible this is. This would allow me to ignore that specific code.
2. The ability to ignore certain types of objects in my registry. Not sure what the actual thing to ignore is.

For reference, the error I'm getting is:

time="2022-03-16T18:01:28Z" level=error msg="Error copying ref \"docker://us-docker.pkg.dev/fairwinds-ops/oss/pluto:sha256-f656a32a36ad748e8e0c9199cd76fa3ed99706157d53d5f
292dada13d31e4ce7.sig\"" error="creating an updated image manifest: preparing updated manifest, layer \"sha256:7038ad5a6aa8f8ed3daf9bace8d28449484b826eb9533db41c6beab4758
a2869\": unsupported MIME type for compression: application/vnd.dev.cosign.simplesigning.v1+json"

Overall, I'm super happy with this project, and it's been extremely useful, so thanks for all your great work.

[mtrmac]

Thanks for your report.

Short-term, the sync command, in the YAML format, has an images-by-tag-regex option; in principle, it is possible to construct a regex that excludes the sha256-….sig tags. I imagine that regex would be absolutely horrible.

Longer-term, this should be handled in three ways:

• Extending the YAML syntax: discussed in feature: add --scoped-append-registry flag #1531 .
• Adding support for OCI artifacts: Support other OCI artifact types image#1370 .
• Natively supporting Cosign signatures as an integral part of an existing image (being worked on), and teaching skopeo sync to skip them otherwise.

I’m not aware of anyone working on the first two items. Native Cosign support is a high priority, but will still take some time.

[sudermanjr]

I actually wasn't aware of the YAML format at all, so that's helpful for investigating other solutions. You're right, that regex might be gnarly for sure. I may look into it though.

Excited to see all those other things happen (mostly cosign), but I understand the level of complexity involved here. Thanks so much for the great response.

I'll go ahead and close this since it's covered by all those other things, and if I do find some other solution, or a working regex, I'll add it her later.