github.com/containerd/nerdctl@v1.7.7/pkg/api/types/image_types.go (about) 1 /* 2 Copyright The containerd Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package types 18 19 import ( 20 "io" 21 22 "github.com/containerd/nerdctl/pkg/imgutil" 23 ) 24 25 // ImageListOptions specifies options for `nerdctl image list`. 26 type ImageListOptions struct { 27 Stdout io.Writer 28 // GOptions is the global options 29 GOptions GlobalCommandOptions 30 // Quiet only show numeric IDs 31 Quiet bool 32 // NoTrunc don't truncate output 33 NoTrunc bool 34 // Format the output using the given Go template, e.g, '{{json .}}', 'wide' 35 Format string 36 // Filter output based on conditions provided, for the --filter argument 37 Filters []string 38 // NameAndRefFilter filters images by name and reference 39 NameAndRefFilter []string 40 // Digests show digests (compatible with Docker, unlike ID) 41 Digests bool 42 // Names show image names 43 Names bool 44 // All (unimplemented yet, always true) 45 All bool 46 } 47 48 // ImageConvertOptions specifies options for `nerdctl image convert`. 49 type ImageConvertOptions struct { 50 Stdout io.Writer 51 GOptions GlobalCommandOptions 52 53 // #region generic flags 54 // Uncompress convert tar.gz layers to uncompressed tar layers 55 Uncompress bool 56 // Oci convert Docker media types to OCI media types 57 Oci bool 58 // #endregion 59 60 // #region platform flags 61 // Platforms convert content for a specific platform 62 Platforms []string 63 // AllPlatforms convert content for all platforms 64 AllPlatforms bool 65 // #endregion 66 67 // Format the output using the given Go template, e.g, 'json' 68 Format string 69 70 // #region estargz flags 71 // Estargz convert legacy tar(.gz) layers to eStargz for lazy pulling. Should be used in conjunction with '--oci' 72 Estargz bool 73 // EstargzRecordIn read 'ctr-remote optimize --record-out=<FILE>' record file (EXPERIMENTAL) 74 EstargzRecordIn string 75 // EstargzCompressionLevel eStargz compression level 76 EstargzCompressionLevel int 77 // EstargzChunkSize eStargz chunk size 78 EstargzChunkSize int 79 // EstargzMinChunkSize the minimal number of bytes of data must be written in one gzip stream. (requires stargz-snapshotter >= v0.13.0) 80 EstargzMinChunkSize int 81 // EstargzExternalToc separate TOC JSON into another image (called "TOC image"). The name of TOC image is the original + "-esgztoc" suffix. Both eStargz and the TOC image should be pushed to the same registry. (requires stargz-snapshotter >= v0.13.0) (EXPERIMENTAL) 82 EstargzExternalToc bool 83 // EstargzKeepDiffID convert to esgz without changing diffID (cannot be used in conjunction with '--estargz-record-in'. must be specified with '--estargz-external-toc') 84 EstargzKeepDiffID bool 85 // #endregion 86 87 // #region zstd flags 88 // Zstd convert legacy tar(.gz) layers to zstd. Should be used in conjunction with '--oci' 89 Zstd bool 90 // ZstdCompressionLevel zstd compression level 91 ZstdCompressionLevel int 92 // #endregion 93 94 // #region zstd:chunked flags 95 // ZstdChunked convert legacy tar(.gz) layers to zstd:chunked for lazy pulling. Should be used in conjunction with '--oci' 96 ZstdChunked bool 97 // ZstdChunkedCompressionLevel zstd compression level 98 ZstdChunkedCompressionLevel int 99 // ZstdChunkedChunkSize zstd chunk size 100 ZstdChunkedChunkSize int 101 // ZstdChunkedRecordIn read 'ctr-remote optimize --record-out=<FILE>' record file (EXPERIMENTAL) 102 ZstdChunkedRecordIn string 103 // #endregion 104 105 // #region nydus flags 106 // Nydus convert legacy tar(.gz) layers to nydus for lazy pulling. Should be used in conjunction with '--oci' 107 Nydus bool 108 // NydusBuilderPath the nydus-image binary path, if unset, search in PATH environment 109 NydusBuilderPath string 110 // NydusWorkDir work directory path for image conversion, default is the nerdctl data root directory 111 NydusWorkDir string 112 // NydusPrefetchPatterns the file path pattern list want to prefetch 113 NydusPrefetchPatterns string 114 // NydusCompressor nydus blob compression algorithm, possible values: `none`, `lz4_block`, `zstd`, default is `lz4_block` 115 NydusCompressor string 116 // #endregion 117 118 // #region overlaybd flags 119 // Overlaybd convert tar.gz layers to overlaybd layers 120 Overlaybd bool 121 // OverlayFsType filesystem type for overlaybd 122 OverlayFsType string 123 // OverlaydbDBStr database config string for overlaybd 124 OverlaydbDBStr string 125 // #endregion 126 127 } 128 129 // ImageCryptOptions specifies options for `nerdctl image encrypt` and `nerdctl image decrypt`. 130 type ImageCryptOptions struct { 131 Stdout io.Writer 132 GOptions GlobalCommandOptions 133 // Platforms convert content for a specific platform 134 Platforms []string 135 // AllPlatforms convert content for all platforms 136 AllPlatforms bool 137 // GpgHomeDir the GPG homedir to use; by default gpg uses ~/.gnupg" 138 GpgHomeDir string 139 // GpgVersion the GPG version ("v1" or "v2"), default will make an educated guess 140 GpgVersion string 141 // Keys a secret key's filename and an optional password separated by colon; 142 Keys []string 143 // DecRecipients recipient of the image; used only for PKCS7 and must be an x509 certificate 144 DecRecipients []string 145 // Recipients of the image is the person who can decrypt it in the form specified above (i.e. jwe:/path/to/pubkey) 146 Recipients []string 147 } 148 149 // ImageInspectOptions specifies options for `nerdctl image inspect`. 150 type ImageInspectOptions struct { 151 Stdout io.Writer 152 GOptions GlobalCommandOptions 153 // Mode Inspect mode, "dockercompat" for Docker-compatible output, "native" for containerd-native output 154 Mode string 155 // Format the output using the given Go template, e.g, 'json' 156 Format string 157 // Platform inspect content for a specific platform 158 Platform string 159 } 160 161 // ImagePushOptions specifies options for `nerdctl (image) push`. 162 type ImagePushOptions struct { 163 Stdout io.Writer 164 GOptions GlobalCommandOptions 165 SignOptions ImageSignOptions 166 SociOptions SociOptions 167 // Platforms convert content for a specific platform 168 Platforms []string 169 // AllPlatforms convert content for all platforms 170 AllPlatforms bool 171 172 // Estargz convert image to sStargz 173 Estargz bool 174 // IpfsEnsureImage ensure image is pushed to IPFS 175 IpfsEnsureImage bool 176 // IpfsAddress multiaddr of IPFS API (default uses $IPFS_PATH env variable if defined or local directory ~/.ipfs) 177 IpfsAddress string 178 // Suppress verbose output 179 Quiet bool 180 // AllowNondistributableArtifacts allow pushing non-distributable artifacts 181 AllowNondistributableArtifacts bool 182 } 183 184 // ImagePullOptions specifies options for `nerdctl (image) pull`. 185 type ImagePullOptions struct { 186 Stdout io.Writer 187 Stderr io.Writer 188 GOptions GlobalCommandOptions 189 VerifyOptions ImageVerifyOptions 190 // Unpack the image for the current single platform (auto/true/false) 191 Unpack string 192 // Pull content for a specific platform 193 Platform []string 194 // Pull content for all platforms 195 AllPlatforms bool 196 // Suppress verbose output 197 Quiet bool 198 // multiaddr of IPFS API (default uses $IPFS_PATH env variable if defined or local directory ~/.ipfs) 199 IPFSAddress string 200 // Flags to pass into remote snapshotters 201 RFlags imgutil.RemoteSnapshotterFlags 202 } 203 204 // ImageTagOptions specifies options for `nerdctl (image) tag`. 205 type ImageTagOptions struct { 206 // GOptions is the global options 207 GOptions GlobalCommandOptions 208 // Source is the image to be referenced. 209 Source string 210 // Target is the image to be created. 211 Target string 212 } 213 214 // ImageRemoveOptions specifies options for `nerdctl rmi` and `nerdctl image rm`. 215 type ImageRemoveOptions struct { 216 Stdout io.Writer 217 // GOptions is the global options 218 GOptions GlobalCommandOptions 219 // Force removal of the image 220 Force bool 221 // Async asynchronous mode or not 222 Async bool 223 } 224 225 // ImagePruneOptions specifies options for `nerdctl image prune` and `nerdctl image rm`. 226 type ImagePruneOptions struct { 227 Stdout io.Writer 228 // GOptions is the global options. 229 GOptions GlobalCommandOptions 230 // All Remove all unused images, not just dangling ones. 231 All bool 232 // Force will not prompt for confirmation. 233 Force bool 234 } 235 236 // ImageSaveOptions specifies options for `nerdctl (image) save`. 237 type ImageSaveOptions struct { 238 Stdout io.Writer 239 GOptions GlobalCommandOptions 240 // Export content for all platforms 241 AllPlatforms bool 242 // Export content for a specific platform 243 Platform []string 244 } 245 246 // ImageSignOptions contains options for signing an image. It contains options from 247 // all providers. The `provider` field determines which provider is used. 248 type ImageSignOptions struct { 249 // Provider used to sign the image (none|cosign|notation) 250 Provider string 251 // CosignKey Path to the private key file, KMS URI or Kubernetes Secret for --sign=cosign 252 CosignKey string 253 // NotationKeyName Signing key name for a key previously added to notation's key list for --sign=notation 254 NotationKeyName string 255 } 256 257 // ImageVerifyOptions contains options for verifying an image. It contains options from 258 // all providers. The `provider` field determines which provider is used. 259 type ImageVerifyOptions struct { 260 // Provider used to verify the image (none|cosign|notation) 261 Provider string 262 // CosignKey Path to the public key file, KMS URI or Kubernetes Secret for --verify=cosign 263 CosignKey string 264 // CosignCertificateIdentity The identity expected in a valid Fulcio certificate for --verify=cosign. Valid values include email address, DNS names, IP addresses, and URIs. Either --cosign-certificate-identity or --cosign-certificate-identity-regexp must be set for keyless flows 265 CosignCertificateIdentity string 266 // CosignCertificateIdentityRegexp A regular expression alternative to --cosign-certificate-identity for --verify=cosign. Accepts the Go regular expression syntax described at https://golang.org/s/re2syntax. Either --cosign-certificate-identity or --cosign-certificate-identity-regexp must be set for keyless flows 267 CosignCertificateIdentityRegexp string 268 // CosignCertificateOidcIssuer The OIDC issuer expected in a valid Fulcio certificate for --verify=cosign, e.g. https://token.actions.githubusercontent.com or https://oauth2.sigstore.dev/auth. Either --cosign-certificate-oidc-issuer or --cosign-certificate-oidc-issuer-regexp must be set for keyless flows 269 CosignCertificateOidcIssuer string 270 // CosignCertificateOidcIssuerRegexp A regular expression alternative to --certificate-oidc-issuer for --verify=cosign. Accepts the Go regular expression syntax described at https://golang.org/s/re2syntax. Either --cosign-certificate-oidc-issuer or --cosign-certificate-oidc-issuer-regexp must be set for keyless flows 271 CosignCertificateOidcIssuerRegexp string 272 } 273 274 // SociOptions contains options for SOCI. 275 type SociOptions struct { 276 // Span size that soci index uses to segment layer data. Default is 4 MiB. 277 SpanSize int64 278 // Minimum layer size to build zTOC for. Smaller layers won't have zTOC and not lazy pulled. Default is 10 MiB. 279 MinLayerSize int64 280 }