add oci cache

Signed-off-by: Austin Abro <[email protected]>

Author: AustinAbro321

oci/cache/cache.go

@@ -0,0 +1,159 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2024-Present Defense Unicorns
+
+// Originally taken from - https://github.com/oras-project/oras/blob/main/internal/cache/target.go
+// Ideally we can merge this behavior into the oras-go library - https://github.com/oras-project/oras-go/issues/881
+/*
+Copyright The ORAS Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package cache is used to create a ReadOnlyTarget from an existing target and an oci.Store
+package cache
+
+import (
+	"context"
+	"io"
+	"sync"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"oras.land/oras-go/v2"
+	"oras.land/oras-go/v2/content"
+	"oras.land/oras-go/v2/registry"
+)
+
+type closer func() error
+
+func (fn closer) Close() error {
+	return fn()
+}
+
+// Cache target struct.
+type target struct {
+	oras.ReadOnlyTarget
+	cache content.Storage
+}
+
+// New generates a new target storage with caching.
+func New(source oras.ReadOnlyTarget, cache content.Storage) oras.ReadOnlyTarget {
+	t := &target{
+		ReadOnlyTarget: source,
+		cache:          cache,
+	}
+	if refFetcher, ok := source.(registry.ReferenceFetcher); ok {
+		return &referenceTarget{
+			target:           t,
+			ReferenceFetcher: refFetcher,
+		}
+	}
+	return t
+}
+
+// Fetch fetches the content identified by the descriptor.
+func (t *target) Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) {
+	rc, err := t.cache.Fetch(ctx, target)
+	if err == nil {
+		// Fetch from cache
+		return rc, nil
+	}
+
+	if rc, err = t.ReadOnlyTarget.Fetch(ctx, target); err != nil {
+		return nil, err
+	}
+
+	// Fetch from origin with caching
+	return t.cacheReadCloser(ctx, rc, target), nil
+}
+
+func (t *target) cacheReadCloser(ctx context.Context, rc io.ReadCloser, target ocispec.Descriptor) io.ReadCloser {
+	pr, pw := io.Pipe()
+	var wg sync.WaitGroup
+
+	wg.Add(1)
+	var pushErr error
+	go func() {
+		defer wg.Done()
+		pushErr = t.cache.Push(ctx, target, pr)
+		if pushErr != nil {
+			pr.CloseWithError(pushErr)
+		}
+	}()
+
+	return struct {
+		io.Reader
+		io.Closer
+	}{
+		Reader: io.TeeReader(rc, pw),
+		Closer: closer(func() error {
+			rcErr := rc.Close()
+			if err := pw.Close(); err != nil {
+				return err
+			}
+			wg.Wait()
+			if pushErr != nil {
+				return pushErr
+			}
+			return rcErr
+		}),
+	}
+}
+
+// Exists returns true if the described content exists.
+func (t *target) Exists(ctx context.Context, desc ocispec.Descriptor) (bool, error) {
+	exists, err := t.cache.Exists(ctx, desc)
+	if err == nil && exists {
+		return true, nil
+	}
+	return t.ReadOnlyTarget.Exists(ctx, desc)
+}
+
+// Cache referenceTarget struct.
+type referenceTarget struct {
+	*target
+	registry.ReferenceFetcher
+}
+
+// FetchReference fetches the content identified by the reference from the
+// remote and cache the fetched content.
+// Cached content will only be read via Fetch, FetchReference will always fetch
+// From origin.
+func (t *referenceTarget) FetchReference(ctx context.Context, reference string) (ocispec.Descriptor, io.ReadCloser, error) {
+	target, rc, err := t.ReferenceFetcher.FetchReference(ctx, reference)
+	if err != nil {
+		return ocispec.Descriptor{}, nil, err
+	}
+
+	// skip caching if the content already exists in cache
+	exists, err := t.cache.Exists(ctx, target)
+	if err != nil {
+		return ocispec.Descriptor{}, nil, err
+	}
+	if exists {
+		err = rc.Close()
+		if err != nil {
+			return ocispec.Descriptor{}, nil, err
+		}
+
+		// get rc from the cache
+		rc, err = t.cache.Fetch(ctx, target)
+		if err != nil {
+			return ocispec.Descriptor{}, nil, err
+		}
+
+		// no need to do tee'd push
+		return target, rc, nil
+	}
+
+	// Fetch from origin with caching
+	return target, t.cacheReadCloser(ctx, rc, target), nil
+}

oci/common.go

@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"oras.land/oras-go/v2/content/oci"
 	"oras.land/oras-go/v2/registry"
 	"oras.land/oras-go/v2/registry/remote"
 	"oras.land/oras-go/v2/registry/remote/auth"
@@ -28,6 +29,7 @@ const (
 // OrasRemote is a wrapper around the Oras remote repository that includes a progress bar for interactive feedback.
 type OrasRemote struct {
 	repo           *remote.Repository
+	cache          *oci.Store
 	root           *Manifest
 	progTransport  *helpers.Transport
 	targetPlatform *ocispec.Platform
@@ -87,6 +89,13 @@ func WithLogger(logger *slog.Logger) Modifier {
 	}
 }
 
+// WithCache sets the cache for the remote
+func WithCache(cache *oci.Store) Modifier {
+	return func(o *OrasRemote) {
+		o.cache = cache
+	}
+}
+
 // NewOrasRemote returns an oras remote repository client and context for the given url.
 //
 // Registry auth is handled by the Docker CLI's credential store and checked before returning the client

oci/fetch.go

@@ -12,6 +12,8 @@ import (
 	"oras.land/oras-go/v2"
 	"oras.land/oras-go/v2/content"
 
+	orasCache "github.com/defenseunicorns/pkg/oci/cache"
+
 	goyaml "github.com/goccy/go-yaml"
 )
 
@@ -66,7 +68,12 @@ func (o *OrasRemote) FetchManifest(ctx context.Context, desc ocispec.Descriptor)
 
 // FetchLayer fetches the layer with the given descriptor from the remote repository.
 func (o *OrasRemote) FetchLayer(ctx context.Context, desc ocispec.Descriptor) (bytes []byte, err error) {
-	return content.FetchAll(ctx, o.repo, desc)
+	var src oras.ReadOnlyTarget
+	src = o.repo
+	if o.cache != nil {
+		src = orasCache.New(o.repo, o.cache)
+	}
+	return content.FetchAll(ctx, src, desc)
 }
 
 // FetchJSONFile fetches the given JSON file from the remote repository.

oci/pull.go

@@ -13,6 +13,8 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"oras.land/oras-go/v2"
 
+	orasCache "github.com/defenseunicorns/pkg/oci/cache"
+
 	"github.com/defenseunicorns/pkg/helpers/v2"
 )
 
@@ -68,8 +70,14 @@ func (o *OrasRemote) CopyToTarget(ctx context.Context, layers []ocispec.Descript
 
 		return oras.SkipNode
 	}
+	var src oras.ReadOnlyTarget
+	src = o.repo
+
+	if o.cache != nil {
+		src = orasCache.New(o.repo, o.cache)
+	}
 
-	_, err := oras.Copy(ctx, o.repo, o.repo.Reference.String(), target, o.repo.Reference.String(), copyOpts)
+	_, err := oras.Copy(ctx, src, o.repo.Reference.String(), target, o.repo.Reference.String(), copyOpts)
 	if err != nil {
 		return err
 	}