Add files to publish oci artifact

Signed-off-by: Manuel Morejon <manuel@mmorejon.io>

Author: mmorejon

.github/workflows/oci-publish.yml

@@ -0,0 +1,43 @@
+name: Publicar Artefacto OCI
+
+on:
+  push:
+    branches: [ "main" ]
+    # tags: [ 'v*' ] # Descomentar si quieres que se ejecute también al crear tags
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  publish-artifact:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      # 1. Download the repository code
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # 2. Configure ORAS CLI (Using the official action)
+      # https://github.com/marketplace/actions/setup-oras
+      - name: Set up ORAS
+        uses: oras-project/setup-oras@v1
+        with:
+          version: 1.2.4
+
+      # 3. Install JQ (Required to manipulate the JSON in the script)
+      - name: Install JQ (JSON Processor)
+        run: sudo apt-get update && sudo apt-get install -y jq
+
+      # 4. Login to GitHub Container Registry
+      - name: Log into GHCR
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | oras login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+
+      # 5. Execute the publish script
+      # The script will automatically read GITHUB_REPOSITORY, GITHUB_SHA, etc.
+      - name: Execute Publish Script
+        run: |
+          chmod +x publish.sh
+          ./publish.sh

files/example-1.txt

@@ -0,0 +1 @@
+ORAS was used to create the OCI artifact.

files/example-2.txt

@@ -0,0 +1,81 @@
+#!/bin/bash
+set -e
+
+# --- CONFIGURATION ---
+# Detect the repository name (user/repo)
+FULL_REPO="${GITHUB_REPOSITORY:-mmorejon/erase-una-vez-5}"
+REPO_URL="https://github.com/${FULL_REPO}"
+IMAGE="ghcr.io/$FULL_REPO"
+TAG="${GITHUB_REF_NAME:-v1}"
+SRC_DIR="./files"
+# ---------------------
+
+log_info() { echo -e "\033[1;34m[INFO]\033[0m $1"; }
+log_step() { echo -e "\033[1;33m[STEP $1]\033[0m $2"; }
+log_success() { echo -e "\033[1;32m[SUCCESS]\033[0m $1"; }
+
+log_info "Initializing OCI artifact publication sequence."
+
+# 0. Metadata Discovery
+log_step "0/5" "Gathering metadata from environment..."
+
+# 1. Prepare the data layer
+log_step "1/5" "Packaging filesystem layer from: $SRC_DIR"
+tar -czf layer.tar.gz -C "$SRC_DIR" .
+
+# Calculate the DiffID
+log_step "2/5" "Calculating data integrity checksums (DiffID)..."
+DIFF_ID=$(gzip -d -c layer.tar.gz | (sha256sum 2>/dev/null || shasum -a 256) | awk '{print $1}')
+
+# Upload the layer
+log_step "3/5" "Uploading raw data blob..."
+LAYER_DESC=$(oras blob push "$IMAGE" layer.tar.gz --descriptor)
+
+# --- BUILD FUNCTION ---
+build_arch() {
+    local ARCH=$1
+    echo "       [INFO] Processing architecture: $ARCH" >&2
+
+    # A. Config Blob
+    jq --arg arch "$ARCH" --arg diff "sha256:$DIFF_ID" \
+       '.architecture = $arch | .rootfs.diff_ids[0] = $diff' \
+       templates/config.json > "config-$ARCH.json"
+
+    local CFG_DESC=$(oras blob push "$IMAGE" "config-$ARCH.json" --descriptor)
+
+    # B. Manifest
+    jq --argjson cfg "$CFG_DESC" \
+       --argjson layer "$LAYER_DESC" \
+       --arg src "$REPO_URL" \
+       '.config.digest = $cfg.digest | .config.size = $cfg.size |
+        .layers[0].digest = $layer.digest | .layers[0].size = $layer.size |
+        .annotations["org.opencontainers.image.source"] = $src' \
+       templates/manifest.json > "manifest-$ARCH.json"
+
+    oras manifest push "$IMAGE" "manifest-$ARCH.json" --descriptor
+}
+
+# --- EXECUTION ---
+
+log_step "4/5" "Building manifests..."
+AMD_DESC=$(build_arch "amd64")
+ARM_DESC=$(build_arch "arm64")
+
+# Create Index
+log_step "5/5" "Constructing OCI Image Index..."
+jq --argjson amd "$AMD_DESC" \
+   --argjson arm "$ARM_DESC" \
+   --arg src "$REPO_URL" \
+   '.manifests[0].digest = $amd.digest | .manifests[0].size = $amd.size |
+    .manifests[1].digest = $arm.digest | .manifests[1].size = $arm.size |
+    .annotations["org.opencontainers.image.source"] = $src' \
+   templates/index.json > index_final.json
+
+log_info "Publishing final tag: $IMAGE:$TAG"
+oras manifest push "$IMAGE:$TAG" index_final.json > /dev/null
+
+# Cleanup
+rm layer.tar.gz config-*.json manifest-*.json index_final.json
+
+echo ""
+log_success "Artifact published successfully."

publish.sh

@@ -0,0 +1,8 @@
+{
+  "architecture": "__ARCH__",
+  "os": "linux",
+  "rootfs": {
+    "type": "layers",
+    "diff_ids": ["sha256:__DIFF_ID__"]
+  }
+}

templates/config.json

@@ -0,0 +1,27 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.index.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "",
+      "size": 0,
+      "platform": {
+        "architecture": "amd64",
+        "os": "linux"
+      }
+    },
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "",
+      "size": 0,
+      "platform": {
+        "architecture": "arm64",
+        "os": "linux"
+      }
+    }
+  ],
+  "annotations": {
+    "org.opencontainers.image.source": ""
+  }
+}

templates/index.json

@@ -0,0 +1,17 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "digest": "", "size": 0
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
+      "digest": "", "size": 0
+    }
+  ],
+  "annotations": {
+    "org.opencontainers.image.source": ""
+  }
+}