Fall back to OCI if Token isn't set

go.mod

@@ -33,7 +33,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1
 	github.com/gofri/go-github-ratelimit v1.1.0
 	github.com/google/go-containerregistry v0.19.0
-	github.com/google/go-github/v58 v58.0.0
+	github.com/google/go-github/v62 v62.0.0
+	github.com/jarcoal/httpmock v1.3.1
+	github.com/stretchr/testify v1.9.0
 )
 
 require (
@@ -98,6 +100,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.54.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect

go.sum

@@ -109,8 +109,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic=
 github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
-github.com/google/go-github/v58 v58.0.0 h1:Una7GGERlF/37XfkPwpzYJe0Vp4dt2k1kCjlxwjIvzw=
-github.com/google/go-github/v58 v58.0.0/go.mod h1:k4hxDKEfoWpSqFlc8LTpGd9fu2KrV1YAa6Hi6FmDNY4=
+github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4=
+github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -134,6 +134,8 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww=
+github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -158,6 +160,8 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
+github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
@@ -208,8 +212,9 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=

pkg/client/ghcr/ghcr.go

@@ -9,7 +9,6 @@ import (
 	"github.com/gofri/go-github-ratelimit/github_ratelimit"
 	"github.com/google/go-github/v62/github"
 	"github.com/jetstack/version-checker/pkg/api"
-	"github.com/jetstack/version-checker/pkg/client/util"
 )
 
 type Options struct {
@@ -32,11 +31,7 @@ func New(opts Options) *Client {
 	if err != nil {
 		panic(err)
 	}
-	client := github.NewClient(ghRateLimiter)
-	// Only add Auth Token if it is provided.
-	if len(opts.Token) > 0 {
-		client = client.WithAuthToken(opts.Token)
-	}
+	client := github.NewClient(ghRateLimiter).WithAuthToken(opts.Token)
 
 	return &Client{
 		client:     client,
@@ -52,7 +47,6 @@ func (c *Client) Name() string {
 func (c *Client) Tags(ctx context.Context, host, owner, repo string) ([]api.ImageTag, error) {
 	// Choose the correct list packages function based on whether the owner
 	// is a user or an organization
-	// getReleases := c.Client.Repositories.ListReleases(ctx, owner, repo)
 	getAllVersions := c.client.Organizations.PackageGetAllVersions
 	ownerType, err := c.ownerType(ctx, owner)
 	if err != nil {
@@ -94,7 +88,13 @@ func (c *Client) Tags(ctx context.Context, host, owner, repo string) ([]api.Imag
 
 			for _, tag := range ver.Metadata.Container.Tags {
 				// Exclude attestations, signatures and sboms
-				if util.FilterSbomAttestationSigs(tag) {
+				if strings.HasSuffix(tag, ".att") {
+					continue
+				}
+				if strings.HasSuffix(tag, ".sig") {
+					continue
+				}
+				if strings.HasSuffix(tag, ".sbom") {
 					continue
 				}
 

pkg/client/ghcr/path.go

@@ -5,6 +5,11 @@ import (
 )
 
 func (c *Client) IsHost(host string) bool {
+	// Package API requires Authentication
+	/// This forces the Client to use the fallback method
+	if c.opts.Token == "" {
+		return false
+	}
 	return host == "ghcr.io"
 }
 

pkg/client/ghcr/path_test.go

@@ -4,34 +4,52 @@ import "testing"
 
 func TestIsHost(t *testing.T) {
 	tests := map[string]struct {
+		token string
 		host  string
 		expIs bool
 	}{
-		"an empty host should be false": {
+		"an empty token should be false": {
+			token: "test-token",
+			host:  "",
+			expIs: false,
+		},
+		"an empty host and token should be false": {
+			token: "",
+			host:  "",
+			expIs: false,
+		},
+		"an empty host  should be false": {
+			token: "test-token",
 			host:  "",
 			expIs: false,
 		},
 		"random string should be false": {
+			token: "test-token",
 			host:  "foobar",
 			expIs: false,
 		},
 		"random string with dots should be false": {
+			token: "test-token",
 			host:  "foobar.foo",
 			expIs: false,
 		},
 		"just ghcr.io should be true": {
+			token: "test-token",
 			host:  "ghcr.io",
 			expIs: true,
 		},
 		"gcr.io with random sub domains should be false": {
+			token: "test-token",
 			host:  "ghcr.gcr.io",
 			expIs: false,
 		},
 		"foodghcr.io should be false": {
+			token: "test-token",
 			host:  "foodghcr.io",
 			expIs: false,
 		},
 		"ghcr.iofoo should be false": {
+			token: "test-token",
 			host:  "ghcr.iofoo",
 			expIs: false,
 		},
@@ -40,6 +58,9 @@ func TestIsHost(t *testing.T) {
 	handler := new(Client)
 	for name, test := range tests {
 		t.Run(name, func(t *testing.T) {
+			if test.token != "" {
+				handler.opts.Token = test.token
+			}
 			if isHost := handler.IsHost(test.host); isHost != test.expIs {
 				t.Errorf("%s: unexpected IsHost, exp=%t got=%t",
 					test.host, test.expIs, isHost)