J
In our case, we're not specifically looking for Proget to add a feed type that is a generic implementation of OCI, we are asking for the existing feed types to fully support OCI image and feed standards where applicable (container images, helm charts, SBOMs, etc). At the very least, for container and helm feeds. The specific purpose of OCI is ensuring compatibility and standardization across different platforms and tools. It appears Proget is now behind nearly every other product in this regard for these artifact types. Proget at the very least should support and preserve OCI schema elements related to each feed type:
Proget Docker feeds should accept and preserve oci schema elements, example:
artifactType on descriptors if supplied (introduced in 2023)
mediaType(s): application/vnd.docker.distribution.manifest.v2+json as well as OCI Image Media Types
Proget helmchart feeds should should accept and preserve oci schema elements, example:
artifactType: application/vnd.cncf.helm.chart if supplied
application/tar+gzip when using index.yaml for classic/ existing charts
Helm OCI MediaTypes (used by default in Helm as of 3.8), or convert to OCI entirely since all of Helm is now on ArtifactHub.io (already supported by Proget as of 2024.17)
Notable container registries already supporting the Open Container Initiative image and distribution specs:
Azure Container Registry (ACR) added support 2023
Google Container Registry (GCR) transitioned to Google Artifact Registry (ACR) 2021-2024
Microsoft Container Registry (MCR) added support 2023
Amazon ECR added support 2020
GitLab Container Registry added support 2021
Artifactory added support 2023
OpenRegistry added support 2023
Docker Hub added support 2023
Zot (2020 OCI-only)
Docker desktop builds vnd.oci.image.manifest.v1+json by default now, not vnd.docker.distribution.manifest.v2
Zot only supports vnd.oci.image.manifest
OCI supports zstd and zstd:chunked. Not only is this a better compression format, which should speed up image pulls, zstd:chunked will allow container tools like Podman, Buildah and CRI-O to pull only the files that have changed in an image rather than the entire image.
Buildah, a Red Hat tool, allows building (only OCI) container images without docker daemon as a requirement
Beyond this subset of examples, it's becoming increasingly harder to find tools related to this space that haven't implemented OCI standards. Without OCI compliance in Proget container/ helm feeds, we're forced to look at other feed solutions that are keeping up with industry standards for proper tool interoperability. It seems like it would be a large win for Proget to implement OCI as a base, and extend that into the container (docker v2 images+feed schema are already OCI compatible), chart, sbom, and generic/ a (new) oci artifact feed type based on known OCI artifactType/mediaType definitions.
