Merge branch 'update-registry-image-schema' of github.com:LukeBalizet/sts4 into LukeBalizet-update-registry-image-schema

Author: kdvolder

headless-services/concourse-language-server/src/main/java/org/springframework/ide/vscode/concourse/PipelineYmlSchema.java

@@ -62,6 +62,7 @@
 
 /**
  * @author Kris De Volder
+ * @author LukeBalizet
  */
 public class PipelineYmlSchema implements YamlSchema {
 
@@ -674,10 +675,27 @@ private void initializeDefaultResourceTypes() {
 		{
 			AbstractType source = f.ybean("RegistryImageSource");
 			addProp(source, "repository", t_ne_string).isPrimary(true);
+			addProp(source, "insecure", t_boolean);
 			addProp(source, "tag", t_ne_string);
+			addProp(source, "variant", t_ne_string);
+			addProp(source, "semver_constraint", t_ne_string);
 			addProp(source, "username", t_ne_string);
 			addProp(source, "password", t_ne_string);
+			addProp(source, "aws_access_key_id", t_ne_string);
+			addProp(source, "aws_secret_access_key", t_ne_string);
+			addProp(source, "aws_session_token", t_ne_string);
+			addProp(source, "aws_region", t_ne_string);
+			addProp(source, "aws_role_arn", t_ne_string);
+			addProp(source, "aws_role_arns", t_strings);
 			addProp(source, "debug", t_boolean);
+			{
+				AbstractType registry_mirror = f.ybean("RegistryMirror");
+				addProp(registry_mirror, "host", t_ne_string).isPrimary(true);
+				addProp(registry_mirror, "username", t_ne_string);
+				addProp(registry_mirror, "password", t_ne_string);
+
+				addProp(source, "registry_mirror", registry_mirror);
+			}
 			{
 				AbstractType contentTrust = f.ybean("RegistryImageContentTrust");
 				addProp(contentTrust, "server", t_ne_string);
@@ -689,13 +707,16 @@ private void initializeDefaultResourceTypes() {
 
 				addProp(source, "content_trust", contentTrust);
 			}
+			addProp(source, "ca_certs", t_strings);
 
 			AbstractType get = f.ybean("RegistryImageGetParams");
 			addProp(get, "format", f.yenum("RegistryImageFormat", "rootfs", "oci"));
 			addProp(get, "skip_download", t_boolean);
 
 			AbstractType put = f.ybean("RegistryImagePutParams");
 			addProp(put, "image", t_ne_string).isPrimary(true);
+			addProp(put, "version", t_ne_string);
+			addProp(get, "bump_aliases", t_boolean);
 			addProp(put, "additional_tags", t_ne_string);
 
 			resourceTypes.def("registry-image", source, get, put);

headless-services/concourse-language-server/src/main/resources/desc/RegistryImagePutParams/bump_aliases.md

@@ -0,0 +1,11 @@
+*Optional. Default `false`.* When set to `true` and `version` is specified
+automatically bump alias tags for the version. For example, when pushing version
+`1.2.3`, push the same image to the following tags:
+- `1.2`, if 1.2.3 is the latest version of 1.2.x.
+- `1`, if 1.2.3 is the latest version of 1.x.
+- `latest`, if 1.2.3 is the latest version overall.
+
+If `variant` is configured as `foo`, push the same image to the following tags:
+- `1.2-foo`, if 1.2.3 is the latest version of 1.2.x with `foo`.
+- `1-foo`, if 1.2.3 is the latest version of 1.x with `foo`.
+- `foo`, if 1.2.3 is the latest version overall for `foo`

headless-services/concourse-language-server/src/main/resources/desc/RegistryImagePutParams/version.md

@@ -0,0 +1 @@
+*Optional.* A version number to use as a tag.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_access_key_id.md

@@ -0,0 +1 @@
+*Optional*. The access key ID to use for authenticating with ECR.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_region.md

@@ -0,0 +1,4 @@
+*Optional*. The region to use for
+  accessing ECR. This is required if you are using ECR. This region
+  will help determine the full repository URL you are accessing
+  (e.g., `012345678910.dkr.ecr.us-east-1.amazonaws.com`)

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_role_arn.md

@@ -0,0 +1,3 @@
+*Optional*. If set, then this role will
+  be assumed before authenticating to ECR. An error will occur if
+  `aws_role_arns` is also specified. This is kept for backward compatibility.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_role_arns.md

@@ -0,0 +1,4 @@
+*Optional*. An array of AWS IAM roles.
+  If set, these roles will be assumed in the specified order before
+  authenticating to ECR. An error will occur if `aws_role_arn`
+  is also specified.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_secret_access_key .md

@@ -0,0 +1 @@
+*Optional*. The secret access key to use for authenticating with ECR.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/aws_session_token.md

@@ -0,0 +1,2 @@
+*Optional*. The session token to use for authenticating with
+  STS credentials with ECR.

headless-services/concourse-language-server/src/main/resources/desc/RegistryImageSource/ca_certs.md

@@ -0,0 +1,15 @@
+*Optional*. An array of PEM-encoded CA certificates. Example:
+```yaml
+ca_certs:
+- |
+  -----BEGIN CERTIFICATE-----
+  ...
+  -----END CERTIFICATE-----
+- |
+  -----BEGIN CERTIFICATE-----
+  ...
+  -----END CERTIFICATE-----
+``` 
+Each entry specifies the x509 CA certificate for the trusted docker registry.
+This is used to validate the certificate of the docker registry when the
+registry's certificate is signed by a custom authority (or itself).