diff --git a/cmd/flux/pull_artifact.go b/cmd/flux/pull_artifact.go index e87b650c..1ca4782c 100644 --- a/cmd/flux/pull_artifact.go +++ b/cmd/flux/pull_artifact.go @@ -34,25 +34,32 @@ var pullArtifactCmd = &cobra.Command{ Use: "artifact", Short: "Pull artifact", Long: `The pull artifact command downloads and extracts the OCI artifact content to the given path. -The command can read the credentials from '~/.docker/config.json' but they can also be passed with --creds. It can also login to a supported provider with the --provider flag.`, +The command can read the credentials from '~/.docker/config.json' but they can also be passed with --creds. It can also login to a supported provider with the --provider flag. + +By default the first layer of the OCI manifest is extracted; use --layer-index to select a different layer of an arbitrary OCI artifact.`, Example: ` # Pull an OCI artifact created by flux from GHCR flux pull artifact oci://ghcr.io/org/manifests/app:v0.0.1 --output ./path/to/local/manifests + + # Pull layer index 1 from an arbitrary OCI artifact + flux pull artifact oci://ghcr.io/org/charts/app:v0.0.1 --output ./path/to/local/extracted --layer-index 1 `, RunE: pullArtifactCmdRun, } type pullArtifactFlags struct { - output string - creds string - insecure bool - provider flags.SourceOCIProvider + output string + creds string + insecure bool + layerIndex int + provider flags.SourceOCIProvider } var pullArtifactArgs = newPullArtifactFlags() func newPullArtifactFlags() pullArtifactFlags { return pullArtifactFlags{ - provider: flags.SourceOCIProvider(sourcev1.GenericOCIProvider), + provider: flags.SourceOCIProvider(sourcev1.GenericOCIProvider), + layerIndex: -1, } } @@ -61,6 +68,7 @@ func init() { pullArtifactCmd.Flags().StringVar(&pullArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format [:] if --provider is generic") pullArtifactCmd.Flags().Var(&pullArtifactArgs.provider, "provider", sourceOCIRepositoryArgs.provider.Description()) pullArtifactCmd.Flags().BoolVar(&pullArtifactArgs.insecure, "insecure-registry", false, "allows artifacts to be pulled without TLS") + pullArtifactCmd.Flags().IntVar(&pullArtifactArgs.layerIndex, "layer-index", -1, "pull a specific layer of the OCI manifest by its zero-based index (default: pull the first layer)") pullCmd.AddCommand(pullArtifactCmd) } @@ -112,7 +120,13 @@ func pullArtifactCmdRun(cmd *cobra.Command, args []string) error { logger.Actionf("pulling artifact from %s", url) - meta, err := ociClient.Pull(ctx, url, pullArtifactArgs.output) + var pullOptions []oci.PullOption + if pullArtifactArgs.layerIndex >= 0 { + logger.Actionf("selecting layer index %d", pullArtifactArgs.layerIndex) + pullOptions = append(pullOptions, oci.WithPullLayerIndex(pullArtifactArgs.layerIndex)) + } + + meta, err := ociClient.Pull(ctx, url, pullArtifactArgs.output, pullOptions...) if err != nil { return err }