fix image ref keys getting squashed when containing sigs/atts (#291)

* fix image ref keys getting squashed when containing sigs/atts

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
Co-authored-by: Adam Martin <adam.martin@rancherfederal.com>

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,7 +1,7 @@
 ---
 name: Feature Request
 about: Submit a feature request for us to improve!
-title: '[RFE]'
+title: '[feature]'
 labels: 'enhancement'
 assignees: ''
 ---

.github/workflows/release.yaml

@@ -17,6 +17,11 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
       - name: Set Up Go
         uses: actions/setup-go@v5
         with:
@@ -44,6 +49,11 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
       - name: Set Up QEMU
         uses: docker/setup-qemu-action@v3
 
@@ -57,40 +67,27 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and Push to GitHub Container Registry
+      - name: Authenticate to DockerHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and Push Release Container to GitHub Container Registry
         uses: docker/build-push-action@v5
         with:
           context: .
+          target: release
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
+          tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}, docker.io/hauler/hauler:${{ github.ref_name }}
 
-  chart-release:
-    name: Chart Release Job
-    runs-on: ubuntu-latest
-    needs: [go-release]
-    timeout-minutes: 30
-    continue-on-error: true
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Build and Push Debug Container to GitHub Container Registry
+        uses: docker/build-push-action@v5
         with:
-          fetch-depth: 0
-
-      - name: Set Up Helm
-        uses: azure/setup-helm@v4
-
-      - name: Authenticate to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build Helm Chart
-        run: |
-          helm package deploy/kubernetes/helm/charts/hauler --destination deploy/kubernetes/helm/charts/hauler
-
-      - name: Push to GitHub Container Registry
-        run: |
-          helm push deploy/kubernetes/helm/charts/hauler/hauler-*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts
+          context: .
+          target: debug
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/${{ github.repository }}-debug:${{ github.ref_name }}, docker.io/hauler/hauler-debug:${{ github.ref_name }}

.github/workflows/unittest.yaml

@@ -20,6 +20,11 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
       - name: Set Up Go
         uses: actions/setup-go@v5
         with:

.goreleaser.yaml

@@ -9,6 +9,7 @@ before:
 
 release:
   prerelease: auto
+  make_latest: false
 
 env:
   - vpkg=github.com/rancherfederal/hauler/internal/version
@@ -28,7 +29,7 @@ builds:
     hooks:
       pre:
         - mkdir -p cmd/hauler/binaries
-        - wget -P cmd/hauler/binaries/ https://github.com/rancher-government-carbide/cosign/releases/download/{{ .Env.cosign_version }}/cosign-{{ .Os }}-{{ .Arch }}{{ if eq .Os "windows" }}.exe{{ end }}
+        - wget -P cmd/hauler/binaries/ https://github.com/hauler-dev/cosign/releases/download/{{ .Env.cosign_version }}/cosign-{{ .Os }}-{{ .Arch }}{{ if eq .Os "windows" }}.exe{{ end }}
       post:
         - rm -rf cmd/hauler/binaries
     env:
@@ -44,7 +45,7 @@ changelog:
 brews:
   - name: hauler
     repository:
-      owner: rancherfederal
+      owner: hauler-dev
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
     directory: Formula

Dockerfile

@@ -1,25 +1,45 @@
+# builder stage
 FROM registry.suse.com/bci/golang:1.21 AS builder
+
 RUN zypper --non-interactive install make bash wget ca-certificates
 
 COPY . /build
 WORKDIR /build
 RUN make build
 
-RUN echo "hauler:x:1001:1001::/home:" > /etc/passwd \
+RUN echo "hauler:x:1001:1001::/home/hauler:" > /etc/passwd \
 && echo "hauler:x:1001:hauler" > /etc/group \
+&& mkdir /home/hauler \
 && mkdir /store \
 && mkdir /fileserver \
 && mkdir /registry
 
-FROM scratch
+# release stage
+FROM scratch AS release
+
 COPY --from=builder /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /etc/passwd /etc/passwd
 COPY --from=builder /etc/group /etc/group
-COPY --from=builder --chown=hauler:hauler /home/. /home
+COPY --from=builder --chown=hauler:hauler /home/hauler/. /home/hauler
 COPY --from=builder --chown=hauler:hauler /tmp/. /tmp
 COPY --from=builder --chown=hauler:hauler /store/. /store
 COPY --from=builder --chown=hauler:hauler /registry/. /registry
 COPY --from=builder --chown=hauler:hauler /fileserver/. /fileserver
 COPY --from=builder --chown=hauler:hauler /build/bin/hauler /
+
 USER hauler
 ENTRYPOINT [ "/hauler" ]
+
+# debug stage
+FROM alpine AS debug
+
+COPY --from=builder /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder --chown=hauler:hauler /home/hauler/. /home/hauler
+COPY --from=builder --chown=hauler:hauler /build/bin/hauler /bin/hauler
+
+RUN apk --no-cache add curl
+
+USER hauler
+WORKDIR /home/hauler

Makefile

@@ -10,17 +10,17 @@ all: fmt vet install test
 build:
 	rm -rf cmd/hauler/binaries;\
 	mkdir -p cmd/hauler/binaries;\
-    wget -P cmd/hauler/binaries/ https://github.com/rancher-government-carbide/cosign/releases/download/$(COSIGN_VERSION)/cosign-$(shell go env GOOS)-$(shell go env GOARCH);\
+    wget -P cmd/hauler/binaries/ https://github.com/hauler-dev/cosign/releases/download/$(COSIGN_VERSION)/cosign-$(shell go env GOOS)-$(shell go env GOARCH);\
 	mkdir bin;\
 	CGO_ENABLED=0 go build -o bin ./cmd/...;\
 
 build-all: fmt vet
-	goreleaser build --rm-dist --snapshot
-	
+	goreleaser build --clean --snapshot
+
 install:
 	rm -rf cmd/hauler/binaries;\
 	mkdir -p cmd/hauler/binaries;\
-	wget -P cmd/hauler/binaries/ https://github.com/rancher-government-carbide/cosign/releases/download/$(COSIGN_VERSION)/cosign-$(shell go env GOOS)-$(shell go env GOARCH);\
+	wget -P cmd/hauler/binaries/ https://github.com/hauler-dev/cosign/releases/download/$(COSIGN_VERSION)/cosign-$(shell go env GOOS)-$(shell go env GOARCH);\
 	CGO_ENABLED=0 go install ./cmd/...;\
 
 vet:

README.md

@@ -10,7 +10,7 @@
 
 `Hauler` does this by storing contents and collections as OCI Artifacts and allows operators to serve contents and collections with an embedded registry and fileserver. Additionally, `Hauler` has the ability to store and inspect various non-image OCI Artifacts.
 
-For more information, please review the **[Hauler Documentation](https://rancherfederal.github.io/hauler-docs)!**
+For more information, please review the **[Hauler Documentation](https://hauler.dev)!**
 
 ## Installation
 
@@ -25,7 +25,7 @@ curl -sfL https://get.hauler.dev | bash
 
 ```bash
 # installs latest release
-brew tap rancherfederal/homebrew-tap
+brew tap hauler-dev/homebrew-tap
 brew install hauler
 ```
 

cmd/hauler/cli/store/serve.go

@@ -25,8 +25,7 @@ type ServeRegistryOpts struct {
 	Port       int
 	RootDir    string
 	ConfigFile string
-
-	storedir string
+	ReadOnly   bool
 }
 
 func (o *ServeRegistryOpts) AddFlags(cmd *cobra.Command) {
@@ -35,6 +34,7 @@ func (o *ServeRegistryOpts) AddFlags(cmd *cobra.Command) {
 	f.IntVarP(&o.Port, "port", "p", 5000, "Port to listen on.")
 	f.StringVar(&o.RootDir, "directory", "registry", "Directory to use for backend.  Defaults to $PWD/registry")
 	f.StringVarP(&o.ConfigFile, "config", "c", "", "Path to a config file, will override all other configs")
+	f.BoolVar(&o.ReadOnly, "readonly", true, "Run the registry as readonly.")
 }
 
 func ServeRegistryCmd(ctx context.Context, o *ServeRegistryOpts, s *store.Layout) error {
@@ -81,8 +81,6 @@ type ServeFilesOpts struct {
 	Port    int
 	Timeout int
 	RootDir string
-
-	storedir string
 }
 
 func (o *ServeFilesOpts) AddFlags(cmd *cobra.Command) {
@@ -136,9 +134,9 @@ func (o *ServeRegistryOpts) defaultRegistryConfig() *configuration.Configuration
 		Storage: configuration.Storage{
 			"cache":      configuration.Parameters{"blobdescriptor": "inmemory"},
 			"filesystem": configuration.Parameters{"rootdirectory": o.RootDir},
-
-			// TODO: Ensure this is toggleable via cli arg if necessary
-			// "maintenance": configuration.Parameters{"readonly.enabled": false},
+			"maintenance": configuration.Parameters{
+				"readonly": map[any]any{"enabled": o.ReadOnly},
+			},
 		},
 	}
 

cmd/hauler/cli/store/sync.go

@@ -40,7 +40,7 @@ func (o *SyncOpts) AddFlags(cmd *cobra.Command) {
 
 	f.StringSliceVarP(&o.ContentFiles, "files", "f", []string{}, "Path(s) to local content files (Manifests). i.e. '--files ./rke2-files.yml")
 	f.StringVarP(&o.Key, "key", "k", "", "(Optional) Path to the key for signature verification")
-	f.StringSliceVar(&o.Products, "products", []string{}, "Used for RGS Carbide customers to supply a product and version and Hauler will retrieve the images. i.e. '--product rancher=v2.7.6'")
+	f.StringSliceVar(&o.Products, "products", []string{}, "(Optional) Feature for RGS Carbide customers to fetch collections and content from the Carbide Registry. i.e. '--product rancher=v2.8.5,rke2=v1.28.11+rke2r1'")
 	f.StringVarP(&o.Platform, "platform", "p", "", "(Optional) Specific platform to save. i.e. linux/amd64. Defaults to all if flag is omitted.")
 	f.StringVarP(&o.Registry, "registry", "r", "", "(Optional) Default pull registry for image refs that are not specifying a registry name.")
 	f.StringVarP(&o.ProductRegistry, "product-registry", "c", "", "(Optional) Specific Product Registry to use. Defaults to RGS Carbide Registry (rgcrprod.azurecr.us).")

deploy/kubernetes/helm/charts/hauler/.helmignore

@@ -1,21 +0,0 @@
-# HELM IGNORE OPTIONS:
-# Patterns to ignore when building Helm packages.
-# Supports shell glob matching, relative path matching, and negation (prefixed with !)
-
-.DS_Store
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-.project
-.idea/
-*.tmproj
-.vscode/

deploy/kubernetes/helm/charts/hauler/Chart.yaml

@@ -1,7 +0,0 @@
-apiVersion: v2
-name: hauler
-description: Hauler Helm Chart - Airgap Swiss Army Knife
-icon: https://raw.githubusercontent.com/rancherfederal/hauler/main/static/rgs-hauler-logo-icon.svg
-type: application
-version: 1.0.4
-appVersion: 1.0.4

deploy/kubernetes/helm/charts/hauler/README.md

@@ -1,33 +0,0 @@
-# Hauler Helm Chart
-
-### Airgap Swiss Army Knife
-
-`Rancher Government Hauler` simplifies the airgap experience without requiring operators to adopt a specific workflow. **Hauler** simplifies the airgapping process, by representing assets (images, charts, files, etc...) as content and collections to allow operators to easily fetch, store, package, and distribute these assets with declarative manifests or through the command line.
-
-`Hauler` does this by storing contents and collections as OCI Artifacts and allows operators to serve contents and collections with an embedded registry and fileserver. Additionally, `Hauler` has the ability to store and inspect various non-image OCI Artifacts.
-
-**GitHub Repostiory:** https://github.com/rancherfederal/hauler
-
-**Documentation:** http://hauler.dev
-
----
-
-| Type        | Chart Version | App Version |
-| ----------- | ------------- | ----------- |
-| application | `1.0.4`       | `1.0.4`     |
-
-## Installing the Chart
-
-```bash
-helm install hauler hauler/hauler -n hauler-system -f values.yaml
-```
-
-```bash
-helm status hauler -n hauler-system
-```
-
-## Uninstalling the Chart
-
-```bash
-helm uninstall hauler -n hauler-system
-```

deploy/kubernetes/helm/charts/hauler/app-readme.md

@@ -1,33 +0,0 @@
-# Hauler Helm Chart
-
-### Airgap Swiss Army Knife
-
-`Rancher Government Hauler` simplifies the airgap experience without requiring operators to adopt a specific workflow. **Hauler** simplifies the airgapping process, by representing assets (images, charts, files, etc...) as content and collections to allow operators to easily fetch, store, package, and distribute these assets with declarative manifests or through the command line.
-
-`Hauler` does this by storing contents and collections as OCI Artifacts and allows operators to serve contents and collections with an embedded registry and fileserver. Additionally, `Hauler` has the ability to store and inspect various non-image OCI Artifacts.
-
-**GitHub Repostiory:** https://github.com/rancherfederal/hauler
-
-**Documentation:** http://hauler.dev
-
----
-
-| Type        | Chart Version | App Version |
-| ----------- | ------------- | ----------- |
-| application | `1.0.4`       | `1.0.4`     |
-
-## Installing the Chart
-
-```bash
-helm install hauler hauler/hauler -n hauler-system -f values.yaml
-```
-
-```bash
-helm status hauler -n hauler-system
-```
-
-## Uninstalling the Chart
-
-```bash
-helm uninstall hauler -n hauler-system
-```

deploy/kubernetes/helm/charts/hauler/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "hauler.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "hauler.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "hauler.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "hauler.labels" -}}
-helm.sh/chart: {{ include "hauler.chart" . }}
-{{ include "hauler.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "hauler.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "hauler.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "hauler.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "hauler.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-fileserver/hauler-fileserver-deployment.yaml

@@ -1,76 +0,0 @@
-{{- if .Values.haulerFileserver.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: hauler-fileserver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.haulerFileserver.replicas }}
-  selector:
-    matchLabels:
-      app: hauler-fileserver
-      {{- include "hauler.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        app: hauler-fileserver
-        {{- include "hauler.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- if or .Values.haulerJobs.hauls.enabled .Values.haulerJobs.manifests.enabled }}
-      initContainers:
-        {{- if .Values.haulerJobs.hauls.enabled }}
-        - name: wait-for-hauler-hauls-job
-          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
-          args: ["wait", "--for=condition=complete", "job", "hauler-hauls-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-        {{- end }}
-        {{- if .Values.haulerJobs.manifests.enabled }}
-        - name: wait-for-hauler-manifests-job
-          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
-          args: ["wait", "--for=condition=complete", "job", "hauler-manifests-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-        {{- end }}
-      {{- end }}
-      containers:
-        - name: hauler-fileserver
-          image: {{ .Values.hauler.image.repository }}:{{ .Values.hauler.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.imagePullPolicy }}
-          args: ["store", "serve", "fileserver", "--port", "{{ .Values.haulerFileserver.port }}"]
-          ports:
-            - containerPort: {{ .Values.haulerFileserver.port }}
-          volumeMounts:
-            - name: hauler-data
-              mountPath: /store
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-      restartPolicy: Always
-      serviceAccountName: hauler-service-account
-      volumes:
-        - name: hauler-data
-          persistentVolumeClaim:
-            claimName: hauler-data
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-fileserver/hauler-fileserver-ingress.yaml

@@ -1,27 +0,0 @@
-{{- if and .Values.haulerFileserver.enabled .Values.haulerFileserver.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: hauler-fileserver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  rules:
-  - host: {{ .Values.haulerFileserver.ingress.hostname }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: hauler-fileserver
-            port:
-              number: {{ .Values.haulerFileserver.service.ports.targetPort }}
-        path: /
-        pathType: Prefix
-  {{- if .Values.haulerFileserver.ingress.tls.enabled }}
-  tls:
-  - hosts:
-    - {{ .Values.haulerFileserver.ingress.hostname }}
-    secretName: {{ .Values.haulerFileserver.ingress.tls.secretName }}
-  {{- end }}
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-fileserver/hauler-fileserver-service.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.haulerFileserver.enabled .Values.haulerFileserver.service.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: hauler-fileserver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  selector:
-    app: hauler-fileserver
-  ports:
-    - name: hauler-fileserver
-      protocol: {{ .Values.haulerFileserver.service.ports.protocol }}
-      port: {{ .Values.haulerFileserver.service.ports.port }}
-      targetPort: {{ .Values.haulerFileserver.service.ports.targetPort }}
-  type: {{ .Values.haulerFileserver.service.type }}
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-registry/hauler-registry-deployment.yaml

@@ -1,76 +0,0 @@
-{{- if .Values.haulerRegistry.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: hauler-registry
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.haulerRegistry.replicas }}
-  selector:
-    matchLabels:
-      app: hauler-registry
-      {{- include "hauler.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        app: hauler-registry
-        {{- include "hauler.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- if or .Values.haulerJobs.hauls.enabled .Values.haulerJobs.manifests.enabled }}
-      initContainers:
-        {{- if .Values.haulerJobs.hauls.enabled }}
-        - name: wait-for-hauler-hauls-job
-          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
-          args: ["wait", "--for=condition=complete", "job", "hauler-hauls-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-        {{- end }}
-        {{- if .Values.haulerJobs.manifests.enabled }}
-        - name: wait-for-hauler-manifests-job
-          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
-          args: ["wait", "--for=condition=complete", "job", "hauler-manifests-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-        {{- end }}
-      {{- end }}
-      containers:
-        - name: hauler-registry
-          image: {{ .Values.hauler.image.repository }}:{{ .Values.hauler.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.imagePullPolicy }}
-          args: ["store", "serve", "registry", "--port", "{{ .Values.haulerRegistry.port }}"]
-          ports:
-            - containerPort: {{ .Values.haulerRegistry.port }}
-          volumeMounts:
-            - name: hauler-data
-              mountPath: /store
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-      restartPolicy: Always
-      serviceAccountName: hauler-service-account
-      volumes:
-        - name: hauler-data
-          persistentVolumeClaim:
-            claimName: hauler-data
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-registry/hauler-registry-ingress.yaml

@@ -1,28 +0,0 @@
-{{- if and .Values.haulerRegistry.enabled .Values.haulerRegistry.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: hauler-registry
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  rules:
-  - host: {{ .Values.haulerRegistry.ingress.hostname }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: hauler-registry
-            port:
-              number: {{ .Values.haulerRegistry.service.ports.targetPort }}
-        path: /
-        pathType: Prefix
-  {{- if .Values.haulerRegistry.ingress.tls.enabled }}
-  tls:
-  - hosts:
-    - {{ .Values.haulerRegistry.ingress.hostname }}
-    secretName: {{ .Values.haulerRegistry.ingress.tls.secretName }}
-  {{- end }}
-{{- end }}
-

deploy/kubernetes/helm/charts/hauler/templates/hauler-registry/hauler-registry-service.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.haulerRegistry.enabled .Values.haulerRegistry.service.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: hauler-registry
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  selector:
-    app: hauler-registry
-  ports:
-    - name: hauler-registry
-      protocol: {{ .Values.haulerRegistry.service.ports.protocol }}
-      port: {{ .Values.haulerRegistry.service.ports.port }}
-      targetPort: {{ .Values.haulerRegistry.service.ports.targetPort }}
-  type: {{ .Values.haulerRegistry.service.type }}
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler/hauler-jobs.yaml

@@ -1,126 +0,0 @@
-{{- if .Values.haulerJobs.hauls.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: hauler-hauls-job
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: hauler-fetch-hauls
-          image: {{ .Values.haulerJobs.image.repository }}:{{ .Values.haulerJobs.image.tag }}
-          imagePullPolicy: {{ .Values.haulerJobs.imagePullPolicy }}
-          command: ["/bin/sh", "-c"]
-          args:
-            - |
-              {{- range .Values.haulerJobs.hauls.artifacts }}
-              curl -o /hauls/{{ .name }} {{ .path }} &&
-              {{- end }}
-              echo hauler fetch completed
-          volumeMounts:
-            - name: hauler-data
-              mountPath: /hauls
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-      containers:
-        - name: hauler-load-hauls
-          image: {{ .Values.hauler.image.repository }}:{{ .Values.hauler.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.imagePullPolicy }}
-          args:
-            - "store"
-            - "load"
-            {{- range .Values.haulerJobs.hauls.artifacts }}
-            - "/hauls/{{ .name }}"
-            {{- end }}
-          volumeMounts:
-            - name: hauler-data
-              mountPath: /hauls
-            - name: hauler-data
-              mountPath: /store
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-      restartPolicy: OnFailure
-      volumes:
-        - name: hauler-data
-          persistentVolumeClaim:
-            claimName: hauler-data
-{{- end }}
----
-{{- if .Values.haulerJobs.manifests.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: hauler-manifests-job
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: hauler-fetch-manifests
-          image: {{ .Values.haulerJobs.image.repository }}:{{ .Values.haulerJobs.image.tag }}
-          imagePullPolicy: {{ .Values.haulerJobs.imagePullPolicy }}
-          command: ["/bin/sh", "-c"]
-          args:
-            - |
-              {{- range .Values.haulerJobs.manifests.artifacts }}
-              curl -o /manifests/{{ .name }} {{ .path }} &&
-              {{- end }}
-              echo hauler fetch completed
-          volumeMounts:
-            - name: hauler-data
-              mountPath: /manifests
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-      containers:
-        - name: hauler-load-manifests
-          image: {{ .Values.hauler.image.repository }}:{{ .Values.hauler.image.tag }}
-          imagePullPolicy: {{ .Values.hauler.imagePullPolicy }}
-          args:
-            {{- range .Values.haulerJobs.manifests.artifacts }}
-            - "store"
-            - "sync"
-            - "--files"
-            - "/manifests/{{ .name }}"
-            {{- end }}
-          volumeMounts:
-            - name: hauler-data
-              mountPath: /manifests
-            - name: hauler-data
-              mountPath: /store
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            runAsUser: 1001
-            seccompProfile:
-              type: RuntimeDefault
-      restartPolicy: OnFailure
-      volumes:
-        - name: hauler-data
-          persistentVolumeClaim:
-            claimName: hauler-data
-{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler/hauler-pvc.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: hauler-data
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-spec:
-  accessModes:
-  - {{ .Values.hauler.data.pvc.accessModes }}
-  resources:
-    requests:
-      storage: {{ .Values.hauler.data.pvc.storageRequest }}
-  {{- if .Values.hauler.data.pvc.storageClass }}
-  storageClassName: {{ .Values.hauler.data.pvc.storageClass }}
-  {{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler/hauler-rbac.yaml

@@ -1,35 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: hauler-service-account
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: hauler-role
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-rules:
-- apiGroups: ["batch"]
-  resources: ["jobs"]
-  verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: hauler-role-binding
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "hauler.labels" . | nindent 4 }}
-roleRef:
-  kind: Role
-  name: hauler-role
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: hauler-service-account
-    namespace: {{ .Release.Namespace }}

deploy/kubernetes/helm/charts/hauler/values.yaml

@@ -1,94 +0,0 @@
-# Helm Chart Values for Hauler
-# Docs: https://hauler.dev
-
-hauler:
-  image:
-    repository: ghcr.io/rancherfederal/hauler
-    tag: v1.0.4
-  imagePullPolicy: Always
-
-  initContainers:
-    image:
-      repository: rancher/kubectl
-      tag: v1.28.0 # update to your kubernetes version
-    imagePullPolicy: Always
-    timeout: 1h
-
-  data:
-    pvc:
-      accessModes: ReadWriteMany
-      storageClass: longhorn # optional... will use default storage class
-      storageRequest: 48Gi # recommended size of 3x the artifact(s)
-
-# Helm Chart Values for the Hauler Jobs
-# Docs: https://rancherfederal.github.io/hauler-docs/docs/introduction/quickstart
-
-haulerJobs:
-  image:
-    repository: rancher/shell
-    tag: v0.1.24
-  imagePullPolicy: Always
-
-  hauls:
-    enabled: true
-    artifacts:
-      - path: https://raw.githubusercontent.com/rancherfederal/hauler/main/testdata/haul.tar.zst
-        name: haul.tar.zst
-      # - path: /path/to/additional-hauls.tar.zst
-      #   name: additional-hauls.tar.zst
-
-  manifests:
-    enabled: true
-    artifacts:
-      - path: https://raw.githubusercontent.com/rancherfederal/hauler/main/testdata/hauler-manifest.yaml
-        name: hauler-manifest.yaml
-      # - path: /path/to/additional-manifests.yaml
-      #   name: additional-manifests.yaml
-
-# Helm Chart Values for the Hauler Fileserver
-# Docs: https://rancherfederal.github.io/hauler-docs/docs/guides-references/command-line/hauler-store#hauler-store-serve-fileserver
-
-haulerFileserver:
-  enabled: true
-  port: 8080 # default port for the fileserver
-  replicas: 1
-
-  ingress:
-    enabled: true
-    hostname: fileserver.ranchers.io
-    tls:
-      enabled: true
-      source: secret # only supported source
-      secretName: tls-certs # must be created outside of this chart
-
-  service:
-    enabled: true
-    type: ClusterIP
-    ports:
-      protocol: TCP
-      port: 8080 # default port for the fileserver
-      targetPort: 8080 # default port for the fileserver
-
-# Helm Chart Values for the Hauler Registry
-# Docs: https://rancherfederal.github.io/hauler-docs/docs/guides-references/command-line/hauler-store#hauler-store-serve-registry
-
-haulerRegistry:
-  enabled: true
-  port: 5000 # default port for the registry
-  replicas: 1
-
-  ingress:
-    enabled: true
-    hostname: registry.ranchers.io
-    tls:
-      enabled: true
-      source: secret # only supported source
-      secretName: tls-certs # must be created outside of this chart
-
-  service:
-    enabled: true
-    type: ClusterIP
-    ports:
-      protocol: TCP
-      port: 5000 # default port for the registry
-      targetPort: 5000 # default port for the registry

go.mod

@@ -54,7 +54,7 @@ require (
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/cli v25.0.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v25.0.5+incompatible // indirect
+	github.com/docker/docker v25.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect

go.sum

@@ -129,8 +129,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT
 github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE=
-github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg=
+github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=

install.sh

@@ -13,15 +13,23 @@
 #     - curl -sfL https://get.hauler.dev | HAULER_VERSION=1.0.0 bash
 #     - HAULER_VERSION=1.0.0 ./install.sh
 #
+#   Set Install Directory
+#     - curl -sfL https://get.hauler.dev | HAULER_INSTALL_DIR=/usr/local/bin bash
+#     - HAULER_INSTALL_DIR=/usr/local/bin ./install.sh
+#
+# Debug Usage:
+#   - curl -sfL https://get.hauler.dev | HAULER_DEBUG=true bash
+#   - HAULER_DEBUG=true ./install.sh
+#
 # Uninstall Usage:
 #   - curl -sfL https://get.hauler.dev | HAULER_UNINSTALL=true bash
 #   - HAULER_UNINSTALL=true ./install.sh
 #
 # Documentation:
 #   - https://hauler.dev
-#   - https://github.com/rancherfederal/hauler
+#   - https://github.com/hauler-dev/hauler
 
-# set functions for debugging/logging
+# set functions for logging
 function verbose {
     echo "$1"
 }
@@ -36,60 +44,87 @@ function warn {
 
 function fatal {
     echo && echo "[ERROR] Hauler: $1"
-    exit 0
+    exit 1
 }
 
-# check for required dependencies
-for cmd in sudo rm curl grep mkdir sed awk openssl tar; do
+# debug hauler from argument or environment variable
+if [ "${HAULER_DEBUG}" = "true" ]; then
+    set -x
+fi
+
+# start hauler preflight checks
+info "Starting Preflight Checks..."
+
+# check for required packages and dependencies
+for cmd in echo curl grep sed rm mkdir awk openssl tar install source; do
     if ! command -v "$cmd" &> /dev/null; then
-        fatal "$cmd is not installed"
+        fatal "$cmd is required to install Hauler"
     fi
 done
 
-# set version environment variable
-if [ -z "${HAULER_VERSION}" ]; then
-    version="${HAULER_VERSION:-$(curl -s https://api.github.com/repos/rancherfederal/hauler/releases/latest | grep '"tag_name":' | sed 's/.*"v\([^"]*\)".*/\1/')}"
-else
-    version="${HAULER_VERSION}"
+# set install directory from argument or environment variable
+HAULER_INSTALL_DIR=${HAULER_INSTALL_DIR:-/usr/local/bin}
+
+# ensure install directory exists
+if [ ! -d "${HAULER_INSTALL_DIR}" ]; then
+    mkdir -p "${HAULER_INSTALL_DIR}" || fatal "Failed to Create Install Directory: ${HAULER_INSTALL_DIR}"
 fi
 
-# set uninstall environment variable from argument or environment
+# ensure install directory is writable (by user or root privileges)
+if [ ! -w "${HAULER_INSTALL_DIR}" ]; then
+    if [ "$(id -u)" -ne 0 ]; then
+        fatal "Root privileges are required to install Hauler to Directory: ${HAULER_INSTALL_DIR}"
+    fi
+fi
+
+# uninstall hauler from argument or environment variable
 if [ "${HAULER_UNINSTALL}" = "true" ]; then
     # remove the hauler binary
-    sudo rm -f /usr/local/bin/hauler || fatal "Failed to Remove Hauler from /usr/local/bin"
+    rm -rf "${HAULER_INSTALL_DIR}/hauler" || fatal "Failed to Remove Hauler from ${HAULER_INSTALL_DIR}"
 
-    # remove the installation directory
-    rm -rf "$HOME/.hauler" || fatal "Failed to Remove Directory: $HOME/.hauler"
+    # remove the working directory
+    rm -rf "$HOME/.hauler" || fatal "Failed to Remove Hauler Directory: $HOME/.hauler"
 
-    info "Hauler Uninstalled Successfully"
+    info "Successfully Uninstalled Hauler" && echo
     exit 0
 fi
 
+# set version environment variable
+if [ -z "${HAULER_VERSION}" ]; then
+    # attempt to retrieve the latest version from GitHub
+    HAULER_VERSION=$(curl -s https://api.github.com/repos/hauler-dev/hauler/releases/latest | grep '"tag_name":' | sed 's/.*"v\([^"]*\)".*/\1/')
+
+    # exit if the version could not be detected
+    if [ -z "${HAULER_VERSION}" ]; then
+        fatal "HAULER_VERSION is unable to be detected and/or retrieved from GitHub"
+    fi
+fi
+
 # detect the operating system
-platform=$(uname -s | tr '[:upper:]' '[:lower:]')
-case $platform in
+PLATFORM=$(uname -s | tr '[:upper:]' '[:lower:]')
+case $PLATFORM in
     linux)
-        platform="linux"
+        PLATFORM="linux"
         ;;
     darwin)
-        platform="darwin"
+        PLATFORM="darwin"
         ;;
     *)
-        fatal "Unsupported Platform: $platform"
+        fatal "Unsupported Platform: $PLATFORM"
         ;;
 esac
 
 # detect the architecture
-arch=$(uname -m)
-case $arch in
+ARCH=$(uname -m)
+case $ARCH in
     x86_64 | x86-32 | x64 | x32 | amd64)
-        arch="amd64"
+        ARCH="amd64"
         ;;
     aarch64 | arm64)
-        arch="arm64"
+        ARCH="arm64"
         ;;
     *)
-        fatal "Unsupported Architecture: $arch"
+        fatal "Unsupported Architecture: $ARCH"
         ;;
 esac
 
@@ -97,85 +132,84 @@ esac
 info "Starting Installation..."
 
 # display the version, platform, and architecture
-verbose "- Version: v$version"
-verbose "- Platform: $platform"
-verbose "- Architecture: $arch"
+verbose "- Version: v${HAULER_VERSION}"
+verbose "- Platform: $PLATFORM"
+verbose "- Architecture: $ARCH"
+verbose "- Install Directory: ${HAULER_INSTALL_DIR}"
 
-# check if install directory exists, create it if not
+# check working directory and/or create it
 if [ ! -d "$HOME/.hauler" ]; then
-    mkdir -p "$HOME/.hauler" || fatal "Failed to Create Directory: ~/.hauler"
+    mkdir -p "$HOME/.hauler" || fatal "Failed to Create Directory: $HOME/.hauler"
 fi
 
-# change to install directory
-cd "$HOME/.hauler" || fatal "Failed to Change Directory: ~/.hauler"
+# update permissions of working directory
+chmod -R 777 "$HOME/.hauler" || fatal "Failed to Update Permissions of Directory: $HOME/.hauler"
+
+# change to working directory
+cd "$HOME/.hauler" || fatal "Failed to Change Directory: $HOME/.hauler"
+
+# start hauler artifacts download
+info "Starting Download..."
 
 # download the checksum file
-if ! curl -sfOL "https://github.com/rancherfederal/hauler/releases/download/v${version}/hauler_${version}_checksums.txt"; then
-    fatal "Failed to Download: hauler_${version}_checksums.txt"
+if ! curl -sfOL "https://github.com/hauler-dev/hauler/releases/download/v${HAULER_VERSION}/hauler_${HAULER_VERSION}_checksums.txt"; then
+    fatal "Failed to Download: hauler_${HAULER_VERSION}_checksums.txt"
 fi
 
 # download the archive file
-if ! curl -sfOL "https://github.com/rancherfederal/hauler/releases/download/v${version}/hauler_${version}_${platform}_${arch}.tar.gz"; then
-    fatal "Failed to Download: hauler_${version}_${platform}_${arch}.tar.gz"
+if ! curl -sfOL "https://github.com/hauler-dev/hauler/releases/download/v${HAULER_VERSION}/hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz"; then
+    fatal "Failed to Download: hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz"
 fi
 
 # start hauler checksum verification
 info "Starting Checksum Verification..."
 
 # verify the Hauler checksum
-expected_checksum=$(awk -v version="$version" -v platform="$platform" -v arch="$arch" '$2 == "hauler_"version"_"platform"_"arch".tar.gz" {print $1}' "hauler_${version}_checksums.txt")
-determined_checksum=$(openssl dgst -sha256 "hauler_${version}_${platform}_${arch}.tar.gz" | awk '{print $2}')
+EXPECTED_CHECKSUM=$(awk -v HAULER_VERSION="${HAULER_VERSION}" -v PLATFORM="${PLATFORM}" -v ARCH="${ARCH}" '$2 == "hauler_"HAULER_VERSION"_"PLATFORM"_"ARCH".tar.gz" {print $1}' "hauler_${HAULER_VERSION}_checksums.txt")
+DETERMINED_CHECKSUM=$(openssl dgst -sha256 "hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz" | awk '{print $2}')
 
-if [ -z "$expected_checksum" ]; then
-    fatal "Failed to Locate Checksum: hauler_${version}_${platform}_${arch}.tar.gz"
-elif [ "$determined_checksum" = "$expected_checksum" ]; then
-    verbose "- Expected Checksum: $expected_checksum"
-    verbose "- Determined Checksum: $determined_checksum"
-    verbose "- Successfully Verified Checksum: hauler_${version}_${platform}_${arch}.tar.gz"
+if [ -z "${EXPECTED_CHECKSUM}" ]; then
+    fatal "Failed to Locate Checksum: hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz"
+elif [ "${DETERMINED_CHECKSUM}" = "${EXPECTED_CHECKSUM}" ]; then
+    verbose "- Expected Checksum: ${EXPECTED_CHECKSUM}"
+    verbose "- Determined Checksum: ${DETERMINED_CHECKSUM}"
+    verbose "- Successfully Verified Checksum: hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz"
 else
-    verbose "- Expected: $expected_checksum"
-    verbose "- Determined: $determined_checksum"
-    fatal "Failed Checksum Verification: hauler_${version}_${platform}_${arch}.tar.gz"
+    verbose "- Expected: ${EXPECTED_CHECKSUM}"
+    verbose "- Determined: ${DETERMINED_CHECKSUM}"
+    fatal "Failed Checksum Verification: hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz"
 fi
 
-# uncompress the archive
-tar -xzf "hauler_${version}_${platform}_${arch}.tar.gz" || fatal "Failed to Extract: hauler_${version}_${platform}_${arch}.tar.gz"
+# uncompress the hauler archive
+tar -xzf "hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz" || fatal "Failed to Extract: hauler_${HAULER_VERSION}_${PLATFORM}_${ARCH}.tar.gz"
 
-# install the binary
-case "$platform" in
-    linux)
-        sudo install -m 755 hauler /usr/local/bin || fatal "Failed to Install Hauler to /usr/local/bin"
-        ;;
-    darwin)
-        sudo install -m 755 hauler /usr/local/bin || fatal "Failed to Install Hauler to /usr/local/bin"
-        ;;
-    *)
-        fatal "Unsupported Platform or Architecture: $platform/$arch"
-        ;;
-esac
+# install the hauler binary
+install -m 755 hauler "${HAULER_INSTALL_DIR}" || fatal "Failed to Install Hauler: ${HAULER_INSTALL_DIR}"
 
 # add hauler to the path
-if [ -f "$HOME/.bashrc" ]; then
-    echo "export PATH=$PATH:/usr/local/bin/" >> "$HOME/.bashrc"
-    source "$HOME/.bashrc"
-elif [ -f "$HOME/.bash_profile" ]; then
-    echo "export PATH=$PATH:/usr/local/bin/" >> "$HOME/.bash_profile"
-    source "$HOME/.bash_profile"
-elif [ -f "$HOME/.zshrc" ]; then
-    echo "export PATH=$PATH:/usr/local/bin/" >> "$HOME/.zshrc"
-    source "$HOME/.zshrc"
-elif [ -f "$HOME/.profile" ]; then
-    echo "export PATH=$PATH:/usr/local/bin/" >> "$HOME/.profile"
-    source "$HOME/.profile"
-else
-    echo "Failed to add /usr/local/bin to PATH: Unsupported Shell"
+if [[ ":$PATH:" != *":${HAULER_INSTALL_DIR}:"* ]]; then
+    if [ -f "$HOME/.bashrc" ]; then
+        echo "export PATH=\$PATH:${HAULER_INSTALL_DIR}" >> "$HOME/.bashrc"
+        source "$HOME/.bashrc"
+    elif [ -f "$HOME/.bash_profile" ]; then
+        echo "export PATH=\$PATH:${HAULER_INSTALL_DIR}" >> "$HOME/.bash_profile"
+        source "$HOME/.bash_profile"
+    elif [ -f "$HOME/.zshrc" ]; then
+        echo "export PATH=\$PATH:${HAULER_INSTALL_DIR}" >> "$HOME/.zshrc"
+        source "$HOME/.zshrc"
+    elif [ -f "$HOME/.profile" ]; then
+        echo "export PATH=\$PATH:${HAULER_INSTALL_DIR}" >> "$HOME/.profile"
+        source "$HOME/.profile"
+    else
+        warn "Failed to add ${HAULER_INSTALL_DIR} to PATH: Unsupported Shell"
+    fi
 fi
 
 # display success message
-info "Successfully Installed at /usr/local/bin/hauler"
+info "Successfully Installed Hauler at ${HAULER_INSTALL_DIR}/hauler"
 
 # display availability message
-verbose "- Hauler v${version} is now available for use!"
+info "Hauler v${HAULER_VERSION} is now available for use!"
 
 # display hauler docs message
 verbose "- Documentation: https://hauler.dev" && echo

pkg/content/oci.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/google/go-containerregistry/pkg/name"
 	"io"
 	"os"
 	"path/filepath"
@@ -19,6 +20,7 @@ import (
 	"oras.land/oras-go/pkg/target"
 
 	"github.com/rancherfederal/hauler/pkg/consts"
+	"github.com/rancherfederal/hauler/pkg/reference"
 )
 
 var _ target.Target = (*OCI)(nil)
@@ -44,8 +46,20 @@ func (o *OCI) AddIndex(desc ocispec.Descriptor) error {
 	if _, ok := desc.Annotations[ocispec.AnnotationRefName]; !ok {
 		return fmt.Errorf("descriptor must contain a reference from the annotation: %s", ocispec.AnnotationRefName)
 	}
-	key := fmt.Sprintf("%s-%s-%s", desc.Digest.String(), desc.Annotations[ocispec.AnnotationRefName], desc.Annotations[consts.KindAnnotationName])
-	o.nameMap.Store(key, desc)
+
+	key, err := reference.Parse(desc.Annotations[ocispec.AnnotationRefName])
+	if err != nil {
+		return err
+	}
+
+	if strings.TrimSpace(key.String()) != "--" {
+		switch key.(type) {
+		case name.Digest:
+			o.nameMap.Store(fmt.Sprintf("%s-%s", key.Context().String(), desc.Annotations[consts.KindAnnotationName]), desc)
+		case name.Tag:
+			o.nameMap.Store(fmt.Sprintf("%s-%s", key.String(), desc.Annotations[consts.KindAnnotationName]), desc)
+		}
+	}
 	return o.SaveIndex()
 }
 
@@ -71,11 +85,21 @@ func (o *OCI) LoadIndex() error {
 	}
 
 	for _, desc := range o.index.Manifests {
-		key := fmt.Sprintf("%s-%s-%s", desc.Digest.String(), desc.Annotations[ocispec.AnnotationRefName], desc.Annotations[consts.KindAnnotationName])
-		if strings.TrimSpace(key) != "--" {
-			o.nameMap.Store(key, desc)
+		key, err := reference.Parse(desc.Annotations[ocispec.AnnotationRefName])
+		if err != nil {
+			return err
+		}
+
+		if strings.TrimSpace(key.String()) != "--" {
+			switch key.(type) {
+			case name.Digest:
+				o.nameMap.Store(fmt.Sprintf("%s-%s", key.Context().String(), desc.Annotations[consts.KindAnnotationName]), desc)
+			case name.Tag:
+				o.nameMap.Store(fmt.Sprintf("%s-%s", key.String(), desc.Annotations[consts.KindAnnotationName]), desc)
+			}
 		}
 	}
+
 	return nil
 }
 
@@ -179,9 +203,11 @@ func (o *OCI) Pusher(ctx context.Context, ref string) (remotes.Pusher, error) {
 	var baseRef, hash string
 	parts := strings.SplitN(ref, "@", 2)
 	baseRef = parts[0]
+
 	if len(parts) > 1 {
 		hash = parts[1]
 	}
+
 	return &ociPusher{
 		oci:    o,
 		ref:    baseRef,