Goal
Promote ferro-oci-server from v0.0.x (alpha) → v0.1.0 (beta)
once it passes the upstream
opencontainers/distribution-spec conformance test suite
end-to-end.
What we have today
tests/conformance_smoke.rs — internal smoke harness that
exercises every endpoint pair (start upload → chunked PATCH →
finalize PUT → blob HEAD/GET → manifest PUT-by-tag → manifest
GET-by-digest → referrers GET → tag list → catalog → delete).- 67 tests pass (42 unit + 3 + 22 integration smoke).
- The error path for §6.2 OCI error codes is exercised but only
on the variants we hit in the smoke walks.
What's missing
The official conformance harness is a Go-based runner that drives
a registry over real HTTP and asserts on a much larger surface
than our smoke tests. Vendoring it in is a multi-step task:
- Decide vendor strategy: git submodule into
vendor/oci-distribution-spec/,
or pull tagged tarball into a CI-only path. (Submodule preferred —
pinned to a release tag, easy to bump.)
- Add a CI job that:
- boots
cargo run --example minimal_registry (which does not
yet exist — also part of this issue, see [TODO]) on a known
port,
- runs the conformance harness against
http://127.0.0.1:<port>,
- parses the harness output and surfaces failures into the GH
Actions log.
- Triage the first run's failures into either crate-side fixes,
harness configuration, or known-incompatibilities (with tracking
issues per case).
- Promote to
v0.1.0 once the conformance run is fully green.
Out of scope for this issue
- Persistent metadata backend (SQLite / Postgres) — separate issue.
- Authentication trait — separate issue.
- Sigstore / SLSA / TUF / cosign integration — separate crates.
TODOs spawned by this
References
Goal
Promote
ferro-oci-serverfromv0.0.x(alpha) →v0.1.0(beta)once it passes the upstream
opencontainers/distribution-specconformance test suiteend-to-end.
What we have today
tests/conformance_smoke.rs— internal smoke harness thatexercises every endpoint pair (start upload → chunked PATCH →
finalize PUT → blob HEAD/GET → manifest PUT-by-tag → manifest
GET-by-digest → referrers GET → tag list → catalog → delete).
on the variants we hit in the smoke walks.
What's missing
The official conformance harness is a Go-based runner that drives
a registry over real HTTP and asserts on a much larger surface
than our smoke tests. Vendoring it in is a multi-step task:
vendor/oci-distribution-spec/,or pull tagged tarball into a CI-only path. (Submodule preferred —
pinned to a release tag, easy to bump.)
cargo run --example minimal_registry(which does notyet exist — also part of this issue, see [TODO]) on a known
port,
http://127.0.0.1:<port>,Actions log.
harness configuration, or known-incompatibilities (with tracking
issues per case).
v0.1.0once the conformance run is fully green.Out of scope for this issue
TODOs spawned by this
examples/minimal_registry.rsso the conformance harnesshas something to run.
.github/workflows/oci-conformance.yml.v0.1.0once the run is green.References
https://github.com/distribution/distribution