| 122 | } |
| 123 | |
| 124 | func storeArtifact(ctx context.Context, store *content.Store, s *session, ref name.Reference, localRef string, img v1.Image) (string, error) { |
| 125 | digest, err := store.StoreArtifact(img, localRef) |
| 126 | if err == nil { |
| 127 | return digest, nil |
| 128 | } |
| 129 | if s.fellBack || !shouldRetryWithCredentials(err) { |
| 130 | return "", err |
| 131 | } |
| 132 | if perr := s.retryWithCredentials(); perr != nil { |
| 133 | return "", perr |
| 134 | } |
| 135 | |
| 136 | img, err = s.image(ctx, ref) |
| 137 | if err != nil { |
| 138 | return "", err |
| 139 | } |
| 140 | manifest, err := img.Manifest() |
| 141 | if err != nil { |
| 142 | return "", fmt.Errorf("getting manifest from pulled image: %w", err) |
| 143 | } |
| 144 | if !hasCagentAnnotation(manifest.Annotations) { |
| 145 | return "", fmt.Errorf("artifact %s wasn't created by `docker agent share push`\nTry to push again with `docker agent share push`", localRef) |
| 146 | } |
| 147 | return store.StoreArtifact(img, localRef) |
| 148 | } |
| 149 | |
| 150 | // session reuses a single remote.Puller across the digest check, manifest read, |
| 151 | // and layer downloads of a pull. It starts anonymous and transparently falls |