feat(sync): use regclient for sync extension

replaced containers/image package with regclient/regclient package

Signed-off-by: Petu Eusebiu <[email protected]>

Author: eusebiu-constantin-petu-dbk

.github/workflows/branch-cov.yaml

@@ -34,7 +34,7 @@ jobs:
           cd $GITHUB_WORKSPACE
           for i in $(find . -type f \( -name "*.go" -not -name "*_test.go" -not -name "generated.go" \)); do
             echo $i;
-            gobco -test '-tags=sync,search,scrub,metrics,containers_image_openpgp' $i;
-            gobco -test '-tags=containers_image_openpgp' $i;
+            gobco -test '-tags=sync,search,scrub,metrics' $i;
+            gobco -test $i;
           done
 

.github/workflows/codeql-analysis.yml

@@ -39,7 +39,7 @@ jobs:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
     env:
       CGO_ENABLED: 0
-      GOFLAGS: "-tags=sync,search,scrub,metrics,userprefs,mgmt,imagetrust,containers_image_openpgp"
+      GOFLAGS: "-tags=sync,search,scrub,metrics,userprefs,mgmt,imagetrust"
 
     steps:
     - name: Checkout repository

.github/workflows/golangci-lint.yaml

@@ -31,7 +31,7 @@ jobs:
 
           # Optional: golangci-lint command line arguments.
           # args: --issues-exit-code=0
-          args: --config ./golangcilint.yaml --enable-all --build-tags debug,needprivileges,sync,scrub,search,userprefs,metrics,containers_image_openpgp,lint,mgmt,imagetrust ./cmd/... ./pkg/...
+          args: --config ./golangcilint.yaml --enable-all --build-tags debug,needprivileges,sync,scrub,search,userprefs,metrics,lint,mgmt,imagetrust ./cmd/... ./pkg/...
 
           # Optional: show only new issues if it's a pull request. The default value is `false`.
           # only-new-issues: true

Makefile

@@ -109,8 +109,6 @@ swaggercheck: swagger
 
 .PHONY: build-metadata
 build-metadata: $(if $(findstring ui,$(BUILD_LABELS)), ui)
-	# do not allow empty $(BUILD_TAGS) (at least add containers_image_openpgp that doesn't affect package import & files listing)
-	$(eval BUILD_TAGS=$(if $(BUILD_LABELS),$(BUILD_LABELS),containers_image_openpgp))
 	echo "Imports: \n"
 	go list -tags $(BUILD_TAGS) -f '{{ join .Imports "\n" }}' ./... | sort -u
 	echo "\n Files: \n"
@@ -164,53 +162,53 @@ gen-protobuf: check-not-freebds $(PROTOC)
 .PHONY: binary-minimal
 binary-minimal: EXTENSIONS=
 binary-minimal: modcheck build-metadata
-	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-minimal $(BUILDMODE_FLAGS) -tags containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.ReleaseTag=${RELEASE_TAG} -X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=minimal -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot
+	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-minimal $(BUILDMODE_FLAGS) -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.ReleaseTag=${RELEASE_TAG} -X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=minimal -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot
 
 .PHONY: binary
 binary: $(if $(findstring ui,$(BUILD_LABELS)), ui)
 binary: modcheck build-metadata
-	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS),containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.ReleaseTag=${RELEASE_TAG} -X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot
+	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS) -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.ReleaseTag=${RELEASE_TAG} -X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot
 
 .PHONY: binary-debug
 binary-debug: $(if $(findstring ui,$(BUILD_LABELS)), ui)
 binary-debug: modcheck swaggercheck build-metadata
-	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-debug $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS),debug,containers_image_openpgp -v -gcflags all='-N -l' -ldflags "-X zotregistry.dev/zot/pkg/api/config.ReleaseTag=${RELEASE_TAG} -X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION}" ./cmd/zot
+	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-debug $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS),debug -v -gcflags all='-N -l' -ldflags "-X zotregistry.dev/zot/pkg/api/config.ReleaseTag=${RELEASE_TAG} -X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION}" ./cmd/zot
 
 .PHONY: cli
 cli: modcheck build-metadata
-	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zli-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS),search,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zli
+	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zli-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS),search -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zli
 
 .PHONY: bench
 bench: modcheck build-metadata
-	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zb-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS),containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zb
+	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zb-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags $(BUILD_LABELS) -v -trimpath -ldflags "-X zotregistry.dev/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.dev/zot/pkg/api/config.BinaryType=$(extended-name) -X zotregistry.dev/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zb
 
 .PHONY: exporter-minimal
 exporter-minimal: EXTENSIONS=
 exporter-minimal: modcheck build-metadata
-	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zxp-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -tags containers_image_openpgp -v -trimpath ./cmd/zxp
+	env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zxp-$(OS)-$(ARCH) $(BUILDMODE_FLAGS) -v -trimpath ./cmd/zxp
 
 .PHONY: test-prereq
 test-prereq: check-skopeo $(TESTDATA) $(ORAS)
 
 .PHONY: test-extended
 test-extended: $(if $(findstring ui,$(BUILD_LABELS)), ui)
 test-extended: test-prereq
-	go test -failfast -tags $(BUILD_LABELS),containers_image_openpgp -trimpath -race -timeout 20m -cover -coverpkg ./... -coverprofile=coverage-extended.txt -covermode=atomic ./...
+	go test -failfast -tags $(BUILD_LABELS) -trimpath -race -timeout 20m -cover -coverpkg ./... -coverprofile=coverage-extended.txt -covermode=atomic ./...
 	rm -rf /tmp/getter*; rm -rf /tmp/trivy*
 
 .PHONY: test-minimal
 test-minimal: test-prereq
-	go test -failfast -tags containers_image_openpgp -trimpath -race -cover -coverpkg ./... -coverprofile=coverage-minimal.txt -covermode=atomic ./...
+	go test -failfast -trimpath -race -cover -coverpkg ./... -coverprofile=coverage-minimal.txt -covermode=atomic ./...
 	rm -rf /tmp/getter*; rm -rf /tmp/trivy*
 
 .PHONY: test-devmode
 test-devmode: $(if $(findstring ui,$(BUILD_LABELS)), ui)
 test-devmode: test-prereq
-	go test -failfast -tags dev,$(BUILD_LABELS),containers_image_openpgp -trimpath -race -timeout 15m -cover -coverpkg ./... -coverprofile=coverage-dev-extended.txt -covermode=atomic ./pkg/test/... ./pkg/api/... ./pkg/storage/... ./pkg/extensions/sync/... -run ^TestInject
+	go test -failfast -tags dev,$(BUILD_LABELS) -trimpath -race -timeout 15m -cover -coverpkg ./... -coverprofile=coverage-dev-extended.txt -covermode=atomic ./pkg/test/... ./pkg/api/... ./pkg/storage/... ./pkg/extensions/sync/... -run ^TestInject
 	rm -rf /tmp/getter*; rm -rf /tmp/trivy*
-	go test -failfast -tags dev,containers_image_openpgp -trimpath -race -cover -coverpkg ./... -coverprofile=coverage-dev-minimal.txt -covermode=atomic ./pkg/test/... ./pkg/storage/... ./pkg/extensions/sync/... -run ^TestInject
+	go test -failfast -tags dev -trimpath -race -cover -coverpkg ./... -coverprofile=coverage-dev-minimal.txt -covermode=atomic ./pkg/test/... ./pkg/storage/... ./pkg/extensions/sync/... -run ^TestInject
 	rm -rf /tmp/getter*; rm -rf /tmp/trivy*
-	go test -failfast -tags stress,$(BUILD_LABELS),containers_image_openpgp -trimpath -race -timeout 15m ./pkg/cli/server/stress_test.go
+	go test -failfast -tags stress,$(BUILD_LABELS) -trimpath -race -timeout 15m ./pkg/cli/server/stress_test.go
 
 .PHONY: test
 test: $(if $(findstring ui,$(BUILD_LABELS)), ui)
@@ -219,7 +217,7 @@ test: test-extended test-minimal test-devmode
 .PHONY: privileged-test
 privileged-test: $(if $(findstring ui,$(BUILD_LABELS)), ui)
 privileged-test: check-skopeo $(TESTDATA)
-	go test -failfast -tags needprivileges,$(BUILD_LABELS),containers_image_openpgp -trimpath -race -timeout 15m -cover -coverpkg ./... -coverprofile=coverage-dev-needprivileges.txt -covermode=atomic ./pkg/storage/local/... ./pkg/cli/client/... -run ^TestElevatedPrivileges
+	go test -failfast -tags needprivileges,$(BUILD_LABELS) -trimpath -race -timeout 15m -cover -coverpkg ./... -coverprofile=coverage-dev-needprivileges.txt -covermode=atomic ./pkg/storage/local/... ./pkg/cli/client/... -run ^TestElevatedPrivileges
 
 $(TESTDATA): check-skopeo
 	mkdir -p ${TESTDATA}; \
@@ -320,8 +318,8 @@ check-logs:
 check: $(if $(findstring ui,$(BUILD_LABELS)), ui)
 check: ./golangcilint.yaml $(GOLINTER)
 	mkdir -p pkg/extensions/build; touch pkg/extensions/build/.empty
-	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number --build-tags containers_image_openpgp ./...
-	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number --build-tags $(BUILD_LABELS),containers_image_openpgp  ./...
+	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number ./...
+	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number --build-tags $(BUILD_LABELS)  ./...
 	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number --build-tags debug  ./pkg/debug/swagger/ ./pkg/debug/gqlplayground
 	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number --build-tags dev ./pkg/test/inject/
 	$(GOLINTER) --config ./golangcilint.yaml run --enable-all --out-format=colored-line-number --build-tags stress ./pkg/cli/server/
@@ -349,7 +347,7 @@ update-licenses: check-linux
 check-licenses:
 # note: "printf" works for darwin instead of "echo -n"
 	go install github.com/google/go-licenses@latest
-	@for tag in "$(BUILD_LABELS),containers_image_openpgp" "containers_image_openpgp"; do \
+	@for tag in "$(BUILD_LABELS)"; do \
 		echo Evaluating tag: $$tag;\
 		for mod in $$(go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all); do \
 			while [ x$$mod != x ]; do \

demos/dev-getting-started.rec

@@ -265,7 +265,7 @@
 [8.458937, "i", "\r"]
 [8.459588, "o", "\r\n"]
 [8.471366, "o", "go mod tidy\r\n"]
-[8.971283, "o", "env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/zot-linux-amd64 -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
+[8.971283, "o", "env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/zot-linux-amd64 -buildmode=pie -tags extended -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
 [11.652118, "o", "\u001b[32m$ \u001b[39m"]
 [12.657831, "i", "l"]
 [12.658095, "o", "l"]

demos/multi-arch-getting-started.rec

@@ -249,7 +249,7 @@
 [7.274013, "i", "\r"]
 [7.274687, "o", "\r\n"]
 [7.28773, "o", "go mod tidy\r\n"]
-[7.814666, "o", "env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/zot-linux-amd64 -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
+[7.814666, "o", "env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/zot-linux-amd64 -buildmode=pie -tags extended -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
 [10.405138, "o", "\u001b[32m$ \u001b[39m"]
 [13.980122, "i", "l"]
 [13.980725, "o", "l"]
@@ -282,7 +282,7 @@
 [23.131551, "i", "\r"]
 [23.132194, "o", "\r\n"]
 [23.144726, "o", "go mod tidy\r\n"]
-[23.578377, "o", "env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/zot-linux-arm64 -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
+[23.578377, "o", "env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/zot-linux-arm64 -buildmode=pie -tags extended -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
 [26.263223, "o", "\u001b[32m$ \u001b[39m"]
 [28.435297, "i", "\r"]
 [28.435982, "o", "\r\n\u001b[32m$ \u001b[39m"]
@@ -291,14 +291,14 @@
 [29.525918, "i", "\r"]
 [29.526615, "o", "\r\n"]
 [29.538303, "o", "go mod tidy\r\n"]
-[30.014147, "o", "env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/zot-darwin-amd64 -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
+[30.014147, "o", "env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/zot-darwin-amd64 -buildmode=pie -tags extended -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
 [32.749036, "o", "\u001b[32m$ \u001b[39m"]
 [34.710083, "i", "make OS=darwin ARCH=arm64 binary"]
 [34.710825, "o", "make OS=darwin ARCH=arm64 binary"]
 [35.312014, "i", "\r"]
 [35.312848, "o", "\r\n"]
 [35.324987, "o", "go mod tidy\r\n"]
-[35.783444, "o", "env CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/zot-darwin-arm64 -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
+[35.783444, "o", "env CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/zot-darwin-arm64 -buildmode=pie -tags extended -v -trimpath -ldflags \"-X zotregistry.dev/zot/pkg/api/config.Commit=v1.4.0-rc3-1-ge583c2f -X zotregistry.dev/zot/pkg/api/config.BinaryType=extended -X zotregistry.dev/zot/pkg/api/config.GoVersion=go1.17.7 -s -w\" ./cmd/zot\r\n"]
 [38.84018, "o", "\u001b[32m$ \u001b[39m"]
 [40.470596, "i", "l"]
 [40.471211, "o", "l"]

examples/README.md

@@ -952,7 +952,7 @@ Configure each registry sync:
 				"onDemand": false,                  # pull any image which the local registry doesn't have
 				"pollInterval": "6h",               # polling interval, if not set then periodically polling will not run
 				"tlsVerify": true,                  # whether or not to verify tls (default is true)
-				"certDir": "/home/user/certs",      # use certificates at certDir path, if not specified then use the default certs dir
+				"certDir": "/home/user/certs",      # use certificates at certDir path similar to Docker's /etc/docker/certs.d., if not specified then use the default certs dir,
 				"maxRetries": 5,                    # maxRetries in case of temporary errors (default: no retries)
 				"retryDelay": "10m",                # delay between retries, retry options are applied for both on demand and periodically sync and retryDelay is mandatory when using maxRetries.
 				"onlySigned": true,                 # sync only signed images (either notary or cosign)
@@ -1006,5 +1006,16 @@ Configure each registry sync:
 		]
 		}
 ```
-
 Prefixes can be strings that exactly match repositories or they can be [glob](https://en.wikipedia.org/wiki/Glob_(programming)) patterns.
+
+### Sync's certDir option
+
+sync uses the same logic for reading cert directory as docker: https://docs.docker.com/engine/security/certificates/#understand-the-configuration
+sync can also read the certificates directly under certDir:
+ - ca.crt - public pem cert of registry. Root CA that signed the registry certificate, in PEM.
+ - client.cert - public pem cert for client (mTLS)
+ - client.key - public key cert for client (mTLS)
+
+### Sync's credentials
+
+Besides sync-auth.json file, zot also reads and uses docker credentials by default: https://docs.docker.com/reference/cli/docker/login/#description

examples/config-sync.json

@@ -73,10 +73,25 @@
 					],
 					"onDemand": true,
 					"tlsVerify": true,
-					"maxRetries": 6,
-					"retryDelay": "5m"
+					"maxRetries": 5,
+					"retryDelay": "30s"
+				},
+				{
+					"urls": [
+						"https://demo.goharbor.io"
+					],
+					"pollInterval": "12h",
+					"content": [
+						{
+							"prefix": "zot/**"
+						}
+					],
+					"onDemand": true,
+					"tlsVerify": true,
+					"maxRetries": 5,
+					"retryDelay": "1m"
 				}
 			]
 		}
 	}
-}
+}