---

upstreams:
  ghcr:
    url: https://ghcr.io/

tls:
  names: ["ghcr.io", "example.com"]

check:
  image: quay.io/podman/stable
  install_certs: ['tee', '-a', '/etc/ssl/certs/ca-certificates.crt']
  register_hosts:
    # redirecting ghcr.io to localhost breaks the auth-token retrieval from `https://ghcr.io/token`
    # use a different domain instead
    - example.com
  expose_fuse: true
  cmds:
    - "sudo -u podman podman run --rm example.com:${SH4D0WUP_BOUND_PORT}/kpcyrd/sh4d0wup:edge --version"

artifacts:
  manifest_upstream:
    type: url
    url: https://ghcr.io/v2/kpcyrd/sh4d0wup/manifests/edge
    oci_auth:
      url: https://ghcr.io/v2/
      scopes:
        - repository:kpcyrd/sh4d0wup:pull
    headers:
      Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json

routes:
  - path: /v2/kpcyrd/sh4d0wup/manifests/edge
    type: static
    args:
      headers:
        Content-Type: application/vnd.docker.distribution.manifest.v2+json
      artifact: manifest_upstream
  - type: proxy
    args:
      upstream: ghcr