chore: update docker-credential-gcr to use v2 (#3026)

deploy/Dockerfile

@@ -41,7 +41,7 @@ COPY . .
 # Then submit a PR with the changes to `go.mod`, `go.sum`, and `vendor`.
 
 # Get GCR credential helper
-RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr
+RUN go install github.com/GoogleCloudPlatform/docker-credential-gcr/v2
 
 # Get Amazon ECR credential helper
 RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login

go.mod

@@ -1,6 +1,6 @@
 module github.com/GoogleContainerTools/kaniko
 
-go 1.19
+go 1.21
 
 require (
 	cloud.google.com/go/storage v1.38.0
@@ -156,6 +156,7 @@ require (
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
+	github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22 // indirect
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.5 // indirect

go.sum

@@ -55,6 +55,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.1-0.20230328182921-62afb2723512 h1:cauzkEqKnOXwl0L5futNq6BbWWtIRPfJtwDDulac6A8=
 github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.1-0.20230328182921-62afb2723512/go.mod h1:6u40niDQl1ufFtykax72lx+pcIO67AoUSu9ebOzdA8Q=
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22 h1:HevuUpLsTedep2D6wnIp6AAJbVgP0BiVxaMt3HXeOyA=
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22/go.mod h1:nzCpg7DFIIkQIZB3mdUPXVvqQ5f/GahA6xgWXTjnK7w=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=

tools/tools.go

@@ -22,7 +22,7 @@ package tools
 // dependencies https://github.com/golang/go/issues/48332
 // These are placeholder imports the make go mod include these tools in its dependency graph.
 import (
-	_ "github.com/GoogleCloudPlatform/docker-credential-gcr"
+	_ "github.com/GoogleCloudPlatform/docker-credential-gcr/v2"
 	_ "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login"
 	_ "github.com/chrismellard/docker-credential-acr-env"
 )

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/BUILD

@@ -19,7 +19,7 @@ gazelle(
 go_library(
     name = "go_default_library",
     srcs = ["main.go"],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2",
     visibility = ["//visibility:private"],
     deps = [
         "//cli:go_default_library",

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/README.md

@@ -57,7 +57,7 @@ The program in this repository is written with the Go programming language and c
 You can download the source code, compile the binary, and put it in your `$GOPATH` with `go get`.
 
 ```shell
-go get -u github.com/GoogleCloudPlatform/docker-credential-gcr
+go get -u github.com/GoogleCloudPlatform/docker-credential-gcr/v2
 ```
 
 If `$GOPATH/bin` is in your system `$PATH`, this will also automatically install the compiled binary. You can confirm using `which docker-credential-gcr` and continue to the [section on Configuration and Usage](#configuration-and-usage).

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth/BUILD

@@ -3,7 +3,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 go_library(
     name = "go_default_library",
     srcs = ["login.go"],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/auth",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth",
     visibility = ["//visibility:public"],
     deps = [
         "//config:go_default_library",

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth/login.go

@@ -31,7 +31,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
 	"github.com/toqueteos/webbrowser"
 	"golang.org/x/oauth2"
 )

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/BUILD

@@ -12,7 +12,7 @@ go_library(
         "gcr-logout.go",
         "version.go",
     ],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/cli",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli",
     visibility = ["//visibility:public"],
     deps = [
         "//auth:go_default_library",

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/clear.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store"
 	"github.com/google/subcommands"
 )
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/config.go

@@ -22,7 +22,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
 	"github.com/google/subcommands"
 )
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/configure-docker.go

@@ -24,7 +24,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
 	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/google/subcommands"

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/dockerHelper.go

@@ -20,9 +20,9 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/credhelper"
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store"
 	"github.com/docker/docker-credential-helpers/credentials"
 	"github.com/google/subcommands"
 )

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/gcr-login.go

@@ -20,8 +20,8 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/auth"
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store"
 	"github.com/google/subcommands"
 )
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/gcr-logout.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store"
 	"github.com/google/subcommands"
 )
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli/version.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
 	"github.com/google/subcommands"
 )
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/BUILD

@@ -6,7 +6,7 @@ go_library(
         "const.go",
         "file.go",
     ],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/config",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config",
     visibility = ["//visibility:public"],
     deps = [
         "//util:go_default_library",

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/const.go

@@ -18,6 +18,7 @@ package config
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"runtime/debug"
 	"strings"
 
@@ -37,18 +38,23 @@ const (
 )
 
 // Version can be set via:
-// -ldflags="-X 'github.com/GoogleCloudPlatform/docker-credential-gcr/config.Version=$TAG'"
+// -ldflags="-X 'github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config.Version=$TAG'"
 var Version string
 
 func init() {
 	if Version == "" {
-		i, ok := debug.ReadBuildInfo()
-		if !ok {
-			return
-		}
+		if i, ok := debug.ReadBuildInfo(); ok {
 			Version = i.Main.Version
 		}
 	}
+	Version = strings.TrimPrefix(Version, "v")
+	re := regexp.MustCompile(`^[0-9]+(?:[\._][0-9]+)*$`)
+	if re.MatchString(Version) {
+		GcrOAuth2Username = fmt.Sprintf("_dcgcr_%s_token", strings.ReplaceAll(Version, ".", "_"))
+	} else {
+		GcrOAuth2Username = "_dcgcr_0_0_0_token"
+	}
+}
 
 // DefaultGCRRegistries contains the list of default registries to authenticate for.
 var DefaultGCRRegistries = [...]string{
@@ -63,6 +69,7 @@ var DefaultGCRRegistries = [...]string{
 // Registry.  If the --include-artifact-registry flag is supplied then these
 // are added in addition to the GCR Registries.
 var DefaultARRegistries = [...]string{
+	"africa-south1-docker.pkg.dev",
 	"asia-docker.pkg.dev",
 	"asia-east1-docker.pkg.dev",
 	"asia-east2-docker.pkg.dev",
@@ -86,8 +93,11 @@ var DefaultARRegistries = [...]string{
 	"europe-west6-docker.pkg.dev",
 	"europe-west8-docker.pkg.dev",
 	"europe-west9-docker.pkg.dev",
+	"europe-west10-docker.pkg.dev",
 	"europe-west12-docker.pkg.dev",
 	"me-central1-docker.pkg.dev",
+	"me-central2-docker.pkg.dev",
+	"docker.me-central2.rep.pkg.dev",
 	"me-west1-docker.pkg.dev",
 	"northamerica-northeast1-docker.pkg.dev",
 	"northamerica-northeast2-docker.pkg.dev",
@@ -103,6 +113,7 @@ var DefaultARRegistries = [...]string{
 	"us-west2-docker.pkg.dev",
 	"us-west3-docker.pkg.dev",
 	"us-west4-docker.pkg.dev",
+	"us-west8-docker.pkg.dev",
 }
 
 // SupportedGCRTokenSources maps config keys to plain english explanations for
@@ -124,4 +135,4 @@ var GCRScopes = []string{"https://www.googleapis.com/auth/devstorage.read_write"
 var OAuthHTTPContext = context.Background()
 
 // GcrOAuth2Username is the Basic auth username accompanying Docker requests to GCR.
-var GcrOAuth2Username = fmt.Sprintf("_dcgcr_%s_token", strings.ReplaceAll(Version, ".", "_"))
+var GcrOAuth2Username string

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/file.go

@@ -21,7 +21,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/util"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util"
 )
 
 const (

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper/BUILD

@@ -3,7 +3,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 go_library(
     name = "go_default_library",
     srcs = ["helper.go"],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/credhelper",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper",
     visibility = ["//visibility:public"],
     deps = [
         "//config:go_default_library",

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper/helper.go

@@ -19,15 +19,19 @@ for GCR authentication.
 package credhelper
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
+	"os"
 	"strings"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/store"
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/util/cmd"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util/cmd"
 	"github.com/docker/docker-credential-helpers/credentials"
 
+	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 )
 
@@ -81,9 +85,36 @@ func (ch *gcrCredHelper) Get(serverURL string) (string, string, error) {
 
 func (ch *gcrCredHelper) gcrCreds() (string, string, error) {
 	accessToken, err := ch.getGCRAccessToken()
+	if err != nil {
+		if rerr, ok := err.(*oauth2.RetrieveError); ok {
+			var resp struct {
+				Error        string `json:"error"`
+				ErrorSubtype string `json:"error_subtype"`
+			}
+			if err := json.Unmarshal(rerr.Body, &resp); err == nil &&
+				resp.Error == "invalid_grant" &&
+				resp.ErrorSubtype == "invalid_rapt" {
+				fmt.Fprintln(os.Stderr, "Reauth required; opening a browser to proceed...")
+				tok, err := (&auth.GCRLoginAgent{}).PerformLogin()
+				if err != nil {
+					return "", "", fmt.Errorf("unable to authenticate user: %v", err)
+				}
+				if err = ch.store.SetGCRAuth(tok); err != nil {
+					return "", "", fmt.Errorf("unable to persist access token: %v", err)
+				}
+				fmt.Fprintln(os.Stderr, "Reauth successful!")
+				// Attempt the refresh dance again, using the new token.
+				if accessToken, err := ch.getGCRAccessToken(); err != nil {
+					return "", "", err
+				} else {
+					return config.GcrOAuth2Username, accessToken, nil
+				}
+			}
+		}
 		if err != nil {
 			return "", "", helperErr("could not retrieve GCR's access token", err)
 		}
+	}
 	return config.GcrOAuth2Username, accessToken, nil
 }
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/main.go

@@ -25,7 +25,7 @@ import (
 	"flag"
 	"os"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/cli"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli"
 	"github.com/google/subcommands"
 )
 

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store/BUILD

@@ -3,7 +3,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 go_library(
     name = "go_default_library",
     srcs = ["store.go"],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/store",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store",
     visibility = ["//visibility:public"],
     deps = [
         "//config:go_default_library",

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store/store.go

@@ -28,8 +28,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/config"
-	"github.com/GoogleCloudPlatform/docker-credential-gcr/util"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config"
+	"github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util"
 	"github.com/docker/docker-credential-helpers/credentials"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util/BUILD

@@ -3,6 +3,6 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 go_library(
     name = "go_default_library",
     srcs = ["util.go"],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/util",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util",
     visibility = ["//visibility:public"],
 )

vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util/cmd/BUILD

@@ -3,6 +3,6 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 go_library(
     name = "go_default_library",
     srcs = ["exec.go"],
-    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/util/cmd",
+    importpath = "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util/cmd",
     visibility = ["//visibility:public"],
 )

vendor/modules.txt

@@ -107,14 +107,16 @@ github.com/Azure/go-autorest/logger
 github.com/Azure/go-autorest/tracing
 # github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.1-0.20230328182921-62afb2723512
 ## explicit; go 1.17
-github.com/GoogleCloudPlatform/docker-credential-gcr
-github.com/GoogleCloudPlatform/docker-credential-gcr/auth
-github.com/GoogleCloudPlatform/docker-credential-gcr/cli
-github.com/GoogleCloudPlatform/docker-credential-gcr/config
-github.com/GoogleCloudPlatform/docker-credential-gcr/credhelper
-github.com/GoogleCloudPlatform/docker-credential-gcr/store
-github.com/GoogleCloudPlatform/docker-credential-gcr/util
-github.com/GoogleCloudPlatform/docker-credential-gcr/util/cmd
+# github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22
+## explicit; go 1.21
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/cli
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util
+github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util/cmd
 # github.com/Microsoft/go-winio v0.6.1
 ## explicit; go 1.17
 github.com/Microsoft/go-winio