oci://public.ecr.aws/karpenter/karpenter full of garbage tags: hard to list latest releases

[awoimbee]

Description

Observed Behavior:

TOKEN=$(curl -s "https://public.ecr.aws/token/?scope=aws&service=public.ecr.com" | jq -r .token)
curl -s -L -H "Authorization: Bearer $TOKEN" "https://public.ecr.aws/v2/karpenter/karpenter/tags/list"
# Full of garbage versions like "v0-dcbb2d8de30e7c4f13670cf3bffd3d47a324d662" or "20221116"

Following the Link headers to see more tags quickly leads to HTTP 429 Too Many Requests.

Expected Behavior:

$ TOKEN=$(curl -s "https://public.ecr.aws/token/?scope=aws&service=public.ecr.com" | jq -r .token)
$ curl -s -L -H "Authorization: Bearer $TOKEN" "https://public.ecr.aws/v2/karpenter/karpenter/tags/list"
HTTP/2 200 
date: Wed,
04 Dec 2024 13: 18: 37 GMT
content-type: text/plain; charset=utf-8
docker-distribution-api-version: registry/2.0
{
    "name": "karpenter/karpenter",
    "tags": [
        "v0.31.1",
        "v0.18.0",
        "0.36.2",
        "v0.32.3",
        "v0.34.7",
        "v0.27.3",
        "0.35.9",
        "v0.28.0-rc.2",
        "0.36.5",
        "v0.25.0",
        "v0.22.0",
[...]

Note

I rely on this to check if the charts I deploy are up to date.
This will also be an issue for people using version specifiers like "~1.1.0" or 1.1.*.

---

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[jonathan-innis]

At this point, I'd agree that we can clean-up old tags that contain hashes and just work our way down to only semver tags.