[Draft] Docker Artifactory integration

[mzueva]

Background
At the moment platform uses self-hosted docker registry for storing docker images of the tools. To extend integration with GCP we need to support Google Artifact Registry as storage for docker images.

Approach
There are several integration points with docker registry:

• Server API provides set of methods to get information for a docker image (mainly DockerClient class)
• Docker registry push events monitoring for automated tool registration (https://cloud.google.com/artifact-registry/docs/configure-notifications)
• Vulnerability scanning of images using Clair and Docker component scanner services
• Run launch with image from registry
• Docker client authentication for users and DinD runs

Other options
A clear and concise description of any alternative solutions or features you've considered.

[kbashpayev]

GCP Artifact Registry Overview

Type of repositories (artifacts)	Docker, Maven, npm, Python, Apt, Yum, Kubeflow Pipelines, Go, Generic
Mode	Standard, Remote, Virtual (doc: https://cloud.google.com/artifact-registry/docs/repositories)
Encryption	Google-managed encryption key(Keys owned by Google), Cloud KMS key(Keys owned by customers)
Immutable image tags	An immutable image tag is an image tag that always points to the same image digest. If you configure the repository for immutable image tags, you cannot remove an image tag, delete a tagged image, or push a tagged image to the repository if the image tag is already in use by another version of the same image
Cleanup Policies	Conditional delete, Conditional keep, Keep most recent versions (doc: https://cloud.google.com/artifact-registry/docs/repositories/cleanup-policy)
Artifact Analysis - Vulnerability scanning	Automatically scan images that are pushed to this repository for vulnerabilities.Note: Scanning is currently only supported for Docker standard and remote repositories. (doc: https://cloud.google.com/artifact-analysis/docs/container-scanning-overview)

Standard	Remote	Virtual
Purpose: Standard repositories are used to store and manage your own artifacts (e.g., Docker images, Maven packages, npm packages, etc.).Key Features:You can directly push and pull artifacts to/from these repositories.Supports multiple formats (Docker, Maven, npm, Python, etc.).You can configure IAM policies to control access.Lifecycle management policies can be applied to automatically delete old or unused artifacts.Use Case: Use standard repositories when you need to store and manage your own artifacts in Artifact Registry.	Purpose: Remote repositories act as a proxy or cache for artifacts hosted in external repositories (e.g., Docker Hub, Maven Central, npmjs.org, etc.).Key Features:When you request an artifact, Artifact Registry first checks if it exists locally. If not, it fetches the artifact from the external repository and caches it locally for future use.Reduces the need to repeatedly download the same artifact from external sources, improving performance and reducing bandwidth usage.You can configure which external repositories to proxy.Supports caching of artifacts from public or private external repositories.Use Case: Use remote repositories when you want to cache artifacts from external repositories to improve performance, reduce external dependencies, or enforce security policies.	Purpose: Virtual repositories provide a single access point for multiple repositories (standard and remote) by aggregating them into one logical repository.Key Features:You can combine multiple standard and remote repositories into a single virtual repository.When you request an artifact, the virtual repository searches across the underlying repositories in a predefined order and serves the artifact from the first match.Simplifies artifact management by providing a unified view of multiple repositories.You can configure the order in which the underlying repositories are searched.Use Case: Use virtual repositories when you want to provide a single endpoint for accessing artifacts from multiple repositories, simplifying dependency management for your teams.

[kbashpayev]

Method	Docker Registry API Endpoint	Description	Artifact Registry API Method
checkAvailability	GET /v2/	Checks if the Docker Registry is available.	Not Required (GCP service is always available)
getRegistryEntries	GET /v2/_catalog?n=1000	Lists all repositories in the Docker Registry.	listRepositories(LocationName parent)
getImageTags	GET /v2//tags/list	Lists all tags for a specific image.	listTags(RepositoryName parent)
getImageDescription	GET /v2//manifests/	Fetches the raw image description (manifest).	getDockerImage(DockerImageName name)
getImageHistory	GET /v2//manifests/	Retrieves the build history of an image.	No equivalent. (Try to use getDockerImage and parse metadata, some data could be missed)
getImageLabels	GET /v2//manifests/	Retrieves labels from the image manifest.	No equivalent. (Try to use getDockerImage and parse metadata, some data could be missed)
getManifest	GET /v2//manifests/	Fetches the V2 manifest of an image.	getDockerImage(DockerImageName name)
deleteLayer	DELETE /v2//blobs/	Deletes a specific layer (blob) from the Docker Registry.	No direct equivalent. After removal of Image orphant blobs will be removed automatically, no need reimplementation
deleteImage	DELETE /v2//manifests/	Deletes an image manifest from the Docker Registry.	deleteDockerImage(DockerImageName name)
getVersionAttributes	GET /v2//manifests/	Retrieves version attributes (digest, size, platform, etc.) for an image.	Use getDockerImage and parse metadata.
getRawImageDescription	GET /v2//manifests/	Fetches the raw image description (manifest).	getDockerImage(DockerImageName name)