fix: Scrutinize references for digests posing as tags

[nima]

This change prevents a token sneaking in as a tag, then later getting validated as a digest. In order to do that, a new struct member has been introduced to registry.Reference, namely, ReferenceType. This can take one of the small finite set of values: Undefined, None, Tag, and Digest. None is applicable only to valid form D, and Undefined is the zero/null/empty default value to force explicitness.

Also note that in valid form B, we're still allowing the redundant tag, is there a reason to allow for this (as opposed to considering it ambiguous, and deeming it invalid)? just noticed this was already answered by @Wwwsylvia in #303.

Resolves #303.

Signed-off-by: Nima Talebi github@nima.id.au

[codecov-commenter]

Codecov Report

Merging #326 (5850036) into main (c1f42a4) will decrease coverage by 0.09%.
The diff coverage is 82.35%.

@@            Coverage Diff             @@
##             main     #326      +/-   ##
==========================================
- Coverage   72.18%   72.09%   -0.10%     
==========================================
  Files          38       38              
  Lines        3635     3669      +34     
==========================================
+ Hits         2624     2645      +21     
- Misses        752      766      +14     
+ Partials      259      258       -1     

Impacted Files	Coverage Δ
registry/reference.go	68.42% <74.35%> (-6.85%)	⬇️
registry/remote/repository.go	67.24% <93.10%> (+0.57%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[shizhMSFT]

I was expecting that updating the implementation of the ParseReference() function only without touching others should fix the bug.

[nima]

Annotated the changes in an attempt to add more clarity.

[nima]

Added a couple more tests in the last push; no code-changes otherwise.

[shizhMSFT]

Let's try not to have any breaking changes unless it is necessary with justifications.

[shizhMSFT]

LGTM