0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

513 commits

Author SHA1 Message Date
Alex Stan
0c70ae8a4e RepoInfo structure now includes new field representing RepoSummary
ExpandedRepoInfo currently returns RepoInfo that is a list of Manifests.
To comply with the newest UI requirements, a new field called Summary,
referring to RepoSummary structure, was added.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-08-05 19:22:22 +03:00
Ramkumar Chinchani
ae73290929 fix dependabot alerts
https://github.com/project-zot/zot/pull/689
https://github.com/project-zot/zot/pull/690
https://github.com/project-zot/zot/pull/691

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-04 09:36:19 +03:00
Bogdan BIVOLARU
0f386f0c89 Remove from Response header Range the 'bytes' string
Conformance spec requires responding to PATCH requests with
response header 'Content-Range' and value <range>

Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
2022-08-03 19:46:18 +03:00
Bogdan BIVOLARU
f92e584301 Fix 'InvalidManifestErr' to have a response.body
Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
2022-08-03 19:46:18 +03:00
Ramkumar Chinchani
49fb609f28 fix dependabot alerts
https://github.com/project-zot/zot/pull/682

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-29 10:42:37 -07:00
Lisca Ana-Roberta
a49692a22b regclient blackbox tests and regclient installation in Makefile
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-07-28 16:14:47 +03:00
Andrei Aaron
be93ece95e
Merge pull request #683 from andaaron/perms2
Fix permissions for image sync and stale workflows
2022-07-27 21:22:22 +03:00
Andrei Aaron
903460c55c
Fix permissions for image sync and stale workflows
Looks like read|write is not a correct value:
https://github.com/project-zot/zot/actions/runs/2743961177
https://github.com/project-zot/zot/actions/runs/2743965531

Write should include both, so let's try to use that.

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-27 17:44:08 +00:00
alexstan12
16e9822c7f
Add fuzz tests for storage_fs (#601)
This commit uses native go fuzzing to fuzz test implementations
of storage in storage_fs.

moved fuzzing testdata for storage_fs in separate repo

added make target and script for importing fuzz data and running all fuzz tests

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-27 20:37:55 +03:00
Andrei Aaron
b5f27c5b50 RepoSummary has a new attribute NewestTag of type ImageSummary
ImageListWithLatestTag currently returns a list of ImageInfo objects.
It needs to return consistent results with the API used for Global search as the same information will be used by the UI in the same type or cards.
So we need to update RepoSummary to include the data which right now is present in ImageInfo, but missing from RepoSummary (information on the latest tag in that specific repo).
Will update return type of ImageListWithLatestTag in a later PR (issue tracked in a separate GH issue)

Closes #666

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-27 19:41:00 +03:00
Lisca Ana-Roberta
87fc941b3c image level lint: enforce manifest mandatory annotations
closes #536

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-07-27 11:48:04 +03:00
Ramkumar Chinchani
3d72dad507 fix dependabot alerts
https://github.com/project-zot/zot/pull/674
https://github.com/project-zot/zot/pull/676
https://github.com/project-zot/zot/pull/677
https://github.com/project-zot/zot/pull/678

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-27 08:48:51 +03:00
Andrei Aaron
7182e426a7 Fix typos in workflow permissions
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-26 10:40:51 -07:00
Alex Stan
4fd727a10c changed filenames in pkg/extensions
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-26 16:56:20 +03:00
Andrei Aaron
10d9b1514b Fixes/Improvements to pkg/cli/stress_test.go
- Decrease RLIMIT_NOFILE and the number of goroutines used to reach this limit (from 512 to 100)
- Reset RLIMIT_NOFILE to the initial value before the test finishes
- Remove panic
- Use temporary dir managed by test framework
- Swith to using test logging in pkg/cli/stress_test.go
- Execute commands without `bash -c` in pkg/cli/stress_test.go

First item is needed as the GH runner seems to stop the test if stressed too much.
The lower number is still good enough to reproduce the test conditions

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-26 13:01:16 +03:00
Ramkumar Chinchani
4a3c0073b7 add a github workflow to report branch coverage
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-20 22:43:55 -07:00
Laurentiu Niculae
58f8cd5d7d test calculated size
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Laurentiu Niculae
80369140f1 add image info to parameter
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Laurentiu Niculae
7e3d063319 freeform querry api
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Alex Stan
a31869f270 fix GetReferrers function to be able to retrieve referrers of any specified artifactType
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-19 09:44:23 -07:00
Ramkumar Chinchani
317064ffc9 fix dependabot alerts
https://github.com/project-zot/zot/pull/647
https://github.com/project-zot/zot/pull/648
https://github.com/project-zot/zot/pull/649
https://github.com/project-zot/zot/pull/650
https://github.com/project-zot/zot/pull/651
https://github.com/project-zot/zot/pull/652
https://github.com/project-zot/zot/pull/653
https://github.com/project-zot/zot/pull/656

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-18 14:59:27 -07:00
Andrei Aaron
43160dcc43 Update to graphql 1.17.13
We encountered some problems with using the existing folder structure,
but it looks like running the tooling with the latest versions works after
we regenerated the project using 'gql init' and refactoring to separate
the login previously in resolvers.go.

- the autogenerated code is now under the gql_generated folder
- the file resolvers.go now contains only the code which is not
rewritten by the gqlgen framework
- the file schema.resolvers.go is rewritten when gqlgen runs,
and we'll only keep there the actual resolvers matching query names
Changes we observed to schema.resolvers.go when gqlgen runs include
reordering methods, and renaming function parameters to match the
names used in schema.graphql
- we now have a gqlgen.yaml config file which governs the behavior of
gqlgen (can be tweaked to restructure the folder structure of the
generated code in the future)

Looks like the new graphql server has better validation
1 Returns 422 instead of 200 for missing query string - had to update tests
2 Correctly uncovered an error in a test for a bad `%` in query string.

As as result of 2, a `masked` bug was found in the way we check if images are
signed with Notary, the signatures were reasched for with the media type
of the image manifest itself instead of the media type for notation.
Fixed this bug, and improved error messages.
This bug would have also been reproducible with main branch if the bad `%`
in the test would have fixed.

Updated the linter to ignore some issues with the code which is
always rewritten when running:
`go run github.com/99designs/gqlgen@v0.17.13 generate`

Add a workflow to test gqlgen works and has no uncommitted changes

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-18 12:55:40 -07:00
Ramkumar Chinchani
76b811b029 harden github action/workflow perms
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-18 01:05:09 -07:00
Ramkumar Chinchani
37b3345199 fix dependabot alerts
https://github.com/project-zot/zot/pull/629
https://github.com/project-zot/zot/pull/631
https://github.com/project-zot/zot/pull/632

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 14:22:39 -07:00
Ramkumar Chinchani
595e1bca59 fix dependabot alerts
https://github.com/project-zot/zot/pull/624
https://github.com/project-zot/zot/pull/625
https://github.com/project-zot/zot/pull/626
https://github.com/project-zot/zot/pull/627
https://github.com/project-zot/zot/pull/628

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 12:03:08 -07:00
Petu Eusebiu
2496fef3c2 Fix data race on trivydb download in tests.
Multiple go routines downloading trivy db
triggers data race on trivy internal db.Path().
In each go routine wait for db download to start.
closes #636

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-14 09:31:15 -07:00
Petu Eusebiu
003de3a80a Fix config reloader in tests
config file may get removed before fsnotify starts watching it
make sure the config file gets removed when test ends, closes #608

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-14 09:31:15 -07:00
Ramkumar Chinchani
19434af3c4 fix dependabot.yml
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-13 13:18:01 -07:00
Ramkumar Chinchani
dc97096502 restrict workflow action permissions
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-13 11:34:57 -07:00
Andreea-Lupu
8da34d5751 Rename push token
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-07-13 09:05:06 -07:00
Ramkumar Chinchani
0f305960ed add a security policy document
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-12 14:25:57 -07:00
Petu Eusebiu
2c3415c86b Added helm push/pull to blackbox tests
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-12 10:02:51 -07:00
Petu Eusebiu
01d742718f ci/cd: fix oras cli flags after it got updated
installing notation and oras not needed anymore

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-12 10:02:51 -07:00
Andreea-Lupu
26f85ab195 Update automatically helm chart when publish a new release for zot
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-07-11 11:27:05 -07:00
Ramkumar Chinchani
9cfed4bb46 Create scorecards.yml
Add ossf/scorecards action

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-10 22:32:00 -07:00
Alex Stan
9194fea6d4 Add a way to list imports and files used by specific binaries
This commit adds a new Make target that makes use of go list to show directly
imported packages and used files in a given binary.
This target should be added in all future targets that build binaries, if listing
imported packages and used files is important.
Existing targets were modified to include build-metadata. Also, since build-metadata
depends on EXTENSIONS variable, a dummy tag is used to overwrite the defaults of
this variable in case of minimal-type targets.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-08 11:23:15 -07:00
Ramkumar Chinchani
4ae1a908a0 fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g
https://github.com/project-zot/zot/security/dependabot/24

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-07 23:58:51 -07:00
Petu Eusebiu
6d5b208e93 build: remove swagger install in stacker files
it is currently installed in the Makefile

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-04 12:33:11 -07:00
Petu Eusebiu
7954add73a Fix data races in tests closes #599, closes #598
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-06-30 13:33:47 -07:00
Alex Stan
ada21ed842 Manage builds with different combinations of extensions
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.

added custom binary naming depending on extensions used and changed references from binary to binary-extended

added automated blackbox tests for sync, search, scrub, metrics

added contributor guidelines

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-06-30 09:53:52 -07:00
Petu Eusebiu
616d5f8a6d zb: replace map with sync.Map to avoid concurrent writes closes #582
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-06-28 08:47:34 -07:00
Ramkumar Chinchani
eed48c1715 refactor filenames to reflect functionality
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-21 21:42:54 -07:00
Petu Eusebiu
a04f870a22 Periodically sync golang image from dockerhub to ghcr.io
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-06-16 23:42:50 -07:00
Catalin Hofnar
a8a65a6c37 Modified sync log calls to include error type (#336)
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-06-15 09:45:49 -07:00
Lisca Ana-Roberta
111b80625d added repos command to list repositories
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-06-15 02:22:18 -07:00
Alex Stan
66484c8ca9 changed go version to 1.18
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-06-09 04:38:06 -07:00
Shivam Mishra
620bc7c517 routes: strip query parameter from request URL
reuqest url also contains query parameter due to this in some scenarios
location header is setting up incorrectly, strip query parameter from
request url to correctly setup location header.

Closes #573 #575

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-06-08 22:50:37 -07:00
Shivam Mishra
f52c950d04 fix sample request url in search extension README
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-06-07 11:24:19 -07:00
Ramkumar Chinchani
0edee009c0 fix CVE-2022-28946/GHSA-x7f3-62pm-9p38
https://github.com/project-zot/zot/security/dependabot/17
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-06 11:43:36 -07:00
Ramkumar Chinchani
d07de27402 fix CVE-2022-26945/GHSA-x24g-9w7v-vprh
https://github.com/project-zot/zot/security/dependabot/22

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-06 11:43:36 -07:00