0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

1070 commits

Author SHA1 Message Date
Márk Sági-Kazár
510b7a2e16
build: add cross-compile to dockerfile (#1816)
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2023-09-26 09:09:34 -07:00
Ramkumar Chinchani
80b580adaa
ci: add a "nightly jobs" badge (#1858)
So that we know if something has failed.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-26 09:07:46 -07:00
Ramkumar Chinchani
9096031aeb
chore: fix dependabot alerts (#1855)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-25 23:03:13 +03:00
Andrei Aaron
6bd7abe28b
fix(tests): call ImageStore constructor with correct parameters (#1846)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-23 07:58:58 +00:00
peusebiu
1df743f173
fix(gc): sync repodb when gc'ing manifests (#1819)
fix(gc): fix cleaning deduped blobs because they have the modTime of
the original blobs, fixed by updating the modTime when hard linking
the blobs.
fix(gc): failing to parse rootDir at zot startup when using s3 storage
because there are no files under rootDir and we can not create empty dirs
on s3, fixed by creating an empty file under rootDir.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-22 11:51:20 -07:00
Andrei Aaron
7c78f80a96
feat(cve): implement CVE scanning as background tasks (#1833)
1. Move existing CVE DB download generator/task login under the cve package
2. Add a new CVE scanner task generator and task type to run in the background, as well as tests for it
3. Move the CVE cache in its own package
4. Add a CVE scanner methods to check if an entry is present in the cache, and to retreive the results
5. Modify the FilterTags MetaDB method to not exit on first error
This is needed in order to pass all tags to the generator,
instead of the generator stopping at the first set of invalid data
6. Integrate the new scanning task generator with the existing zot code.
7. Fix an issue where the CVE scan results for multiarch images was not cached
8. Rewrite some of the older CVE tests to use the new image-utils test package
9. Use the CVE scanner as attribute of the controller instead of CveInfo.
Remove functionality of CVE DB update from CveInfo, it is now responsible,
as the name states, only for providing CVE information.
10. The logic to get maximum severity and cve count for image sumaries now uses only the scanner cache.
11. Removed the GetCVESummaryForImage method from CveInfo as it was only used in tests

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-22 11:49:17 -07:00
Alexei Dodon
4e04be420e
refactor(cli): Move cmdflags package under pkg/cli/client (#1840)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-22 16:33:18 +03:00
Ramkumar Chinchani
8c559441e6
test(cosign): add a oci dist-spec 1.1.0 conformant test case (#1835)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-20 12:01:36 -07:00
peusebiu
f164fb9e03
fix(ci): fix nighlty builds and print zot log on failure (#1799)
now gc stress on s3 storage is using minio for ci/cd builds
gc stress on s3 storage is using localstack for nightly builds

fixed(gc): make sure we don't remove repo if there are blobs
being uploaded or the number of blobs gc'ed is not 0

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-20 19:25:06 +03:00
Andrei Aaron
a11fe2d195
feat(pprof): add profiling route handler to debug runtime (#1818)
(cherry picked from commit 56ddb70f624e7070ad0d3531d498675f9f82c664)

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-09-18 14:05:41 -07:00
Ramkumar Chinchani
f8002c7dd3
chore: fix dependabot alerts (#1827)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-18 11:34:57 -07:00
Andrei Aaron
bcdd9988f5
fix(cve): cummulative fixes and improvements for CVE scanning logic (#1810)
1. Only scan CVEs for images returned by graphql calls
Since pagination was refactored to account for image indexes, we had started
to run the CVE scanner before pagination was applied, resulting in
decreased ZOT performance if CVE information was requested

2. Increase in medory-cache of cve results to 1m, from 10k digests.

3. Update CVE model to use CVSS severity values in our code.
Previously we relied upon the strings returned by trivy directly,
and the sorting they implemented.
Since CVE severities are standardized, we don't need to pass around
an adapter object just for pagination and sorting purposes anymore.
This also improves our testing since we don't mock the sorting functions anymore.

4. Fix a flaky CLI test not waiting for the zot service to start.

5. Add the search build label on search/cve tests which were missing it.

6. The boltdb update method was used in a few places where view was supposed to be called.

7. Add logs for start and finish of parsing MetaDB.

8. Avoid unmarshalling twice to obtain annotations for multiarch images.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-17 15:12:20 -07:00
Alexei Dodon
f58597ade9
refactor: Reduce zli binary size (#1805)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-15 15:17:01 -07:00
LaurentiuNiculae
8e18917b07
refactor(test): move image utils for tests in a separate module (#1789)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-15 09:53:15 -07:00
Alexei Dodon
14206dd6f3
refactor: Review metrics endpoints (#1770)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-15 14:49:34 +03:00
LaurentiuNiculae
aae8b7b4e3
feat(cli): add sort-by flag to sub commands (#1768)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-14 10:51:17 -07:00
LaurentiuNiculae
c210e3f377
fix(convert): fix the update rule of download count for images (#1802)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-14 10:48:23 -07:00
peusebiu
3d8d47d601
fix(config): fix config reloader panic (#1806)
reloading config from one without extensions
to one with extensions caused a panic

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-14 12:34:18 +03:00
peusebiu
3dbaf2b3ff
fix(sync): ping func should not try to read response body (#1757)
closes: #1703

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-13 20:00:51 +03:00
Andreea Lupu
3518941d6d
fix: change log msg for updating signatures validity (#1804)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-09-13 15:48:31 +03:00
Alexei Dodon
48bf7f69f8
refactor: Reduce zb binary size (#1783)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-13 10:28:14 +03:00
Alexei Dodon
98ab43f6ef
fix: can't build zot with empty EXTENSIONS (#1803)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-12 11:31:10 -07:00
Andreea Lupu
e3876879b0
fix: do not recreate trustpolicy secret if the content doesn't change (#1800)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-09-12 15:21:39 +03:00
Ramkumar Chinchani
6461b661f1
chore: fix dependabot alerts (#1797)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-11 20:21:56 -07:00
Andrei Aaron
6011705931
chore(dependabot): increase the limit of dependabot PRs (#1788)
Given the default limit is 5 and some packages like AWS release daily,
having a weekly schedule results in the same packages being flagged for update
most of the time.

Let's increase to 10 to make sure there are no issues in other libraries

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-11 11:02:11 -07:00
Andreea Lupu
68a197d7cc
fix: add retry logic to recreate existing trustpolicy secret (#1776)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-09-11 10:13:22 +03:00
Ramkumar Chinchani
9fcb8a8489
chore: fix dependabot alerts (#1774)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-08 22:31:08 +03:00
Andrei Aaron
24e37eb68b
fix(api): Fix 'last' query param for <repo>/tags/list to work without param 'n' (#1777)
Also fix additional issues:
- sorting of tags on calls without pagination parameters ('n' or 'last')
- if 'n' is 0 we should return an empty list and not error

Added tests accordingly

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-08 19:46:17 +03:00
LaurentiuNiculae
7b1e24c99e
refactor(cli): remove old cli commands (#1756)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-08 15:12:47 +03:00
Alexei Dodon
18e591f52a
fix: DATA RACE in TestNewExporter (#1766)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-08 15:00:16 +03:00
Andreea Lupu
5a3fac40db
feat: upload cosign public key and notation certificates to cloud (#1744)
- using secrets manager for storing public keys and certificates
- adding a default truststore for notation verification and upload all certificates to this default truststore
- removig `truststoreName` query param from notation api for uploading certificates


(cherry picked from commit eafcc1a213)

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-09-08 10:03:58 +03:00
Andrei Aaron
6115eed4ec
refactor(makefile): consolidate the make targets used for bats tests (#1746)
New examples of running tests:

1. To run a specific bats file (with and without verbose output):
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats BATS_VERBOSITY=2

2. To run the CI tests (with and without verbose output)
make run-blackbox-ci
make run-blackbox-ci BATS_VERBOSITY=2

BATS_TEST_FILE_PATH is used to pass on the test file to run using `run-blackbox-tests`
BATS_VERBOSITY controls the verbosity of the bats framework output, if unspecified the output only
contains test results and failure message in case of failures.
If BATS_VERBOSITY is 1, then also show commands as they are executed.
If BATS_VERBOSITY is 2, on top of the above it also shows output of passed tests.

Other changes in this PR:
- Update some of the tests to show logs after the run ends.
- Run the linters before the tests, as it saves time on failures when running in GH

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-07 21:06:21 +03:00
Alexei Dodon
f5b63963be
refactor: Reduce binary size of zot-minimal; Added CI check for binary size (#1758)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-06 19:58:00 +03:00
Ramkumar Chinchani
75a76005b4
chore: fix dependabot alerts (#1763)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-05 22:30:49 +03:00
peusebiu
59dc4c3229
feat(scheduler): pass the shutdown/reload ctx to running tasks (#1671)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-05 09:48:56 -07:00
peusebiu
a0290b4b37
fix(gc): gc removes unknown manifests (#1762)
without removing its index.json reference

fix that by also reporting if manifests with unknown mediatypes
are referenced in index.json

this will make gc delete manifest blobs with deleteImageManifest() method
instead of deleteBlob(), which also removes index.json entries.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-05 09:42:12 -07:00
Ramkumar Chinchani
8e36bfd4d1
fix: add manifest validation checks (#1747)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-02 01:28:31 -07:00
peusebiu
c6b822f3dd
refactor(authz): use a struct for user access control info operations (#1682)
fix(authz): fix isAdmin not using groups to determine if a user is admin.
fix(authz): return 401 instead of 403

403 is correct as per HTTP spec
However authz is not part of dist-spec and clients know only about 401
So this is a compromise.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 11:13:53 -07:00
peusebiu
b80deb9927
refactor(storage): refactor storage into a single ImageStore (#1656)
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types

refactor(gc): drop umoci dependency, implemented internal gc

added retentionDelay config option that specifies
the garbage collect delay for images without tags

this will also clean manifests which are part of an index image
(multiarch) that no longer exist.

fix(dedupe): skip blobs under .sync/ directory

if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage

fix(storage): do not allow image indexes modifications

when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 10:54:39 -07:00
LaurentiuNiculae
72a5968437
test(bats): added bats example for deleting an image (#1718)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-01 17:23:34 +03:00
Alexei Dodon
423302df5f
fix: nightly build (#1745)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-01 13:08:17 +03:00
Andrei Aaron
521b109c8c
chore(go.mod): upgrade 3rd party packages (#1742)
Special note for oras.land/oras-go:
- 1.2.4 is not released yet, but tip of their v1 branch is compatible with docker v24.0.2
- 1.2.3 is not compatible with docker v24.0.2
Other 3rd party software depend on both oras-go v1 and docker v24

See also https://github.com/oras-project/oras-go/pull/527

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-31 20:40:19 +03:00
Alexei Dodon
41bbb23e30
fix: bats test refactoring (#1731)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-30 12:24:28 -07:00
LaurentiuNiculae
112fbec5b6
refactor(cli): added equivalent subcommands for each flag combination under every command (#1674)
- image command is now deprecated in favor of 'images'
- cve command is now deprecated in favor of 'cves'

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-30 20:12:24 +03:00
peusebiu
2bd479edd7
fix(examples): revert examples/config-minimal.json (#1740)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-08-30 13:25:32 +03:00
Ramkumar Chinchani
9bccd784a9
chore: fix dependabot alerts (#1737) 2023-08-30 07:53:03 +03:00
Andrei Aaron
780bbe42d1
feat(ui): update to latest zui version (#1735)
1. Show more detailed signature information in zui (signing tool, trusted, author)
2. Rename dex to oidc - on zui side
3. New screen for zot without images loaded
4. Remove 'Vulnerability' string from the vulnerability chips

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-29 15:52:08 -07:00
LaurentiuNiculae
40b599cca8
refactor(log): replace default logger with config complient log in root.go (#1734)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-29 12:10:30 -07:00
peusebiu
6926bddd3a
feat(apikey): added route to list user api keys (#1708)
adding api key expiration date

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-08-29 09:38:38 -07:00
Andrei Aaron
28858f695f
feat(mgmt): mgmt extention no longer depends on UI being enabled (#1728)
It is now enabled based only on search configuration

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-26 13:32:41 -07:00