Infrastructure/zot

mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00

Author	SHA1	Message	Date
LaurentiuNiculae	96d9d318df	feat(referrers): added index support for referrers queries (#1560 ) Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>	2023-07-05 09:42:16 -07:00
Ramkumar Chinchani	137e5bd793	chore: fix dependabot alerts (#1581 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-07-05 11:42:24 +03:00
Ramkumar Chinchani	aad6db279b	chore: fix dependabot alerts (#1576 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-07-04 09:19:26 -07:00
Ramkumar Chinchani	d30d7a9330	chore: fix dependabot alerts (#1537 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-06-19 12:34:50 -07:00
Ramkumar Chinchani	7dd17be96d	chore: fix dependabot alerts (#1517 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-06-16 10:28:43 +03:00
peusebiu	03f47f68c0	chore(deps): downgrade golang-lru (#1515 ) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>	2023-06-14 19:45:30 +03:00
Ramkumar Chinchani	d7bddd2a05	chore: fix dependabot alerts (#1508 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-06-12 14:53:03 -07:00
Lisca Ana-Roberta	622dde9193	fix: referrers now appears in swagger generated docs (#1488 ) Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>	2023-06-12 10:32:11 -07:00
Ramkumar Chinchani	4d6ca493f2	chore: fix dependabot alerts (#1501 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-06-09 10:27:42 -07:00
Andrei Aaron	96d00cd0ef	fix(cve): Fix CVE scanning in images containing Jar files (#1475 )	2023-06-01 00:37:46 +03:00
Ramkumar Chinchani	40180f878f	chore(go.mod): fix dependabot alerts (#1491 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-31 22:16:21 +03:00
Ramkumar Chinchani	e148343540	chore(go.mod): fix dependabot alerts (#1479 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-27 01:23:50 +03:00
Andreea Lupu	970997f3a8	feat(graphql & repodb): add info about signature validity (#1344 ) Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>	2023-05-24 09:46:16 -07:00
LaurentiuNiculae	6e6ffe800c	chore(go.mod): upgrade to notation-go v1.0.0-rc.5 and image-spec v1.1.0-rc3 (#1468 ) Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>	2023-05-23 15:16:33 +00:00
Ramkumar Chinchani	83ae1aad70	chore(go.mod): fix dependabot alerts (#1466 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-23 10:14:43 +03:00
Ramkumar Chinchani	2be5459c8e	chore: fix dependabot alerts (#1458 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-17 00:37:34 -07:00
Ramkumar Chinchani	d17fe0044b	chore(go.mod): fix dependabot alerts (#1443 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-12 09:45:52 +03:00
Ramkumar Chinchani	9534e0b88b	chore: fix dependabot alerts (#1409 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-11 16:39:21 -07:00
LaurentiuNiculae	ea79be64da	refactor(artifact): remove oci artifact support (#1359 ) * refactor(artifact): remove oci artifact support - add header to referrers call to indicated applied artifact type filters Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> * feat(gc): simplify gc logic to increase coverage Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> --------- Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>	2023-05-10 10:15:33 -07:00
Ramkumar Chinchani	42df4c505a	chore: fix dependabot alerts (#1403 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-05-01 12:49:10 -07:00
Ramkumar Chinchani	c3ba122830	chore(go.mod): fix dependabot alerts (#1377 )	2023-05-01 08:31:02 +03:00
Andreea Lupu	40bf76add5	chore(go.mod): upgrade trivy and cosign (#1387 ) Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>	2023-04-27 09:35:10 -07:00
Ramkumar Chinchani	635d07ae04	chore: update golang (to 1.20.x) and golangci-linter (#1388 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-04-27 00:09:46 -07:00
Ramkumar Chinchani	e6b81bb354	chore(go.mod): fix dependabot alerts (#1365 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-04-12 14:10:47 +03:00
Ramkumar Chinchani	9f512082ad	chore(go.mod): fix dependabot alerts (#1360 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-04-11 23:21:30 -07:00
Ramkumar Chinchani	8f809bda29	chore(go.mod): fix dependabot alerts (#1351 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-04-10 14:09:54 -07:00
Ramkumar Chinchani	38997be596	chore(go.mod): fix dependabot alerts (#1343 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-04-07 09:35:12 +03:00
Andrei Aaron	06bd8a8252	chore(go.mod): fix dependabot alerts (#1333 ) upgrade to github.com/aws/aws-sdk-go@v1.44.237 upgrade to github.com/aquasecurity/trivy@v0.38.3 upgrade to oras.land/oras-go@v1.2.3 upgrade to github.com/google/go-containerregistry@v0.14.0 upgrade to github.com/moby/buildkit@v0.11.4 Note we can't switch to trivy 0.39.0 as well as some other updates because they would also require upgrade of cosign to v2 with breaking api changes Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2023-04-06 01:00:12 -07:00
Ramkumar Chinchani	d9173e3ad3	chore(go.mod): fix dependabot alerts (#1330 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-04-05 09:39:15 +03:00
Ramkumar Chinchani	5ad25126b7	chore: fix dependabot alerts (#1320 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-03-29 13:13:16 -07:00
Ramkumar Chinchani	917159143c	chore: fix dependabot alerts (#1312 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-03-27 12:16:29 -07:00
Ramkumar Chinchani	e54c36db12	chore(go.mod): fix dependabot alerts (#1305 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-03-25 22:43:36 +02:00
Ramkumar Chinchani	906f8ce621	chore(deps): fix dependabot alerts (#1291 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-03-22 12:33:21 -07:00
Nicol	7656b6f011	chore(deps): modify pkg/errors dependency as indirect (#1266 ) Signed-off-by: Nicol Draghici <idraghic@cisco.com>	2023-03-15 17:10:47 +02:00
Ramkumar Chinchani	c2bec0d4a8	chore(go.mod): fix dependabot alerts (#1251 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-03-07 09:59:59 +02:00
Andrei Aaron	73b1126bbf	chore(go.mod): fix dependabot alerts (#1247 ) Supersedes: - https://github.com/project-zot/zot/pull/1132 - https://github.com/project-zot/zot/pull/1243 - https://github.com/project-zot/zot/pull/1244 - https://github.com/project-zot/zot/pull/1245 Also update the AWS SDK libraries used Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2023-03-06 11:05:19 -08:00
Andreea Lupu	646250736e	fix(go.mod): replace opencontainers/umoci dependency with project-stacker/umoci (#1240 ) Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>	2023-03-05 21:11:07 -08:00
Ramkumar Chinchani	5a2fb4108d	chore(go.mod): fix dependabot alerts (#1228 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-28 17:38:49 +02:00
Ramkumar Chinchani	f6a540747f	chore(go.mod): fix dependabot alerts (#1222 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-23 22:32:20 +02:00
Ramkumar Chinchani	4a56e30cd7	chore(go.mod): fix dependabot alerts (#1218 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-23 09:09:28 +02:00
Ramkumar Chinchani	be33f7b252	chore(go.mod): fix dependabot alerts (#1210 ) * chore(go.mod): fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * chore(test): update image tags We have cleaned up older golang images in the project. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * ci(gqlgen): fix gql schema validation GH workflow after npm upgrade Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-17 13:54:49 -08:00
Ramkumar Chinchani	b9a75b2e44	chore(go.mod): fix dependabot alerts (#1194 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-13 12:48:05 -08:00
Andreea Lupu	ee95ab0ffc	fix: call notation-go libs instead of using notation binary (#1104 ) fix: add loading notation path Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> Co-authored-by: Roxana Nemulescu <roxana.nemulescu@gmail.com>	2023-02-13 10:43:52 -08:00
Ramkumar Chinchani	c154ab02f3	chore(deps): fix dependabot alerts (#1179 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-07 08:52:17 +02:00
Ramkumar Chinchani	863d057e43	chore(deps): fix dependabot alerts (#1153 ) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-01 00:21:14 -08:00
Lisca Ana-Roberta	976ccfcf0d	fix: removed references to old dist-spec (#1128 ) Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com>	2023-01-31 09:35:33 -08:00
Ramkumar Chinchani	b3ed92ef1a	chore(deps): fix dependabot alerts (#1143 ) https://github.com/project-zot/zot/pull/1119 https://github.com/project-zot/zot/pull/1142 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-01-26 22:39:18 -08:00
Andrei Aaron	e04d98272c	chore: update the version of go-lru we use to the latest available (#1141 ) We are now using v2.0.1 in the cve cache logic. Unfortunately we are also using v0.5.4 indirectly, as it is required for gqlgen, see: `e6114a2c6a/go.mod (L7)` Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2023-01-26 11:14:17 -08:00
Ramkumar Chinchani	0938e4704c	chore(deps): fix dependabot alerts (#1131 ) Also, remove go mod redirects and update linter config. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-01-25 10:58:39 -08:00
Andrei Aaron	fac1d1d05d	chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage (#1068 ) 1. chore(trivy): update trivy library version The trivy team switched github.com/urfave/cli for viper so there are some other code changes as well. Since we don't use github.com/urfave/cli directly in our software we needed to add a tools.go in order for "go mod tidy" to not delete it. See this pattern explained in: - https://github.com/99designs/gqlgen#quick-start - https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module - https://github.com/go-modules-by-example/index/blob/master/010_tools/README.md#walk-through The jobs using "go get -u" have been updated to use "go install", since go get modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older version with broken dependencies 2. fix(storage) Update local storage to ignore folder names not compliant with dist spec Also updated trivy to download the DB and cache results under the rootDir/_trivy folder 3. fix(s3): one of the s3 tests was missing the skipIt call This caused a failure when running locally without s3 being available 4. make sure the offline scanning is enabled, and zot only downloads the trivy DB on the regular schedule, and doesn't download the DB on every image scan ci: increase build and test timeout as tests are reaching the limit more often Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2023-01-18 08:24:44 -08:00

1 2 3 4

160 commits