0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

1150 commits

Author SHA1 Message Date
Ramkumar Chinchani
7b1fc0450e
chore: fix dependabot alerts (#2399)
https://github.com/project-zot/zot/pull/2395
https://github.com/project-zot/zot/pull/2395
https://github.com/project-zot/zot/pull/2396
https://github.com/project-zot/zot/pull/2397
https://github.com/project-zot/zot/pull/2401
https://github.com/project-zot/zot/pull/2402
https://github.com/project-zot/zot/pull/2403
https://github.com/project-zot/zot/pull/2404
https://github.com/project-zot/zot/pull/2405

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-22 12:52:46 -07:00
Ramkumar Chinchani
8294838795
ci: fix localstack docker uri (#2400)
The image is being published on dockerhub at localstack/localstack

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-21 22:30:00 -07:00
Ramkumar Chinchani
66611cb8d3
chore: disable content trust check for localstack image (#2398)
localstack images published to dockerhub don't appear to be signed via
docker content trust.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-20 22:41:25 -07:00
Ramkumar Chinchani
7146826126
ci: upgrade localstack to v3.3.0 (#2390)
There are performance improvements in recent releases of localstack.

1) install localstack via "pip install" and requires python 3.11
2) also pull a recently pushed localstack docker image to ghcr.io

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-19 00:08:36 -07:00
Ramkumar Chinchani
6898b31842
chore: fix dependabot alerts (#2393) 2024-04-19 07:58:25 +03:00
Ramkumar Chinchani
6b4d8364be
ci: update zap scan docker image location (#2391)
https://github.com/zaproxy/zaproxy/issues/8440

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-16 09:22:03 +03:00
Ramiro Algozino
0160c9fc6b
fix(cli/server): serve command expected positional args (#2382)
fix(cli/server): serve command expected positinal args
Expect exactly one positional argument for the serve command with the
path to the config file.

Signed-off-by: Ramiro Algozino <ramiro@sighup.io>
2024-04-11 09:51:41 -07:00
Ramkumar Chinchani
6b3c160176
chore: fix dependabot alerts (#2377)
https://github.com/project-zot/zot/pull/2368
https://github.com/project-zot/zot/pull/2369
https://github.com/project-zot/zot/pull/2370
https://github.com/project-zot/zot/pull/2371
https://github.com/project-zot/zot/pull/2372
https://github.com/project-zot/zot/pull/2373
https://github.com/project-zot/zot/pull/2374
https://github.com/project-zot/zot/pull/2375
https://github.com/project-zot/zot/pull/2376

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-09 10:40:16 +03:00
Ramkumar Chinchani
6f8c058dc6
chore: fix dependabot alerts (#2366)
https://github.com/project-zot/zot/pull/2355
https://github.com/project-zot/zot/pull/2356
https://github.com/project-zot/zot/pull/2357
https://github.com/project-zot/zot/pull/2358
https://github.com/project-zot/zot/pull/2359
https://github.com/project-zot/zot/pull/2360
https://github.com/project-zot/zot/pull/2361
https://github.com/project-zot/zot/pull/2362
https://github.com/project-zot/zot/pull/2363
https://github.com/project-zot/zot/pull/2364

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-03 09:57:05 +03:00
Ramkumar Chinchani
8f1c5a021f
ci: add description field to our published images (#2354)
Fixes issue #2353

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-01 08:40:09 -07:00
Ramkumar Chinchani
819994cca1
chore: fix dependabot alerts (#2352)
https://github.com/project-zot/zot/pull/2343
https://github.com/project-zot/zot/pull/2349
https://github.com/project-zot/zot/pull/2350

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-26 11:33:25 -07:00
Andrei Aaron
864cd00b9e
fix: Allow GET requests on repositories not found in metadb (#2351)
The issue was reported on Slack.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-03-26 18:38:58 +02:00
Ramkumar Chinchani
5639dfb2a9
chore: fix dependabot alerts (#2348) 2024-03-26 06:48:22 +02:00
Andrei Aaron
dd6b6a5a7b
feat(ui): new signature UX (#2339)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-03-25 10:38:09 -07:00
Vishwas R
aa53782e5c
feat: show brief package list in image CVE listings (#2338)
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-03-25 10:36:14 -07:00
Ramkumar Chinchani
4105f120ef
ci: add a ML model artifact test case (#2332)
Both as a test and an example.

Inspired by:
    https://github.com/kubeflow/model-registry/blob/main/docs/logical_model.md

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-21 22:30:43 +02:00
Andrei Aaron
8b4abc6ef6
Add a job to check zot config examples (and fix existing examples) (#2322)
* fix: Add credentials config verification

(cherry picked from commit e7fdfa0bcc)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: Update golang version to 1.21.x

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit cbc0f89dfb)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: LDAP credentials files are now required, add more tests

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit b74366d50b)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: Update error handling, add more tests

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit 8a61bbc2d4)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: Add coverage

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: onidoru <onidoru@yahoo.com>
Co-authored-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
2024-03-21 10:23:37 -07:00
Andrei Aaron
375c35c5a1
chore: update to go 1.22 (#2330)
* chore: update to go 1.22

Only go toolchain version is updated.
We compile with go 1.22, but we allow others to compile using language version 1.21 if they wish to.
If we also updated the go version in go.mod everyone would be forced to update, as that is enforced as a minimum allowed version.

This comment explains the difference well enough https://news.ycombinator.com/item?id=36455759

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* chore: fix freeBSD AMD64 build

Looks like they made some cleanup in the logic allowing buildmode pie on various platforms.

Related to https://github.com/golang/go/issues/31544
See the code at: https://cs.opensource.google/go/go/+/master:src/internal/platform/supported.go;l=222-231;drc=d7fcb5cf80953f1d63246f1ae9defa60c5ce2d76;bpv=1;bpt=0

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-03-20 11:53:11 -07:00
Ramkumar Chinchani
28e9aabecf
chore: fix dependabot alerts (#2331)
https://github.com/project-zot/zot/pull/2324
https://github.com/project-zot/zot/pull/2325
https://github.com/project-zot/zot/pull/2326
https://github.com/project-zot/zot/pull/2327
https://github.com/project-zot/zot/pull/2328
https://github.com/project-zot/zot/pull/2329

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-20 07:37:29 +02:00
Ravi Chamarthy
eec277e14d chore: update support matrix
Signed-off-by: Ravi Chamarthy <ravi@chamarthy.dev>
2024-03-14 09:43:42 -07:00
Ravi Chamarthy
4ddfcdd092 chore: add ossf scorecard
Signed-off-by: Ravi Chamarthy <ravi@chamarthy.dev>
2024-03-14 09:43:42 -07:00
Ramkumar Chinchani
ce7a9466c6
chore: update zui version (#2319) 2024-03-13 07:33:23 +02:00
Ramkumar Chinchani
fdb401273c
fix: ignore metadb errors if tag not found (#2301) 2024-03-13 07:28:08 +02:00
Vishwas R
c7472a2dda
feat: add verbose mode for cves for image listing (#2308)
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-03-12 13:38:48 -07:00
Ramkumar Chinchani
413514c0d4
chore: fix dependabot alerts (#2317) 2024-03-12 08:03:29 +02:00
ossfellow
dc0e41ad53
test(blackbox): add multi-arch index creation and image attributes modification (#2306)
* test: add multi-arch index creation and image modification tests

Signed-off-by: ossfellow <masoud@operatik.io>

* chore: update regclient version to the latest

Signed-off-by: ossfellow <masoud@operatik.io>

---------

Signed-off-by: ossfellow <masoud@operatik.io>
2024-03-08 08:49:12 -08:00
Ramkumar Chinchani
2dd1fc9316
chore: fix dependabot alerts (#2302)
https://github.com/project-zot/zot/pull/2297
https://github.com/project-zot/zot/pull/2298

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-07 21:20:35 +02:00
Ramkumar Chinchani
18235ca254
fix(oras)!: remove ORAS artifact references support (#2294)
* fix(oras)!: remove ORAS artifact references support

ORAS artifacts/references predated OCI dist-spec 1.1.0 which now has the
same functionality and likely to see wider adoption.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* test: update to released official images

So that they are unlikely to be deleted.
*-rc images may be cleaned up over time.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-06 12:16:42 -08:00
LaurentiuNiculae
5039128723
feat(cve): cli cve diff (#2242)
* feat(gql): add new query for diff of cves for 2 images

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): add cli for cve diff

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2024-03-06 10:40:29 +02:00
Ramkumar Chinchani
752b9e87c1
chore: fix dependabort alerts (#2295)
https://github.com/project-zot/zot/pull/2287
https://github.com/project-zot/zot/pull/2288
https://github.com/project-zot/zot/pull/2289
https://github.com/project-zot/zot/pull/2290
https://github.com/project-zot/zot/pull/2291
https://github.com/project-zot/zot/pull/2292
https://github.com/project-zot/zot/pull/2293

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-04 21:30:27 +02:00
peusebiu
6f00e843a0
fix(sync): sync generator now backs off on errors (#2272)
handle unsupported features like oci artifacts.

closes: #2238

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-03-04 09:44:11 -08:00
peusebiu
740eae8f26
fix(sync): better cleaning sync's download dir (#2273)
added cleanup in the case of copy.Image() failures.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-02-29 09:09:21 -08:00
Andrei Aaron
6561e9f527
feat(ui): show CVE package path (#2286)
See https://github.com/project-zot/zui/pull/428 for details

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-29 07:57:05 -08:00
Ramkumar Chinchani
d00f5282fa
chore: fix dependabot alerts (#2283)
https://github.com/project-zot/zot/pull/2270
https://github.com/project-zot/zot/pull/2271
https://github.com/project-zot/zot/pull/2274
https://github.com/project-zot/zot/pull/2275
https://github.com/project-zot/zot/pull/2276
https://github.com/project-zot/zot/pull/2277
https://github.com/project-zot/zot/pull/2278
https://github.com/project-zot/zot/pull/2279
https://github.com/project-zot/zot/pull/2280
https://github.com/project-zot/zot/pull/2281
https://github.com/project-zot/zot/pull/2282

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-02-28 00:45:00 +02:00
Ramkumar Chinchani
565eca2609
chore: fix dependabot alerts (#2268)
https://github.com/project-zot/zot/pull/2258
https://github.com/project-zot/zot/pull/2259
https://github.com/project-zot/zot/pull/2260
https://github.com/project-zot/zot/pull/2261
https://github.com/project-zot/zot/pull/2262
https://github.com/project-zot/zot/pull/2263
https://github.com/project-zot/zot/pull/2264
https://github.com/project-zot/zot/pull/2265
https://github.com/project-zot/zot/pull/2266
https://github.com/project-zot/zot/pull/2267

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-02-20 21:51:40 +02:00
Andrei Aaron
4e5db84cb1
chore: update image-spec and dist spec to 1.1.0 (#2255)
BREAKING CHANGE: the dist spec version in the config files needs to be bumped to 1.1.0
in order for the config verification to pass without warnings.

Also fix 1 dependabot alert for helm.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-20 13:27:21 +02:00
Andrei Aaron
960686b957
feat(ui): introduce API key management in ZUI (#2256)
See Raul's PR: https://github.com/project-zot/zui/pull/403

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-20 12:23:58 +02:00
Andrei Aaron
6c953d6400
test: fix flacky coverage in cookiestore cleanup tests (#2257)
Refactor and add more coverage to test flacky coverage in case sessions
which are already deleted are flagged as expired/for deletion.

See coverage drop in pkg/api/cookiestore.go:
8e68255946/indirect-changes

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-19 14:43:30 -08:00
Andrei Aaron
2d2e005449
fix(npe): handle case where os.Stat returns different error types in DirExists (#2253)
See https://github.com/project-zot/zot/actions/runs/7905369535/job/21577848110

Also add tests to fix some of the coverage fluctuations.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-18 08:00:00 +02:00
Andreea Lupu
aafb1a50ac
feat(ui): update zui version (#2251)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-02-16 11:39:14 +02:00
Vishwas R
0aa6bf0fff
feat: include PackagePath data in CVEs for image queries (#2241)
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-02-15 13:19:49 -08:00
Andrei Aaron
cc2eda0335
test: add test images build instructions and stacker.yamls (#2249)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-15 13:49:25 +02:00
Andreea Lupu
d04568b853
feat(ui): update zui version (#2248)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-02-14 22:19:19 +02:00
peusebiu
8e68255946
fix(sync): added bearer client for sync (#2222)
fixed ping function taking too much time

closes: #2213 #2212

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-02-14 09:18:10 -08:00
Andrei Aaron
d0eb043be5
feat: Get the image LastUpdated timestamp from annotations (#2240)
Fallback to Created field and the History entries in the image config
only if the annotation "org.opencontainers.image.created" is not available

closes #2210

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-14 09:14:24 -08:00
Andrei Aaron
ec38d39c06
chore(go.mod): fix dependabot alerts (#2247)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-14 09:12:57 -08:00
Andreea Lupu
55acce6923
feat(graphql): filter CVEs by severity (#2246)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-02-14 09:11:57 -08:00
LaurentiuNiculae
de90abd5dc
style(metadb): use type aliases for metadb types to be easier to read (#2043)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2024-02-14 09:08:08 -08:00
Andrei Aaron
36e04a40c2
ci(nightly): update go version used for prometheus tests (#2239)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-09 17:19:16 +02:00
peusebiu
5b83937d40
fix(tests): fixed inconsistent sync test (#2237)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-02-08 18:28:59 +02:00