Nicol
c72b4fb643
test: Add cosign and notations bats tests ( #929 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-11-01 09:16:14 -07:00
peusebiu
2d877aaea1
fix(sync): also sync on demand digests, not only tags, closes #902 ( #932 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-27 09:39:59 -07:00
Catalin-George Hofnar
c6ffbce6cf
refactor(tests): removed globals from digest test, removed some more hardcoded digests ( #923 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-26 19:14:16 +03:00
Ramkumar Chinchani
4edecbb429
chore(deps): fix dependabot alerts ( #919 )
...
https://github.com/project-zot/zot/pull/911
https://github.com/project-zot/zot/pull/912
https://github.com/project-zot/zot/pull/913
https://github.com/project-zot/zot/pull/914
https://github.com/project-zot/zot/pull/915
https://github.com/project-zot/zot/pull/916
https://github.com/project-zot/zot/pull/917
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-24 15:18:48 -07:00
Andrei Aaron
92afd86cbb
feat(cve): better distinguish max severity on an image ( #918 )
...
Values returned now by GetCVESummaryForImage
// not scannable / error during scan - max severity "" - cve count 0 - Errors
// scannable no issues found - max severity "NONE" - cve count 0 - no Errors
// scannable issues found - max severity from Scanner - cve count >0 - no Errors
Before this change the max severity in case #1 and #2 was "UNKNOWN" which is also possible value
for case #3 . To better distinguish them return different max severities.
This feature would be consumed by the UI.
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-24 12:27:26 -07:00
Andrei Aaron
1d9c88c313
fix(cli): do not show signatures and fix tls verification client side ( #904 )
...
Issues fixed:
- the cli calls reaching out to the catalog endpoint used to request signature manifests
- resty was used instead of the cli http client to check if the discovery api was available
but it did not take into account TLS verification configuration
(testing locally withself-signed certificates did not work)
(cherry picked from commit ca42031ae9b1ceb459f5cd4f86cb82b3c9f78157)
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-22 23:44:20 -07:00
Andrei Aaron
ac6c6a844c
refactor(digests): standardise representation of digests to digest.Digest ( #898 )
...
- Digests were represented by different ways
- We needed a uniform way to represent the digests and enforce a format
- also replace usage of github.com/google/go-containerregistry/pkg/v1
with github.com/opencontainers/image-spec/specs-go/v1
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
(cherry picked from commit 96b2f29d6d57070a913ce419149cd481c0723815)
(cherry picked from commit 3d41b583daea654c98378ce3dcb78937d71538e8)
Co-authored-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2022-10-22 13:46:13 -07:00
peusebiu
5f99f9a445
fix(sync): fixed broken logic to get tags for repo ( #900 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-22 00:26:14 -07:00
Lisca Ana-Roberta
26d982becb
fix: replace time.sleep() with checking logs ( #899 )
...
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-10-21 11:17:06 -07:00
Catalin-George Hofnar
00e65bd32b
fix(coverage): scheduler coverage ( #893 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-21 18:33:22 +03:00
Ramkumar Chinchani
763287873e
fix(config): make all extension config consistent ( #888 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-21 15:33:54 +03:00
Andrei Aaron
38b00e3507
chore(lint): gci to separate zot from other imports ( #870 )
...
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-20 09:39:20 -07:00
peusebiu
92d97d48d6
fix(s3): remove tracking multipart uploads ( #883 )
...
Remove sticky sessions from clustering
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-20 09:36:58 -07:00
Lisca Ana-Roberta
7f9052972d
fix: zli images show if signed instead of signature ( #886 )
...
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-10-20 09:35:24 -07:00
peusebiu
76714d53f8
fix(tests): consolidate routes tests ( #892 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-19 09:26:46 -07:00
Nicol
d93c68af33
test: Build images with annotations ( #872 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-10-18 20:47:41 -07:00
peusebiu
91dd5496fc
chore: rename search route prefix ( #887 )
...
* chore: rename search route prefix
* chore: use builtin time.Duration.Truncate() on latencies
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-18 20:46:06 -07:00
Catalin Hofnar
caf88ddb1e
refactor(tests): remove hardcoded digests ( #871 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-18 20:43:56 -07:00
Ramkumar Chinchani
7d08985f75
chore(deps): fix dependabot alerts ( #885 )
...
https://github.com/project-zot/zot/pull/879
https://github.com/project-zot/zot/pull/880
https://github.com/project-zot/zot/pull/881
https://github.com/project-zot/zot/pull/882
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-18 10:06:14 +03:00
Catalin Hofnar
794a4aabd3
fix(workflow): add fetch depth, removed running at release ( #873 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-17 10:41:53 -07:00
Ramkumar Chinchani
14954596cb
ci: fix image build/release workflow ( #874 )
...
Fix typo in the workflow.
Pass RELEASE_TAG env var.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-15 11:14:15 +03:00
peusebiu
fd87a22829
fix(storage): resolve cache/storage inconsistencies on HEAD request ( #794 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-11 10:05:39 -07:00
Catalin Hofnar
f3b1913fbd
build: add commit hash to Config at build for proper discovery readme ( #854 )
...
* build: add commit hash to Config at build for proper discovery readme link
* fix: use tag instead of commit hash, add to release build
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-11 09:01:59 -07:00
Lisca Ana-Roberta
4bc7a2c824
fix: images command not truncating image name/tag ( #851 )
...
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-10-11 08:56:03 -07:00
Andrei Aaron
815366024b
fix(lastUpdated): fix image lastUpdated timestamp logic ( #863 )
...
The lastUpdated field was picked from the first entry in image history
Now it is the created time of the image, or the last entry in
image history, if created time is unavailable
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-10 17:43:05 -07:00
Ramkumar Chinchani
5494208556
chore(deps): fix dependabot alerts ( #868 )
...
https://github.com/project-zot/zot/pull/864
https://github.com/project-zot/zot/pull/865
https://github.com/project-zot/zot/pull/866
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-10 12:19:05 -07:00
Andrei Aaron
98854337ff
build(tags): remove redundant build tag ui_base ( #857 )
...
It was not used for UI, it had become a CLI dependency
with the same functionality as search
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-10 15:05:55 +03:00
Andrei Aaron
1afc5c8c3f
test(authz): add an extra test for authz ( #859 )
...
Should help with test flakiness
(the order in which the policies are read from the map impacted tested codepath)
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-10-07 15:31:18 +03:00
Catalin Hofnar
261615c880
fix: incorrect path for playground template ( #858 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-07 11:29:11 +03:00
Catalin Hofnar
9916449d88
ci(workflows): changed ci-cd workflow to generate introspection json when gql schema changed ( #810 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-06 12:17:41 -07:00
peusebiu
3c0c51fcbe
fix(sync): also sync image index mediatype ( #847 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-06 09:41:16 -07:00
Catalin Hofnar
ffc9929c1a
feat(GraphQL): playground, served by zot in specific binary ( #753 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-05 12:56:41 -07:00
peusebiu
c146448f01
fix(sync): revert code which removed image destination feature ( #840 )
...
Added an end to end test for this feature, closes #793
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-10-05 11:03:24 -07:00
Nicol
33a431ef43
Update go version to 1.19 ( #829 )
...
* ci: Update go version to 1.19
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
* ci: Fix lint issues
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
* ci: Added needprivileges to lint, made needprivileges pass lint
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-05 13:21:14 +03:00
Ramkumar Chinchani
50aacb6e07
fix(license-check): also account for another result condition ( #848 )
...
Earlier checks did not report non-golang code dependencies. Now they do,
so account for that.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-04 13:36:19 -07:00
Ramkumar Chinchani
65df973f70
fix(ci/cd): update the commit msg checker settings ( #846 )
...
Update the checker to check for length limits and against all commits.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-04 09:56:07 +03:00
Ramkumar Chinchani
f235f88426
chore(deps): update dependabot dependency update alerts ( #845 )
...
https://github.com/project-zot/zot/pull/819
https://github.com/project-zot/zot/pull/841
https://github.com/project-zot/zot/pull/842
https://github.com/project-zot/zot/pull/843
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-03 14:33:52 -07:00
Catalin Hofnar
bd9e6fc7e3
Removed swagger requirement from binary-minimal and binary ( #838 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-03 09:53:44 -07:00
Ramkumar Chinchani
f658ef66ee
style(ci/cd): add a commit msg style checker ( #796 )
...
https://www.conventionalcommits.org/en/v1.0.0-beta.4/#summary
The commit message should be structured as follows:
<type>[optional scope]: <description>
[optional body]
[optional footer]
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-30 16:08:23 -07:00
peusebiu
8237f8d20a
storage: Move common code in helper functions, closes #730 ( #820 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-09-30 10:35:16 -07:00
Bogdan Bivolaru
67294cc669
Add graphql query for retrieving imgSummary based on repo:tag image id. ( #814 )
...
Refactor Image GqlResolver to better suit GetManifest.
Changed GetManifest to also return digest.
Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
2022-09-30 10:32:32 -07:00
LaurentiuNiculae
885f139e0e
Remove forking logger ( #825 )
...
- no longer needed, the race conditions were fixed
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2022-09-29 13:28:39 -07:00
Andrei Aaron
e0d808b196
Include image vulnerability information in ImageSummary ( #798 )
...
Return this data as part of GlobalSearch and RepoListWithNewestImage
query results.
This commit also includes refactoring of the CVE scanning logic in
order to better encapsulate trivy specific logic, remove CVE scanning
logic from the graphql resolver.
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-09-28 11:39:54 -07:00
Ramkumar Chinchani
69753aa39a
add sponsors info ( #828 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-27 19:57:52 -07:00
Andreea Lupu
5ef023dbc1
add enable/disable option for scrub extension ( #827 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-09-27 18:06:50 -07:00
Ramkumar Chinchani
18d17f5d4c
also sync golang 1.19 ( #826 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-27 11:31:54 -07:00
LaurentiuNiculae
b9d878e013
Fix logger race condition ( #817 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2022-09-26 18:18:28 +03:00
Nicol
6b1d8925c2
Validate Annotations present in image manifest and fallback to annotations in the config if not available ( #790 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-09-23 09:28:30 -07:00
Lisca Ana-Roberta
1bad90bb9d
add debug flag for zli commands ( #785 )
...
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-09-23 09:24:01 -07:00
Lisca Ana-Roberta
0f7b174fc0
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com> ( #713 )
...
list all images that have are base images for the given image + zli command
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-09-23 09:23:31 -07:00