Andrei Aaron
dc38113df0
chore: use go1.23 in the build environment of zot container images ( #2773 )
...
* chore: use go1.23 in the build environment of zot container images
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: increase timeout in test/blackbox/restore_s3_blobs.bats
Looks like the message is actually there even if the test fails, maybe there is a timing issue.
https://github.com/project-zot/zot/actions/runs/11747889146/job/32730772641
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-11-10 10:36:09 -08:00
Ramkumar Chinchani
c9914912d4
chore: fix dependabot alerts ( #2770 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-11-08 10:24:19 -08:00
Ramkumar Chinchani
5465aa0d51
build: migrate to golang 1.23.x ( #2701 )
...
* build: migrate to golang 1.23.x
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* fix: golangci-lint reported errors
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-11-08 08:58:55 -08:00
Andrei Aaron
a76bfd4283
chore: update Trivy and Trivy dependencies ( #2763 )
...
The Trivy library now supports multiple locations from where to download the DBs.
The zot code has been updated to properly call the updated library functions.
If at some point we would want to support multiple Trivy DBs in zot, we could look into it more.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-11-07 09:03:37 -08:00
Andreea Lupu
f17dd2608a
fix: prevent releases of helm chart with pre-releases of zot ( #2755 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-11-04 08:51:44 +02:00
Andrei Aaron
da923ae232
chore: update go tests to use our hosted trivy-db and trivy-java-db images ( #2754 )
...
There are 2 remaining exceptions that I am aware of:
1. The tests under test/blackbox/cve.bats
2. One of the cli tests checking the server attempts download of the databases
from the default url
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-11-01 14:14:52 -07:00
Ramkumar Chinchani
30ecceda8c
chore: fix dependabot alerts ( #2753 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* build: bump up ui version to commit-7bd1d7d
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-10-31 20:59:36 -07:00
Ramkumar Chinchani
cb2af94b0b
feat: add support for docker images ( #2714 )
...
* feat: add support for docker images
Issue #724
A new config section under "HTTP" called "Compat" is added which
currently takes a list of possible compatible legacy media-types.
https://github.com/opencontainers/image-spec/blob/main/media-types.md#compatibility-matrix
Only "docker2s2" (Docker Manifest V2 Schema V2) is currently supported.
Garbage collection also needs to be made aware of non-OCI compatible
layer types.
feat: add cve support for non-OCI compatible layer types
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
*
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* test: add more docker compat tests
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* feat: add additional validation checks for non-OCI images
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* ci: make "full" images docker-compatible
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-10-31 09:44:04 +02:00
Ramkumar Chinchani
403fd4eb61
chore: fix dependabot alerts ( #2750 )
2024-10-30 13:09:36 +02:00
Evan
c2facc9958
fix: enable TLS based on URL scheme for sync extension ( #2747 )
...
Signed-off-by: evanebb <78433178+evanebb@users.noreply.github.com>
2024-10-29 09:40:24 +02:00
Andrei Aaron
51e779fab4
fix: improve output of zot verify ( #2745 )
...
See #2744 , there are 2 updates:
1. Silence the usage output in case of config verification errors
2. Wrap the error details in all of the zot configuration errors so they are propagated and shown in stdout for `zot verify`
We also need to keep logging those message to the zot logs file since the same logic is caled in the `zot serve` use case.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-25 13:42:03 -07:00
Andrei Aaron
ca1eb76c7e
chore: less confusing warning message when unexpected media type is found in index manifest list ( #2746 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-25 13:39:05 -07:00
Ramkumar Chinchani
f735680ce2
chore: fix dependabot alerts ( #2742 )
2024-10-23 08:43:07 +03:00
Andrei Aaron
da6bd56a21
fix: issues with nested index processing in CVE and metaDB code ( #2732 )
...
Also fix an issue with searching tags, which should work with case insensitive searches.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-21 09:57:43 -07:00
Tuấn Vương
edb5491428
fix: max wait time on dynamodb ( #2730 )
...
Signed-off-by: Tuan Vuong <vanhtuan0409@gmail.com>
2024-10-20 12:14:50 +03:00
Ramkumar Chinchani
6471bed3a5
chore: fix dependabot alerts ( #2729 )
...
https://github.com/project-zot/zot/pull/2718
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-10-16 12:59:09 +03:00
Andrei Aaron
8820408d0a
chore: reduce number of spurious log messages produced by GetNextDigestWithBlobPaths ( #2727 )
...
Exit early in case of all folders and known non-blob file names.
This avoids the logic for validating digests, and log message generation.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-15 09:29:01 -07:00
Andrei Aaron
a10c5fa7ab
test: add more tests for GCing indexes referencing other indexes referencing manifests ( #2716 )
...
Looks like we didn't have many GC tests for retaining multiarch images.
I added more data to the existing image retention tests, besides the new GC tests.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-11 20:31:48 +03:00
Ramkumar Chinchani
c89be3ad31
chore: fix dependabot alerts ( #2709 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-10-07 16:20:37 -07:00
peusebiu
513f2a0dc9
fix(s3): fix check in dedupe logic ( #2700 )
...
cache.HasBlob() looks in both buckets: duplicates and original blobs
Because we want to check if the blob is in original bucket let's use
cache.GetBlob() because it's looking only in original bucket.
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com>
2024-10-03 12:27:58 -07:00
peusebiu
e6624a29a5
feat(graphql): Add LastPullTimestamp and PushTimestamp in ImageSummar… ( #2699 )
...
feat(graphql): Add LastPullTimestamp and PushTimestamp in ImageSummary resposne
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com>
2024-10-03 12:27:03 -07:00
peusebiu
cfbeeff7bb
fix(metrics): update storage metrics on gc ( #2698 )
...
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com>
2024-10-03 11:26:22 -07:00
Andrei Aaron
d42ac4cd0d
fix(delete manifest): distinct behaviors for delete by tag vb delete by digest ( #2626 )
...
In case of delete by tag only the tag is removed, the manifest itself would continue to be accessible by digest.
In case of delete by digest the manifest would be completely removed (provided it is not used by an index or another reference).
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-03 09:06:41 -07:00
Ramkumar Chinchani
a31842bd7e
chore: fix dependabot alerts ( #2684 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* ci: fix clustering test by creating separate local dirs
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* ci: free up disk space in cluster tests
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* ci: revert to stacker v1.0.0-rc16
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* ci: fix revert to stacker v1.0.0-rc16
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
2024-10-01 11:11:27 +03:00
Ramkumar Chinchani
df4f9ca9d3
ci: stop using the non-free 4-core runners ( #2695 )
...
Signed-off-by: Jeffrey Sica <me@jeefy.dev>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Co-authored-by: Jeffrey Sica <me@jeefy.dev>
2024-09-30 11:24:24 -07:00
Andrei Aaron
8553712613
chore: upgrade trivy to v0.55.2 and update the logic of waiting for zot to start in some jobs ( #2685 )
...
chore: upgrade trivy to v0.55.2, also update the logic of waiting for zot to start in some jobs
Seems like there's an increate in the time zot requires to start before servicing requests.
From my GitHub observations it is better check using curl instead of relying on hardcoded 5s or 10s values.
The logic in .github/workflows/cluster.yaml seems to be old and out of date.
Even on main right now there is only 1 our of 3 zots actualy running.
The other 2 are actually erroring: Error: operation timeout: boltdb file is already in use, path '/tmp/zot/cache.db'
This is unrelated to this PR, I am seeing the same issue in the olders workflow runs still showing the logs
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-09-30 10:37:53 -07:00
Ramkumar Chinchani
9cf6b0205d
chore: fix dependabot alerts ( #2681 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-27 09:05:14 +03:00
Ramkumar Chinchani
ae185f497c
chore: fix dependabot alerts ( #2670 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-25 11:07:27 -07:00
Ramkumar Chinchani
db888fa385
chore: fix dependabot alerts ( #2664 )
...
https://github.com/project-zot/zot/pull/2660
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-19 23:50:08 -07:00
Ramkumar Chinchani
d73081191d
chore: fix dependabot alerts ( #2648 )
...
https://github.com/project-zot/zot/pull/2646
https://github.com/project-zot/zot/pull/2647
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-12 08:53:12 -07:00
Ramkumar Chinchani
98c8e2801c
fix: work around AWS S3 limits ( #2629 )
...
Fixes issue #2627
We get/put metadata in dynamodb and it appears there are limits enforced
by AWS S3 APIs.
https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_BatchGetItem.html
If you request more than 100 items, BatchGetItem returns a
ValidationException with the message "Too many items requested for the
BatchGetItem call."
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-12 08:26:43 -07:00
Ramkumar Chinchani
58c9c9c29b
chore: fix dependabot alerts ( #2645 )
...
https://github.com/project-zot/zot/pull/2632
https://github.com/project-zot/zot/pull/2633
https://github.com/project-zot/zot/pull/2636
https://github.com/project-zot/zot/pull/2637
https://github.com/project-zot/zot/pull/2638
https://github.com/project-zot/zot/pull/2639
https://github.com/project-zot/zot/pull/2640
https://github.com/project-zot/zot/pull/2642
https://github.com/project-zot/zot/pull/2643
https://github.com/project-zot/zot/pull/2644
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-09 18:32:57 -07:00
Ramkumar Chinchani
9c01204e24
chore: fix dependabot alerts ( #2630 )
...
https://github.com/project-zot/zot/pull/2622
https://github.com/project-zot/zot/pull/2623
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-09-05 16:00:00 -07:00
Ramkumar Chinchani
bfafe01c38
Fix deps ( #2621 )
...
* chore: update go.mod deps
Fix outdated pkgs reported in issue #2522
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* chore: fix dependabot alerts
https://github.com/project-zot/zot/pull/2612
https://github.com/project-zot/zot/pull/2613
https://github.com/project-zot/zot/pull/2614
https://github.com/project-zot/zot/pull/2615
https://github.com/project-zot/zot/pull/2616
https://github.com/project-zot/zot/pull/2617
https://github.com/project-zot/zot/pull/2618
https://github.com/project-zot/zot/pull/2619
https://github.com/project-zot/zot/pull/2620
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-08-20 21:34:43 +03:00
Andrei Aaron
0e6541f204
chore: update UI version ( #2611 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-08-19 08:14:06 -07:00
Ramkumar Chinchani
1acf124280
chore: update go.mod deps ( #2610 )
...
Fix outdated pkgs reported in issue #2522
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-08-14 13:09:45 -07:00
Ramkumar Chinchani
2a164cc56b
chore: update go.mod deps ( #2609 )
...
Fix outdated pkgs reported in issue #2522
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-08-13 11:28:51 -07:00
peusebiu
b461619682
fix(authn): make hashing/encryption keys used to secure cookies ( #2536 )
...
fix(authn): configurable hashing/encryption keys used to secure cookies
If they are not configured zot will generate a random hashing key at startup,
invalidating all cookies if zot is restarted. closes : #2526
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-08-12 15:11:53 -07:00
Ramkumar Chinchani
17dbb56ea1
chore: fix dependabot alerts ( #2594 )
...
https://github.com/project-zot/zot/pull/2592
https://github.com/project-zot/zot/pull/2601
https://github.com/project-zot/zot/pull/2602
https://github.com/project-zot/zot/pull/2603
https://github.com/project-zot/zot/pull/2604
https://github.com/project-zot/zot/pull/2605
https://github.com/project-zot/zot/pull/2606
https://github.com/project-zot/zot/pull/2607
https://github.com/project-zot/zot/pull/2608
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-08-12 15:07:05 -07:00
Andrei Aaron
253aad3195
fix(gc): gc now removes blob uploads which have not changed within the gc delay interval ( #2599 )
...
See #2598
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-08-12 11:58:46 -07:00
Andrei Aaron
2dea22f74a
chore: Update github.com/zitadel/oidc v1 to v3 ( #2585 )
...
Also removes dependency on gopkg.in/square/go-jose.v2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-08-05 09:11:00 -07:00
Jan-Otto Kröpke
fa4b69954d
build(deps): bump all dependencies ( #2532 )
...
* build(deps): bump all dependencies
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
* build(deps): bump all dependencies
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): bump all dependencies
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): bump all dependencies
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
---------
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
2024-08-02 14:23:53 -07:00
Jan-Otto Kröpke
7729fef2fe
build(go.mod): reformat require blocks ( #2582 )
...
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
2024-07-31 11:40:45 +03:00
Ramkumar Chinchani
3b3f5458d4
chore: fix dependabot alerts ( #2580 )
...
https://github.com/project-zot/zot/pull/2572
https://github.com/project-zot/zot/pull/2573
https://github.com/project-zot/zot/pull/2574
https://github.com/project-zot/zot/pull/2575
https://github.com/project-zot/zot/pull/2576
https://github.com/project-zot/zot/pull/2577
https://github.com/project-zot/zot/pull/2578
https://github.com/project-zot/zot/pull/2579
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-30 11:37:33 -07:00
Jan-Otto Kröpke
f618b1d4ef
ci(deps): upgrade golangci-lint ( #2556 )
...
* ci(deps): upgrade golangci-lint
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
* build(deps): removed disabled linters
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
* build(deps): go run github.com/daixiang0/gci@latest write .
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): go run golang.org/x/tools/cmd/goimports@latest -l -w .
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): go run github.com/bombsimon/wsl/v4/cmd...@latest -strict-append -test=true -fix ./...
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): go run github.com/catenacyber/perfsprint@latest -fix ./...
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): replace gomnd by mnd
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build(deps): make gqlgen
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
* build: Revert "build(deps): go run github.com/daixiang0/gci@latest write ."
This reverts commit 5bf8c42e1f
2024-07-29 10:32:51 -07:00
Andrei Aaron
7d87558b7e
fix: various lint issues ( #2571 )
...
Originally found by @jkroepke in: https://github.com/project-zot/zot/actions/runs/10056774230/job/27796324933?pr=2556
And https://github.com/project-zot/zot/pull/2556 in general
This commit covers:
- (canonicalheader) capitalization of Docker-Content-Digest header
- (protogetter) the proto getters were not used, they check for nil pointers, we should switch to using them
- (zerologlint) fix the false positive
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-07-25 10:14:22 -07:00
Jan-Otto Kröpke
048e59186f
ci(deps): bump minio test dependency ( #2555 )
...
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
2024-07-24 13:06:29 +03:00
Ramkumar Chinchani
a7ab16b31e
chore: fix dependabot alerts ( #2569 )
...
https://github.com/project-zot/zot/pull/2559
https://github.com/project-zot/zot/pull/2560
https://github.com/project-zot/zot/pull/2561
https://github.com/project-zot/zot/pull/2562
https://github.com/project-zot/zot/pull/2563
https://github.com/project-zot/zot/pull/2564
https://github.com/project-zot/zot/pull/2565
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-23 13:30:11 -07:00
Ramkumar Chinchani
4bb5ae3c03
ci: use more cores for the extensions test ( #2568 )
...
This test is running into timing issues in our CI.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-23 09:12:40 +03:00
Ramkumar Chinchani
1da32e58c1
ci: use smaller runners for CI pipelines ( #2566 )
...
CNCF has been nice to us to offer larger runners, but we need to be
careful not to abuse them.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-22 10:43:44 -07:00
