0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

32 commits

Author SHA1 Message Date
Andrei Aaron
dd1c73cadd
build(workflows): make sure we install the crio package matching the correct ubuntu version (#2048)
The GH runner with name ubuntu-latest is at the moment running Ubuntu 22.04,
The workflow was picking the package for Ubuntu 20.04

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-11-15 10:13:20 -08:00
Ramkumar Chinchani
56e3580687
ci: update localstack to 2.3.1 (#1869)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-29 11:32:27 -07:00
Andrei Aaron
0ec6f8acf8
ci(localstack): pin localstack python package to 2.2.0 and pull container image from ghcr (#1867)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-29 11:40:46 +03:00
Alexei Dodon
3a9a932791
fix: reduce test run time (#1832)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-28 21:59:52 +03:00
Andrei Aaron
6115eed4ec
refactor(makefile): consolidate the make targets used for bats tests (#1746)
New examples of running tests:

1. To run a specific bats file (with and without verbose output):
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats BATS_VERBOSITY=2

2. To run the CI tests (with and without verbose output)
make run-blackbox-ci
make run-blackbox-ci BATS_VERBOSITY=2

BATS_TEST_FILE_PATH is used to pass on the test file to run using `run-blackbox-tests`
BATS_VERBOSITY controls the verbosity of the bats framework output, if unspecified the output only
contains test results and failure message in case of failures.
If BATS_VERBOSITY is 1, then also show commands as they are executed.
If BATS_VERBOSITY is 2, on top of the above it also shows output of passed tests.

Other changes in this PR:
- Update some of the tests to show logs after the run ends.
- Run the linters before the tests, as it saves time on failures when running in GH

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-07 21:06:21 +03:00
Ramkumar Chinchani
75a76005b4
chore: fix dependabot alerts (#1763)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-05 22:30:49 +03:00
peusebiu
c6b822f3dd
refactor(authz): use a struct for user access control info operations (#1682)
fix(authz): fix isAdmin not using groups to determine if a user is admin.
fix(authz): return 401 instead of 403

403 is correct as per HTTP spec
However authz is not part of dist-spec and clients know only about 401
So this is a compromise.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 11:13:53 -07:00
peusebiu
b80deb9927
refactor(storage): refactor storage into a single ImageStore (#1656)
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types

refactor(gc): drop umoci dependency, implemented internal gc

added retentionDelay config option that specifies
the garbage collect delay for images without tags

this will also clean manifests which are part of an index image
(multiarch) that no longer exist.

fix(dedupe): skip blobs under .sync/ directory

if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage

fix(storage): do not allow image indexes modifications

when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 10:54:39 -07:00
Alexei Dodon
41bbb23e30
fix: bats test refactoring (#1731)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-30 12:24:28 -07:00
Alexei Dodon
ca2904762a
fix(ci/cd): detect uncommited swagger docs (#1724)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-23 19:21:43 +03:00
LaurentiuNiculae
ed90e3bd24
test(annotations): print logs for annotations bats tests (#1680)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-07 13:51:57 -07:00
peusebiu
17d1338af1
feat: integrate openID auth logic and user profile management (#1381)
This change introduces OpenID authn by using providers such as Github,
Gitlab, Google and Dex.
User sessions are now used for web clients to identify
and persist an authenticated users session, thus not requiring every request to
use credentials.
Another change is apikey feature, users can create/revoke their api keys and use them
to authenticate when using cli clients such as skopeo.

eg:
login:
/auth/login?provider=github
/auth/login?provider=gitlab
and so on

logout:
/auth/logout

redirectURL:
/auth/callback/github
/auth/callback/gitlab
and so on

If network policy doesn't allow inbound connections, this callback wont work!

for more info read documentation added in this commit.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-07-07 09:27:10 -07:00
Ramkumar Chinchani
7dd17be96d
chore: fix dependabot alerts (#1517)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-06-16 10:28:43 +03:00
Andrei Aaron
60148138d5
ci(cri-o): update cri-o installation steps (#1470)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-05-23 17:01:10 +03:00
Ramkumar Chinchani
635d07ae04
chore: update golang (to 1.20.x) and golangci-linter (#1388)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-27 00:09:46 -07:00
LaurentiuNiculae
9cc990d7ca
feat(repodb): add user related information to repodb (#1317)
Initial code was contributed by Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
Moved implementation from a separate db to repodb by Andrei Aaron <aaaron@luxoft.com>

Not done yet:
- run/test dynamodb implementation, only boltdb was tested
- add additional coverage for existing functionality
- add web-based APIs to toggle the stars/bookmarks on/off

Initially graphql mutation was discussed for the missing API but
we decided REST endpoints would be better suited for configuration



feat(userdb): complete functionality for userdb integration

- dynamodb rollback changes to user starred repos in case increasing the total star count fails
- dynamodb increment/decrement repostars in repometa when user stars/unstars a repo
- dynamodb check anonymous user permissions are working as intendend
- common test handle anonymous users
- RepoMeta2RepoSummary set IsStarred and IsBookmarked



feat(userdb): rest api calls for toggling stars/bookmarks on/off



test(userdb): blackbox tests



test(userdb): move preferences tests in a different file with specific build tags



feat(repodb): add is-starred and is-bookmarked fields to repo-meta

- removed duplicated logic for determining if a repo is starred/bookmarked

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
2023-04-24 11:13:15 -07:00
Ramkumar Chinchani
9638899e6e
test: additional blackbox tests for client push/pull (#1371)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-04-13 13:47:38 -07:00
Ramkumar Chinchani
906f8ce621
chore(deps): fix dependabot alerts (#1291)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-03-22 12:33:21 -07:00
LaurentiuNiculae
5d1f91a79f
feat(repodb): update referrers api to use repodb (#1230)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-03-10 10:37:29 -08:00
Andrei Aaron
fac1d1d05d
chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage (#1068)
1. chore(trivy): update trivy library version

The trivy team switched github.com/urfave/cli for viper so
there are some other code changes as well.

Since we don't use github.com/urfave/cli directly in our software
we needed to add a tools.go in order for "go mod tidy" to not delete it.
See this pattern explained in:
- https://github.com/99designs/gqlgen#quick-start
- https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
- https://github.com/go-modules-by-example/index/blob/master/010_tools/README.md#walk-through

The jobs using "go get -u" have been updated to use "go install", since go get
modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older
version with broken dependencies

2. fix(storage) Update local storage to ignore folder names not compliant with dist spec
Also updated trivy to download the DB and cache results under the rootDir/_trivy folder

3. fix(s3): one of the s3 tests was missing the skipIt call
This caused a failure when running locally without s3 being available

4. make sure the offline scanning is enabled, and zot only downloads the trivy DB
on the regular schedule, and doesn't download the DB on every image scan

ci: increase build and test timeout as tests are reaching the limit more often

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-01-18 08:24:44 -08:00
Ramkumar Chinchani
69f0cf6bb4
fix(config): warn if cve is used with remote storage driver (#1034)
* fix(config): warn if cve is used with remote storage driver

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>

* fix: also check if search is enabled

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-11-30 09:35:06 +02:00
Catalin-George Hofnar
31b9481713
feat(cache): dynamodb implementation (#953)
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-11-22 10:29:57 -08:00
Nicol
d93c68af33
test: Build images with annotations (#872)
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-10-18 20:47:41 -07:00
Nicol
33a431ef43
Update go version to 1.19 (#829)
* ci: Update go version to 1.19

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Fix lint issues

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Added needprivileges to lint, made needprivileges pass lint

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-05 13:21:14 +03:00
Ramkumar Chinchani
5c01c4eab4
support OCI image index at manifest endpoint (#638)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-20 11:18:48 +03:00
Nicol Draghici
a702a2377e Remove AllowReadOnly and ReadOnly
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Remove check and set header every time

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-08-10 14:27:21 -07:00
Ramkumar Chinchani
76b811b029 harden github action/workflow perms
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-18 01:05:09 -07:00
Ramkumar Chinchani
595e1bca59 fix dependabot alerts
https://github.com/project-zot/zot/pull/624
https://github.com/project-zot/zot/pull/625
https://github.com/project-zot/zot/pull/626
https://github.com/project-zot/zot/pull/627
https://github.com/project-zot/zot/pull/628

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 12:03:08 -07:00
Petu Eusebiu
01d742718f ci/cd: fix oras cli flags after it got updated
installing notation and oras not needed anymore

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-12 10:02:51 -07:00
Alex Stan
ada21ed842 Manage builds with different combinations of extensions
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.

added custom binary naming depending on extensions used and changed references from binary to binary-extended

added automated blackbox tests for sync, search, scrub, metrics

added contributor guidelines

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-06-30 09:53:52 -07:00
Alex Stan
66484c8ca9 changed go version to 1.18
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-06-09 04:38:06 -07:00
Ramkumar Chinchani
c73e71b018 ci/cd: add a basic push-pull testing using client tools
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-07 10:03:24 -08:00