0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

180 commits

Author SHA1 Message Date
Andrei Aaron
60dc8569ec
build(go): switch to go 1.21 (#2049)
Also update to the latest swaggo version, as the previous one did not work with go 1.21

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-07 10:54:28 -08:00
Andrei Aaron
4e33c172bb
feat(ui): show more information about CVEs (#2233)
see: https://github.com/project-zot/zui/pull/419

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-02-05 11:40:27 -08:00
Andrei Aaron
ce4924f841
refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-01-31 20:34:07 -08:00
Andreea Lupu
129e503d2d
feat(ui): update zui version (#2216)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-01-31 11:20:57 -08:00
Andrei Aaron
355b1eea4c
feat(ui): show CVE severity statistics in the UI (#2172)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-01-18 21:31:15 -08:00
Andreea Lupu
5a1a8ad9d9
feat(ui): update zui version (#2171)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-01-18 18:34:21 +02:00
Andreea Lupu
029f01ac6e
feat(ui): update zui version (#2162)
It includes the changes for exporting the vulnerabilities list(CSV/MS Excel)

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-01-17 17:22:33 +02:00
Ramkumar Chinchani
c2196e3ae1
Fix deps (#2139)
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* fix: update ui version

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-12-16 10:05:25 +02:00
Andrei Aaron
86b0a226f3
feat(ui): show a message while results are loading for dynamic search (#2134)
See https://github.com/project-zot/zui/issues/397

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-12-12 16:23:59 -08:00
peusebiu
7642e5af98
fix(scheduler): fix data race (#2085)
* fix(scheduler): data race when pushing new tasks

the problem here is that scheduler can be closed in two ways:
- canceling the context given as argument to scheduler.RunScheduler()
- running scheduler.Shutdown()

because of this shutdown can trigger a data race between calling scheduler.inShutdown()
and actually pushing tasks into the pool workers

solved that by keeping a quit channel and listening on both quit channel and ctx.Done()
and closing the worker chan and scheduler afterwards.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>

* refactor(scheduler): refactor into a single shutdown

before this we could stop scheduler either by closing the context
provided to RunScheduler(ctx) or by running Shutdown().

simplify things by getting rid of the external context in RunScheduler().
keep an internal context in the scheduler itself and pass it down to all tasks.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>

---------

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-12-11 10:00:34 -08:00
LaurentiuNiculae
79e14027ee
refactor(test): add lint rule for messages starting with the component (#2045)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-12-08 10:05:02 +02:00
Andrei Aaron
262a904286
feat(ui): update zui version (#2119)
It includes the changes to move the "bug" icon in from of the severity, and the repo "stars" feature

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-12-07 09:22:47 -08:00
Andreea Lupu
37988f13d5
build(zui): add a new env to set the path to a local build of zui (#2118)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-12-07 15:02:29 +02:00
peusebiu
3c8da6e6fc
Sync s3 (#2073)
* feat(sync): local tmp store

Signed-off-by: a <a@tuxpa.in>

* fix(sync): various fixes for s3+remote storage feature

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>

---------

Signed-off-by: a <a@tuxpa.in>
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: a <a@tuxpa.in>
2023-11-28 12:08:15 -08:00
Alexei Dodon
8dd06c6e1e
ci: resource tuning for faster runs (#1967)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-11-15 10:44:31 -08:00
Andrei Aaron
3492f0aad3
build(zui): add new makefile variable for the zui repo (#2030)
To enable building zui from forks in case of local testing

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-11-13 09:57:51 -08:00
Alexei Dodon
16def78d84
fix: update-licenses make target does not use LC_ALL=C locale on some machines (#2023)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-11-09 09:31:08 -08:00
peusebiu
9074f8483b
feat(retention): added image retention policies (#1866)
feat(metaDB): add more image statistics info

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-11-01 09:16:18 -07:00
LaurentiuNiculae
56ad9e6707
refactor(metadb): improve UX by speeding up metadb serialize/deserialize (#1842)
Use protocol buffers and update the metadb interface to better suit our search needs

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-10-30 13:06:04 -07:00
Alexei Dodon
f34af3cb3f
fix: Makefile 'run' target should not depend on running tests (#1969)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-10-27 10:40:12 -07:00
Ramkumar Chinchani
1675f30d4a
ci: update golangci-lint version (#1834)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-10-20 17:27:04 +03:00
Andrei Aaron
7ce5a74598
feat: use the "zot" namespace for the authentication url (#1947)
Some other minor fixes for swaggo comments (indentation and a bad description)

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-10-20 15:30:56 +03:00
Alexei Dodon
12227b4484
fix: quick metrics setup in kind with prometheus (#1897)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-10-16 11:51:00 +03:00
Andreea Lupu
fc2380b57b
fix: add support for uploaded index when signing using notation (#1882)
ci(notation): update to latest notation version
fix(sync): add layers info when syncing signatures

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-10-12 18:45:20 -07:00
Ramkumar Chinchani
ab45356d9a
feat(ui): update UI version (#1926)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-10-12 12:27:30 +03:00
Alexei Dodon
039648a445
ci(licenses): check if licenses file is updated (#1898)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-10-09 20:23:51 -07:00
Ramkumar Chinchani
c6407354b5
build: fix container image targets (#1856)
Use stacker to build OCI image.
Use podman/docker to build docker image.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-10-04 09:12:56 -07:00
Alexei Dodon
2fd7bfc37a
fix: metrics endpoint must be secured behind authN (#1864)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-10-02 16:37:21 +03:00
Alexei Dodon
3a9a932791
fix: reduce test run time (#1832)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-28 21:59:52 +03:00
Ramkumar Chinchani
8c559441e6
test(cosign): add a oci dist-spec 1.1.0 conformant test case (#1835)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-09-20 12:01:36 -07:00
Andrei Aaron
a11fe2d195
feat(pprof): add profiling route handler to debug runtime (#1818)
(cherry picked from commit 56ddb70f624e7070ad0d3531d498675f9f82c664)

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
2023-09-18 14:05:41 -07:00
Alexei Dodon
f58597ade9
refactor: Reduce zli binary size (#1805)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-15 15:17:01 -07:00
Alexei Dodon
98ab43f6ef
fix: can't build zot with empty EXTENSIONS (#1803)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-09-12 11:31:10 -07:00
Andrei Aaron
6115eed4ec
refactor(makefile): consolidate the make targets used for bats tests (#1746)
New examples of running tests:

1. To run a specific bats file (with and without verbose output):
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats
make run-blackbox-tests BATS_TEST_FILE_PATH=test/blackbox/delete_images.bats BATS_VERBOSITY=2

2. To run the CI tests (with and without verbose output)
make run-blackbox-ci
make run-blackbox-ci BATS_VERBOSITY=2

BATS_TEST_FILE_PATH is used to pass on the test file to run using `run-blackbox-tests`
BATS_VERBOSITY controls the verbosity of the bats framework output, if unspecified the output only
contains test results and failure message in case of failures.
If BATS_VERBOSITY is 1, then also show commands as they are executed.
If BATS_VERBOSITY is 2, on top of the above it also shows output of passed tests.

Other changes in this PR:
- Update some of the tests to show logs after the run ends.
- Run the linters before the tests, as it saves time on failures when running in GH

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-07 21:06:21 +03:00
peusebiu
c6b822f3dd
refactor(authz): use a struct for user access control info operations (#1682)
fix(authz): fix isAdmin not using groups to determine if a user is admin.
fix(authz): return 401 instead of 403

403 is correct as per HTTP spec
However authz is not part of dist-spec and clients know only about 401
So this is a compromise.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 11:13:53 -07:00
peusebiu
b80deb9927
refactor(storage): refactor storage into a single ImageStore (#1656)
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types

refactor(gc): drop umoci dependency, implemented internal gc

added retentionDelay config option that specifies
the garbage collect delay for images without tags

this will also clean manifests which are part of an index image
(multiarch) that no longer exist.

fix(dedupe): skip blobs under .sync/ directory

if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage

fix(storage): do not allow image indexes modifications

when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-09-01 10:54:39 -07:00
LaurentiuNiculae
72a5968437
test(bats): added bats example for deleting an image (#1718)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-09-01 17:23:34 +03:00
Alexei Dodon
41bbb23e30
fix: bats test refactoring (#1731)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-30 12:24:28 -07:00
Andrei Aaron
780bbe42d1
feat(ui): update to latest zui version (#1735)
1. Show more detailed signature information in zui (signing tool, trusted, author)
2. Rename dex to oidc - on zui side
3. New screen for zot without images loaded
4. Remove 'Vulnerability' string from the vulnerability chips

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-29 15:52:08 -07:00
Alexei Dodon
ca2904762a
fix(ci/cd): detect uncommited swagger docs (#1724)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-23 19:21:43 +03:00
Alexei Dodon
faf702f9c2
feat: automated detection of OS and ARCH if unset (#1711)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-18 14:18:10 -07:00
LaurentiuNiculae
0731fd3828
test(refactor): refactor tests that use zot-test to use smaller images (#1690)
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2023-08-18 11:46:11 +03:00
Alexei Dodon
e510df7c22
fix: swagger Makefile target broken on darwin (#1701)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-15 13:07:56 -07:00
Alexei Dodon
59922af528
fix: binary-stacker Makefile target is broken (#1689)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-10 12:39:56 -07:00
Alexei Dodon
2142055dc6
fix: Build scripts broken on Mac (#1668)
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2023-08-03 20:53:37 +03:00
Andrei Aaron
77149aa85c
refactor(extensions)!: refactor the extensions URLs and errors (#1636)
BREAKING CHANGE: The functionality provided by the mgmt endpoint has beed redesigned - see details below
BREAKING CHANGE: The API keys endpoint has been moved -  see details below
BREAKING CHANGE: The mgmt extension config has been removed - endpoint is now enabled by having both the search and the ui extensions enabled
BREAKING CHANGE: The API keys configuration has been moved from extensions to http>auth>apikey

mgmt and imagetrust extensions:
- separate the _zot/ext/mgmt into 3 separate endpoints: _zot/ext/auth, _zot/ext/notation, _zot/ext/cosign
- signature verification logic is in a separate `imagetrust` extension
- better hanling or errors in case of signature uploads: logging and error codes (more 400 and less 500 errors)
- add authz on signature uploads (and add a new middleware in common for this purpose)
- remove the mgmt extension configuration - it is now enabled if the UI and the search extensions are enabled

userprefs estension:
- userprefs are enabled if both search and ui extensions are enabled (as opposed to just search)

apikey extension is removed and logic moved into the api folder
- Move apikeys code out of pkg/extensions and into pkg/api
- Remove apikey configuration options from the extensions configuration and move it inside the http auth section
- remove the build label apikeys

other changes:
- move most of the logic adding handlers to the extensions endpoints out of routes.go and into the extensions files.
- add warnings in case the users are still using configurations with the obsolete settings for mgmt and api keys
- add a new function in the extension package which could be a single point of starting backgroud tasks for all extensions
- more clear methods for verifying specific extensions are enabled
- fix http methods paired with the UI handlers
- rebuild swagger docs

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-08-02 21:58:34 +03:00
Ramkumar Chinchani
42f9f78125
ci: add freebsd target for releases (#1660)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-07-31 13:51:03 -07:00
Andrei Aaron
fc47fb91e1
feat(ui): update ui to support cve filtering by platform (#1661)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-07-29 09:19:01 -07:00
Andrei Aaron
46ee330b2a
feat(zui): update to zui supporting social login (#1639)
Also ignore issues related to https://developer.mozilla.org/en-US/docs/Glossary/Fetch_metadata_request_header
It is not clear what the zap tool expectations are from the zot server, as these headers are supposed to be set by the zot client.

As a separate not ZUI sets these headers, but for some reason the scan expects them when scanning zot minimal without the UI

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-07-21 12:50:41 -07:00
peusebiu
1d01b644ea
feat(sync): sync can include self url in registry.URLs (#1562)
sync now ignores self referencing urls, this will help
in clustering mode where we can have the same config
for multiple zots

closes #1335

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-07-10 12:27:21 +03:00