Ramkumar Chinchani
e68baa42e3
chore: fix dependabot alerts ( #2551 )
...
https://github.com/project-zot/zot/pull/2535
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-15 13:04:37 -07:00
Anders Bennedsgaard
8262c46ad7
Fix sync extension logging ( #2537 )
...
* fix: nil pointer dereference on localimagestore
fixes https://github.com/project-zot/zot/issues/2527
Signed-off-by: Anders Bennedsgaard <abbennedsgaard@gmail.com>
* fix: no logging from sync extension imagestore
Signed-off-by: Anders Bennedsgaard <abbennedsgaard@gmail.com>
* feat: create local imagestore not found error
Signed-off-by: Anders Bennedsgaard <abbennedsgaard@gmail.com>
* fix: add test
Signed-off-by: Anders Bennedsgaard <abbennedsgaard@gmail.com>
---------
Signed-off-by: Anders Bennedsgaard <abbennedsgaard@gmail.com>
2024-07-15 10:30:43 -07:00
Ramkumar Chinchani
e5eacaa082
chore: fix dependabot alerts ( #2531 )
...
https://github.com/project-zot/zot/pull/2519
https://github.com/project-zot/zot/pull/2528
https://github.com/project-zot/zot/pull/2529
https://github.com/project-zot/zot/pull/2530
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-09 19:49:33 +03:00
peusebiu
1c2736d970
fix(storage): handle dedupe disabled in GetAllDedupeReposCandidates() ( #2533 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-07-09 15:33:11 +03:00
Ramkumar Chinchani
aaee0220e4
Merge pull request from GHSA-55r9-5mx9-qq7r
...
when a client pushes an image zot's inline dedupe
will try to find the blob path corresponding with the blob digest
that it's currently pushed and if it's found in the cache
then zot will make a symbolic link to that cache entry and report
to the client that the blob already exists on the location.
Before this patch authorization was not applied on this process meaning
that a user could copy blobs without having permissions on the source repo.
Added a rule which says that the client should have read permissions on the source repo
before deduping, otherwise just Stat() the blob and return the corresponding status code.
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Petu Eusebiu <peusebiu@cisco.com>
2024-07-08 11:35:44 -07:00
Ramkumar Chinchani
002ff05f6e
chore: fix dependabot alerts ( #2504 )
...
https://github.com/project-zot/zot/pull/2502
https://github.com/project-zot/zot/pull/2507
https://github.com/project-zot/zot/pull/2508
https://github.com/project-zot/zot/pull/2509
https://github.com/project-zot/zot/pull/2510
https://github.com/project-zot/zot/pull/2511
https://github.com/project-zot/zot/pull/2512
https://github.com/project-zot/zot/pull/2514
https://github.com/project-zot/zot/pull/2515
https://github.com/project-zot/zot/pull/2516
https://github.com/project-zot/zot/pull/2517
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-07-01 13:29:39 -07:00
Ramkumar Chinchani
0d0eae502e
chore: fix dependabot alerts ( #2499 )
...
https://github.com/project-zot/zot/pull/2489
https://github.com/project-zot/zot/pull/2490
https://github.com/project-zot/zot/pull/2491
https://github.com/project-zot/zot/pull/2492
https://github.com/project-zot/zot/pull/2493
https://github.com/project-zot/zot/pull/2494
https://github.com/project-zot/zot/pull/2495
https://github.com/project-zot/zot/pull/2496
https://github.com/project-zot/zot/pull/2497
https://github.com/project-zot/zot/pull/2498
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-06-25 13:17:27 -07:00
Ramkumar Chinchani
fb2edcc269
chore: fix dependabot alerts ( #2486 )
...
https://github.com/project-zot/zot/pull/2475
https://github.com/project-zot/zot/pull/2477
https://github.com/project-zot/zot/pull/2478
https://github.com/project-zot/zot/pull/2479
https://github.com/project-zot/zot/pull/2480
https://github.com/project-zot/zot/pull/2481
https://github.com/project-zot/zot/pull/2482
https://github.com/project-zot/zot/pull/2483
https://github.com/project-zot/zot/pull/2484
https://github.com/project-zot/zot/pull/2485
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-06-17 20:31:01 +03:00
Ramkumar Chinchani
a460e7f441
chore: fix dependabot alerts ( #2474 )
2024-06-15 07:14:44 +03:00
peusebiu
e023936e8e
fix(ui): fix image details view ( #2470 )
...
when a UI client tries to view image details
for an image with multiple tags pointing to the same digest
we make a query to dynamodb having duplicate keys (same digest)
resulting in an error and the client is redirect back to image
overview.
closes : #2464
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-06-14 09:22:48 -07:00
Ramkumar Chinchani
56f41dcc15
chore: fix dependabot alerts ( #2471 )
2024-06-14 07:09:59 +03:00
Ramkumar Chinchani
f5fef2384a
chore: fix dependabot alerts ( #2462 )
...
* chore: fix dependabot alerts
https://github.com/project-zot/zot/pull/2451
https://github.com/project-zot/zot/pull/2452
https://github.com/project-zot/zot/pull/2453
https://github.com/project-zot/zot/pull/2454
https://github.com/project-zot/zot/pull/2455
https://github.com/project-zot/zot/pull/2456
https://github.com/project-zot/zot/pull/2457
https://github.com/project-zot/zot/pull/2458
https://github.com/project-zot/zot/pull/2459
https://github.com/project-zot/zot/pull/2460
https://github.com/project-zot/zot/pull/2461
https://github.com/project-zot/zot/pull/2463
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* chore: mockoidc has moved to github.com/go-jose/go-jose/v3
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* chore: quiet aws/s3 golang api deprecations
These need to be addressed in a separate PR.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-06-12 22:51:32 -07:00
peusebiu
a4b6892a9c
remove unnecessary calls to storage driver ( #2432 )
...
fix(storage): remove unnecessary calls to storage driver
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-06-04 11:39:18 -07:00
Ramkumar Chinchani
1594852428
chore: fix dependabot alerts ( #2446 )
...
* chore: fix dependabot alerts
https://github.com/project-zot/zot/pull/2435
https://github.com/project-zot/zot/pull/2436
https://github.com/project-zot/zot/pull/2437
https://github.com/project-zot/zot/pull/2438
https://github.com/project-zot/zot/pull/2439
https://github.com/project-zot/zot/pull/2440
https://github.com/project-zot/zot/pull/2441
https://github.com/project-zot/zot/pull/2442
https://github.com/project-zot/zot/pull/2443
https://github.com/project-zot/zot/pull/2444
https://github.com/project-zot/zot/pull/2445
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* fix(zli): _schema query in zli code should not use empty parens
Fix also some tests
See https://github.com/vektah/gqlparser/issues/292 and https://github.com/vektah/gqlparser/pull/293
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
2024-06-04 13:54:30 +03:00
Vishwas Rajashekar
767f81d4f5
feat(sync): support for periodic repo sync in scale-out cluster ( #2424 )
...
This commit includes support for periodic repo sync in a scale-out
cluster.
Before this commit, all cluster members would sync all the repos as
the config is shared.
With this change, in periodic sync, the cluster member checks whether
it manages the repo. If it does not manage the repo, it will skip the
sync.
This commit also includes a unit test to test on-demand sync too, but
there are no logic changes for it as it is implicitly handled by the
proxying logic.
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-05-31 09:25:34 -07:00
Andrei Aaron
2bb46b0562
chore: fix dependabot alerts ( #2431 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-05-27 14:37:27 -07:00
Vishwas R
5ae7a028d9
feat(cluster): Add support for request proxying for scale out ( #2385 )
...
* feat(cluster): initial commit for scale-out cluster
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* feat(cluster): support shared storage scale out
This change introduces support for shared storage backed
zot cluster scale out.
New feature
Multiple stateless zot instances can run using the same shared
storage backend where each instance looks at a specific set
of repositories based on a siphash of the repository name to improve
scale as the load is distributed across multiple instances.
For a given config, there will only be one instance that can perform
dist-spec read/write on a given repository.
What's changed?
- introduced a transparent request proxy for dist-spec endpoints based on
siphash of repository name.
- new config for scale out cluster that specifies list of
cluster members.
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-05-20 09:05:21 -07:00
Vishwas R
be5ad66797
refactor(http): refactor http client to accept more customisable options ( #2414 )
...
refactor(http): refactor http client to take options struct
This commit updates the arguments for the `CreateHTTPClient`
function to consume a struct which can be extended as required.
It replaces the certPath argument with a struct of 3 paths for
client ertificate, client key, and ca cert. It also adds
a TLSEnabled option for when an HTTP Client is required
without any further TLS config.
Existing consumers of this function have been updated so that
they can work as they do today. This change is a no-op for
existing features.
This allows for certificate paths to be customised and
allows other modules to re-use the same HTTP client and get
the benefits of mTLS support and per-host certificates.
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-05-06 13:43:41 -07:00
Ramkumar Chinchani
4671e412fc
chore: fix dependabot alerts ( #2411 )
...
GHSA-jw44-4f3j-q396
https://github.com/project-zot/zot/pull/2406
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-30 11:10:38 +03:00
Ramkumar Chinchani
186855b5f8
fix: additional input validation for CVE graphQL query ( #2408 )
...
It is possible to ask for a very large limit size which can exhaust
memory.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-24 09:23:17 +03:00
Ramkumar Chinchani
7b1fc0450e
chore: fix dependabot alerts ( #2399 )
...
https://github.com/project-zot/zot/pull/2395
https://github.com/project-zot/zot/pull/2395
https://github.com/project-zot/zot/pull/2396
https://github.com/project-zot/zot/pull/2397
https://github.com/project-zot/zot/pull/2401
https://github.com/project-zot/zot/pull/2402
https://github.com/project-zot/zot/pull/2403
https://github.com/project-zot/zot/pull/2404
https://github.com/project-zot/zot/pull/2405
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-22 12:52:46 -07:00
Ramkumar Chinchani
8294838795
ci: fix localstack docker uri ( #2400 )
...
The image is being published on dockerhub at localstack/localstack
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-21 22:30:00 -07:00
Ramkumar Chinchani
66611cb8d3
chore: disable content trust check for localstack image ( #2398 )
...
localstack images published to dockerhub don't appear to be signed via
docker content trust.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-20 22:41:25 -07:00
Ramkumar Chinchani
7146826126
ci: upgrade localstack to v3.3.0 ( #2390 )
...
There are performance improvements in recent releases of localstack.
1) install localstack via "pip install" and requires python 3.11
2) also pull a recently pushed localstack docker image to ghcr.io
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-19 00:08:36 -07:00
Ramkumar Chinchani
6898b31842
chore: fix dependabot alerts ( #2393 )
2024-04-19 07:58:25 +03:00
Ramkumar Chinchani
6b4d8364be
ci: update zap scan docker image location ( #2391 )
...
https://github.com/zaproxy/zaproxy/issues/8440
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-16 09:22:03 +03:00
Ramiro Algozino
0160c9fc6b
fix(cli/server): serve command expected positional args ( #2382 )
...
fix(cli/server): serve command expected positinal args
Expect exactly one positional argument for the serve command with the
path to the config file.
Signed-off-by: Ramiro Algozino <ramiro@sighup.io>
2024-04-11 09:51:41 -07:00
Ramkumar Chinchani
6b3c160176
chore: fix dependabot alerts ( #2377 )
...
https://github.com/project-zot/zot/pull/2368
https://github.com/project-zot/zot/pull/2369
https://github.com/project-zot/zot/pull/2370
https://github.com/project-zot/zot/pull/2371
https://github.com/project-zot/zot/pull/2372
https://github.com/project-zot/zot/pull/2373
https://github.com/project-zot/zot/pull/2374
https://github.com/project-zot/zot/pull/2375
https://github.com/project-zot/zot/pull/2376
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-09 10:40:16 +03:00
Ramkumar Chinchani
6f8c058dc6
chore: fix dependabot alerts ( #2366 )
...
https://github.com/project-zot/zot/pull/2355
https://github.com/project-zot/zot/pull/2356
https://github.com/project-zot/zot/pull/2357
https://github.com/project-zot/zot/pull/2358
https://github.com/project-zot/zot/pull/2359
https://github.com/project-zot/zot/pull/2360
https://github.com/project-zot/zot/pull/2361
https://github.com/project-zot/zot/pull/2362
https://github.com/project-zot/zot/pull/2363
https://github.com/project-zot/zot/pull/2364
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-03 09:57:05 +03:00
Ramkumar Chinchani
8f1c5a021f
ci: add description field to our published images ( #2354 )
...
Fixes issue #2353
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-04-01 08:40:09 -07:00
Ramkumar Chinchani
819994cca1
chore: fix dependabot alerts ( #2352 )
...
https://github.com/project-zot/zot/pull/2343
https://github.com/project-zot/zot/pull/2349
https://github.com/project-zot/zot/pull/2350
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-26 11:33:25 -07:00
Andrei Aaron
864cd00b9e
fix: Allow GET requests on repositories not found in metadb ( #2351 )
...
The issue was reported on Slack.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-03-26 18:38:58 +02:00
Ramkumar Chinchani
5639dfb2a9
chore: fix dependabot alerts ( #2348 )
2024-03-26 06:48:22 +02:00
Andrei Aaron
dd6b6a5a7b
feat(ui): new signature UX ( #2339 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-03-25 10:38:09 -07:00
Vishwas R
aa53782e5c
feat: show brief package list in image CVE listings ( #2338 )
...
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-03-25 10:36:14 -07:00
Ramkumar Chinchani
4105f120ef
ci: add a ML model artifact test case ( #2332 )
...
Both as a test and an example.
Inspired by:
https://github.com/kubeflow/model-registry/blob/main/docs/logical_model.md
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-21 22:30:43 +02:00
Andrei Aaron
8b4abc6ef6
Add a job to check zot config examples (and fix existing examples) ( #2322 )
...
* fix: Add credentials config verification
(cherry picked from commit e7fdfa0bcc
)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: Update golang version to 1.21.x
Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit cbc0f89dfb
)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: LDAP credentials files are now required, add more tests
Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit b74366d50b
)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: Update error handling, add more tests
Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit 8a61bbc2d4
)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: Add coverage
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: onidoru <onidoru@yahoo.com>
Co-authored-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
2024-03-21 10:23:37 -07:00
Andrei Aaron
375c35c5a1
chore: update to go 1.22 ( #2330 )
...
* chore: update to go 1.22
Only go toolchain version is updated.
We compile with go 1.22, but we allow others to compile using language version 1.21 if they wish to.
If we also updated the go version in go.mod everyone would be forced to update, as that is enforced as a minimum allowed version.
This comment explains the difference well enough https://news.ycombinator.com/item?id=36455759
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: fix freeBSD AMD64 build
Looks like they made some cleanup in the logic allowing buildmode pie on various platforms.
Related to https://github.com/golang/go/issues/31544
See the code at: https://cs.opensource.google/go/go/+/master:src/internal/platform/supported.go;l=222-231;drc=d7fcb5cf80953f1d63246f1ae9defa60c5ce2d76;bpv=1;bpt=0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-03-20 11:53:11 -07:00
Ramkumar Chinchani
28e9aabecf
chore: fix dependabot alerts ( #2331 )
...
https://github.com/project-zot/zot/pull/2324
https://github.com/project-zot/zot/pull/2325
https://github.com/project-zot/zot/pull/2326
https://github.com/project-zot/zot/pull/2327
https://github.com/project-zot/zot/pull/2328
https://github.com/project-zot/zot/pull/2329
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-20 07:37:29 +02:00
Ravi Chamarthy
eec277e14d
chore: update support matrix
...
Signed-off-by: Ravi Chamarthy <ravi@chamarthy.dev>
2024-03-14 09:43:42 -07:00
Ravi Chamarthy
4ddfcdd092
chore: add ossf scorecard
...
Signed-off-by: Ravi Chamarthy <ravi@chamarthy.dev>
2024-03-14 09:43:42 -07:00
Ramkumar Chinchani
ce7a9466c6
chore: update zui version ( #2319 )
2024-03-13 07:33:23 +02:00
Ramkumar Chinchani
fdb401273c
fix: ignore metadb errors if tag not found ( #2301 )
2024-03-13 07:28:08 +02:00
Vishwas R
c7472a2dda
feat: add verbose mode for cves for image listing ( #2308 )
...
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
2024-03-12 13:38:48 -07:00
Ramkumar Chinchani
413514c0d4
chore: fix dependabot alerts ( #2317 )
2024-03-12 08:03:29 +02:00
ossfellow
dc0e41ad53
test(blackbox): add multi-arch index creation and image attributes modification ( #2306 )
...
* test: add multi-arch index creation and image modification tests
Signed-off-by: ossfellow <masoud@operatik.io>
* chore: update regclient version to the latest
Signed-off-by: ossfellow <masoud@operatik.io>
---------
Signed-off-by: ossfellow <masoud@operatik.io>
2024-03-08 08:49:12 -08:00
Ramkumar Chinchani
2dd1fc9316
chore: fix dependabot alerts ( #2302 )
...
https://github.com/project-zot/zot/pull/2297
https://github.com/project-zot/zot/pull/2298
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-07 21:20:35 +02:00
Ramkumar Chinchani
18235ca254
fix(oras)!: remove ORAS artifact references support ( #2294 )
...
* fix(oras)!: remove ORAS artifact references support
ORAS artifacts/references predated OCI dist-spec 1.1.0 which now has the
same functionality and likely to see wider adoption.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
* test: update to released official images
So that they are unlikely to be deleted.
*-rc images may be cleaned up over time.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-06 12:16:42 -08:00
LaurentiuNiculae
5039128723
feat(cve): cli cve diff ( #2242 )
...
* feat(gql): add new query for diff of cves for 2 images
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
* feat(cli): add cli for cve diff
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2024-03-06 10:40:29 +02:00
Ramkumar Chinchani
752b9e87c1
chore: fix dependabort alerts ( #2295 )
...
https://github.com/project-zot/zot/pull/2287
https://github.com/project-zot/zot/pull/2288
https://github.com/project-zot/zot/pull/2289
https://github.com/project-zot/zot/pull/2290
https://github.com/project-zot/zot/pull/2291
https://github.com/project-zot/zot/pull/2292
https://github.com/project-zot/zot/pull/2293
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2024-03-04 21:30:27 +02:00