0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

675 commits

Author SHA1 Message Date
Ramkumar Chinchani
2ff8e8b7d2 fix dependabot alerts
https://github.com/project-zot/zot/pull/737
https://github.com/project-zot/zot/pull/738
https://github.com/project-zot/zot/pull/739
https://github.com/project-zot/zot/pull/740

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-23 09:38:30 -07:00
Roxana Nemulescu
ab9a20c1ae Add GraphQL API for getting the information necessary to list images in the zot cli without download manifests.
If this GraphQL API is available, try that first, else fallback to the slowpath.

Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com>
2022-08-23 16:32:00 +03:00
Andreea-Lupu
eb77307b63 fix chart version from pushpull.bats
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-08-22 14:55:32 -07:00
Ramkumar Chinchani
5c01c4eab4
support OCI image index at manifest endpoint (#638)
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-20 11:18:48 +03:00
Andrei Aaron
b9b233e7fc Add the hack folder to .gitignore
To avoid committing it in the future

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-08-19 12:34:01 -07:00
Andrei Aaron
bd9ad998cd Fix file handlers not being closed after calls to ImageStore.GetBlob
This is to fixes hitting the FD limit when reading blobs from the disk in the graphql API

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-08-19 09:22:13 -07:00
Catalin Hofnar
74630ed3a0 Added content-type to Access-Control-Allow-Headers needed for playground preflight
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-08-16 22:47:24 +03:00
Ramkumar Chinchani
2929a62998 fix dependabot alerts
https://github.com/project-zot/zot/pull/725
https://github.com/project-zot/zot/pull/726
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-15 11:47:27 -07:00
Ramkumar Chinchani
4b8e288cd3 fix dependabot alerts
https://github.com/project-zot/zot/pull/712
https://github.com/project-zot/zot/pull/714

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-13 00:02:36 -07:00
Nicol Draghici
a702a2377e Remove AllowReadOnly and ReadOnly
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Remove check and set header every time

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
2022-08-10 14:27:21 -07:00
Alex Stan
a5ed99178e replace dependency of tagsInfo and repoInfo with just a list of manifests
- replace dependency of tagsInfo and repoInfo with a list of manifests, since it provides
all the needed data
- Mock tests added

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-08-09 17:54:18 -07:00
Ramkumar Chinchani
86401de3b0 fix dependabot alerts
https://github.com/project-zot/zot/pull/706
https://github.com/project-zot/zot/pull/707

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-07 18:09:08 +03:00
Alex Stan
0c70ae8a4e RepoInfo structure now includes new field representing RepoSummary
ExpandedRepoInfo currently returns RepoInfo that is a list of Manifests.
To comply with the newest UI requirements, a new field called Summary,
referring to RepoSummary structure, was added.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-08-05 19:22:22 +03:00
Ramkumar Chinchani
ae73290929 fix dependabot alerts
https://github.com/project-zot/zot/pull/689
https://github.com/project-zot/zot/pull/690
https://github.com/project-zot/zot/pull/691

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-04 09:36:19 +03:00
Bogdan BIVOLARU
0f386f0c89 Remove from Response header Range the 'bytes' string
Conformance spec requires responding to PATCH requests with
response header 'Content-Range' and value <range>

Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
2022-08-03 19:46:18 +03:00
Bogdan BIVOLARU
f92e584301 Fix 'InvalidManifestErr' to have a response.body
Signed-off-by: Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com>
2022-08-03 19:46:18 +03:00
Ramkumar Chinchani
49fb609f28 fix dependabot alerts
https://github.com/project-zot/zot/pull/682

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-29 10:42:37 -07:00
Lisca Ana-Roberta
a49692a22b regclient blackbox tests and regclient installation in Makefile
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-07-28 16:14:47 +03:00
Andrei Aaron
be93ece95e
Merge pull request #683 from andaaron/perms2
Fix permissions for image sync and stale workflows
2022-07-27 21:22:22 +03:00
Andrei Aaron
903460c55c
Fix permissions for image sync and stale workflows
Looks like read|write is not a correct value:
https://github.com/project-zot/zot/actions/runs/2743961177
https://github.com/project-zot/zot/actions/runs/2743965531

Write should include both, so let's try to use that.

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-27 17:44:08 +00:00
alexstan12
16e9822c7f
Add fuzz tests for storage_fs (#601)
This commit uses native go fuzzing to fuzz test implementations
of storage in storage_fs.

moved fuzzing testdata for storage_fs in separate repo

added make target and script for importing fuzz data and running all fuzz tests

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-27 20:37:55 +03:00
Andrei Aaron
b5f27c5b50 RepoSummary has a new attribute NewestTag of type ImageSummary
ImageListWithLatestTag currently returns a list of ImageInfo objects.
It needs to return consistent results with the API used for Global search as the same information will be used by the UI in the same type or cards.
So we need to update RepoSummary to include the data which right now is present in ImageInfo, but missing from RepoSummary (information on the latest tag in that specific repo).
Will update return type of ImageListWithLatestTag in a later PR (issue tracked in a separate GH issue)

Closes #666

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-27 19:41:00 +03:00
Lisca Ana-Roberta
87fc941b3c image level lint: enforce manifest mandatory annotations
closes #536

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-07-27 11:48:04 +03:00
Ramkumar Chinchani
3d72dad507 fix dependabot alerts
https://github.com/project-zot/zot/pull/674
https://github.com/project-zot/zot/pull/676
https://github.com/project-zot/zot/pull/677
https://github.com/project-zot/zot/pull/678

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-27 08:48:51 +03:00
Andrei Aaron
7182e426a7 Fix typos in workflow permissions
Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-26 10:40:51 -07:00
Alex Stan
4fd727a10c changed filenames in pkg/extensions
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-26 16:56:20 +03:00
Andrei Aaron
10d9b1514b Fixes/Improvements to pkg/cli/stress_test.go
- Decrease RLIMIT_NOFILE and the number of goroutines used to reach this limit (from 512 to 100)
- Reset RLIMIT_NOFILE to the initial value before the test finishes
- Remove panic
- Use temporary dir managed by test framework
- Swith to using test logging in pkg/cli/stress_test.go
- Execute commands without `bash -c` in pkg/cli/stress_test.go

First item is needed as the GH runner seems to stop the test if stressed too much.
The lower number is still good enough to reproduce the test conditions

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-26 13:01:16 +03:00
Ramkumar Chinchani
4a3c0073b7 add a github workflow to report branch coverage
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-20 22:43:55 -07:00
Laurentiu Niculae
58f8cd5d7d test calculated size
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Laurentiu Niculae
80369140f1 add image info to parameter
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Laurentiu Niculae
7e3d063319 freeform querry api
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Alex Stan
a31869f270 fix GetReferrers function to be able to retrieve referrers of any specified artifactType
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-19 09:44:23 -07:00
Ramkumar Chinchani
317064ffc9 fix dependabot alerts
https://github.com/project-zot/zot/pull/647
https://github.com/project-zot/zot/pull/648
https://github.com/project-zot/zot/pull/649
https://github.com/project-zot/zot/pull/650
https://github.com/project-zot/zot/pull/651
https://github.com/project-zot/zot/pull/652
https://github.com/project-zot/zot/pull/653
https://github.com/project-zot/zot/pull/656

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-18 14:59:27 -07:00
Andrei Aaron
43160dcc43 Update to graphql 1.17.13
We encountered some problems with using the existing folder structure,
but it looks like running the tooling with the latest versions works after
we regenerated the project using 'gql init' and refactoring to separate
the login previously in resolvers.go.

- the autogenerated code is now under the gql_generated folder
- the file resolvers.go now contains only the code which is not
rewritten by the gqlgen framework
- the file schema.resolvers.go is rewritten when gqlgen runs,
and we'll only keep there the actual resolvers matching query names
Changes we observed to schema.resolvers.go when gqlgen runs include
reordering methods, and renaming function parameters to match the
names used in schema.graphql
- we now have a gqlgen.yaml config file which governs the behavior of
gqlgen (can be tweaked to restructure the folder structure of the
generated code in the future)

Looks like the new graphql server has better validation
1 Returns 422 instead of 200 for missing query string - had to update tests
2 Correctly uncovered an error in a test for a bad `%` in query string.

As as result of 2, a `masked` bug was found in the way we check if images are
signed with Notary, the signatures were reasched for with the media type
of the image manifest itself instead of the media type for notation.
Fixed this bug, and improved error messages.
This bug would have also been reproducible with main branch if the bad `%`
in the test would have fixed.

Updated the linter to ignore some issues with the code which is
always rewritten when running:
`go run github.com/99designs/gqlgen@v0.17.13 generate`

Add a workflow to test gqlgen works and has no uncommitted changes

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-18 12:55:40 -07:00
Ramkumar Chinchani
76b811b029 harden github action/workflow perms
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-18 01:05:09 -07:00
Ramkumar Chinchani
37b3345199 fix dependabot alerts
https://github.com/project-zot/zot/pull/629
https://github.com/project-zot/zot/pull/631
https://github.com/project-zot/zot/pull/632

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 14:22:39 -07:00
Ramkumar Chinchani
595e1bca59 fix dependabot alerts
https://github.com/project-zot/zot/pull/624
https://github.com/project-zot/zot/pull/625
https://github.com/project-zot/zot/pull/626
https://github.com/project-zot/zot/pull/627
https://github.com/project-zot/zot/pull/628

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 12:03:08 -07:00
Petu Eusebiu
2496fef3c2 Fix data race on trivydb download in tests.
Multiple go routines downloading trivy db
triggers data race on trivy internal db.Path().
In each go routine wait for db download to start.
closes #636

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-14 09:31:15 -07:00
Petu Eusebiu
003de3a80a Fix config reloader in tests
config file may get removed before fsnotify starts watching it
make sure the config file gets removed when test ends, closes #608

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-14 09:31:15 -07:00
Ramkumar Chinchani
19434af3c4 fix dependabot.yml
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-13 13:18:01 -07:00
Ramkumar Chinchani
dc97096502 restrict workflow action permissions
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-13 11:34:57 -07:00
Andreea-Lupu
8da34d5751 Rename push token
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-07-13 09:05:06 -07:00
Ramkumar Chinchani
0f305960ed add a security policy document
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-12 14:25:57 -07:00
Petu Eusebiu
2c3415c86b Added helm push/pull to blackbox tests
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-12 10:02:51 -07:00
Petu Eusebiu
01d742718f ci/cd: fix oras cli flags after it got updated
installing notation and oras not needed anymore

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-12 10:02:51 -07:00
Andreea-Lupu
26f85ab195 Update automatically helm chart when publish a new release for zot
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-07-11 11:27:05 -07:00
Ramkumar Chinchani
9cfed4bb46 Create scorecards.yml
Add ossf/scorecards action

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-10 22:32:00 -07:00
Alex Stan
9194fea6d4 Add a way to list imports and files used by specific binaries
This commit adds a new Make target that makes use of go list to show directly
imported packages and used files in a given binary.
This target should be added in all future targets that build binaries, if listing
imported packages and used files is important.
Existing targets were modified to include build-metadata. Also, since build-metadata
depends on EXTENSIONS variable, a dummy tag is used to overwrite the defaults of
this variable in case of minimal-type targets.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-07-08 11:23:15 -07:00
Ramkumar Chinchani
4ae1a908a0 fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g
https://github.com/project-zot/zot/security/dependabot/24

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-07 23:58:51 -07:00
Petu Eusebiu
6d5b208e93 build: remove swagger install in stacker files
it is currently installed in the Makefile

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-07-04 12:33:11 -07:00