mirror of
https://github.com/project-zot/zot.git
synced 2025-01-06 22:40:28 -05:00
c6b822f3dd
fix(authz): fix isAdmin not using groups to determine if a user is admin. fix(authz): return 401 instead of 403 403 is correct as per HTTP spec However authz is not part of dist-spec and clients know only about 401 So this is a compromise. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
139 lines
4.9 KiB
YAML
139 lines
4.9 KiB
YAML
name: "Ecosystem client tools"
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
branches: [main]
|
|
release:
|
|
types:
|
|
- published
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
client-tools:
|
|
name: Check client tools
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: ./.github/actions/clean-runner
|
|
- uses: actions/setup-go@v4
|
|
with:
|
|
cache: false
|
|
go-version: 1.20.x
|
|
- uses: ./.github/actions/clean-runner
|
|
- name: Install dependencies
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
go install github.com/swaggo/swag/cmd/swag@v1.8.12
|
|
go mod download
|
|
sudo apt-get update
|
|
sudo apt-get install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config rpm uidmap
|
|
# install skopeo
|
|
git clone -b v1.12.0 https://github.com/containers/skopeo.git
|
|
cd skopeo
|
|
make bin/skopeo
|
|
sudo cp bin/skopeo /usr/bin
|
|
skopeo -v
|
|
# install cri-o (for crictl)
|
|
OS=xUbuntu_20.04
|
|
CRIO_VERSION=1.26
|
|
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
|
|
echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list
|
|
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/Release.key | sudo apt-key add -
|
|
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key add -
|
|
sudo apt update
|
|
sudo apt install -y cri-o cri-o-runc
|
|
sudo systemctl enable crio.service
|
|
sudo systemctl start crio.service
|
|
sudo chmod 0777 /var/run/crio/crio.sock
|
|
# install dex
|
|
git clone https://github.com/dexidp/dex.git
|
|
cd dex/
|
|
make bin/dex
|
|
./bin/dex serve $GITHUB_WORKSPACE/test/dex/config-dev.yaml &
|
|
cd $GITHUB_WORKSPACE
|
|
- name: Check disk space before build
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
set -x
|
|
df -h
|
|
sudo ls -lRh /tmp/* || true
|
|
sudo du -sh /tmp || true
|
|
sudo du -sh /tmp/* || true
|
|
sudo find /tmp/ -size +5M | sudo xargs ls -lh
|
|
du -sh ./* || true
|
|
find ./ -size +5M | xargs ls -lh
|
|
sudo du -sh /var/
|
|
sudo du -sh /var/lib/docker/
|
|
du -sh /home/runner/work/
|
|
set +x
|
|
- name: Run referrers tests
|
|
run: |
|
|
make test-bats-referrers
|
|
- name: Run metadata tests
|
|
run: |
|
|
make test-bats-metadata
|
|
- name: Run push-pull tests
|
|
run: |
|
|
make test-push-pull
|
|
- name: Run push-pull-authn tests
|
|
run: |
|
|
make test-push-pull-authn
|
|
- name: Run metrics tests
|
|
run: |
|
|
make test-bats-metrics
|
|
- name: Run cve tests
|
|
run: |
|
|
make test-bats-cve
|
|
- name: Run sync test
|
|
run: |
|
|
make test-bats-sync
|
|
- name: Run scrub tests
|
|
run: |
|
|
make test-bats-scrub
|
|
- name: Run anonymous-push-pull tests
|
|
run: |
|
|
make test-anonymous-push-pull
|
|
- name: Run detect-manifest-collision tests
|
|
run: |
|
|
make test-detect-manifest-collision
|
|
- name: Run annotations tests
|
|
run: |
|
|
make test-annotations
|
|
- name: Run garbage collect tests
|
|
run: |
|
|
make test-garbage-collect
|
|
- name: Install localstack
|
|
run: |
|
|
pip install --upgrade pyopenssl
|
|
pip install localstack awscli-local[ver1] # install LocalStack cli and awslocal
|
|
docker pull localstack/localstack # Make sure to pull the latest version of the image
|
|
localstack start -d # Start LocalStack in the background
|
|
|
|
echo "Waiting for LocalStack startup..." # Wait 30 seconds for the LocalStack container
|
|
localstack wait -t 30 # to become ready before timing out
|
|
echo "Startup complete"
|
|
- name: Run cloud-only tests
|
|
run: |
|
|
make test-cloud-only
|
|
env:
|
|
AWS_ACCESS_KEY_ID: fake
|
|
AWS_SECRET_ACCESS_KEY: fake
|
|
- name: Check disk space after build
|
|
if: always()
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
set -x
|
|
df -h
|
|
sudo ls -lRh /tmp/* || true
|
|
sudo du -sh /tmp || true
|
|
sudo du -sh /tmp/* || true
|
|
sudo find /tmp/ -size +5M | sudo xargs ls -lh
|
|
du -sh ./* || true
|
|
find ./ -size +5M | xargs ls -lh
|
|
sudo du -sh /var/
|
|
sudo du -sh /var/lib/docker/
|
|
du -sh /home/runner/work/
|
|
set +x
|