github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-19 22:27:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,571 Commits 38 Branches 132 Tags
refactor/storage
Commit Graph

88 Commits

Author SHA1 Message Date
Ramkumar Chinchani 9aff5b8d08 chore: fix dependabot alerts (#4048) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix golangci-lint findings from CI

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix golangci-lint gosec warnings

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update code to use slices package and address gosec linting issues

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* build: fix makefile target

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests and add gosec annotations

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: bump zui version

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update test helpers and improve security settings in tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: add gosec linting directive for test path construction

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-05-11 09:29:05 +03:00
Ramkumar Chinchani 78c6e915dd chore: fix dependabot alerts (#3940) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-06 10:03:09 -07:00
Ramkumar Chinchani 2ba0525f01 chore: fix dependabot alerts (#3860) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-03-10 09:43:08 +02:00
Ramkumar Chinchani 01bca48e33 chore: fix dependabot alerts (#3820) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-02-24 08:23:49 +02:00
Ramkumar Chinchani 0cac8a7ee8 chore: fix dependabot alerts (#3707) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-01-15 20:42:39 +02:00
Ramkumar Chinchani 800a545fbe chore: fix dependabot alerts (#3677) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-29 09:59:57 +02:00
Ramkumar Chinchani e7b73b6c2d chore: fix dependabot alerts (#3636) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-09 10:49:45 +02:00
Ramkumar Chinchani 49c15abf06 chore: fix dependabot alerts (#3555) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-18 08:46:51 +02:00
Luca Muscariello 2402296e9a fix: migrate to Go module v2 for proper semantic versioning (#3462) 
* fix: migrate to Go module v2 for proper semantic versioning

This change updates the module path from 'zotregistry.dev/zot' to
'zotregistry.dev/zot/v2' to comply with Go's semantic versioning rules.

According to Go's module versioning requirements, major version v2+
must include the major version in the module path. The current
module path 'zotregistry.dev/zot' only supports v0.x.x and v1.x.x
versions, making existing v2.x.x tags (like v2.1.8) unusable.

Changes:
- Updated go.mod module path to zotregistry.dev/zot/v2
- Updated all internal import paths across 280+ Go source files
- Updated configuration files (golangcilint.yaml, gqlgen.yml)
- Updated README.md Go reference badge

This fix enables proper use of existing v2.x.x Git tags and allows
external packages to import zot v2+ versions without compatibility
errors.

Resolves: Go module import compatibility for v2+ versions
Fixes: #3071
Signed-off-by: Luca Muscariello <muscariello@ieee.org>

* fix: regenerate GraphQL files with updated v2 import paths

The gqlgen tool needs to regenerate the GraphQL schema files after
the module path change to use the new v2 imports.

Signed-off-by: Luca Muscariello <muscariello@ieee.org>

---------

Signed-off-by: Luca Muscariello <muscariello@ieee.org>
 2025-10-16 22:43:47 -07:00
Ramkumar Chinchani 5e5bd1e33c chore: fix dependabot alerts (#3422) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-09-30 09:56:53 +03:00
Ramkumar Chinchani 1fdf1aad9d chore: fix dependabot alerts (#3407) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-09-26 14:27:16 +03:00
Ramkumar Chinchani a13c917b73 chore: fix dependabot alerts (#3292) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix: update trivy api call

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-08-06 10:09:53 -07:00
Ramkumar Chinchani 2c7e8fd33e chore: fix dependabot alerts (#3245) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-07-05 00:06:32 +03:00
Ramkumar Chinchani 100dfec142 chore: fix dependabot alerts (#3213) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-06-17 10:09:19 -07:00
Andrei Aaron 6a22640bfa Fix dependabot alerts (#3188) 
* chore: update github.com/redis/go-redis/v9 to v9.9.0

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* chore: update trivy to v0.63.0

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* chore: update github.com/spf13/cast to v1.9.2

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* chore: update ossf/scorecard-action from 2.4.1 to 2.4.2

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* chore: fix multiple dependabot alerts

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2025-06-09 10:40:13 -07:00
Ramkumar Chinchani 32a5eee521 chore: fix dependabot alerts (#3141) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-05-05 22:06:22 -07:00
Ramkumar Chinchani 06a0cd5220 chore: fix dependabot alerts (#3127) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-04-30 21:47:54 +03:00
Ramkumar Chinchani 62af65b07d chore: fix dependabot alerts (#3084) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-04-08 22:57:22 -07:00
Ramkumar Chinchani ff50aab9b3 chore: fix dependabot alerts (#3041) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* test: fix http status code check

Related to gqlgen changes
-       github.com/99designs/gqlgen v0.17.66
+       github.com/99designs/gqlgen v0.17.68

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-03-18 20:10:55 -07:00
Ramkumar Chinchani 328606def0 chore: fix dependabot alerts (#2978) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-02-22 22:28:23 -08:00
Ramkumar Chinchani d0ad93532f chore: fix dependabot alerts (#2945) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-02-03 23:34:01 -08:00
Ramkumar Chinchani 97fd43e2b0 chore: fix dependabot alerts (#2881) 2025-01-14 08:36:30 +02:00
Ramkumar Chinchani 7f593b8896 chore: fix dependabot alerts (#2869) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-01-13 01:20:29 -08:00
Ramkumar Chinchani 6ca9c66260 chore: fix dependabot alerts (#2851) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2024-12-23 21:10:23 -08:00
Ramkumar Chinchani 8789fb0008 chore: fix dependabot alerts (#2837) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update oras version

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2024-12-18 08:57:13 -08:00
Ramkumar Chinchani 8f5414a1f0 chore: update ui version (#2827) 
chore: fix dependabot alerts (#2825)

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2024-12-14 11:58:04 -08:00
Ramkumar Chinchani 72c6e8afb3 chore: fix dependabot alerts (#2810) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-12-06 09:04:46 -08:00
Ramkumar Chinchani c89be3ad31 chore: fix dependabot alerts (#2709) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-10-07 16:20:37 -07:00
Ramkumar Chinchani 9cf6b0205d chore: fix dependabot alerts (#2681) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-09-27 09:05:14 +03:00
Ramkumar Chinchani fb2edcc269 chore: fix dependabot alerts (#2486) 
https://github.com/project-zot/zot/pull/2475
https://github.com/project-zot/zot/pull/2477
https://github.com/project-zot/zot/pull/2478
https://github.com/project-zot/zot/pull/2479
https://github.com/project-zot/zot/pull/2480
https://github.com/project-zot/zot/pull/2481
https://github.com/project-zot/zot/pull/2482
https://github.com/project-zot/zot/pull/2483
https://github.com/project-zot/zot/pull/2484
https://github.com/project-zot/zot/pull/2485

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-06-17 20:31:01 +03:00
Ramkumar Chinchani 1594852428 chore: fix dependabot alerts (#2446) 
* chore: fix dependabot alerts

https://github.com/project-zot/zot/pull/2435
https://github.com/project-zot/zot/pull/2436
https://github.com/project-zot/zot/pull/2437
https://github.com/project-zot/zot/pull/2438
https://github.com/project-zot/zot/pull/2439
https://github.com/project-zot/zot/pull/2440
https://github.com/project-zot/zot/pull/2441
https://github.com/project-zot/zot/pull/2442
https://github.com/project-zot/zot/pull/2443
https://github.com/project-zot/zot/pull/2444
https://github.com/project-zot/zot/pull/2445
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* fix(zli): _schema query in zli code should not use empty parens

Fix also some tests
See https://github.com/vektah/gqlparser/issues/292 and https://github.com/vektah/gqlparser/pull/293

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
 2024-06-04 13:54:30 +03:00
Ramkumar Chinchani 28e9aabecf chore: fix dependabot alerts (#2331) 
https://github.com/project-zot/zot/pull/2324
https://github.com/project-zot/zot/pull/2325
https://github.com/project-zot/zot/pull/2326
https://github.com/project-zot/zot/pull/2327
https://github.com/project-zot/zot/pull/2328
https://github.com/project-zot/zot/pull/2329

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-03-20 07:37:29 +02:00
LaurentiuNiculae 5039128723 feat(cve): cli cve diff (#2242) 
* feat(gql): add new query for diff of cves for 2 images

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): add cli for cve diff

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2024-03-06 10:40:29 +02:00
Ramkumar Chinchani 565eca2609 chore: fix dependabot alerts (#2268) 
https://github.com/project-zot/zot/pull/2258
https://github.com/project-zot/zot/pull/2259
https://github.com/project-zot/zot/pull/2260
https://github.com/project-zot/zot/pull/2261
https://github.com/project-zot/zot/pull/2262
https://github.com/project-zot/zot/pull/2263
https://github.com/project-zot/zot/pull/2264
https://github.com/project-zot/zot/pull/2265
https://github.com/project-zot/zot/pull/2266
https://github.com/project-zot/zot/pull/2267

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-02-20 21:51:40 +02:00
Andreea Lupu 55acce6923 feat(graphql): filter CVEs by severity (#2246) 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2024-02-14 09:11:57 -08:00
Andrei Aaron ce4924f841 refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-01-31 20:34:07 -08:00
LaurentiuNiculae 3f97f878fd feat(cve): add option to exclude string from cve search (#2163) 
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2024-01-19 12:59:42 -08:00
LaurentiuNiculae 79e14027ee refactor(test): add lint rule for messages starting with the component (#2045) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2023-12-08 10:05:02 +02:00
Ramkumar Chinchani 8bac653dd2 chore: fix dependabot alerts (#2113) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-12-04 11:28:01 -08:00
LaurentiuNiculae 90d27ff2ac feat(cve): expand search domain to cve description and package info (#2086) 
* feat(cve): add reference url for cve

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cve): expand search domain to cve description and package info

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2023-11-29 20:59:00 +02:00
Ramkumar Chinchani 3e6053e1db chore: fix dependabot alerts (#1986) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-10-30 14:47:11 -07:00
Ramkumar Chinchani ed775914df chore: fix dependabot alerts (#1911) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-10-09 11:35:42 -07:00
Ramkumar Chinchani 9096031aeb chore: fix dependabot alerts (#1855) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-09-25 23:03:13 +03:00
Andrei Aaron bcdd9988f5 fix(cve): cummulative fixes and improvements for CVE scanning logic (#1810) 
1. Only scan CVEs for images returned by graphql calls
Since pagination was refactored to account for image indexes, we had started
to run the CVE scanner before pagination was applied, resulting in
decreased ZOT performance if CVE information was requested

2. Increase in medory-cache of cve results to 1m, from 10k digests.

3. Update CVE model to use CVSS severity values in our code.
Previously we relied upon the strings returned by trivy directly,
and the sorting they implemented.
Since CVE severities are standardized, we don't need to pass around
an adapter object just for pagination and sorting purposes anymore.
This also improves our testing since we don't mock the sorting functions anymore.

4. Fix a flaky CLI test not waiting for the zot service to start.

5. Add the search build label on search/cve tests which were missing it.

6. The boltdb update method was used in a few places where view was supposed to be called.

7. Add logs for start and finish of parsing MetaDB.

8. Avoid unmarshalling twice to obtain annotations for multiarch images.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2023-09-17 15:12:20 -07:00
Ramkumar Chinchani 6461b661f1 chore: fix dependabot alerts (#1797) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-09-11 20:21:56 -07:00
LaurentiuNiculae 28de980319 feat(refator): refactoring repodb into meta (#1626) 
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2023-07-18 10:27:26 -07:00
Ramkumar Chinchani fe9c9750b5 chore: fix dependabot alerts (#1631) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-07-17 23:37:54 +03:00
Andrei Aaron 418a1a006c feat(cve): ability to return CVEs per image os and architecture (#1607) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2023-07-11 09:29:04 -07:00
Ramkumar Chinchani 2be5459c8e chore: fix dependabot alerts (#1458) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-05-17 00:37:34 -07:00
Ramkumar Chinchani 42df4c505a chore: fix dependabot alerts (#1403) 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2023-05-01 12:49:10 -07:00