04fccd11fd
chore(go.mod): upgrade trivy, cosign and remove replace directive ( #1635 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-07-18 14:18:31 -07:00
fe9c9750b5
chore: fix dependabot alerts ( #1631 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-07-17 23:37:54 +03:00
6cd4455da1
chore: fix dependabot alerts ( #1621 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* test: fix the validation for digests
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-07-15 12:56:09 +03:00
d3f27b4ba6
feat: add additional manifest validations ( #1609 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-07-13 09:31:39 -07:00
730ef4aada
chore: fix dependabot alerts ( #1613 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-07-13 10:14:03 +03:00
17d1338af1
feat: integrate openID auth logic and user profile management ( #1381 )
...
This change introduces OpenID authn by using providers such as Github,
Gitlab, Google and Dex.
User sessions are now used for web clients to identify
and persist an authenticated users session, thus not requiring every request to
use credentials.
Another change is apikey feature, users can create/revoke their api keys and use them
to authenticate when using cli clients such as skopeo.
eg:
login:
/auth/login?provider=github
/auth/login?provider=gitlab
and so on
logout:
/auth/logout
redirectURL:
/auth/callback/github
/auth/callback/gitlab
and so on
If network policy doesn't allow inbound connections, this callback wont work!
for more info read documentation added in this commit.
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro >
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro >
2023-07-07 09:27:10 -07:00
96d9d318df
feat(referrers): added index support for referrers queries ( #1560 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-07-05 09:42:16 -07:00
137e5bd793
chore: fix dependabot alerts ( #1581 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-07-05 11:42:24 +03:00
aad6db279b
chore: fix dependabot alerts ( #1576 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-07-04 09:19:26 -07:00
d30d7a9330
chore: fix dependabot alerts ( #1537 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-06-19 12:34:50 -07:00
7dd17be96d
chore: fix dependabot alerts ( #1517 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-06-16 10:28:43 +03:00
03f47f68c0
chore(deps): downgrade golang-lru ( #1515 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-06-14 19:45:30 +03:00
d7bddd2a05
chore: fix dependabot alerts ( #1508 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-06-12 14:53:03 -07:00
622dde9193
fix: referrers now appears in swagger generated docs ( #1488 )
...
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com >
2023-06-12 10:32:11 -07:00
4d6ca493f2
chore: fix dependabot alerts ( #1501 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-06-09 10:27:42 -07:00
96d00cd0ef
fix(cve): Fix CVE scanning in images containing Jar files ( #1475 )
2023-06-01 00:37:46 +03:00
40180f878f
chore(go.mod): fix dependabot alerts ( #1491 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-31 22:16:21 +03:00
e148343540
chore(go.mod): fix dependabot alerts ( #1479 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-27 01:23:50 +03:00
6e6ffe800c
chore(go.mod): upgrade to notation-go v1.0.0-rc.5 and image-spec v1.1.0-rc3 ( #1468 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-23 15:16:33 +00:00
83ae1aad70
chore(go.mod): fix dependabot alerts ( #1466 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-23 10:14:43 +03:00
2be5459c8e
chore: fix dependabot alerts ( #1458 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-17 00:37:34 -07:00
d17fe0044b
chore(go.mod): fix dependabot alerts ( #1443 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-12 09:45:52 +03:00
9534e0b88b
chore: fix dependabot alerts ( #1409 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-11 16:39:21 -07:00
ea79be64da
refactor(artifact): remove oci artifact support ( #1359 )
...
* refactor(artifact): remove oci artifact support
- add header to referrers call to indicated applied artifact type filters
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* feat(gc): simplify gc logic to increase coverage
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-05-10 10:15:33 -07:00
42df4c505a
chore: fix dependabot alerts ( #1403 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-01 12:49:10 -07:00
c3ba122830
chore(go.mod): fix dependabot alerts ( #1377 )
2023-05-01 08:31:02 +03:00
40bf76add5
chore(go.mod): upgrade trivy and cosign ( #1387 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-04-27 09:35:10 -07:00
e6b81bb354
chore(go.mod): fix dependabot alerts ( #1365 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-12 14:10:47 +03:00
9f512082ad
chore(go.mod): fix dependabot alerts ( #1360 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-11 23:21:30 -07:00
8f809bda29
chore(go.mod): fix dependabot alerts ( #1351 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-10 14:09:54 -07:00
38997be596
chore(go.mod): fix dependabot alerts ( #1343 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-07 09:35:12 +03:00
06bd8a8252
chore(go.mod): fix dependabot alerts ( #1333 )
...
upgrade to github.com/aws/aws-sdk-go@v1.44.237
upgrade to github.com/aquasecurity/trivy@v0.38 .3
upgrade to oras.land/oras-go@v1.2.3
upgrade to github.com/google/go-containerregistry@v0.14 .0
upgrade to github.com/moby/buildkit@v0.11 .4
Note we can't switch to trivy 0.39.0 as well as some other updates
because they would also require upgrade of cosign to v2 with
breaking api changes
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-04-06 01:00:12 -07:00
d9173e3ad3
chore(go.mod): fix dependabot alerts ( #1330 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-05 09:39:15 +03:00
5ad25126b7
chore: fix dependabot alerts ( #1320 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-03-29 13:13:16 -07:00
917159143c
chore: fix dependabot alerts ( #1312 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-03-27 12:16:29 -07:00
e54c36db12
chore(go.mod): fix dependabot alerts ( #1305 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-03-25 22:43:36 +02:00
906f8ce621
chore(deps): fix dependabot alerts ( #1291 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-03-22 12:33:21 -07:00
c2bec0d4a8
chore(go.mod): fix dependabot alerts ( #1251 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-03-07 09:59:59 +02:00
73b1126bbf
chore(go.mod): fix dependabot alerts ( #1247 )
...
Supersedes:
- https://github.com/project-zot/zot/pull/1132
- https://github.com/project-zot/zot/pull/1243
- https://github.com/project-zot/zot/pull/1244
- https://github.com/project-zot/zot/pull/1245
Also update the AWS SDK libraries used
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-03-06 11:05:19 -08:00
646250736e
fix(go.mod): replace opencontainers/umoci dependency with project-stacker/umoci ( #1240 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-03-05 21:11:07 -08:00
5a2fb4108d
chore(go.mod): fix dependabot alerts ( #1228 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-28 17:38:49 +02:00
f6a540747f
chore(go.mod): fix dependabot alerts ( #1222 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-23 22:32:20 +02:00
4a56e30cd7
chore(go.mod): fix dependabot alerts ( #1218 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-23 09:09:28 +02:00
be33f7b252
chore(go.mod): fix dependabot alerts ( #1210 )
...
* chore(go.mod): fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* chore(test): update image tags
We have cleaned up older golang images in the project.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* ci(gqlgen): fix gql schema validation GH workflow after npm upgrade
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-17 13:54:49 -08:00
b9a75b2e44
chore(go.mod): fix dependabot alerts ( #1194 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-13 12:48:05 -08:00
ee95ab0ffc
fix: call notation-go libs instead of using notation binary ( #1104 )
...
fix: add loading notation path
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
Co-authored-by: Roxana Nemulescu <roxana.nemulescu@gmail.com >
2023-02-13 10:43:52 -08:00
c154ab02f3
chore(deps): fix dependabot alerts ( #1179 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-07 08:52:17 +02:00
863d057e43
chore(deps): fix dependabot alerts ( #1153 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-01 00:21:14 -08:00
976ccfcf0d
fix: removed references to old dist-spec ( #1128 )
...
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com >
2023-01-31 09:35:33 -08:00
b3ed92ef1a
chore(deps): fix dependabot alerts ( #1143 )
...
https://github.com/project-zot/zot/pull/1119
https://github.com/project-zot/zot/pull/1142
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-01-26 22:39:18 -08:00
Andrei Aaron