5639dfb2a9
chore: fix dependabot alerts ( #2348 )
2024-03-26 06:48:22 +02:00
375c35c5a1
chore: update to go 1.22 ( #2330 )
...
* chore: update to go 1.22
Only go toolchain version is updated.
We compile with go 1.22, but we allow others to compile using language version 1.21 if they wish to.
If we also updated the go version in go.mod everyone would be forced to update, as that is enforced as a minimum allowed version.
This comment explains the difference well enough https://news.ycombinator.com/item?id=36455759
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: fix freeBSD AMD64 build
Looks like they made some cleanup in the logic allowing buildmode pie on various platforms.
Related to https://github.com/golang/go/issues/31544
See the code at: https://cs.opensource.google/go/go/+/master:src/internal/platform/supported.go;l=222-231;drc=d7fcb5cf80953f1d63246f1ae9defa60c5ce2d76;bpv=1;bpt=0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-03-20 11:53:11 -07:00
28e9aabecf
chore: fix dependabot alerts ( #2331 )
...
https://github.com/project-zot/zot/pull/2324
https://github.com/project-zot/zot/pull/2325
https://github.com/project-zot/zot/pull/2326
https://github.com/project-zot/zot/pull/2327
https://github.com/project-zot/zot/pull/2328
https://github.com/project-zot/zot/pull/2329
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-03-20 07:37:29 +02:00
413514c0d4
chore: fix dependabot alerts ( #2317 )
2024-03-12 08:03:29 +02:00
2dd1fc9316
chore: fix dependabot alerts ( #2302 )
...
https://github.com/project-zot/zot/pull/2297
https://github.com/project-zot/zot/pull/2298
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-03-07 21:20:35 +02:00
18235ca254
fix(oras)!: remove ORAS artifact references support ( #2294 )
...
* fix(oras)!: remove ORAS artifact references support
ORAS artifacts/references predated OCI dist-spec 1.1.0 which now has the
same functionality and likely to see wider adoption.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* test: update to released official images
So that they are unlikely to be deleted.
*-rc images may be cleaned up over time.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-03-06 12:16:42 -08:00
752b9e87c1
chore: fix dependabort alerts ( #2295 )
...
https://github.com/project-zot/zot/pull/2287
https://github.com/project-zot/zot/pull/2288
https://github.com/project-zot/zot/pull/2289
https://github.com/project-zot/zot/pull/2290
https://github.com/project-zot/zot/pull/2291
https://github.com/project-zot/zot/pull/2292
https://github.com/project-zot/zot/pull/2293
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-03-04 21:30:27 +02:00
d00f5282fa
chore: fix dependabot alerts ( #2283 )
...
https://github.com/project-zot/zot/pull/2270
https://github.com/project-zot/zot/pull/2271
https://github.com/project-zot/zot/pull/2274
https://github.com/project-zot/zot/pull/2275
https://github.com/project-zot/zot/pull/2276
https://github.com/project-zot/zot/pull/2277
https://github.com/project-zot/zot/pull/2278
https://github.com/project-zot/zot/pull/2279
https://github.com/project-zot/zot/pull/2280
https://github.com/project-zot/zot/pull/2281
https://github.com/project-zot/zot/pull/2282
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-02-28 00:45:00 +02:00
565eca2609
chore: fix dependabot alerts ( #2268 )
...
https://github.com/project-zot/zot/pull/2258
https://github.com/project-zot/zot/pull/2259
https://github.com/project-zot/zot/pull/2260
https://github.com/project-zot/zot/pull/2261
https://github.com/project-zot/zot/pull/2262
https://github.com/project-zot/zot/pull/2263
https://github.com/project-zot/zot/pull/2264
https://github.com/project-zot/zot/pull/2265
https://github.com/project-zot/zot/pull/2266
https://github.com/project-zot/zot/pull/2267
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-02-20 21:51:40 +02:00
4e5db84cb1
chore: update image-spec and dist spec to 1.1.0 ( #2255 )
...
BREAKING CHANGE: the dist spec version in the config files needs to be bumped to 1.1.0
in order for the config verification to pass without warnings.
Also fix 1 dependabot alert for helm.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-02-20 13:27:21 +02:00
ec38d39c06
chore(go.mod): fix dependabot alerts ( #2247 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-02-14 09:12:57 -08:00
60dc8569ec
build(go): switch to go 1.21 ( #2049 )
...
Also update to the latest swaggo version, as the previous one did not work with go 1.21
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-02-07 10:54:28 -08:00
e3065f6a2c
chore(deps): fix dependabot alerts ( #2232 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-02-05 09:56:38 -08:00
ce4924f841
refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot ( #2187 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-01-31 20:34:07 -08:00
580df421bf
chore: fix dependabot alerts ( #2208 )
...
https://github.com/project-zot/zot/pull/2192
https://github.com/project-zot/zot/pull/2193
https://github.com/project-zot/zot/pull/2194
https://github.com/project-zot/zot/pull/2195
https://github.com/project-zot/zot/pull/2196
https://github.com/project-zot/zot/pull/2197
https://github.com/project-zot/zot/pull/2198
https://github.com/project-zot/zot/pull/2199
https://github.com/project-zot/zot/pull/2200
https://github.com/project-zot/zot/pull/2201
https://github.com/project-zot/zot/pull/2202
https://github.com/project-zot/zot/pull/2203
https://github.com/project-zot/zot/pull/2204
https://github.com/project-zot/zot/pull/2205
https://github.com/project-zot/zot/pull/2206
https://github.com/project-zot/zot/pull/2207
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-01-29 15:30:41 -08:00
9def35f3b8
chore: update go.mod to fix dependabot alerts ( #2181 )
...
https://github.com/project-zot/zot/pull/2178
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-01-25 14:40:26 -08:00
ee9bbb0bf2
feat(log): print traceback when panics occur ( #2166 )
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2024-01-16 09:08:14 -08:00
d617c41cb7
chore: fix dependabot alerts ( #2160 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-01-10 15:56:32 -08:00
c2196e3ae1
Fix deps ( #2139 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* fix: update ui version
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-12-16 10:05:25 +02:00
44dfa8a210
chore: fix dependabot alerts ( #2133 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-12-12 12:44:28 +02:00
8bac653dd2
chore: fix dependabot alerts ( #2113 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-12-04 11:28:01 -08:00
c62ca62141
chore: fix dependabot alerts ( #2097 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-11-30 11:46:14 -08:00
90d27ff2ac
feat(cve): expand search domain to cve description and package info ( #2086 )
...
* feat(cve): add reference url for cve
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* feat(cve): expand search domain to cve description and package info
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-11-29 20:59:00 +02:00
c7bd2a67b4
chore: fix dependabot alerts ( #2066 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-11-20 14:55:04 -08:00
06e7b0b579
chore: fix dependabot alerts ( #2040 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-11-15 16:02:32 +02:00
8609900406
chore: fix dependabot alerts ( #2028 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-11-13 10:48:20 +02:00
3ddfd655ea
chore: fix dependabot alerts ( #2019 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-11-09 09:30:16 -08:00
3e6053e1db
chore: fix dependabot alerts ( #1986 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-30 14:47:11 -07:00
56ad9e6707
refactor(metadb): improve UX by speeding up metadb serialize/deserialize ( #1842 )
...
Use protocol buffers and update the metadb interface to better suit our search needs
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-30 13:06:04 -07:00
a3d8202345
chore: fix dependabot alerts ( #1961 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-24 12:17:59 +03:00
a44ca578a1
fix(tests): update imagetrust tests to use mock service ( #1929 )
...
- use secretsManagerMock and secretsManagerCacheMock to avoid failing
because of "already exists" error when running multiple times
image_trust_test on the same localstack instance
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-10-18 13:25:29 +03:00
d60786c3b2
chore: fix dependabot alerts ( #1942 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-16 15:19:26 -07:00
556c0660bd
chore: fix dependabot alerts ( #1915 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-11 14:29:59 +03:00
ee25985c3e
chore(modules): update trivy to the tip of main ( #1901 )
...
Includes https://github.com/aquasecurity/trivy/commit/ce89d083453f2293d8176c2ac9f4efa0fdf68095
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-10-09 15:12:25 -07:00
ed775914df
chore: fix dependabot alerts ( #1911 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-09 11:35:42 -07:00
e6902b937f
chore: fix dependabot alerts ( #1893 )
2023-10-05 09:26:20 +03:00
0fb23848b4
chore: fix dependabot alerts ( #1885 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-04 12:29:31 -07:00
92e382ce39
refactor(scrub): replace umoci logic in scrub implementation ( #1845 )
...
- implement scrub also for S3 storage by replacing umoci
- change scrub implementation for ImageIndex
- take the `Subject` into consideration when running scrub
- remove test code relying on the umoci library. Since we started
relying on images in test/data, and we create our own images using
go code we can obtain digests by other means. (cherry picked from commit 489d4e2d23c1b4e48799283f8281024bbef6123f)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-09-26 11:02:11 -07:00
9096031aeb
chore: fix dependabot alerts ( #1855 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-25 23:03:13 +03:00
f8002c7dd3
chore: fix dependabot alerts ( #1827 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-18 11:34:57 -07:00
6461b661f1
chore: fix dependabot alerts ( #1797 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-11 20:21:56 -07:00
9fcb8a8489
chore: fix dependabot alerts ( #1774 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-08 22:31:08 +03:00
5a3fac40db
feat: upload cosign public key and notation certificates to cloud ( #1744 )
...
- using secrets manager for storing public keys and certificates
- adding a default truststore for notation verification and upload all certificates to this default truststore
- removig `truststoreName` query param from notation api for uploading certificates
(cherry picked from commit eafcc1a213andreealupu1470@yahoo.com >
2023-09-08 10:03:58 +03:00
f5b63963be
refactor: Reduce binary size of zot-minimal; Added CI check for binary size ( #1758 )
...
Signed-off-by: Alexei Dodon <adodon@cisco.com >
2023-09-06 19:58:00 +03:00
75a76005b4
chore: fix dependabot alerts ( #1763 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-05 22:30:49 +03:00
b80deb9927
refactor(storage): refactor storage into a single ImageStore ( #1656 )
...
unified both local and s3 ImageStore logic into a single ImageStore
added a new driver interface for common file/dirs manipulations
to be implemented by different storage types
refactor(gc): drop umoci dependency, implemented internal gc
added retentionDelay config option that specifies
the garbage collect delay for images without tags
this will also clean manifests which are part of an index image
(multiarch) that no longer exist.
fix(dedupe): skip blobs under .sync/ directory
if startup dedupe is running while also syncing is running
ignore blobs under sync's temporary storage
fix(storage): do not allow image indexes modifications
when deleting a manifest verify that it is not part of a multiarch image
and throw a MethodNotAllowed error to the client if it is.
we don't want to modify multiarch images
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com >
2023-09-01 10:54:39 -07:00
521b109c8c
chore(go.mod): upgrade 3rd party packages ( #1742 )
...
Special note for oras.land/oras-go:
- 1.2.4 is not released yet, but tip of their v1 branch is compatible with docker v24.0.2
- 1.2.3 is not compatible with docker v24.0.2
Other 3rd party software depend on both oras-go v1 and docker v24
See also https://github.com/oras-project/oras-go/pull/527
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-08-31 20:40:19 +03:00
9bccd784a9
chore: fix dependabot alerts ( #1737 )
2023-08-30 07:53:03 +03:00
6d65401499
chore: fix dependabot alerts ( #1720 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-08-22 14:43:34 +03:00
e129d4003b
chore: fix dependabot alerts ( #1702 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-08-15 10:15:50 +03:00
Ramkumar Chinchani