6a22640bfa
Fix dependabot alerts ( #3188 )
...
* chore: update github.com/redis/go-redis/v9 to v9.9.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update trivy to v0.63.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update github.com/spf13/cast to v1.9.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update ossf/scorecard-action from 2.4.1 to 2.4.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: fix multiple dependabot alerts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-09 10:40:13 -07:00
483c869920
Fix metrics authorization middleware bleed ( #3183 )
...
fix: metrics authorization middleware bleed (#3182 )
Fixes `extension_metrics_disabled.go` to correctly isolate the authz
middleware when the metrics extension is disabled.
Signed-off-by: Matthieu Mottet <m.mottet@outlook.com >
2025-06-05 15:41:32 -07:00
0c51cb72c3
fix: parse public key as fallback for certificate for bearer authentication ( #3180 )
...
* fix: parse public key as fallback for bearer auth
Signed-off-by: evanebb <git@evanus.nl >
* fix: use correct error message
Signed-off-by: evanebb <git@evanus.nl >
---------
Signed-off-by: evanebb <git@evanus.nl >
2025-06-04 08:53:44 +03:00
167f7e34cd
chore: fix dependabot alerts ( #3155 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-27 18:58:50 +03:00
1bf8eebba9
fix: license copyright update ( #3167 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-05-25 11:57:49 +03:00
eec57e62ca
Revert "feat(mcp): add MCP extension support with routes and configur… ( #3166 )
...
Revert "feat(mcp): add MCP extension support with routes and configuration"
This reverts commit 56afa6bd42rchincha.dev@gmail.com >
2025-05-22 21:29:00 -07:00
56afa6bd42
feat(mcp): add MCP extension support with routes and configuration
2025-05-22 23:24:55 +00:00
8a99a3ed23
Merge commit from fork
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-05-22 09:08:28 -07:00
af4a46b331
fix(sync): fixed checking updates in remote tags digest ( #3156 )
...
when preserveDigest option in sync is enabled
closes : #3129
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
2025-05-20 09:34:38 -07:00
7291b88896
chore: fix dependabot alerts ( #3154 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-12 22:21:42 -07:00
32a5eee521
chore: fix dependabot alerts ( #3141 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-05 22:06:22 -07:00
bc5fd1a357
feat(events): add events extension ( #3045 )
...
* feat: add events config
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: implement event support with log sink
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: integrate events and update tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: update event config
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: implement http and nats sinks. remove log sink
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: events extension setup
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: cleanup tests to use nil event recorder
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: update events config example and add more logging
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: better use of build tags for minimal binary
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: missing store param in evelated privileges tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: regression in config decoding
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: update check logs script to enable cross-platform usage via GREP_BIN_PATH envvar
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: fix log lint issue for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: fix failing events disabled test
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: add blackbox tests for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: specify architecture when downloading binaries in Makefile
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: improve failure handling when no valid sinks are provided
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: fix data race in events test
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: cleanup event decoding
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: fix logging tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: make nats server test more reliable
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: go mod cleanup
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: add sleep when setting up nats client
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: ensure event sink errors do not propogate
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: increase coverage for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat(events): Refactor events to be non-blocking from caller.
Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: remove harded-coded linux
Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com >
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat(events): fail to start if incorrect event sink is configured
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: allow cli tests to return errors instead of panic
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: bump nats server to v2.11.3
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
---------
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Co-authored-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-05-02 12:30:06 -07:00
06a0cd5220
chore: fix dependabot alerts ( #3127 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-30 21:47:54 +03:00
293f424457
chore: update conformance badge ( #3114 )
...
We need to report conformance results from the default branch only.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-23 15:26:46 -07:00
b780b36841
chore: fix dependabot alerts ( #3112 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-22 23:16:40 -07:00
6ffb0183e3
fix: remove unneeded double locks in redis implementation of metadb ( #3055 )
...
fix: remove uneeded double locks in redis implementation of metadb
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-04-17 19:25:42 +03:00
8f3533ac12
fix: get groups claim from idtokenclaims ( #3101 )
...
* fix: get groups claim from idtokenclaims
Signed-off-by: Philipp Lange <ph.lange@pm.me >
* fix: lint
Signed-off-by: Philipp Lange <ph.lange@pm.me >
---------
Signed-off-by: Philipp Lange <ph.lange@pm.me >
2025-04-17 12:02:36 +03:00
0e2aa81439
feat(sync): use regclient for sync extension ( #2903 )
...
* feat(sync): use regclient for sync extension
replaced containers/image package with regclient/regclient package
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): fixed converting innner docker list mediatype
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* feat(sync): added option to preserve digest
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): added coverage and various fixes
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(metadb): fixed converting manifest list not setting platform and annotations
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): remove read lock on storage, not used concurrently
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* feat(sync): added cache for repo tags
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): fixed Makefile
removed opengpg tag
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): add test for on demand referrer
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
---------
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
2025-04-15 16:58:15 -07:00
2592d4c784
chore: fix dependabot alerts ( #3099 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-14 22:43:56 -07:00
62af65b07d
chore: fix dependabot alerts ( #3084 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-08 22:57:22 -07:00
ef1d6f37ce
ci: update golang version to be synced to gh ( #3073 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-06 01:15:29 -07:00
bb7039f138
chore: fix dependabot alerts ( #3072 )
...
* chore: fix dependabot alerts
* chore: update container builds to use golang 1.24
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-05 00:57:20 -07:00
fd761c0254
chore: fix dependabot alerts ( #3070 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* ci: fix linter config
* fix: linter fixes
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-04 00:31:02 -07:00
cb9b82823a
fix(zui): show referrers pointing to image manifests ( #3053 )
...
See https://github.com/project-zot/zui/issues/476
In previous implementations the referrers tab only showed the referrers returned at image
level, ignoring the referrers returned at manifest level.
This is fine for singlearch images, since they are the same.
For images containing multiple manifests only index referrers were shown.
The current implementation would show both the referrers to the index and the current manifest.
Also fix refreshing the data shown in the tag details tabs on changing the selected manifest
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-24 13:19:09 +02:00
32eb4579da
feat: handle multiple attributes ( #3052 )
...
Enhance LDAP user group retrieval to handle multiple attributes
Signed-off-by: 周游 <hi@zhouyou.info >
2025-03-22 22:47:02 -07:00
b9d453ca93
chore: fix dependabot alerts ( #3051 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-21 18:28:59 -07:00
30467e60cf
feat: build windows binaries ( #3047 )
...
Currently zot project doesn't build and ship Windows binaries.
This PR adds that support.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-21 12:51:44 -07:00
509327da2e
fix: bump zui version to fix minor issues with handling empty manifest lists and missing platform information ( #3044 )
...
- fix: do not error in TagDetails if an empty manifest list is returned from the backend
- fix: use '----' as default for missing Os/Arch in drop-down and card (this value is for consistency with other such places where the values are missing)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-19 19:34:33 +02:00
ff50aab9b3
chore: fix dependabot alerts ( #3041 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* test: fix http status code check
Related to gqlgen changes
- github.com/99designs/gqlgen v0.17.66
+ github.com/99designs/gqlgen v0.17.68
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-18 20:10:55 -07:00
f9b647beaf
ci: fix failures in nightly ( #3042 )
...
- fix log folder names used by nightly jobs
- fix attempt to install containerd.io in the redis pipeline (which conflicts with containerd)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-18 10:39:51 -07:00
4bf708caff
chore: Remove VOLUME instruction from image ( #3027 )
...
Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com >
2025-03-18 10:38:28 +02:00
88ad384506
test: do not use the clustering feature in case of redis + s3 storage
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-17 09:12:10 +02:00
8438c83a23
test: add scale-out clustering tests using multiple zot servers with with redis and S3 integration
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-17 09:12:10 +02:00
2a4edde637
chore: update image and dist specs to v1.1.1 ( #3023 )
...
chore: update image-spec and dist-spec to v1.1.1
As side effect the warnings mentioned in https://github.com/project-zot/zui/issues/475#issuecomment-2715802363 should no longer show up.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-13 10:06:02 +02:00
d87cdc9840
chore: fix dependabot alerts ( #3026 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-12 20:30:53 -07:00
c87f489a79
fix: allow changing media-type when pushing an image tag ( #3022 )
...
Fixes #3005
Previously, changing a image's media-type was disallowed.
However, "docker buildx" appears to first push an image manifest and
then an image index for the same image tag. So, allow this.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-11 10:38:47 -07:00
0930e57184
fix: show data from docker mediatypes in search results ( #3019 )
...
Including handling indexes / manifest lists for buildkit manifest lists containing image cache
See
- https://github.com/project-zot/zui/issues/475
- https://github.com/project-zot/zot/issues/3000#issuecomment-2709031927
Fix and unrelated issue with killing zot and collecting logs in case of cluster test failures
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-11 11:43:30 +02:00
651d123731
chore: fix dependabot alerts ( #3021 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-11 01:40:27 -07:00
d465690630
[feat]: add support for EC/ED25519 public keys for token authentication ( #2998 )
...
* feat: rework token auth to allow ED25519/EC public keys
Signed-off-by: evanebb <git@evanus.nl >
* fix: shadow err variable to hopefully avoid data race
Signed-off-by: evanebb <git@evanus.nl >
* fix: apply golangci-lint feedback
Signed-off-by: evanebb <git@evanus.nl >
* fix: simplify public key loading by only supporting certificates, fixes ED25519 certificate handling
Signed-off-by: evanebb <git@evanus.nl >
* test: add golang-jwt based test auth server and test RSA/EC/ED25519 keys
Signed-off-by: evanebb <git@evanus.nl >
* fix: restrict allowed signing algorithms as recommended by library
Signed-off-by: evanebb <git@evanus.nl >
* test: add more bearer authorizer tests
Signed-off-by: evanebb <git@evanus.nl >
* fix: apply more golangci-lint feedback
Signed-off-by: evanebb <git@evanus.nl >
* test: ensure chmod calls run on test failure for authn errors test
Signed-off-by: evanebb <git@evanus.nl >
* fix: verify issued-at in given token if present
Pulls the validation in-line with the old library
Signed-off-by: evanebb <git@evanus.nl >
---------
Signed-off-by: evanebb <git@evanus.nl >
2025-03-06 14:32:13 -08:00
e7fb9c5e60
chore: fix dependabot alerts ( #3002 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-04 22:53:21 -08:00
983dc7f8d5
Cumulative improvements for CI troubleshooting ( #2996 )
...
* feat: show more error information in zb output
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore(ci): gc stress tests to save logs as artifacts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: add benchmark results to job summaries
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* fix: count and show zb errors
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* ci: fix the flaky coverage of the redis logger
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-01 01:04:09 +02:00
3893eec714
feat(htpasswd): add autoreload for htpasswd ( #2933 )
...
* feat(htpasswd): move htpasswd processing to a helper struct and add reload
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com >
* feat(htpasswd): use dedicated fsnotify reloader for htpasswd file
- rewrite htpasswd watcher not to store context
- improve logging
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com >
* feat(htpasswd): add htpasswd reload test
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com >
---------
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com >
2025-02-27 12:42:57 +02:00
7e07bae4d6
chore: fix dependabot alerts ( #2991 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-26 23:27:01 -08:00
546a7ea425
chore: fix dependabot alerts ( #2988 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-25 20:39:45 -08:00
328606def0
chore: fix dependabot alerts ( #2978 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-22 22:28:23 -08:00
88efa50de9
fix: Update AWS DynamoDB permission list and correct issues in DynamoDB examples ( #2963 )
...
fix: Update AWS DynamoDB permission list, and correct issues in DynamoDB examples
Note DeleteTable is only used for the zot tests, should not be needed in production
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-02-13 19:11:06 +02:00
528c2e5f6d
chore: fix dependabot alerts ( #2961 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-11 20:11:41 -08:00
e3c42a76c5
More validation for DynamoDB cache driver cachetablename ( #2949 )
...
fix: More validation for DynamoDB cache driver cachetablename
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-02-09 18:56:02 +02:00
d0ad93532f
chore: fix dependabot alerts ( #2945 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-03 23:34:01 -08:00
ea6b6dab23
fix: MetaDB fixes related to Docker media types ( #2934 )
...
* fix: update download counters for docker media types
closes #2929
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* fix: handle docker config mediatype in MetaDB
The OS/Arch/Layer History information was not written to MetaDB
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-02-03 08:29:55 +02:00
Andrei Aaron