github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-15 20:07:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,140 Commits 38 Branches 132 Tags
819994cca1f3be3827c2dbf9756687f5be279401
Commit Graph

1140 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ramkumar Chinchani 819994cca1 chore: fix dependabot alerts (#2352) 
https://github.com/project-zot/zot/pull/2343
https://github.com/project-zot/zot/pull/2349
https://github.com/project-zot/zot/pull/2350

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
v2.0.3 		2024-03-26 11:33:25 -07:00
Andrei Aaron 864cd00b9e fix: Allow GET requests on repositories not found in metadb (#2351) 
The issue was reported on Slack.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-03-26 18:38:58 +02:00
Ramkumar Chinchani 5639dfb2a9 chore: fix dependabot alerts (#2348) 2024-03-26 06:48:22 +02:00
Andrei Aaron dd6b6a5a7b feat(ui): new signature UX (#2339) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-03-25 10:38:09 -07:00
Vishwas R aa53782e5c feat: show brief package list in image CVE listings (#2338) 
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
 2024-03-25 10:36:14 -07:00
Ramkumar Chinchani 4105f120ef ci: add a ML model artifact test case (#2332) 
Both as a test and an example.

Inspired by:
    https://github.com/kubeflow/model-registry/blob/main/docs/logical_model.md

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-03-21 22:30:43 +02:00
Andrei Aaron 8b4abc6ef6 Add a job to check zot config examples (and fix existing examples) (#2322) 
* fix: Add credentials config verification

(cherry picked from commit e7fdfa0bcc)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: Update golang version to 1.21.x

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit cbc0f89dfb)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: LDAP credentials files are now required, add more tests

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit b74366d50b)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: Update error handling, add more tests

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
(cherry picked from commit 8a61bbc2d4)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix: Add coverage

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: onidoru <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: onidoru <onidoru@yahoo.com>
Co-authored-by: Nikita Kotikov <25552941+onidoru@users.noreply.github.com>
 2024-03-21 10:23:37 -07:00
Andrei Aaron 375c35c5a1 chore: update to go 1.22 (#2330) 
* chore: update to go 1.22

Only go toolchain version is updated.
We compile with go 1.22, but we allow others to compile using language version 1.21 if they wish to.
If we also updated the go version in go.mod everyone would be forced to update, as that is enforced as a minimum allowed version.

This comment explains the difference well enough https://news.ycombinator.com/item?id=36455759

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* chore: fix freeBSD AMD64 build

Looks like they made some cleanup in the logic allowing buildmode pie on various platforms.

Related to https://github.com/golang/go/issues/31544
See the code at: https://cs.opensource.google/go/go/+/master:src/internal/platform/supported.go;l=222-231;drc=d7fcb5cf80953f1d63246f1ae9defa60c5ce2d76;bpv=1;bpt=0

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-03-20 11:53:11 -07:00
Ramkumar Chinchani 28e9aabecf chore: fix dependabot alerts (#2331) 
https://github.com/project-zot/zot/pull/2324
https://github.com/project-zot/zot/pull/2325
https://github.com/project-zot/zot/pull/2326
https://github.com/project-zot/zot/pull/2327
https://github.com/project-zot/zot/pull/2328
https://github.com/project-zot/zot/pull/2329

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-03-20 07:37:29 +02:00
Ravi Chamarthy eec277e14d chore: update support matrix 
Signed-off-by: Ravi Chamarthy <ravi@chamarthy.dev>
 2024-03-14 09:43:42 -07:00
Ravi Chamarthy 4ddfcdd092 chore: add ossf scorecard 
Signed-off-by: Ravi Chamarthy <ravi@chamarthy.dev>
 2024-03-14 09:43:42 -07:00
Ramkumar Chinchani ce7a9466c6 chore: update zui version (#2319) v2.0.2-rc3 v2.0.2 2024-03-13 07:33:23 +02:00
Ramkumar Chinchani fdb401273c fix: ignore metadb errors if tag not found (#2301) 2024-03-13 07:28:08 +02:00
Vishwas R c7472a2dda feat: add verbose mode for cves for image listing (#2308) 
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
 2024-03-12 13:38:48 -07:00
Ramkumar Chinchani 413514c0d4 chore: fix dependabot alerts (#2317) 2024-03-12 08:03:29 +02:00
ossfellow dc0e41ad53 test(blackbox): add multi-arch index creation and image attributes modification (#2306) 
* test: add multi-arch index creation and image modification tests

Signed-off-by: ossfellow <masoud@operatik.io>

* chore: update regclient version to the latest

Signed-off-by: ossfellow <masoud@operatik.io>

---------

Signed-off-by: ossfellow <masoud@operatik.io>
 2024-03-08 08:49:12 -08:00
Ramkumar Chinchani 2dd1fc9316 chore: fix dependabot alerts (#2302) 
https://github.com/project-zot/zot/pull/2297
https://github.com/project-zot/zot/pull/2298

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-03-07 21:20:35 +02:00
Ramkumar Chinchani 18235ca254 fix(oras)!: remove ORAS artifact references support (#2294) 
* fix(oras)!: remove ORAS artifact references support

ORAS artifacts/references predated OCI dist-spec 1.1.0 which now has the
same functionality and likely to see wider adoption.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

* test: update to released official images

So that they are unlikely to be deleted.
*-rc images may be cleaned up over time.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-03-06 12:16:42 -08:00
LaurentiuNiculae 5039128723 feat(cve): cli cve diff (#2242) 
* feat(gql): add new query for diff of cves for 2 images

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

* feat(cli): add cli for cve diff

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

---------

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2024-03-06 10:40:29 +02:00
Ramkumar Chinchani 752b9e87c1 chore: fix dependabort alerts (#2295) 
https://github.com/project-zot/zot/pull/2287
https://github.com/project-zot/zot/pull/2288
https://github.com/project-zot/zot/pull/2289
https://github.com/project-zot/zot/pull/2290
https://github.com/project-zot/zot/pull/2291
https://github.com/project-zot/zot/pull/2292
https://github.com/project-zot/zot/pull/2293

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-03-04 21:30:27 +02:00
peusebiu 6f00e843a0 fix(sync): sync generator now backs off on errors (#2272) 
handle unsupported features like oci artifacts.

closes: #2238

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2024-03-04 09:44:11 -08:00
peusebiu 740eae8f26 fix(sync): better cleaning sync's download dir (#2273) 
added cleanup in the case of copy.Image() failures.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
v2.0.2-rc2 		2024-02-29 09:09:21 -08:00
Andrei Aaron 6561e9f527 feat(ui): show CVE package path (#2286) 
See https://github.com/project-zot/zui/pull/428 for details

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-29 07:57:05 -08:00
Ramkumar Chinchani d00f5282fa chore: fix dependabot alerts (#2283) 
https://github.com/project-zot/zot/pull/2270
https://github.com/project-zot/zot/pull/2271
https://github.com/project-zot/zot/pull/2274
https://github.com/project-zot/zot/pull/2275
https://github.com/project-zot/zot/pull/2276
https://github.com/project-zot/zot/pull/2277
https://github.com/project-zot/zot/pull/2278
https://github.com/project-zot/zot/pull/2279
https://github.com/project-zot/zot/pull/2280
https://github.com/project-zot/zot/pull/2281
https://github.com/project-zot/zot/pull/2282

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-02-28 00:45:00 +02:00
Ramkumar Chinchani 565eca2609 chore: fix dependabot alerts (#2268) 
https://github.com/project-zot/zot/pull/2258
https://github.com/project-zot/zot/pull/2259
https://github.com/project-zot/zot/pull/2260
https://github.com/project-zot/zot/pull/2261
https://github.com/project-zot/zot/pull/2262
https://github.com/project-zot/zot/pull/2263
https://github.com/project-zot/zot/pull/2264
https://github.com/project-zot/zot/pull/2265
https://github.com/project-zot/zot/pull/2266
https://github.com/project-zot/zot/pull/2267

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2024-02-20 21:51:40 +02:00
Andrei Aaron 4e5db84cb1 chore: update image-spec and dist spec to 1.1.0 (#2255) 
BREAKING CHANGE: the dist spec version in the config files needs to be bumped to 1.1.0
in order for the config verification to pass without warnings.

Also fix 1 dependabot alert for helm.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-20 13:27:21 +02:00
Andrei Aaron 960686b957 feat(ui): introduce API key management in ZUI (#2256) 
See Raul's PR: https://github.com/project-zot/zui/pull/403

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-20 12:23:58 +02:00
Andrei Aaron 6c953d6400 test: fix flacky coverage in cookiestore cleanup tests (#2257) 
Refactor and add more coverage to test flacky coverage in case sessions
which are already deleted are flagged as expired/for deletion.

See coverage drop in pkg/api/cookiestore.go:
https://app.codecov.io/gh/project-zot/zot/commit/8e68255946e745b872cc58ecd0899fd766bc1139/indirect-changes

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-19 14:43:30 -08:00
Andrei Aaron 2d2e005449 fix(npe): handle case where os.Stat returns different error types in DirExists (#2253) 
See https://github.com/project-zot/zot/actions/runs/7905369535/job/21577848110

Also add tests to fix some of the coverage fluctuations.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-18 08:00:00 +02:00
Andreea Lupu aafb1a50ac feat(ui): update zui version (#2251) 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2024-02-16 11:39:14 +02:00
Vishwas R 0aa6bf0fff feat: include PackagePath data in CVEs for image queries (#2241) 
Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
 2024-02-15 13:19:49 -08:00
Andrei Aaron cc2eda0335 test: add test images build instructions and stacker.yamls (#2249) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-15 13:49:25 +02:00
Andreea Lupu d04568b853 feat(ui): update zui version (#2248) 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2024-02-14 22:19:19 +02:00
peusebiu 8e68255946 fix(sync): added bearer client for sync (#2222) 
fixed ping function taking too much time

closes: #2213 #2212

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2024-02-14 09:18:10 -08:00
Andrei Aaron d0eb043be5 feat: Get the image LastUpdated timestamp from annotations (#2240) 
Fallback to Created field and the History entries in the image config
only if the annotation "org.opencontainers.image.created" is not available

closes #2210

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-14 09:14:24 -08:00
Andrei Aaron ec38d39c06 chore(go.mod): fix dependabot alerts (#2247) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-14 09:12:57 -08:00
Andreea Lupu 55acce6923 feat(graphql): filter CVEs by severity (#2246) 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2024-02-14 09:11:57 -08:00
LaurentiuNiculae de90abd5dc style(metadb): use type aliases for metadb types to be easier to read (#2043) 
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
 2024-02-14 09:08:08 -08:00
Andrei Aaron 36e04a40c2 ci(nightly): update go version used for prometheus tests (#2239) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-09 17:19:16 +02:00
peusebiu 5b83937d40 fix(tests): fixed inconsistent sync test (#2237) 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2024-02-08 18:28:59 +02:00
Andrei Aaron f1d38d9dad test(blackbox): fix the scrub test sometimes deleting the image manifest from the layout (#2236) 
If the manifest is not present, scrub no longer errors,
so the test looking for errors in the log was not failing.

See the related scrub changes in: https://github.com/project-zot/zot/pull/2180

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-08 15:21:42 +02:00
Andrei Aaron 60dc8569ec build(go): switch to go 1.21 (#2049) 
Also update to the latest swaggo version, as the previous one did not work with go 1.21

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-07 10:54:28 -08:00
Andrei Aaron 4e33c172bb feat(ui): show more information about CVEs (#2233) 
see: https://github.com/project-zot/zui/pull/419

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
v2.0.2-rc1 		2024-02-05 11:40:27 -08:00
Vishwas R b332b43fb5 ci: release a checksums file with SHA256 hashes for release assets (#2227) 
* ci: generate sha256 checksums for release assets

Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>

* ci: add wildcard character prefix to filenames in checksum file

Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>

---------

Signed-off-by: Vishwas Rajashekar <vrajashe@cisco.com>
 2024-02-05 10:19:48 -08:00
Andrei Aaron e3065f6a2c chore(deps): fix dependabot alerts (#2232) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-05 09:56:38 -08:00
Andrei Aaron 92cece7c86 ci: add script to build/publish zot multiarch images and modify the publish pipeline to use it (#2214) 
Example usage:
   scripts/build_multiarch_image.sh --registry ghcr.io/project-zot --source-tag v2.0.0 --file build/multiarch-zot.json --destination-tags="v2.0.0 latest"

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-02 10:55:53 -08:00
Andrei Aaron a60d3891ff ci: stabilize ecosystem client tools workflow (#2224) 
Since the scheduler no longer executes generators in a fixed order, and scrub logic refactoring,
the scrub tasks may or may not complete in the expected time.
Increase sleep times used to search for tasks results in zot logs.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-02 16:11:27 +02:00
Andrei Aaron 6a83dd47c0 fix(scheduler): the session cleanup generator is reset too often (#2220) 
This causes the "fair" scheduler to run it too often in the detriment of other generators.
The intention was to run it every 2 hours but the measurement unit for 7200 was not specified.

Add more logs, including showing a generator name, in order to troubleshoot this kind of issues easier in the future.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-02-01 09:15:53 -08:00
Andrei Aaron ce4924f841 refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187) 
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
 2024-01-31 20:34:07 -08:00
Andreea Lupu 129e503d2d feat(ui): update zui version (#2216) 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
 2024-01-31 11:20:57 -08:00