2b60e11ce4
chore: update cosign from v2 to v3 ( #3561 )
...
* chore: update cosign from v2 to v3
Also do not import cosing into zli, as it doubles the bianry size
See: https://github.com/project-zot/zot/actions/runs/19506399474/job/55833719683?pr=3561
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
* chore: privileged-test should not depend on downloaded images
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
---------
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-20 00:43:57 +02:00
8e63df6678
chore: update github.com/olekukonko/tablewriter to v1.1.1 ( #3559 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-18 23:02:50 -08:00
49c15abf06
chore: fix dependabot alerts ( #3555 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-18 08:46:51 +02:00
2b6fba7059
chore: fix dependabot alerts ( #3534 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-10 23:45:17 -08:00
04ae0a9409
fix: add support for sha256 and sha512 in htpasswd ( #3497 )
...
feat: add support for sha256 and sha512 htpasswd formats
Fixes issue #3495
We currently support only bcrypt htpasswd hashes, however bcrypt is not
FIPS-140 approved since it uses Blowfish.
This PR adds support for sha256 and sha512 formats and enforces that
bcrypt be disabled when fips140 mode is enabled.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-09 15:28:29 +02:00
911244b4b7
chore: fix dependabot alerts ( #3517 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-06 17:08:18 -08:00
33c466e007
chore: fix dependabot alerts ( #3514 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-04 14:11:27 +02:00
a0943eccfe
chore: fix dependabot alerts ( #3496 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: initialize logger in ut
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-30 14:21:53 -07:00
559d9cf2fc
chore: fix dependabot alerts ( #3477 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-22 09:46:03 +03:00
dfb5d1df54
fix: make config read/write thread safe ( #3432 )
...
* fix: make config read/write thread safe and fix some other similar issues
1. The config config has a lock, and safe methods to update and read the attributes
2. The config has methods to retrieve copies of specific attributes, such as the extyensions config, the auth config, and the authz config.
These are needed, as the config object may mutate in the middle of an auth/authz requests, and we avoid partial configuration being applied for that request.
3. Fix an issue with the monitoring server not stopping when the controller is shut down.
4. Fix an issue with the HTPasswdWatcher not stopping when the background tasks are supposed to finish.
5. Fix some tests using hardcoded ports.
Moved some of the methods which were on the main config to the auth, access control and extension configs
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-10-18 11:20:58 +03:00
b2bbbb27f2
chore: fix dependabot alerts ( #3461 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-14 08:07:24 +03:00
411a3d00b5
fix: update go-redsync for fips-140 compatibility ( #3451 )
...
* fix: update go-redsync for fips-140 compatibility
Fixes issue #3445
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: address comments and add a basic push-pull test
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: address comments
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-13 09:34:12 +03:00
1d9c9aeacf
chore: fix dependabot alerts ( #3444 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-07 14:14:34 +03:00
86af38abfc
feat(sessions): add support for remote redis session store ( #3345 )
...
Description
====================
zot currently stores session cookies in memory or in a local directory.
For cases where the session cookies should be independent of the
instance where they were created such as multiple instances of zot, or a
fully stateless zot instance, there is a need to support a remote
session storage.
This change adds support for using Redis and Redis-compatible services as a
remote session driver as well as introduces a new configuration option
for it.
What has changed
=======================
- New config added under Auth config to specify configuration for
the session driver.
- Examples README updated with details of the new Auth config.
- The config supports only 2 drivers in this change - local and redis
- Using the local driver is backwards compatible and behaves the same
way that zot currently works for local session storage.
- Omitting this config does not result in an error. In this case, zot
behaves as it normally does for local session storage.
- When configured, zot can use redis for persisting cookie
information for zot UI.
- The cookie in the store is deleted on logout or after the max
expiry time for the cookie.
- Configuration for the redis session driver accepts the same configuration
values as that of the remote meta cache.
- A separate connection is established for the session driver. An
existing connection for meta cache will not be re-used for the
session driver.
- A key prefix is configurable for the redis session driver. The value will be
converted into a string for use. If no value is provided, a default
prefix of "zotsession" will be used.
- Redis sessions does not support hash key or encryption in this change.
- New BATS test added to verify zot behavior with Redis session store.
- Github workflow updated to install valkey-tools dependency for BATS.
Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com >
2025-10-05 10:13:38 +03:00
b1842ab9e0
fix: migrate from github.com/rs/zerolog to golang-native log/slog ( #3405 )
...
* fix: migrate from github.com/rs/zerolog to golang-native log/slog
We have been using zerolog for a really long time.
golang now has structured logging using slog.
Best to move to this in interests of long-term support.
This is a tech debt item.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: a few changes on top
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: address comments
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-03 12:34:03 -07:00
5309e7f5cf
chore: increase/stabilize go test coverage ( #3411 )
...
* chore: increase/stabilize coverage for the local storage driver
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
* chore: add/stabilize coverage for soring ImageSummary objects
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
* chore: stabilize coverage in sync tests
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
---------
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-10-01 15:24:38 -07:00
5e5bd1e33c
chore: fix dependabot alerts ( #3422 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-30 09:56:53 +03:00
1fdf1aad9d
chore: fix dependabot alerts ( #3407 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-26 14:27:16 +03:00
e49048958d
chore: fix dependabot alerts ( #3397 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-18 11:49:04 -07:00
97ab0e2568
chore: fix dependabot alerts ( #3380 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* ci: bump up golang version to 1.24.x
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-11 11:11:38 +03:00
9bb73d43b4
chore: fix dependabot alerts ( #3365 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-07 00:04:16 -07:00
cb520aa9e4
Fix deps ( #3343 )
...
* chore(ci): fix sync images workflow
golang image is sync'ed from dockerhub and it appears certs have expired
that is breaking 'docker trust inspect ...'
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-28 09:05:59 -07:00
f689c13f2e
chore: fix dependabot alerts ( #3328 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-19 01:49:36 -07:00
69e58b092d
chore: fix dependabot alerts ( #3312 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-16 00:23:35 -07:00
a13c917b73
chore: fix dependabot alerts ( #3292 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: update trivy api call
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-06 10:09:53 -07:00
77abd8b101
chore: fix dependabot alerts ( #3280 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-31 20:27:39 -07:00
966d4584ba
chore: fix dependabot alerts ( #3275 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-26 10:10:26 +03:00
e775f41edc
chore: fix dependabot alerts ( #3274 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-25 09:33:23 -07:00
552242f558
chore: fix dependabot alerts ( #3258 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-10 09:01:40 +03:00
e33a937b38
chore: fix dependabot alerts ( #3255 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-07 22:27:05 -07:00
2c7e8fd33e
chore: fix dependabot alerts ( #3245 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-05 00:06:32 +03:00
c298818cc2
feat: healthz server ( #3228 )
...
* feat: healthz server
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: startup and readiness probe activation points
Enable startup probe at end of Controller.Init and readiness probe at
end of Controller.Run
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: rewrote to reuse same HTTP listener
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
---------
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
2025-07-04 19:13:01 +03:00
9755bba9ba
chore: fix dependabot alerts ( #3225 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-25 23:15:31 -07:00
100dfec142
chore: fix dependabot alerts ( #3213 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-17 10:09:19 -07:00
8867814d95
chore: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.0.7 ( #3198 )
...
* chore: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.0.7
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* fix: zli failed to connect to https server using test certificates
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-16 00:07:15 +03:00
6a22640bfa
Fix dependabot alerts ( #3188 )
...
* chore: update github.com/redis/go-redis/v9 to v9.9.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update trivy to v0.63.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update github.com/spf13/cast to v1.9.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update ossf/scorecard-action from 2.4.1 to 2.4.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: fix multiple dependabot alerts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-09 10:40:13 -07:00
167f7e34cd
chore: fix dependabot alerts ( #3155 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-27 18:58:50 +03:00
7291b88896
chore: fix dependabot alerts ( #3154 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-12 22:21:42 -07:00
32a5eee521
chore: fix dependabot alerts ( #3141 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-05 22:06:22 -07:00
bc5fd1a357
feat(events): add events extension ( #3045 )
...
* feat: add events config
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: implement event support with log sink
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: integrate events and update tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: update event config
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: implement http and nats sinks. remove log sink
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: events extension setup
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: cleanup tests to use nil event recorder
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: update events config example and add more logging
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: better use of build tags for minimal binary
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: missing store param in evelated privileges tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: regression in config decoding
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: update check logs script to enable cross-platform usage via GREP_BIN_PATH envvar
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: fix log lint issue for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: fix failing events disabled test
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: add blackbox tests for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: specify architecture when downloading binaries in Makefile
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: improve failure handling when no valid sinks are provided
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: fix data race in events test
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: cleanup event decoding
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: fix logging tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: make nats server test more reliable
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: go mod cleanup
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: add sleep when setting up nats client
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: ensure event sink errors do not propogate
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: increase coverage for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat(events): Refactor events to be non-blocking from caller.
Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: remove harded-coded linux
Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com >
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat(events): fail to start if incorrect event sink is configured
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: allow cli tests to return errors instead of panic
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: bump nats server to v2.11.3
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
---------
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Co-authored-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-05-02 12:30:06 -07:00
06a0cd5220
chore: fix dependabot alerts ( #3127 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-30 21:47:54 +03:00
b780b36841
chore: fix dependabot alerts ( #3112 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-22 23:16:40 -07:00
0e2aa81439
feat(sync): use regclient for sync extension ( #2903 )
...
* feat(sync): use regclient for sync extension
replaced containers/image package with regclient/regclient package
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): fixed converting innner docker list mediatype
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* feat(sync): added option to preserve digest
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): added coverage and various fixes
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(metadb): fixed converting manifest list not setting platform and annotations
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): remove read lock on storage, not used concurrently
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* feat(sync): added cache for repo tags
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): fixed Makefile
removed opengpg tag
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): add test for on demand referrer
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
---------
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
2025-04-15 16:58:15 -07:00
2592d4c784
chore: fix dependabot alerts ( #3099 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-14 22:43:56 -07:00
62af65b07d
chore: fix dependabot alerts ( #3084 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-08 22:57:22 -07:00
bb7039f138
chore: fix dependabot alerts ( #3072 )
...
* chore: fix dependabot alerts
* chore: update container builds to use golang 1.24
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-05 00:57:20 -07:00
fd761c0254
chore: fix dependabot alerts ( #3070 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* ci: fix linter config
* fix: linter fixes
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-04 00:31:02 -07:00
b9d453ca93
chore: fix dependabot alerts ( #3051 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-21 18:28:59 -07:00
ff50aab9b3
chore: fix dependabot alerts ( #3041 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* test: fix http status code check
Related to gqlgen changes
- github.com/99designs/gqlgen v0.17.66
+ github.com/99designs/gqlgen v0.17.68
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-18 20:10:55 -07:00
2a4edde637
chore: update image and dist specs to v1.1.1 ( #3023 )
...
chore: update image-spec and dist-spec to v1.1.1
As side effect the warnings mentioned in https://github.com/project-zot/zui/issues/475#issuecomment-2715802363 should no longer show up.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-03-13 10:06:02 +02:00
Andrei Aaron