f0404e7e72
fix: gc for untagged docker manifests ( #3349 )
...
- fixes #3347 : removeUntaggedManifests() did not consider compatible manifest types
- add AsDockerImage() to Image and MultiarchImage for testing
- extend TestGarbageCollectAndRetentionMetaDB to test docker image and multiarch image
Signed-off-by: Stephan Merker <stephan.merker@sap.com >
2025-09-01 09:20:35 -07:00
cb520aa9e4
Fix deps ( #3343 )
...
* chore(ci): fix sync images workflow
golang image is sync'ed from dockerhub and it appears certs have expired
that is breaking 'docker trust inspect ...'
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-28 09:05:59 -07:00
f689c13f2e
chore: fix dependabot alerts ( #3328 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-19 01:49:36 -07:00
59679865ff
chore: update notation version ( #3316 )
...
to v1.3.2
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-17 10:25:18 -07:00
69e58b092d
chore: fix dependabot alerts ( #3312 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-16 00:23:35 -07:00
e8b530ad9d
ci: selectively revert this runner ( #3297 )
...
This workflow is failing. We will revisit once the default username
includes the docker group.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-14 12:38:45 -07:00
deb0e4a71b
chore(ci): update github runners to oci gh arc runners ( #3293 )
...
ci: update github runners to oci gh arc runners
Signed-off-by: Koray Oksay <koray.oksay@gmail.com >
2025-08-06 21:01:12 -07:00
a13c917b73
chore: fix dependabot alerts ( #3292 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: update trivy api call
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-06 10:09:53 -07:00
41183693b0
feat(freebsd): add support native freebsd container images ( #3256 )
...
* feat(freebsd): add support native freebsd container images
Fixes issue #1663
freebsd is now building and releasing official freebsd OCI container
images
https://hub.docker.com/r/freebsd/freebsd-runtime/tags
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: add freebsd support in publish workflow
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: bump stacker version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: disable non-functional darwin OCI image builds
darwin OCI images are non-functional until we get a usable base image.
Remove them.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: set freebsd-static as base image for FreeBSD images
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-03 08:58:30 -07:00
77abd8b101
chore: fix dependabot alerts ( #3280 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-31 20:27:39 -07:00
642d9ba5cb
fix: return the entire blob size in patch upload response ( #3279 )
...
https://github.com/regclient/regclient/issues/961
https://github.com/opencontainers/distribution-spec/pull/581
Previously, zot returned the size of the currently uploaded chunk.
Other registries the size of the entire blob.
Align with the latter behavior.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-30 17:32:54 -07:00
b2a5afc5c8
fix: close metadb on shutdown ( #3277 )
...
Fixes https://github.com/project-zot/helm-charts/issues/70
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-29 09:27:26 -07:00
966d4584ba
chore: fix dependabot alerts ( #3275 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-26 10:10:26 +03:00
e775f41edc
chore: fix dependabot alerts ( #3274 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-25 09:33:23 -07:00
552242f558
chore: fix dependabot alerts ( #3258 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-10 09:01:40 +03:00
06c1be119c
Read OpenID credentials from file ( #3244 )
...
* feat: read OpenID credentials from file
Signed-off-by: Uwe Jäger <uwe.jaeger@valiton.com >
* feat: allow credentials file and secret in config to keep BC
Signed-off-by: Uwe Jäger <uwe.jaeger@valiton.com >
---------
Signed-off-by: Uwe Jäger <uwe.jaeger@valiton.com >
2025-07-09 09:16:49 -07:00
432fde45af
Fix building zot natively on FreeBSD ( #3247 )
...
fix: allow zot to build on a FreeBSD host (#3246 )
The build works as long as the protoc package is installed on the build
host. This also fixes lint checks when building on FreeBSD, working
around common lint complaints caused by the fact that rlim_t is int64 on
FreeBSD.
Signed-off-by: Doug Rabson <dfr@rabson.org >
2025-07-08 15:12:15 +03:00
e33a937b38
chore: fix dependabot alerts ( #3255 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-07 22:27:05 -07:00
2c7e8fd33e
chore: fix dependabot alerts ( #3245 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-05 00:06:32 +03:00
c298818cc2
feat: healthz server ( #3228 )
...
* feat: healthz server
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: startup and readiness probe activation points
Enable startup probe at end of Controller.Init and readiness probe at
end of Controller.Run
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: rewrote to reuse same HTTP listener
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
---------
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
2025-07-04 19:13:01 +03:00
80081bb012
fix: GetNextRepository to use a list already scanned repositories as input ( #3230 )
...
Using just the last repository is not enough as in the case when it is deleted
(either by GC or some other way), GetNextRepository returns empty string
causing the generator to be marked completed without any errors.
An alternative would have been to start over from the first repository,
but this can take hours if multiple repositories need to be deleted,
not to mention the processing power and I/O and S3 load this could take.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-07-04 19:12:18 +03:00
e8ac21c001
chore: bump zui version ( #3241 )
...
Specifically to fix https://snyk.io/vuln/SNYK-JS-AXIOS-9403194
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-07-01 11:37:48 +03:00
9755bba9ba
chore: fix dependabot alerts ( #3225 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-25 23:15:31 -07:00
100dfec142
chore: fix dependabot alerts ( #3213 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-17 10:09:19 -07:00
4d5712da58
chore: update zui version ( #3212 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-16 12:58:12 -07:00
a7a13f4c62
feat: add token auth support for event sink ( #3197 )
...
feat: add token auth and custom headers support for http event sink
fixes issue #3187
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-15 15:23:31 -07:00
8867814d95
chore: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.0.7 ( #3198 )
...
* chore: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.0.7
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* fix: zli failed to connect to https server using test certificates
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-16 00:07:15 +03:00
e7a5e09214
fix: image retention policy to handle patterns even if metadb is not instantiated ( #3200 )
...
It is to fix #3185 .
This fixes the case where MetaDB is not instantiated (none of the conditions match),
and we want to retain tags only by pattern (which should not need to use MetaBD).
Without this fix you could only use retention to delete untagged manifests.
If you specified only the key "patterns" under "keepTags", zot would crash.
It was possible to not specify "keepTags" all, which would retain all tags,
but it was not possible to retains specific tags.
Basically the case quoted below, from the documentation, was broken::
https://zotregistry.dev/v2.1.4/articles/retention/#configuration-example
```
When you specify a regex pattern with no rules other than the default, all tags matching the pattern are retained.
```
This would only work if MetaDb was instantiated by an unrelated configured feature.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-15 07:38:52 +03:00
6a22640bfa
Fix dependabot alerts ( #3188 )
...
* chore: update github.com/redis/go-redis/v9 to v9.9.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update trivy to v0.63.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update github.com/spf13/cast to v1.9.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update ossf/scorecard-action from 2.4.1 to 2.4.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: fix multiple dependabot alerts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-09 10:40:13 -07:00
483c869920
Fix metrics authorization middleware bleed ( #3183 )
...
fix: metrics authorization middleware bleed (#3182 )
Fixes `extension_metrics_disabled.go` to correctly isolate the authz
middleware when the metrics extension is disabled.
Signed-off-by: Matthieu Mottet <m.mottet@outlook.com >
2025-06-05 15:41:32 -07:00
0c51cb72c3
fix: parse public key as fallback for certificate for bearer authentication ( #3180 )
...
* fix: parse public key as fallback for bearer auth
Signed-off-by: evanebb <git@evanus.nl >
* fix: use correct error message
Signed-off-by: evanebb <git@evanus.nl >
---------
Signed-off-by: evanebb <git@evanus.nl >
2025-06-04 08:53:44 +03:00
167f7e34cd
chore: fix dependabot alerts ( #3155 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-27 18:58:50 +03:00
1bf8eebba9
fix: license copyright update ( #3167 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-05-25 11:57:49 +03:00
eec57e62ca
Revert "feat(mcp): add MCP extension support with routes and configur… ( #3166 )
...
Revert "feat(mcp): add MCP extension support with routes and configuration"
This reverts commit 56afa6bd42rchincha.dev@gmail.com >
2025-05-22 21:29:00 -07:00
56afa6bd42
feat(mcp): add MCP extension support with routes and configuration
2025-05-22 23:24:55 +00:00
8a99a3ed23
Merge commit from fork
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-05-22 09:08:28 -07:00
af4a46b331
fix(sync): fixed checking updates in remote tags digest ( #3156 )
...
when preserveDigest option in sync is enabled
closes : #3129
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
2025-05-20 09:34:38 -07:00
7291b88896
chore: fix dependabot alerts ( #3154 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-12 22:21:42 -07:00
32a5eee521
chore: fix dependabot alerts ( #3141 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-05 22:06:22 -07:00
bc5fd1a357
feat(events): add events extension ( #3045 )
...
* feat: add events config
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: implement event support with log sink
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: integrate events and update tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: update event config
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat: implement http and nats sinks. remove log sink
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: events extension setup
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: cleanup tests to use nil event recorder
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: update events config example and add more logging
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* refactor: better use of build tags for minimal binary
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: missing store param in evelated privileges tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: regression in config decoding
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: update check logs script to enable cross-platform usage via GREP_BIN_PATH envvar
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: fix log lint issue for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: fix failing events disabled test
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: add blackbox tests for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: specify architecture when downloading binaries in Makefile
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: improve failure handling when no valid sinks are provided
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: fix data race in events test
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: cleanup event decoding
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: fix logging tests
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: make nats server test more reliable
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: go mod cleanup
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: add sleep when setting up nats client
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* fix: ensure event sink errors do not propogate
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: increase coverage for events
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat(events): Refactor events to be non-blocking from caller.
Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: remove harded-coded linux
Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com >
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* feat(events): fail to start if incorrect event sink is configured
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* test: allow cli tests to return errors instead of panic
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
* chore: bump nats server to v2.11.3
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
---------
Signed-off-by: Piaras Hoban <phoban01@gmail.com >
Signed-off-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Co-authored-by: Asgeir Nilsen <asgeir.nilsen@bouvet.no >
Co-authored-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-05-02 12:30:06 -07:00
06a0cd5220
chore: fix dependabot alerts ( #3127 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-30 21:47:54 +03:00
293f424457
chore: update conformance badge ( #3114 )
...
We need to report conformance results from the default branch only.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-23 15:26:46 -07:00
b780b36841
chore: fix dependabot alerts ( #3112 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-22 23:16:40 -07:00
6ffb0183e3
fix: remove unneeded double locks in redis implementation of metadb ( #3055 )
...
fix: remove uneeded double locks in redis implementation of metadb
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-04-17 19:25:42 +03:00
8f3533ac12
fix: get groups claim from idtokenclaims ( #3101 )
...
* fix: get groups claim from idtokenclaims
Signed-off-by: Philipp Lange <ph.lange@pm.me >
* fix: lint
Signed-off-by: Philipp Lange <ph.lange@pm.me >
---------
Signed-off-by: Philipp Lange <ph.lange@pm.me >
2025-04-17 12:02:36 +03:00
0e2aa81439
feat(sync): use regclient for sync extension ( #2903 )
...
* feat(sync): use regclient for sync extension
replaced containers/image package with regclient/regclient package
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): fixed converting innner docker list mediatype
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* feat(sync): added option to preserve digest
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): added coverage and various fixes
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(metadb): fixed converting manifest list not setting platform and annotations
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): remove read lock on storage, not used concurrently
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* feat(sync): added cache for repo tags
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): fixed Makefile
removed opengpg tag
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
* fix(sync): add test for on demand referrer
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
---------
Signed-off-by: Eusebiu Petu <petu.eusebiu@gmail.com >
2025-04-15 16:58:15 -07:00
2592d4c784
chore: fix dependabot alerts ( #3099 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-14 22:43:56 -07:00
62af65b07d
chore: fix dependabot alerts ( #3084 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-08 22:57:22 -07:00
ef1d6f37ce
ci: update golang version to be synced to gh ( #3073 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-06 01:15:29 -07:00
bb7039f138
chore: fix dependabot alerts ( #3072 )
...
* chore: fix dependabot alerts
* chore: update container builds to use golang 1.24
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-05 00:57:20 -07:00
Stephan Merker