Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
12,139 Commits 46 Branches 302 Tags 356 MiB
Commit Graph

639 Commits

Author SHA1 Message Date
Yang Jiao b4de95941b Specify postgresql version to 13 
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
 2022-01-12 08:55:42 +00:00
stonezdj 17d8b7b813 Add upload purge config to registry/config.yml 
Enable the uploadpurging by default
  Fixes #15641

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2022-01-04 11:15:51 +08:00
Qian Deng 69a194b2b4 Fix: using traditional `PKCS#1` format RSA key 
The openssl 3.0.0 using newer `PKCS#8` format.
But it's not compatitable with harbor core
So using tradictional format instead

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-12-10 11:34:12 +08:00
Qian Deng 5fc4449450
Merge pull request #16029 from ninjadq/fix_chart_replication_issue 
Fix: chart replication dup files issue
 2021-12-03 13:47:42 +08:00
Qian Deng 593117a127 Fix: chart replication dup files issue 
this patch fixed #15522

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-11-17 11:24:43 +00:00
Wang Yan a956758302
bump up go version to v1.17 (#15865) 
* bump up go version to v1.17

Signed-off-by: Wang Yan <wangyan@vmware.com>

* gofmt fail

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-10-25 17:28:29 +08:00
Rolf Ahrenberg 5f3972f86d
Add configurable timeout for Trivy scans (#15796) 
Signed-off-by: Rolf Ahrenberg <Rolf.Ahrenberg@saunalahti.fi>
 2021-10-22 14:36:12 +08:00
Yurii Paneiko be1e762b70
For some reason this script hangs on bzip2 presence checking (#15647) 
Steps to reproduce:

Clone repo from master branch
Run: make install COMPILETAG=compile_golangimage
Wait until script will check that bzip2 is installed

Signed-off-by: YuriiPaneiko <yurapaneyko@gmail.com>
 2021-10-14 20:11:14 +08:00
Qian Deng 3c23926bdc Add validation for tracing 
* add  validation of tracing in validating process

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-27 13:10:55 +00:00
stonezdj(Daojun Zhang) 972fa0880b
Merge pull request #15505 from ninjadq/add_distributed_tracing 
Add distributed tracing
 2021-09-22 14:16:19 +08:00
Qian Deng 354a2bd80d Enhance the trace related code 
* Move request id to requestid middleware
* fix span pass to child ctx on orm
* fix typos
* remove unused code
* add operation name to Transaction

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-22 04:14:43 +00:00
Qian Deng 05bc946444
Merge pull request #14383 from XavierDuthil/use-exec-in-entrypoints 
Use exec in all components' entrypoints
 2021-09-22 10:49:21 +08:00
Qian Deng bad913cf6d Refactor trace code 
* use lib trace helper function
* add gracefull shutdown
* Add commens for new added exposed function
* Add licence on top of new created files
* Update trace library
* Update configs
* Add attribute and namespance in config

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-18 10:58:52 +00:00
Qian Deng 6fec5b2873 Add trace to jobservice 
* Add trace init in main
* Add env template
* Add trace for router

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-18 10:58:52 +00:00
Qian Deng 14095fb10b Add trace to registryctl 
* Add trace init to main
* Add trace for http server
* Add trace for gc
* Add env template trace

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-18 10:58:52 +00:00
Qian Deng a15983432c Add trace for core 
* Add trace related lib
* Add trace middleware for core
* add rid for middleware

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-18 10:58:52 +00:00
Qian Deng b812a300be Add trace related configs 
* Update harbor config template
* Update python config parsing
* Update env template

Signed-off-by: Qian Deng <dengq@vmware.com>
 2021-09-18 10:58:52 +00:00
DQ e4c1521efc Add migration script for harbor 2.4 
Signed-off-by: DQ <dengq@vmware.com>
 2021-09-16 09:31:39 +00:00
Wenkai Yin(尹文开) 3ce072016f
Merge pull request #15527 from sevendials/logrotate_fails_when_cwd_is_not_readable 
Logrotate fails when cwd is not accessible
 2021-09-13 16:08:23 +08:00
Wang Yan dbcbc8bad0
bump up go to v1.16.7 (#15564) 
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-09-09 17:58:00 +08:00
Wang Yan 93a078d225
deprecate dns search (#15557) 
For details, please refer to https://github.com/goharbor/harbor/issues/14146#issuecomment-793390718
and https://github.com/docker/for-linux/issues/1164.

If anyone encounter the issue mentioned by https://github.com/goharbor/harbor/issues/6031, add the dns_search: . to the releated container.

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-09-08 14:22:59 +08:00
Christopher Jenkins 0585b148c7 Logrotate fails when cwd is not accessible 
Logrotate is run with sudo as the syslog user by cron.hourly
The current working directory is `/root` which is inaccessible to the syslog
user so the logrotate command fails. Currently the following stderr is being
thrown away by the cron script:
```
error: cannot open current directory: Permission denied
```

Fixes #15468

Signed-off-by: Christopher Jenkins <christj@gmail.com>
 2021-09-01 15:28:30 -07:00
孙世军 67681b1d83
update node version for portal container (#15396) 
Signed-off-by: AllForNothing <sshijun@vmware.com>
 2021-08-10 09:14:46 +08:00
Wang Yan 494d74d32d
bump up go version to 1.16 (#15286) 
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-07-08 16:25:15 +08:00
Wang Yan 4017e995b7 roll back go for notary binary 
Fixes #14932

Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration.

[Root cause]
Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15.

[References]
https://github.com/dvsekhvalnov/jose2go/issues/26
https://github.com/golang/go/issues/41089

[Resolve]
To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above.

[Break change]
If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario.

The influence path of the particular case:
Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above)
Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above)

The non influence path of the paticular case:
Harbor v2.1.0(or lower) --> v2.2.3(or above)
Harbor v2.1.0(or lower) --> v2.3.1(or above)

[Fix in Version]
Harbor v2.2.3 or above
Harbor v2.3.1 or above

[Note]
If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead.

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-06-29 16:18:55 +08:00
danfengliu c39345da96
Merge pull request #15148 from danfengliu/missing-db-base-login-in-build-base-workflow 
Fix issue of missing db base build process in build base workflow
 2021-06-16 16:39:56 +08:00
Will Sun 410c5bcd78
Undate Angular to the latest version (#15129) 
Signed-off-by: AllForNothing <sshijun@vmware.com>
 2021-06-16 16:39:10 +08:00
danfengliu f367aad760 Fix issue of missing db base build process in build base workflow 
There is extra build step for db base image building since v2.3, so this
step should be added back.

Signed-off-by: danfengliu <danfengl@vmware.com>
 2021-06-16 15:22:32 +08:00
He Weiwei 72f1afe2cc
perf: configurations for perf improvement (#15142) 
Closes #15041

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-06-15 18:39:15 +08:00
danfengliu 254c4a3497
Merge pull request #15046 from danfengliu/refine-base-build-process-in-makefile 
Refind build base process in Makefile
 2021-06-09 11:21:48 +08:00
He Weiwei 28921e2997 fix: listen to 5443 when clean unexpected status of db 
Closes #15081

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2021-06-08 06:41:23 +00:00
DQ 68ac772726 Fix: Remove v6 format of harbor 
Signed-off-by: DQ <dengq@vmware.com>
 2021-06-07 16:26:53 +08:00
Qian Deng 0867a6bfd6
Merge pull request #15055 from ninjadq/health_check_url_2_dn_instead_of_ip 
Add IPv6 support
 2021-06-03 17:57:55 +08:00
DQ 1b6b47f860 Add IPv6 support 
* 127.0.0.1 to localhost
* listening net addr add ipv6 format

Signed-off-by: DQ <dengq@vmware.com>
 2021-06-03 09:04:49 +00:00
danfengliu d66ea07c2f Refind build base process in Makefile 
Remove build base executable in Makefile by replacing it as an input parameter.
Add add more input parameters for controlling docker pull/push to make
build base process flexible for users.

Signed-off-by: danfengliu <danfengl@vmware.com>
 2021-06-03 14:48:34 +08:00
Wang Yan eec9893918 set shm size of postgres 
Fixed #15034, as for postgres 13, the default shm size is 64MB, set to 1gb to avoid could not resize shared memory segment error.

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-06-03 11:05:33 +08:00
Wang Yan ae06ac2fae
fix db issue on helm upgrade (#15028) 
fixes #15000

It needs to double confirm that old pg is stopped before migration

Signed-off-by: wang yan <wangyan@vmware.com>
 2021-06-01 15:59:41 +08:00
Wang Yan 66b8a8f8dd
add build arch parameter in Makefile (#14995) 
* add build arch parameter in Makefile

Add parameter BUILDARCH for make file. DB base builds pg96 for x86_64 only

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-06-01 10:38:05 +08:00
DQ 5d02acd043 Add upgrade script for harbor 2.3 
no new config item added. harbor.yml keep the same as last version

Signed-off-by: DQ <dengq@vmware.com>
 2021-05-28 20:30:12 +08:00
Qian Deng 9ea8aade01
Upgrade prepare to consistent with photon 4 (#14698) 
* requires version to 3.9.1
* upgrade packages

Signed-off-by: DQ <dengq@vmware.com>
 2021-05-26 16:39:04 +08:00
Wang Yan 39bdd7b506
pg upgrade failure handling (#14934) 
To ensure the upgrade execution idempotence, it needs to clean the $PGDATANEW on pg_upgrade failure.
Otherwise, the upgrade will skip the upgrade process from the second time launch as the exist of $PGDATANEW.

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-05-21 13:53:39 +08:00
Wang Yan 86185989cf
support pg upgrade (#14846) 
1, use the pg source and photon spec to build postgres 9.6
2, install 9.6 on the photon 4.0
3, then leverage pg_upgrade to handle the pg major version migration

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-05-20 16:25:50 +08:00
Wang Yan 0fb520a33b bump up go to v1.15.12 
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-05-14 15:36:23 +08:00
DQ 04ba4a4033 Upgrade chartmuseum version 
from 1.12.0 to 1.13.1

Signed-off-by: DQ <dengq@vmware.com>
 2021-05-11 13:51:55 +00:00
Daniel Jiang c701ce09fa
Merge pull request #14681 from bitsf/fix_typo_NOTARYURL 
Fixed typo in NOTARYURL variable name
 2021-04-21 17:38:01 +08:00
Ziming Zhang 39f70287b4 Fixed typo in NOTARYURL variable name 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2021-04-17 15:55:02 +08:00
DQ ffed6459c7 Fix: Use local host on db's healthcheck 
hostname -i will malfunction in some cases like the `nsswitch.conf` file does'nt exist

Signed-off-by: DQ <dengq@vmware.com>
 2021-04-16 18:37:24 +08:00
Pushkar Joglekar 3947c5faff Add --no-cache and --pull flag to image builds to ensure latest security fixes are pulled from base image 
Signed-off-by: Pushkar Joglekar <pjoglekar@vmware.com>
 2021-04-12 09:49:27 -07:00
Qian Deng c5d12ce8ee
Merge pull request #14542 from ninjadq/add_task_info_in_exporter 
Add task info in exporter
 2021-04-07 18:17:26 +08:00
Alexis 06fa88cfb7 Fix typo 
Signed-off-by: Alexis <60alexis@gmail.com>
 2021-04-07 15:58:17 +08:00
Alexis e33f7aa9dd Add redis port to 2.1.0 jinja template 
Signed-off-by: Alexis <60alexis@gmail.com>
 2021-04-07 15:58:17 +08:00
Alexis 7742aec4af Add port to 2.0.0 jinja file 
Signed-off-by: Alexis <60alexis@gmail.com>
 2021-04-07 15:58:17 +08:00
Alexis d28845af51 Remove external_redis.port since not used since v1.10.0 
Signed-off-by: Alexis <60alexis@gmail.com>
 2021-04-07 15:58:17 +08:00
stonezdj(Daojun Zhang) 448f0b6e28
Merge pull request #14579 from stonezdj/21apr_add_docker_registry_proxy 
Support proxy cache for docker-registry type
 2021-04-07 10:59:24 +08:00
Steven Zou e2148f9eea
Merge pull request #14514 from goharbor/dependabot/pip/make/photon/prepare/pyyaml-5.4 
Bump pyyaml from 4.2b1 to 5.4 in /make/photon/prepare
 2021-04-07 09:57:07 +08:00
Steven Zou 10711b7de1
Merge pull request #14482 from goharbor/dependabot/pip/make/photon/prepare/jinja2-2.11.3 
Bump jinja2 from 2.11.1 to 2.11.3 in /make/photon/prepare
 2021-04-07 09:56:23 +08:00
stonezdj ccd9ee8c56 Support proxy cache for docker-registry type 
Add proxy cache for docker registry type
Fixes #14477, #14547
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2021-04-06 16:47:12 +08:00
Wang Yan d03a29e531 bump up photon to 4.0 
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-03-31 13:25:29 +08:00
DQ 7eebbeebdf Add jobservice task queue related task 
add jobservice metrics
add redis client

Signed-off-by: DQ <dengq@vmware.com>
 2021-03-30 10:29:36 +00:00
DQ fbe9cd88f8 Enabled Prometheus for Jobservice 
* Add prom server on jobservice
* Enabeld configs in templates
* Enabeld jobservice metrics in nginx

Signed-off-by: DQ <dengq@vmware.com>
 2021-03-30 08:52:59 +00:00
dependabot[bot] f20f4215c3
Bump pyyaml from 4.2b1 to 5.4 in /make/photon/prepare 
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 4.2b1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/commits/5.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-25 22:46:56 +00:00
DQ f5fcc7bd31 Add base image for exporter 
* Add base
* update Makefile

Signed-off-by: DQ <dengq@vmware.com>
 2021-03-25 16:35:57 +08:00
dependabot[bot] 0ec667c4d8
Bump jinja2 from 2.11.1 to 2.11.3 in /make/photon/prepare 
Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.1 to 2.11.3.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/2.11.1...2.11.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-20 00:43:21 +00:00
Xavier Duthil 280c8272f8
Use exec in all components' entrypoints 
Use the exec Bash command so that the final running application becomes
the container’s PID 1. This allows the application to receive any Unix
signals sent to the container, in accordance with
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint

Currently, SIGTERM signals sent by kubernetes are not passed to the
executed binary.

Signed-off-by: Xavier Duthil <xavier.duthil@corp.ovh.com>
 2021-03-05 15:00:25 +01:00
Wang Yan 3dfddfdf4e
patch upstream fix for io reader (#14356) 
Fixes #12850
This patch can fix the GC failure in the NFS v3 env, see https://github.com/distribution/distribution/pull/3309#issuecomment-783606968

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-03-04 15:33:09 +08:00
Daniel Jiang 387be3686a Refine the way to set X-Forwarded-Proto in nginx 
Refine the way to set the header so user won't need to comment it if
Harbor is sitting behind a reverse proxy.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2021-02-25 17:43:55 +08:00
Josh Soref dfe360040b Spelling 
* addition
* attribute
* auditing
* availability
* available
* bandwidth
* browser
* business
* cadence
* chartmuseum
* client
* column
* content
* demonstrate
* described
* endpoints
* facilitate
* github
* harbor
* information
* instance
* manual
* meaningful
* operation
* overridden
* password
* possible
* project
* refactor
* replication
* requires
* running
* scanned
* settings
* signup
* those
* unsigned
* vulnerability

--
Also removes trailing space from a filename

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-02-19 11:59:15 +08:00
DQ 307c5a8ed4 Fix metrics template for http mode 
the port shouldn't be hardcode

Signed-off-by: DQ <dengq@vmware.com>
 2021-02-05 18:44:28 +00:00
DQ 051b5f289d Add sen existed check for internal cert 
fali ealier when there is no san

Signed-off-by: DQ <dengq@vmware.com>
 2021-01-28 08:22:07 +00:00
Qian Deng f013d88efc
Merge pull request #14013 from ninjadq/upgrade_script_for_2_2_0 
Harbor upgrading for 2.2
 2021-01-22 18:10:24 +08:00
Qian Deng 045e1d9abe
Merge pull request #14040 from ninjadq/metric_improvement 
Metric improvement
 2021-01-22 17:13:57 +08:00
DQ 489f31d8fe Add upgrade scirpt for 2.2 
1. add metrics config item in config
2. upgrade version in template

Signed-off-by: DQ <dengq@vmware.com>
 2021-01-22 16:15:06 +08:00
Wang Yan dba229d0df
build third party binaries in CI (#14019) 
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-01-22 11:33:42 +08:00
DQ 92cf728371 Add custom cert for exporter 
* injecting custom certs related config to exporter

Signed-off-by: DQ <dengq@vmware.com>
 2021-01-20 10:52:34 +08:00
DQ a61e9b0e2e Add san for notary upgrading 
if san not exists then remove that cert, prepare will regenerate one

Signed-off-by: DQ <dengq@vmware.com>
 2021-01-18 21:00:35 +08:00
Daniel Jiang 1b64b9fdc2
Bump up the go-migrate (#13914) 
Bump it up to v4.11.0 to be consistent with harbor-core

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2021-01-11 19:08:17 +08:00
Qian Deng 642d56041d
Add san for notary cert (#13928) 
Signed-off-by: DQ <dengq@vmware.com>
 2021-01-08 01:00:34 +08:00
stonezdj 6b8fb8431d Add quay registry to proxy cache 
Update env.jinja to add quay

Signed-off-by: stonezdj <stonezdj@gmail.com>
 2021-01-06 17:22:57 +08:00
Wenkai Yin(尹文开) 19ad8ad68d
Merge pull request #13823 from reasonerjt/inst-cert-home-dir 
Replace tilde in install_cert.sh
 2020-12-25 10:25:51 +08:00
Wang Yan 7a8a8fa104
upgrade go version to v1.15.6 (#13836) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2020-12-23 18:53:09 +08:00
Daniel Jiang 9d99dfa82b Replace tilde in install_cert.sh 
This commit fixes #13287 to remove the usage of tilde as the $HOME is not available in some
cases.  More details see #13287

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-12-21 20:39:34 +08:00
Qian Deng 31138f12b0
Merge pull request #13806 from ninjadq/fix_python_yaml_load 
Fix pythom yaml load to safe_load
 2020-12-21 16:04:12 +08:00
Qian Deng 9197471e70
Add Scan for internal tls (#13810) 
Signed-off-by: DQ <dengq@vmware.com>
 2020-12-21 15:23:11 +08:00
Will Sun 4392a626f3
Merge pull request #13804 from AllForNothing/scan-all 
Fix robot account UI issues
 2020-12-18 15:48:26 +08:00
AllForNothing b20cc474b3 Fix robot account UI issues 
Signed-off-by: AllForNothing <sshijun@vmware.com>
 2020-12-18 14:11:08 +08:00
DQ 234b29e170 Fix pythom yaml load to safe_load 
Signed-off-by: DQ <dengq@vmware.com>
 2020-12-16 14:59:06 +08:00
DQ 19e8527cc1 Fix log level issue in registry 
1. fix level issue in registry.jinja
2. add log level to registryctl

Signed-off-by: DQ <dengq@vmware.com>
 2020-12-14 11:52:42 +08:00
DQ d95f22448c Add cache for exporter 
Add timed cache for exporter
default cache time is 30s, cleanup job run every 4 hours

Signed-off-by: DQ <dengq@vmware.com>
 2020-12-09 21:22:40 +08:00
DQ f0db193895 Add prepare file for exporter 
prepare env for exporter

Signed-off-by: DQ <dengq@vmware.com>
 2020-12-09 21:22:13 +08:00
DQ dc0047c48c Add build script for exporter 
- Add dockerfile
- update makefile

Signed-off-by: DQ <dengq@vmware.com>
 2020-12-09 20:42:21 +08:00
DQ 590212b485 Remove clair related code 
- clair code in harbor core
- clair code in frontend
- clair code in robotcase

Signed-off-by: DQ <dengq@vmware.com>
 2020-11-27 14:01:04 +08:00
stonezdj(Daojun Zhang) be4e6a5985
Merge pull request #13537 from stonezdj/201118_add_more_registry_type 
Add more registry type to proxy cache
 2020-11-26 11:16:16 +08:00
Ziming Zhang d55f55aeb9 fix(chartmuseum) compatible s3 cache fail 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2020-11-25 17:00:16 +08:00
stonezdj e667121a34 Add more registry type to proxy cache 
Includes: azure-acr, aws-ecr, google-gcr
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2020-11-18 10:38:07 +08:00
Will Sun eca3de3489
Merge pull request #13494 from dirkmueller/lock_json_include 
Include package.json/package-lock.json in portal image
 2020-11-16 16:38:02 +08:00
Dirk Mueller 12adc63a48 Include package.json/package-lock.json in portal image 
This allows Trivy and other vulnerability scanners to correctly
determine the embedded dependencies in minified harbor-portal image.

Also simplify build process by reducing the number of layers in the
final stage container image

Signed-off-by: Dirk Mueller <dirk@dmllr.de>
 2020-11-11 21:21:28 +01:00
DQ 0c9faea294 Clean up Clair in prepare script 
Signed-off-by: DQ <dengq@vmware.com>
 2020-11-10 11:39:18 +08:00
DQ 8a584aff89 Clean up clair and clair-adapter in build scripts 
1. Makefles
  2. Dockerfiles
  3. Installation script
  4. harbor.yml template

Signed-off-by: DQ <dengq@vmware.com>
 2020-11-10 11:39:18 +08:00
DQ 9152521b11 Fix: log container password expire 
move chage command to base image

Signed-off-by: DQ <dengq@vmware.com>
 2020-11-09 18:29:41 +08:00
DQ eb470501be Add metrics to Harbor Core 
1. Add configs in prepare
 2. Add models and config items in Core
 3. Encapdulate getting metric in commom package
 4. Add a middleware for global request to collect 3 metrics

Signed-off-by: DQ <dengq@vmware.com>
 2020-11-03 14:33:10 +08:00
Daniel Jiang fb687aeef8 Use pkg/token to generate JWT token 
This commit refactors the approach to encode a token in handler of /service/token,
by reusing pkg/token to avoid inconsistency.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-10-15 16:16:44 +08:00
DQ 184e89365b Fix internal tls config upgrade issue 
internal tls config upgrade is not included in template, this pr is to add it.

Signed-off-by: DQ <dengq@vmware.com>
 2020-09-25 09:54:31 +08:00
DQ 17f3bfccb4 Fix trivy setting in upgrading script 
Signed-off-by: DQ <dengq@vmware.com>
 2020-09-08 18:15:57 +08:00
He Weiwei 687043c298
Merge pull request #12880 from stefannica/use-exit-in-db-entrypoint 
Use exec in harbor database entrypoint
 2020-08-28 10:09:58 +08:00
Ziming Zhang ff19dd499c fix(jobservice) redis sentinel failover hang 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2020-08-26 10:42:44 +08:00
Stefan Nica 1c768d0bf1 Use exec in harbor database entrypoint 
The harbor-db pod takes a long time to terminate. Using an `exec`
command in the entrypoint ensures that Unix signals reach the
postgres process [1].

[1] https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example

Signed-off-by: Stefan Nica <snica@suse.com>
 2020-08-25 20:24:52 +02:00
Daniel Jiang 4f812f7926
Merge pull request #12811 from ninjadq/fix_portal_health_check 
Fix schema of the portal health check
 2020-08-21 13:44:47 +08:00
Dirk Mueller 08a4d8efd2
Update to golang 1.14.7 (#12809) 
We should use a golang that isn't having security issues.

This includes:
* go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages. See the Go 1.14.6 milestone on
our issue tracker for details.

* go1.14.7 (released 2020/08/06) includes security fixes to the
encoding/binary package. See the Go 1.14.7 milestone on our issue
tracker for details (CVE-2020-16845)

Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
 2020-08-20 15:38:35 +08:00
DQ e9323ca268 Fix schema of the portal health check 
it should be https

Signed-off-by: DQ <dengq@vmware.com>
 2020-08-19 15:58:51 +08:00
Wenkai Yin b1ddb5e2cc Implement the icon API to get the icon of artifact 
Implement the icon API to get the icon of artifact

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2020-08-15 08:40:38 +08:00
Qian Deng 5dbbfa76d3
Merge pull request #12766 from ninjadq/add_log_dependency_to_trivy 
Add log denpendency ti trivy
 2020-08-13 18:23:09 +08:00
Qian Deng 78d4b54ddc
Merge pull request #12765 from ninjadq/fix_trivy_append_in_2_1_0_config 
Fix: append trivy every time when run migrate
 2020-08-13 14:47:54 +08:00
DQ a251e90507 Add log denpendency ti trivy 
To void trivy can not start issue

Signed-off-by: DQ <dengq@vmware.com>
 2020-08-13 11:35:21 +08:00
DQ 7ba498be5b Fix: append trivy every time run migrate 
Signed-off-by: DQ <dengq@vmware.com>
 2020-08-11 17:43:25 +08:00
He Weiwei 8f036c765a chore(images): install shadow package in base images 
The latest `photon:2.0` does not include `groupadd` and `useradd`
we need to install `shadow` package which includes these commands.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-08-10 10:23:48 +00:00
Wenkai Yin(尹文开) e8f9fb63c0
Merge pull request #12674 from reasonerjt/standalone-db-migrator 
Provide a standalone migrator to migrate DB schema.
 2020-08-10 15:11:52 +08:00
Tianon Gravi 4752cac051 Remove unused "sudo" package from most images 
Notably missing is the "log" image, which still uses sudo.

Signed-off-by: Tianon Gravi <tianon@infosiftr.com>
 2020-08-06 12:44:06 -07:00
Daniel Jiang 4f94f59d2a Provide a standalone migrator to migrate DB schema. 
Fixes #11885
This part will not by default be packaged into release.
A README.md will be added in another commit.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-08-06 18:57:55 +08:00
DQ b015440074 Remove expose port in dockerfiles 
The export is dynamical now because of introduce of internal TLS

Signed-off-by: DQ <dengq@vmware.com>
 2020-08-05 10:42:46 +08:00
Qian Deng fbef7fd088
Merge pull request #12651 from ninjadq/add_migration_2_1_0 
Add migration 2.1.0
 2020-08-03 15:59:28 +08:00
DQ 1e32792dc5 Add migration 2.1.0 
db_max_open_comms should be 1000 if its value between 100 and 1000

Signed-off-by: DQ <dengq@vmware.com>
 2020-08-03 15:17:41 +08:00
DQ d3ab9d7c6b Add internal tls configs for portal 
add related file, config, command to enabled https for portal

Signed-off-by: DQ <dengq@vmware.com>
 2020-07-31 12:10:47 +08:00
DQ d7618a6274 Fix: beego app config port hardcode 
the port should be flexible depend on the internal tls

Signed-off-by: DQ <dengq@vmware.com>
 2020-07-27 15:35:43 +08:00
Ziming Zhang 8857e89e40 feature(redis) support redis sentinel 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2020-07-19 21:19:03 +08:00
Wang Yan bad8f026fc
upgrade golang to v1.14.5 (#12489) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2020-07-16 16:20:54 +08:00
Qian Deng bd26c294e8
Merge pull request #12341 from ninjadq/support_multi_down_version 
Enhance: Support multi downversion in migration
 2020-07-15 23:39:11 +08:00
Daniel Jiang 947eadaa72
Merge pull request #12440 from heww/remove-init-clair-db 
refactor: remove initialization of clair db
 2020-07-15 00:38:12 +08:00
He Weiwei 2a6fe801bc chore(db): change max_connections of postgres to 1024 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-07-14 07:34:37 +00:00
He Weiwei 039aef5356 refactor: remove initialization of clair db 
To fetch vulnerability database updated time of the Clair had moved to
the Clair adapter so removes the initialization of clair db in the core.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-07-09 15:26:14 +00:00
DQ 4617e0ff38 Enhance: Support multi downversion in migration 
1. Change down version to list to accept multi verstion value
2. Update search function use BFS to find migration path
2. Add test case

Signed-off-by: DQ <dengq@vmware.com>
 2020-07-07 21:36:58 +08:00
Wenkai Yin 02690d1d04 Suport filtering registries by type in listing registry API 
Suport filtering registries by type in listing registry API

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2020-07-07 10:30:46 +08:00
DQ d0ddd61ad9 Fix Amazon S3 storage not work 
The Chartmuseum S3 client need set an Env variable
Ref: https://github.com/helm/chartmuseum/issues/280

Signed-off-by: DQ <dengq@vmware.com>
 2020-06-30 15:16:18 +08:00
He Weiwei 0474a2a040
Merge pull request #12322 from heww/install-tls-ca 
feat(certs): install internal tls ca from /etc/harbor/ssl dir
 2020-06-25 21:03:35 +08:00
He Weiwei 13436b75a6 feat(certs): install internal tls ca from /etc/harbor/ssl dir 
Closes #10222

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-06-24 08:58:08 +00:00
Max Rosin 34d5591b1b Fix DOCKERIMASES and SWAAGER_IMAGE_BUILD_CMD typos in Makefiles 
Fix #12259

Signed-off-by: Max Rosin <git@hackrid.de>
 2020-06-16 12:18:55 +02:00
Wang Yan dec8397c21
Add api to delete blob and manifest (#12006) 
* Add api to delete blob and manifest

Enable the capability of registry controller to delete blob and manifest

Signed-off-by: wang yan <wangyan@vmware.com>
 2020-06-06 01:34:23 +08:00
Qian Deng 9e1302211b
Merge pull request #12072 from ninjadq/add_timeout_in_nginx_config 
Add timeout in nginx config
 2020-06-02 15:14:42 +08:00
Steven Zou c7c1742b88
Merge pull request #12106 from heww/clean-clair-url 
refactor(configuration): cleanup unneeded CLAIR_URL configuration in core
 2020-06-01 19:24:19 +08:00
Daniel Jiang 58894e9d9c
Merge pull request #12071 from ninjadq/upgrade_chartversion 
Enhance: Upgrade chartmuseum version
 2020-06-01 13:36:54 +08:00
Daniel Jiang 6271da471b
Update health check script for harbor-db (#12103) 
This patch remove the trailing space of the hostname introduced by
`hostname -i`.

The trailing space will cause resolution error after this patch is
applied to glibc in photon:
https://github.com/vmware/photon/blob/2.0/SPECS/glibc/glibc-fix-CVE-2019-10739.patch

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-05-30 14:05:39 +08:00
He Weiwei d97be71234 refactor(configuration): cleanup unneeded CLAIR_URL configuration in core 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2020-05-29 07:27:50 +00:00
DQ 278338e401 Add timount on nginx configs 
set timeout to 900

Signed-off-by: DQ <dengq@vmware.com>
 2020-05-26 16:18:35 +08:00
DQ 715685ae51 Remove tls1.1 in notary 
Signed-off-by: DQ <dengq@vmware.com>
 2020-05-26 16:11:57 +08:00
DQ f7ffd991cc Enhance: Upgrade chartmuseum version 
Upgrade chartmuseum version 0.12.0

Signed-off-by: DQ <dengq@vmware.com>
 2020-05-26 15:59:58 +08:00
AllForNothing 90e34e0104 Improve i18n service 
Signed-off-by: AllForNothing <sshijun@vmware.com>
 2020-05-06 14:45:56 +08:00
DQ b06e19a637 Fix: GCS storage gc issue 
Mount gcs key to registryctl

Signed-off-by: DQ <dengq@vmware.com>
 2020-04-29 15:04:16 +08:00
Qian Deng 9469252e85
Merge pull request #11745 from ninjadq/mount_ca_bundle 
Enhance: Create shared to store shared ca
 2020-04-28 10:19:26 +08:00
DQ f70339870a Enhance: Create shared to store shared ca 
this shared ca will mount to all harbor components

Signed-off-by: DQ <dengq@vmware.com>
 2020-04-28 02:58:11 +08:00
DQ 90faf700f8 Enhance: output the stdout of gen cert script 
use popen replace check_all

Signed-off-by: DQ <dengq@vmware.com>
 2020-04-27 10:43:22 +08:00
DQ 026e37e777 Fix chart museum absolute url issue 
if absolute url is enabled return true else set it to false

Signed-off-by: DQ <dengq@vmware.com>
 2020-04-26 13:04:29 +08:00