Commit Graph

35 Commits

Author SHA1 Message Date
Chlins Zhang
771373cedf
fix: remove the scan exports volume (#18109)
1. Change the Export CVE temporary file directory to /tmp.
2. Remove the scan data export volume in Dockerfile and docker-compose
   yaml.

Fixes: #18067

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-01-31 11:32:29 +08:00
prahaladdarkin
130452111b
Vulnerability scan data export functionality (#15998)
Vulnerability Scan Data (CVE) Export Functionality
Proposal - goharbor/community#174
Closes - https://github.com/goharbor/harbor/issues/17150
Changes:
* CVE Data export to CSV with filtering support.
* Implement CSV data export job for creating CSVs
* APIs to trigger CSV export job executions

Signed-off-by: prahaladdarkin <prahaladd@vmware.com>
2022-07-11 16:35:04 +08:00
Qian Deng
05bc946444
Merge pull request #14383 from XavierDuthil/use-exec-in-entrypoints
Use exec in all components' entrypoints
2021-09-22 10:49:21 +08:00
DQ
1b6b47f860 Add IPv6 support
* 127.0.0.1 to localhost
* listening net addr add ipv6 format

Signed-off-by: DQ <dengq@vmware.com>
2021-06-03 09:04:49 +00:00
Wang Yan
d03a29e531 bump up photon to 4.0
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-03-31 13:25:29 +08:00
Xavier Duthil
280c8272f8
Use exec in all components' entrypoints
Use the exec Bash command so that the final running application becomes
the container’s PID 1. This allows the application to receive any Unix
signals sent to the container, in accordance with
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint

Currently, SIGTERM signals sent by kubernetes are not passed to the
executed binary.

Signed-off-by: Xavier Duthil <xavier.duthil@corp.ovh.com>
2021-03-05 15:00:25 +01:00
Daniel Jiang
9d99dfa82b Replace tilde in install_cert.sh
This commit fixes #13287 to remove the usage of tilde as the $HOME is not available in some
cases.  More details see #13287

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-21 20:39:34 +08:00
He Weiwei
8f036c765a chore(images): install shadow package in base images
The latest `photon:2.0` does not include `groupadd` and `useradd`
we need to install `shadow` package which includes these commands.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-08-10 10:23:48 +00:00
Tianon Gravi
4752cac051 Remove unused "sudo" package from most images
Notably missing is the "log" image, which still uses sudo.

Signed-off-by: Tianon Gravi <tianon@infosiftr.com>
2020-08-06 12:44:06 -07:00
DQ
e907cbe2b6 Fix health check for jobservice and regctl
need cert when mTLS is enabled

Signed-off-by: DQ <dengq@vmware.com>
2020-04-09 20:35:46 +08:00
Ziming Zhang
572ebef685 feat(cicd) parameterize docker base image and external url
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-04-08 00:21:47 +08:00
DQ
4a836ea975 Fix health check url
health check url should depend on internal https

Signed-off-by: DQ <dengq@vmware.com>
2020-04-07 03:35:52 +00:00
DQ
03e11c63c7 Fix docker file with secure tls change
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
wang yan
47793e77e3 update base file name ane pass base version to build file
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 19:12:49 +08:00
Wang Yan
544cc98971 add base images when to build harbor assets
* add base images when to build harbor assets

Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 15:38:51 +08:00
He Weiwei
a2c8536d37 fix(build): install tzdata pkg for core and jobservice images
Closes #8314

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-21 14:40:29 +00:00
Qian Deng
dacb1fc79e Add healthcheck in Dockerfile* redis* jobservice
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 13:16:12 +00:00
Qian Deng
29727148b3 Running job service with non-root container
job-service running with 10000:10000 user

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Ziming Zhang
072bdd101b aws driver for replication
Change-Id: I8792ffce2eaa5975359bb6159a1ba7b85926a925
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-06-25 19:11:27 +08:00
Daniel Jiang
3d09089a9c Rebuild Harbor images based on photon:2.0 (#6054)
Make necessary change to make things work with photon 2.0 docker image.
Remove distro-sync to mitigate the build issue and add `--pull` to docker build
command to make sure the latest photon:2.0 will be pulled during build process.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-10-18 11:03:28 +08:00
Daniel Jiang
31096a35af Run chown to job log directory
This commit revoke part of the change introduced in commit #1fc4142, by
calling chown to job log directory within the container when the job
service bootstraps.  The reason is we are seeing permission issue in
helm-chart deployment, and we want to reduce effort to handle the
permission on different deployment approaches.

There are some code in `prepare` script to change the ownership of the
JOB_LOG directory, it will be left for now to avoid regression in VIC
integration.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2018-09-22 12:05:37 +08:00
Yan
4eba01fc31 Clean make file unused code and unify docker build method (#59)
Signed-off-by: Yan <wangyan@vmware.com>
2018-09-04 17:18:15 +08:00
Daniel Jiang
6c664ee993 Update photon base images (#5346)
This commit update the base photon image from vmware/photon:1.0 to
photon:1.0, per suggestion by photon team.
2018-07-19 20:45:20 +08:00
Yan
6d800cabbd
enable migrator to support 1.5.0 migration from mysql to pgsql (#5029)
This commit is to enable data migrator to support migrates data
from mysql to pgsql, this is a specific step for user to upgrade
harbor across v1.5.0, as we have move harbor DB to pgsql from
1.5.0. It supports both harbor and notary db data migration,
and be split into two steps with dependency.

It also fix issue #4847, add build DB migrator in make process.
2018-06-01 14:58:43 +08:00
Tan Jiang
1fc4142e1a Do not call chown to config files
This commit fixes a recently discovered issue on Kubernetes #4496
It make necessary to avoid calling `chown` to config files during the
bootstrap of the containers.
2018-04-20 13:44:21 +08:00
Tan Jiang
7238efd9ae Integrate new jobservice into docker-compose template
This commit doesn't integrate redis.  No change to makefile b/c it
should work once the temporary jobservice_v2 folder is renamed to jobservice.
2018-03-22 19:48:22 +08:00
Tan Jiang
f83c65bcc5 Reduce the output of build.
The following are done to avoid travis-ci failing due to too much log
size.
1) Update Makefile and scripts to make go build less verbose.
2) Make tdnf less verbose
2018-02-27 20:54:52 +08:00
wangyan
6b7df3636c Temporary workaround for photon distro-sync error 2017-12-18 22:18:21 -08:00
Tan Jiang
b3e0af2382 Fix permission issue in job_log directory 2017-11-21 19:31:15 +08:00
Tan Jiang
6d7c028729 Refine the Dockerfile
Refine the Dockerfile to remove temporary workarounds.
Also fixes #3587, to make sure the configuration files of rsyslog can be
read by uid 10000.
2017-11-13 18:04:17 +08:00
reasonerjt
19a13e8575 Deprivilege harbor-ui harbor-jobservice harbor-adminserver
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
2017-11-09 03:09:09 -08:00
Tan Jiang
2cedfff4b3 Rebuild Harbor DB docker image on top of Maria DB
This change reworked the vmware/harbor-db image to build it on top of
vmware/mariadb-photon.
Also made minor change in the entrypoint script of mariadb image to
execute upgrade script during bootstrap, and fix a file permission
issue in the bootstrap scripts.
2017-10-26 12:27:09 +08:00
yixingj
83a5ab2818 Update OSS package in Jobservice
1>update OSS package in Job eservice images
2>use new photon base images
2017-10-23 10:49:27 +08:00
Tan Jiang
b868634007 update version of photon OS to 1.0 in Docker files 2016-11-21 16:15:43 +08:00
yhua
311cf8da07 change code 20161019 2016-10-21 18:39:10 +08:00