Commit Graph

1331 Commits

Author SHA1 Message Date
stonezdj(Daojun Zhang)
0e92eaea18
Sort most dangerous vulnerabilities by score and severity level (#19103)
Check it is referred by a scan_report
  Add index to report_vulnerability_record to improve performance
  Fixes #19014 #19028

Signed-off-by: stonezdj <daojunz@vmware.com>
2023-08-07 10:13:34 +08:00
MinerYang
e1c1f5625d
bump golang 1.20.6 on main (#19066)
bump golang 1.20.6

Signed-off-by: yminer <yminer@vmware.com>
2023-08-02 11:01:32 +08:00
Yang Jiao
5e130bd06c
Bump up photon version from 4.0 to 5.0 (#19006)
Signed-off-by: Yang Jiao <jiaoya@vmware.com>
2023-08-01 11:52:33 +08:00
Alexis Leroux
84a131773a
Conserve sentinel_master_set value between upgraded versions (#18875)
fix(migration): Conserve sentinel_master_set value between upgraded versions

Signed-off-by: Alexis Leroux <alexis.leroux@worldline.com>
Co-authored-by: Alexis Leroux <alexis.leroux@worldline.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2023-07-27 18:35:01 +08:00
MinerYang
3af605eedc
update installation hint (#19024)
Signed-off-by: yminer <yminer@vmware.com>
2023-07-27 10:41:05 +08:00
stonezdj(Daojun Zhang)
c25a7ca68d
Skip to run migrate script when data available (#18976) 2023-07-25 19:41:35 +08:00
MinerYang
8102304621
add migration script for 2.9 (#18997)
add miigration script for 2.9

Signed-off-by: yminer <yminer@vmware.com>

update quota_update_provider

update typo

update comment
2023-07-25 17:52:37 +08:00
Yang Jiao
70554fe4f1
Fix build harbor-db-base error (#19003)
Fix #19002

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
2023-07-25 16:45:23 +08:00
Shengwen YU
320c0d63ca
feat: add config for job_loggers (#18970)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2023-07-24 22:10:36 +08:00
Chlins Zhang
8ff095d68f
feat: add the configuration for quota update provider (#18928)
Add the related configurations for the quota update provider to the
harbor.yml.

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-07-24 16:28:19 +08:00
stonezdj(Daojun Zhang)
5e4163b53b
Create index in vulnerability_record table (#18949)
add index for better query performance

Signed-off-by: stonezdj <daojunz@vmware.com>
2023-07-20 14:00:40 +08:00
Chlins Zhang
970bdab936
fix: correct the operator in the webhook payload (#18906)
Fix the incorrect or meaningless operator in the webhook payload.

Fixes: #18438

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-07-19 15:40:29 +08:00
stonezdj(Daojun Zhang)
d4aa9b13c4
Add vulnerability search API (#18924)
use q.Query to pass all query conditions

Signed-off-by: stonezdj <daojunz@vmware.com>
2023-07-19 10:17:14 +08:00
stonezdj(Daojun Zhang)
d84b1d07d2
Update table scan_report and extract cvss_v3_score from vendor attribute (#18854)
For better performance when query cve information, add summary information to scan_report
    Extract cve_score from vendor attribute in vulnerability_record
    SQL migrate script for the update

Signed-off-by: stonezdj <daojunz@vmware.com>
2023-06-29 17:30:50 +08:00
MinerYang
14192dfb06
add strong_ssl_ciphers for nginx https jinja template (#18748)
Signed-off-by: yminer <yminer@vmware.com>
2023-05-29 21:57:15 +08:00
Stephan Hohn
4f3393e615
http2 enabled and ciphers changed to get an A+ rating instead of B fr… (#16990)
* Make strong cipher cfg optional
Signed-off-by: Stephan Hohn <stephan.hohn@tech11.com>

---------

Signed-off-by: Stephan Hohn <stephan.hohn@tech11.com>
Signed-off-by: MinerYang <yminer@vmware.com>
Co-authored-by: Stephan Hohn <stephan.hohn@tech11.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2023-05-29 10:37:57 +08:00
malmor
135ca37e3f
Add support for TLSv1.3 in nginx configurations (#18659)
Signed-off-by: malmor <62105800+malmor@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2023-05-26 10:29:54 +08:00
David van der Spek
982ff0aeea
chore: bump registry release to 2.8.2 (#18685)
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
2023-05-26 09:37:45 +08:00
Wang Yan
bf7c82b9a8
remove the notary from backend (#18668)
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-05-18 18:47:42 +08:00
Yang Jiao
cb8a3d0c74
Fix build db base image symlink error (#18673)
Fix #18672

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
2023-05-12 15:45:27 +08:00
Chlins Zhang
2958d7b7ff
fix: cherry pick the migration sql (#18644)
Cherry pick the migration SQL of 2.8.1 to main branch.

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-05-10 16:35:07 +08:00
Chlins Zhang
36c2b93fe6
fix: sweep executions of image scan job (#18649)
1. Change the SCAN_ALL job execution retain counts from 5 to 1(per
   current design, only one report be stored for every artifact, so
   retain latest 1 is enough).
2. Enable the sweep for IMAGE_SCAN job(retain latest 1).

Fixes: #18633

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-05-10 13:23:54 +08:00
MinerYang
220383147e
bump golang 1.20.4 on main (#18647)
Signed-off-by: yminer <yminer@vmware.com>
2023-05-09 23:27:26 +08:00
Shijun Sun
2fec790148
Copy swagger.json to the dist folder (#18646)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2023-05-09 09:27:03 +08:00
Yang Jiao
aaea068cce
Upgrade the internal PostgreSQL to 14 in 2.9.0 (#18612)
Fix #18338

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2023-05-05 10:32:39 +08:00
Shijun Sun
0a3509f8a7
Replace python script with node script for portal Dockerfile (#18635)
Signed-off-by: AllForNothing <sshijun@vmware.com>
2023-05-04 17:38:03 +08:00
Chlins Zhang
362387f914
fix: improve the performance of list artifacts (#18610)
1. Change the query for listing tasks of scan which can use the db
   index.
2. Add the gin index for task.extra_attrs.report_uuids

Fixes: #18013

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-04-30 09:10:28 +08:00
Per
e20e4401cb
fix: link to Github's rate limiting documentation. (#18588)
Co-authored-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
2023-04-25 13:11:40 +03:00
MinerYang
2d98e8fe1e
Allow redis password using safe special characters (#18566)
allow redis password safe special characters

Signed-off-by: yminer <yminer@vmware.com>

string and None type conversion
2023-04-24 11:01:46 +08:00
Maxi_Mega
96bc43f7ab
Fix typos in common.sh (#18151)
* Fix typos in common.sh

Signed-off-by: Maxi_Mega <52792549+Maxi-Mega@users.noreply.github.com>

* Apply suggestions from code review

Signed-off-by: Orlix <OrlinVasilev@users.noreply.github.com>

* Add a new line at the end of make/common.sh

Co-authored-by: Orlix <OrlinVasilev@users.noreply.github.com>
Signed-off-by: Maxi_Mega <52792549+Maxi-Mega@users.noreply.github.com>

---------

Signed-off-by: Maxi_Mega <52792549+Maxi-Mega@users.noreply.github.com>
Signed-off-by: Orlix <OrlinVasilev@users.noreply.github.com>
Co-authored-by: Orlix <OrlinVasilev@users.noreply.github.com>
2023-04-17 16:56:19 +08:00
MinerYang
7afdb932b2
bump golang 1.20.3 on main (#18492)
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2023-04-10 09:27:31 +08:00
Chlins Zhang
72a6ef2514
style: adjust the style of migration SQL (#18475)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-04-04 17:37:27 +08:00
MinerYang
de20659da5
bump golang 1.20.2 (#18469)
Signed-off-by: yminer <yminer@vmware.com>
2023-04-04 10:59:16 +08:00
Chlins Zhang
cb0749c7ab
fix: add default payload_format for http type webhook (#18445)
1. Add migration SQL to handle the lost payload format for old policies.
2. Set payload format to 'Default' if not specified for http webhook in the API handler.
3. Fix the migration sql of notification_job

Fixes: #18401, #18453

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-04-02 15:33:33 +08:00
Shengwen YU
208b7f4cb0
fix: add remove chartmuseum notice message (#18426)
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: Orlix <OrlinVasilev@users.noreply.github.com>
2023-03-28 12:16:17 +03:00
Wang Yan
deaecf2de5
add subject artifact repo (#18394)
add suject_artifact_repo column in the table artifact_accessory

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-03-22 21:48:09 +08:00
Chlins Zhang
395ae77d64
fix: change the default max retry count for webhook job to 3 (#18392)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-22 17:36:50 +08:00
Wang Yan
c1d297b015
fix 2.8 migration issue (#18389)
The sql must be idempotent

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-03-22 16:12:36 +08:00
Peter Jakubis
284d58453c
Change storage_service.redirect.disabled in harbor.yml.tmpl to storage_service.redirect.deactivate (#14615)
* set to disable

Signed-off-by: Peter Jakubis <balonik32@gmail.com>

* move pr-14615 prepare migration version from 2.7.0 to 2.8.0

Signed-off-by: yminer <yminer@vmware.com>

---------

Signed-off-by: Peter Jakubis <balonik32@gmail.com>
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Peter Jakubis <peter.jakubis@piano.io>
Co-authored-by: Vadim Bauer <vb@container-registry.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: yminer <yminer@vmware.com>
2023-03-22 13:55:22 +08:00
Wang Yan
2f380495bf
revert subject id in the accessory (#18377)
DO not replact id with digest and just add digest into the accessory table

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-03-22 10:58:30 +08:00
stonezdj(Daojun Zhang)
46fa91f866
Fix dangling state execution (#18272)
Add max update hour and max dangling hour setting in config.yaml
  Fixes #17611

Signed-off-by: stonezdj <daojunz@vmware.com>
2023-03-21 18:48:14 +08:00
Chlins Zhang
67d3f9add8
feat: support configurate the http client timeout for webhook job (#18382)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-21 11:54:10 +08:00
Chlins Zhang
ff01efc777
fix: fix the webhook migration sql (#18374)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-19 10:27:06 +08:00
Chlins Zhang
14df2b2b60
feat: support configrate the jobservice logger sweeper duration (#18365)
Support configurate the jobservice logger sweeper duration from
harbor.yml.

Closes: #10958

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-18 10:46:40 +08:00
Daniel Jiang
bea8dece07
feat: upgrade golang to 1.20.1 (#18370)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
Co-authored-by: Shengwen Yu <yshengwen@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2023-03-17 17:49:44 +08:00
MinerYang
e76aff6a0a
add external redis username config to support redis6 ACL (#18364)
add external redis username o support redis6 ACL

Signed-off-by: yminer <yminer@vmware.com>
2023-03-17 14:16:19 +08:00
Chlins Zhang
2148ee9fbe
migration: add sql to migrate the old webhook job to new way (#18342)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-03-16 16:27:43 +08:00
Yang Jiao
1e38565aae
Migrate robot account and notification policy related to Chartmuseum (#18316)
Migrate robot permission and notification policy related to Chartmuseum

Update robot permission and notification policy as Harbor v2.8.0 deprecates chartmuseum.
Harbor deprecates chartmuseum as of v2.8.0
Epic: goharbor#17958
Discussion: goharbor#15057

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
2023-03-10 12:19:11 +08:00
Wang Yan
295260b7a3
replace subject id with digest (#18278)
Since it has to support push subject and accessories in either order, it has to replace digest with id

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-03-08 17:03:12 +08:00
stonezdj(Daojun Zhang)
5c0266e719
Get job log by job_id in worker (#18261)
Get job by job_id in redis

  Get the last 10MB of data if it exceeds 10MB

Signed-off-by: stonezdj <daojunz@vmware.com>
2023-03-06 13:19:10 +08:00