Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-08-24 21:13:08 +02:00
Code Issues Projects Releases Wiki Activity
8,763 Commits 47 Branches 309 Tags 346 MiB
46fb43bc25
Commit Graph

95 Commits

Author SHA1 Message Date
Daniel Pacak
46fb43bc25 chore: Bump up Trivy adapter to v0.4.0 
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.

This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
 2020-03-16 09:53:16 +01:00
Ziming Zhang
695a2559be feat(cicd) use unified version as tag name, clean more 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2020-03-09 17:13:28 +08:00
Ziming Zhang
200c352c35 feat(cicd) use unified version as tag name 
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2020-03-09 15:30:03 +08:00
Daniel Jiang
ae5ffce83a Update CSRF mechanism 
This commit replaces beego's CSRF mechanism with gorilla's csrf library.
The criteria for requests to skip the csrf check remain the same.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-03-09 01:15:54 +08:00
dechen
e642a73280 Set redis idle timeout for core 
Signed-off-by: dechen <xxyydream@gmail.com>
 2020-02-23 12:31:56 +08:00
Daniel Pacak
70dda1387a chore: Configure Redis URL for Trivy adapter 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
 2020-02-13 17:57:02 +01:00
Daniel Pacak
a642667ffc chore(install): Add --with-trivy arg to the installation script 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
 2020-02-12 23:47:56 +01:00
Daniel Jiang
2064a1cd6d Switch to basic authentication for registry 
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth.  #10604 is opened
to track the follow up work.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2020-01-31 21:46:47 +09:00
Daniel Jiang
a087ba02e3 Populate basic auth information for registry 
This commit updates `prepare` and templates to populate the credential
for registry for basic authentication.

A temporary flag `registry_use_basic_auth` was added to avoid breakage.
It MUST be removed before the release.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-12-31 14:50:46 +08:00
Wang Yan
2a63382236
Merge pull request #10047 from bitsf/makefile_clean 
optimize the makefile process
 2019-12-05 19:03:19 +08:00
Ziming Zhang
332f88ec8c add make clean 
Change-Id: Ibe806972a19cd69bfd90be051cdc340c4d7c6afb
Signed-off-by: Ziming Zhang <zziming@vmware.com>
 2019-12-05 14:44:07 +08:00
Wenkai Yin(尹文开)
d145f4baf4
Merge pull request #10034 from ywk253100/191128_clean 
Clean up admiral-related code
 2019-12-04 17:33:31 +08:00
Daniel Jiang
7bb71db478
Merge pull request #10003 from ninjadq/migrator_miss_component_no_proxy 
Add default domainname for no_proxy
 2019-12-03 10:50:32 +08:00
Wenkai Yin
dd2bc0ecef Clean up admiral-related code 
Clean up admiral-related code as it's useless

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2019-11-28 17:28:54 +08:00
DQ
79344887b9 Fix ca bundle path join issue 
CA bundle name start with '/' will break the os path join

Signed-off-by: DQ <dengq@vmware.com>
 2019-11-27 18:37:45 +08:00
DQ
ed6438cf69 Add default domainname for no_proxy 
All internal service and known internal hostname shuold add to no_proxy by default

Signed-off-by: DQ <dengq@vmware.com>
 2019-11-27 15:10:42 +08:00
He Weiwei
b8308f41a0 fix(prepaire,clair): disable clair updaters when its interval is 0 
Closes #9961

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-11-22 03:31:20 +00:00
He Weiwei
fe69a5df99 build(scanner-adapter): bump up clair adapter to v1.0.1-rc2 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-11-13 02:35:21 +00:00
Wang Yan
6da183d576
Merge pull request #9800 from ninjadq/failure_earlier_of_ca_bundle_permission_check 
Failure earlier of ca bundle permission check
 2019-11-11 14:09:21 +08:00
DQ
80c3e76b5a check the permission of ca bundle file 
CA bundle need check before use

Signed-off-by: DQ <dengq@vmware.com>
 2019-11-08 15:34:17 +08:00
Daniel Jiang
06e4e124d8
Refine request handle process (#9760) 
* Refine request handle process

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-11-07 13:02:17 +08:00
Wang Yan
27cb25cc04
Merge pull request #9400 from ninjadq/inject_certs_to_non_root 
Inject certs to non root
 2019-11-05 14:49:08 +08:00
DQ
ece321a53a Change certs's owner to 10000 
Signed-off-by: DQ <dengq@vmware.com>
 2019-11-04 17:38:41 +08:00
Wang Yan
3f39b0ba4f
Merge pull request #9550 from ninjadq/enable_https_by_default 
Enable https by default
 2019-11-04 16:51:33 +08:00
DQ
873d9f5b82 Enable https by default 
1. Umcomment https related configs
2. Remove the https prepare related thing in ci

Signed-off-by: DQ <dengq@vmware.com>
 2019-10-31 20:58:09 +08:00
DQ
6c01049d94 Replance python ran lib to secrets 
Secrets is included in python 3.6, so just import and use it

Signed-off-by: DQ <dengq@vmware.com>
 2019-10-31 17:23:19 +08:00
He Weiwei
28e0c0693b Upgrade clair adapter to v1.0.0 
1. Upgrade clair adapter to v1.0.0.
2. Make the clair adapter which installed by harbor immutable and using internal registry address.
3. Add support to build clair adapter image from binary.
4. Switch to ScannerPull action when make authorization for the scan request.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-26 17:25:36 +00:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-10-17 12:00:51 +08:00
stonezdj(Daojun Zhang)
ca97c85279
Merge pull request #8927 from ninjadq/fix_config_with_components 
Add logic to read clair and notary config
 2019-09-09 15:50:09 +08:00
DQ
495a257ab5 Add logic to read clair and notary config 
Signed-off-by: DQ <dengq@vmware.com>
 2019-09-05 12:49:32 +08:00
Qian Deng
97c40df40f
Merge pull request #8593 from ninjadq/fix_wording_in_doc 
Update config file names
 2019-09-03 10:53:23 +08:00
DQ
377739204b Update config file names 
Signed-off-by: DQ <dengq@vmware.com>
 2019-09-02 18:19:06 +08:00
stonezdj(Daojun Zhang)
469018ae9e
Merge pull request #8891 from ninjadq/fix_prepare_file_permission 
Fix: prepare permission issue
 2019-09-02 18:07:14 +08:00
Qian Deng
86f2bb26a3 Fix docker-compose file permmission 
non-root user can see the content

Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-09-02 13:57:18 +08:00
DQ
6ed3d52615 Fix: prepare permission issue 
1. recursivele change ownership for all prepare dir
2. database file permission fix

Signed-off-by: DQ <dengq@vmware.com>
 2019-09-02 10:04:38 +08:00
Wang Yan
6e462baa0d
Merge pull request #8837 from ninjadq/disable_redis_n_db_container_if_use_exeternal 
Disable redis and db containers if external db enabled
 2019-09-01 17:47:28 +08:00
He Weiwei
e2a19d8ab9
fix(build): max idle and open conn settings for external db (#8854) 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-29 15:04:10 +08:00
DQ
fe3c71094b Disable redis and db containers if external db enabled 
If depend on external redis or pg. local db and redis should not start. Therefore can save some resources.

Signed-off-by: DQ <dengq@vmware.com>
 2019-08-26 17:59:13 +08:00
Daniel Jiang
f674bb4e6c
Merge pull request #8590 from ninjadq/fix_registry_log_level 
Fix: registry log level rendering issue
 2019-08-20 09:11:56 +08:00
Daniel Jiang
b34fda173c Bump up Clair to v2.0.9 
Fixes #8584

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2019-08-19 16:19:29 +08:00
He Weiwei
98e1f68468 feat(configuration,db): connection pool configs for db 
Signed-off-by: He Weiwei <hweiwei@vmware.com>
 2019-08-14 14:30:34 +08:00
Daniel Jiang
ca585f8b9c
Merge pull request #8640 from ninjadq/fix_permission_of_nginx_cert 
Fix permission of nginx cert
 2019-08-14 14:23:40 +08:00
Qian Deng
b4975d8601 Fix nginx permission issue 
* mount root of host
* copy file to data dir and change ownership and permission

Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-08-13 02:59:27 +00:00
疯魔慕薇
3e8a73ca1e Proxy 
1. Global proxy config for components.
2. Prepare proxy configure for clair, core and jobservice.

Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>
 2019-08-11 00:24:18 +08:00
Qian Deng
a935823e3d
Merge pull request #8362 from ninjadq/non-root-contaienr 
Non root contaienr
 2019-08-08 17:34:25 +08:00
王添
94d4f9c6b6 add webhook job 
Signed-off-by: 王添 <wangtian@corp.netease.com>
 2019-08-07 20:56:31 +08:00
DQ
057bc34703 Fix: registry log level rendering issue 
when log level is warning, the actual value of registry should be warn

Signed-off-by: DQ <dengq@vmware.com>
 2019-08-07 14:35:36 +08:00
Qian Deng
dacb1fc79e Add healthcheck in Dockerfile* redis* jobservice 
Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-08-06 13:16:12 +00:00
Qian Deng
303471563f DB container run as non-root 
Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-08-06 05:21:47 +00:00
Qian Deng
8b7f1ae4c0 Add proxy nginx container as non-root user 
Signed-off-by: Qian Deng <dengq@vmware.com>
 2019-08-06 05:21:47 +00:00