Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 02:05:41 +01:00
Code Issues Projects Releases Wiki Activity
12,244 Commits 54 Branches 317 Tags 352 MiB
a0d27d32cc
Commit Graph

12244 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
stonezdj(Daojun Zhang)
793dc54aec
Remove the delete local manifest when remote doesn't exist (#20597) 
Previous impl it calls c.local.DeleteManifest(remoteRepo, art.Tag), because the remoteRepo is incorrect repository and it always delete nothing, to keep consistency with the previous version and code clarity, remove this go routine

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-06-17 15:02:58 +08:00
stonezdj(Daojun Zhang)
e960711579
Use internal registry url to push artifact accessory (#20575) 
fixes #20565

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-06-14 17:10:52 +08:00
Chlins Zhang
6a38ed3d77
style: delete duplicate error check in artifacttrash dao (#20557) 
Signed-off-by: chlins <chlins.zhang@gmail.com>
 2024-06-12 10:16:55 +00:00
Shengwen YU
1c9cb2e253
fix: update image tag for nightly-trivy-scan (#20574) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-06-12 13:54:14 +08:00
stonezdj(Daojun Zhang)
b5f7a61e36
Adjust the query by UUID sql so that it can use the idx_task_extra_at… (#20545) 
Adjust the query by UUID sql so that it can use the idx_task_extra_attrs_report_uuids

 fixes #20505

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-06-11 06:37:53 +00:00
Shengwen YU
cea7ed0b04
fix: update VERSION to v2.12.0 (#20559) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-06-07 10:58:45 +08:00
Shengwen YU
53d0122e2b
doc: update minor release support matrix with v2.11.x (#20558) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-06-07 09:28:59 +08:00
dependabot[bot]
b3698d15c5
chore(deps): bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 in /src (#20488) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-06-06 04:51:27 +00:00
dependabot[bot]
65bbe120d5
chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.0.97 to 1.0.138 in /src (#20541) 
chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src

Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.0.97 to 1.0.138.
- [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases)
- [Commits](https://github.com/volcengine/volcengine-go-sdk/compare/v1.0.97...v1.0.138)

---
updated-dependencies:
- dependency-name: github.com/volcengine/volcengine-go-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-06-06 12:15:43 +08:00
dependabot[bot]
bd82ba7071
chore(deps): bump github.com/aws/aws-sdk-go from 1.50.24 to 1.53.14 in /src (#20542) 
chore(deps): bump github.com/aws/aws-sdk-go in /src

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.50.24 to 1.53.14.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.24...v1.53.14)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-06-06 11:32:34 +08:00
dependabot[bot]
83c3c2bf26
chore(deps): bump github.com/go-asn1-ber/asn1-ber from 1.5.6 to 1.5.7 in /src (#20487) 
chore(deps): bump github.com/go-asn1-ber/asn1-ber in /src

Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber) from 1.5.6 to 1.5.7.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases)
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.6...v1.5.7)

---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-06-06 10:32:52 +08:00
Lichao Xue
115827cac7
Fixes-20537 SBOM tab should not exist when the artifact is helm package (#20538) 
Fixes-20537 SBOM tab should not exist when the artifact is oci-compliant helm-chart

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-06-03 19:44:38 +08:00
stonezdj(Daojun Zhang)
74f4a358f8
No sbom_overview when sbom is deleted (#20533) 
fixes #20529

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-06-03 13:38:30 +08:00
stonezdj(Daojun Zhang)
30767f6612
Response an error message when there is incomplete sbom generate job (#20526) 
Response an error message when there is uncomplete sbom generate job

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-05-31 17:20:53 +08:00
Wang Yan
7645ec7ccc
fix http client to push sbom accessory (#20525) 
Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-31 16:43:13 +08:00
Wang Yan
d8475906ba
fix 20518 (#20521) 
fixes #20518
Since there is no report for the replicated artifact, update to use the artifact id to remove accessories.

Signed-off-by: wang yan <wangyan@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-30 19:50:03 +08:00
Lichao Xue
1a36a95a2b
Fix UI bugs - Pagination is missing on tag immutability rules (#20501) 
Fix UI bugs- Pagination is missing on tag immutability rules

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-30 18:18:57 +08:00
Wang Yan
8bc76a6548
tls support for pushing sbom (#20514) 
Make it supports the tls configuration for the client for pushing sbom object

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-30 13:40:37 +08:00
stonezdj(Daojun Zhang)
05c1c2825f
Fix tooltip issue related to SBOM.Details (#20510) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-30 03:35:04 +00:00
Wang Yan
7339bfa9b0
Fix multiple SBOM (#20503) 
fix 20496

fixes #20496

Harbor will reserve one SBOM accessory artifact for each subject artifact. Ensure all existing SBOMs are removed before generating the next set.

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-29 18:25:26 +08:00
stonezdj(Daojun Zhang)
6d782ae695
Separate the execution vendor type sbom from image_scan (#20504) 
Add vendor type SBOM for execution
  fixes #20495

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-29 15:45:28 +08:00
stonezdj(Daojun Zhang)
1f0c8289a5
Add sbom_report table to store sbom related information (#20473) 
fixes #20445
  Refactor scan/base_controller.go
  Move MakeReportPlaceholder, GetReportPlaceholder, GetSummary to vul and sbom scanHandler

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-24 08:48:55 +00:00
dependabot[bot]
0a4c31682a
chore(deps): bump github.com/go-openapi/swag from 0.22.7 to 0.23.0 in /src (#20453) 
chore(deps): bump github.com/go-openapi/swag in /src

Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.22.7 to 0.23.0.
- [Commits](https://github.com/go-openapi/swag/compare/v0.22.7...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/swag
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-23 16:07:20 +08:00
dependabot[bot]
8bb7586b0b
chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.19.1 in /src (#20451) 
chore(deps): bump github.com/prometheus/client_golang in /src

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-23 15:19:09 +08:00
dependabot[bot]
00b5725edd
chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 in /src (#20455) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-23 14:38:43 +08:00
Lichao Xue
3352a72b7a
Fix - 20469 sbom status and download issue (#20471) 
Fix sbom status and download issue

Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-23 13:23:45 +08:00
Shengwen YU
2f4fa29537
Bump up trivy version to v0.51.2, trivyadapter to v0.31.2 (#20450) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-21 18:37:06 +08:00
Lichao Xue
3875b1ac1d
Fix-20459 Wrong sbom status displayed in UI (#20460) 
Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-21 17:55:46 +08:00
Lichao Xue
be839e677c
fix ui test failure (#20441) 
Signed-off-by: xuelichao <xuel@vmware.com>
 2024-05-20 15:42:42 +08:00
Lichao Xue
840d4085f0
Fix and Should to display Unsupported if no SBOM accessories found (#20426) 
Should this be Unsupported either for SBOM

Signed-off-by: xuelichao <xuel@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-16 17:40:42 +08:00
stonezdj(Daojun Zhang)
8ccf98a2ac
Initialize execution Manager in Report Assembler (#20437) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-16 16:08:06 +08:00
MinerYang
2da4d5883f
bump golang 1.22.3 (#20433) 
* bump golang 1.22.3

Signed-off-by: yminer <yminer@vmware.com>

* debug api_common_install.sh

Signed-off-by: yminer <yminer@vmware.com>

* remove set DNS for docker v20

Signed-off-by: yminer <yminer@vmware.com>

---------

Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-05-16 14:32:59 +08:00
stonezdj(Daojun Zhang)
2b4fe6ced7
Add additional link for sboms (#20423) 
artifact object's addition_links has sboms item when it support to generate sbom
  fixes #20346

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-15 13:34:22 +00:00
stonezdj(Daojun Zhang)
df5b3618c7
Display status in sbom_overview for image index (#20425) 
fixes #20418

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-15 11:52:39 +00:00
Shengwen YU
bb6c7242a4
add membership=true back for gitlab replication adapter (#20400) 
fix: add membership=true back for gitlab replication adapter

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-15 10:38:01 +00:00
dependabot[bot]
0fc87eaf35
chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 in /src (#20396) 
chore(deps): bump github.com/go-openapi/strfmt in /src

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-15 09:11:11 +00:00
dependabot[bot]
372102c824
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.46.1 to 0.51.0 in /src (#20394) 
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux

Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.46.1 to 0.51.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.46.1...zpages/v0.51.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
 2024-05-15 08:33:53 +00:00
dependabot[bot]
34dfbfd6bd
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.0 to 5.2.1 in /src (#20397) 
chore(deps): bump github.com/golang-jwt/jwt/v5 in /src

Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
 2024-05-15 15:57:04 +08:00
Wang Yan
2977fec006
fix issue 19928 (#20409) 
* fix issue 19928

it needs to consider the user who is in any group that has been granted with the project admin role.

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-15 13:07:30 +08:00
stonezdj(Daojun Zhang)
232f9ba7ea
Skip scan in-toto sbom artifact (#20415) 
fixes #20337

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
 2024-05-13 17:12:04 +08:00
Wang Yan
65e266fecf
fix issue 20407 (#20416) 
fixes #20407
It needs to specify the insecure option on parsing the reference

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-05-13 14:44:51 +08:00
MinerYang
068ae006fe
Update scan job request log for enabled_capabilities (#20414) 
update scan job request log

Signed-off-by: yminer <yminer@vmware.com>
 2024-05-10 17:17:47 +08:00
Shengwen YU
beb5f3f7cb
fix: enale stop_scan for ci (#20378) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-06 17:35:40 +08:00
Shengwen YU
33966fbc79
fix update TRIVYVERSION=v0.50.4 & TRIVYADAPTERVERSION=v0.31.1 (#20390) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-05-06 16:59:31 +08:00
dependabot[bot]
c4409c053b
Bump helm.sh/helm/v3 from 3.14.2 to 3.14.4 in /src (#20373) 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 15:49:37 +08:00
dependabot[bot]
1ef61995b8
Bump github.com/go-asn1-ber/asn1-ber from 1.5.5 to 1.5.6 in /src (#20372) 
Bumps [github.com/go-asn1-ber/asn1-ber](https://github.com/go-asn1-ber/asn1-ber) from 1.5.5 to 1.5.6.
- [Release notes](https://github.com/go-asn1-ber/asn1-ber/releases)
- [Commits](https://github.com/go-asn1-ber/asn1-ber/compare/v1.5.5...v1.5.6)

---
updated-dependencies:
- dependency-name: github.com/go-asn1-ber/asn1-ber
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 14:45:37 +08:00
dependabot[bot]
34cb462cd9
Bump github.com/gorilla/csrf from 1.6.2 to 1.7.2 in /src (#20376) 
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf) from 1.6.2 to 1.7.2.
- [Release notes](https://github.com/gorilla/csrf/releases)
- [Commits](https://github.com/gorilla/csrf/compare/v1.6.2...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/csrf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 14:08:10 +08:00
dependabot[bot]
132c389216
Bump k8s.io/api from 0.29.3 to 0.30.0 in /src (#20375) 
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.0.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 13:18:42 +08:00
dependabot[bot]
50dc773a5a
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.26.0 in /src (#20374) 
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
 2024-05-06 10:53:35 +08:00
stonezdj(Daojun Zhang)
8431c9c30a
Rename harbor.sbom to sbom.harbor (#20359) 
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
 2024-05-02 23:48:07 +00:00