harbor

mirror of https://github.com/goharbor/harbor.git synced 2024-11-16 07:15:13 +01:00

Author	SHA1	Message	Date
chlins	d2124ce469	fix: correct typo in exporter cmd Signed-off-by: chlins <chenyuzh@vmware.com>	2022-02-11 15:28:02 +08:00
stonezdj(Daojun Zhang)	02e13390e0	Remove noise in log (#16333 ) DB Config Manager could be registered twice if need to enable cache Get trace config only when the trace is enabled Signed-off-by: stonezdj <stonezdj@gmail.com>	2022-02-10 15:42:45 +08:00
Chenyu Zhang	4ef2d65451	Merge pull request #16286 from chlins/fix/skip-replication-for-proxy-cache fix: skip replication to proxy cache project	2022-02-07 17:06:03 +08:00
Wang Yan	93c0e572a0	fix 16224 (#16307 ) fixes #16224, deny the request to scan an accessory. Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-30 03:03:39 +08:00
Wang Yan	cda127c27e	bump up containerd to 1.5.9 (#16316 ) Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-29 18:00:23 +08:00
孙世军	1cbdeb0b64	Improve UI style (#16314 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-29 14:16:46 +08:00
孙世军	88fd4feef5	Add list tag permission for robot account (#16311 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-28 14:22:37 +08:00
孙世军	45d9ece105	Modify CVSS3 column for cve datagrid (#16298 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-28 11:46:28 +08:00
Wang Yan	2275c6e969	fix accessory lost tags (#16304 ) It needs to copy tags for the accessories. Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-28 10:44:29 +08:00
孙世军	241391984b	Add delete repo permission for robot account (#16297 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-27 13:04:18 +08:00
He Weiwei	8554b7d7c5	refactor: replace lib/pq with jackc/pgx (#16267 ) Signed-off-by: He Weiwei <hweiwei@vmware.com>	2022-01-27 11:09:37 +08:00
Wang Yan	0a183feab6	add cosign support in replication (#16282 ) For the case Harbor-to-Harbor, the accessory can be replicated from source or to target. Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-26 21:35:17 +08:00
chlins	b1afd2efb0	fix: skip replication to proxy cache project Signed-off-by: chlins <chenyuzh@vmware.com>	2022-01-26 17:24:39 +08:00
孙世军	c9af6c0c35	Improve tooltips for LDAP group config (#16280 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-25 15:43:21 +08:00
Daniel Jiang	60189f2cef	Merge pull request #16181 from JoooostB/16180-oidc-auto-onboard Store Username in auto-onboard flow (resolves #16180)	2022-01-25 11:00:38 +08:00
stonezdj(Daojun Zhang)	307b8973ce	Merge pull request #16260 from stonezdj/22jan21_ldap_group_duplicate Group members lose access to push or see projects on Harbor	2022-01-25 10:15:54 +08:00
Joost Buskermolen	c103a6e9ef	fix: Store Username in auto-onboard flow Signed-off-by: Joost Buskermolen <joost@buskervezel.nl> fix: Remove conditional & elaborate comment on fix Signed-off-by: Joost Buskermolen <joost@buskervezel.nl> Add conditional to res.Username override Signed-off-by: Joost Buskermolen <joost@buskervezel.nl> test: Set Username based on configured UserClaim Signed-off-by: Joost Buskermolen <joost@buskervezel.nl> fix: Remove breaking conditional Username may be set already if the token has a name claim. Username is should always be set as the autoOnboard setting. Signed-off-by: Joost Buskermolen <joost@buskervezel.nl> Remove conditional altogether autoOnboardUsername should always be the same as Username Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>	2022-01-24 14:38:23 +01:00
stonezdj	20526c5c52	Group members lose access to push or see projects on Harbor Handle the case if there is duplicate user group name when onboard ldap user group Continue to attach groups when it fail on one item Fixes #16220 Signed-off-by: stonezdj <stonezdj@gmail.com>	2022-01-22 15:07:34 +08:00
孙世军	feeb54e5f8	upgrade ngx-markdown to the latest version (#16251 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-20 15:37:33 +08:00
chlins	ed4d9a533e	fix: add worker pool for execution sweep to limit workers Signed-off-by: chlins <chenyuzh@vmware.com>	2022-01-20 10:45:00 +08:00
Wang Yan	cd8d48794a	update pull policy code (#16237 ) Reduce the DB call on pulling artifact with policy disabled Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-17 21:55:20 +08:00
Wang Yan	0b4f98074e	fix cosign conflict error on landing data (#16228 ) Cosign client will generate the same signature to the same manifest, ignore the conflict error in middleware Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-17 19:09:56 +08:00
Wang Yan	01c6f6084b	modify artifact copy api to support cosign (#16194 ) Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-17 15:52:14 +08:00
孙世军	8f77567589	Upgrade UI dependencies (#16233 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-17 14:20:20 +08:00
孙世军	cc1a204a6b	Encode repo name for deleting accessory (#16234 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-17 14:19:19 +08:00
孙世军	7ff0bf188a	Add "expires in" column for robot UI (#16227 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-14 15:42:02 +08:00
MinerYang	719155d595	bump up github.com/opencontainers/runc to v1.0.3 (#16202 ) Signed-off-by: yminer <yminer@vmmware.com> Co-authored-by: yminer <yminer@vmmware.com>	2022-01-14 14:19:31 +08:00
Shengwen Yu	b7af0f1529	feat: add current_time to the response of systeminfo api when user logged in Signed-off-by: Shengwen Yu <yshengwen@vmware.com>	2022-01-11 17:36:08 +08:00
孙世军	634f0139a0	Add co-sign checkbox for project policy (#16184 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-10 18:14:34 +08:00
Wang Yan	063991078a	Cosign policy checker (#16187 ) Enable policy checker for cosign, when it's enabled, user cannot pull artifact without cosign. Signed-off-by: wang yan <wangyan@vmware.com>	2022-01-10 17:44:01 +08:00
Shengwen Yu	d2ae0165c9	feat: add failure-tolerance for gc Signed-off-by: Shengwen Yu <yshengwen@vmware.com>	2022-01-10 11:34:10 +08:00
孙世军	2eda360d9d	Add co-sign UI (#16155 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2022-01-05 13:41:51 +08:00
Chenyu Zhang	b417e877b5	Merge pull request #16107 from chlins/feat/async-update-artifact-pull_count feat: async update artifact pull time and repository pull count	2022-01-05 11:14:28 +08:00
Wang Yan	2111703d8d	Cosign artifact api 1，update artifact list & delete api to support accessory 2, add list accesories api Signed-off-by: Wang Yan <wangyan@vmware.com>	2022-01-05 11:13:40 +08:00
chlins	de7978e1b5	feat: async update artifact pull time and repository pull count Signed-off-by: chlins <chenyuzh@vmware.com>	2021-12-24 11:17:44 +08:00
Julio H Morimoto	ce319a9eca	Improvements for Brazilian Portuguese (pt-br) translation. (#15921 ) Missing items and minor updates to improve the translation. Signed-off-by: juliohm1978 <jhm@juliohm.com.br>	2021-12-17 10:36:42 +08:00
孙世军	d9a4f34819	Fix overlapping for repo cardview (#16125 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-12-16 13:49:20 +08:00
chlins	adf866e629	fix: resolve the codeql alerts Signed-off-by: chlins <chenyuzh@vmware.com>	2021-12-15 13:49:42 +08:00
孙世军	46507c2fa9	Add preventDefault for action button of repo card view (#16117 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-12-14 11:44:25 +08:00
孙世军	2a7d4ae4d3	Add share operator to icon observable (#16101 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-12-14 11:44:07 +08:00
孙世军	d711f02401	Add querry parameter for setting.json (#16081 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-12-14 11:20:34 +08:00
孙世军	eb8db3215c	Fix unescaped URL for repo links (#16092 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-12-09 10:15:21 +08:00
Wang Yan	76b981faec	add cosign middleware (#16078 ) The middleware is to land the cosign signature linkage with the subject artifact ID. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-12-07 15:43:10 +08:00
rao yunkun	ce6bf73884	Merge remote-tracking branch 'upstream/main'	2021-12-05 16:34:04 +08:00
stonezdj(Daojun Zhang)	0c0489cbae	Merge pull request #15913 from stonezdj/21nov1_proxy_manifest_list_contenttype Cache content type for manifest list and image index in perspective	2021-12-04 09:05:20 +08:00
Wang Yan	742e7ded00	add accessory dao service (#16045 ) Signed-off-by: wang yan <wangyan@vmware.com>	2021-12-03 14:34:02 +08:00
stonezdj	6b77c11696	Cache content type for manifest list and image index in perspective manifest list: application/vnd.docker.distribution.manifest.list.v2+json image index: application/vnd.oci.image.index.v1+json fixes #15837 Signed-off-by: stonezdj <stonezdj@gmail.com>	2021-12-03 14:14:01 +08:00
孙世军	846d690b85	Refactor config component (#16064 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-12-01 10:07:46 +08:00
Wang Yan	7608df4b5c	add pull update control env (#16051 ) These variables are temporary solution for issue: https://github.com/goharbor/harbor/issues/16039 When user disable the pull count/time/audit log, it will decrease the database access, especially in large concurrency pull scenarios. 1, PULL_TIME_UPDATE_DISABLE : The flag to indicate if pull time is disable for pull request. 2, PULL_COUNT_UPDATE_DISABLE : The flag to indicate if pull count is disable for pull request. 3, pull audit log will not create on disabling pull time. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-11-26 18:13:23 +08:00
孙世军	cad78f6af4	Audit fixing for package-lock.json (#16043 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-23 15:56:09 +08:00
Wang Yan	91e406ba60	bump up dep versions (#16038 ) 1, upgrade containerd to v1.14.12 2. upgrade image-spec to v1.0.2 Signed-off-by: wy65701436 <wangyan@vmware.com>	2021-11-23 10:32:29 +08:00
孙世军	784cdabc61	Fix null point exception for chart version (#16006 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-22 10:48:42 +08:00
孙世军	21dfba7330	Redirect to sign-in page when user session timed out (#16005 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-22 10:47:49 +08:00
stonezdj(Daojun Zhang)	060341ba4e	Merge pull request #15949 from stonezdj/21nov4_cache_properties Enable db config cache explicitly	2021-11-16 14:39:10 +08:00
Chenyu Zhang	d260e632d8	Merge pull request #15985 from chlins/fix/replication-rule-enhancement fix(replication): enhance the replication rule validation	2021-11-12 11:12:41 +08:00
chlins	f880bc3361	fix(replication): enhance the replication rule validation Signed-off-by: chlins <chenyuzh@vmware.com>	2021-11-12 09:53:11 +08:00
孙世军	ddd4cdb306	Not allow space in replication rule filters (#15984 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-11 12:23:26 +08:00
孙世军	ea16f1fb5e	Change base tag to "/" for index.html (#15965 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-08 17:42:07 +08:00
孙世军	d5a4f0b8bc	Add select-all and unselect-all for robot permissions (#15962 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-08 14:38:26 +08:00
孙世军	ab037c35cc	Fix ng-change-checking error for repos component (#15961 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-08 14:37:45 +08:00
孙世军	0413b8b6f7	Support right click to open a link in a new tab (#15935 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-08 14:37:27 +08:00
sluetze	3760375ba9	updated german translation for 2.4 Signed-off-by: sluetze <13255307+sluetze@users.noreply.github.com>	2021-11-08 11:15:55 +08:00
Chenyu Zhang	3aa698c7c9	fix(replication): list projects before replicate to reduce create duplicate project and requests to target registry (#15934 ) Signed-off-by: chlins <chenyuzh@vmware.com>	2021-11-08 10:39:58 +08:00
He Weiwei	b2268dbf8e	fix: remove x-go-type in swagger.yaml (#15923 ) Closes #15912 Signed-off-by: He Weiwei <hweiwei@vmware.com>	2021-11-04 23:39:36 +08:00
stonezdj	21601f5e3c	Enable db config cache explicitly previous config is not cached because it is initialized when cache is not ready Signed-off-by: stonezdj <stonezdj@gmail.com>	2021-11-04 16:01:25 +08:00
孙世军	71ee8b57c2	Remove loading for auto refreshing (#15914 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-03 14:29:54 +08:00
孙世军	264a320d38	Add pagination for user groups (#15932 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-11-03 14:29:24 +08:00
stonezdj(Daojun Zhang)	465240216a	Merge pull request #15864 from stonezdj/21oct25_fix_crash_missing_ldap_attribut Check empty ldap attributes value	2021-11-02 08:56:33 +08:00
stonezdj	ec23ddabc3	Check empty ldap attributes value fixes #11986 Signed-off-by: stonezdj <stonezdj@gmail.com>	2021-11-01 17:56:37 +08:00
孙世军	44f477e965	Change ng-swagger-gen to a stable version (#15903 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-29 18:44:20 +08:00
孙世军	fed84069a2	Fix css issue for chart label filter (#15891 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-29 10:38:52 +08:00
孙世军	ec1c8c9cd3	Upgrade Clarity and Angular to latest stable version (#15887 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-28 17:21:39 +08:00
Aaron Layfield	7b75a456d3	Robot Account CREATE / DELETE Label (#15815 ) Signed-off-by: Aaron Layfield <aaron.layfield@gmail.com>	2021-10-27 14:24:07 +08:00
Wang Yan	a956758302	bump up go version to v1.17 (#15865 ) * bump up go version to v1.17 Signed-off-by: Wang Yan <wangyan@vmware.com> * gofmt fail Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-10-25 17:28:29 +08:00
stonezdj(Daojun Zhang)	adc2e8873f	Add hostname to trace span name (#15806 ) Fixes #15726, unify the trace span name in all components Signed-off-by: stonezdj <stonezdj@gmail.com>	2021-10-25 17:09:59 +08:00
孙世军	266f0c41da	Enlarge index artifact folder icon (#15860 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-25 13:46:32 +08:00
孙世军	528d028f1d	Add XAcceptVulnerabilities header when getting artifact scan overview (#15853 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-22 17:12:35 +08:00
Chenyu Zhang	be27792170	Merge pull request #15845 from chlins/fix/codeql-golang-security-issues fix: handle codeql golang security issues	2021-10-22 13:27:07 +08:00
Alexis L	5fd6168c57	fix(scan): Add function to avoid writing creds in jobservice logs, switch to debug instead of info (#15747 ) Signed-off-by: Alexis <60alexis@gmail.com>	2021-10-22 11:34:15 +08:00
chlins	9e8218f63b	fix: handle codeql golang security issues Signed-off-by: chlins <chenyuzh@vmware.com>	2021-10-22 10:51:26 +08:00
孙世军	3da8e573a0	Fix css issues for robot and replication (#15834 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-22 10:09:16 +08:00
stonezdj(Daojun Zhang)	bc6a7f65a6	Merge pull request #15677 from stonezdj/21sep27_remove_error_log Change log level to debug	2021-10-21 09:25:18 +08:00
Wang Yan	6014646bcb	fixes gc dry run issue (#15804 ) fixes #15332, for the dry run mode, gc job should not remove the untagged candidates. To fix it, use the simulate untagged artifact deletion for dry-run. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-10-19 07:42:54 +08:00
Steven Zou	22e99c78d1	Merge pull request #15777 from AllForNothing/remove-neg Remove negligible and unknown severities and add none severity	2021-10-18 11:46:20 +08:00
stonezdj(Daojun Zhang)	2020bf383b	Merge pull request #15790 from stonezdj/21oct15_change_trace_name Change the span name to <method>_<request uri>	2021-10-18 09:41:12 +08:00
Shatakshi Gupta	76733d72be	fixed S1008 bugbash error (#15781 ) Signed-off-by: Shatakshi <shatakshi.gupta85@gmail.com>	2021-10-14 20:10:48 +08:00
Soumik Majumder	eb7329a471	Fix semgrep sprintf-host-port (#15782 ) Signed-off-by: Soumik Majumder <soumikm@vmware.com>	2021-10-14 20:10:27 +08:00
Wang Yan	f9d1294b45	roll back the runner count (#15792 ) It takes about 1 hour to perform data for 40000 repositories per performance testing. Roll back the runner count to 100 could speed the data preparation time. It's safe since it only takes 100 DB connection counts at most per execution per core. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-10-14 19:05:30 +08:00
He Weiwei	b390112f5a	fix: convert severity from negligible to none before saving to db (#15791 ) Signed-off-by: He Weiwei <hweiwei@vmware.com>	2021-10-14 16:02:38 +08:00
stonezdj	3b2ac06639	Change the span name to <method>_<request uri> Use the same trace option for HTTPTransport fixes #15726 Signed-off-by: stonezdj <stonezdj@gmail.com>	2021-10-14 14:33:16 +08:00
Soumik Majumder	2679b2427b	Fix semgrep use-of-weak-crypto error (#15784 ) Signed-off-by: Soumik Majumder <soumikm@vmware.com>	2021-10-14 14:28:59 +08:00
Wang Yan	729d2e6590	fix replication DB connection issue fixes #15736 For the current imple, the GetWorker() may hang when there is no worker available, and will not release the DB connection. In this case, the DB connection could reach the up limit that leads to harbor core for service unavailable. 1, move GetWorker() in the goroutine, release the DB connection for API. 2, reduce the worker count per harbor-core from 1024 to 10. 3, reduce the runner count per worker to 30. After above, the max connection per harbor-core should be 300. Worker: To control how many replicaiton exectuions can have at most at the same time. Runner: To control the speed to generate an jobservice replicaiton job. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-10-14 11:31:33 +08:00
AllForNothing	b2775292ef	Remove negligible and unknown severities and add none severity Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-13 16:45:16 +08:00
Shengwen YU	4d89c845d0	fix: webhook log (#15756 ) Signed-off-by: Shengwen Yu <yshengwen@vmware.com> Co-authored-by: Shengwen Yu <yshengwen@vmware.com>	2021-10-13 15:46:04 +08:00
Wang Yan	5c92b2f308	bump up containerd version (#15752 ) Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-10-11 17:45:21 +08:00
Wenkai Yin(尹文开)	dc8477bd7a	Merge pull request #15680 from antbreton/fix/15679 fix filename processing to support both URI and URL	2021-10-11 17:18:23 +08:00
Wang Yan	f57c426409	bump up jwt version (#15730 ) Upgrade the jwt to github.com/golang-jwt/jwt/v4, and it's backwards compatible with v3.x.y. Signed-off-by: wang yan <wangyan@vmware.com>	2021-10-08 16:09:00 +08:00
孙世军	96f5caa635	Add list artifact and list repo permissions to robot account (#15718 ) Signed-off-by: AllForNothing <sshijun@vmware.com>	2021-10-08 10:56:37 +08:00
stonezdj(Daojun Zhang)	32023891eb	Merge pull request #15675 from stonezdj/21sep22_email_nullable Allow empty email attribute for ldap/oidc user	2021-10-02 10:33:38 +08:00
Wang Yan	4e984e8c6e	fix legacy robot edit issue (#15709 ) fixes #15690, for the legacy robot, update is denied. Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-10-01 00:41:54 +08:00

1 2 3 4 5 ...

5295 Commits