Fixes#14822
When upstream registry not working, but status might stay healthy because the health check interval is 5 minutes, if a pull request comes before registry status turns to unhealthy, the proxy cache middleware might proxy the request to the upstream registry and get a 401 error and this 401 error might translate to a http 500 error to the client eventually.
To solve this issue, it fall back all error to local registry when proxying manifest except the NotFoundError from the local registry.
Signed-off-by: stonezdj <stonezdj@gmail.com>
1. Limit API qps for the adapter.
2. Allow set qps via env.
3. Fix Tencnet SDK pagenation.
4. Fix resource filter.
Signed-off-by: fanjiankong <fanjiankong@tencent.com>
QuerySeter.Delete will call two queies in the orm of beego. First it
will query all primary keys of the model by the QuerySeter, and then the
orm will delete the models using the IN statement of these primary keys.
This will be failed in the postgres when the records more than 65535.
This commit changes to use the raw query to delete the robots of the
project.
Closes#14678
Signed-off-by: He Weiwei <hweiwei@vmware.com>
To ensure the upgrade execution idempotence, it needs to clean the $PGDATANEW on pg_upgrade failure.
Otherwise, the upgrade will skip the upgrade process from the second time launch as the exist of $PGDATANEW.
Signed-off-by: Wang Yan <wangyan@vmware.com>
1. Use root instead of ~ in notary parameter;
2. Fix tag immutability issue caused by GUI change;
3. Replace email domain name to harbor test;
4. Add login for each base image in makefile;
5. Add customize look test in nightly.
Signed-off-by: danfengliu <danfengl@vmware.com>
1, use the pg source and photon spec to build postgres 9.6
2, install 9.6 on the photon 4.0
3, then leverage pg_upgrade to handle the pg major version migration
Signed-off-by: Wang Yan <wangyan@vmware.com>
Improve the performance of artifact related APIs by adding indexes and refactoring sql logic
Closes#13890#14813#14814
Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit uses system configuration resource for permission check
against API to ping OIDC and update systen CVE allowlist.
Fixes#14386
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Trivy scanner adpater v0.19.0 comes with Trivy v0.17
which adds support for Java JAR/WAR/EAR archives and
Go binaries scanning.
The release notes are published on
https://github.com/aquasecurity/trivy/releases/tag/v0.17.0
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
DB transaction failure may break the loop query of the artifacts, the
result is that not all artifacts are scanned in one scan all job. Using
a new DB connection to call the Scan method of the controller to avoid
this problem.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
