As from docker v20, the containerd leverages the cache when to pull a manifest, that leads to the
client doesn't send the get manifest request if the image exists in local.
The content trust and vul checker are only valid for get manifest request, the PR is to enable the checkers on
head manifest request to handle the containerd local cache scenario.
Signed-off-by: Wang Yan <wangyan@vmware.com>
Fixed#15034, as for postgres 13, the default shm size is 64MB, set to 1gb to avoid could not resize shared memory segment error.
Signed-off-by: Wang Yan <wangyan@vmware.com>
The robotv1 context uses the robot$ as a hardcoded prefix to identify robot account, it will raise error
for a valid robotv2 account with this prefix.
Update the log level to avoid the redundant logs for the default installation.
Signed-off-by: Wang Yan <wangyan@vmware.com>
* add build arch parameter in Makefile
Add parameter BUILDARCH for make file. DB base builds pg96 for x86_64 only
Signed-off-by: Wang Yan <wangyan@vmware.com>
There are code in the core component to conditionally execute code based
on the pattern of url path, and different ingress controller or reverse
proxy may handle the dup slashes in the url path differently.
This commit merge dup slashes in the url paths to make things more
consistent.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit enhances the v2auth middleware, such that any un-recognized
request sent to /v2/ will be blocked.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
Fixes#14822
When upstream registry not working, but status might stay healthy because the health check interval is 5 minutes, if a pull request comes before registry status turns to unhealthy, the proxy cache middleware might proxy the request to the upstream registry and get a 401 error and this 401 error might translate to a http 500 error to the client eventually.
To solve this issue, it fall back all error to local registry when proxying manifest except the NotFoundError from the local registry.
Signed-off-by: stonezdj <stonezdj@gmail.com>
1. Limit API qps for the adapter.
2. Allow set qps via env.
3. Fix Tencnet SDK pagenation.
4. Fix resource filter.
Signed-off-by: fanjiankong <fanjiankong@tencent.com>
QuerySeter.Delete will call two queies in the orm of beego. First it
will query all primary keys of the model by the QuerySeter, and then the
orm will delete the models using the IN statement of these primary keys.
This will be failed in the postgres when the records more than 65535.
This commit changes to use the raw query to delete the robots of the
project.
Closes#14678
Signed-off-by: He Weiwei <hweiwei@vmware.com>
To ensure the upgrade execution idempotence, it needs to clean the $PGDATANEW on pg_upgrade failure.
Otherwise, the upgrade will skip the upgrade process from the second time launch as the exist of $PGDATANEW.
Signed-off-by: Wang Yan <wangyan@vmware.com>
