5909 Commits

Author SHA1 Message Date
Milos Gajdos
472c9d38c9 fix contentRangeRegexp to accept unknown total size (#4892) 2026-06-19 07:58:23 -07:00
alhudz
2f69dbfde1 fix contentRangeRegexp to accept unknown total size
Signed-off-by: alhudz <al.hudz.k@gmail.com>
2026-06-19 17:15:54 +05:30
Milos Gajdos
03210665f5 fix(s3): tags/list drops tags that are a lexical prefix of another tag (#4898) 2026-06-15 07:29:55 -07:00
Milos Gajdos
d1dbbb196c fix(s3): tags/list drops tags that are a lexical prefix of another tag
The S3 driver's Walk used a bare strings.HasPrefix to decide whether a
walkInfo was under the last ErrSkipDir directory. Without a trailing
"/" on the parent, a sibling whose name starts with the skipped
directory's name (e.g. "0.1.20" after "0.1.2") falsely matched and was
skipped, so its tag dir was never emitted to handleTag and the tag was
omitted from /v2/<name>/tags/list.

Replace the prefix check with isSubpath, which appends "/" to the
parent so only true descendants match. Add a unit test pinning the
sibling-with-lexical-prefix case.

The bug is S3-only because the filesystem and inmemory drivers list
directories recursively via WalkFallback and don't use this skip
mechanism. It surfaced in 3.1.0 when the tags handler switched from
tagService.All() (driver List with delimiter) to tagService.List()
(driver Walk) for pagination support.

Fixes #4891

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-06-14 17:22:48 -07:00
Milos Gajdos
af1b4b4e9a azure: fix race condition in PutContent causing duplicate append writes (#4888) 2026-06-07 09:20:23 -07:00
Baptiste Girard-Carrabin
927250bcaf azure: fix race condition in PutContent causing duplicate append writes
Write PutContent objects as block blobs so Azure retries overwrite small objects instead of appending duplicate link contents. Delete legacy append-blob objects before uploading because Azure cannot replace an AppendBlob with a BlockBlob in place. Preserve zero-byte append compatibility and add Azure regression coverage for link-style content, legacy migration, and concurrent same-path writes.

Signed-off-by: Baptiste Girard-Carrabin <baptiste.girardcarrabin@datadoghq.com>
2026-06-05 18:12:03 +02:00
Milos Gajdos
915084f4bc feat(s3): parse and strictly validate redirectendpoint on driver initialization (#4870) 2026-05-31 12:31:37 -07:00
darsh
2af40858be fix(s3): add redirectendpoint validation and fix doc formatting
Signed-off-by: darsh <darshanravichandran07@gmail.com>
2026-05-31 12:08:57 +05:30
Milos Gajdos
22c97cc513 fix: report error in DeleteManifest when Delete returns ErrDigestUnsupported (#4802) 2026-05-28 07:29:39 -07:00
Milos Gajdos
25b2d1dc7f fix(storage): Fix blob type migration in the azure driver (#4871) 2026-05-28 07:29:34 -07:00
João Pereira
f245ed7c33 build(deps): bump docker/bake-action from 7.1.0 to 7.2.0 (#4879) 2026-05-28 08:14:36 +01:00
dependabot[bot]
7c894b6e58 build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](a66e1c87e2...6614cfa25e)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 01:48:41 +00:00
João Pereira
3065221961 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#4874) 2026-05-25 18:20:57 +01:00
João Pereira
75020c2fe2 build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#4877) 2026-05-25 18:20:23 +01:00
dependabot[bot]
3578dde06d build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](57e3a136b7...e79a6962e0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-25 01:34:07 +00:00
Milos Gajdos
8b2870824b chore: smol go fix changes (#4876) 2026-05-24 17:12:01 -07:00
Milos Gajdos
0d5789588f chore: smol go fix changes
This PR changes the code based on the `go fix` suggestions
to modernize the codebase and keep up with the latest Go features.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-24 15:56:02 -07:00
dependabot[bot]
03e955e930 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](68bde559de...9e0d7b8d25)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-22 01:15:55 +00:00
David Marby
5c4717ced7 Fix blob type migration in the azure driver
Currently, the Azure driver always creates blobs as an AppendBlob, but in previous versions, it used to create them as BlockBlobs.
There is migration logic to handle this, but it's currently inversed, so if the blob exists as a BlockBlob, we don't delete it, and get an error back from Azure:
```
RESPONSE 409: 409 The blob type is invalid for this operation.
ERROR CODE: InvalidBlobType
```

Since the check is inversed, this also means that any operation against AppendBlobs does an extra delete -> create for no reason.

Signed-off-by: David Marby <david@dmarby.se>
2026-05-20 23:48:23 +02:00
Milos Gajdos
ade782b145 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#4867) 2026-05-13 19:19:24 -07:00
dependabot[bot]
1cf82e5068 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e46ed2cbd0...68bde559de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-14 01:14:13 +00:00
Milos Gajdos
48901448e7 build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#4865) 2026-05-12 10:00:54 -07:00
Milos Gajdos
1d4476c1e3 build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#4859) 2026-05-12 10:00:44 -07:00
dependabot[bot]
cc4552064d build(deps): bump github/codeql-action from 4.35.2 to 4.35.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.35.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](95e58e9a2c...e46ed2cbd0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-08 01:14:12 +00:00
João Pereira
7287385db8 build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#4861) 2026-05-01 16:53:16 +01:00
Milos Gajdos
9a8d98b679 chore(release): prepare for v3.1.1 release (#4864) 2026-05-01 08:28:51 -07:00
Milos Gajdos
d3c0df9f61 chore(release): prepare for v3.1.1 release
* Release notes added
* AUTHORS updated
* Version bump in the `version` package

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-01 07:46:25 -07:00
Milos Gajdos
e09ff10155 Merge commit from fork
fix: prevent tag deletion when `storage.delete.enabled` is false
2026-05-01 07:27:34 -07:00
Joonas Bergius
8baf3e0826 fix: prevent tag deletion when storage.delete.enabled is false
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-04-25 17:42:36 -05:00
Milos Gajdos
f3af4de047 fix(storage): bounds-check the file basename in PurgeUploads Walk callback (#4860) 2026-04-22 11:07:45 -07:00
dependabot[bot]
194f5169ba build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c10b8064de...95e58e9a2c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-22 01:15:20 +00:00
SAY-5
72c88bc960 fix(storage): bounds-check the file basename in PurgeUploads Walk callback
PurgeUploads' Walk callback split the visited path with path.Split and
indexed file[0] immediately. path.Split returns an empty basename for
paths that end in a trailing slash - in practice this happens when an
S3 driver surfaces a bare directory (common prefix) with an empty
Key. Indexing a zero-length string then panics with
'index out of range [0] with length 0' and takes down the whole
PurgeUploads goroutine (#4713).

Guard the length before touching file[0] so a trailing-slash /
empty-basename entry is simply skipped as 'not a reserved directory',
which matches what the branch was trying to do anyway. Runtime
behaviour for every non-empty entry is unchanged.

Closes #4713

Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
2026-04-21 10:56:45 -07:00
Milos Gajdos
1b5e226b6f feat(s3): add express zone one support to S3 driver (#4858) 2026-04-20 07:47:28 -07:00
Milos Gajdos
afd2bf0b23 fix(proxy): clamp oversized n query param instead of returning 400 (#4856) 2026-04-20 07:47:14 -07:00
dependabot[bot]
4a4b9586f1 build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](153bb8e044...b430933298)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-20 01:17:51 +00:00
Milos Gajdos
835c1c581f feat(s3): add express zone one support to S3 driver
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 17:36:52 -07:00
Milos Gajdos
0f3e627937 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#4853) 2026-04-18 17:04:24 -07:00
Milos Gajdos
c6f552e5db fix(proxy): clamp oversized n query param instead of returning 400
PR #4353 made MaxTags (default 1000) a hard ceiling on the `n` query
parameter — anything larger and the handler returns 400
PAGINATION_NUMBER_INVALID before the request ever reaches storage or
the proxy tag service. That broke clients like Renovate which use
n=10000 against pull-through caches. #4846 fixed a related 500 in
proxy mode but not this 400, so users reported the regression still
persisted.

The OCI distribution-spec describes pagination differently: a server
MAY return fewer than `n` results "when the total number of tags
attached to the repository is less than <int> or a Link header is
provided" — otherwise it MUST include `<int>` results. In other
words, the right answer for "client asked for more than we'll serve"
is `maxtags` results plus a Link header, not a rejection.
PAGINATION_NUMBER_INVALID isn't among the 14 error codes the spec
defines, either.

Drop the oversized-n rejection and clamp to MaxTags instead; the
existing Link-header path already handles continuation correctly.
Malformed (non-integer) and negative `n` values keep returning 400,
since the spec defines `n` as a non-negative integer and those
requests are genuinely invalid.

Verified end-to-end against registry-1.docker.io in proxy mode:
n=10000 now returns the tag list (or a clamped page with Link)
instead of 400. Also restores pre-3.1.0 behavior for Renovate-style
clients without needing proxy-specific logic.

Spec reference:
https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-tags

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 16:53:53 -07:00
Milos Gajdos
e39652ca1f build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4847) 2026-04-18 16:12:05 -07:00
Milos Gajdos
3d916b8c4f build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#4852) 2026-04-18 16:11:52 -07:00
Milos Gajdos
17e760a9f0 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#4854) 2026-04-18 16:10:57 -07:00
Milos Gajdos
acabfb4b90 Update docker-compose structure in deploying.md (#4855) 2026-04-18 16:10:29 -07:00
John de Graaff
3cf4463982 Update docker-compose structure in deploying.md
adding "services:" top-level key in docker-compose file example.

Signed-off-by: John de Graaff <john@de-graaff.net>
2026-04-17 15:15:52 +02:00
dependabot[bot]
4b5154db23 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-17 01:13:15 +00:00
Milos Gajdos
ca7d4de0ee fix(proxy): fix tag list endpoint in proxy mode (#4846) 2026-04-16 14:17:56 -07:00
Milos Gajdos
ece70d987f refactor: use slices.Backward to simplify the code (#4848) 2026-04-16 14:17:33 -07:00
dependabot[bot]
203c505cd3 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](82490499d2...a66e1c87e2)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-16 01:15:10 +00:00
dependabot[bot]
fed2610157 build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](7b1f4a764d...fc324d3547)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-15 01:15:07 +00:00
Milos Gajdos
24a4d24a24 chore(build): Bump go version to latest (#4851) 2026-04-14 14:12:13 -07:00
Milos Gajdos
839e4a7119 build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 (#4840) 2026-04-14 10:01:33 -07:00