Commit Graph

5891 Commits

Author SHA1 Message Date
Milos Gajdos
8b2870824b chore: smol go fix changes (#4876) 2026-05-24 17:12:01 -07:00
Milos Gajdos
0d5789588f chore: smol go fix changes
This PR changes the code based on the `go fix` suggestions
to modernize the codebase and keep up with the latest Go features.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-24 15:56:02 -07:00
Milos Gajdos
ade782b145 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#4867) 2026-05-13 19:19:24 -07:00
dependabot[bot]
1cf82e5068 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e46ed2cbd0...68bde559de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-14 01:14:13 +00:00
Milos Gajdos
48901448e7 build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#4865) 2026-05-12 10:00:54 -07:00
Milos Gajdos
1d4476c1e3 build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#4859) 2026-05-12 10:00:44 -07:00
dependabot[bot]
cc4552064d build(deps): bump github/codeql-action from 4.35.2 to 4.35.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.35.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](95e58e9a2c...e46ed2cbd0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-08 01:14:12 +00:00
João Pereira
7287385db8 build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#4861) 2026-05-01 16:53:16 +01:00
Milos Gajdos
9a8d98b679 chore(release): prepare for v3.1.1 release (#4864) 2026-05-01 08:28:51 -07:00
Milos Gajdos
d3c0df9f61 chore(release): prepare for v3.1.1 release
* Release notes added
* AUTHORS updated
* Version bump in the `version` package

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-01 07:46:25 -07:00
Milos Gajdos
e09ff10155 Merge commit from fork
fix: prevent tag deletion when `storage.delete.enabled` is false
2026-05-01 07:27:34 -07:00
Joonas Bergius
8baf3e0826 fix: prevent tag deletion when storage.delete.enabled is false
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-04-25 17:42:36 -05:00
Milos Gajdos
f3af4de047 fix(storage): bounds-check the file basename in PurgeUploads Walk callback (#4860) 2026-04-22 11:07:45 -07:00
dependabot[bot]
194f5169ba build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c10b8064de...95e58e9a2c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-22 01:15:20 +00:00
SAY-5
72c88bc960 fix(storage): bounds-check the file basename in PurgeUploads Walk callback
PurgeUploads' Walk callback split the visited path with path.Split and
indexed file[0] immediately. path.Split returns an empty basename for
paths that end in a trailing slash - in practice this happens when an
S3 driver surfaces a bare directory (common prefix) with an empty
Key. Indexing a zero-length string then panics with
'index out of range [0] with length 0' and takes down the whole
PurgeUploads goroutine (#4713).

Guard the length before touching file[0] so a trailing-slash /
empty-basename entry is simply skipped as 'not a reserved directory',
which matches what the branch was trying to do anyway. Runtime
behaviour for every non-empty entry is unchanged.

Closes #4713

Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
2026-04-21 10:56:45 -07:00
Milos Gajdos
1b5e226b6f feat(s3): add express zone one support to S3 driver (#4858) 2026-04-20 07:47:28 -07:00
Milos Gajdos
afd2bf0b23 fix(proxy): clamp oversized n query param instead of returning 400 (#4856) 2026-04-20 07:47:14 -07:00
dependabot[bot]
4a4b9586f1 build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](153bb8e044...b430933298)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-20 01:17:51 +00:00
Milos Gajdos
835c1c581f feat(s3): add express zone one support to S3 driver
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 17:36:52 -07:00
Milos Gajdos
0f3e627937 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#4853) 2026-04-18 17:04:24 -07:00
Milos Gajdos
c6f552e5db fix(proxy): clamp oversized n query param instead of returning 400
PR #4353 made MaxTags (default 1000) a hard ceiling on the `n` query
parameter — anything larger and the handler returns 400
PAGINATION_NUMBER_INVALID before the request ever reaches storage or
the proxy tag service. That broke clients like Renovate which use
n=10000 against pull-through caches. #4846 fixed a related 500 in
proxy mode but not this 400, so users reported the regression still
persisted.

The OCI distribution-spec describes pagination differently: a server
MAY return fewer than `n` results "when the total number of tags
attached to the repository is less than <int> or a Link header is
provided" — otherwise it MUST include `<int>` results. In other
words, the right answer for "client asked for more than we'll serve"
is `maxtags` results plus a Link header, not a rejection.
PAGINATION_NUMBER_INVALID isn't among the 14 error codes the spec
defines, either.

Drop the oversized-n rejection and clamp to MaxTags instead; the
existing Link-header path already handles continuation correctly.
Malformed (non-integer) and negative `n` values keep returning 400,
since the spec defines `n` as a non-negative integer and those
requests are genuinely invalid.

Verified end-to-end against registry-1.docker.io in proxy mode:
n=10000 now returns the tag list (or a clamped page with Link)
instead of 400. Also restores pre-3.1.0 behavior for Renovate-style
clients without needing proxy-specific logic.

Spec reference:
https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-tags

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 16:53:53 -07:00
Milos Gajdos
e39652ca1f build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4847) 2026-04-18 16:12:05 -07:00
Milos Gajdos
3d916b8c4f build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#4852) 2026-04-18 16:11:52 -07:00
Milos Gajdos
17e760a9f0 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#4854) 2026-04-18 16:10:57 -07:00
Milos Gajdos
acabfb4b90 Update docker-compose structure in deploying.md (#4855) 2026-04-18 16:10:29 -07:00
John de Graaff
3cf4463982 Update docker-compose structure in deploying.md
adding "services:" top-level key in docker-compose file example.

Signed-off-by: John de Graaff <john@de-graaff.net>
2026-04-17 15:15:52 +02:00
dependabot[bot]
4b5154db23 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-17 01:13:15 +00:00
Milos Gajdos
ca7d4de0ee fix(proxy): fix tag list endpoint in proxy mode (#4846) 2026-04-16 14:17:56 -07:00
Milos Gajdos
ece70d987f refactor: use slices.Backward to simplify the code (#4848) 2026-04-16 14:17:33 -07:00
dependabot[bot]
203c505cd3 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](82490499d2...a66e1c87e2)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-16 01:15:10 +00:00
dependabot[bot]
fed2610157 build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](7b1f4a764d...fc324d3547)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-15 01:15:07 +00:00
Milos Gajdos
24a4d24a24 chore(build): Bump go version to latest (#4851) 2026-04-14 14:12:13 -07:00
Milos Gajdos
839e4a7119 build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 (#4840) 2026-04-14 10:01:33 -07:00
Milos Gajdos
0102b58159 Bump Go 1.26 in CI
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-14 09:22:17 -07:00
Milos Gajdos
29eb2149df chore(build): Bump go version to latest 1.25
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-14 09:09:22 -07:00
Milos Gajdos
3090068a9b build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory (#4850) 2026-04-14 08:56:29 -07:00
dependabot[bot]
326a0d0b7b build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.43.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-14 15:30:39 +00:00
Milos Gajdos
9a07978fe3 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory (#4843) 2026-04-14 08:17:41 -07:00
Milos Gajdos
6ae29aadd7 internal/client/auth/challenge: cleanups and minor refactor (#4832) 2026-04-12 16:09:55 -07:00
chuanshanjida
0679fc13c5 refactor: use slices.Backward to simplify the code
Signed-off-by: chuanshanjida <chuanshanjida@outlook.com>
2026-04-12 16:01:45 +08:00
dependabot[bot]
445af38d68 build(deps): bump docker/login-action from 4.0.0 to 4.1.0
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](b45d80f862...4907a6ddec)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-10 01:13:26 +00:00
njucjc
60de6e3443 fix(proxy): fix tag list endpoint in proxy mode
Signed-off-by: njucjc <njucjc@alibaba-inc.com>
Signed-off-by: chenjinci.cjc <chenjinci.cjc@alibaba-inc.com>
2026-04-09 23:30:51 +08:00
dependabot[bot]
567670f6eb build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-08 19:27:49 +00:00
Milos Gajdos
708f8d6b06 chore(ci): Prep for v3.1 release (#4841) 2026-04-06 08:41:42 -07:00
dependabot[bot]
5e72174444 build(deps): bump github/codeql-action from 4.34.1 to 4.35.1
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.34.1 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3869755554...c10b8064de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-06 01:17:35 +00:00
Milos Gajdos
b1d5dbcf1b chore(ci): Prep for v3.1 release
* Release notes added
* Version bump in version package
* AUTHORS updated

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-05 18:12:29 -07:00
Milos Gajdos
078b0783f2 Merge commit from fork
fix redis repo-scoped blob descriptor revocation
2026-04-05 17:08:50 -07:00
Milos Gajdos
cccd0d4fb7 fix(vendor): fix broke vendor validation (#4839) 2026-04-05 16:30:19 -07:00
Milos Gajdos
49447e8e12 fix(vendor): fix broke vendpor validation
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-05 13:35:49 -07:00
Milos Gajdos
cc5d5fa4ba Merge commit from fork
proxy: bind bearer realms to upstream trust boundary
2026-04-05 13:30:20 -07:00