Commit Graph

5585 Commits

Author SHA1 Message Date
Milos Gajdos
920120077f Remove accidental typo
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2025-02-11 06:38:11 -08:00
Milos Gajdos
25be29b32b Prep for v3-rc.3 release
* Created a changelog file
* Updated version

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2025-02-10 20:10:15 -08:00
Milos Gajdos
5ea9aa028d Merge commit from fork
Fix registry token authentication bug
2025-02-10 19:50:35 -08:00
Milos Gajdos
939a525dd5 Bump Go version (#4566) 2025-02-08 07:20:26 -08:00
Milos Gajdos
7098b3f42c Bump Go version
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2025-02-07 19:34:01 -08:00
Milos Gajdos
6ed60b0f48 Apply suggestions from code review
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>
2025-02-06 17:43:28 +00:00
Milos Gajdos
53c382641c Remove named returns and fix linting woes
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2025-02-05 21:26:23 -08:00
Milos Gajdos
f4a500caf6 Fix registry token authentication bug
When a JWT contains a JWK header without a certificate chain,
the original code only checked if the KeyID (kid) matches one of the trusted keys,
but doesn't verify that the actual key material matches.

As a result, if an attacker guesses the kid, they can inject an
untrusted key which would then be used to grant access to protected
data.

This fixes the issue such as only the trusted key is verified.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2025-02-01 15:30:18 -08:00
Milos Gajdos
7271d882c0 ci: fix bake build (#4555) 2025-01-16 20:19:08 +00:00
CrazyMax
4c5e394561 ci: fix bake build
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-01-16 18:54:00 +01:00
Milos Gajdos
3270367d89 (security): Bump golang.org/x/net module (#4542) 2025-01-10 10:51:24 +00:00
Milos Gajdos
17550ead96 build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 (#4553) 2025-01-10 10:23:20 +00:00
Milos Gajdos
9dff0cbf9f ci: update bake-action to v6 (#4554) 2025-01-10 10:06:22 +00:00
CrazyMax
808f0b8961 ci: update bake-action to v6
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-01-10 10:31:13 +01:00
dependabot[bot]
825eeb039d build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-10 01:54:12 +00:00
Wang Yan
43291261fa build(deps): bump actions/upload-artifact from 4.3.6 to 4.5.0 (#4538) 2024-12-23 12:43:19 +08:00
Milos Gajdos
f1e33060cb Fix conformance upload issue:
We're trying to upload conformance test results from a hidden directory:

Version 4.4.0 introduced a breaking change:
https://github.com/actions/upload-artifact/releases/tag/v4.4.0

We can either set include-hidden-files: true or
ename the directory to e.g., out/ without a leading dot which is what
we do in this PR

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-12-20 06:32:18 +00:00
Milos Gajdos
38fd91a49e (security): Bump golang.org/x/net module
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2024-45338

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-12-20 06:21:59 +00:00
Milos Gajdos
4890d9e036 Prepare for rc2 release (#4539) v3.0.0-rc.2 2024-12-18 14:54:27 +00:00
Milos Gajdos
c4a604465f Prepare for rc2 release
Seems like we havent done AUTHORS update in a while: this commit
rectififes that.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-12-18 08:17:36 +00:00
dependabot[bot]
d85819c08e build(deps): bump actions/upload-artifact from 4.3.6 to 4.5.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.5.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.3.6...v4.5.0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-18 01:26:29 +00:00
Milos Gajdos
1c62898144 feat(configuration): support mtls auth mod (#4537) 2024-12-17 14:00:36 +00:00
vitshev
41a906f0c6 fix(configuration): replace string literals with constants in tests
Signed-off-by: vitshev <vitshev@tracto.ai>
2024-12-16 22:34:26 +01:00
Vitshev
96c9a85b62 fix(configuration): replace string literals with constants in error
Co-authored-by: Milos Gajdos <milosgajdos83@gmail.com>
Signed-off-by: Vitshev <vitshev@tracto.ai>
2024-12-16 22:30:37 +01:00
vitshev
328f802b8e fix(configuration): replace string literals with constants
Signed-off-by: vitshev <vitshev@tracto.ai>
2024-12-16 20:43:30 +01:00
vitshev
916bdeae94 feat(configuration): support mtls auth mod
Signed-off-by: vitshev <vitshev@tracto.ai>
2024-12-16 20:43:20 +01:00
Kyle Squizzato
258144d70f Update squizzi maintainer email (#4530) 2024-12-13 15:49:57 -08:00
Wang Yan
3241bc213c chore: Bump alpine image version (#4532) 2024-12-13 19:20:48 +08:00
Milos Gajdos
96a3daafe9 Move a direct dependency to direct deps required modules
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-12-12 11:34:21 +00:00
Milos Gajdos
fb3ba302d2 chore: Bump alpine and Go versions
3.20 had a minor security vulnerability. Let's bump it.

Related:
* https://github.com/distribution/distribution-library-image/issues/171
* https://github.com/distribution/distribution/pull/4527

Bump Go version
* CI
* go.mod

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-12-12 11:29:11 +00:00
Milos Gajdos
b2ae9e398c update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ (#4527) 2024-12-12 10:55:20 +00:00
Milos Gajdos
61ee69943b build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 (#4531) 2024-12-12 08:54:46 +00:00
dependabot[bot]
6eba54be60 build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-12 08:34:18 +00:00
Kyle Squizzato
183919cee5 Update squizzi maintainer email
Signed-off-by: Kyle Squizzato <kyle@replicated.com>
2024-12-11 12:08:38 -08:00
Sebastiaan van Stijn
179e902fe9 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+
This fixes compatibility with alpine 3.21 and file 5.46+

- Fix additional possible `xx-cc`/`xx-cargo` compatibility issue with Alpine 3.21
- Support for Alpine 3.21
- Fix `xx-verify` with `file` 5.46+
- Fix possible error taking lock in `xx-apk` in latest Alpine without `coreutils`

full diff: https://github.com/tonistiigi/xx/compare/v1.2.1...v1.6.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-12-10 10:40:30 +01:00
Milos Gajdos
f2658eeb0b docs: Explain how to configure a list through env variables (#4522) 2024-12-03 17:57:32 +00:00
Victor Barbu
1d104a9399 [docs] Explain how to configure a list through env variables
Signed-off-by: Victor Barbu <git.zqk3n@vicb.cc>
2024-12-03 19:08:23 +02:00
Milos Gajdos
e3007cd2bc Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#4507) 2024-11-20 11:23:40 +00:00
Wang Yan
a44f1fb058 build(deps): bump codecov/codecov-action from 4 to 5 (#4508) 2024-11-18 11:00:09 +08:00
dependabot[bot]
4dfab838b7 build(deps): bump codecov/codecov-action from 4 to 5
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-15 02:04:35 +00:00
krynju
abbe03efef Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Signed-off-by: krynju <krystian.gulinski@juliahub.com>
2024-11-13 18:27:43 +01:00
Milos Gajdos
3ddd142339 Prep for v3-rc.1 release (#4502) v3.0.0-rc.1 2024-11-07 20:09:13 +00:00
Milos Gajdos
4118c80a99 Prep for v3-rc.1 release
* Created a changelog file
* Updated mailmap
* Updated version

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-11-06 15:37:11 +00:00
Milos Gajdos
d67b46a05b Bump dependencies (#4498) 2024-11-06 10:52:35 +00:00
Milos Gajdos
f7236ab041 feat: support custom exec-based credential helper in proxy mode (#4438) 2024-11-05 11:48:33 +00:00
Milos Gajdos
099201adde fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#4424) 2024-11-05 11:39:43 +00:00
Milos Gajdos
3ac2285631 Bump otel dependencies
We want to be consistent in our deps so tracking down issue does not end
up in a murder mystery hunt. This commit picks a specific otel versions
that are unified in this codebase.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-11-05 05:45:37 +00:00
Milos Gajdos
bd52394e81 Update lint.Dockerfile
Add a timeout to the lint:
By default it is set to 1m

Remove ARGs where not needed.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-11-05 05:31:45 +00:00
Milos Gajdos
85e99bce34 docs: update hugo and theme versions (#4499) 2024-11-01 12:45:02 +00:00
David Karlsson
da2f24e205 docs: update hugo and theme versions
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-10-31 10:03:17 +01:00