Commit Graph

5902 Commits

Author SHA1 Message Date
dependabot[bot]
b02e28585e build(deps): bump docker/login-action from 4.1.0 to 4.2.0
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](4907a6ddec...650006c6eb)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-29 01:15:18 +00:00
Milos Gajdos
22c97cc513 fix: report error in DeleteManifest when Delete returns ErrDigestUnsupported (#4802) 2026-05-28 07:29:39 -07:00
Milos Gajdos
25b2d1dc7f fix(storage): Fix blob type migration in the azure driver (#4871) 2026-05-28 07:29:34 -07:00
João Pereira
f245ed7c33 build(deps): bump docker/bake-action from 7.1.0 to 7.2.0 (#4879) 2026-05-28 08:14:36 +01:00
dependabot[bot]
7c894b6e58 build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](a66e1c87e2...6614cfa25e)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 01:48:41 +00:00
João Pereira
3065221961 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#4874) 2026-05-25 18:20:57 +01:00
João Pereira
75020c2fe2 build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#4877) 2026-05-25 18:20:23 +01:00
dependabot[bot]
3578dde06d build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](57e3a136b7...e79a6962e0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-25 01:34:07 +00:00
Milos Gajdos
8b2870824b chore: smol go fix changes (#4876) 2026-05-24 17:12:01 -07:00
Milos Gajdos
0d5789588f chore: smol go fix changes
This PR changes the code based on the `go fix` suggestions
to modernize the codebase and keep up with the latest Go features.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-24 15:56:02 -07:00
dependabot[bot]
03e955e930 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](68bde559de...9e0d7b8d25)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-22 01:15:55 +00:00
David Marby
5c4717ced7 Fix blob type migration in the azure driver
Currently, the Azure driver always creates blobs as an AppendBlob, but in previous versions, it used to create them as BlockBlobs.
There is migration logic to handle this, but it's currently inversed, so if the blob exists as a BlockBlob, we don't delete it, and get an error back from Azure:
```
RESPONSE 409: 409 The blob type is invalid for this operation.
ERROR CODE: InvalidBlobType
```

Since the check is inversed, this also means that any operation against AppendBlobs does an extra delete -> create for no reason.

Signed-off-by: David Marby <david@dmarby.se>
2026-05-20 23:48:23 +02:00
Milos Gajdos
ade782b145 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#4867) 2026-05-13 19:19:24 -07:00
dependabot[bot]
1cf82e5068 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e46ed2cbd0...68bde559de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-14 01:14:13 +00:00
Milos Gajdos
48901448e7 build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#4865) 2026-05-12 10:00:54 -07:00
Milos Gajdos
1d4476c1e3 build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#4859) 2026-05-12 10:00:44 -07:00
dependabot[bot]
cc4552064d build(deps): bump github/codeql-action from 4.35.2 to 4.35.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.35.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](95e58e9a2c...e46ed2cbd0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-08 01:14:12 +00:00
João Pereira
7287385db8 build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#4861) 2026-05-01 16:53:16 +01:00
Milos Gajdos
9a8d98b679 chore(release): prepare for v3.1.1 release (#4864) 2026-05-01 08:28:51 -07:00
Milos Gajdos
d3c0df9f61 chore(release): prepare for v3.1.1 release
* Release notes added
* AUTHORS updated
* Version bump in the `version` package

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-01 07:46:25 -07:00
Milos Gajdos
e09ff10155 Merge commit from fork
fix: prevent tag deletion when `storage.delete.enabled` is false
2026-05-01 07:27:34 -07:00
Joonas Bergius
8baf3e0826 fix: prevent tag deletion when storage.delete.enabled is false
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-04-25 17:42:36 -05:00
Milos Gajdos
f3af4de047 fix(storage): bounds-check the file basename in PurgeUploads Walk callback (#4860) 2026-04-22 11:07:45 -07:00
dependabot[bot]
194f5169ba build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c10b8064de...95e58e9a2c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-22 01:15:20 +00:00
SAY-5
72c88bc960 fix(storage): bounds-check the file basename in PurgeUploads Walk callback
PurgeUploads' Walk callback split the visited path with path.Split and
indexed file[0] immediately. path.Split returns an empty basename for
paths that end in a trailing slash - in practice this happens when an
S3 driver surfaces a bare directory (common prefix) with an empty
Key. Indexing a zero-length string then panics with
'index out of range [0] with length 0' and takes down the whole
PurgeUploads goroutine (#4713).

Guard the length before touching file[0] so a trailing-slash /
empty-basename entry is simply skipped as 'not a reserved directory',
which matches what the branch was trying to do anyway. Runtime
behaviour for every non-empty entry is unchanged.

Closes #4713

Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
2026-04-21 10:56:45 -07:00
Milos Gajdos
1b5e226b6f feat(s3): add express zone one support to S3 driver (#4858) 2026-04-20 07:47:28 -07:00
Milos Gajdos
afd2bf0b23 fix(proxy): clamp oversized n query param instead of returning 400 (#4856) 2026-04-20 07:47:14 -07:00
dependabot[bot]
4a4b9586f1 build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](153bb8e044...b430933298)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-20 01:17:51 +00:00
Milos Gajdos
835c1c581f feat(s3): add express zone one support to S3 driver
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 17:36:52 -07:00
Milos Gajdos
0f3e627937 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#4853) 2026-04-18 17:04:24 -07:00
Milos Gajdos
c6f552e5db fix(proxy): clamp oversized n query param instead of returning 400
PR #4353 made MaxTags (default 1000) a hard ceiling on the `n` query
parameter — anything larger and the handler returns 400
PAGINATION_NUMBER_INVALID before the request ever reaches storage or
the proxy tag service. That broke clients like Renovate which use
n=10000 against pull-through caches. #4846 fixed a related 500 in
proxy mode but not this 400, so users reported the regression still
persisted.

The OCI distribution-spec describes pagination differently: a server
MAY return fewer than `n` results "when the total number of tags
attached to the repository is less than <int> or a Link header is
provided" — otherwise it MUST include `<int>` results. In other
words, the right answer for "client asked for more than we'll serve"
is `maxtags` results plus a Link header, not a rejection.
PAGINATION_NUMBER_INVALID isn't among the 14 error codes the spec
defines, either.

Drop the oversized-n rejection and clamp to MaxTags instead; the
existing Link-header path already handles continuation correctly.
Malformed (non-integer) and negative `n` values keep returning 400,
since the spec defines `n` as a non-negative integer and those
requests are genuinely invalid.

Verified end-to-end against registry-1.docker.io in proxy mode:
n=10000 now returns the tag list (or a clamped page with Link)
instead of 400. Also restores pre-3.1.0 behavior for Renovate-style
clients without needing proxy-specific logic.

Spec reference:
https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-tags

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 16:53:53 -07:00
Milos Gajdos
e39652ca1f build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4847) 2026-04-18 16:12:05 -07:00
Milos Gajdos
3d916b8c4f build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#4852) 2026-04-18 16:11:52 -07:00
Milos Gajdos
17e760a9f0 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#4854) 2026-04-18 16:10:57 -07:00
Milos Gajdos
acabfb4b90 Update docker-compose structure in deploying.md (#4855) 2026-04-18 16:10:29 -07:00
John de Graaff
3cf4463982 Update docker-compose structure in deploying.md
adding "services:" top-level key in docker-compose file example.

Signed-off-by: John de Graaff <john@de-graaff.net>
2026-04-17 15:15:52 +02:00
dependabot[bot]
4b5154db23 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-17 01:13:15 +00:00
Milos Gajdos
ca7d4de0ee fix(proxy): fix tag list endpoint in proxy mode (#4846) 2026-04-16 14:17:56 -07:00
Milos Gajdos
ece70d987f refactor: use slices.Backward to simplify the code (#4848) 2026-04-16 14:17:33 -07:00
dependabot[bot]
203c505cd3 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](82490499d2...a66e1c87e2)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-16 01:15:10 +00:00
dependabot[bot]
fed2610157 build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](7b1f4a764d...fc324d3547)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-15 01:15:07 +00:00
Milos Gajdos
24a4d24a24 chore(build): Bump go version to latest (#4851) 2026-04-14 14:12:13 -07:00
Milos Gajdos
839e4a7119 build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 (#4840) 2026-04-14 10:01:33 -07:00
Milos Gajdos
0102b58159 Bump Go 1.26 in CI
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-14 09:22:17 -07:00
Milos Gajdos
29eb2149df chore(build): Bump go version to latest 1.25
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-14 09:09:22 -07:00
Milos Gajdos
3090068a9b build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory (#4850) 2026-04-14 08:56:29 -07:00
dependabot[bot]
326a0d0b7b build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.43.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-14 15:30:39 +00:00
Milos Gajdos
9a07978fe3 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory (#4843) 2026-04-14 08:17:41 -07:00
Milos Gajdos
6ae29aadd7 internal/client/auth/challenge: cleanups and minor refactor (#4832) 2026-04-12 16:09:55 -07:00
chuanshanjida
0679fc13c5 refactor: use slices.Backward to simplify the code
Signed-off-by: chuanshanjida <chuanshanjida@outlook.com>
2026-04-12 16:01:45 +08:00