Upgrade to distribution (registry) v3 alpha (#19784)

* registryctl/api/registry/blob: fix dropped test error (#19721) Signed-off-by: Lars Lehtonen <[email protected]> * Remove robot account update quota permission (#19819) Signed-off-by: Yang Jiao <[email protected]> Co-authored-by: Yang Jiao <[email protected]> * Cache image list with digest key (#19801) fixes #19429 Signed-off-by: stonezdj <[email protected]> Co-authored-by: stonezdj <[email protected]> * Add quota permissions testcase (#19822) Signed-off-by: Yang Jiao <[email protected]> Co-authored-by: Yang Jiao <[email protected]> * deprecate gosec in makefile (#19828) remove the unused the part from makefile Signed-off-by: wang yan <[email protected]> * Add verification that robot account duration is not 0 (#19829) Signed-off-by: Yang Jiao <[email protected]> * fix artifact page bug (#19807) * fix artifact page bug * update testcase * Upgrade to distribution (registry) v3 alpha This includes all the benefits of the v3 distribution, but also all breaking changes. Most notably, Image Manifest v2 Schema v1 support has been dropped, as well as the `oss` and `swift` storage drivers. Currently, this still relies on v2's github.com/docker/distribution/registry/client/auth/challenge, because that code has been removed from the public API in v3. Signed-off-by: Aaron Dewes <[email protected]> --------- Signed-off-by: Lars Lehtonen <[email protected]> Signed-off-by: Yang Jiao <[email protected]> Signed-off-by: stonezdj <[email protected]> Signed-off-by: wang yan <[email protected]> Signed-off-by: Aaron Dewes <[email protected]> Co-authored-by: Lars Lehtonen <[email protected]> Co-authored-by: Yang Jiao <[email protected]> Co-authored-by: Yang Jiao <[email protected]> Co-authored-by: stonezdj(Daojun Zhang) <[email protected]> Co-authored-by: stonezdj <[email protected]> Co-authored-by: Wang Yan <[email protected]> Co-authored-by: ShengqiWang <[email protected]>
goharbor · Jan 26, 2024 · caee762 · caee762
1 parent 9e5efc9
commit caee762
Show file tree

Hide file tree

Showing 108 changed files with 1,127 additions and 1,424 deletions.
diff --git a/Makefile b/Makefile
@@ -103,12 +103,12 @@ PKGVERSIONTAG=dev
 PREPARE_VERSION_NAME=versions
 
 #versions
-REGISTRYVERSION=v2.8.3-patch-redis
+REGISTRYVERSION=v3.0.0-alpha.1+redis-sentinel
 TRIVYVERSION=v0.47.0
 TRIVYADAPTERVERSION=v0.30.19
 
 # version of registry for pulling the source code
-REGISTRY_SRC_TAG=v2.8.3
+REGISTRY_SRC_TAG=v3.0.0-alpha.1
 
 # dependency binaries
 REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry
@@ -452,16 +452,6 @@ package_offline: update_prepare_version compile build
 	@rm -rf $(HARBORPKG)
 	@echo "Done."
 
-gosec:
-	#go get github.com/securego/gosec/cmd/gosec
-	#go get github.com/dghubble/sling
-	@echo "run secure go scan ..."
-	@if [ "$(GOSECRESULTS)" != "" ] ; then \
-		$(GOPATH)/bin/gosec -fmt=json -out=$(GOSECRESULTS) -quiet ./... | true ; \
-	else \
-		$(GOPATH)/bin/gosec -fmt=json -out=harbor_gas_output.json -quiet ./... | true ; \
-	fi
-
 go_check: gen_apis mocks_check misspell commentfmt lint
 
 commentfmt:

diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml
@@ -4719,7 +4719,7 @@ paths:
       summary: Get job log by job id
       description: Get job log by job id, it is only used by administrator
       produces:
-        - text/plain  
+        - text/plain
       tags:
         - jobservice
       parameters:
@@ -6071,7 +6071,7 @@ paths:
           description: Specify whether the dangerous Artifact are included inside summary information
           type: boolean
           required: false
-          default: false                  
+          default: false
       responses:
         '200':
           description: Success
@@ -6090,15 +6090,15 @@ paths:
     get:
       summary: Get the vulnerability list.
       description: |
-        Get the vulnerability list. use q to pass the query condition, 
+        Get the vulnerability list. use q to pass the query condition,
         supported conditions:
         cve_id(exact match)
         cvss_score_v3(range condition)
         severity(exact match)
-        repository_name(exact match) 
-        project_id(exact match) 
+        repository_name(exact match)
+        project_id(exact match)
         package(exact match)
-        tag(exact match) 
+        tag(exact match)
         digest(exact match)
       tags:
         - securityhub
@@ -7656,8 +7656,9 @@ definitions:
         description: The level of the robot, project or system
       duration:
         type: integer
+        x-nullable: true
         format: int64
-        description: The duration of the robot in days
+        description: The duration of the robot in days, duration must be either -1(Never) or a positive integer
       editable:
         type: boolean
         x-omitempty: false
@@ -7704,7 +7705,7 @@ definitions:
       duration:
         type: integer
         format: int64
-        description: The duration of the robot in days
+        description: The duration of the robot in days, duration must be either -1(Never) or a positive integer
       permissions:
         type: array
         items:
@@ -7994,7 +7995,7 @@ definitions:
         type: string
         description: |
           The schedule type. The valid values are 'Hourly', 'Daily', 'Weekly', 'Custom', 'Manual', 'None' and 'Schedule'.
-          'Manual' means to trigger it right away, 'Schedule' means to trigger it by a specified cron schedule and 
+          'Manual' means to trigger it right away, 'Schedule' means to trigger it by a specified cron schedule and
           'None' means to cancel the schedule.
         enum:
           - Hourly
@@ -9813,12 +9814,12 @@ definitions:
     type: object
     description: the dangerous CVE information
     properties:
-      cve_id: 
+      cve_id:
         type: string
         description: the cve id
       severity:
         type: string
-        description: the severity of the CVE        
+        description: the severity of the CVE
       cvss_score_v3:
         type: number
         format: float64
@@ -9828,22 +9829,22 @@ definitions:
         description: the description of the CVE
       package:
         type: string
-        description: the package of the CVE      
+        description: the package of the CVE
       version:
         type: string
         description: the version of the package
   DangerousArtifact:
     type: object
     description: the dangerous artifact information
     properties:
-      project_id: 
+      project_id:
         type: integer
         format: int64
         description: the project id of the artifact
       repository_name:
         type: string
         description: the repository name of the artifact
-      digest: 
+      digest:
         type: string
         description: the digest of the artifact
       critical_cnt:
@@ -9903,6 +9904,6 @@ definitions:
         description: The description of the vulnerability
       links:
         type: array
-        items: 
+        items:
           type: string
         description: Links of the vulnerability
diff --git a/make/photon/prepare/templates/registry/config.yml.jinja b/make/photon/prepare/templates/registry/config.yml.jinja
@@ -29,9 +29,14 @@ storage:
 {% endif %}
 redis:
 {% if sentinel_master_set %}
-  # sentinel hosts with comma
-  addr: {{redis_host}}
-  sentinelMasterSet: {{sentinel_master_set}}
+  sentinel:
+    {# sentinel hosts are separated with comma #}
+    {% set redis_hosts = redis_host.split(',') %}
+    addresses:
+      {% for local_redis_host in redis_hosts %}
+      - {{local_redis_host}}
+      {% endfor %}
+    sentinelMasterSet: {{sentinel_master_set}}
 {% else %}
   addr: {{redis_host}}
 {% endif %}
@@ -70,6 +75,3 @@ auth:
     path: /etc/registry/passwd
 validation:
   disabled: true
-compatibility:
-  schema1:
-    enabled: true
diff --git a/make/photon/registry/Dockerfile.binary b/make/photon/registry/Dockerfile.binary
@@ -1,6 +1,6 @@
 FROM golang:1.21.5
 
-ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution
+ENV DISTRIBUTION_DIR /go/src/github.com/distribution/distribution/v3
 ENV BUILDTAGS include_oss include_gcs
 ENV GO111MODULE auto
 

diff --git a/make/photon/registry/builder b/make/photon/registry/builder
@@ -33,7 +33,7 @@ docker build -f $TEMP/Dockerfile.binary -t registry-golang $TEMP
 
 echo 'copy the registry binary to local...'
 ID=$(docker create registry-golang)
-docker cp $ID:/go/src/github.com/docker/distribution/bin/registry binary/registry
+docker cp $ID:/go/src/github.com/distribution/distribution/v3/bin/registry binary/registry
 
 docker rm -f $ID
 docker rmi -f registry-golang