add support for docker registry token auth server #16048
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## main #16048 +/- ##
==========================================
- Coverage 44.10% 44.06% -0.04%
==========================================
Files 682 686 +4
Lines 82375 82660 +285
==========================================
+ Hits 36328 36423 +95
- Misses 40140 40317 +177
- Partials 5907 5920 +13
Continue to review full report at Codecov.
|
GiteaBot
added
the
lgtm/need 2
|
Is it possible to use the existing JWT functionality? This would prevent another dependency: |
lunny
reviewed
Jun 2, 2021
options/locale/locale_zh-CN.ini
Outdated
| @@ -1983,6 +1983,10 @@ topic.done=保存 | |||
| topic.count_prompt=您最多选择25个主题 | |||
| topic.format_prompt=主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符 | |||
|
|
|||
| container = 容器仓库 | |||
There was a problem hiding this comment.
Don't change translation files except en-US. We use crowdin for translations.
lunny
added
the
type/feature
Yes it would be remove dependency in new commit |
|
@dragonflylee It's better there is a repository level option like issue when global container is enabled. |
|
You may not need a different private key, see #16010 |
lafriks
requested changes
Jun 3, 2021
registry only support rsa/ecdsa sign |
Co-authored-by: zeripath <art27@cantab.net>
Frontport the changelog from v1.14.5 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
When marking notifications read the results may be returned out of order or be delayed. This PR sends a sequence number to gitea so that the browser can ensure that only the results of the latest notification change are shown. Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16496 Unfortunately the chi changes have resulted in the CORS headers for the git smart http protocol going missing. This is mostly because the OPTIONS method is not being handled by httpBase anymore. This PR adds a GetOptions, PostOptions and Options methods to web handler to allow OPTIONS method requests to still reach the httpBase function. Fix #16350 Close #16491 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Changelog for 1.15.0-rc2 Results of `~/go/bin/changelog -m 1.15.0 --after 16422 generate` We need to release RC2 as there are mulitple problems with alpine 3.14 related to the seccomp issues on Docker <20. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update CHANGELOG.md Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Backport #16508 Somewhere along the line the creation of git-daemon-export-ok files disappeared but the updating of these files when repo visibility changes remained. The problem is that the current state will create files even when the org or user is private. This PR restores creation correctly. Fix #15521 Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16465 One of the reasons why #16447 was needed and why #16268 was needed in the first place was because it appears that editing ldap configuration doesn't get tested. This PR therefore adds a basic test that will run the edit pipeline. In doing so it's now clear that #16447 and #16268 aren't actually solving #16252. It turns out that what actually happens is that is that the bytes are actually double encoded. This PR now changes the json unmarshal wrapper to handle this double encode. Fix #16252 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Backport #17375 Define unique names for image tabs in pull requests, in order to toggle tabs correctly when multiple are displayed on one page. Fixes position of swipe-bar so it does not overlay other UI components when scrolling. Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com> Co-authored-by: Mario Lubenka <mario.lubenka@googlemail.com>
* SECURITY * Upgrade Bluemonday to v1.0.16 (#17372) (#17374) * Ensure correct SSH permissions check for private and restricted users (#17370) (#17373) * BUGFIXES * Prevent NPE in CSV diff rendering when column removed (#17018) (#17377) * Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376) * Don't panic if we fail to parse U2FRegistration data (#17304) (#17371) * Ensure popup text is aligned left (backport for 1.15) (#17343) * Ensure that git daemon export ok is created for mirrors (#17243) (#17306) * Disable core.protectNTFS (#17300) (#17302) * Use pointer for wrappedConn methods (#17295) (#17296) * AutoRegistration is supposed to be working with disabled registration (backport) (#17292) * Handle duplicate keys on GPG key ring (#17242) (#17284) * Fix SVG side by side comparison link (#17375) (#17391) Signed-off-by: Andrew Thornton <art27@cantab.net>
We allow to render empty check list item - [ ], while GitHub doesn't allow. To make the rendering correct, we need tune the UI (the last PR #17413 uses absolute layout, which makes the empty checkbox item can not be displayed correctly)
Backport #17406. Closes #17378 Both errors from #17378 were caused by #15175. Problem 1 (error with added file): `ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that. Problem 2 (error with changed file): The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method. Co-authored-by: zeripath <art27@cantab.net>
…ers (#17460) (#17464) Backport #17460 There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net>
…nd (#17456) (#17463) Backport #17456 modules/private/serv.go has two major functions that are missing testcases to ensure that Deploy and normal SSH keys work correctly. This PR adds some basic integration tests for these. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Changelog 1.15.6 Unforunately #17435 is a somewhat critical bug and therefore we should really release 1.15.6 as soon as possible. ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-27 * BUGFIXES * Prevent panic in serv.go with Deploy Keys (#17434) (#17435) * Fix CSV render error (#17406) (#17431) * Read expected buffer size (#17409) (#17430) Signed-off-by: Andrew Thornton <art27@cantab.net> * Add 17456 and its backport Signed-off-by: Andrew Thornton <art27@cantab.net> * Add 17464 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add final pr * Update date Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #17475 The underlying problem in #17328 appears to be that users are re-running the install page during upgrades. The function that tests and creates the db did not intend for this and thus instead the migration scripts being run - a simple sync tables occurs. This then causes a weird partially migrated DB which causes, in this release cycle, the duplicate column in task table error. It is likely the cause of some weird partial migration errors in other cycles too. This PR simply ensures that the migration scripts are also run at this point too. Fix #17328 Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17498 The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous as the commit message is now rendered by the template. The template will correctly escape strings - therefore we are currently double escaping. This PR fixes this. Fix #17492 Signed-off-by: Andrew Thornton <art27@cantab.net>
* support rerun migration v161
Co-authored-by: zeripath <art27@cantab.net>
- Backport of #17573
- Backport of #17566 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* support auth scope type registry:catalog:* * fix Unauthorized response message
|
This PR seems broken, many unrelated changes. Either close this one and start a new clean one, or reset a clean branch from main and force push. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #2316
similar to #14919 but only token server
registry:catalog:*ref: