✨ Add multiarch sample images (#221)

pkg/configs/default.go

@@ -47,4 +47,7 @@ func defaultSettings() {
 	if configuration.Namespace.Visibility.String() == "" {
 		configuration.Namespace.Visibility = enums.VisibilityPrivate
 	}
+	if configuration.Cache.Ttl == 0 {
+		configuration.Cache.Ttl = 72 * time.Hour
+	}
 }

pkg/daemon/decorator_artifact.go

@@ -16,6 +16,7 @@ package daemon
 
 import (
 	"context"
+	"sync"
 
 	"github.com/rs/zerolog/log"
 	"github.com/tidwall/gjson"
@@ -52,13 +53,17 @@ func DecoratorArtifact(runner func(context.Context, *models.Artifact, chan Decor
 			return err
 		}
 
+		var waitAllEvents = &sync.WaitGroup{}
+		waitAllEvents.Add(1)
+
 		var statusChan = make(chan DecoratorArtifactStatus, 1)
-		defer close(statusChan)
 		go func() {
+			defer waitAllEvents.Done()
+			ctx := log.Logger.WithContext(ctx)
 			for status := range statusChan {
 				switch status.Daemon {
 				case enums.DaemonVulnerability:
-					err = artifactService.UpdateVulnerability(context.Background(), id,
+					err = artifactService.UpdateVulnerability(ctx, id,
 						map[string]any{
 							query.ArtifactVulnerability.Raw.ColumnName().String():     status.Raw,
 							query.ArtifactVulnerability.Result.ColumnName().String():  status.Result,
@@ -69,7 +74,7 @@ func DecoratorArtifact(runner func(context.Context, *models.Artifact, chan Decor
 						},
 					)
 				case enums.DaemonSbom:
-					err = artifactService.UpdateSbom(context.Background(),
+					err = artifactService.UpdateSbom(ctx,
 						id,
 						map[string]any{
 							query.ArtifactSbom.Raw.ColumnName().String():     status.Raw,
@@ -94,6 +99,8 @@ func DecoratorArtifact(runner func(context.Context, *models.Artifact, chan Decor
 			return err
 		}
 
+		waitAllEvents.Wait()
+
 		return nil
 	}
 }

pkg/daemon/sbom/sbom.go

@@ -65,6 +65,7 @@ type Report struct {
 }
 
 func runner(ctx context.Context, artifact *models.Artifact, statusChan chan daemon.DecoratorArtifactStatus) error {
+	defer close(statusChan)
 	statusChan <- daemon.DecoratorArtifactStatus{Daemon: enums.DaemonSbom, Status: enums.TaskCommonStatusDoing, Message: ""}
 
 	config := ptr.To(configs.GetConfiguration())

pkg/daemon/vulnerability/vulnerability.go

@@ -59,6 +59,7 @@ type Report struct {
 }
 
 func runner(ctx context.Context, artifact *models.Artifact, statusChan chan daemon.DecoratorArtifactStatus) error {
+	defer close(statusChan)
 	statusChan <- daemon.DecoratorArtifactStatus{Daemon: enums.DaemonVulnerability, Status: enums.TaskCommonStatusDoing, Message: ""}
 
 	config := ptr.To(configs.GetConfiguration())

pkg/dal/dao/artifact.go

@@ -334,7 +334,7 @@ func (s *artifactService) UpdateSbom(ctx context.Context, artifactID int64, upda
 	if len(updates) == 0 {
 		return nil
 	}
-	_, err := s.tx.ArtifactSbom.WithContext(ctx).Where(s.tx.ArtifactSbom.ID.Eq(artifactID)).UpdateColumns(updates)
+	_, err := s.tx.ArtifactSbom.WithContext(ctx).Where(s.tx.ArtifactSbom.ArtifactID.Eq(artifactID)).UpdateColumns(updates)
 	return err
 }
 
@@ -343,7 +343,7 @@ func (s *artifactService) UpdateVulnerability(ctx context.Context, artifactID in
 	if len(updates) == 0 {
 		return nil
 	}
-	_, err := s.tx.ArtifactVulnerability.WithContext(ctx).Where(s.tx.ArtifactVulnerability.ID.Eq(artifactID)).UpdateColumns(updates)
+	_, err := s.tx.ArtifactVulnerability.WithContext(ctx).Where(s.tx.ArtifactVulnerability.ArtifactID.Eq(artifactID)).UpdateColumns(updates)
 	return err
 }
 

pkg/dal/dao/tag.go

@@ -241,6 +241,8 @@ func (s *tagService) ListTag(ctx context.Context, repositoryID int64, name *stri
 	}
 	query = query.Preload(s.tx.Tag.Artifact.Vulnerability)
 	query = query.Preload(s.tx.Tag.Artifact.Sbom)
+	query.UnderlyingDB().Preload("Artifact.ArtifactIndexes.Vulnerability")
+	query.UnderlyingDB().Preload("Artifact.ArtifactIndexes.Sbom")
 	return query.FindByPage(ptr.To(pagination.Limit)*(ptr.To(pagination.Page)-1), ptr.To(pagination.Limit))
 }
 

pkg/handlers/distribution/manifest/manifest_put.go

@@ -272,7 +272,17 @@ func needScan(manifest distribution.Manifest, _ distribution.Descriptor) bool {
 	if len(manifest.References()) > 0 {
 		ref := manifest.References()[0]
 		// only image can be scanned
-		if ref.MediaType == "application/vnd.docker.container.image.v1+json" || ref.MediaType == "application/vnd.oci.image.config.v1+json" {
+		references := manifest.References()
+		for _, descriptor := range references {
+			if descriptor.MediaType == "application/vnd.in-toto+json" ||
+				descriptor.MediaType == "application/vnd.dev.cosign.simplesigning.v1+json" ||
+				descriptor.MediaType == "application/vnd.cncf.helm.chart.content.v1.tar+gzip" ||
+				descriptor.MediaType == "application/vnd.cncf.helm.config.v1+json" {
+				return false
+			}
+		}
+		if ref.MediaType == "application/vnd.docker.container.image.v1+json" ||
+			ref.MediaType == "application/vnd.oci.image.config.v1+json" {
 			return true
 		}
 	}

pkg/middlewares/redirect_repository.go

@@ -75,5 +75,11 @@ func skipRedirect(c echo.Context) bool {
 	if strings.HasPrefix(reqPath, "/swagger") {
 		return true
 	}
+	if strings.HasPrefix(reqPath, "/distros") &&
+		(strings.HasSuffix(reqPath, ".png") ||
+			strings.HasSuffix(reqPath, ".jpg") ||
+			strings.HasSuffix(reqPath, ".svg")) {
+		return true
+	}
 	return false
 }

scripts/samples/dockerfiles/alpine.Dockerfile

@@ -0,0 +1 @@
+FROM alpine:3.18.0

scripts/samples/dockerfiles/centos.Dockerfile

@@ -0,0 +1 @@
+FROM centos:8

scripts/samples/dockerfiles/debian.Dockerfile

@@ -0,0 +1 @@
+FROM debian:buster-slim

scripts/samples/dockerfiles/ubuntu.Dockerfile

@@ -0,0 +1 @@
+FROM ubuntu:22.04

scripts/samples/samples.js

@@ -1,5 +1,6 @@
 import http from "k6/http";
 import { check } from 'k6';
+import encoding from 'k6/encoding';
 
 export const options = {
   iterations: 1,
@@ -11,8 +12,11 @@ const password = 'Admin@123';
 const host = "https://sigma.tosone.cn";
 
 export default function () {
-  let response = http.post(`${host}/api/v1/users/login`, JSON.stringify({ username, password }), {
-    headers: { 'Content-Type': 'application/json' },
+  let response = http.post(`${host}/api/v1/users/login`, null, {
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': 'Basic ' + encoding.b64encode(`${username}:${password}`),
+    },
   });
   check(response, {
     'user login status is 200': r => r.status === 200,

scripts/samples/samples.sh

@@ -29,7 +29,14 @@ push_image library alpine:3.17
 push_image library alpine:3.16
 push_image library alpine:3.15
 
-curl https://github.com/grafana/k6/releases/download/v0.46.0/k6-v0.46.0-linux-arm64.tar.gz -L | tar xvz --strip-components 1
+docker buildx build --sbom=true --platform linux/amd64,linux/arm64 --tag sigma.tosone.cn/library/alpine:3.18.0-multiarch --file dockerfiles/alpine.Dockerfile --push .
+docker buildx build --sbom=true --platform linux/amd64,linux/arm64 --tag sigma.tosone.cn/library/centos:8-multiarch --file dockerfiles/centos.Dockerfile --push .
+docker buildx build --sbom=true --platform linux/amd64,linux/arm64 --tag sigma.tosone.cn/library/debian:buster-slim-multiarch --file dockerfiles/debian.Dockerfile --push .
+docker buildx build --sbom=true --platform linux/amd64,linux/arm64 --tag sigma.tosone.cn/library/ubuntu:22.04-multiarch --file dockerfiles/ubuntu.Dockerfile --push .
+
+if [ ! -f "./k6" ]; then
+  curl https://github.com/grafana/k6/releases/download/v0.46.0/k6-v0.46.0-linux-arm64.tar.gz -L | tar xvz --strip-components 1
+fi
 
 ./k6 run samples.js
 
@@ -43,3 +50,17 @@ push_image test-tag-count-limit redis:6-alpine
 push_image test-tag-count-limit redis:7-alpine
 
 push_image test-size-limit centos:8
+
+if [ ! -f "./helm" ]; then
+  curl -sL https://get.helm.sh/helm-v3.13.1-linux-arm64.tar.gz | tar xvz --strip-components 1
+  rm LICENSE  README.md
+fi
+
+if [ -d "./demo" ]; then
+  rm -rf ./demo
+fi
+
+./helm create demo
+./helm package demo
+./helm registry login -u sigma -p Admin@123 sigma.tosone.cn
+./helm push demo-0.1.0.tgz oci://sigma.tosone.cn/library/demo

web/src/pages/Tag/TableItem.tsx

@@ -77,8 +77,8 @@ function DetailItem({ artifact }: { artifact: IArtifact }) {
           {cutDigest(artifact.digest)}
         </code>
       </td>
-      <td className="text-left text-xs w-[180px]">
-        Image
+      <td className="text-left text-xs w-[180px] capitalize">
+        {artifact.type}
       </td>
       <td className="text-left text-xs w-[180px]">
         <div className='flex gap-1'>

web/src/pages/Tag/index.tsx

@@ -68,7 +68,7 @@ export default function Tag({ localServer }: { localServer: string }) {
   }, [namespace, repository])
 
   const fetchTags = () => {
-    let url = localServer + `/api/v1/namespaces/${namespace}/tags/?repository=${repository}&limit=${Settings.PageSize}&page=${page}&type=image&type=imageIndex`;
+    let url = localServer + `/api/v1/namespaces/${namespace}/tags/?repository=${repository}&limit=${Settings.PageSize}&page=${page}&type=image&type=imageIndex&type=chart`;
     if (searchTag !== "") {
       url += `&name=${searchTag}`;
     }
@@ -201,16 +201,6 @@ export default function Tag({ localServer }: { localServer: string }) {
                       {/* first row begin */}
                       <div className="flex">
                         <div className="flex-1 flex gap-1">
-                          {
-                            tag.artifact.config_media_type === "application/vnd.cncf.helm.config.v1+json" ? (
-                              <HelmSvg />
-                            ) : tag.artifact.media_type === "application/vnd.oci.image.manifest.v1+json" ||
-                              tag.artifact.media_type === "application/vnd.docker.distribution.manifest.v2+json" ||
-                              tag.artifact.media_type === "application/vnd.docker.distribution.manifest.list.v2+json" ||
-                              tag.artifact.media_type === "application/vnd.oci.image.index.v1+json" ? (
-                              <DockerSvg />
-                            ) : null
-                          }
                           <span className="font-semibold text-gray-600 cursor-pointer"
                             id={"tooltip-tag-name-" + index}
                             onClick={e => {