New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: add Webhook to reduce no. of registry scans required #284
base: master
Are you sure you want to change the base?
Conversation
ec60e5e
to
7626dea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an awesome PR 🚀 , thanks a lot @tuananh! And sorry for coming back so late to it.
I'm willing to merge the code early on, so we can progress on its development without you having to constantly rebase it to changes in the master branch.
However, I have two concerns:
-
The web hook feature should be marked experimental and not enabled by default unless we are sure it's stable (and safe) enough to enable it by default. So the default value for
--registry-webhook-port
parameter should be set to0
so people would have to explicitly enable it. When we had a bit of testing (and possibly refactoring, and bug fixes) we can then enable it by default. -
The way this was implemented is that it trusts the input from the registry webhook, e.g. uses the tag in the hook's payload. This is sensitive, and we should therefore require webhook secrets and not have it optional. Otherwise, anybody could send arbitrary tags and trigger updates to possibly unwanted images.
WDYT?
@jannfis thanks. i'm ok with merging it early on and have it disable. i change the default webhook port to 0. as for webhook secret. i implemented it for sonatype nexus but dockerhub doesn't support secret in webhook (at least in free version i'm using) so that's why i didn't enforce it. |
34113de
to
cd7c098
Compare
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
Signed-off-by: Tuan Anh Tran <me@tuananh.org>
cd7c098
to
09e68ee
Compare
any updates on this? it would be nice if we could get it merged |
Please, any update on this? 🙏 |
Does it stop updating?? This feature is valuable |
Any update on this one please ? |
hi guys, any update on this one? it is an amazing feature. |
this is just a poc. I'm looking for feedbacks. I'm not sure this is the correct/prefer way to implement.
CheckInterval
to reduce no. of registry scan required.