Merge branch 'main' into fix_registryctl_backgroundcontext_done

.github/workflows/CI.yml

@@ -44,7 +44,7 @@ jobs:
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-           go-version: 1.20.3
+           go-version: 1.20.4
         id: go
       - uses: actions/checkout@v3
         with:
@@ -105,7 +105,7 @@ jobs:
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-          go-version: 1.20.3
+          go-version: 1.20.4
         id: go
       - uses: actions/checkout@v3
         with:
@@ -160,7 +160,7 @@ jobs:
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-          go-version: 1.20.3
+          go-version: 1.20.4
         id: go
       - uses: actions/checkout@v3
         with:
@@ -215,7 +215,7 @@ jobs:
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-          go-version: 1.20.3
+          go-version: 1.20.4
         id: go
       - uses: actions/checkout@v3
         with:
@@ -268,7 +268,7 @@ jobs:
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-          go-version: 1.20.3
+          go-version: 1.20.4
         id: go
       - uses: actions/checkout@v3
         with:

.github/workflows/auto_assign_prs.yml

@@ -13,6 +13,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set the author of a PR as the assignee
-        uses: kentaro-m/auto-assign-action@v1.2.4
+        uses: kentaro-m/auto-assign-action@v1.2.5
         with:
           configuration-path: ".github/auto-assignees.yml"

.github/workflows/build-package.yml

@@ -19,14 +19,14 @@ jobs:
       - uses: 'google-github-actions/auth@v1'
         with:
           credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
-      - uses: google-github-actions/setup-gcloud@v0
+      - uses: google-github-actions/setup-gcloud@v1
         with:
-          version: '285.0.0'
+          version: '430.0.0'
       - run: gcloud info
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-          go-version: 1.20.3
+          go-version: 1.20.4
         id: go
       - name: Setup Docker
         uses: docker-practice/actions-setup-docker@master
@@ -46,7 +46,8 @@ jobs:
         if: |
             contains(steps.changed-files.outputs.modified, 'Dockerfile.base') ||
             contains(steps.changed-files.outputs.modified, 'VERSION') ||
-            contains(steps.changed-files.outputs.modified, '.buildbaselog')
+            contains(steps.changed-files.outputs.modified, '.buildbaselog') ||
+            github.ref == 'refs/heads/main'
         run: |
           set -x
           echo "BUILD_BASE=true" >> $GITHUB_ENV

.github/workflows/conformance_test.yml

@@ -23,12 +23,12 @@ jobs:
         uses: google-github-actions/auth@v1
         with:
           credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
-      - uses: google-github-actions/setup-gcloud@v0
+      - uses: google-github-actions/setup-gcloud@v1
       - run: gcloud info
       - name: Set up Go 1.20
         uses: actions/setup-go@v1
         with:
-          go-version: 1.20.3
+          go-version: 1.20.4
         id: go
       - uses: actions/checkout@v3
         with:

.github/workflows/publish_release.yml

@@ -22,7 +22,7 @@ jobs:
       - uses: 'google-github-actions/auth@v1'
         with:
           credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
-      - uses: google-github-actions/setup-gcloud@v0
+      - uses: google-github-actions/setup-gcloud@v1
         with:
           version: '285.0.0'
       - name: Prepare Assets

CONTRIBUTING.md

@@ -25,7 +25,7 @@ Follow us on Twitter at [@project_harbor][twitter]
 ### Fork Repository
 
 Fork the Harbor repository on GitHub to your personal account.
-```
+```sh
 #Set golang environment
 export GOPATH=$HOME/go
 mkdir -p $GOPATH/src/github.com/goharbor
@@ -165,7 +165,7 @@ Harbor backend is written in [Go](http://golang.org/). If you don't have a Harbo
 |   2.5    |    1.17.7     |
 |   2.6    |    1.18.6     |
 |   2.7    |    1.19.4     |
-|   2.8    |    1.20.3     |
+|   2.8    |    1.20.4     |
 
 Ensure your GOPATH and PATH have been configured in accordance with the Go environment instructions.
 
@@ -210,12 +210,12 @@ Note: If you split your pull request to small changes, please make sure any of t
 Fork the Harbor repository and clone the code to your local workspace. Per Go's [workspace instructions](https://golang.org/doc/code.html#Workspaces), place Harbor's code on your `GOPATH`. Refer to section [Fork Repository](#fork-repository) for details.
 
 Define a local working directory:
-```
+```sh
 working_dir=$GOPATH/src/github.com/goharbor
 ```
 
 Set user to match your github profile name:
-```
+```sh
 user={your github profile name}
 ```
 
@@ -224,7 +224,7 @@ Both `$working_dir` and `$user` are mentioned in the figure above.
 ### Branch
 Changes should be made on your own fork in a new branch. The branch should be named  `XXX-description` where XXX is the number of the issue. PR should be rebased on top of `main` without multiple branches mixed into the PR. If your PR do not merge cleanly, use commands listed below to get it up to date.
 
-```
+```sh
 #goharbor is the origin upstream
 
 cd $working_dir/harbor
@@ -235,7 +235,7 @@ git rebase goharbor/main
 
 Branch from the updated `main` branch:
 
-```
+```sh
 git checkout -b my_feature main
 ```
 
@@ -247,7 +247,7 @@ Try to limit column width to 120 characters for both code and markdown documents
 
 As we are enforcing standards set by [golint](https://github.com/golang/lint), please always run golint on source code before committing your changes. If it reports an issue, in general, the preferred action is to fix the code to comply with the linter's recommendation
 because golint gives suggestions according to the stylistic conventions listed in [Effective Go](https://golang.org/doc/effective_go.html) and the [CodeReviewComments](https://github.com/golang/go/wiki/CodeReviewComments).
-```
+```sh
 #Install fgt and golint
 
 go install golang.org/x/lint/golint@latest
@@ -262,13 +262,13 @@ go list ./... | grep -v -E 'vendor|tests' | xargs -L1 fgt golint
 Unit test cases should be added to cover the new code. Unit test framework for backend services is using [go testing](https://golang.org/doc/code.html#Testing). The UI library test framework is built based on [Jasmine](https://jasmine.github.io/) and [Karma](https://karma-runner.github.io/1.0/index.html), please refer to [Angular Testing](https://angular.io/guide/testing) for more details.
 
 Run go test cases:
-```
+```sh
 #cd #working_dir/src/[package]
 go test -v ./...
 ```
 
 Run UI library test cases:
-```
+```sh
 #cd #working_dir/src/portal/lib
 npm run test
 ```
@@ -311,7 +311,7 @@ The commit message should follow the convention on [How to Write a Git Commit Me
 
 To help write conformant commit messages, it is recommended to set up the [git-good-commit](https://github.com/tommarshall/git-good-commit) commit hook. Run this command in the Harbor repo's root directory:
 
-```
+```sh
 curl https://cdn.rawgit.com/tommarshall/git-good-commit/v0.6.1/hook.sh > .git/hooks/commit-msg && chmod +x .git/hooks/commit-msg
 ```
 
@@ -328,7 +328,7 @@ Once your pull request has been opened, harbor will run two CI pipelines against
 
 ### Push and Create PR
 When ready for review, push your branch to your fork repository on `github.com`:
-```
+```sh
 git push --force-with-lease $user my_feature
 
 ```

Makefile

@@ -145,7 +145,7 @@ GOINSTALL=$(GOCMD) install
 GOTEST=$(GOCMD) test
 GODEP=$(GOTEST) -i
 GOFMT=gofmt -w
-GOBUILDIMAGE=golang:1.20.3
+GOBUILDIMAGE=golang:1.20.4
 GOBUILDPATHINCONTAINER=/harbor
 
 # go build

api/v2.0/swagger.yaml

@@ -239,7 +239,7 @@ paths:
           schema:
             $ref: '#/definitions/ConfigurationsResponse'
         '401':
-          description: User need to log in first.ß
+          description: User need to log in first.
         '403':
           description: User does not have permission of admin role.
         '500':
@@ -4451,9 +4451,9 @@ paths:
           schema:
             $ref: '#/definitions/Schedule'
           description: |
-            The purge job's schedule, it is a json object. ｜
-            The sample format is ｜
-            {"parameters":{"audit_retention_hour":168,"dry_run":true, "include_operations":"create,delete,pull"},"schedule":{"type":"Hourly","cron":"0 0 * * * *"}} ｜
+            The purge job's schedule, it is a json object. |
+            The sample format is |
+            {"parameters":{"audit_retention_hour":168,"dry_run":true, "include_operations":"create,delete,pull"},"schedule":{"type":"Hourly","cron":"0 0 * * * *"}} |
             the include_operation should be a comma separated string, e.g. create,delete,pull, if it is empty, no operation will be purged.
       tags:
         - purge
@@ -4481,9 +4481,9 @@ paths:
           schema:
             $ref: '#/definitions/Schedule'
           description: |
-            The purge job's schedule, it is a json object. ｜
-            The sample format is ｜
-            {"parameters":{"audit_retention_hour":168,"dry_run":true, "include_operations":"create,delete,pull"},"schedule":{"type":"Hourly","cron":"0 0 * * * *"}} ｜
+            The purge job's schedule, it is a json object. |
+            The sample format is |
+            {"parameters":{"audit_retention_hour":168,"dry_run":true, "include_operations":"create,delete,pull"},"schedule":{"type":"Hourly","cron":"0 0 * * * *"}} |
             the include_operation should be a comma separated string, e.g. create,delete,pull, if it is empty, no operation will be purged.
       tags:
         - purge

make/harbor.yml.tmpl

@@ -102,7 +102,7 @@ trivy:
   # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
   # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
   # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
-  # https://developer.github.com/v3/#rate-limiting
+  # https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting
   #
   # You can create a GitHub token by following the instructions in
   # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line

make/migrations/postgresql/0111_2.8.1_schema.up.sql

@@ -0,0 +1 @@
+CREATE INDEX IF NOT EXISTS idx_task_extra_attrs_report_uuids ON task USING gin ((extra_attrs::jsonb->'report_uuids'));

make/migrations/postgresql/0120_2.9.0_schema.up.sql

@@ -0,0 +1,7 @@
+CREATE INDEX IF NOT EXISTS idx_task_extra_attrs_report_uuids ON task USING gin ((extra_attrs::jsonb->'report_uuids'));
+
+/* Set the vendor_id of IMAGE_SCAN to the artifact id instead of scanner id, which facilitates execution sweep */
+UPDATE execution SET vendor_id = (extra_attrs -> 'artifact' ->> 'id')::integer
+WHERE jsonb_path_exists(extra_attrs::jsonb, '$.artifact.id')
+AND vendor_id IN (SELECT id FROM scanner_registration)
+AND vendor_type = 'IMAGE_SCAN';

make/photon/db/Dockerfile

@@ -14,7 +14,7 @@ COPY ./make/photon/db/initial-registry.sql /docker-entrypoint-initdb.d/
 RUN chown -R postgres:postgres /docker-entrypoint.sh /docker-healthcheck.sh /docker-entrypoint-initdb.d \
     && chmod u+x /docker-entrypoint.sh /docker-healthcheck.sh
 
-ENTRYPOINT ["/docker-entrypoint.sh", "", "13"]
+ENTRYPOINT ["/docker-entrypoint.sh", "13", "14"]
 HEALTHCHECK CMD ["/docker-healthcheck.sh"]
 
-USER postgres
+USER postgres

make/photon/db/Dockerfile.base

@@ -2,16 +2,17 @@ FROM photon:4.0
 
 ENV PGDATA /var/lib/postgresql/data
 
-RUN tdnf install -y shadow gzip postgresql13 findutils bc >> /dev/null \
+RUN tdnf install -y postgresql13 >> /dev/null
+RUN tdnf install -y shadow gzip postgresql findutils bc >> /dev/null \
     && groupadd -r postgres --gid=999 \
     && useradd -m -r -g postgres --uid=999 postgres \
     && mkdir -p /docker-entrypoint-initdb.d \
     && mkdir -p /run/postgresql \
     && chown -R postgres:postgres /run/postgresql \
     && chmod 2777 /run/postgresql \
     && mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" \
-    && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/pgsql/13/share/postgresql/postgresql.conf.sample \
-    && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/pgsql/13/share/postgresql/postgresql.conf.sample \
+    && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/share/postgresql/postgresql.conf.sample \
+    && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/share/postgresql/postgresql.conf.sample \
     && tdnf clean all
 
 RUN tdnf erase -y toybox && tdnf install -y util-linux net-tools

make/photon/db/docker-entrypoint.sh

@@ -14,7 +14,7 @@ PGDATANEW=${PGDATA}/pg${PG_VERSION_NEW}
 
 # We should block the upgrade path from 9.6 directly.
 if [ -s $PGDATA/PG_VERSION ]; then
-        echo "Upgrading from PostgreSQL 9.6 to PostgreSQL $PG_VERSION_NEW is not supported in the current Harbor release."             
+        echo "Upgrading from PostgreSQL 9.6 to PostgreSQL $PG_VERSION_NEW is not supported in the current Harbor release."
         echo "You should upgrade to previous Harbor firstly, then upgrade to current release."
         exit 1
 fi
@@ -56,7 +56,7 @@ if [ ! -s $PGDATANEW/PG_VERSION ]; then
                 rm -rf $PGDATAOLD
         else
                 echo "init DB, DB version:$PG_VERSION_NEW"
-                initPG $PGDATANEW true 
+                initPG $PGDATANEW true
         fi
 fi
 

make/photon/portal/Dockerfile

@@ -6,17 +6,15 @@ WORKDIR /build_dir
 
 ARG npm_registry=https://registry.npmjs.org
 
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends python-yaml
-
 COPY ./api/v2.0/swagger.yaml /build_dir/swagger.yaml
 COPY src/portal /build_dir
 
 ENV NPM_CONFIG_REGISTRY=${npm_registry}
 RUN npm install --unsafe-perm
 RUN npm run generate-build-timestamp
 RUN node --max_old_space_size=2048 'node_modules/@angular/cli/bin/ng' build --configuration production
-RUN python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y)' < swagger.yaml > dist/swagger.json
+RUN npm install js-yaml@4.1.0 \
+    && node -e "const yaml = require('js-yaml'); const fs = require('fs'); const swagger = yaml.load(fs.readFileSync('swagger.yaml', 'utf8')); fs.writeFileSync('swagger.json', JSON.stringify(swagger));"
 
 COPY ./LICENSE /build_dir/dist
 
@@ -26,6 +24,7 @@ RUN cd app-swagger-ui && npm run build
 FROM ${harbor_base_namespace}/harbor-portal-base:${harbor_base_image_version}
 
 COPY --from=nodeportal /build_dir/dist /usr/share/nginx/html
+COPY --from=nodeportal /build_dir/swagger.json /usr/share/nginx/html
 COPY --from=nodeportal /build_dir/app-swagger-ui/dist /usr/share/nginx/html
 
 VOLUME /var/cache/nginx /var/log/nginx /run

make/photon/registry/Dockerfile.binary

@@ -1,4 +1,4 @@
-FROM golang:1.20.3
+FROM golang:1.20.4
 
 ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution
 ENV BUILDTAGS include_oss include_gcs

make/photon/trivy-adapter/Dockerfile.binary

@@ -1,4 +1,4 @@
-FROM golang:1.20.3
+FROM golang:1.20.4
 
 ADD .   /go/src/github.com/aquasecurity/harbor-scanner-trivy/
 WORKDIR /go/src/github.com/aquasecurity/harbor-scanner-trivy/

make/photon/trivy-adapter/builder.sh

@@ -19,7 +19,7 @@ TEMP=$(mktemp -d ${TMPDIR-/tmp}/trivy-adapter.XXXXXX)
 git clone https://github.com/aquasecurity/harbor-scanner-trivy.git $TEMP
 cd $TEMP; git checkout $VERSION; cd -
 
-echo "Building Trivy adapter binary based on golang:1.20.3..."
+echo "Building Trivy adapter binary based on golang:1.20.4..."
 cp Dockerfile.binary $TEMP
 docker build -f $TEMP/Dockerfile.binary -t trivy-adapter-golang $TEMP
 

src/.golangci.yaml

@@ -11,6 +11,8 @@ linters-settings:
     checks: [
       "ST1019",  # Importing the same package multiple times.
     ]
+  goheader:
+    template-path: copyright.tmpl
 
 linters:
   disable-all: true

src/cmd/exporter/main.go

@@ -1,3 +1,17 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package main
 
 import (