This repository was archived by the owner on Jan 24, 2026. It is now read-only.
chore: sync with upstream goharbor/harbor#117
Open
github-actions[bot] wants to merge 7 commits intonextfrom
Open
chore: sync with upstream goharbor/harbor#117github-actions[bot] wants to merge 7 commits intonextfrom
github-actions[bot] wants to merge 7 commits intonextfrom
Conversation
Remove the unused function MostMatchSorter, it should not be implemented in golang, should be implement in the db query. Remove the unused function onBoardCommonUserGroup() fixes goharbor#22573 Signed-off-by: stonezdj <stonezdj@gmail.com>
refine apitest Signed-off-by: my036811 <miner.yang@broadcom.com>
…bor#22535) * add per-endpoint CA certificate support for registry endpoints fixes goharbor#22203 Allowing Harbor to trust self-signed or private CA certificates for individual registry endpoints without modifying the system-level trust store. 1. Database schema changes, API updates with PEM validation. 2. HTTP transport layer modifications across all the registry adapters. 3. UI field to fill in the certificate. The feature is backward compatible - existing installations using system-level CA trust will continue to work without any changes. Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * resolve lint failures Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * add i18n changes Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * resolve review comments Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * make the input as non-required and updates i18n Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * resolve comments Signed-off-by: wang yan <yan-yw.wang@broadcom.com> --------- Signed-off-by: wang yan <yan-yw.wang@broadcom.com> Co-authored-by: wang yan <yan-yw.wang@broadcom.com>
) * feat: implement keyless signing in release workflow - Move signing from build to release workflow - Use .sigstore.json naming convention (Sigstore standard) - update signature verification documentation and readme file - Update workflows to sign artifacts at release time only Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * WIP: update release workflow and utils Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * Add Cosign signing and fix accidental deletions - Add Cosign signing to releases for security - Revert to using getAssets function - Restore latest installer uploads - Restore pre-release comment Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * Remove braces from variable names for consistency Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * Remove unnecessary permissions from build-package.yml Signed-off-by: Aloui-Ikram <ikram@container-registry.com> --------- Signed-off-by: Aloui-Ikram <ikram@container-registry.com> Co-authored-by: Aloui-Ikram <ikram@container-registry.com> Co-authored-by: Daniel Jiang <daniel.jiang@broadcom.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
This commit fixes the style issues introduced in 3d5aac4 according to the output from Gofumpt and Prettier. Details: https://github.com/container-registry/harbor-next/pull/117
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
7 issues found across 70 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/server/v2.0/handler/usergroup.go">
<violation number="1" location="src/server/v2.0/handler/usergroup.go:205">
P1: Pagination is broken: `SearchByName` only accepts `limitSize` and ignores `params.Page`. Users requesting page 2+ will receive the same results as page 1, while the response still includes pagination links and total count suggesting pagination works. Either pass pagination offset to `SearchByName` or remove the pagination response headers for this endpoint.</violation>
</file>
<file name="src/server/v2.0/handler/user.go">
<violation number="1" location="src/server/v2.0/handler/user.go:281">
P1: Pagination is broken: `SearchByName` only accepts `limitSize` and ignores the `params.Page` parameter. Requests for page 2+ will return the same results as page 1, while the response headers incorrectly indicate pagination is supported.</violation>
</file>
<file name="tests/apitests/python/library/cosign.py">
<violation number="1" location="tests/apitests/python/library/cosign.py:15">
P3: Typo in comment: "ennvironment" should be "environment".</violation>
<violation number="2" location="tests/apitests/python/library/cosign.py:17">
P3: Typo in print statement: "coisgn" should be "cosign".</violation>
</file>
<file name="src/portal/src/i18n/lang/zh-cn-lang.json">
<violation number="1" location="src/portal/src/i18n/lang/zh-cn-lang.json:671">
P1: Missing comma after the `PLACEHOLDER` property. Since new properties are added after it, JSON syntax requires a trailing comma on the `PLACEHOLDER` line. This will cause a JSON parse error.</violation>
</file>
<file name="src/pkg/usergroup/dao/dao.go">
<violation number="1" location="src/pkg/usergroup/dao/dao.go:176">
P2: LIKE pattern wildcards (`%`, `_`) in `name` are not escaped, allowing users to bypass fuzzy search restrictions. For example, searching for `%` matches all records. Consider escaping these characters using `strings.NewReplacer("%", "\\%", "_", "\\_").Replace(name)` and adding `ESCAPE '\\'` to the LIKE clause.</violation>
</file>
<file name="src/pkg/user/dao/dao.go">
<violation number="1" location="src/pkg/user/dao/dao.go:136">
P2: LIKE pattern characters (`%`, `_`) in user input are not escaped, which could lead to unexpected search results or allow users to craft patterns that match more users than intended. Consider escaping these characters before building the pattern.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| return operation.NewSearchUserGroupsOK().WithXTotalCount(0).WithPayload([]*models.UserGroupSearchItem{}) | ||
| } | ||
| ug, err := u.ctl.List(ctx, query) | ||
| ug, err := u.ctl.SearchByName(ctx, params.Groupname, int(*params.PageSize)) |
There was a problem hiding this comment.
P1: Pagination is broken: SearchByName only accepts limitSize and ignores params.Page. Users requesting page 2+ will receive the same results as page 1, while the response still includes pagination links and total count suggesting pagination works. Either pass pagination offset to SearchByName or remove the pagination response headers for this endpoint.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/server/v2.0/handler/usergroup.go, line 205:
<comment>Pagination is broken: `SearchByName` only accepts `limitSize` and ignores `params.Page`. Users requesting page 2+ will receive the same results as page 1, while the response still includes pagination links and total count suggesting pagination works. Either pass pagination offset to `SearchByName` or remove the pagination response headers for this endpoint.</comment>
<file context>
@@ -204,14 +202,11 @@ func (u *userGroupAPI) SearchUserGroups(ctx context.Context, params operation.Se
return operation.NewSearchUserGroupsOK().WithXTotalCount(0).WithPayload([]*models.UserGroupSearchItem{})
}
- ug, err := u.ctl.List(ctx, query)
+ ug, err := u.ctl.SearchByName(ctx, params.Groupname, int(*params.PageSize))
if err != nil {
return u.SendError(ctx, err)
</file context>
| return operation.NewSearchUsersOK().WithXTotalCount(0).WithPayload([]*models.UserSearchRespItem{}) | ||
| } | ||
| l, err := u.ctl.List(ctx, query) | ||
| l, err := u.ctl.SearchByName(ctx, params.Username, int(*params.PageSize)) |
There was a problem hiding this comment.
P1: Pagination is broken: SearchByName only accepts limitSize and ignores the params.Page parameter. Requests for page 2+ will return the same results as page 1, while the response headers incorrectly indicate pagination is supported.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/server/v2.0/handler/user.go, line 281:
<comment>Pagination is broken: `SearchByName` only accepts `limitSize` and ignores the `params.Page` parameter. Requests for page 2+ will return the same results as page 1, while the response headers incorrectly indicate pagination is supported.</comment>
<file context>
@@ -279,7 +278,7 @@ func (u *usersAPI) SearchUsers(ctx context.Context, params operation.SearchUsers
return operation.NewSearchUsersOK().WithXTotalCount(0).WithPayload([]*models.UserSearchRespItem{})
}
- l, err := u.ctl.List(ctx, query)
+ l, err := u.ctl.SearchByName(ctx, params.Username, int(*params.PageSize))
if err != nil {
return u.SendError(ctx, err)
</file context>
| "DELETED_FAILED": "删除目标失败。", | ||
| "CANNOT_EDIT": "当复制规则启用时目标无法修改。", | ||
| "PLACEHOLDER": "未发现任何复制目标!" | ||
| "CA_CERTIFICATE": "CA 证书", |
There was a problem hiding this comment.
P1: Missing comma after the PLACEHOLDER property. Since new properties are added after it, JSON syntax requires a trailing comma on the PLACEHOLDER line. This will cause a JSON parse error.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/portal/src/i18n/lang/zh-cn-lang.json, line 671:
<comment>Missing comma after the `PLACEHOLDER` property. Since new properties are added after it, JSON syntax requires a trailing comma on the `PLACEHOLDER` line. This will cause a JSON parse error.</comment>
<file context>
@@ -668,6 +668,9 @@
"DELETED_FAILED": "删除目标失败。",
"CANNOT_EDIT": "当复制规则启用时目标无法修改。",
"PLACEHOLDER": "未发现任何复制目标!"
+ "CA_CERTIFICATE": "CA 证书",
+ "CA_CERTIFICATE_TOOLTIP": "提供 PEM 编码的 CA 证书以验证仓库的 TLS 证书。留空将使用系统 CA 池。此字段仅在启用"验证远程证书"时可用。",
+ "CA_CERTIFICATE_HELPER": "可选。在此粘贴 PEM 编码的 CA 证书,以信任此端点的自签名或私有 CA 证书。如果留空,Harbor 将使用系统 CA 池。"
</file context>
| var usergroups []*model.UserGroup | ||
| // use raw sql to return the most matched user first, then by alphabetic order | ||
| sql := "select id, group_name, group_type, ldap_group_dn, creation_time, update_time from user_group where group_name like ? order by length(group_name), group_name asc limit ?" | ||
| likePattern := "%" + name + "%" |
There was a problem hiding this comment.
P2: LIKE pattern wildcards (%, _) in name are not escaped, allowing users to bypass fuzzy search restrictions. For example, searching for % matches all records. Consider escaping these characters using strings.NewReplacer("%", "\\%", "_", "\\_").Replace(name) and adding ESCAPE '\\' to the LIKE clause.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/pkg/usergroup/dao/dao.go, line 176:
<comment>LIKE pattern wildcards (`%`, `_`) in `name` are not escaped, allowing users to bypass fuzzy search restrictions. For example, searching for `%` matches all records. Consider escaping these characters using `strings.NewReplacer("%", "\\%", "_", "\\_").Replace(name)` and adding `ESCAPE '\\'` to the LIKE clause.</comment>
<file context>
@@ -185,3 +164,19 @@ func (d *dao) Count(ctx context.Context, query *q.Query) (int64, error) {
+ var usergroups []*model.UserGroup
+ // use raw sql to return the most matched user first, then by alphabetic order
+ sql := "select id, group_name, group_type, ldap_group_dn, creation_time, update_time from user_group where group_name like ? order by length(group_name), group_name asc limit ?"
+ likePattern := "%" + name + "%"
+ _, err = o.Raw(sql, likePattern, limitSize).QueryRows(&usergroups)
+ if err != nil {
</file context>
| var users []*User | ||
| // use raw sql to return the most matched user first, then by alphabetic order | ||
| sql := "select * from harbor_user where username like ? and deleted = false order by length(username), username asc limit ?" | ||
| likePattern := "%" + name + "%" |
There was a problem hiding this comment.
P2: LIKE pattern characters (%, _) in user input are not escaped, which could lead to unexpected search results or allow users to craft patterns that match more users than intended. Consider escaping these characters before building the pattern.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/pkg/user/dao/dao.go, line 136:
<comment>LIKE pattern characters (`%`, `_`) in user input are not escaped, which could lead to unexpected search results or allow users to craft patterns that match more users than intended. Consider escaping these characters before building the pattern.</comment>
<file context>
@@ -122,3 +124,24 @@ func (d *dao) List(ctx context.Context, query *q.Query) ([]*commonmodels.User, e
+ var users []*User
+ // use raw sql to return the most matched user first, then by alphabetic order
+ sql := "select * from harbor_user where username like ? and deleted = false order by length(username), username asc limit ?"
+ likePattern := "%" + name + "%"
+ _, err = o.Raw(sql, likePattern, limitSize).QueryRows(&users)
+ if err != nil {
</file context>
| # known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269 | ||
| def sign_artifact(artifact): | ||
| command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact] | ||
| print("*******Start coisgn sign artifact********") |
There was a problem hiding this comment.
P3: Typo in print statement: "coisgn" should be "cosign".
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/library/cosign.py, line 17:
<comment>Typo in print statement: "coisgn" should be "cosign".</comment>
<file context>
@@ -11,11 +11,23 @@ def generate_key_pair():
+# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
def sign_artifact(artifact):
- command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
+ print("*******Start coisgn sign artifact********")
+ allow_insecure = base.getenv_bool("ALLOW_INSECURE", default=True)
+ if allow_insecure:
</file context>
Suggested change
| print("*******Start coisgn sign artifact********") | |
| print("*******Start cosign sign artifact********") |
| base.run_command(command) | ||
|
|
||
|
|
||
| # known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269 |
There was a problem hiding this comment.
P3: Typo in comment: "ennvironment" should be "environment".
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/library/cosign.py, line 15:
<comment>Typo in comment: "ennvironment" should be "environment".</comment>
<file context>
@@ -11,11 +11,23 @@ def generate_key_pair():
base.run_command(command)
+
+# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
def sign_artifact(artifact):
- command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
</file context>
Suggested change
| # known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269 | |
| # known issue for proxy environment https://github.com/sigstore/cosign/issues/3269 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated PR to sync 4 new commit(s) from upstream goharbor/harbor main branch.
Merge strategy: Our changes in
nextare preserved on conflicts (upstream changes are additive only).Note: The
.githubfolder is preserved and not synced from upstream.Summary by cubic
Sync with upstream Harbor to add per-endpoint CA certificate support for registry endpoints, introduce release signature verification docs, and improve user/group search accuracy and performance.
New Features
Bug Fixes
Written for commit cd72ec3. Summary will update on new commits.