This repository was archived by the owner on Jan 24, 2026. It is now read-only.
chore: sync with upstream goharbor/harbor#130
Open
github-actions[bot] wants to merge 26 commits intonextfrom
Open
chore: sync with upstream goharbor/harbor#130github-actions[bot] wants to merge 26 commits intonextfrom
github-actions[bot] wants to merge 26 commits intonextfrom
Conversation
Remove the unused function MostMatchSorter, it should not be implemented in golang, should be implement in the db query. Remove the unused function onBoardCommonUserGroup() fixes goharbor#22573 Signed-off-by: stonezdj <stonezdj@gmail.com>
refine apitest Signed-off-by: my036811 <miner.yang@broadcom.com>
…bor#22535) * add per-endpoint CA certificate support for registry endpoints fixes goharbor#22203 Allowing Harbor to trust self-signed or private CA certificates for individual registry endpoints without modifying the system-level trust store. 1. Database schema changes, API updates with PEM validation. 2. HTTP transport layer modifications across all the registry adapters. 3. UI field to fill in the certificate. The feature is backward compatible - existing installations using system-level CA trust will continue to work without any changes. Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * resolve lint failures Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * add i18n changes Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * resolve review comments Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * make the input as non-required and updates i18n Signed-off-by: wang yan <yan-yw.wang@broadcom.com> * resolve comments Signed-off-by: wang yan <yan-yw.wang@broadcom.com> --------- Signed-off-by: wang yan <yan-yw.wang@broadcom.com> Co-authored-by: wang yan <yan-yw.wang@broadcom.com>
) * feat: implement keyless signing in release workflow - Move signing from build to release workflow - Use .sigstore.json naming convention (Sigstore standard) - update signature verification documentation and readme file - Update workflows to sign artifacts at release time only Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * WIP: update release workflow and utils Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * Add Cosign signing and fix accidental deletions - Add Cosign signing to releases for security - Revert to using getAssets function - Restore latest installer uploads - Restore pre-release comment Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * Remove braces from variable names for consistency Signed-off-by: Aloui-Ikram <ikram@container-registry.com> * Remove unnecessary permissions from build-package.yml Signed-off-by: Aloui-Ikram <ikram@container-registry.com> --------- Signed-off-by: Aloui-Ikram <ikram@container-registry.com> Co-authored-by: Aloui-Ikram <ikram@container-registry.com> Co-authored-by: Daniel Jiang <daniel.jiang@broadcom.com>
…ngle group (goharbor#22723) Signed-off-by: Lars Francke <git@lars-francke.de>
Signed-off-by: liuyueyangxmu <liuyueyangxmu@outlook.com>
Signed-off-by: Yohei Yamamoto <yhymmt123@gmail.com>
…rbor#22732) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v3.7.0...v4.0.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Support oci repository type for jfrog registry replication Fixes goharbor#22218 Signed-off-by: stonezdj <stonezdj@gmail.com>
Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com>
Signed-off-by: chlins <chlins.zhang@gmail.com>
Signed-off-by: chlins <chlins.zhang@gmail.com>
fix goharbor#22582 Harbor doesn't support for creating a immutable tag. Updates the swagger to limit name field only for tag creation. There is no breaking change. Signed-off-by: wang yan <yan-yw.wang@broadcom.com> Co-authored-by: wang yan <yan-yw.wang@broadcom.com>
fix(task): prevent goroutine leak in StopAndWait Signed-off-by: remo-lab <remopanda7@gmail.com>
* makefile missing command added Signed-off-by: Anurag Ojha <aojharaj2004@gmail.com> * fix/redundent issue Signed-off-by: intojhanurag <aojharaj2004@gmail.com> --------- Signed-off-by: Anurag Ojha <aojharaj2004@gmail.com> Signed-off-by: intojhanurag <aojharaj2004@gmail.com>
Env vars: * PPROF_ENABLED enable/disable pprof handler, disabled by default * PPROF_ADDR address to bind to, defaults to :6060 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
…oharbor#22733) fix(exporter): bake Harbor version into exporter binary at build time Signed-off-by: Vadim Bauer <vb@container-registry.com>
v3 was released in September 2019. It has better semver parsing functionality and several bug fixes. Reference: https://github.com/Masterminds/semver/releases/tag/v3.0.0 Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Create harbor-backup Signed-off-by: teletechie <cecilie.monsen@telenor.no> * Create harbor-restore Signed-off-by: teletechie <cecilie.monsen@telenor.no> * Create README.md Signed-off-by: teletechie <cecilie.monsen@telenor.no> * Update README.md Signed-off-by: teletechie <cecilie.monsen@telenor.no> * pr review comment #2 remove opening parenthesis in message. this matches the other messages Signed-off-by: teletechie <cecilie.monsen@telenor.no> * pr review comment #1 Fix the three docker calls so they enforce returning of status. remove unused if block that could never be triggered. Signed-off-by: teletechie <cecilie.monsen@telenor.no> * Issue warning when becking up chartmuseum data chartmuseum is deprecated. This change issues a warning when the backup detect chartmuseum data, but still backs it up. there is no message about not finding chartmuseum data if they don't exist. Signed-off-by: teletechie <cecilie.monsen@telenor.no> * issue warning when restoring chartmuseum data chartmuseum is deprecated. this update issues a warning when detecting chartmuseum data in the restore, but will still restore the files. no message is given when chartmuseum data are not found. Signed-off-by: teletechie <cecilie.monsen@telenor.no> --------- Signed-off-by: teletechie <cecilie.monsen@telenor.no> Co-authored-by: Wang Yan <wangyan@vmware.com>
* feat(portal): add i18n missing keys detection script Signed-off-by: bupd <bupdprasanth@gmail.com> * fix(portal): restore wrongly removed i18n translation keys Signed-off-by: bupd <bupdprasanth@gmail.com> * fix(portal): translate restored i18n keys to native languages Translates the wrongly removed i18n keys that were restored in the previous commit from English placeholders to their native languages: - de-de: German translations - es-es: Spanish translations - fr-fr: French translations - ko-kr: Korean translations - pt-br: Brazilian Portuguese translations - ru-ru: Russian translations - tr-tr: Turkish translations - zh-cn: Simplified Chinese translations - zh-tw: Traditional Chinese translations Ref: goharbor#22587 Signed-off-by: bupd <bupdprasanth@gmail.com> * ci(portal): add i18n missing keys check to UI unit tests Adds the i18n missing keys detection script to the UI_UT CI workflow. This ensures that PRs introducing translation key usage will fail CI if the corresponding keys are not defined in the language files. The check runs early in the pipeline to fail fast before lint and tests. Signed-off-by: bupd <bupdprasanth@gmail.com> * fix(portal): enhance i18n check to verify all language files The script now checks two things: 1. Keys used in code exist in en-us-lang.json 2. All language files have the same keys as en-us This catches missing translations across all supported languages, not just the English source file. Signed-off-by: bupd <bupdprasanth@gmail.com> * fix(portal): add missing i18n translation keys to all language files Synced missing translation keys across de-de, es-es, fr-fr, ko-kr, pt-br, tr-tr, zh-cn, and zh-tw language files to match en-us-lang.json. All translations are in their native languages. ru-ru is excluded as it requires a separate effort (see issue goharbor#22721). Signed-off-by: bupd <bupdprasanth@gmail.com> * fix(portal): detect single-word i18n keys in missing keys script Updated find-missing-i18n.js to also detect single-word translation keys like {{ 'CANCEL' | translate }} in addition to dotted keys like {{ 'BUTTON.CANCEL' | translate }}. Signed-off-by: bupd <bupdprasanth@gmail.com> * fix: invalid zh-cn-lang.json - missing comma, - unescaped " " Signed-off-by: bupd <bupdprasanth@gmail.com> * make ci pass Signed-off-by: bupd <bupdprasanth@gmail.com> --------- Signed-off-by: bupd <bupdprasanth@gmail.com> Co-authored-by: Daniel Jiang <daniel.jiang@broadcom.com> Co-authored-by: Wang Yan <wangyan@vmware.com>
fix: hide admin only alert messages from users in UI - hides alert messages irrelevant to users Signed-off-by: bupd <bupdprasanth@gmail.com> Co-authored-by: Vadim Bauer <vb@container-registry.com>
* feat: add usestdlibvars linter Signed-off-by: bupd <bupdprasanth@gmail.com> * feat: add dupl linter Signed-off-by: bupd <bupdprasanth@gmail.com> * chore: exclude revive var-naming for existing packages Signed-off-by: bupd <bupdprasanth@gmail.com> --------- Signed-off-by: bupd <bupdprasanth@gmail.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
This commit fixes the style issues introduced in 203122a according to the output from Gofumpt and Prettier. Details: https://github.com/container-registry/harbor-next/pull/130
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 106 files
Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/lib/pprof.go">
<violation number="1" location="src/lib/pprof.go:38">
P1: Default pprof binding exposes profiling endpoints on all interfaces. Default to localhost to reduce accidental exposure when PPROF_ENABLED is enabled.</violation>
</file>
<file name="README.md">
<violation number="1" location="README.md:80">
P3: The new verification guide link is broken because docs/signature-verification.md is not present in the repo. Remove the link or add the referenced documentation file.</violation>
</file>
<file name="contrib/backup-restore/README.md">
<violation number="1" location="contrib/backup-restore/README.md:40">
P2: The backup steps instruct running the script before stopping Harbor, which contradicts the prerequisite and can lead to inconsistent backups. Reorder the steps so Harbor is stopped before invoking the backup script.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| go func() { | ||
| addr := os.Getenv("PPROF_ADDR") | ||
| if addr == "" { | ||
| addr = ":6060" |
There was a problem hiding this comment.
P1: Default pprof binding exposes profiling endpoints on all interfaces. Default to localhost to reduce accidental exposure when PPROF_ENABLED is enabled.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/lib/pprof.go, line 38:
<comment>Default pprof binding exposes profiling endpoints on all interfaces. Default to localhost to reduce accidental exposure when PPROF_ENABLED is enabled.</comment>
<file context>
@@ -0,0 +1,45 @@
+ go func() {
+ addr := os.Getenv("PPROF_ADDR")
+ if addr == "" {
+ addr = ":6060"
+ }
+ log.Infof("Starting pprof at %s/debug/pprof/", addr)
</file context>
| chmod +x harbor-backup | ||
| ``` | ||
|
|
||
| 3. **Run the Backup Script:** |
There was a problem hiding this comment.
P2: The backup steps instruct running the script before stopping Harbor, which contradicts the prerequisite and can lead to inconsistent backups. Reorder the steps so Harbor is stopped before invoking the backup script.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At contrib/backup-restore/README.md, line 40:
<comment>The backup steps instruct running the script before stopping Harbor, which contradicts the prerequisite and can lead to inconsistent backups. Reorder the steps so Harbor is stopped before invoking the backup script.</comment>
<file context>
@@ -0,0 +1,107 @@
+ chmod +x harbor-backup
+ ```
+
+3. **Run the Backup Script:**
+ ```bash
+ ./harbor-backup [OPTIONS]
</file context>
README.md
Outdated
| ``` | ||
| - *Expected output:* Verified OK | ||
|
|
||
| - *Full verification guide:* [docs/signature-verification.md](docs/signature-verification.md) |
There was a problem hiding this comment.
P3: The new verification guide link is broken because docs/signature-verification.md is not present in the repo. Remove the link or add the referenced documentation file.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At README.md, line 80:
<comment>The new verification guide link is broken because docs/signature-verification.md is not present in the repo. Remove the link or add the referenced documentation file.</comment>
<file context>
@@ -59,6 +58,26 @@ Download binaries of **[Harbor release ](https://github.com/goharbor/harbor/rele
+```
+- *Expected output:* Verified OK
+
+- *Full verification guide:* [docs/signature-verification.md](docs/signature-verification.md)
## OCI Distribution Conformance Tests
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated PR to sync 23 new commit(s) from upstream goharbor/harbor main branch.
Merge strategy: Our changes in
nextare preserved on conflicts (upstream changes are additive only).Note: The
.githubfolder is preserved and not synced from upstream.Summary by cubic
Syncs upstream changes to improve security, stability, and tooling. Adds per-endpoint CA certificates, Cosign release verification, backup/restore scripts, pprof support, and multiple API/UI fixes.
New Features
Bug Fixes
Written for commit 24b8236. Summary will update on new commits.