From dc867741bb0626ec7eeea20046805c25c1bb1182 Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Fri, 19 Dec 2025 17:52:55 +0800 Subject: [PATCH 01/11] chore: [DEVOPS-40213] bump golang and node images chore: [DEVOPS-40213] specify golang version for registry chore: [DEVOPS-40213] specify golang version for registry chore: [DEVOPS-40213] bump swagger to v0.33.1 chore: [DEVOPS-40213] remove useless codes chore: [DEVOPS-40213] remove gen-apis in compile_core --- .tekton/all-in-one.yaml | 11 +- subtree/harbor/Makefile | 6 +- subtree/harbor/make/patches/patch-amd64.sh | 4 +- subtree/harbor/make/photon/Makefile | 2 - .../harbor/src/server/v2.0/handler/robotV1.go | 292 ------------------ 5 files changed, 13 insertions(+), 302 deletions(-) delete mode 100644 subtree/harbor/src/server/v2.0/handler/robotV1.go diff --git a/.tekton/all-in-one.yaml b/.tekton/all-in-one.yaml index 4d0df8d649..628c808f02 100644 --- a/.tekton/all-in-one.yaml +++ b/.tekton/all-in-one.yaml @@ -4,6 +4,7 @@ metadata: name: harbor-all-in-one annotations: pipelinesascode.tekton.dev/on-comment: "^(/all-in-one)$" + pipelinesascode.tekton.dev/cancel-in-progress: "true" pipelinesascode.tekton.dev/on-cel-expression: |- ( !last_commit_title.contains("Auto-commit") @@ -204,6 +205,9 @@ spec: # renovate: datasource=github-releases depName=harbor-scanner-trivy packageName=AlaudaDevops/harbor-scanner-trivy TRIVY_ADAPTER_VERSION=v0.33.2-alauda-16 + # renovate: datasource=golang-version depName=go + export GOLANG_IMAGE_VERSION=1.25.5 + TRIVY_DOWNLOAD_URL=https://github.com/AlaudaDevops/trivy/releases/download/${TRIVY_VERSION}/trivy_Linux_${ARCH}.tar.gz TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/AlaudaDevops/harbor-scanner-trivy/releases/download/${TRIVY_ADAPTER_VERSION}/harbor-scanner-trivy_${TRIVY_ADAPTER_VERSION#v}_Linux_${ARCH}.tar.gz @@ -219,9 +223,10 @@ spec: mv /tmp/alauda-scanner-trivy ${TRIVY_BINARY_PATH}/scanner-trivy # compile registry - REGISTRY_SRC=https://github.com/distribution/distribution.git - REGISTRY_SRC_TAG=v2.8.3 - cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} ${REGISTRY_SRC} && cd - + REGISTRY_SRC=https://github.com/goharbor/distribution.git + REGISTRY_SRC_TAG=release/2.8 + DOCKERNETWORK=default + cd ${BUILDPATH}/make/photon/registry && ./builder ${REGISTRY_SRC_TAG} ${REGISTRY_SRC} docker-mirrors.alauda.cn/library/golang:${GOLANG_IMAGE_VERSION} ${DOCKERNETWORK} && cd - - name: trivy-args type: string default: >- diff --git a/subtree/harbor/Makefile b/subtree/harbor/Makefile index 5b5a18ab97..99f3f7ba9c 100644 --- a/subtree/harbor/Makefile +++ b/subtree/harbor/Makefile @@ -151,7 +151,7 @@ GOINSTALL=$(GOCMD) install GOTEST=$(GOCMD) test GODEP=$(GOTEST) -i GOFMT=gofmt -w -GOBUILDIMAGE=docker-mirrors.alauda.cn/library/golang:1.24.10 +GOBUILDIMAGE=golang:1.24.10 GOBUILDPATHINCONTAINER=/harbor # go build @@ -304,7 +304,7 @@ lint_apis: $(SPECTRAL) lint ./api/v2.0/swagger.yaml SWAGGER_IMAGENAME=$(IMAGENAMESPACE)/swagger -SWAGGER_VERSION=v0.31.0 +SWAGGER_VERSION=v0.33.1 SWAGGER=$(RUNCONTAINER) ${SWAGGER_IMAGENAME}:${SWAGGER_VERSION} SWAGGER_GENERATE_SERVER=${SWAGGER} generate server --template-dir=$(TOOLSPATH)/swagger/templates --exclude-main --additional-initialism=CVE --additional-initialism=GC --additional-initialism=OIDC SWAGGER_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/swagger/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg SWAGGER_VERSION=${SWAGGER_VERSION} -t ${SWAGGER_IMAGENAME}:$(SWAGGER_VERSION) . @@ -349,7 +349,7 @@ versions_prepare: check_environment: @$(MAKEPATH)/$(CHECKENVCMD) -compile_core: lint_apis gen_apis +compile_core: @echo "compiling binary for core (golang image)..." @echo $(GOBUILDPATHINCONTAINER) @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATHINCONTAINER) -w $(GOBUILDPATH_CORE) $(GOBUILDIMAGE) $(GOIMAGEBUILD_CORE) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_CORE)/$(CORE_BINARYNAME) diff --git a/subtree/harbor/make/patches/patch-amd64.sh b/subtree/harbor/make/patches/patch-amd64.sh index f3113e3953..5c847ab35b 100755 --- a/subtree/harbor/make/patches/patch-amd64.sh +++ b/subtree/harbor/make/patches/patch-amd64.sh @@ -10,7 +10,6 @@ change_base_image () { elif [[ $file == *Dockerfile* ]] then sed -i 's/photon:5.0/build-harbor.alauda.cn\/ops\/photon:5-alauda-202511251100/' $1"/"$file - sed -i 's/node:16.18.0/docker-mirrors.alauda.cn\/library\/node:16.18.0/' $1"/"$file echo $1"/"$file elif [[ $file == "docker-healthcheck.sh" ]] @@ -27,6 +26,7 @@ change_base_image "make/photon" # renovate: datasource=golang-version depName=go export GOLANG_IMAGE_VERSION=1.25.5 +sed -i 's/node:16.18.0/docker-mirrors.alauda.cn\/library\/node:16.18.0/' "Makefile" sed -i 's/registry.npmjs.org/internal-mirrors.alauda.cn\/repository\/npm\//g' "Makefile" sed -i 's/BUILDBIN=true/BUILDBIN=false/g' "Makefile" sed -i 's/PUSHBASEIMAGE=false/PUSHBASEIMAGE=true/g' "Makefile" @@ -36,7 +36,7 @@ sed -i 's/TRIVYFLAG=false/TRIVYFLAG=true/g' "Makefile" sed -i 's/=goharbor\//=build-harbor.alauda.cn\/devops\/goharbor-/g' "Makefile" sed -i 's/--pull / /g' "Makefile" sed -i 's/$(IMAGENAMESPACE)\//$(IMAGENAMESPACE)\/goharbor-/g' "Makefile" -sed -i "s/golang:1.24.4/docker-mirrors.alauda.cn\/library\/golang:${GOLANG_IMAGE_VERSION} /g" "Makefile" +sed -i "s/golang:1.24.10/docker-mirrors.alauda.cn\/library\/golang:${GOLANG_IMAGE_VERSION} /g" "Makefile" sed -i 's/-v \$(BUILDPATH):\$(GOBUILDPATHINCONTAINER)/-v \$(BUILDPATH):\$(GOBUILDPATHINCONTAINER) -e GOPROXY=\$(GOPROXY)/' "Makefile" sed -i '1 a GOPROXY=https://build-nexus.alauda.cn/repository/golang/,https://goproxy.cn,direct' "Makefile" diff --git a/subtree/harbor/make/photon/Makefile b/subtree/harbor/make/photon/Makefile index 2b59591bf3..b9b0b16d09 100644 --- a/subtree/harbor/make/photon/Makefile +++ b/subtree/harbor/make/photon/Makefile @@ -177,8 +177,6 @@ _build_nginx: _build_registry: @$(call _build_base,$(REGISTRY),$(DOCKERFILEPATH_REG)) - @if [ "$(BUILDBIN)" != "true" ] ; then \ - echo "skip build registry bin..."; \ @if [ "$(BUILDREG)" != "true" ] ; then \ # rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \ # $(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \ diff --git a/subtree/harbor/src/server/v2.0/handler/robotV1.go b/subtree/harbor/src/server/v2.0/handler/robotV1.go deleted file mode 100644 index 885e96e32c..0000000000 --- a/subtree/harbor/src/server/v2.0/handler/robotV1.go +++ /dev/null @@ -1,292 +0,0 @@ -// Copyright Project Harbor Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package handler - -import ( - "context" - "fmt" - "regexp" - "strings" - - "github.com/go-openapi/runtime/middleware" - "github.com/go-openapi/strfmt" - - "github.com/goharbor/harbor/src/common/rbac" - rbac_project "github.com/goharbor/harbor/src/common/rbac/project" - "github.com/goharbor/harbor/src/controller/project" - "github.com/goharbor/harbor/src/controller/robot" - "github.com/goharbor/harbor/src/lib" - "github.com/goharbor/harbor/src/lib/errors" - "github.com/goharbor/harbor/src/lib/log" - "github.com/goharbor/harbor/src/lib/q" - "github.com/goharbor/harbor/src/pkg/permission/types" - pkg_robot "github.com/goharbor/harbor/src/pkg/robot" - pkg "github.com/goharbor/harbor/src/pkg/robot/model" - handler_model "github.com/goharbor/harbor/src/server/v2.0/handler/model" - "github.com/goharbor/harbor/src/server/v2.0/models" - operation "github.com/goharbor/harbor/src/server/v2.0/restapi/operations/robotv1" -) - -func newRobotV1API() *robotV1API { - return &robotV1API{ - robotCtl: robot.Ctl, - robotMgr: pkg_robot.Mgr, - projectCtr: project.Ctl, - } -} - -type robotV1API struct { - BaseAPI - robotCtl robot.Controller - robotMgr pkg_robot.Manager - projectCtr project.Controller -} - -func (rAPI *robotV1API) CreateRobotV1(ctx context.Context, params operation.CreateRobotV1Params) middleware.Responder { - projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - if err := rAPI.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionCreate, rbac.ResourceRobot); err != nil { - return rAPI.SendError(ctx, err) - } - - if err := rAPI.validate(ctx, params); err != nil { - return rAPI.SendError(ctx, err) - } - - r := &robot.Robot{ - Robot: pkg.Robot{ - Name: params.Robot.Name, - Description: params.Robot.Description, - ExpiresAt: params.Robot.ExpiresAt, - Visible: true, - }, - Level: robot.LEVELPROJECT, - } - - projectName, ok := projectNameOrID.(string) - if !ok { - p, err := rAPI.projectCtr.Get(ctx, projectNameOrID, project.Metadata(false)) - if err != nil { - log.Errorf("failed to get project %s: %v", projectNameOrID, err) - return rAPI.SendError(ctx, err) - } - projectName = p.Name - } - - permission := &robot.Permission{ - Kind: "project", - Namespace: projectName, - } - - var policies []*types.Policy - for _, acc := range params.Robot.Access { - policy := &types.Policy{ - Action: types.Action(acc.Action), - Effect: types.Effect(acc.Effect), - } - res, err := getRawResource(acc.Resource) - if err != nil { - return rAPI.SendError(ctx, err) - } - policy.Resource = types.Resource(res) - policies = append(policies, policy) - } - permission.Access = policies - r.Permissions = append(r.Permissions, permission) - - rid, pwd, err := rAPI.robotCtl.Create(ctx, r) - if err != nil { - return rAPI.SendError(ctx, err) - } - - created, err := rAPI.robotCtl.Get(ctx, rid, nil) - if err != nil { - return rAPI.SendError(ctx, err) - } - - location := fmt.Sprintf("%s/%d", strings.TrimSuffix(params.HTTPRequest.URL.Path, "/"), created.ID) - return operation.NewCreateRobotV1Created().WithLocation(location).WithPayload(&models.RobotCreated{ - ID: created.ID, - Name: created.Name, - Secret: pwd, - CreationTime: strfmt.DateTime(created.CreationTime), - }) -} - -func (rAPI *robotV1API) DeleteRobotV1(ctx context.Context, params operation.DeleteRobotV1Params) middleware.Responder { - projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - if err := rAPI.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionDelete, rbac.ResourceRobot); err != nil { - return rAPI.SendError(ctx, err) - } - - pro, err := rAPI.projectCtr.Get(ctx, projectNameOrID) - if err != nil { - return rAPI.SendError(ctx, err) - } - r, err := rAPI.robotCtl.List(ctx, q.New(q.KeyWords{"ProjectID": pro.ProjectID, "ID": params.RobotID}), &robot.Option{ - WithPermission: true, - }) - if err != nil { - return rAPI.SendError(ctx, err) - } - if len(r) == 0 { - return rAPI.SendError(ctx, errors.NotFoundError(fmt.Errorf("cannot find robot with project id: %d and id: %d", pro.ProjectID, params.RobotID))) - } - - // ignore the not permissions error. - if err := rAPI.robotCtl.Delete(ctx, params.RobotID); err != nil && !errors.IsNotFoundErr(err) { - return rAPI.SendError(ctx, err) - } - return operation.NewDeleteRobotV1OK() -} - -func (rAPI *robotV1API) ListRobotV1(ctx context.Context, params operation.ListRobotV1Params) middleware.Responder { - projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - if err := rAPI.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionList, rbac.ResourceRobot); err != nil { - return rAPI.SendError(ctx, err) - } - - query, err := rAPI.BuildQuery(ctx, params.Q, params.Sort, params.Page, params.PageSize) - if err != nil { - return rAPI.SendError(ctx, err) - } - query.Keywords["Visible"] = true - - pro, err := rAPI.projectCtr.Get(ctx, projectNameOrID) - if err != nil { - return rAPI.SendError(ctx, err) - } - - query.Keywords["ProjectID"] = pro.ProjectID - - total, err := rAPI.robotCtl.Count(ctx, query) - if err != nil { - return rAPI.SendError(ctx, err) - } - - robots, err := rAPI.robotCtl.List(ctx, query, &robot.Option{ - WithPermission: true, - }) - if err != nil { - return rAPI.SendError(ctx, err) - } - - var results []*models.Robot - for _, r := range robots { - results = append(results, handler_model.NewRobot(r).ToSwagger()) - } - - return operation.NewListRobotV1OK(). - WithXTotalCount(total). - WithLink(rAPI.Links(ctx, params.HTTPRequest.URL, total, query.PageNumber, query.PageSize).String()). - WithPayload(results) -} - -func (rAPI *robotV1API) GetRobotByIDV1(ctx context.Context, params operation.GetRobotByIDV1Params) middleware.Responder { - projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - if err := rAPI.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionRead, rbac.ResourceRobot); err != nil { - return rAPI.SendError(ctx, err) - } - - pro, err := rAPI.projectCtr.Get(ctx, projectNameOrID) - if err != nil { - return rAPI.SendError(ctx, err) - } - - r, err := rAPI.robotCtl.List(ctx, q.New(q.KeyWords{"ProjectID": pro.ProjectID, "ID": params.RobotID}), &robot.Option{ - WithPermission: true, - }) - if err != nil { - return rAPI.SendError(ctx, err) - } - if len(r) == 0 { - return rAPI.SendError(ctx, errors.NotFoundError(fmt.Errorf("cannot find robot with project id: %d and id: %d", pro.ProjectID, params.RobotID))) - } - - return operation.NewGetRobotByIDV1OK().WithPayload(handler_model.NewRobot(r[0]).ToSwagger()) -} - -func (rAPI *robotV1API) UpdateRobotV1(ctx context.Context, params operation.UpdateRobotV1Params) middleware.Responder { - projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - if err := rAPI.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionUpdate, rbac.ResourceRobot); err != nil { - return rAPI.SendError(ctx, err) - } - - pro, err := rAPI.projectCtr.Get(ctx, projectNameOrID) - if err != nil { - return rAPI.SendError(ctx, err) - } - r, err := rAPI.robotCtl.List(ctx, q.New(q.KeyWords{"ProjectID": pro.ProjectID, "ID": params.RobotID}), &robot.Option{ - WithPermission: true, - }) - if err != nil { - return rAPI.SendError(ctx, err) - } - if len(r) == 0 { - return rAPI.SendError(ctx, errors.NotFoundError(fmt.Errorf("cannot find robot with project id: %d and id: %d", pro.ProjectID, params.RobotID))) - } - robot := r[0] - - // for v1 API, only update the disable. - robot.Disabled = params.Robot.Disable - if err := rAPI.robotCtl.Update(ctx, robot, nil); err != nil { - return rAPI.SendError(ctx, err) - } - - return operation.NewUpdateRobotV1OK() -} - -func (rAPI *robotV1API) validate(ctx context.Context, params operation.CreateRobotV1Params) error { - if params.Robot == nil { - return errors.New(nil).WithMessage("bad request no robot").WithCode(errors.BadRequestCode) - } - if len(params.Robot.Access) == 0 { - return errors.New(nil).WithMessage("bad request no access").WithCode(errors.BadRequestCode) - } - - projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - pro, err := rAPI.projectCtr.Get(ctx, projectNameOrID) - if err != nil { - return err - } - - policies := rbac_project.GetPoliciesOfProject(pro.ProjectID) - - mp := map[string]bool{} - for _, policy := range policies { - mp[policy.String()] = true - } - - for _, policy := range params.Robot.Access { - p := &types.Policy{} - if err := lib.JSONCopy(p, policy); err != nil { - log.Warningf("failed to call JSONCopy on robot access policy when validate, error: %v", err) - } - if !mp[p.String()] { - return errors.New(nil).WithMessagef("%s action of %s resource not exist in project %s", policy.Action, policy.Resource, projectNameOrID).WithCode(errors.BadRequestCode) - } - } - - return nil -} - -// /project/1/repository => repository -func getRawResource(resource string) (string, error) { - resourceReg := regexp.MustCompile("^/project/[0-9]+/(?P[a-z-]+)$") - matches := resourceReg.FindStringSubmatch(resource) - if len(matches) <= 1 { - return "", errors.New(nil).WithMessagef("bad resource %s", resource).WithCode(errors.BadRequestCode) - } - return matches[1], nil -} From 4e34e7e10cc4a9ed779a1ee9740da9bf9fea6d16 Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Mon, 22 Dec 2025 11:01:29 +0800 Subject: [PATCH 02/11] chore: [DEVOPS-40213] fix vulns --- subtree/harbor/src/go.mod | 15 ++++--- subtree/harbor/src/go.sum | 40 +++++++++---------- .../harbor/src/server/middleware/csrf/csrf.go | 2 +- 3 files changed, 26 insertions(+), 31 deletions(-) diff --git a/subtree/harbor/src/go.mod b/subtree/harbor/src/go.mod index 93ad1055fd..aebaff838a 100644 --- a/subtree/harbor/src/go.mod +++ b/subtree/harbor/src/go.mod @@ -3,6 +3,7 @@ module github.com/goharbor/harbor/src go 1.25.3 require ( + filippo.io/csrf v0.2.1 github.com/CloudNativeAI/model-spec v0.0.5 github.com/FZambia/sentinel v1.1.0 github.com/Masterminds/semver v1.5.0 @@ -36,7 +37,6 @@ require ( github.com/gomodule/redigo v2.0.0+incompatible github.com/google/go-containerregistry v0.20.2 github.com/google/uuid v1.6.0 - github.com/gorilla/csrf v1.7.2 github.com/gorilla/handlers v1.5.2 github.com/gorilla/mux v1.8.1 github.com/graph-gophers/dataloader v5.0.0+incompatible @@ -66,11 +66,11 @@ require ( go.opentelemetry.io/otel/trace v1.35.0 go.pinniped.dev v0.37.0 go.uber.org/ratelimit v0.3.1 - golang.org/x/crypto v0.40.0 - golang.org/x/net v0.41.0 + golang.org/x/crypto v0.45.0 + golang.org/x/net v0.47.0 golang.org/x/oauth2 v0.28.0 - golang.org/x/sync v0.16.0 - golang.org/x/text v0.27.0 + golang.org/x/sync v0.18.0 + golang.org/x/text v0.31.0 golang.org/x/time v0.12.0 gopkg.in/h2non/gock.v1 v1.1.2 gopkg.in/yaml.v2 v2.4.0 @@ -118,7 +118,6 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.2 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/gorilla/securecookie v1.1.2 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 // indirect github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -179,8 +178,8 @@ require ( go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/term v0.33.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/term v0.37.0 // indirect google.golang.org/api v0.171.0 // indirect google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect diff --git a/subtree/harbor/src/go.sum b/subtree/harbor/src/go.sum index cc032de927..1b207b90fb 100644 --- a/subtree/harbor/src/go.sum +++ b/subtree/harbor/src/go.sum @@ -2,6 +2,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +filippo.io/csrf v0.2.1 h1:MdV/y9xOECwJko48lPkH9NaYNpZ6kYfaNlgnZk4k6Uo= +filippo.io/csrf v0.2.1/go.mod h1:eVfdeENlqr/ErpNx4E5I6a11I1aP0WL/PPkzKD1d960= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= @@ -252,23 +254,17 @@ github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEva github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g= github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k= -github.com/gorilla/csrf v1.7.2 h1:oTUjx0vyf2T+wkrx09Trsev1TE+/EbDAeHtSTbtC2eI= -github.com/gorilla/csrf v1.7.2/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= -github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/graph-gophers/dataloader v5.0.0+incompatible h1:R+yjsbrNq1Mo3aPG+Z/EKYrXrXXUNJHOgbRt+U6jOug= github.com/graph-gophers/dataloader v5.0.0+incompatible/go.mod h1:jk4jk0c5ZISbKaMe8WsVopGB5/15GvGHMdMdPtwlRp4= @@ -642,8 +638,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= -golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -670,8 +666,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= -golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -697,8 +693,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= @@ -714,8 +710,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -750,8 +746,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -762,8 +758,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= -golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -776,8 +772,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -802,8 +798,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/subtree/harbor/src/server/middleware/csrf/csrf.go b/subtree/harbor/src/server/middleware/csrf/csrf.go index 82b1755b43..1177241e2e 100644 --- a/subtree/harbor/src/server/middleware/csrf/csrf.go +++ b/subtree/harbor/src/server/middleware/csrf/csrf.go @@ -20,7 +20,7 @@ import ( "strings" "sync" - "github.com/gorilla/csrf" + csrf "filippo.io/csrf/gorilla" "github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/lib" From 4679195b9601f3140ac5d7635d197cd53064410b Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Mon, 22 Dec 2025 11:42:23 +0800 Subject: [PATCH 03/11] chore: [DEVOPS-40213] use larger source workspace --- .tekton/all-in-one.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/all-in-one.yaml b/.tekton/all-in-one.yaml index 628c808f02..1cc61e1306 100644 --- a/.tekton/all-in-one.yaml +++ b/.tekton/all-in-one.yaml @@ -1504,7 +1504,7 @@ spec: - ReadWriteMany resources: requests: - storage: 1Gi + storage: 2Gi - name: source-arm64 volumeClaimTemplate: spec: @@ -1512,7 +1512,7 @@ spec: - ReadWriteMany resources: requests: - storage: 1Gi + storage: 2Gi - name: dockerconfig secret: secretName: build-harbor.kauto.docfj From ece2ed5cb905b3186c0cf677ceb03b7def1da4fd Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Mon, 22 Dec 2025 12:52:06 +0800 Subject: [PATCH 04/11] chore: [DEVOPS-40213] bump trivy adapter --- .tekton/all-in-one.yaml | 2 +- subtree/harbor/make/patches/patch-amd64.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.tekton/all-in-one.yaml b/.tekton/all-in-one.yaml index 1cc61e1306..b088ac26e9 100644 --- a/.tekton/all-in-one.yaml +++ b/.tekton/all-in-one.yaml @@ -203,7 +203,7 @@ spec: TRIVY_VERSION=v0.62.2-alauda-25 # renovate: datasource=github-releases depName=harbor-scanner-trivy packageName=AlaudaDevops/harbor-scanner-trivy - TRIVY_ADAPTER_VERSION=v0.33.2-alauda-16 + TRIVY_ADAPTER_VERSION=v0.34.2-alauda-1 # renovate: datasource=golang-version depName=go export GOLANG_IMAGE_VERSION=1.25.5 diff --git a/subtree/harbor/make/patches/patch-amd64.sh b/subtree/harbor/make/patches/patch-amd64.sh index 5c847ab35b..d8f5c552a4 100755 --- a/subtree/harbor/make/patches/patch-amd64.sh +++ b/subtree/harbor/make/patches/patch-amd64.sh @@ -28,7 +28,8 @@ export GOLANG_IMAGE_VERSION=1.25.5 sed -i 's/node:16.18.0/docker-mirrors.alauda.cn\/library\/node:16.18.0/' "Makefile" sed -i 's/registry.npmjs.org/internal-mirrors.alauda.cn\/repository\/npm\//g' "Makefile" -sed -i 's/BUILDBIN=true/BUILDBIN=false/g' "Makefile" +sed -i 's/BUILDREG=true/BUILDREG=false/g' "Makefile" +sed -i 's/BUILDTRIVYADP=true/BUILDTRIVYADP=false/g' "Makefile" sed -i 's/PUSHBASEIMAGE=false/PUSHBASEIMAGE=true/g' "Makefile" sed -i 's/BASEIMAGENAMESPACE=goharbor/BASEIMAGENAMESPACE \?= goharbor/g' "Makefile" sed -i 's/IMAGENAMESPACE=goharbor/IMAGENAMESPACE \?= goharbor/g' "Makefile" From 4594b58914eaf0cf1d0225b1e137be55c5fd3f99 Mon Sep 17 00:00:00 2001 From: Alauda Bot Date: Mon, 22 Dec 2025 05:13:13 +0000 Subject: [PATCH 05/11] Auto-commit by alaudabot in edge [ci skip] - devops/harbor-all-in-one-ckjqz-commit --- testing/testdata/harbor.yaml | 4 +-- testing/testdata/script/run-harbor-e2e.sh | 2 +- testing/testdata/snippets/base-values.yaml | 4 +-- values.yaml | 30 ++++++++++------------ 4 files changed, 19 insertions(+), 21 deletions(-) diff --git a/testing/testdata/harbor.yaml b/testing/testdata/harbor.yaml index 6abcd662bb..ca3b2c6a01 100644 --- a/testing/testdata/harbor.yaml +++ b/testing/testdata/harbor.yaml @@ -76,7 +76,7 @@ spec: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 resources: requests: cpu: 100m @@ -92,7 +92,7 @@ spec: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/testing/testdata/script/run-harbor-e2e.sh b/testing/testdata/script/run-harbor-e2e.sh index 25c0d9040a..ddc6f94f5f 100755 --- a/testing/testdata/script/run-harbor-e2e.sh +++ b/testing/testdata/script/run-harbor-e2e.sh @@ -30,7 +30,7 @@ is_ipv6() { # 该镜像的默认值会由 `.tekton/all-in-one.yaml` 流水线中的 `update-image-tags` 自动更新 # 如需修改,请同步更新 Makefile 中的 `update-e2e-image-tag` -TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-g1eb348b"} +TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-g9375571"} DEPENDS_IMAGE_REGISTRY=${E2E_DEPENDS_IMAGE_REGISTRY:-"ghcr.io"} HARBOR_HOST_SCHEMA=${1:-"http"} diff --git a/testing/testdata/snippets/base-values.yaml b/testing/testdata/snippets/base-values.yaml index 380499528f..acd50fbf5d 100644 --- a/testing/testdata/snippets/base-values.yaml +++ b/testing/testdata/snippets/base-values.yaml @@ -56,7 +56,7 @@ database: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 resources: requests: cpu: 100m @@ -72,7 +72,7 @@ redis: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/values.yaml b/values.yaml index d60072f803..1c7d4a7003 100644 --- a/values.yaml +++ b/values.yaml @@ -5,37 +5,37 @@ global: images: portal: repository: devops/goharbor-harbor-portal - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" core: repository: devops/goharbor-harbor-core - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" jobservice: repository: devops/goharbor-harbor-jobservice - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" registry: repository: devops/goharbor-registry-photon - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" registryController: repository: devops/goharbor-harbor-registryctl - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" trivy: repository: devops/goharbor-trivy-adapter-photon - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" @@ -46,13 +46,13 @@ global: thirdparty: true nginx: repository: devops/goharbor-nginx-photon - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" exporter: repository: devops/goharbor-harbor-exporter - tag: 2.12.4-g1eb348b + tag: 2.12.4-g9375571 support_arm: true thirdparty: true digest: "" @@ -121,13 +121,13 @@ expose: route: labels: {} annotations: {} - # - name: envoy-internal - # namespace: networking - # sectionName: https - # group: gateway.networking.k8s.io - # kind: Gateway + # - name: envoy-internal + # namespace: networking + # sectionName: https + # group: gateway.networking.k8s.io + # kind: Gateway parentRefs: {} - # - "harbor.example.com" + # - "harbor.example.com" hosts: [] clusterIP: # The name of ClusterIP service @@ -421,12 +421,10 @@ ipFamily: # ipv4Enabled set to true if ipv4 is enabled in cluster, currently it affected the nginx related component ipv4: enabled: true - # Sets the IP family policy for services to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). policy: "" # A list of IP families for services that should be supported, in the order in which they should be applied to ClusterIP. Can be "IPv4" and/or "IPv6". families: [] - imagePullPolicy: IfNotPresent # Use this set to assign a list of default pullSecrets imagePullSecrets: From 417853055ff6de68b7902fc3b116252f10bb4f02 Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Mon, 22 Dec 2025 13:24:07 +0800 Subject: [PATCH 06/11] chore: [DEVOPS-40213] bump trivy to v0.66.1-alauda-0 --- .tekton/all-in-one.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/all-in-one.yaml b/.tekton/all-in-one.yaml index b088ac26e9..2b15d78549 100644 --- a/.tekton/all-in-one.yaml +++ b/.tekton/all-in-one.yaml @@ -200,7 +200,7 @@ spec: # download trivy and scanner-trivy # renovate: datasource=github-releases depName=trivy packageName=AlaudaDevops/trivy - TRIVY_VERSION=v0.62.2-alauda-25 + TRIVY_VERSION=v0.66.1-alauda-0 # renovate: datasource=github-releases depName=harbor-scanner-trivy packageName=AlaudaDevops/harbor-scanner-trivy TRIVY_ADAPTER_VERSION=v0.34.2-alauda-1 From de828cc80499539b2b5adf48573edc791678e532 Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Mon, 22 Dec 2025 13:53:01 +0800 Subject: [PATCH 07/11] chore: [DEVOPS-40213] bump trivy to v0.66.1-alauda-1, fix e2e --- .tekton/all-in-one.yaml | 2 +- subtree/harbor/tests/resources/Harbor-Util.robot | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/all-in-one.yaml b/.tekton/all-in-one.yaml index 2b15d78549..05c53382b8 100644 --- a/.tekton/all-in-one.yaml +++ b/.tekton/all-in-one.yaml @@ -200,7 +200,7 @@ spec: # download trivy and scanner-trivy # renovate: datasource=github-releases depName=trivy packageName=AlaudaDevops/trivy - TRIVY_VERSION=v0.66.1-alauda-0 + TRIVY_VERSION=v0.66.1-alauda-1 # renovate: datasource=github-releases depName=harbor-scanner-trivy packageName=AlaudaDevops/harbor-scanner-trivy TRIVY_ADAPTER_VERSION=v0.34.2-alauda-1 diff --git a/subtree/harbor/tests/resources/Harbor-Util.robot b/subtree/harbor/tests/resources/Harbor-Util.robot index 0f7d4b548b..f2a50512de 100644 --- a/subtree/harbor/tests/resources/Harbor-Util.robot +++ b/subtree/harbor/tests/resources/Harbor-Util.robot @@ -159,5 +159,5 @@ Wait for Harbor Ready Fail Harbor failed to come up properly! Get Harbor Version - ${rc} ${output}= Run And Return Rc And Output curl -k -X GET --header 'Accept: application/json' '${protocol}://${ip}/api/v2.0/systeminfo'|grep -i harbor_version + ${rc} ${output}= Run And Return Rc And Output curl -k -X GET -u admin:%{HARBOR_PASSWORD} --header 'Accept: application/json' '${protocol}://${ip}/api/v2.0/systeminfo'|grep -i harbor_version Log To Console ${output} From 03f09049107a50a8594a22f473a50befca9ab9c4 Mon Sep 17 00:00:00 2001 From: Alauda Bot Date: Mon, 22 Dec 2025 06:19:03 +0000 Subject: [PATCH 08/11] Auto-commit by alaudabot in edge [ci skip] - devops/harbor-all-in-one-6xk8b-commit --- testing/testdata/harbor.yaml | 4 ++-- testing/testdata/script/run-harbor-e2e.sh | 2 +- testing/testdata/snippets/base-values.yaml | 4 ++-- values.yaml | 16 ++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/testing/testdata/harbor.yaml b/testing/testdata/harbor.yaml index ca3b2c6a01..eac2079174 100644 --- a/testing/testdata/harbor.yaml +++ b/testing/testdata/harbor.yaml @@ -76,7 +76,7 @@ spec: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 resources: requests: cpu: 100m @@ -92,7 +92,7 @@ spec: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/testing/testdata/script/run-harbor-e2e.sh b/testing/testdata/script/run-harbor-e2e.sh index ddc6f94f5f..b16f5a6e95 100755 --- a/testing/testdata/script/run-harbor-e2e.sh +++ b/testing/testdata/script/run-harbor-e2e.sh @@ -30,7 +30,7 @@ is_ipv6() { # 该镜像的默认值会由 `.tekton/all-in-one.yaml` 流水线中的 `update-image-tags` 自动更新 # 如需修改,请同步更新 Makefile 中的 `update-e2e-image-tag` -TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-g9375571"} +TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-ged45de6"} DEPENDS_IMAGE_REGISTRY=${E2E_DEPENDS_IMAGE_REGISTRY:-"ghcr.io"} HARBOR_HOST_SCHEMA=${1:-"http"} diff --git a/testing/testdata/snippets/base-values.yaml b/testing/testdata/snippets/base-values.yaml index acd50fbf5d..ead5f7b1a0 100644 --- a/testing/testdata/snippets/base-values.yaml +++ b/testing/testdata/snippets/base-values.yaml @@ -56,7 +56,7 @@ database: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 resources: requests: cpu: 100m @@ -72,7 +72,7 @@ redis: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/values.yaml b/values.yaml index 1c7d4a7003..db06fefd38 100644 --- a/values.yaml +++ b/values.yaml @@ -5,37 +5,37 @@ global: images: portal: repository: devops/goharbor-harbor-portal - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" core: repository: devops/goharbor-harbor-core - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" jobservice: repository: devops/goharbor-harbor-jobservice - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" registry: repository: devops/goharbor-registry-photon - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" registryController: repository: devops/goharbor-harbor-registryctl - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" trivy: repository: devops/goharbor-trivy-adapter-photon - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" @@ -46,13 +46,13 @@ global: thirdparty: true nginx: repository: devops/goharbor-nginx-photon - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" exporter: repository: devops/goharbor-harbor-exporter - tag: 2.12.4-g9375571 + tag: 2.12.4-ged45de6 support_arm: true thirdparty: true digest: "" From ee95e6c1bd67daf15a1c7dee5bddb9c9d1d66256 Mon Sep 17 00:00:00 2001 From: Alauda Bot Date: Mon, 22 Dec 2025 07:59:30 +0000 Subject: [PATCH 09/11] Auto-commit by alaudabot in edge [ci skip] - devops/harbor-all-in-one-bq9dl-commit --- testing/testdata/harbor.yaml | 4 ++-- testing/testdata/script/run-harbor-e2e.sh | 2 +- testing/testdata/snippets/base-values.yaml | 4 ++-- values.yaml | 16 ++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/testing/testdata/harbor.yaml b/testing/testdata/harbor.yaml index eac2079174..8649b5378c 100644 --- a/testing/testdata/harbor.yaml +++ b/testing/testdata/harbor.yaml @@ -76,7 +76,7 @@ spec: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 resources: requests: cpu: 100m @@ -92,7 +92,7 @@ spec: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/testing/testdata/script/run-harbor-e2e.sh b/testing/testdata/script/run-harbor-e2e.sh index b16f5a6e95..6527fd9dd6 100755 --- a/testing/testdata/script/run-harbor-e2e.sh +++ b/testing/testdata/script/run-harbor-e2e.sh @@ -30,7 +30,7 @@ is_ipv6() { # 该镜像的默认值会由 `.tekton/all-in-one.yaml` 流水线中的 `update-image-tags` 自动更新 # 如需修改,请同步更新 Makefile 中的 `update-e2e-image-tag` -TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-ged45de6"} +TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-g03f0904"} DEPENDS_IMAGE_REGISTRY=${E2E_DEPENDS_IMAGE_REGISTRY:-"ghcr.io"} HARBOR_HOST_SCHEMA=${1:-"http"} diff --git a/testing/testdata/snippets/base-values.yaml b/testing/testdata/snippets/base-values.yaml index ead5f7b1a0..729901b2c8 100644 --- a/testing/testdata/snippets/base-values.yaml +++ b/testing/testdata/snippets/base-values.yaml @@ -56,7 +56,7 @@ database: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 resources: requests: cpu: 100m @@ -72,7 +72,7 @@ redis: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/values.yaml b/values.yaml index db06fefd38..6be0e3daf9 100644 --- a/values.yaml +++ b/values.yaml @@ -5,37 +5,37 @@ global: images: portal: repository: devops/goharbor-harbor-portal - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" core: repository: devops/goharbor-harbor-core - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" jobservice: repository: devops/goharbor-harbor-jobservice - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" registry: repository: devops/goharbor-registry-photon - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" registryController: repository: devops/goharbor-harbor-registryctl - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" trivy: repository: devops/goharbor-trivy-adapter-photon - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" @@ -46,13 +46,13 @@ global: thirdparty: true nginx: repository: devops/goharbor-nginx-photon - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" exporter: repository: devops/goharbor-harbor-exporter - tag: 2.12.4-ged45de6 + tag: 2.12.4-g03f0904 support_arm: true thirdparty: true digest: "" From 1d0e6c5ba4e3c81a2fe951be9d09966ad953467f Mon Sep 17 00:00:00 2001 From: yuzichen <1062955096@qq.com> Date: Mon, 22 Dec 2025 17:32:31 +0800 Subject: [PATCH 10/11] chore: [DEVOPS-40213] bump harbor version to 2.14.1 --- .tekton/all-in-one.yaml | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/all-in-one.yaml b/.tekton/all-in-one.yaml index 05c53382b8..671c2d8b19 100644 --- a/.tekton/all-in-one.yaml +++ b/.tekton/all-in-one.yaml @@ -119,7 +119,7 @@ spec: - name: build-path value: subtree/harbor - name: tag-template - value: 2.12.4-g$ShortSha + value: 2.14.1-g$ShortSha - name: skip-e2e value: "{{ skip_e2e }}" diff --git a/values.yaml b/values.yaml index 6be0e3daf9..f5d38d344a 100644 --- a/values.yaml +++ b/values.yaml @@ -41,7 +41,7 @@ global: digest: "" trivyOfflineDB: repository: devops/goharbor-trivy-offline-db - tag: alauda-v2.12.0-c7878f30 + tag: alauda-v2.14.0-f5b6be41 support_arm: true thirdparty: true nginx: From 996e6b99da7a26c8e2bd3b8c726a505f453effe0 Mon Sep 17 00:00:00 2001 From: Alauda Bot Date: Mon, 22 Dec 2025 09:50:46 +0000 Subject: [PATCH 11/11] Auto-commit by alaudabot in edge [ci skip] - devops/harbor-all-in-one-z29sm-commit --- testing/testdata/harbor.yaml | 4 ++-- testing/testdata/script/run-harbor-e2e.sh | 2 +- testing/testdata/snippets/base-values.yaml | 4 ++-- values.yaml | 16 ++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/testing/testdata/harbor.yaml b/testing/testdata/harbor.yaml index 8649b5378c..2b66ad3682 100644 --- a/testing/testdata/harbor.yaml +++ b/testing/testdata/harbor.yaml @@ -76,7 +76,7 @@ spec: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 resources: requests: cpu: 100m @@ -92,7 +92,7 @@ spec: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/testing/testdata/script/run-harbor-e2e.sh b/testing/testdata/script/run-harbor-e2e.sh index 6527fd9dd6..a0e4586a83 100755 --- a/testing/testdata/script/run-harbor-e2e.sh +++ b/testing/testdata/script/run-harbor-e2e.sh @@ -30,7 +30,7 @@ is_ipv6() { # 该镜像的默认值会由 `.tekton/all-in-one.yaml` 流水线中的 `update-image-tags` 自动更新 # 如需修改,请同步更新 Makefile 中的 `update-e2e-image-tag` -TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.12.4-g03f0904"} +TEST_IMAGE=${E2E_ENGINE_IMAGE:-"registry.alauda.cn:60070/devops/harbor-e2e-engine:2.14.1-g1d0e6c5"} DEPENDS_IMAGE_REGISTRY=${E2E_DEPENDS_IMAGE_REGISTRY:-"ghcr.io"} HARBOR_HOST_SCHEMA=${1:-"http"} diff --git a/testing/testdata/snippets/base-values.yaml b/testing/testdata/snippets/base-values.yaml index 729901b2c8..971a129049 100644 --- a/testing/testdata/snippets/base-values.yaml +++ b/testing/testdata/snippets/base-values.yaml @@ -56,7 +56,7 @@ database: image: repository: /devops/goharbor-harbor-db # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 resources: requests: cpu: 100m @@ -72,7 +72,7 @@ redis: image: repository: /devops/goharbor-redis-photon # The default values of image tag will be automatically updated by `update-image-tags` in the `.tekton/all-in-one.yaml` pipeline. - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 extraEnvVars: - name: ALLOW_EMPTY_PASSWORD value: "yes" diff --git a/values.yaml b/values.yaml index f5d38d344a..8ab373afc1 100644 --- a/values.yaml +++ b/values.yaml @@ -5,37 +5,37 @@ global: images: portal: repository: devops/goharbor-harbor-portal - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" core: repository: devops/goharbor-harbor-core - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" jobservice: repository: devops/goharbor-harbor-jobservice - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" registry: repository: devops/goharbor-registry-photon - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" registryController: repository: devops/goharbor-harbor-registryctl - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" trivy: repository: devops/goharbor-trivy-adapter-photon - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" @@ -46,13 +46,13 @@ global: thirdparty: true nginx: repository: devops/goharbor-nginx-photon - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: "" exporter: repository: devops/goharbor-harbor-exporter - tag: 2.12.4-g03f0904 + tag: 2.14.1-g1d0e6c5 support_arm: true thirdparty: true digest: ""