v2.6.0
What's Changed
Exciting New Features 🎉
Cache Layer
Introduce cache layer to improve the performance of pulling artifacts in the high concurrency scenario. For more datails, see the wiki.
- feat(project): introduce cache manager for project (#16740) by @chlins in #16807
- feat(repository): introduce cache manager for repository (#16741) by @chlins in #16846
- feat(project): introduce cache layer for project_metadata (#16891) by @chlins in #16892
- feat(manifest): introduce cache layer for manifest (#16459) by @chlins in #16861
CVE Export
Introduce CVE Export which allows project owners and members to export CBR data generated by scanners for artifacts within projects.
- System Artifact Manager - database and model changes by @prahaladdarkin in #16678
- Introduce system artifact manager cleanup job by @prahaladdarkin in #16879
- Vulnerability scan data export functionality by @prahaladdarkin in #15998
- Add CVE data exporting UI by @AllForNothing in #16236
Purge AuditLog
Support purge audit log periodically or run on demand, add feature to forward audit log to remote sys log endpoint.
- (feat) Add job service to purge audit_log by @stonezdj in #16833
- Add clearances ui by @AllForNothing in #16941
- Add REST API for purge audit log by @stonezdj in #16865
- Add audit_log forward endpoint by @stonezdj in #16914
B/R With Velero
Support backup and restore Harbor helm chart with Velero. For more details and usage, see the user guide.
- Add stop button for GC by @AllForNothing in #17037
- Add stop button for audit log rotation by @AllForNothing in #17054
Additional Features
- GDPR compliant deletion of Users by @tpoxa in #16859
- [Experimental] Add new feature for supporting WebAssembly artifact by @ln23415 in #16931
Deprecations
- Start the deprecation of Chartmuseum from v2.6.0 and begin to remove in v2.8.0. More details, please refer to the discussion.
- Start the deprecation of Notary(signer&server) from v2.6.0 and begin to remove in v2.8.0. More details, please refer to the discussion.
Known issues
Starting with v2.6.0, there is a regression issue with sentinel redis configuration, you can get the details from 17483 and you can get the solution here. If you have concerns about this, please wait for the next patch release v2.6.1.
Enhancement 🚀
- Update docker building for UI by @AllForNothing in #16692
- Add dotted line between the artifacts and their accessories by @AllForNothing in #16701
- fixed typo in legacy_swagger.yaml file by @tibeer in #16723
- Provide more useful error info by @AllForNothing in #16736
- Fix some css style issues by @AllForNothing in #16709
- Add release.yml to automate release notes #16633 by @OrlinVasilev in #16634
- replace install httpd by installing htpasswd binary only by @MinerYang in #16771
- Store default page size to local storage by @AllForNothing in #16753
- Refactor portal language code by @SimonAlling in #16795
- Fix lint errors in portal by @SimonAlling in #16799
- Improve replication policy datagrid by @AllForNothing in #16806
- fix: improve GC log message by @zyyw in #16790
- Improve css for tags column by @AllForNothing in #16811
- Allow all roles to see 'listed in CVE allowlist' column by @AllForNothing in #16860
- Improve css for accessories component by @AllForNothing in #16868
- Add date/time format setting in portal by @SimonAlling in #16796
- Remove message prompt clearing by @AllForNothing in #16894
- Modify HarborDatetimePipe to pure pipe to improve performance by @AllForNothing in #16906
- fix: add patch for registry layers larger than 10G with S3 backend by @franznemeth in #16322
- feat: enabled Github GHCR as proxy cache by @wilmardo in #16834
- Add NextScheduledTime in schedule object by @stonezdj in #16925
- Add style lint and add code lint to the pipeline by @AllForNothing in #16954
- Fix some UI issues by @AllForNothing in #16979
- Response the sign status to UI for the public project. by @wy65701436 in #16987
- Support stop GC execution by @ywk253100 in #17004
- Improve copy command component by @AllForNothing in #17068
- Improve cron validator for replication rule by @AllForNothing in #17069
- Enhance the read-only API to avoid deleting operations during the job running by @ywk253100 in #17055
- Making stale bot a bit more active by @OrlinVasilev in #17115
- Remove os.Kill in signal handling by @heylongdacoder in #16111
- Return bad request if audit log retention hour > 240000 hour by @stonezdj in #17217
Component updates ⬆️
- pkg/scan: fix dropped error by @alrs in #16712
- bump up astaxie/beego@v1.12.1 to beego/beego/@v1.12.7 by @MinerYang in #16770
- fix: registry/redis.patch & registry/builder by @zyyw in #16780
- Upgrade Angular to 13.3.4 by @AllForNothing in #16772
- fix close response missing by @wy65701436 in #16820
- add lint with golangci-lint by @MinerYang in #16821
- fix staticcheck issues by @wy65701436 in #16828
- fix: gc history update_time by @zyyw in #16841
- fix artifact count issue by @wy65701436 in #16851
- migrate tslint to eslint by @AllForNothing in #16856
- Upgrade clarity to the latest version by @AllForNothing in #16840
- fix accessory count issue by @wy65701436 in #16866
- bump up beego from v1.12.7 to v1.12.9 by @MinerYang in #16904
- fix 16883 by @wy65701436 in #16911
- fix replcation issue on accessory by @wy65701436 in #16912
- support docker compose v2 by @MinerYang in #16919
- fix: golangci-lint errcheck by @zyyw in #16920
- bump up golang version to v1.18.3 by @MinerYang in #16957
- fix(swagger): append scan report version 1.1 to swagger docs by @chlins in #16965
- fix(replication): azurecr replication with token (#16888) by @chlins in #16947
- fix: update code for golangci-lint gosimple by @zyyw in #16974
- fix: refactor code for golangci-lint whitespace by @zyyw in #17005
- fix: update the jobservice hook retry concurrency by @chlins in #17024
- Remove style-lint package and upgrade @angular-devkit/build-angular by @AllForNothing in #17009
- migrate: add db index on artifact repository name by @chlins in #17035
- update support for docker compose v2 by @MinerYang in #17039
- Unify the process of job schedule/task retrieve and update by @stonezdj in #17012
- fix: revise the process of policy update by @chlins in #17021
- fix: fix the update of retention policy by @chlins in #17064
- fix: bump trivy version to v0.29.2 and bump trivyadapter version to v0.30.0 by @zyyw in #17071
- Support stop purge audit log job by @stonezdj in #17033
- Fix scan log mismatch issue by @stonezdj in #17085
- fix: update preheat api handler and DAO by @chlins in #17079
- Upgrade pipenv to 2022.1.8 by @YangJiao0817 in #17093
- fix: update code in compliance with golangci-lint revive by @zyyw in #17087
- Create index on audit log, execution, artifact for performance by @stonezdj in #17022
- Added group_type information for type 3 OIDC group by @Dannyx323 in #17118
- fix: attach labels for replication event by @chlins in #17108
- resolve copy failure for artifact with multiple accessories by @wy65701436 in #17123
- Add options to the user.Count method by @stonezdj in #16285
- fix: repair execution status when it inconsistent by @chlins in #17128
- Added Tag Retention Permission to Developer by @DarthBlair in #16514
- resolve robot authgen password format issue by @wy65701436 in #17134
- Developer role should be able to view tag-retention rules by @AllForNothing in #17138
- Hide pull command for Nydus by @AllForNothing in #17143
- Fix to CVE Data Export functionality for images pushed by
docker pushby @prahaladdarkin in #17182 - fix: remove redundant check due to always false by @zyyw in #17206
- Fix log rotation UI issues by @AllForNothing in #17220
- Fix cve export UI issues by @AllForNothing in #17227
- Disable Nydus middleware for v2.6 by @MinerYang in #17233
- bumpup golang version to v1.18.4 by @MinerYang in #17257
- Fix router issues for UI by @AllForNothing in #17235
- Add permission check to CVE export by @AllForNothing in #17267
- [Cherry-pick]Fix null pointer issue for creating reolication rule by @AllForNothing in #17276
- upgrade: bump up beego to 1.12.11 by @chlins in #17278
Docs update 🗄️
- README.md: fix broken links to badges and Swagger editor by @koushik-ms in #16910
Community update 🧑🏻🤝🧑🏾
- Add new template file for PRs by @OrlinVasilev in #16645
- Add CODEOWNERS all maintainers by @OrlinVasilev in #16670
- In SECURITY.md, fix broken link to RELEASES.md by @stefanlasiewski in #17019
Other Changes
- Bump TRIVYVERSION to v0.24.2 and bump TRIVYADAPTERVERSION to v0.26.0 by @YangJiao0817 in #16486
- fix: resolve conformance test failed issue by @zyyw in #16478
- bump up base version to v2.6 by @wy65701436 in #16481
- Add a new robot permission and sort permissions by @AllForNothing in #16487
- docs: Link to latest/edge docs instead of 2.0.0 by @SimonAlling in #14945
- Improve style and correct typos by @AllForNothing in #16498
- Add online latest installer package by @YangJiao0817 in #16148
- Update readme by @AllForNothing in #16501
- Add replication index testcase by @YangJiao0817 in #16502
- Update trivy test case by @YangJiao0817 in #16493
- add transaction for artifact delete by @wy65701436 in #16506
- Updated translation for 2.5 by @sluetze in #16509
- refactor: import go-redis to core as replacement of redigo by @chlins in #16492
- fix: enable one skipped conformance test by @zyyw in #16521
- Fix duplicate labels issue by @AllForNothing in #16527
- add cosign signature icon by @wy65701436 in #16533
- Add cosign icon by @AllForNothing in #16531
- enhance health validataion by @wy65701436 in #16549
- Update push and pull command for helm by @AllForNothing in #16552
- lib/q: fix dropped test error by @alrs in #16494
- Improve UI with more inclusive words by @AllForNothing in #16548
- Add secret to download file when refreshing robot secret by @AllForNothing in #16564
- update log with more inclusive language by @wy65701436 in #16569
- update french translation by @bmfp in #16570
- Modify setup-gcloud from master to v0 by @YangJiao0817 in #16571
- feat: implement beego session provider by @chlins in #16546
- Update webhook testcase xpath from disable to deactivate by @YangJiao0817 in #16579
- Add python-dateutil module in api e2e image by @YangJiao0817 in #16588
- Upgrade UI dependencies by @AllForNothing in #16586
- Remove state restrictions for gc log button by @AllForNothing in #16585
- migrations: correct project metadata public value by @chlins in #16597
- fix: validate project metadata public value by @chlins in #16596
- Delete unused files and functions by @stonezdj in #16599
- fix: return BAD_REQUEST when validate project metadata by @chlins in #16605
- Update usergroups API to support search by group_name by @stonezdj in #16580
- Use list user groups API to search groups by @AllForNothing in #16610
- Add main menu routing test case by @YangJiao0817 in #16622
- Improve copy-artifact component by @AllForNothing in #16628
- skip policy check on pull cosign signature by @wy65701436 in #16658
- Improve user setting component by @AllForNothing in #16665
- Add project tab routing test case by @YangJiao0817 in #16664
- Clear some UI building warnings by @AllForNothing in #16684
- Add retries to test cases by @YangJiao0817 in #16690
- Add open more info page test case by @YangJiao0817 in #16708
- fix: controller/blob: dropped test error by @alrs in #16608
- fix: check the existence of the tag before updating pull time by @chlins in #16510
- Add open cve details page test case by @YangJiao0817 in #16705
- Add open image scanners documentation page test case by @YangJiao0817 in #16704
- Add test case for Enable Deployment Security Policy replication by @YangJiao0817 in #16737
- chore(deps): bump Trivy adapter from v0.26.0 to v0.28.0 by @danielpacak in #16729
- feat: add cache layer for artifact by @chlins in #16593
- CI: Replace stale.yaml with stale GH Actions by @OrlinVasilev in #16699
- enable default to build bin by @wy65701436 in #16763
- Add imgpkg copy test case by @YangJiao0817 in #16760
- Update cosign test case by @YangJiao0817 in #16832
- Use exec in registryctl so signals are passed properly by @mac-chaffee in #16642
- fix deadcode lint & update golangci-lint.yaml by @MinerYang in #16896
- Update header user xpath by @YangJiao0817 in #16917
- Add Publish Release workflow by @YangJiao0817 in #16956
- Add webhook functionality test case by @YangJiao0817 in #16944
- Update Web Routing test case by @YangJiao0817 in #16981
- Update CVE allowlist UI test case by @YangJiao0817 in #16980
- Update GC UI Testcase by @YangJiao0817 in #16975
- Update harbor-e2e-engine image by @YangJiao0817 in #17032
- Add P2P Preheat Test case by @YangJiao0817 in #17089
- Modify Build Package Workflow trigger condition by @YangJiao0817 in #17106
- Update tag immutability xpath by @YangJiao0817 in #17149
- Add retry to project quota GC test case by @YangJiao0817 in #17164
- Update delete project test case by @YangJiao0817 in #17158
New Contributors
- @SimonAlling made their first contribution in #14945
- @alrs made their first contribution in #16494
- @OrlinVasilev made their first contribution in #16645
- @tibeer made their first contribution in #16723
- @mac-chaffee made their first contribution in #16642
- @koushik-ms made their first contribution in #16910
- @franznemeth made their first contribution in #16322
- @tpoxa made their first contribution in #16859
- @stefanlasiewski made their first contribution in #17019
- @qnetter made their first contribution in #16984
- @Dannyx323 made their first contribution in #17118
- @heylongdacoder made their first contribution in #16111
- @DarthBlair made their first contribution in #16514
- @ln23415 made their first contribution in #16931
- @Abirdcfly made their first contribution in #17211
Full Changelog: v2.5.0...v2.6.0
Contributors
alrs, stefanlasiewski, and 26 other contributors