* registry: implements the OCI 1.1 referrers API
Migrations:
- Adds a subject column for lookup
- Adds a subject_backfilled column to track status of the backfilling
of existing manifests
- Adds a manifest_json column making use of postgres' JSONB support,
for future use.
Manifestsubjectbackfillworker: Indexes existing manifests for possible
existing subject field.
* Deprecate IGNORE_UNKNOWN_MEDIATYPES
* Cleanup
Allows superusers to trigger a calculation of the deduplicated registry size. A superuser can go to the organization panel of the superuser page and select Calculate to queue a calculation of the registry total. The total will only be calculated when requested. Includes warning to user of increase of database load when running calculation.
Allows for only unique blobs are counted at the namespace and repository level. Calculation includes manifest list sizes.
Add's the following internal configurations that default to true:
QUOTA_INVALIDATE_TOTALS: Invalidates calculated totals when FEATURE_QUOTA_MANAGEMENT is set to false
RESET_CHILD_MANIFEST_EXPIRATION: Resets the expiry for child manifests on push of the manifest list for immediate GC eligibility
PERMANENTLY_DELETE_TAGS: Enables features related to the permanent deletion of tags outside the configured time machine window
Removes the obsolete `logrotate.conf` file which was used in Quay 2.9 and below when nginx logs were stored under `/var/log/nginx` inside the container instead of being redirected to `/dev/stdout`. This file is no longer needed.
Removes read support for Clair V2, along with the need to package
jwtproxy with Quay.
TODO: Drop deprecate image api + image table, remove image data model.
Nginx currently kills body reads that last longer than 60s. Bi-directional RPC calls like streaming logs requires longer reads. This change extends that timeout.
Support client ip from x-forwarded header. This is needed if one of
the intermediate proxy between the client and Quay does not support
proxy protocol.
If set, FEATURE_PROXY_PROTOCOL will use the L4 feature. If not, say,
when a L7 proxy is used, fallback to using x-forwarded-for, and allow
specifying trusted ip/cidr for Nginx.
* Add dev dependencies mypy and typing
* Add makefile target `types-test`, not yet included in `test` target.
* Generate stubs for imported modules to avoid mypy complaining about missing types.
* Remove generated stubs as there are way too many and they cause tons of mess in the repo. Switched to ignoring untyped modules for now, to concentrate on Quay-only type checking.
* mypy config changed to ignore missing imports
* ignore property decorator as it is not supported by mypy
* mypy annotations for many configuration variables
* re-generate mypy_stubs directory as its necessary in some classes for base classes to prevent mypy errors
* util/registry/queuefile referred to non existent definition of Empty class in multiprocessing.queues
* ignore type checking for things like monkey patching and exported/re-imported objects that
mypy does not allow.
* Adjust mypy config to warn us about unreachable return paths and useless expressions.
* Add the __annotations__ property to INTERNAL_ONLY_PROPERTIES so that it is not part of the config schema testing
* Remove redundant dependencies `typing` and `typing-extensions` which are NOOP after Python 3.5
* Remove mypy-extensions which only provides a TypedDict implementation but has not been updated since 2019.
* updated mypy to 0.910 which requires all types packages to be installed manually.
* exclude local-dev from type checking until core team can suggest an outcome for __init__.py duplicate packages
* re-add typing dependency which will be needed until Python 3.9
* ignore .mypy_cache
* add mypy stub for features module to replace inline definitions
* import annotations eager evaluation in billing.py as it was required to reference a class declared later in the module.
* remove the type definition of V1ProtocolSteps/V2ProtocolSteps to make tox happy
Allows forward slashes to be used in repository names according to
https://docs.docker.com/docker-hub/repos/.
NOTE: This change simply allows the use of "/" in repository
names needed for certain Openshift use cases. This does not implement
any new permission model for nested paths. i.e A repository with a
nested path is treated as a single repository under a _single_
namespace.
- Allow PYTHONUSERBASE_SITE_PACKAGE to be added as an environment variable
- Set PYTHONUSERBASE_SITE_PACKAGE to /usr/local/lib/python3.8/site-packages in downstream Dockerfile
* cicd: toggle on more OCI conformance tests (PROJQUAY-1997)
This commit also has the CI keep the report around as a workflow
artifact.
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
* external_libraries: patch out wider dependencies (PROJQUAY-1997)
This change makes it possible to run the external_libraries script
without needing to pull in the entire quay configuration framework. This
will allow for a more granular Dockerfile.
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
* cicd: enable docker buildkit backend (PROJQUAY-1997)
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
* Dockerfile: rework to be faster (PROJQUAY-1997)
This change allows for the Dockerfile to reuse more cache, and run in
parallel when using the BuildKit backend.
* init: Uses user site-package directory as Python root (PROJQUAY-1997)
Use `python3 -m site --user-site` as Python root when installing certs.
Co-authored-by: Hank Donnay <hdonnay@redhat.com>
