It appears GitHub has narrowed the permissions returned, so while we
might still have the ability to admin the *repo*, the permissions
list is returning `false`, so we disallow people to create triggers,
which is wrong.
Fixes https://issues.redhat.com/browse/PROJQUAY-523
Instead, we now simply save all the Image information into the
in-memory session and then construct the manifest directly at the end.
Fixes https://issues.redhat.com/browse/PROJQUAY-513
* Remove V3_UPGRADE_MODE
* Remove tag backfill worker and all callers to tag backfill and upgrades
* Change initdb to create all test data via the manifest builder, rather than manually via legacy images
* Convert various code paths to use the registry_model where we previously did not do so
* Convert the GC test suite to build via the manifest builder
* Delete an old, unused tool
* Delete the Pre OCI registry model
* Add additional error handling to the manifest creation code path
* Add additional error handling to the OCI tag creation code path
* Change how we respond to invalid manifest content types to better handle unknowns
* Change legacy secscan test suite to use the registry model
* Change the repo build badge to use the registry model (also fixes a bug)
* Delete now-unused data model code
* Remove old model adjustment code from OCI model
* Mark older data models as deprecated which will prevent new rows from being inserted
* Remove references to old registry test suite from various testing files
* Remove tag backfill worker (again; got re-added during rebase)
* Move all deprecated model checks into a central function
* Make data_migration more Pythonic
* Small requested fixes to Tag module styling
* Have tag backfill worker fail to migrate if there are TagManifest's
Since this backfill should only be called in future releases for empty models, this should catch someone attempting to upgrade from a too-old version
* Remove labelbackfillworker as it is no longer needed
* Remove unused invalid import
* Reimplement the tag test for the remaining method used
decrypted
From the UI perspective, we simply replace the username with text
indicating it is invalid.
For the worker, we already raise an exception and mark the mirroring
as invalid, so add a `logger.exception` so we have additional debug
information.
Fixes https://issues.redhat.com/browse/PROJQUAY-238
Usage of `quay.io` in a server hostname breaks the superuser API
(on purpose) to ensure that API is never available in production.
This change ensures this is messaged properly.
Fixes https://issues.redhat.com/browse/PROJQUAY-80
Turns out `--` isn't in the openssl in rhel7.
This is my bad to begin with, as this argument terminator isn't
documented even on versions where it works.
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
* Move truthy_bool to a neutral location.
* Add dba operator migration version generation code.
Change existing migrations to use an injected and wrapped op.
* Generate databasemigration hints files for all existing migrations.
* Reformat with black.
If we have a bug that causes the GC's assumptions to be wrong (such
as an Image added after a purge began), then the purge loop can enter a
state where it will never halt. This change detects that condition and
raises an exception so we can properly investigate the bug.
Fixes https://issues.redhat.com/browse/PROJQUAY-452
Instead of running simultaneously across multiple nodes, we change the
worker to run only from a single instance. This is better for the DB and
the previous behavior was not necessary given the size of the BlobUpload
table.
Fixes https://issues.redhat.com/browse/PROJQUAY-365
