add workflow

.gitea/workflows/patchbuild.yaml

@@ -0,0 +1,31 @@
+name: Building zot from binaries with patch for login page
+on: [push]
+
+jobs:
+  build-process:
+    runs-on: alt-sisyphus
+    steps:
+    - name: Update apt
+      uses: actions/init-alt-env@v1
+    - name: Install req-s
+      run: |
+        apt-get install -y podman 
+    - name: Check out zot 
+      uses: actions/checkout@master
+    - name: Build image
+      run: |
+        cd zot
+        podman build --tag alt/zot-wo-auth:$ZOT_VER --build-arg="ZOT_VER=$ZOT_VER" --build-arg="ZUI_VER=$ZUI_VER" .
+      env:
+        ZOT_VER: 'v2.0.4'
+        ZUI_VER: 'commit-9de2337'
+    - name: Push image
+      run: |
+        podman login --username $P_USER --password $P_PASS $URL
+        podman push alt/zot-wo-auth:$ZOT_VER docker://$URL/alt/zot-wo-auth
+        podman rmi --all
+      env:
+        P_USER: ${{ secrets.PODMAN_USER }}
+        P_PASS: ${{ secrets.PODMAN_PASS }}
+        ZOT_VER: 'v2.0.4'
+        URL: 'gitea.basealt.ru'

Dockerfile

@@ -1,10 +1,13 @@
 FROM registry.altlinux.org/alt/alt:latest AS builder
 ARG ZOT_VER=v2.0.4
-ARG ZUI_VER=commit-9de2337
+ARG ZUI_VER=commit-09ab447
 
 WORKDIR /workdir
-RUN apt-get update && apt-get install apt rpm
+RUN apt-get update && apt-get install -y podman git \
-RUN apt-get install -y podman git golang npm ca-certificates rpm-build-golang rpm-build-nodejs rpm-macros-golang
+	golang npm rpm-build-golang rpm-build-nodejs rpm-macros-golang && \
+	rm -f /var/cache/apt/archives/*.rpm \
+           /var/cache/apt/*.bin \
+          /var/lib/apt/lists/*.*
 RUN git clone -q --branch $ZOT_VER https://github.com/project-zot/zot
 
 WORKDIR zot
@@ -12,15 +15,14 @@ RUN git checkout $ZOT_VER
 RUN git clone -q --branch $ZUI_VER https://github.com/project-zot/zui 
 
 WORKDIR zui
-COPY ./zui-auth.patch pwd/zui-auth.patch
+COPY ./zui-auth.patch ./
-RUN git apply --check pwd/zui-auth.patch
+RUN git apply zui-auth.patch
 RUN npm install && npm run build 
 
 WORKDIR /workdir/zot
 RUN make COMMIT=$ZOT_VER ZUI_BUILD_PATH="/workdir/zot/zui/build" binary cli bench
-COPY pwd/bin/zli-linux-%go_hostarch completion bash > zli.bash
+RUN export ARCH=$(go env GOARCH); bin/zli-linux-$ARCH completion bash > zli.bash
-COPY pwd/bin/zot-linux-%go_hostarch completion bash > zot.bash
+RUN export ARCH=$(go env GOARCH); bin/zot-linux-$ARCH completion bash > zot.bash
-
 
 FROM registry.altlinux.org/alt/alt:latest
 MAINTAINER alt-cloud
@@ -34,10 +36,16 @@ LABEL org.opencontainers.image.vendor="ALT Linux Team"
 COPY --from=builder /workdir/zot/bin/zot-linux-* /usr/bin/zot
 COPY --from=builder /workdir/zot/bin/zli-linux-* /usr/bin/zli 
 COPY --from=builder /workdir/zot/bin/zb-linux-* /usr/bin/zb 
-COPY ./zot.service /lib/systemd/system/zot.service
 COPY ./config.json /etc/zot/config.json
-COPY --from=builder /workdir/zot/bin/zot.bash /usr/share/bash-completion/completions/zot
+COPY --from=builder /workdir/zot/zot.bash /usr/share/bash-completion/completions/zot
-COPY --from=builder /workdir/zot/bin/zli.bash /usr/share/bash-completion/completions/zli
+COPY --from=builder /workdir/zot/zli.bash /usr/share/bash-completion/completions/zli
+
+RUN apt-get update && apt-get install -y ca-certificates && \
+    rm -f /var/cache/apt/archives/*.rpm \
+          /var/cache/apt/*.bin \
+          /var/lib/apt/lists/*.*
+RUN groupadd -r -f _zot
+RUN useradd -r -g _zot -M -d /var/lib/_zot -s /dev/null -c "Zot registry user" _zot
 
 USER _zot:_zot
 

config.json

@@ -14,7 +14,7 @@
             "enable": true,
             "cve": {
                 "trivy": {
-                    "dbRepository": "ghcr.io/alt-cloud/trivy-db"
+                    "dbRepository": "registry.altlinux.org/alt/trivy-db"
                 },
                 "updateInterval": "24h"
             }

zot.service

@@ -1,50 +0,0 @@
-[Unit]
-Description=OCI Distribution Registry
-Documentation=https://zotregistry.dev/
-Wants=network-online.target
-After=network-online.target local-fs.target
-
-[Service]
-Type=simple
-ExecStartPre=/usr/bin/zot verify /etc/zot/config.json
-ExecStart=/usr/bin/zot serve /etc/zot/config.json
-Restart=on-failure
-User=_zot
-Group=_zot
-LimitNOFILE=65535
-
-RemoveIPC=true
-ProcSubset=pid
-NoNewPrivileges=true
-LockPersonality=true
-MemoryDenyWriteExecute=true
-
-CapabilityBoundingSet=
-
-ProtectSystem=strict
-ReadWritePaths=-/var/lib/zot
-
-ProtectProc=invisible
-ProtectHome=true
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-
-PrivateTmp=true
-PrivateDevices=true
-PrivateIPC=true
-
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~ @privileged @resources
-
-[Install]
-WantedBy=multi-user.target

zui-auth.patch

@@ -1,49 +1,63 @@
 diff --git a/src/App.js b/src/App.js
-index 6fdd96c..9728bc2 100644
+index 6fdd96c..0ac0e05 100644
 --- a/src/App.js
 +++ b/src/App.js
-@@ -1,8 +1,7 @@
+@@ -2,7 +2,7 @@ import React, { useState } from 'react';
--import React, { useState } from 'react';
-+import React from 'react';
  import { BrowserRouter as Router, Routes, Route, Navigate } from 'react-router-dom';
  
--import { isAuthenticated, isApiKeyEnabled } from 'utilities/authUtilities';
+ import { isAuthenticated, isApiKeyEnabled } from 'utilities/authUtilities';
 -import { AuthWrapper } from 'utilities/AuthWrapper';
-+import { isApiKeyEnabled } from 'utilities/authUtilities';
++import { NoAuthWrapper } from 'utilities/NoAuthWrapper';
  
  import HomePage from './pages/HomePage';
  import LoginPage from './pages/LoginPage';
-@@ -14,25 +13,18 @@ import UserManagementPage from 'pages/UserManagementPage';
+@@ -20,18 +20,15 @@ function App() {
- import './App.css';
- 
- function App() {
--  const [isLoggedIn, setIsLoggedIn] = useState(isAuthenticated());
--
-   return (
      <div className="App" data-testid="app-container">
        <Router>
          <Routes>
 -          <Route element={<AuthWrapper isLoggedIn={isLoggedIn} hasHeader redirect="/login" />}>
--            <Route path="/" element={<Navigate to="/home" />} />
++          <Route element={<NoAuthWrapper hasHeader />}>
--            <Route path="/home" element={<HomePage />} />
+             <Route path="/" element={<Navigate to="/home" />} />
--            <Route path="/explore" element={<ExplorePage />} />
+             <Route path="/home" element={<HomePage />} />
--            <Route path="/image/:name" element={<RepoPage />} />
+             <Route path="/explore" element={<ExplorePage />} />
--            <Route path="/image/:reponame/tag/:tag" element={<TagPage />} />
+             <Route path="/image/:name" element={<RepoPage />} />
--            {isApiKeyEnabled() && <Route path="/user/apikey" element={<UserManagementPage />} />}
+             <Route path="/image/:reponame/tag/:tag" element={<TagPage />} />
+             {isApiKeyEnabled() && <Route path="/user/apikey" element={<UserManagementPage />} />}
 -            <Route path="*" element={<Navigate to="/home" />} />
 -          </Route>
 -          <Route element={<AuthWrapper isLoggedIn={!isLoggedIn} redirect="/" />}>
--            <Route path="/login" element={<LoginPage isLoggedIn={isLoggedIn} setIsLoggedIn={setIsLoggedIn} />} />
+             <Route path="/login" element={<LoginPage isLoggedIn={isLoggedIn} setIsLoggedIn={setIsLoggedIn} />} />
 -            <Route path="*" element={<Navigate to="/login" />} />
--          </Route>
++            <Route path="*" element={<Navigate to="/home" />} />
-+          <Route path="/" element={<Navigate to="/home" />} />
+           </Route>
-+          <Route path="/home" element={<HomePage />} />
-+          <Route path="/login" element={<LoginPage />} />
-+          <Route path="/explore" element={<ExplorePage />} />
-+          <Route path="/image/:name" element={<RepoPage />} />
-+          <Route path="/image/:reponame/tag/:tag" element={<TagPage />} />
-+          {isApiKeyEnabled() && <Route path="/user/apikey" element={<UserManagementPage />} />}
-+          <Route path="*" element={<Navigate to="/home" />} />
          </Routes>
        </Router>
-     </div>
+diff --git a/src/utilities/NoAuthWrapper.jsx b/src/utilities/NoAuthWrapper.jsx
+new file mode 100644
+index 0000000..974e11f
+--- /dev/null
++++ b/src/utilities/NoAuthWrapper.jsx
+@@ -0,0 +1,23 @@
++import React from 'react';
++import { Outlet } from 'react-router-dom';
++import makeStyles from '@mui/styles/makeStyles';
++
++const useStyles = makeStyles(() => ({
++  topMargin: {
++    marginTop: '10vh',
++    minHeight: '90vh',
++    height: '100%'
++  }
++}));
++
++const NoAuthWrapper = ({ hasHeader = false }) => {
++  const classes = useStyles();
++
++  return (
++    <div className={hasHeader ? classes.topMargin : null}>
++      <Outlet />
++    </div>
++  );
++};
++
++export { NoAuthWrapper };

zui-auth2.patch

@@ -0,0 +1,49 @@
+diff --git a/src/App.js b/src/App.js
+index 6fdd96c..9728bc2 100644
+--- a/src/App.js
++++ b/src/App.js
+@@ -1,8 +1,7 @@
+-import React, { useState } from 'react';
++import React from 'react';
+ import { BrowserRouter as Router, Routes, Route, Navigate } from 'react-router-dom';
+ 
+-import { isAuthenticated, isApiKeyEnabled } from 'utilities/authUtilities';
+-import { AuthWrapper } from 'utilities/AuthWrapper';
++import { isApiKeyEnabled } from 'utilities/authUtilities';
+ 
+ import HomePage from './pages/HomePage';
+ import LoginPage from './pages/LoginPage';
+@@ -14,25 +13,18 @@ import UserManagementPage from 'pages/UserManagementPage';
+ import './App.css';
+ 
+ function App() {
+-  const [isLoggedIn, setIsLoggedIn] = useState(isAuthenticated());
+-
+   return (
+     <div className="App" data-testid="app-container">
+       <Router>
+         <Routes>
+-          <Route element={<AuthWrapper isLoggedIn={isLoggedIn} hasHeader redirect="/login" />}>
+-            <Route path="/" element={<Navigate to="/home" />} />
+-            <Route path="/home" element={<HomePage />} />
+-            <Route path="/explore" element={<ExplorePage />} />
+-            <Route path="/image/:name" element={<RepoPage />} />
+-            <Route path="/image/:reponame/tag/:tag" element={<TagPage />} />
+-            {isApiKeyEnabled() && <Route path="/user/apikey" element={<UserManagementPage />} />}
+-            <Route path="*" element={<Navigate to="/home" />} />
+-          </Route>
+-          <Route element={<AuthWrapper isLoggedIn={!isLoggedIn} redirect="/" />}>
+-            <Route path="/login" element={<LoginPage isLoggedIn={isLoggedIn} setIsLoggedIn={setIsLoggedIn} />} />
+-            <Route path="*" element={<Navigate to="/login" />} />
+-          </Route>
++          <Route path="/" element={<Navigate to="/home" />} />
++          <Route path="/home" element={<HomePage />} />
++          <Route path="/login" element={<LoginPage />} />
++          <Route path="/explore" element={<ExplorePage />} />
++          <Route path="/image/:name" element={<RepoPage />} />
++          <Route path="/image/:reponame/tag/:tag" element={<TagPage />} />
++          {isApiKeyEnabled() && <Route path="/user/apikey" element={<UserManagementPage />} />}
++          <Route path="*" element={<Navigate to="/home" />} />
+         </Routes>
+       </Router>
+     </div>