github/hauler
1
0
Fork 0
mirror of https://github.com/hauler-dev/hauler.git synced 2026-05-16 22:26:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
539 Commits 4 Branches 83 Tags
v2.0.0-dev.2
Commit Graph

34 Commits

Author SHA1 Message Date
Zack Brady
c0294c733b update release/2.0 from main (#546) 
* fix: handling of file referenced dependencies without repository field (#514)

co-authored-by: devleitner <devleitner@protonmail.com>

* bump go.opentelemetry.io/otel/sdk (#520)

bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).

updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

---

updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* dev.md file (#521)

* smaller changes and updates for v1.4.2 release (#524)

* smaller changes and updates for v1.4.2 release
* removed unused env variable

* over-"haul": replace oras v1 and cosign fork with native containerd-based implementation (#515)

* remove oras from hauler

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* remove cosign fork and use upstream cosign for verification

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* added support for oci referrers

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* updated README.md projects list

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* updates for copilot PR review

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for unsafe type assertions

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for http getter and dead code

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* fixes for more clarity and better error handling

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for resource leaks and unchecked errors

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for rewrite logic for docker.io images due to cosign removal

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for sigs and referrers

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix for index.json missing mediatype

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bug fix to make sure manifest.json doesnt include anything other than actual container images

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bump github.com/docker/cli in the go_modules group across 1 directory (#526)

bumps the go_modules group with 1 update in the / directory: [github.com/docker/cli](https://github.com/docker/cli).


updates `github.com/docker/cli` from 29.0.3+incompatible to 29.2.0+incompatible
- [Commits](https://github.com/docker/cli/compare/v29.0.3...v29.2.0)

---

updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.2.0+incompatible
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* removed deprecated code (#528)

* removed deprecated code
* removed all supported for v1alpha1

* fix extract for oci files (#529)

* fix extract for oci files

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* have extract guard against path traversal

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* improved test coverage (#530)

* improved test coverage

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* adjusted mapper_test for oddball oci files

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* adjust extract to handle an image index appropriately (#531)

* adjust extract to handle images and image indices appropriately

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* updates for review feedback

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* fix dockerhub default host bug (#534)

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* adjust hauler's kind annotation to not reflect cosign (#535)

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* bump google.golang.org/grpc in the go_modules group across 1 directory (#536)

bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).

updates `google.golang.org/grpc` from 1.78.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3)

---

updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add cherry-pick workflow for release branches (#533)

this workflow automates cherry-picking changes from merged pull requests to specified release branches based on comments... it handles permission checks, version parsing, and conflict resolution during the cherry-pick process.

Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com>

* images.txt testdata file (#539)

* fix keep registry logic (#537)

* fixed keep registry logic
* trim library/
* updated test
* test updates

* option to sync images.txt files natively (#538)

* sync images.txt files
* test worklflow sync w image list
* images.txt

* chunk the haul (#519)

* chunk the haul
* validate numeric suffix on join
* enforce valid chunk size
* containerd warning
* updated test.go files

* bump github.com/go-jose/go-jose/v4 (#542)

bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).


updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4

- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4)

---

updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
  dependency-group: go_modules

...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* allow multiple prefix references (#532)

* allow multiple prefix references
* fixed some duplications

* add optional flag for excluding extra artifacts when pulling from a registry (#541)

* add optional flag for excluding extra artifacts when pulling from a registry

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* add optional flag to charts for excluding extra artifacts when pulling from a registry

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
Signed-off-by: Camryn Carter <camryn.carter@ranchergovernment.com>
Co-authored-by: devLeitner <87783219+devLeitner@users.noreply.github.com>
Co-authored-by: devleitner <devleitner@protonmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Camryn Carter <camryn.carter@ranchergovernment.com>
Co-authored-by: Adam Martin <adam.martin@ranchergovernment.com>
 2026-04-08 12:09:23 -04:00
Adam Martin
f1a632a207 update for cosign v3 verify (#469) 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
Co-authored-by: Zack Brady <zackbrady123@gmail.com>
 2025-10-24 17:07:49 -04:00
Adam Martin
344c008607 update cosign to v3.0.2+hauler.1 (#463) 
signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2025-10-22 12:48:56 -04:00
Adam Martin
ea53002f3a formatting and flag text updates 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2025-04-22 12:43:04 -04:00
Nathaniel Churchill
4d0f779ae6 add keyless signature verification (#434) 2025-04-21 15:27:17 -04:00
Adam Martin
3b96a95a94 add --only flag to hauler store copy (for images) (#429) 
* bump cosign fork and tidy

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* add --only to hauler store copy

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
Co-authored-by: Zack Brady <zackbrady123@gmail.com>
 2025-04-08 09:27:12 -04:00
Adam Toy
f9a188259f fix tlog verification error/warning output (#428) 
* fix tlog verification error/warning output
* extend error msg to avoid ambiguity
 2025-04-04 16:51:26 -05:00
Adam Martin
db065a1088 default public transparency log verification to false to be airgap friendly but allow override (#425) 
Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
 2025-03-27 09:13:23 -04:00
Adam Martin
a20d7bf950 forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383) 
* only ignore project-root/store not all store paths
* remove embedded cosign binary in favor of fork library
 2025-01-10 17:14:44 -05:00
Zack Brady
e97adcdfed cleaned up registry and improved logging (#378) 
* cleaned up registry and improved logging
* last bit of logging improvements/import clean up

---------

Signed-off-by: Zack Brady <zackbrady123@gmail.com>
 2025-01-09 15:21:03 -05:00
Zack Brady
235218cfff added store env var (#370) 
* added strictmode flag and consts
* updated code with strictmode
* added flag for retryoperation
* updated registry short flag
* added store env var
* added/fixed more env var code

---------

Signed-off-by: Zack Brady <zackbrady123@gmail.com>
 2024-12-04 14:26:53 -05:00
Zack Brady
4270a27819 adding ignore errors and retries for continue on error/fail on error (#368) 
* added strictmode flag and consts
* updated code with strictmode
* added flag for retryoperation
* updated registry short flag
* updated strictmode to ignore errors
* fixed command description
* cleaned up error/debug logs
 2024-12-02 17:18:58 -05:00
Zack Brady
1b77295438 updated/fixed hauler directory (#354) 
* added env variables for haulerDir/tempDir
* updated hauler directory for the install script
* cleanup/fixes for install script
* updated variables based on feedback
* revert "updated variables based on feedback"
  * reverts commit 54f7a4d695
* minor restructure to root flags
* updated logic to include haulerdir flag
* cleaned up/formatted new logic
* more cleanup and formatting
 2024-11-14 21:37:25 -05:00
Zack Brady
38c7d1b17a standardize consts (#353) 
* removed k3s code
* standardize and formatted consts
* fixed consts for sync.go
* trying another fix for sync

---------

Signed-off-by: Zack Brady <zackbrady123@gmail.com>
 2024-11-06 18:31:06 -05:00
Adam Martin
5aa55e9eda continue on error when adding images to store (#317) 
* continue on error when adding images to store

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>

* Update cmd/hauler/cli/store/add.go

Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
Signed-off-by: Adam Martin <42001113+amartin120@users.noreply.github.com>

---------

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
Signed-off-by: Adam Martin <42001113+amartin120@users.noreply.github.com>
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
 2024-09-04 14:11:07 -04:00
Jacob Blain Christen
16fa03fec8 github.com/rancherfederal/hauler => hauler.dev/go/hauler (#311) 2024-08-26 13:54:06 -07:00
Zack Brady
7a7906b8ea updated imports (and go fmt) 2024-06-13 23:44:06 -04:00
Zack Brady
fd702202ac formatted all code (go fmt) 2024-06-05 08:25:45 -04:00
Adam Martin
14738c3cd6 update to v2.2.3 of our cosign fork 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-03-28 13:11:26 -04:00
Adam Martin
cd8d4f6e46 add login command 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-02-15 15:54:23 -05:00
Adam Martin
6c2b97042e switch the 'not a multi-arch image' log message to be debug 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-02-11 10:37:40 -05:00
Adam Martin
be22e56f27 fix whitspace issue 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-02-10 23:32:42 -05:00
Adam Martin
c8ea279c0d add better logging for save 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-02-10 23:30:34 -05:00
Adam Martin
e8d084847d remove extra debug statement 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-01-28 21:15:27 -05:00
Adam Martin
a05d21c052 add platform flag for image add and sync 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-01-28 19:48:16 -05:00
Adam Martin
a977cec50c improve cosign setup 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2024-01-28 12:08:31 -05:00
Adam Martin
0f7f363d6c improved logging for hauler store copy 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-12-11 18:15:34 -05:00
Adam Martin
f348fb8d4d registry auth fix for copy 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-11-28 22:29:00 -05:00
Adam Martin
fe60b1fd1a add retry logic 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-11-28 10:02:21 -05:00
Adam Martin
be486df762 fix carbide cosign repo path and perms 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-11-06 09:07:13 -05:00
Adam Martin
f2b0c44af3 polish up cosign verify for hauler store sync 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-10-12 12:05:35 -04:00
Adam Martin
bb9a088a84 fixes and logging for cosign verify <iamge> 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-10-11 13:44:21 -04:00
Adam Martin
220eeedb2c add cosign drop-in funcs 
Signed-off-by: Adam Martin <adam.martin@rancherfederal.com>
 2023-10-11 13:44:21 -04:00
Adam Martin
58c55d7aeb add cosign logic 2023-10-11 13:44:21 -04:00