kpfleming/pkg-proxy
1
0
Fork 0
forked from mirrors/pkg-proxy
Code Pull requests Activity
132 commits 4 branches 1 tag 854 KiB
Commit graph

32 commits

Author SHA1 Message Date
Andrew Nesbitt
d62c42b8d7
 		Add mirror command and API for selective package mirroring 
Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that
pre-populate the cache from various input sources: individual PURLs,
SBOM files (CycloneDX and SPDX), or full registry enumeration.

The mirror reuses the existing handler.Proxy.GetOrFetchArtifact()
pipeline so cached artifacts are identical to those fetched on demand.
A bounded worker pool controls download parallelism.

Metadata caching is opt-in via `cache_metadata: true` in config (or
PROXY_CACHE_METADATA=true). The mirror command always enables it. When
enabled, upstream metadata responses are stored for offline fallback
with ETag-based conditional revalidation.

New internal/mirror package with Source interface, PURLSource,
SBOMSource, RegistrySource, and async JobStore. New metadata_cache
database table for offline metadata serving.
 2026-04-13 09:01:04 +01:00
Andrew Nesbitt
773fe55bd9
 		Merge pull request #80 from git-pkgs/dependabot/go_modules/github.com/git-pkgs/vulns-0.1.4 
Bump github.com/git-pkgs/vulns from 0.1.3 to 0.1.4
 2026-04-10 15:42:53 +01:00
Andrew Nesbitt
d919d9ce3e
 		Merge pull request #82 from git-pkgs/dependabot/go_modules/modernc.org/sqlite-1.48.0 
Bump modernc.org/sqlite from 1.47.0 to 1.48.0
 2026-04-10 10:54:00 +01:00
dependabot[bot]
73d78c28fb
 		Bump github.com/git-pkgs/vulns from 0.1.3 to 0.1.4 
Bumps [github.com/git-pkgs/vulns](https://github.com/git-pkgs/vulns) from 0.1.3 to 0.1.4.
- [Commits](https://github.com/git-pkgs/vulns/compare/v0.1.3...v0.1.4)

---
updated-dependencies:
- dependency-name: github.com/git-pkgs/vulns
  dependency-version: 0.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 09:53:57 +00:00
Andrew Nesbitt
7d0ac94c6c
 		Merge pull request #81 from git-pkgs/dependabot/go_modules/github.com/git-pkgs/enrichment-0.2.2 
Bump github.com/git-pkgs/enrichment from 0.2.1 to 0.2.2
 2026-04-10 10:53:21 +01:00
dependabot[bot]
497afdf317
 		Bump github.com/lib/pq from 1.12.0 to 1.12.2 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.12.0 to 1.12.2.
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.12.0...v1.12.2)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 15:24:54 +00:00
dependabot[bot]
55db8f94fc
 		Bump modernc.org/sqlite from 1.47.0 to 1.48.0 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.47.0 to 1.48.0.
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.47.0...v1.48.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 15:24:50 +00:00
dependabot[bot]
d64fcb5b98
 		Bump github.com/git-pkgs/enrichment from 0.2.1 to 0.2.2 
Bumps [github.com/git-pkgs/enrichment](https://github.com/git-pkgs/enrichment) from 0.2.1 to 0.2.2.
- [Commits](https://github.com/git-pkgs/enrichment/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: github.com/git-pkgs/enrichment
  dependency-version: 0.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 15:24:42 +00:00
Andrew Nesbitt
81f505757f
 		Bump archives to v0.2.2 
Fixes duplicate directory entries in browse source for archives with
explicit directory entries (e.g. GitHub zipballs).
 2026-04-06 17:00:50 +01:00
Andrew Nesbitt
bdc246dc10
 		Fix container blob caching by passing auth token to fetcher (#44) 
* Fix container blob caching by passing auth token to fetcher

The container handler was calling GetOrFetchArtifactFromURL without
authentication headers, causing Docker Hub to return 401. The fallback
proxyBlobWithAuth path had auth but bypassed the cache entirely.

Now passes the Bearer token through GetOrFetchArtifactFromURLWithHeaders
so blobs are both authenticated and cached.

Fixes git-pkgs/proxy#43

* Update registries to v0.4.0

Replace pre-release pseudo-version with the released v0.4.0 now that
git-pkgs/registries#13 has been merged.
 2026-04-01 15:22:39 +01:00
dependabot[bot]
1d58f00433
 		Bump github.com/lib/pq from 1.11.2 to 1.12.0 (#45) 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.11.2 to 1.12.0.
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.11.2...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 16:05:33 +00:00
dependabot[bot]
2f06411390
 		Bump github.com/git-pkgs/enrichment from 0.1.5 to 0.2.1 (#46) 
Bumps [github.com/git-pkgs/enrichment](https://github.com/git-pkgs/enrichment) from 0.1.5 to 0.2.1.
- [Commits](https://github.com/git-pkgs/enrichment/compare/v0.1.5...v0.2.1)

---
updated-dependencies:
- dependency-name: github.com/git-pkgs/enrichment
  dependency-version: 0.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 15:59:11 +00:00
dependabot[bot]
1a8def9e20
 		Bump modernc.org/sqlite from 1.46.1 to 1.47.0 (#47) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.46.1 to 1.47.0.
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.1...v1.47.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-version: 1.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-26 15:58:50 +00:00
Andrew Nesbitt
82443e137f
 		Add generated OpenAPI docs support 2026-03-12 11:49:31 +00:00
Andrew Nesbitt
1618d6deca
 		Update all dependencies 2026-03-04 09:09:13 +00:00
Andrew Nesbitt
a93eb4da5e
 		Update archives to v0.2.0 2026-02-27 12:14:00 +00:00
Andrew Nesbitt
07778d9727
 		Replace internal/diff with archives/diff 
The diff package has been extracted into the archives module where it
belongs, since it operates on archives.Reader. This removes the internal
copy and imports from github.com/git-pkgs/archives/diff instead.
 2026-02-27 10:55:10 +00:00
Andrew Nesbitt
be8c4b9860
 		Replace internal/upstream with registries/fetch 
Use the new client/ and fetch/ sub-packages from git-pkgs/registries
instead of the local upstream package. The fetcher, circuit breaker, and
resolver now live in registries where they can be shared across projects.

Depends on git-pkgs/registries#8.
 2026-02-20 17:31:12 +00:00
Andrew Nesbitt
f10610fc15
 		Use go tool directive for golangci-lint instead of GitHub Action 2026-02-20 07:59:32 +00:00
Andrew Nesbitt
70dd557184
 		Update Go dependencies 2026-02-20 07:41:00 +00:00
dependabot[bot]
c50bf725b7
 		Bump github.com/go-chi/chi/v5 from 5.2.4 to 5.2.5 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.4 to 5.2.5.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.2.4...v5.2.5)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-16 10:54:33 +00:00
Andrew Nesbitt
e35394bee3
 		Use shared github.com/git-pkgs/enrichment module 2026-02-06 10:37:00 +00:00
Andrew Nesbitt
c7106922c8
 		go mod tidy 2026-02-04 08:49:17 +00:00
Andrew Nesbitt
8c7928cf31
 		Update dependencies 2026-02-03 22:53:40 +00:00
Andrew Nesbitt
2d7cb8eae5
 		Refactoring and features 2026-02-03 22:40:40 +00:00
dependabot[bot]
d36b660f9d
 		Bump github.com/ecosyste-ms/ecosystems-go 
Bumps [github.com/ecosyste-ms/ecosystems-go](https://github.com/ecosyste-ms/ecosystems-go) from 0.0.0-20260115154313-d5f3879b6ec0 to 0.1.0.
- [Commits](https://github.com/ecosyste-ms/ecosystems-go/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: github.com/ecosyste-ms/ecosystems-go
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-29 21:17:08 +00:00
Andrew Nesbitt
935c881c2f
 		Remove local replace directives for git-pkgs dependencies 
The replace directives pointed to sibling directories that don't exist
in CI. Updated registries and vulns to use published versions.
 2026-01-29 19:57:10 +00:00
Andrew Nesbitt
658e9621d8
 		Add Container, Debian, RPM handlers and enrichment API 
Adds proxy support for Docker/OCI container registries, Debian/APT
repositories, and RPM/Yum repositories. Includes a new enrichment API
for package metadata, vulnerability scanning, and outdated detection.

Updates the dashboard with Tailwind CSS, dark mode support, and a
security overview section showing vulnerability counts.
 2026-01-29 19:35:15 +00:00
Andrew Nesbitt
ba754f8a79
 		Add gocloud.dev/blob for S3 and filesystem storage 
Replace custom filesystem storage with gocloud.dev/blob for unified
storage backend support.

Supported backends:
- file:///path/to/dir - Local filesystem (default)
- s3://bucket-name - Amazon S3
- s3://bucket?endpoint=http://localhost:9000 - S3-compatible (MinIO)

Configuration via:
- CLI flag: -storage-url
- Environment: PROXY_STORAGE_URL
- Config file: storage.url

The old storage.path config is deprecated but still supported.
 2026-01-29 16:13:16 +00:00
Andrew Nesbitt
41aa11ab66
 		Add sqlx with SQLite default and PostgreSQL option 
Replace raw database/sql with jmoiron/sqlx for cleaner query handling.
Support both SQLite (default) and PostgreSQL as configurable backends.

Configuration via:
- CLI flags: -database-driver, -database-path, -database-url
- Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL
- Config file: database.driver, database.path, database.url

Tests run against both databases when PROXY_DATABASE_URL is set.
 2026-01-29 16:06:56 +00:00
Andrew Nesbitt
aa58059207
 		Update dependencies 2026-01-21 20:04:41 +00:00
Andrew Nesbitt
7b22638ef7
 		Hello world 2026-01-20 22:00:31 +00:00