mirrors/pkg-proxy
1
0
Fork 1
mirror of https://github.com/git-pkgs/proxy.git synced 2026-06-02 08:38:17 -04:00
Code Issues Releases Packages Wiki Activity
146 commits 14 branches 7 tags 1.7 MiB
Commit graph

146 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andrew Nesbitt
befc4493a2
 		Merge pull request #19 from git-pkgs/dependabot/github_actions/actions/setup-go-6.3.0 
Bump actions/setup-go from 6.2.0 to 6.3.0
 2026-03-05 15:42:22 +00:00
dependabot[bot]
bd99f3dd82
 		Bump actions/setup-go from 6.2.0 to 6.3.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](7a3fe6cf4c...4b73464bb3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-05 15:27:53 +00:00
Andrew Nesbitt
dd4595ddc5
 		Add version cooldown section to README 
Explains the motivation (supply chain attacks rely on speed), shows a
concrete config example, and walks through what happens when a new
version is published.
 2026-03-04 19:07:53 +00:00
Andrew Nesbitt
4f8f63f354
 		Add version cooldown to filter recently published packages 
Hides package versions published too recently from metadata responses,
giving the community time to spot malicious releases. Configurable
per-ecosystem and per-package with duration overrides. Supported for
npm, PyPI, pub.dev, and Composer.
 2026-03-04 19:00:31 +00:00
Andrew Nesbitt
5f4c57693e
 		Merge pull request #15 from git-pkgs/use-purl-library 
Replace inline PURL construction with purl library
 2026-03-04 09:23:10 +00:00
Andrew Nesbitt
364549ad14
 		Replace inline PURL construction with purl library 
Uses purl.MakePURLString() instead of fmt.Sprintf("pkg:...") for
correct namespace handling (npm scopes, Go module paths, Maven group
IDs) and percent-encoding. Replaces hand-rolled extractEcosystem and
inline PURL parsing in the bulk lookup fallback with purl.Parse().
 2026-03-04 09:20:16 +00:00
Andrew Nesbitt
40cfd7798e
 		Merge pull request #14 from git-pkgs/update-dependencies 
Update all dependencies
 2026-03-04 09:15:43 +00:00
Andrew Nesbitt
1618d6deca
 		Update all dependencies 2026-03-04 09:09:13 +00:00
Andrew Nesbitt
bd123e298e
 		Merge pull request #13 from git-pkgs/use-archives-diff 
Replace internal/diff with archives/diff
 2026-02-27 12:18:38 +00:00
Andrew Nesbitt
a93eb4da5e
 		Update archives to v0.2.0 2026-02-27 12:14:00 +00:00
Andrew Nesbitt
07778d9727
 		Replace internal/diff with archives/diff 
The diff package has been extracted into the archives module where it
belongs, since it operates on archives.Reader. This removes the internal
copy and imports from github.com/git-pkgs/archives/diff instead.
 2026-02-27 10:55:10 +00:00
Andrew Nesbitt
1897f2f44f
 		Merge pull request #11 from git-pkgs/dependabot/github_actions/goreleaser/goreleaser-action-7.0.0 
Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0
 2026-02-26 16:19:44 +00:00
dependabot[bot]
5b16012ab3
 		Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.4.0 to 7.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](e435ccd777...ec59f474b9)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 15:34:49 +00:00
Andrew Nesbitt
2e9dc1a6b3
 		Merge pull request #10 from git-pkgs/use-registries-fetch 
Replace internal/upstream with registries/fetch
 2026-02-20 20:26:23 +00:00
Andrew Nesbitt
be8c4b9860
 		Replace internal/upstream with registries/fetch 
Use the new client/ and fetch/ sub-packages from git-pkgs/registries
instead of the local upstream package. The fetcher, circuit breaker, and
resolver now live in registries where they can be shared across projects.

Depends on git-pkgs/registries#8.
 2026-02-20 17:31:12 +00:00
Andrew Nesbitt
f10610fc15
 		Use go tool directive for golangci-lint instead of GitHub Action 2026-02-20 07:59:32 +00:00
Andrew Nesbitt
e6645f38c9
 		Fix staticcheck QF1012 lint warnings in diff package 2026-02-20 07:53:24 +00:00
Andrew Nesbitt
70dd557184
 		Update Go dependencies 2026-02-20 07:41:00 +00:00
Andrew Nesbitt
48ae3898c2
 		Merge pull request #3 from git-pkgs/dependabot/go_modules/github.com/go-chi/chi/v5-5.2.5 
Bump github.com/go-chi/chi/v5 from 5.2.4 to 5.2.5
 2026-02-16 11:25:21 +00:00
Andrew Nesbitt
337159d3cd
 		Merge pull request #2 from git-pkgs/dependabot/github_actions/zizmorcore/zizmor-action-0.5.0 
Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0
 2026-02-16 11:25:10 +00:00
Andrew Nesbitt
4d5098e044
 		Remove internal/archive package, replaced by git-pkgs/archives dependency 2026-02-16 11:11:48 +00:00
dependabot[bot]
c50bf725b7
 		Bump github.com/go-chi/chi/v5 from 5.2.4 to 5.2.5 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.4 to 5.2.5.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.2.4...v5.2.5)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-16 10:54:33 +00:00
dependabot[bot]
b86c8be81d
 		Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.4.1 to 0.5.0.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](135698455d...0dce2577a4)

---
updated-dependencies:
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-16 10:54:32 +00:00
Andrew Nesbitt
8ddf07587c
 		Fix golangci-lint errors (errcheck, staticcheck, unused) 2026-02-16 10:53:21 +00:00
Andrew Nesbitt
e35394bee3
 		Use shared github.com/git-pkgs/enrichment module 2026-02-06 10:37:00 +00:00
Andrew Nesbitt
c7106922c8
 		go mod tidy 2026-02-04 08:49:17 +00:00
Andrew Nesbitt
8c7928cf31
 		Update dependencies 2026-02-03 22:53:40 +00:00
Andrew Nesbitt
96ff2731e5
 		Update ecosystems-go dependency version in go.mod 2026-02-03 22:41:13 +00:00
Andrew Nesbitt
2d7cb8eae5
 		Refactoring and features 2026-02-03 22:40:40 +00:00
Andrew Nesbitt
bbd88fcca1
 		Update .gitignore 2026-02-03 22:40:26 +00:00
Andrew Nesbitt
0901aa082b
 		ignore binary 2026-02-03 22:40:26 +00:00
Andrew Nesbitt
fb66817a05
 		remove and ignore cache db 2026-02-03 22:40:25 +00:00
Andrew Nesbitt
c3750adfd0
 		Merge pull request #1 from git-pkgs/dependabot/go_modules/github.com/ecosyste-ms/ecosystems-go-0.1.0 
Bump github.com/ecosyste-ms/ecosystems-go from 0.0.0-20260115154313-d5f3879b6ec0 to 0.1.0
 2026-01-29 21:20:51 +00:00
dependabot[bot]
d36b660f9d
 		Bump github.com/ecosyste-ms/ecosystems-go 
Bumps [github.com/ecosyste-ms/ecosystems-go](https://github.com/ecosyste-ms/ecosystems-go) from 0.0.0-20260115154313-d5f3879b6ec0 to 0.1.0.
- [Commits](https://github.com/ecosyste-ms/ecosystems-go/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: github.com/ecosyste-ms/ecosystems-go
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-29 21:17:08 +00:00
Andrew Nesbitt
9c974a0a81
 		Fix Windows CI test failures 
- Use proper file:/// URL format for Windows paths in blob storage tests
- Accept both text/javascript and application/javascript MIME types
 2026-01-29 21:12:13 +00:00
Andrew Nesbitt
935c881c2f
 		Remove local replace directives for git-pkgs dependencies 
The replace directives pointed to sibling directories that don't exist
in CI. Updated registries and vulns to use published versions.
 2026-01-29 19:57:10 +00:00
Andrew Nesbitt
f4a407ced3
 		Add GitHub Actions workflows and goreleaser config 2026-01-29 19:44:41 +00:00
Andrew Nesbitt
658e9621d8
 		Add Container, Debian, RPM handlers and enrichment API 
Adds proxy support for Docker/OCI container registries, Debian/APT
repositories, and RPM/Yum repositories. Includes a new enrichment API
for package metadata, vulnerability scanning, and outdated detection.

Updates the dashboard with Tailwind CSS, dark mode support, and a
security overview section showing vulnerability counts.
 2026-01-29 19:35:15 +00:00
Andrew Nesbitt
1eb9d71bd7
 		Align database schema with git-pkgs for compatibility 
The proxy can now use an existing git-pkgs database as a starting point.
Packages and versions tables match git-pkgs schema, using PURL-based
references instead of integer IDs. The proxy adds its own artifacts
table for caching functionality.
 2026-01-29 16:44:01 +00:00
Andrew Nesbitt
fcc5289f97
 		Add auth pass-through for upstream registries 
Configure authentication per URL prefix in config:

  upstream:
    auth:
      "https://registry.npmjs.org":
        type: bearer
        token: "${NPM_TOKEN}"

Supports bearer tokens, basic auth, and custom headers.
Credentials can reference environment variables with ${VAR_NAME} syntax.
The longest matching URL prefix wins when multiple patterns match.
 2026-01-29 16:33:09 +00:00
Andrew Nesbitt
ba754f8a79
 		Add gocloud.dev/blob for S3 and filesystem storage 
Replace custom filesystem storage with gocloud.dev/blob for unified
storage backend support.

Supported backends:
- file:///path/to/dir - Local filesystem (default)
- s3://bucket-name - Amazon S3
- s3://bucket?endpoint=http://localhost:9000 - S3-compatible (MinIO)

Configuration via:
- CLI flag: -storage-url
- Environment: PROXY_STORAGE_URL
- Config file: storage.url

The old storage.path config is deprecated but still supported.
 2026-01-29 16:13:16 +00:00
Andrew Nesbitt
2a20fea2d9
 		Add Dockerfile and docker-compose.yml 
Includes configurations for both SQLite (default) and PostgreSQL.

Usage:
  docker compose up              # SQLite
  docker compose --profile postgres up  # PostgreSQL
 2026-01-29 16:07:14 +00:00
Andrew Nesbitt
41aa11ab66
 		Add sqlx with SQLite default and PostgreSQL option 
Replace raw database/sql with jmoiron/sqlx for cleaner query handling.
Support both SQLite (default) and PostgreSQL as configurable backends.

Configuration via:
- CLI flags: -database-driver, -database-path, -database-url
- Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL
- Config file: database.driver, database.path, database.url

Tests run against both databases when PROXY_DATABASE_URL is set.
 2026-01-29 16:06:56 +00:00
Andrew Nesbitt
7b1bdf75f7
 		Extract checkCache helper to reduce duplication 2026-01-21 22:47:23 +00:00
Andrew Nesbitt
aa58059207
 		Update dependencies 2026-01-21 20:04:41 +00:00
Andrew Nesbitt
7b22638ef7
 		Hello world 2026-01-20 22:00:31 +00:00