mirror of
https://github.com/fosrl/pangolin.git
synced 2026-01-29 06:10:47 +00:00
Compare commits
5 Commits
1.15.0
...
dependabot
| Author | SHA1 | Date | |
|---|---|---|---|
|
ea3a2c660e | ||
|
37c4a7b690 | ||
|
|
b735e7c34d | ||
|
|
5f85c3b3b8 | ||
|
5d9cb9fa21 |
28
.github/workflows/cicd.yml
vendored
28
.github/workflows/cicd.yml
vendored
@@ -482,14 +482,32 @@ jobs:
|
||||
echo "==> cosign sign (key) --recursive ${REF}"
|
||||
cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"
|
||||
|
||||
# Retry wrapper for verification to handle registry propagation delays
|
||||
retry_verify() {
|
||||
local cmd="$1"
|
||||
local attempts=6
|
||||
local delay=5
|
||||
local i=1
|
||||
until eval "$cmd"; do
|
||||
if [ $i -ge $attempts ]; then
|
||||
echo "Verification failed after $attempts attempts"
|
||||
return 1
|
||||
fi
|
||||
echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
|
||||
sleep $delay
|
||||
i=$((i+1))
|
||||
delay=$((delay*2))
|
||||
# Cap the delay to avoid very long waits
|
||||
if [ $delay -gt 60 ]; then delay=60; fi
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
echo "==> cosign verify (public key) ${REF}"
|
||||
cosign verify --key env://COSIGN_PUBLIC_KEY "${REF}" -o text
|
||||
retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${REF}' -o text"
|
||||
|
||||
echo "==> cosign verify (keyless policy) ${REF}"
|
||||
cosign verify \
|
||||
--certificate-oidc-issuer "${issuer}" \
|
||||
--certificate-identity-regexp "${id_regex}" \
|
||||
"${REF}" -o text
|
||||
retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"
|
||||
|
||||
echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
|
||||
done
|
||||
|
||||
147
package-lock.json
generated
147
package-lock.json
generated
@@ -82,7 +82,7 @@
|
||||
"node-cache": "5.1.2",
|
||||
"node-fetch": "3.3.2",
|
||||
"nodemailer": "7.0.11",
|
||||
"npm": "11.7.0",
|
||||
"npm": "11.8.0",
|
||||
"nprogress": "0.2.0",
|
||||
"oslo": "1.2.1",
|
||||
"pg": "8.17.1",
|
||||
@@ -13944,7 +13944,6 @@
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.32.0.tgz",
|
||||
"integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@rtsao/scc": "^1.1.0",
|
||||
"array-includes": "^3.1.9",
|
||||
@@ -17048,9 +17047,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm": {
|
||||
"version": "11.7.0",
|
||||
"resolved": "https://registry.npmjs.org/npm/-/npm-11.7.0.tgz",
|
||||
"integrity": "sha512-wiCZpv/41bIobCoJ31NStIWKfAxxYyD1iYnWCtiyns8s5v3+l8y0HCP/sScuH6B5+GhIfda4HQKiqeGZwJWhFw==",
|
||||
"version": "11.8.0",
|
||||
"resolved": "https://registry.npmjs.org/npm/-/npm-11.8.0.tgz",
|
||||
"integrity": "sha512-n19sJeW+RGKdkHo8SCc5xhSwkKhQUFfZaFzSc+EsYXLjSqIV0tl72aDYQVuzVvfrbysGwdaQsNLNy58J10EBSQ==",
|
||||
"bundleDependencies": [
|
||||
"@isaacs/string-locale-compare",
|
||||
"@npmcli/arborist",
|
||||
@@ -17129,8 +17128,8 @@
|
||||
],
|
||||
"dependencies": {
|
||||
"@isaacs/string-locale-compare": "^1.1.0",
|
||||
"@npmcli/arborist": "^9.1.9",
|
||||
"@npmcli/config": "^10.4.5",
|
||||
"@npmcli/arborist": "^9.1.10",
|
||||
"@npmcli/config": "^10.5.0",
|
||||
"@npmcli/fs": "^5.0.0",
|
||||
"@npmcli/map-workspaces": "^5.0.3",
|
||||
"@npmcli/metavuln-calculator": "^9.0.3",
|
||||
@@ -17138,7 +17137,7 @@
|
||||
"@npmcli/promise-spawn": "^9.0.1",
|
||||
"@npmcli/redact": "^4.0.0",
|
||||
"@npmcli/run-script": "^10.0.3",
|
||||
"@sigstore/tuf": "^4.0.0",
|
||||
"@sigstore/tuf": "^4.0.1",
|
||||
"abbrev": "^4.0.0",
|
||||
"archy": "~1.0.0",
|
||||
"cacache": "^20.0.3",
|
||||
@@ -17155,11 +17154,11 @@
|
||||
"is-cidr": "^6.0.1",
|
||||
"json-parse-even-better-errors": "^5.0.0",
|
||||
"libnpmaccess": "^10.0.3",
|
||||
"libnpmdiff": "^8.0.12",
|
||||
"libnpmexec": "^10.1.11",
|
||||
"libnpmfund": "^7.0.12",
|
||||
"libnpmdiff": "^8.0.13",
|
||||
"libnpmexec": "^10.1.12",
|
||||
"libnpmfund": "^7.0.13",
|
||||
"libnpmorg": "^8.0.1",
|
||||
"libnpmpack": "^9.0.12",
|
||||
"libnpmpack": "^9.0.13",
|
||||
"libnpmpublish": "^11.1.3",
|
||||
"libnpmsearch": "^9.0.1",
|
||||
"libnpmteam": "^8.0.2",
|
||||
@@ -17188,11 +17187,11 @@
|
||||
"spdx-expression-parse": "^4.0.0",
|
||||
"ssri": "^13.0.0",
|
||||
"supports-color": "^10.2.2",
|
||||
"tar": "^7.5.2",
|
||||
"tar": "^7.5.4",
|
||||
"text-table": "~0.2.0",
|
||||
"tiny-relative-date": "^2.0.2",
|
||||
"treeverse": "^3.0.0",
|
||||
"validate-npm-package-name": "^7.0.0",
|
||||
"validate-npm-package-name": "^7.0.2",
|
||||
"which": "^6.0.0"
|
||||
},
|
||||
"bin": {
|
||||
@@ -17267,7 +17266,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@npmcli/arborist": {
|
||||
"version": "9.1.9",
|
||||
"version": "9.1.10",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
@@ -17284,7 +17283,7 @@
|
||||
"@npmcli/run-script": "^10.0.0",
|
||||
"bin-links": "^6.0.0",
|
||||
"cacache": "^20.0.1",
|
||||
"common-ancestor-path": "^1.0.1",
|
||||
"common-ancestor-path": "^2.0.0",
|
||||
"hosted-git-info": "^9.0.0",
|
||||
"json-stringify-nice": "^1.1.4",
|
||||
"lru-cache": "^11.2.1",
|
||||
@@ -17313,7 +17312,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@npmcli/config": {
|
||||
"version": "10.4.5",
|
||||
"version": "10.5.0",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
@@ -17494,7 +17493,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@sigstore/core": {
|
||||
"version": "3.0.0",
|
||||
"version": "3.1.0",
|
||||
"inBundle": true,
|
||||
"license": "Apache-2.0",
|
||||
"engines": {
|
||||
@@ -17510,48 +17509,40 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@sigstore/sign": {
|
||||
"version": "4.0.1",
|
||||
"version": "4.1.0",
|
||||
"inBundle": true,
|
||||
"license": "Apache-2.0",
|
||||
"dependencies": {
|
||||
"@sigstore/bundle": "^4.0.0",
|
||||
"@sigstore/core": "^3.0.0",
|
||||
"@sigstore/core": "^3.1.0",
|
||||
"@sigstore/protobuf-specs": "^0.5.0",
|
||||
"make-fetch-happen": "^15.0.2",
|
||||
"proc-log": "^5.0.0",
|
||||
"make-fetch-happen": "^15.0.3",
|
||||
"proc-log": "^6.1.0",
|
||||
"promise-retry": "^2.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^20.17.0 || >=22.9.0"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@sigstore/sign/node_modules/proc-log": {
|
||||
"version": "5.0.0",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"engines": {
|
||||
"node": "^18.17.0 || >=20.5.0"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@sigstore/tuf": {
|
||||
"version": "4.0.0",
|
||||
"version": "4.0.1",
|
||||
"inBundle": true,
|
||||
"license": "Apache-2.0",
|
||||
"dependencies": {
|
||||
"@sigstore/protobuf-specs": "^0.5.0",
|
||||
"tuf-js": "^4.0.0"
|
||||
"tuf-js": "^4.1.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^20.17.0 || >=22.9.0"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@sigstore/verify": {
|
||||
"version": "3.0.0",
|
||||
"version": "3.1.0",
|
||||
"inBundle": true,
|
||||
"license": "Apache-2.0",
|
||||
"dependencies": {
|
||||
"@sigstore/bundle": "^4.0.0",
|
||||
"@sigstore/core": "^3.0.0",
|
||||
"@sigstore/core": "^3.1.0",
|
||||
"@sigstore/protobuf-specs": "^0.5.0"
|
||||
},
|
||||
"engines": {
|
||||
@@ -17567,31 +17558,17 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@tufjs/models": {
|
||||
"version": "4.0.0",
|
||||
"version": "4.1.0",
|
||||
"inBundle": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@tufjs/canonical-json": "2.0.0",
|
||||
"minimatch": "^9.0.5"
|
||||
"minimatch": "^10.1.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^20.17.0 || >=22.9.0"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch": {
|
||||
"version": "9.0.5",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"brace-expansion": "^2.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=16 || 14 >=14.17"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/isaacs"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/abbrev": {
|
||||
"version": "4.0.0",
|
||||
"inBundle": true,
|
||||
@@ -17626,11 +17603,6 @@
|
||||
"inBundle": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/npm/node_modules/balanced-match": {
|
||||
"version": "1.0.2",
|
||||
"inBundle": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/npm/node_modules/bin-links": {
|
||||
"version": "6.0.0",
|
||||
"inBundle": true,
|
||||
@@ -17657,14 +17629,6 @@
|
||||
"url": "https://github.com/sponsors/sindresorhus"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/brace-expansion": {
|
||||
"version": "2.0.2",
|
||||
"inBundle": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"balanced-match": "^1.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/cacache": {
|
||||
"version": "20.0.3",
|
||||
"inBundle": true,
|
||||
@@ -17751,9 +17715,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/common-ancestor-path": {
|
||||
"version": "1.0.1",
|
||||
"version": "2.0.0",
|
||||
"inBundle": true,
|
||||
"license": "ISC"
|
||||
"license": "BlueOak-1.0.0",
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/cssesc": {
|
||||
"version": "3.0.0",
|
||||
@@ -17783,7 +17750,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/diff": {
|
||||
"version": "8.0.2",
|
||||
"version": "8.0.3",
|
||||
"inBundle": true,
|
||||
"license": "BSD-3-Clause",
|
||||
"engines": {
|
||||
@@ -17959,7 +17926,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/ip-address": {
|
||||
"version": "10.0.1",
|
||||
"version": "10.1.0",
|
||||
"inBundle": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -18051,11 +18018,11 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/libnpmdiff": {
|
||||
"version": "8.0.12",
|
||||
"version": "8.0.13",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"@npmcli/arborist": "^9.1.9",
|
||||
"@npmcli/arborist": "^9.1.10",
|
||||
"@npmcli/installed-package-contents": "^4.0.0",
|
||||
"binary-extensions": "^3.0.0",
|
||||
"diff": "^8.0.2",
|
||||
@@ -18069,11 +18036,11 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/libnpmexec": {
|
||||
"version": "10.1.11",
|
||||
"version": "10.1.12",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"@npmcli/arborist": "^9.1.9",
|
||||
"@npmcli/arborist": "^9.1.10",
|
||||
"@npmcli/package-json": "^7.0.0",
|
||||
"@npmcli/run-script": "^10.0.0",
|
||||
"ci-info": "^4.0.0",
|
||||
@@ -18091,11 +18058,11 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/libnpmfund": {
|
||||
"version": "7.0.12",
|
||||
"version": "7.0.13",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"@npmcli/arborist": "^9.1.9"
|
||||
"@npmcli/arborist": "^9.1.10"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^20.17.0 || >=22.9.0"
|
||||
@@ -18114,11 +18081,11 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/libnpmpack": {
|
||||
"version": "9.0.12",
|
||||
"version": "9.0.13",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"@npmcli/arborist": "^9.1.9",
|
||||
"@npmcli/arborist": "^9.1.10",
|
||||
"@npmcli/run-script": "^10.0.0",
|
||||
"npm-package-arg": "^13.0.0",
|
||||
"pacote": "^21.0.2"
|
||||
@@ -18184,9 +18151,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/lru-cache": {
|
||||
"version": "11.2.2",
|
||||
"version": "11.2.4",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"license": "BlueOak-1.0.0",
|
||||
"engines": {
|
||||
"node": "20 || >=22"
|
||||
}
|
||||
@@ -18567,7 +18534,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/path-scurry": {
|
||||
"version": "2.0.0",
|
||||
"version": "2.0.1",
|
||||
"inBundle": true,
|
||||
"license": "BlueOak-1.0.0",
|
||||
"dependencies": {
|
||||
@@ -18582,7 +18549,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/postcss-selector-parser": {
|
||||
"version": "7.1.0",
|
||||
"version": "7.1.1",
|
||||
"inBundle": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -18711,16 +18678,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/sigstore": {
|
||||
"version": "4.0.0",
|
||||
"version": "4.1.0",
|
||||
"inBundle": true,
|
||||
"license": "Apache-2.0",
|
||||
"dependencies": {
|
||||
"@sigstore/bundle": "^4.0.0",
|
||||
"@sigstore/core": "^3.0.0",
|
||||
"@sigstore/core": "^3.1.0",
|
||||
"@sigstore/protobuf-specs": "^0.5.0",
|
||||
"@sigstore/sign": "^4.0.0",
|
||||
"@sigstore/tuf": "^4.0.0",
|
||||
"@sigstore/verify": "^3.0.0"
|
||||
"@sigstore/sign": "^4.1.0",
|
||||
"@sigstore/tuf": "^4.0.1",
|
||||
"@sigstore/verify": "^3.1.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^20.17.0 || >=22.9.0"
|
||||
@@ -18845,7 +18812,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/tar": {
|
||||
"version": "7.5.2",
|
||||
"version": "7.5.4",
|
||||
"inBundle": true,
|
||||
"license": "BlueOak-1.0.0",
|
||||
"dependencies": {
|
||||
@@ -18928,13 +18895,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/tuf-js": {
|
||||
"version": "4.0.0",
|
||||
"version": "4.1.0",
|
||||
"inBundle": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@tufjs/models": "4.0.0",
|
||||
"debug": "^4.4.1",
|
||||
"make-fetch-happen": "^15.0.0"
|
||||
"@tufjs/models": "4.1.0",
|
||||
"debug": "^4.4.3",
|
||||
"make-fetch-happen": "^15.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^20.17.0 || >=22.9.0"
|
||||
@@ -18986,7 +18953,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/npm/node_modules/validate-npm-package-name": {
|
||||
"version": "7.0.0",
|
||||
"version": "7.0.2",
|
||||
"inBundle": true,
|
||||
"license": "ISC",
|
||||
"engines": {
|
||||
|
||||
@@ -106,7 +106,7 @@
|
||||
"node-cache": "5.1.2",
|
||||
"node-fetch": "3.3.2",
|
||||
"nodemailer": "7.0.11",
|
||||
"npm": "11.7.0",
|
||||
"npm": "11.8.0",
|
||||
"nprogress": "0.2.0",
|
||||
"oslo": "1.2.1",
|
||||
"pg": "8.17.1",
|
||||
|
||||
@@ -78,7 +78,7 @@ export async function upsertLoginPageBranding(
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
try {
|
||||
const parsedBody = bodySchema.safeParse(req.body);
|
||||
const parsedBody = await bodySchema.safeParseAsync(req.body);
|
||||
if (!parsedBody.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
|
||||
@@ -9,9 +9,6 @@ import createHttpError from "http-errors";
|
||||
import logger from "@server/logger";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { OpenAPITags, registry } from "@server/openApi";
|
||||
import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
|
||||
import { sendTerminateClient } from "./terminate";
|
||||
import { OlmErrorCodes } from "../olm/error";
|
||||
|
||||
const archiveClientSchema = z.strictObject({
|
||||
clientId: z.string().transform(Number).pipe(z.int().positive())
|
||||
@@ -77,9 +74,6 @@ export async function archiveClient(
|
||||
.update(clients)
|
||||
.set({ archived: true })
|
||||
.where(eq(clients.clientId, clientId));
|
||||
|
||||
// Rebuild associations to clean up related data
|
||||
await rebuildClientAssociationsFromClient(client, trx);
|
||||
});
|
||||
|
||||
return response(res, {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { NextFunction, Request, Response } from "express";
|
||||
import { db } from "@server/db";
|
||||
import { olms, clients } from "@server/db";
|
||||
import { olms } from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
@@ -8,9 +8,6 @@ import response from "@server/lib/response";
|
||||
import { z } from "zod";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import logger from "@server/logger";
|
||||
import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
|
||||
import { sendTerminateClient } from "../client/terminate";
|
||||
import { OlmErrorCodes } from "./error";
|
||||
|
||||
const paramsSchema = z
|
||||
.object({
|
||||
@@ -37,26 +34,7 @@ export async function archiveUserOlm(
|
||||
|
||||
const { olmId } = parsedParams.data;
|
||||
|
||||
// Archive the OLM and disconnect associated clients in a transaction
|
||||
await db.transaction(async (trx) => {
|
||||
// Find all clients associated with this OLM
|
||||
const associatedClients = await trx
|
||||
.select()
|
||||
.from(clients)
|
||||
.where(eq(clients.olmId, olmId));
|
||||
|
||||
// Disconnect clients from the OLM (set olmId to null)
|
||||
for (const client of associatedClients) {
|
||||
await trx
|
||||
.update(clients)
|
||||
.set({ olmId: null })
|
||||
.where(eq(clients.clientId, client.clientId));
|
||||
|
||||
await rebuildClientAssociationsFromClient(client, trx);
|
||||
await sendTerminateClient(client.clientId, OlmErrorCodes.TERMINATED_ARCHIVED, olmId);
|
||||
}
|
||||
|
||||
// Archive the OLM (set archived to true)
|
||||
await trx
|
||||
.update(olms)
|
||||
.set({ archived: true })
|
||||
|
||||
Reference in New Issue
Block a user