Merge branch 'main' into continue-webhook

Author: rizul2108

.dagger/main.go

@@ -26,7 +26,7 @@ const (
 	GOLANGCILINT_VERSION = "v2.1.2"
 	GO_VERSION           = "1.24.2"
 	SYFT_VERSION         = "v1.9.0"
-	GORELEASER_VERSION   = "v2.3.2"
+	GORELEASER_VERSION   = "v2.8.2"
 )
 
 func New(
@@ -228,7 +228,7 @@ func (m *HarborCli) PublishImage(
 // SnapshotRelease Create snapshot non OCI artifacts with goreleaser
 func (m *HarborCli) SnapshotRelease(ctx context.Context) *dagger.Directory {
 	return m.goreleaserContainer().
-		WithExec([]string{"goreleaser", "release", "--snapshot", "--clean", "--skip", "validate"}).
+		WithExec([]string{"goreleaser", "release", "--snapshot", "--clean"}).
 		Directory("/src/dist")
 }
 

.github/workflows/default.yaml

@@ -99,6 +99,24 @@ jobs:
               exit 1
           fi
 
+  test-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Dagger Version
+        uses: sagikazarmark/dagger-version-action@v0.0.1
+
+      - name: Test Release
+        uses: dagger/dagger-for-github@v7
+        with:
+          version: ${{ steps.dagger_version.outputs.version }}
+          verb: call
+          args: snapshot-release
+
   test-code:
     runs-on: ubuntu-latest
     steps:

cmd/harbor/root/artifact/list.go

@@ -30,8 +30,18 @@ func ListArtifactCommand() *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use:   "list",
-		Short: "list artifacts within a repository",
-		Args:  cobra.MaximumNArgs(1),
+		Short: "List container artifacts (images, charts, etc.) in a Harbor repository with metadata",
+		Long: `List all artifacts (e.g., container images, charts) within a given Harbor repository. 
+Supports optional project/repository input in the form <project>/<repository>. 
+Displays key artifact metadata including tags, digest, type, size, vulnerability count, and push time.
+
+Examples:
+  harbor-cli artifact list                # Interactive prompt for project and repository
+  harbor-cli artifact list library/nginx # Directly list artifacts in the nginx repo under 'library' project
+
+Supports pagination, search queries, and sorting using flags.`,
+
+		Args: cobra.MaximumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			if opts.PageSize > 100 {
 				return fmt.Errorf("page size should be less than or equal to 100")

cmd/harbor/root/artifact/view.go

@@ -29,7 +29,7 @@ func ViewArtifactCommmand() *cobra.Command {
 		Use:     "view",
 		Short:   "Get information of an artifact",
 		Long:    `Get information of an artifact`,
-		Example: `harbor artifact view <project>/<repository>/<reference>`,
+		Example: `harbor artifact view <project>/<repository>:<tag> OR harbor artifact view <project>/<repository>@<digest>`,
 		Run: func(cmd *cobra.Command, args []string) {
 			var err error
 			var projectName, repoName, reference string
@@ -43,6 +43,14 @@ func ViewArtifactCommmand() *cobra.Command {
 				reference = prompt.GetReferenceFromUser(repoName, projectName)
 			}
 
+			if reference == "" {
+				if len(args) > 0 {
+					log.Errorf("Invalid artifact reference format: %s", args[0])
+				} else {
+					log.Error("Invalid artifact reference format: no arguments provided")
+				}
+			}
+
 			artifact, err = api.ViewArtifact(projectName, repoName, reference)
 
 			if err != nil {

cmd/harbor/root/cmd.go

@@ -19,11 +19,12 @@ import (
 
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/artifact"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/config"
+	"github.com/goharbor/harbor-cli/cmd/harbor/root/cve"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/instance"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/labels"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/project"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/registry"
-	repositry "github.com/goharbor/harbor-cli/cmd/harbor/root/repository"
+	"github.com/goharbor/harbor-cli/cmd/harbor/root/repository"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/schedule"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/tag"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/user"
@@ -96,11 +97,12 @@ harbor help
 		config.Config(),
 		project.Project(),
 		registry.Registry(),
-		repositry.Repository(),
+		repository.Repository(),
 		user.User(),
 		artifact.Artifact(),
 		tag.TagCommand(),
 		HealthCommand(),
+		cve.CVEAllowlist(),
 		schedule.Schedule(),
 		labels.Labels(),
 		InfoCommand(),

cmd/harbor/root/cve/add.go

@@ -0,0 +1,60 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cve
+
+import (
+	"github.com/goharbor/harbor-cli/pkg/api"
+	"github.com/goharbor/harbor-cli/pkg/views/cveallowlist/update"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func AddCveAllowlistCommand() *cobra.Command {
+	var opts update.UpdateView
+
+	cmd := &cobra.Command{
+		Use:   "add",
+		Short: "Add cve allowlist",
+		Long:  "Create allowlist of CVEs to ignore during vulnerability scanning",
+		Run: func(cmd *cobra.Command, args []string) {
+			var err error
+			updateView := &update.UpdateView{
+				CveId:      opts.CveId,
+				IsExpire:   opts.IsExpire,
+				ExpireDate: opts.ExpireDate,
+			}
+
+			err = updatecveView(updateView)
+			if err != nil {
+				log.Errorf("failed to add cveallowlist: %v", err)
+			}
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&opts.IsExpire, "isexpire", "i", false, "Indicates whether the CVE entries should have an expiration date. Set to true to specify an expiration date")
+	flags.StringVarP(&opts.CveId, "cveid", "n", "", "Comma-separated list of CVE IDs to be added to the allowlist")
+	flags.StringVarP(&opts.ExpireDate, "expiredate", "d", "", "Specifies the expiration date for the CVE entries in the format 'YYYY-MM-DD'")
+
+	return cmd
+}
+
+func updatecveView(updateView *update.UpdateView) error {
+	if updateView == nil {
+		updateView = &update.UpdateView{}
+	}
+
+	update.UpdateCveView(updateView)
+	return api.UpdateSystemCve(*updateView)
+}

cmd/harbor/root/cve/cmd.go

@@ -0,0 +1,33 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cve
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func CVEAllowlist() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "cve-allowlist",
+		Short:   "Manage system CVE allowlist",
+		Long:    `Managing CVE lists that are intentionally excluded from vulnerability scanning`,
+		Example: `harbor cve-allowlist list`,
+	}
+	cmd.AddCommand(
+		ListCveCommand(),
+		AddCveAllowlistCommand(),
+	)
+
+	return cmd
+}

cmd/harbor/root/cve/list.go

@@ -0,0 +1,49 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cve
+
+import (
+	"github.com/goharbor/harbor-cli/pkg/api"
+	"github.com/goharbor/harbor-cli/pkg/utils"
+	"github.com/goharbor/harbor-cli/pkg/views/cveallowlist/list"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func ListCveCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "list",
+		Short: "List system level allowlist of cve",
+		Args:  cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			cve, err := api.ListSystemCve()
+			if err != nil {
+				log.Fatalf("failed to get system cve list: %v", err)
+			}
+			FormatFlag := viper.GetString("output-format")
+			if FormatFlag != "" {
+				err = utils.PrintFormat(cve, FormatFlag)
+				if err != nil {
+					log.Fatalf("failed to print cve list: %v", err)
+					return
+				}
+			} else {
+				list.ListSystemCve(cve.Payload)
+			}
+		},
+	}
+
+	return cmd
+}

dagger.json

@@ -1,6 +1,6 @@
 {
   "name": "harbor-cli",
-  "engineVersion": "v0.18.3",
+  "engineVersion": "v0.18.4",
   "sdk": {
     "source": "go"
   },

doc/cli-docs/harbor-artifact-delete.md

@@ -21,7 +21,7 @@ harbor artifact delete [flags]
 ### Options inherited from parent commands
 
 ```sh
-      --config string          config file (default is $HOME/.harbor/config.yaml) (default "/home/user/.harbor/config.yaml")
+  -c, --config string          config file (default is $HOME/.config/harbor-cli/config.yaml)
   -o, --output-format string   Output format. One of: json|yaml
   -v, --verbose                verbose output
 ```