3e3070a401
docs: use logo.jpg in README
2026-02-24 12:47:07 +00:00
3868b16ea4
docs: replace text title with SVG logo, O styled in blue-600
2026-02-24 12:29:07 +00:00
3a6d3eeb9a
feat: add binary + sha256 to GitHub Release artifacts
2026-02-24 12:14:29 +00:00
dd29707395
ci: ignore RUSTSEC-2025-0119 (number_prefix unmaintained, transitive via indicatif)
2026-02-24 12:06:34 +00:00
e7a6a652af
ci: allow CDLA-Permissive-2.0 license (webpki-roots)
2026-02-24 11:54:19 +00:00
4ad802ce2f
fix: bump prometheus 0.13->0.14 and bytes 1.11.0->1.11.1 (CVE-2025-53605, CVE-2026-25541)
2026-02-24 11:36:07 +00:00
dependabot[bot]
04c806b659
chore(deps): bump chrono from 0.4.43 to 0.4.44 ( #10 )
...
Bumps [chrono](https://github.com/chronotope/chrono ) from 0.4.43 to 0.4.44.
- [Release notes](https://github.com/chronotope/chrono/releases )
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md )
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.43...v0.4.44 )
---
updated-dependencies:
- dependency-name: chrono
dependency-version: 0.4.44
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:23:06 +01:00
dependabot[bot]
50a5395a87
chore(deps): bump quick-xml from 0.31.0 to 0.39.2 ( #9 )
...
Bumps [quick-xml](https://github.com/tafia/quick-xml ) from 0.31.0 to 0.39.2.
- [Release notes](https://github.com/tafia/quick-xml/releases )
- [Changelog](https://github.com/tafia/quick-xml/blob/master/Changelog.md )
- [Commits](https://github.com/tafia/quick-xml/compare/v0.31.0...v0.39.2 )
---
updated-dependencies:
- dependency-name: quick-xml
dependency-version: 0.39.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:58 +01:00
dependabot[bot]
bcd172f23f
chore(deps): bump toml from 0.8.23 to 1.0.3+spec-1.1.0 ( #7 )
...
Bumps [toml](https://github.com/toml-rs/toml ) from 0.8.23 to 1.0.3+spec-1.1.0.
- [Commits](https://github.com/toml-rs/toml/compare/toml-v0.8.23...toml-v1.0.3 )
---
updated-dependencies:
- dependency-name: toml
dependency-version: 1.0.3+spec-1.1.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:52 +01:00
dependabot[bot]
a5a7c4f8be
chore(deps): bump flate2 from 1.1.8 to 1.1.9 ( #6 )
...
Bumps [flate2](https://github.com/rust-lang/flate2-rs ) from 1.1.8 to 1.1.9.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases )
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.1.8...1.1.9 )
---
updated-dependencies:
- dependency-name: flate2
dependency-version: 1.1.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:46 +01:00
dependabot[bot]
2c7c497c30
chore(deps): bump softprops/action-gh-release from 1 to 2 ( #5 )
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: '2'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:23 +01:00
dependabot[bot]
6b6f88ab9c
chore(deps): bump actions/checkout from 4 to 6 ( #4 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:19 +01:00
dependabot[bot]
1255e3227b
chore(deps): bump docker/build-push-action from 5 to 6 ( #3 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:16 +01:00
dependabot[bot]
aabd0b76fb
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.1 ( #2 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.30.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.1 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.34.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:20:12 +01:00
ac14405af3
ci: restore scan gate on release, block on HIGH/CRITICAL CVE
2026-02-24 10:53:28 +00:00
5f385dce45
ci: add dependabot, pin trivy-action@0.30.0, release no longer waits on scan
2026-02-24 10:48:06 +00:00
761e08f168
ci: upgrade codeql-action v3 -> v4
2026-02-24 10:41:37 +00:00
eb4f82df07
ci: fix deny.toml deprecated keys (copyleft, unlicensed removed in cargo-deny)
2026-02-24 10:26:58 +00:00
9784ad1813
chore: bump version to 0.2.22
2026-02-24 09:20:52 +00:00
fc1288820d
ci: remove astra build for now
2026-02-24 00:39:16 +00:00
a17a75161b
ci: consolidate all docker builds into single job to fix runner network issues
2026-02-24 00:07:44 +00:00
0b3ef3ab96
ci: use shared runner filesystem instead of artifact API to avoid network upload
2026-02-23 23:41:41 +00:00
99e290d30c
ci: fix SBOM image tag and registry credentials
2026-02-23 18:53:17 +00:00
f74b781d1f
ci: build musl static binary, fix cargo path (hardcode github-runner home)
2026-02-23 18:08:57 +00:00
05c765627f
ci: fix trivy image tag (strip v prefix)
2026-02-23 16:47:18 +00:00
1813546bee
ci: move trivy image scan to separate ubuntu-latest job to avoid self-hosted timeout
2026-02-23 16:15:03 +00:00
196c313f20
ci: add cargo cache to build-binary job, remove nora proxy (no sparse protocol)
2026-02-23 14:17:39 +00:00
aece2d739d
ci: add registry credentials to trivy image scan
2026-02-23 14:01:31 +00:00
b7e11da2da
ci: replace gitleaks action with CLI to avoid license requirement
2026-02-23 13:59:12 +00:00
dd3813edff
ci: use github-runner own rust toolchain instead of ai-user path
2026-02-23 13:54:23 +00:00
adade10c67
chore: bump version to 0.2.21
2026-02-23 12:05:19 +00:00
6ad710ff32
ci: add security scanning and SBOM to release pipeline
...
- ci.yml: add security job (gitleaks, cargo-audit, cargo-deny, trivy fs)
- release.yml: restructure into build-binary + build-docker matrix + release
- build binary once on self-hosted, reuse across all Docker builds
- trivy image scan per matrix variant, results to GitHub Security tab
- SBOM generation in SPDX and CycloneDX formats attached to release
- deny.toml: cargo-deny policy (allowed licenses, banned openssl, crates.io only)
- Dockerfile: remove Rust build stage, use pre-built binary
- Dockerfile.astra, Dockerfile.redos: FROM scratch for Russian certified OS support
2026-02-23 11:37:27 +00:00
037204a3eb
fix: use FROM scratch for Astra and RedOS builds
...
Russian OS registries (registry.astralinux.ru, registry.red-soft.ru)
require auth not available in CI. Use scratch base with static musl
binary instead — runs on any Linux including Astra SE and RED OS.
Comment in each Dockerfile shows how to switch to official base image
once registry access is configured.
2026-02-23 08:43:13 +00:00
1e01d4df56
ci: add Astra Linux and RedOS parallel builds
...
Add Dockerfile.astra (astralinux/alse) and Dockerfile.redos (redos/redos)
for FSTEC-certified Russian OS targets. Update release.yml with a matrix
strategy that produces three image variants per release:
- ghcr.io/.../nora:0.x.x (Alpine, default)
- ghcr.io/.../nora:0.x.x-astra (Astra Linux SE)
- ghcr.io/.../nora:0.x.x-redos (RED OS)
Build stage is shared (musl static binary) across all variants.
2026-02-23 08:24:48 +00:00
ab5ed3f488
ci: remove unnecessary QEMU step for amd64-only builds
2026-02-23 08:05:54 +00:00
8336166e0e
style: apply rustfmt to registry handlers
2026-02-23 07:48:20 +00:00
42e71b9195
refactor: use shared reqwest::Client across all registry handlers
...
Add http_client field to AppState, initialized once at startup.
Replace per-request Client::builder() calls in npm, maven, pypi,
and docker registry handlers with the shared instance.
This reuses the connection pool across requests instead of
creating a new client on every proxy fetch.
Bump version to 0.2.20.
2026-02-23 07:45:44 +00:00
ffac4f0286
fix(auth): replace starts_with with explicit matches for token paths
...
Prevent accidental exposure of unknown /api/tokens/* sub-paths.
Only the three known routes are now explicitly whitelisted in
is_public_path: /api/tokens, /api/tokens/list, /api/tokens/revoke.
2026-02-22 20:35:04 +00:00
078ef94153
chore: bump version to 0.2.19
2026-02-22 13:33:25 +00:00
94c92e5bc3
fix: use div_ceil instead of manual implementation
2026-01-31 16:51:37 +00:00
7326f9b0e2
chore: add pre-commit hook to prevent sensitive file commits
...
- Whitelist approach: only known safe extensions allowed (.rs, .toml, .yml, etc.)
- Block sensitive patterns (.env, .key, .pem, secrets, credentials)
- Warn but allow .md files
- Check only NEW files, modifications to tracked files always allowed
- Block large files (>5MB) with warning
- Run cargo fmt check on Rust files
- Update CONTRIBUTING.md with hook setup instructions
2026-01-31 16:39:04 +00:00
a2cb7c639c
style: fix formatting and ignore txt files
2026-01-31 16:29:39 +00:00
eb77060114
perf: add in-memory repo index with pagination
...
- Add repo_index.rs with lazy rebuild on write operations
- Double-checked locking to prevent race conditions
- npm optimization: count tarballs instead of parsing metadata.json
- Add pagination to all registry list pages (?page=1&limit=50)
- Invalidate index on PUT/proxy cache in docker/maven/npm/pypi
Performance: 500-800x faster list page loads after first rebuild
2026-01-31 15:59:00 +00:00
8da3eab734
docs: add badges to README
2026-01-31 13:02:27 +00:00
f82e252e39
docs: add CONTRIBUTING.md and SECURITY.md
2026-01-31 12:39:41 +00:00
7763b85b94
chore: add copyright headers to all source files
...
Copyright (c) 2026 Volkov Pavel | DevITWay
SPDX-License-Identifier: MIT
2026-01-31 12:39:31 +00:00
47a3690384
style: fix O alignment in NORA logo on dashboard
2026-01-31 12:39:31 +00:00
a9125e6287
style: fix formatting
2026-01-31 10:49:50 +00:00
3f0b84c831
style: add chipmunk emoji and styled O to NORA logo
2026-01-31 10:48:15 +00:00
ce30c5b57d
fix: docker dashboard shows actual image size from manifest layers
2026-01-31 10:41:55 +00:00
