a0c9861cb1
feat: nora mirror v0.4 — yarn.lock, --json, Docker images ( #94 )
...
* feat: add yarn.lock support and --json output for nora mirror (#43 , #44 )
- Add yarn.lock v1 parser with scoped packages, multiple ranges, dedup
- Add --json flag for machine-readable mirror output (CI pipelines)
- Add MirrorFormat::Yarn variant
- MirrorResult now implements Serialize
- 12 new tests (10 yarn.lock + 2 json serialization)
Closes #43 , closes #44
* feat: add Docker image mirroring (nora mirror docker) (#41 )
Add nora mirror docker command to fetch images from upstream registries
(Docker Hub, ghcr.io, etc.) and push them into NORA. Supports:
- Image references: name:tag, name@digest, registry/name:tag
- --images (comma-separated) and --images-file (one per line)
- Manifest list resolution (picks linux/amd64)
- Layer dedup via HEAD check before fetch
- Monolithic blob upload to NORA
Makes fetch_blob_from_upstream and fetch_manifest_from_upstream pub in
registry/docker.rs for reuse from mirror module.
20 new unit tests for image ref parsing, manifest detection, blob extraction.
2026-04-05 23:05:11 +03:00
ac3a8a7c43
quality: MSRV, tarpaulin config, proptest for parsers ( #84 )
...
* fix: proxy dedup, multi-registry GC, TOCTOU and credential hygiene
- Deduplicate proxy_fetch/proxy_fetch_text into generic proxy_fetch_core
with response extractor closure (removes ~50 lines of copy-paste)
- GC now scans all registry prefixes, not just docker/
- Add tracing::warn to fire-and-forget cache writes in docker proxy
- Mark S3 credentials as skip_serializing to prevent accidental leaks
- Remove TOCTOU race in LocalStorage get/delete (redundant exists check)
* chore: clean up root directory structure
- Move Dockerfile.astra and Dockerfile.redos to deploy/ (niche builds
should not clutter the project root)
- Harden .gitignore to exclude session files, working notes, and
internal review scripts
* refactor(metrics): replace 13 atomic fields with CounterMap
Per-registry download/upload counters were 13 individual AtomicU64
fields, each duplicated across new(), with_persistence(), save(),
record_download(), record_upload(), and get_registry_* (6 touch points
per counter). Adding a new registry required changes in 6+ places.
Now uses CounterMap (HashMap<String, AtomicU64>) for per-registry
counters. Adding a new registry = one entry in REGISTRIES const.
Added Go registry to REGISTRIES, gaining go metrics for free.
* quality: add MSRV, tarpaulin config, proptest for parsers
- Set rust-version = 1.75 in workspace Cargo.toml (MSRV policy)
- Add tarpaulin.toml: llvm engine, fail-under=25, json+html output
- Add coverage/ to .gitignore
- Update CI to use tarpaulin.toml instead of inline flags
- Add proptest dev-dependency and property tests:
- validation.rs: 16 tests (never-panics + invariants for all 4 validators)
- pypi.rs: 5 tests (extract_filename never-panics + format assertions)
* test: add unit tests for 14 modules, coverage 21% → 30%
Add 149 new tests across auth, backup, gc, metrics, mirror parsers,
docker (manifest detection, session cleanup, metadata serde),
docker_auth (token cache), maven, npm, pypi (normalize, rewrite, extract),
raw (content-type guessing), request_id, and s3 (URI encoding).
Update tarpaulin.toml: raise fail-under to 30, exclude UI/main from
coverage reporting as they require integration tests.
* bench: add criterion benchmarks for validation and manifest parsing
Add parsing benchmark suite with 14 benchmarks covering:
- Storage key, Docker name, digest, and reference validation
- Docker manifest media type detection (v2, OCI index, minimal, invalid)
Run with: cargo bench --package nora-registry --bench parsing
* test: add 48 integration tests via tower oneshot
Add integration tests for all HTTP handlers:
- health (3), raw (7), cargo (4), maven (4), request_id (2)
- pypi (5), npm (5), docker (12), auth (6)
Create test_helpers.rs with TestContext pattern.
Add tower and http-body-util dev-dependencies.
Update tarpaulin fail-under 30 to 40.
Coverage: 29.5% to 43.3% (2089/4825 lines)
* fix: clean clippy warnings in tests, fix flaky audit test
Add #[allow(clippy::unwrap_used)] to 18 test modules.
Fix 3 additional clippy lints: writeln_empty_string, needless_update,
unnecessary_get_then_check.
Fix flaky audit test: replace single sleep(50ms) with retry loop (max 1s).
Prefix unused token variable with underscore.
cargo clippy --all-targets = 0 warnings (was 245 errors)
2026-04-05 10:01:50 +03:00
bb125db074
fix: code quality hardening — unwrap removal, unsafe forbid, Go/Raw tests ( #72 )
...
* fix: remove unwrap() from production code, improve error handling
- Replace unwrap() with proper error handling in npm, mirror, validation
- Add input validation to cargo registry (crate name + version)
- Improve expect() messages with descriptive context in metrics, rate_limit
- Remove unnecessary clone() in error.rs, docker.rs, npm.rs, dashboard_metrics
- Add #![deny(clippy::unwrap_used)] to prevent future unwrap in prod code
- Add let-else pattern for safer null checks in validation.rs
* docs: update SECURITY.md — add 0.3.x to supported versions
* security: forbid unsafe code at crate level
Add #![forbid(unsafe_code)] to both lib.rs and main.rs.
NORA has zero unsafe blocks — this prevents future additions
without removing the forbid attribute (stronger than deny).
* build: add rust-toolchain.toml, Dockerfile HEALTHCHECK
- Pin toolchain to stable with clippy + rustfmt components
- Add Docker HEALTHCHECK for standalone deployments (wget /health)
* test: add Go proxy and Raw registry integration tests
Go proxy tests: list, .info, .mod, @latest, path traversal, 404
Raw registry tests: upload/download, HEAD, 404, path traversal,
overwrite, delete, binary data (10KB)
2026-03-31 21:15:59 +03:00
