Skip to content
This repository was archived by the owner on Jan 24, 2026. It is now read-only.

chore: sync with upstream goharbor/harbor#111

Open
github-actions[bot] wants to merge 4 commits into
nextfrom
sync-upstream-7lvncr1
Open

chore: sync with upstream goharbor/harbor#111
github-actions[bot] wants to merge 4 commits into
nextfrom
sync-upstream-7lvncr1

Conversation

@github-actions

@github-actions github-actions Bot commented Jan 9, 2026

Copy link
Copy Markdown

Automated PR to sync 2 new commit(s) from upstream goharbor/harbor main branch.

Merge strategy: Our changes in next are preserved on conflicts (upstream changes are additive only).

Note: The .github folder is preserved and not synced from upstream.


Summary by cubic

Sync with upstream to fix user and group search by moving matching logic into the database and to refine API tests for proxy environments. Improves search accuracy, performance, and test reliability.

  • Bug Fixes

    • Replace in-memory sorting with DB-side fuzzy search for users and user groups (ORDER BY length(name), name ASC; limit by page size).
    • Add SearchByName to DAO/Manager/Controller and update v2 handlers to use it.
    • Remove unused MostMatchSorter and its tests.
    • Remove unused onBoardCommonUserGroup.
  • Refactors

    • Make apitests proxy-aware via ALLOW_INSECURE env; conditionally add insecure flags for cosign/helm.
    • Add getenv_bool helper and relax dockerd process matching.
    • Pass admin credentials explicitly in job service dashboard tests; add timing logs and increase wait loops.

Written for commit 6c799f5. Summary will update on new commits.

stonezdj and others added 3 commits December 31, 2025 22:14
Remove the unused function MostMatchSorter, it should not be implemented in golang, should be implement in the db query.
Remove the unused function onBoardCommonUserGroup()
fixes goharbor#22573

Signed-off-by: stonezdj <stonezdj@gmail.com>
refine apitest

Signed-off-by: my036811 <miner.yang@broadcom.com>
@coderabbitai

coderabbitai Bot commented Jan 9, 2026

Copy link
Copy Markdown

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Comment @coderabbitai help to get the list of available commands and usage tips.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

7 issues found across 21 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="src/pkg/user/dao/dao.go">

<violation number="1" location="src/pkg/user/dao/dao.go:136">
P2: LIKE wildcard characters (`%`, `_`) in the input `name` are not escaped, potentially allowing unintended broad searches. Consider escaping these special characters before constructing the pattern.</violation>
</file>

<file name="src/pkg/usergroup/dao/dao.go">

<violation number="1" location="src/pkg/usergroup/dao/dao.go:176">
P2: Missing escape for LIKE wildcard characters. The `name` parameter should be escaped using `orm.Escape()` (as done in `SearchMemberByName` in `src/pkg/member/dao/dao.go`) to prevent LIKE pattern characters (`%`, `_`) from being interpreted as wildcards.</violation>
</file>

<file name="tests/apitests/python/test_job_service_dashboard.py">

<violation number="1" location="tests/apitests/python/test_job_service_dashboard.py:79">
P2: Incomplete change: `self.gc.gc_now()` at step 10 (line 105) is missing `**ADMIN_CLIENT`, while the same call at steps 4 and 14 were updated to include it. The `create_purge_schedule` call on the next line was updated but `gc_now()` was missed.</violation>
</file>

<file name="src/server/v2.0/handler/user.go">

<violation number="1" location="src/server/v2.0/handler/user.go:281">
P1: Pagination is broken: `SearchByName` only accepts a limit but ignores `params.Page`. Users requesting page 2+ will receive incorrect results (always page 1 data) while `XTotalCount` suggests more pages exist. Consider using the original `List` method with the query, or updating `SearchByName` to support offset/pagination.</violation>
</file>

<file name="tests/apitests/python/library/cosign.py">

<violation number="1" location="tests/apitests/python/library/cosign.py:15">
P3: Typo in comment: "ennvironment" should be "environment".</violation>

<violation number="2" location="tests/apitests/python/library/cosign.py:17">
P3: Typo in print statement: "coisgn" should be "cosign".</violation>
</file>

<file name="src/server/v2.0/handler/usergroup.go">

<violation number="1" location="src/server/v2.0/handler/usergroup.go:205">
P1: Pagination is broken. `SearchByName` only accepts `limitSize` (page size) and ignores the page number. Users requesting page 2+ will receive the same results as page 1. Either pass the page offset to `SearchByName`, or use `u.ctl.List(ctx, query)` which supports full pagination.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

return operation.NewSearchUsersOK().WithXTotalCount(0).WithPayload([]*models.UserSearchRespItem{})
}
l, err := u.ctl.List(ctx, query)
l, err := u.ctl.SearchByName(ctx, params.Username, int(*params.PageSize))

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Pagination is broken: SearchByName only accepts a limit but ignores params.Page. Users requesting page 2+ will receive incorrect results (always page 1 data) while XTotalCount suggests more pages exist. Consider using the original List method with the query, or updating SearchByName to support offset/pagination.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/server/v2.0/handler/user.go, line 281:

<comment>Pagination is broken: `SearchByName` only accepts a limit but ignores `params.Page`. Users requesting page 2+ will receive incorrect results (always page 1 data) while `XTotalCount` suggests more pages exist. Consider using the original `List` method with the query, or updating `SearchByName` to support offset/pagination.</comment>

<file context>
@@ -279,7 +278,7 @@ func (u *usersAPI) SearchUsers(ctx context.Context, params operation.SearchUsers
 		return operation.NewSearchUsersOK().WithXTotalCount(0).WithPayload([]*models.UserSearchRespItem{})
 	}
-	l, err := u.ctl.List(ctx, query)
+	l, err := u.ctl.SearchByName(ctx, params.Username, int(*params.PageSize))
 	if err != nil {
 		return u.SendError(ctx, err)
</file context>
Fix with Cubic

return operation.NewSearchUserGroupsOK().WithXTotalCount(0).WithPayload([]*models.UserGroupSearchItem{})
}
ug, err := u.ctl.List(ctx, query)
ug, err := u.ctl.SearchByName(ctx, params.Groupname, int(*params.PageSize))

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Pagination is broken. SearchByName only accepts limitSize (page size) and ignores the page number. Users requesting page 2+ will receive the same results as page 1. Either pass the page offset to SearchByName, or use u.ctl.List(ctx, query) which supports full pagination.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/server/v2.0/handler/usergroup.go, line 205:

<comment>Pagination is broken. `SearchByName` only accepts `limitSize` (page size) and ignores the page number. Users requesting page 2+ will receive the same results as page 1. Either pass the page offset to `SearchByName`, or use `u.ctl.List(ctx, query)` which supports full pagination.</comment>

<file context>
@@ -204,14 +202,11 @@ func (u *userGroupAPI) SearchUserGroups(ctx context.Context, params operation.Se
 		return operation.NewSearchUserGroupsOK().WithXTotalCount(0).WithPayload([]*models.UserGroupSearchItem{})
 	}
-	ug, err := u.ctl.List(ctx, query)
+	ug, err := u.ctl.SearchByName(ctx, params.Groupname, int(*params.PageSize))
 	if err != nil {
 		return u.SendError(ctx, err)
</file context>
Fix with Cubic

Comment thread src/pkg/user/dao/dao.go
var users []*User
// use raw sql to return the most matched user first, then by alphabetic order
sql := "select * from harbor_user where username like ? and deleted = false order by length(username), username asc limit ?"
likePattern := "%" + name + "%"

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: LIKE wildcard characters (%, _) in the input name are not escaped, potentially allowing unintended broad searches. Consider escaping these special characters before constructing the pattern.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/pkg/user/dao/dao.go, line 136:

<comment>LIKE wildcard characters (`%`, `_`) in the input `name` are not escaped, potentially allowing unintended broad searches. Consider escaping these special characters before constructing the pattern.</comment>

<file context>
@@ -122,3 +124,24 @@ func (d *dao) List(ctx context.Context, query *q.Query) ([]*commonmodels.User, e
+	var users []*User
+	// use raw sql to return the most matched user first, then by alphabetic order
+	sql := "select * from harbor_user where username like ? and deleted = false order by length(username), username asc limit ?"
+	likePattern := "%" + name + "%"
+	_, err = o.Raw(sql, likePattern, limitSize).QueryRows(&users)
+	if err != nil {
</file context>
Fix with Cubic

var usergroups []*model.UserGroup
// use raw sql to return the most matched user first, then by alphabetic order
sql := "select id, group_name, group_type, ldap_group_dn, creation_time, update_time from user_group where group_name like ? order by length(group_name), group_name asc limit ?"
likePattern := "%" + name + "%"

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Missing escape for LIKE wildcard characters. The name parameter should be escaped using orm.Escape() (as done in SearchMemberByName in src/pkg/member/dao/dao.go) to prevent LIKE pattern characters (%, _) from being interpreted as wildcards.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/pkg/usergroup/dao/dao.go, line 176:

<comment>Missing escape for LIKE wildcard characters. The `name` parameter should be escaped using `orm.Escape()` (as done in `SearchMemberByName` in `src/pkg/member/dao/dao.go`) to prevent LIKE pattern characters (`%`, `_`) from being interpreted as wildcards.</comment>

<file context>
@@ -185,3 +164,19 @@ func (d *dao) Count(ctx context.Context, query *q.Query) (int64, error) {
+	var usergroups []*model.UserGroup
+	// use raw sql to return the most matched user first, then by alphabetic order
+	sql := "select id, group_name, group_type, ldap_group_dn, creation_time, update_time from user_group where group_name like ? order by length(group_name), group_name asc limit ?"
+	likePattern := "%" + name + "%"
+	_, err = o.Raw(sql, likePattern, limitSize).QueryRows(&usergroups)
+	if err != nil {
</file context>
Suggested change
likePattern := "%" + name + "%"
likePattern := "%" + orm.Escape(name) + "%"
Fix with Cubic

self.gc.gc_now()
self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False)
self.gc.gc_now(**ADMIN_CLIENT)
self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False, **ADMIN_CLIENT)

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Incomplete change: self.gc.gc_now() at step 10 (line 105) is missing **ADMIN_CLIENT, while the same call at steps 4 and 14 were updated to include it. The create_purge_schedule call on the next line was updated but gc_now() was missed.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/test_job_service_dashboard.py, line 79:

<comment>Incomplete change: `self.gc.gc_now()` at step 10 (line 105) is missing `**ADMIN_CLIENT`, while the same call at steps 4 and 14 were updated to include it. The `create_purge_schedule` call on the next line was updated but `gc_now()` was missed.</comment>

<file context>
@@ -62,81 +62,93 @@ def testJobQueues(self):
-        self.gc.gc_now()
-        self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False)
+        self.gc.gc_now(**ADMIN_CLIENT)
+        self.purge.create_purge_schedule(type="Manual", cron=None, dry_run=False, **ADMIN_CLIENT)
+        print(f"Start time: {time.time()}")
         time.sleep(2)
</file context>
Fix with Cubic

# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
def sign_artifact(artifact):
command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
print("*******Start coisgn sign artifact********")

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3: Typo in print statement: "coisgn" should be "cosign".

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/library/cosign.py, line 17:

<comment>Typo in print statement: "coisgn" should be "cosign".</comment>

<file context>
@@ -11,11 +11,23 @@ def generate_key_pair():
+# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
 def sign_artifact(artifact):
-    command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
+    print("*******Start coisgn sign artifact********")
+    allow_insecure = base.getenv_bool("ALLOW_INSECURE", default=True)
+    if allow_insecure:
</file context>
Suggested change
print("*******Start coisgn sign artifact********")
print("*******Start cosign sign artifact********")
Fix with Cubic

base.run_command(command)


# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269

@cubic-dev-ai cubic-dev-ai Bot Jan 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3: Typo in comment: "ennvironment" should be "environment".

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At tests/apitests/python/library/cosign.py, line 15:

<comment>Typo in comment: "ennvironment" should be "environment".</comment>

<file context>
@@ -11,11 +11,23 @@ def generate_key_pair():
     base.run_command(command)
 
+
+# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
 def sign_artifact(artifact):
-    command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
</file context>
Suggested change
# known issue for proxy ennvironment https://github.com/sigstore/cosign/issues/3269
# known issue for proxy environment https://github.com/sigstore/cosign/issues/3269
Fix with Cubic

This commit fixes the style issues introduced in c48e4bc according to the output
from Gofumpt and Prettier.

Details: container-registry/harbor-next#111
@sonarqubecloud

sonarqubecloud Bot commented Jan 9, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
16.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants