SUSE / Portus

Authorization service and frontend for Docker registry (v2)
http://port.us.org/
Apache License 2.0
3k stars 473 forks source link
containers docker docker-distribution rails ruby security

Portus

Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs.

master v2.4 Code Climate
Build Status Build Status Code Climate Test Coverage

Features

Fine-grained control of permissions

Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.

Portus implements the token based authentication system described by the new version of the Docker registry. This can be used to have full control over the images served by an instance of the Docker registry.

Web interface for Docker registry

Portus provides quick access to all the images available on your private instance of Docker registry. User's privileges are taken into account to make sure private images (the ones requiring special rights also for docker pull) are not shown to unauthorized personnel.

Self-hosted

Portus allows you to host everything on your servers, on your own infrastructure. You don't have to trust a third-party service, just own everything yourself. Take a look at our documentation to read the different setups in which you can deploy Portus.

And more!

Some highlights:

Take a tour by our documentation site to read more about this.

Contributing

There are multiple ways of setting up a development environment. We recommend using docker-compose, so you only need to perform:

$ docker-compose up

You can read more about this environment here.

Also, make sure to understand our contribution guidelines, as explained in this document.

Testing

Unit tests

Unit tests are located in the spec directory. To run them, simply:

$ bundle exec rspec spec

Make sure to install phantomjs from your Linux distribution before running unit tests, since feature tests rely on PhantomJS being installed. All the other ruby dependencies are already covered by our Gemfile.

We also have tests in the frontend. For this, you have to install yarn from your Linux distribution and run:

$ yarn test

Integration tests

Check this document in order to better understand how integration tests work. For development, though, if you have already installed Docker, docker-composer and bats, running the following should just work:

$ chmod +x bin/test-integration.sh
$ ./bin/test-integration.sh

Other checks

A common pitfall for developers is to forget about code style. For that, make sure to run rubocop:

$ bundle exec rubocop -a

Note that the command above includes the -a flag. This flag will automatically fix small issues for you. We also run a code style check for the frontend code:

$ yarn eslint

We also run brakeman in order to detect security vulnerabilities:

$ bundle exec brakeman

Last but not least, make sure that your git commit follows a proper style. To ensure this, you can run the following task:

$ bundle exec rake test:git

Continuous Integration

We use Travis CI for continuous integration. You can run what we run in Travis locally:

$ chmod +x bin/ci/run.sh
$ ./bin/ci/run.sh

This script simply executes all the tests and checks that we have presented above.

Licensing

Portus is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.