Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions app/artifact-cas/configs/config.devel.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ server:
# Timeouts for http downloads
# grpc downloads/uploads don't require this because they don't have timeouts
timeout: 300s
# cors:
# allow_origins:
# - "http://localhost:3000"
grpc:
addr: 0.0.0.0:9001
# Some unary RPCs are slow, so we need to increase the timeout
Expand All @@ -18,9 +21,6 @@ server:
# private_key: "../../devel/devkeys/selfsigned/cas.key"
http_metrics:
addr: 0.0.0.0:5001
# cors:
# allow_origins:
# - "http://localhost:3000"

credentials_service:
# we will check that we can read there
Expand Down
124 changes: 62 additions & 62 deletions app/artifact-cas/internal/conf/conf.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions app/artifact-cas/internal/conf/conf.proto
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,15 @@ message Bootstrap {
}

message Server {
message CORS {
repeated string allow_origins = 1;
}
message HTTP {
string network = 1;
string addr = 2;
google.protobuf.Duration timeout = 3;
}
message CORS {
repeated string allow_origins = 1;
// CORS configuration for the HTTP download endpoint
CORS cors = 4;
}
message TLS {
// path to certificate and private key
Expand All @@ -63,8 +65,6 @@ message Server {
GRPC grpc = 2;
// hHTTP server where the prometheus metrics will get exposed
HTTP http_metrics = 3;
// CORS configuration for the HTTP download endpoint
CORS cors = 4;
}

message Auth {
Expand Down
2 changes: 1 addition & 1 deletion app/artifact-cas/internal/server/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func NewHTTPServer(c *conf.Server, authConf *conf.Auth, downloadSvc *service.Dow
srv := http.NewServer(opts...)

downloadHandler := middlewares_http.AuthFromQueryParam(loadPublicKey(rawKey), claimsFunc(), casJWT.SigningMethod, downloadSvc)
srv.Handle(service.DownloadPath, CORSMiddleware(c.GetCors().GetAllowOrigins(), downloadHandler))
srv.Handle(service.DownloadPath, CORSMiddleware(c.GetHttp().GetCors().GetAllowOrigins(), downloadHandler))
api.RegisterStatusServiceHTTPServer(srv, service.NewStatusService(Version, providers))
return srv, nil
}
Expand Down
3 changes: 3 additions & 0 deletions buf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ modules:
except:
- EXTENSION_NO_DELETE
- FIELD_SAME_DEFAULT
ignore_only:
FIELD_NO_DELETE:

@cubic-dev-ai cubic-dev-ai Bot Mar 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: This file-wide FIELD_NO_DELETE ignore disables breaking-change checks for all future config-field deletions in conf.proto, not just the CORS move.

(Based on your team's feedback about cross-component and version compatibility.)

View Feedback

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At buf.yaml, line 35:

<comment>This file-wide `FIELD_NO_DELETE` ignore disables breaking-change checks for all future config-field deletions in `conf.proto`, not just the CORS move.

(Based on your team's feedback about cross-component and version compatibility.) </comment>

<file context>
@@ -31,6 +31,9 @@ modules:
         - EXTENSION_NO_DELETE
         - FIELD_SAME_DEFAULT
+      ignore_only:
+        FIELD_NO_DELETE:
+          - app/artifact-cas/internal/conf/conf.proto
   - path: app/controlplane/api
</file context>
Fix with Cubic

- app/artifact-cas/internal/conf/conf.proto
- path: app/controlplane/api
lint:
use:
Expand Down
2 changes: 1 addition & 1 deletion deployment/chainloop/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ description: Chainloop is an open source software supply chain control plane, a

type: application
# Bump the patch (not minor, not major) version on each change in the Chart Source code
version: 1.343.0
version: 1.343.1
# Do not update appVersion, this is handled automatically by the release process
appVersion: v1.82.0

Expand Down
30 changes: 15 additions & 15 deletions deployment/chainloop/templates/cas/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,21 @@ data:
# Timeouts for http downloads
# grpc downloads/uploads don't require this because they don't have timeouts
timeout: 300s
{{- if .Values.cas.allowedOrigins }}
cors:
allow_origins:
{{- if kindIs "string" .Values.cas.allowedOrigins }}
{{- range splitList "," .Values.cas.allowedOrigins }}
{{- if (trim .) }}
- {{ trim . | quote }}
{{- end }}
{{- end }}
{{- else }}
{{- range .Values.cas.allowedOrigins }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
grpc:
{{- if include "cas.tls-secret-name" . }}
tls_config:
Expand All @@ -31,18 +46,3 @@ data:
timeout: 5s
http_metrics:
addr: "0.0.0.0:{{ .Values.cas.containerPorts.metrics}}"
{{- if .Values.cas.allowedOrigins }}
cors:
allow_origins:
{{- if kindIs "string" .Values.cas.allowedOrigins }}
{{- range splitList "," .Values.cas.allowedOrigins }}
{{- if (trim .) }}
- {{ trim . | quote }}
{{- end }}
{{- end }}
{{- else }}
{{- range .Values.cas.allowedOrigins }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
Loading