eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/changelog.d
History
Erich Blume 0e2c10176d Harden zot registry, pt 1 (#231) 
## Summary
- Enable OIDC + API key authentication on zot with anonymous pull preserved
- Enforce tag immutability for version tags
- Adopt commit-SHA-based container image tagging

Details in the [[harden-zot-registry]] Mikado chain (`mise run docs-mikado harden-zot-registry`).

## Test plan
- [ ] Anonymous pull still works
- [ ] Unauthenticated push fails (401)
- [ ] CI container builds pass with new auth and tagging
- [ ] `mise run services-check` passes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/231
2026-02-20 22:50:01 -08:00
..
.gitkeep Add towncrier changelog system (#86) 2026-02-03 11:48:13 -08:00
add-container-versioning-prereq.infra.md Add commit-based container tagging prereq to harden-zot-registry chain (#230) 2026-02-20 18:26:27 -08:00
feature-agent-change-process.feature.md Add agent change process (C0/C1/C2) and docs-mikado tool (#225) 2026-02-20 08:15:20 -08:00
feature-authentik-mikado-chain.infra.md Convert deploy-authentik plan to C2 Mikado chain (#226) 2026-02-20 08:22:19 -08:00
feature-deploy-authentik.feature.md Deploy Authentik identity provider (C2 Mikado) (#227) 2026-02-20 12:55:59 -08:00
feature-forgejo-authentik-oidc.feature.md Integrate Forgejo with Authentik OIDC (#228) 2026-02-20 17:39:50 -08:00
harden-zot-mikado-cards.ai.md Harden zot registry, pt 1 (#231) 2026-02-20 22:50:01 -08:00
plan-deploy-authentik.doc.md Add Authentik deployment plan (#224) 2026-02-20 07:06:56 -08:00