Arbitrary images can be pushed to container registry #36122
Description
Description
I have created Git repo myusername/foo and set up token to authenticate with docker login. It looks like I can push arbitrary container images with docker push eg myusername/bar for which no corresponding Git repository exists.
I think this is unexpected and should be filtered. It would make most sense to permit pushing only if corresponding Git repository exists.
Additionally Gitea web UI has no way to browse existing tags. Also what about cleaning up firstly untagged images and secondly stuff that has been pushed under random names?
Gitea Version
1.25.1
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
0.0s
lauri@lauri-x13:~/hello-gin$ docker push git.codemowers.io/laurivosandi/foo
Using default tag: latest
The push refers to repository [git.codemowers.io/laurivosandi/foo]
f37b91cb9618: Pushed
latest: digest: sha256:27a185b17d52acdc12bcb758f46cf05373610610f524f7ad7ba2be5d04d70ea3 size: 528
lauri@lauri-x13:~/hello-gin$ docker push git.codemowers.io/laurivosandi/bar
Using default tag: latest
The push refers to repository [git.codemowers.io/laurivosandi/bar]
f37b91cb9618: Mounted from laurivosandi/foo
latest: digest: sha256:27a185b17d52acdc12bcb758f46cf05373610610f524f7ad7ba2be5d04d70ea3 size: 528
lauri@lauri-x13:~/hello-gin$ docker push git.codemowers.io/laurivosandi/baz
Using default tag: latest
The push refers to repository [git.codemowers.io/laurivosandi/baz]
f37b91cb9618: Mounted from laurivosandi/bar
latest: digest: sha256:27a185b17d52acdc12bcb758f46cf05373610610f524f7ad7ba2be5d04d70ea3 size: 528
Git Version
No response
Operating System
Ubuntu 24.04
How are you running Gitea?
Gitea in Kubernetes, exposed via Cilium LB
Database
PostgreSQL