feat: use new datastructure for dockerhub auth and make cve scanning optional

defaults/main.yaml

@@ -4,6 +4,12 @@
 # renovate: datasource=github-releases depName=project-zot/zot versioning=pep440
 zot_version: "2.1.16"
 
-# dockerhub credentials (optional, avoids rate limits)
+# enable cve scanning of images
-# zot_dockerhub_username: ""
+zot_cve_scanning: false
-# zot_dockerhub_password: ""
+
+# sync registry credentials (optional, avoids rate limits)
+# zot_sync_credentials:
+#   - name: "dockerhub"
+#     registry: "registry-1.docker.io"
+#     username: "X"
+#     password: "Y"

tasks/config.yaml

@@ -13,7 +13,7 @@
         group: "root"
         mode: "0600"
       notify: "restart zot"
-      when: "zot_dockerhub_username is defined and zot_dockerhub_password is defined"
+      when: "zot_sync_credentials is defined and zot_sync_credentials | length > 0"
 
     # create config file
     - name: "create config file"

templates/zot/config.json.j2

@@ -34,14 +34,15 @@
       "enable": false
     },
     "search": {
-      "enable": true,
+      "enable": true{% if zot_cve_scanning %},
       "cve": {
         "updateInterval": "24h"
       }
+{% endif %}
     },
     "sync": {
       "enable": true,
-{% if zot_dockerhub_username is defined and zot_dockerhub_password is defined %}
+{% if zot_sync_credentials is defined and zot_sync_credentials | length > 0 %}
       "credentialsFile": "/etc/zot/sync-credentials.json",
 {% endif %}
       "registries": [

templates/zot/sync-credentials.json.j2

@@ -1,6 +1,9 @@
 {
-  "registry-1.docker.io": {
+{% for cred in zot_sync_credentials %}
-    "username": "{{ zot_dockerhub_username }}",
+  "{{ cred.registry }}": {
-    "password": "{{ zot_dockerhub_password }}"
+    "username": "{{ cred.username }}",
-  }
+    "password": "{{ cred.password }}"
+  }{% if not loop.last %},{% endif %}
+
+{% endfor %}
 }