diff --git a/.github/workflows/app-test-coverage-pr.yml b/.github/workflows/app-test-coverage-pr.yml new file mode 100644 index 000000000..a5b12a0c8 --- /dev/null +++ b/.github/workflows/app-test-coverage-pr.yml @@ -0,0 +1,72 @@ +# /******************************************************************************** +# * Copyright (c) 2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +name: Application test and coverage -- PR context + +on: + pull_request: + paths: + - 'src/**' + +jobs: + test-app: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Java 17 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + + - name: Test app + env: + GITHUB_USERNAME: ${{ vars.GITHUB_ACTOR }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: ./gradlew test + + - name: Get coverage + if: always() + env: + GITHUB_USERNAME: ${{ vars.GITHUB_ACTOR }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: ./gradlew jacocoTestReport + + - name: Upload test results + uses: actions/upload-artifact@v3 + if: always() + with: + name: test-results + path: ${{ github.workspace }}/build/ + + - name: Publish code coverage report as PR comment + uses: madrapps/jacoco-report@v1.6.1 + if: always() + with: + paths: | + ${{ github.workspace }}/build/reports/xml/jacoco.xml + token: ${{ secrets.GITHUB_TOKEN }} + min-coverage-overall: 80 + min-coverage-changed-files: 80 + title: Coverage Report diff --git a/.github/workflows/app-test-coverage-repo.yml b/.github/workflows/app-test-coverage-repo.yml new file mode 100644 index 000000000..c52a486f0 --- /dev/null +++ b/.github/workflows/app-test-coverage-repo.yml @@ -0,0 +1,68 @@ +# /******************************************************************************** +# * Copyright (c) 2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +name: Application test and coverage -- Repository context + +on: + workflow_run: + workflows: [ 'Application test and coverage -- PR context' ] + types: + - completed + +permissions: + contents: read + actions: read + checks: write + +jobs: + test-app: + runs-on: ubuntu-latest + + steps: + - name: Download test results + uses: actions/download-artifact@v3 + with: + name: test-results + path: ${{ github.workspace }}/ + + - name: Setup .NET Core # Required to execute ReportGenerator + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 6.x + dotnet-quality: 'ga' + + - name: Generate test report + uses: dorny/test-reporter@v1.6.0 + with: + name: Test results + path: 'test-results/test/*.xml' + reporter: java-junit + fail-on-error: false + + - name: Create Markdown from code coverage report + uses: danielpalme/ReportGenerator-GitHub-Action@5.1.25 + with: + reports: reports/xml/jacoco.xml + targetdir: coveragereport + reporttypes: MarkdownSummaryGithub + sourcedirs: src/main/java + title: 'Code Coverage' + + - name: Publish Markdown code coverage report as job summary + run: cat coveragereport/SummaryGithub.md >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/app-test-coverage.yml b/.github/workflows/app-test-coverage.yml deleted file mode 100644 index 887589282..000000000 --- a/.github/workflows/app-test-coverage.yml +++ /dev/null @@ -1,101 +0,0 @@ -# Disabled until is is runnable on github - -## /******************************************************************************** -## * Copyright (c) 2023 Contributors to the Eclipse Foundation -## * -## * See the NOTICE file(s) distributed with this work for additional -## * information regarding copyright ownership. -## * -## * This program and the accompanying materials are made available under the -## * terms of the Apache License, Version 2.0 which is available at -## * https://www.apache.org/licenses/LICENSE-2.0. -## * -## * Unless required by applicable law or agreed to in writing, software -## * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -## * License for the specific language governing permissions and limitations -## * under the License. -## * -## * SPDX-License-Identifier: Apache-2.0 -## ********************************************************************************/ -# -#name: Test application (test + coverage) -# -#on: -# workflow_dispatch: -# pull_request: -# paths: -# - 'src/**' -# -#permissions: -# id-token: write -# statuses: write -# checks: write -# # may also be read -# contents: write -# pull-requests: write -# actions: write -# -#jobs: -# test-app: -# runs-on: ubuntu-latest -# -# steps: -# - name: Checkout -# uses: actions/checkout@v3 -# with: -# fetch-depth: 0 -# -# - name: Set up Java 17 -# uses: actions/setup-java@v3 -# with: -# distribution: 'temurin' -# java-version: '17' -# -# - name: Setup .NET Core # Required to execute ReportGenerator -# uses: actions/setup-dotnet@v3 -# if: success() || failure() -# with: -# dotnet-version: 6.x -# dotnet-quality: 'ga' -# -# - name: Test app -# run: ORG_GRADLE_PROJECT_githubToken=${{ secrets.GITHUB_TOKEN }} ./gradlew test -# -# - name: Get coverage -# if: success() || failure() -# run: ORG_GRADLE_PROJECT_githubToken=${{ secrets.GITHUB_TOKEN }} ./gradlew jacocoTestReport -# -# - name: Generate test report -# uses: dorny/test-reporter@v1.6.0 -# if: success() || failure() -# with: -# name: Test results -# path: 'build/test-results/test/*.xml' -# reporter: java-junit -# fail-on-error: false -# -# - name: Generate code coverage report -# uses: danielpalme/ReportGenerator-GitHub-Action@5.1.25 -# if: success() || failure() -# with: -# reports: build/reports/xml/jacoco -# targetdir: coveragereport -# reporttypes: MarkdownSummaryGithub -# sourcedirs: src/main/java -# title: 'Code Coverage' -# -# - name: Publish code coverage report as job summary -# if: success() || failure() -# run: cat coveragereport/SummaryGithub.md >> $GITHUB_STEP_SUMMARY -# -# - name: Publish code coverage report as PR comment -# uses: madrapps/jacoco-report@v1.6.1 -# if: github.event_name == 'pull_request' && (success() || failure()) -# with: -# paths: | -# ${{ github.workspace }}/build/reports/xml/jacoco -# token: ${{ secrets.GITHUB_TOKEN }} -# min-coverage-overall: 80 -# min-coverage-changed-files: 80 -# title: Coverage Report diff --git a/.github/workflows/chart-lint-test.yml b/.github/workflows/chart-verification.yml similarity index 84% rename from .github/workflows/chart-lint-test.yml rename to .github/workflows/chart-verification.yml index 620586d1f..5c70c1553 100644 --- a/.github/workflows/chart-lint-test.yml +++ b/.github/workflows/chart-verification.yml @@ -17,7 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -name: Lint and Test Charts +name: Verify and Test Helm Chart on: workflow_dispatch: @@ -44,7 +44,7 @@ jobs: - name: Add bitnami repo run: | - helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update - name: Update Helm dependencies @@ -63,6 +63,29 @@ jobs: - name: Run linting run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet + verify-helm-docs: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run helm docs command + uses: addnab/docker-run-action@v3 + with: + image: jnorwood/helm-docs:v1.11.3 + options: -v ${{ github.workspace }}/charts:/helm-docs + run: helm-docs + + - name: Verify that no changes are required + run: | + if $(git diff --quiet --exit-code); then + echo "Helm chart docs up to date" + else + echo "Helm chart docs not up to date:" + git diff + exit 1 + fi + chart-test: runs-on: ubuntu-latest steps: @@ -86,7 +109,7 @@ jobs: - name: Add bitnami repo run: | - helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update - name: Update Helm dependencies diff --git a/.gitignore b/.gitignore index b355ac349..4bbae21a7 100644 --- a/.gitignore +++ b/.gitignore @@ -64,6 +64,8 @@ dev-assets/env-files/env.local dev-assets/env-files/env.docker dev-assets/env-files/env.environment dev-assets/docker-environment/postgres/db.sh +dev-assets/docker-environment/pgAdmin/servers.json +dev-assets/docker-environment/pgAdmin/storage/* .java-version diff --git a/CHANGELOG.md b/CHANGELOG.md index 2117fa570..402683c8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,23 +1,38 @@ -# [0.2.0](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.1.1...v0.2.0) (2023-10-23) +# [0.2.0-develop.7](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.6...v0.2.0-develop.7) (2023-11-23) -### Bug Fixes +### Features -* CGD-468: Application starts with corrupted data in case of invalid AES key ([c734946](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c734946abfc1c34f1710f74e1329505dafa2fa00)) -* **ci:** helm chart release ([c2bd166](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c2bd166f25c4488e1bc0d7bb5215d92602ad9f96)) -* missing env variables in release workflow ([#111](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/111)) ([0f99498](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/0f9949899eb218e0b3b1b3742c0ea5ee82d19701)) -* rate limit during json-ld context loading ([#100](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/100)) ([09d1f1a](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/09d1f1a4f5a8a2bbaf7e328efea4ed60d232d778)) -* typo in Bearer ([754b90a](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/754b90a9fa90a308584949a6bf8085b6b27d8a19)) -* Typo in Bearer ([#102](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/102)) ([3765c68](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/3765c689fcadc29f663c0521c3b9cc072ee8e779)) +* **dev:** add pgAdmin to local dev env ([#144](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/144)) ([d7f2bbe](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/d7f2bbe2900322bb5ecba94aa1ab4fafad5cf21c)) + +# [0.2.0-develop.6](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.5...v0.2.0-develop.6) (2023-11-23) ### Features -* add Eclipse Copyright header to CHANGELOG.md.jinja ([dd53533](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/dd53533bc6ccb9a160e4c51c46438321ed2b2be7)) -* add GH Action workflow to test the app (incl. coverage) ([1e16b04](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/1e16b0418825ea402dd4a690d760b367a5c0ce8b)) -* BPN validation added in issue dismantler VC ([5a04a2e](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/5a04a2ef41e48feb42c2db5baa54ea0e54833a3f)) -* **ci:** semantic releases from develop branch ([#87](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/87)) ([fda8ee6](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/fda8ee6ae864aa86823a7ebfdce9702f372a9ded)) -* error msg updated ([2b305d2](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/2b305d2d488a7ed1c63022ff4241ad5fa588822d)) +* add initContainers ([#142](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/142)) ([7317800](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/731780075ca5e1a707c8834013c4c98348e9c269)) + +# [0.2.0-develop.5](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.4...v0.2.0-develop.5) (2023-11-22) + + +### Features + +* **helm:** Make liveness & readiness probes configurable ([#99](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/99)) ([252eed1](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/252eed1b15289740ba953861076de86ddc99fe4a)) + +# [0.2.0-develop.4](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.3...v0.2.0-develop.4) (2023-11-22) + + +### Features + +* add tpl to miw ingress ([#143](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/143)) ([c56d133](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c56d1330f2df1a3468c1e680bcc4fe50898ca6bd)) + +# [0.2.0-develop.3](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.2...v0.2.0-develop.3) (2023-11-22) + + +### Bug Fixes + +* **ci:** separate workflow "Test application (test + coverage)" for PR and repo ([6de785b](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6de785b670bdede6e55559ce461fb76d05f2ecc8)) +* **dev:** add file extension and refactor called method in gradle ([6811a8b](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6811a8b025b76f5998b1c2fd65b5f679e28468d3)) # [0.2.0-develop.2](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.1...v0.2.0-develop.2) (2023-10-20) diff --git a/DEPENDENCIES b/DEPENDENCIES index a26164cf8..897d2f8d5 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -123,7 +123,7 @@ maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161 maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.69, MIT, approved, clearlydefined -maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, MIT, approved, clearlydefined +maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, GPL-2.0-only with Classpath-Exception-2.0, approved, #11598 maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670 maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.3, BSD-3-Clause, approved, ee4j.jaxb diff --git a/README.md b/README.md index 97b62258a..85bd88f3c 100644 --- a/README.md +++ b/README.md @@ -206,6 +206,27 @@ When you just run `task` without parameters, you will see all tasks available. 5. Click on "Authorize" and "close" 6. MIW is up and running +### pgAdmin + +This local environment contains [pgAdmin](https://www.pgadmin.org/), which is also started (default: http://localhost:8888). +The default login is: + +``` +user: pg@admin.com (you can change it in the env.* files) +password: the one you set for "POSTGRES_PASSWORD" in the env.* files +``` + +#### DB connection password + +When you log in into pgAdmin, the local Postgresql server is already configured. +But you will be asked to enter the DB password on the first time you connect to the DB. +(password: POSTGRES_PASSWORD in the env.* files) + +#### Storage folder + +The storage folder of pgAdmin is mounted to `dev-assets/docker-environment/pgAdmin/storage/`. +For example, You can save DB backups there, so you can access them on your local machine. + # End Users See OpenAPI documentation, which is automatically created from the source and available on each deployment at @@ -344,4 +365,4 @@ See [Docker-hub-notice.md](./Docker-hub-notice.md) We would like to give credit to these projects, which we use in our project. -[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release) \ No newline at end of file +[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release) diff --git a/SECURITY.md b/SECURITY.md index 7d8fced73..bd15e824c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,17 @@ -# Security Policy - ## Reporting a Vulnerability -Please report a found vulnerability here: -[https://www.eclipse.org/security/](https://www.eclipse.org/security/) \ No newline at end of file +Please do **not** report security vulnerabilities through public GitHub issues. + +Please report vulnerabilities to this repository via **GitHub security advisories** instead. + +How? Inside affected repository → security tab + +For contributors: +→ Report a vulnerability + +For committers: +→ Advisories → New draft security advisory + +In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/ + +See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability) \ No newline at end of file diff --git a/build.gradle b/build.gradle index aa3ac6f31..b43297a3d 100644 --- a/build.gradle +++ b/build.gradle @@ -17,6 +17,7 @@ plugins { group = "${groupName}" version = "${applicationVersion}" sourceCompatibility = JavaVersion.VERSION_17 + // Fetch the environment variables GITHUB_USERNAME, GITHUB_TOKEN // these can be set in /.env // or export GITHUB_USERNAME=... @@ -183,10 +184,6 @@ dependencyManagement { } } -tasks.named('test', Test) { - useJUnitPlatform() -} - // 'build' task comes from the 'java' plugin // docs: https://docs.gradle.org/current/userguide/java_plugin.html build { @@ -209,6 +206,7 @@ bootJar { // 'test' comes from the 'java' plugin // docs: https://docs.gradle.org/current/userguide/java_plugin.html test { + useJUnitPlatform() finalizedBy jacocoTestReport } @@ -221,12 +219,15 @@ htmlDependencyReport { // 'jacocoTestReport' is provided by the 'jacoco' plugin // docs: https://docs.gradle.org/current/userguide/jacoco_plugin.html jacocoTestReport { - dependsOn test reports { - xml.required = false - csv.required = false - html.required = true + xml.enabled true + xml.outputLocation = file("./build/reports/xml/jacoco.xml") + + csv.enabled false + + html.enabled true + html.outputLocation = file("./build/reports/html/jacoco") } afterEvaluate { @@ -245,7 +246,6 @@ jacocoTestReport { // docs: https://docs.gradle.org/current/userguide/jacoco_plugin.html#sec:configuring_the_jacoco_plugin jacoco { toolVersion = "${jacocoVersion}" - } diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 291132cea..4e3ee48ea 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -25,8 +25,8 @@ description: | type: application -version: 0.2.0 -appVersion: 0.2.0 +version: 0.2.0-develop.7 +appVersion: 0.2.0-develop.7 home: https://github.com/eclipse-tractusx/managed-identity-wallet keywords: @@ -37,6 +37,9 @@ sources: - https://github.com/eclipse-tractusx/managed-identity-wallet maintainers: + - name: Dominik Pinsel + email: dominik.pinsel@mercedes-benz.com + url: https://github.com/DominikPinsel - name: Peter Motzko email: peter.motzko@volkswagen.de url: https://github.com/pmoscode diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 95158bb53..25bd5ab60 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -2,7 +2,7 @@ # managed-identity-wallet -![Version: 0.1.0-rc.2](https://img.shields.io/badge/Version-0.1.0--rc.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0-rc.2](https://img.shields.io/badge/AppVersion-0.1.0--rc.2-informational?style=flat-square) +![Version: 0.2.0-develop.4](https://img.shields.io/badge/Version-0.2.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.4](https://img.shields.io/badge/AppVersion-0.2.0--develop.4-informational?style=flat-square) Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains. @@ -97,11 +97,15 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | ingress.enabled | bool | `false` | Enable ingress controller resource | | ingress.hosts | list | `[]` | Ingress accepted hostnames | | ingress.tls | list | `[]` | Ingress TLS configuration | +| initContainers | list | `[]` | add initContainers to the miw deployment | | keycloak.auth.adminPassword | string | `""` | Keycloak admin password | | keycloak.auth.adminUser | string | `"admin"` | Keycloak admin user | | keycloak.enabled | bool | `true` | Enable to deploy Keycloak | -| keycloak.extraEnvVars[0].name | string | `"KEYCLOAK_HOSTNAME"` | | -| keycloak.extraEnvVars[0].value | string | `"{{ .Release.Name }}-keycloak"` | | +| keycloak.extraEnvVars | list | `[]` | | +| keycloak.ingress.annotations | object | `{}` | | +| keycloak.ingress.enabled | bool | `false` | | +| keycloak.ingress.hosts | list | `[]` | | +| keycloak.ingress.tls | list | `[]` | | | keycloak.keycloakConfigCli.backoffLimit | int | `2` | Number of retries before considering a Job as failed | | keycloak.keycloakConfigCli.enabled | bool | `true` | Enable to create the miw playground realm | | keycloak.keycloakConfigCli.existingConfigmap | string | `"keycloak-realm-config"` | Existing configmap name for the realm configuration | @@ -110,6 +114,12 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | keycloak.postgresql.auth.username | string | `"miw_keycloak"` | Keycloak PostgreSQL user | | keycloak.postgresql.enabled | bool | `true` | Enable to deploy PostgreSQL | | keycloak.postgresql.nameOverride | string | `"keycloak-postgresql"` | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too. | +| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all | +| livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. | +| livenessProbe.initialDelaySeconds | int | `20` | Number of seconds after the container has started before readiness probe are initiated. | +| livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe | +| livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. | | miw.authorityWallet.bpn | string | `"BPNL000000000000"` | Authority Wallet BPNL | | miw.authorityWallet.name | string | `""` | Authority Wallet Name | | miw.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key | @@ -128,7 +138,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | miw.keycloak.realm | string | `"miw_test"` | Keycloak realm | | miw.keycloak.url | string | `"http://{{ .Release.Name }}-keycloak"` | Keycloak URL | | miw.logging.level | string | `"INFO"` | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE. | -| miw.ssi.enforceHttpsInDidWebResolution | bool | `false` | Enable to use HTTPS in DID Web Resolution | +| miw.ssi.enforceHttpsInDidWebResolution | bool | `true` | Enable to use HTTPS in DID Web Resolution | | miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12- | | nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) | | nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | @@ -144,6 +154,13 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | postgresql.backup.conjob.storage.size | string | `"8Gi"` | PVC Storage Request for the backup data volume | | postgresql.backup.enabled | bool | `false` | Enable to create a backup cronjob | | postgresql.enabled | bool | `true` | Enable to deploy Postgresql | +| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all | +| readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. | +| readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before readiness probe are initiated. | +| readinessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe | +| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | | replicaCount | int | `1` | The amount of replicas to run | | resources.limits.cpu | int | `2` | CPU resource limits | | resources.limits.memory | string | `"1Gi"` | Memory resource limits | @@ -230,9 +247,10 @@ when deploying the MIW in a production environment: | Name | Email | Url | | ---- | ------ | --- | +| Dominik Pinsel | | | | Peter Motzko | | |

(back to top)

---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/managed-identity-wallet/README.md.gotmpl b/charts/managed-identity-wallet/README.md.gotmpl index 6263c171f..eb9cfa76a 100644 --- a/charts/managed-identity-wallet/README.md.gotmpl +++ b/charts/managed-identity-wallet/README.md.gotmpl @@ -155,4 +155,5 @@ when deploying the MIW in a production environment:

(back to top)

-{{ template "helm-docs.versionFooter" . }} +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/) diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index 9a1aa38ae..40426b7aa 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -44,6 +44,10 @@ spec: serviceAccountName: {{ include "managed-identity-wallet.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.initContainers }} + initContainers: + {{- tpl (.Values.initContainers | toYaml) $ | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -113,26 +117,33 @@ spec: - name: http containerPort: 8080 protocol: TCP + {{- with .Values.livenessProbe }} + {{- if .enabled }} livenessProbe: - failureThreshold: 3 httpGet: path: /actuator/health/liveness port: 8090 scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - initialDelaySeconds: 30 + failureThreshold: {{ .failureThreshold }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + {{- end }} + {{- end }} + {{- with .Values.readinessProbe }} + {{- if .enabled }} readinessProbe: - failureThreshold: 3 httpGet: path: /actuator/health/readiness port: 8090 scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - initialDelaySeconds: 30 + failureThreshold: {{ .failureThreshold }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + successThreshold: {{ .successThreshold }} + timeoutSeconds: {{ .timeoutSeconds }} + {{- end }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/managed-identity-wallet/templates/ingress.yaml b/charts/managed-identity-wallet/templates/ingress.yaml index 50a965ff1..a550fece2 100644 --- a/charts/managed-identity-wallet/templates/ingress.yaml +++ b/charts/managed-identity-wallet/templates/ingress.yaml @@ -50,14 +50,14 @@ spec: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . | quote }} + - {{ tpl . $ | quote }} {{- end }} secretName: "{{ $fullName }}-{{ .secretName }}" {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ tpl .host $ | quote }} http: paths: {{- range .paths }} diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 414099293..b627e1961 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -61,6 +61,10 @@ ingress: annotations: {} # -- Ingress accepted hostnames hosts: [] + # - host: chart-example.local + # paths: + # - path: / + # pathType: Prefix # -- Ingress TLS configuration tls: [] # - secretName: chart-example-tls @@ -82,6 +86,34 @@ securityContext: # -- Enable to run the container as a non-root user runAsNonRoot: true +# -- Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) +livenessProbe: + # -- Enables/Disables the livenessProbe at all + enabled: true + # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. + failureThreshold: 3 + # -- Number of seconds after the container has started before readiness probe are initiated. + initialDelaySeconds: 20 + # -- Number of seconds after which the probe times out. + timeoutSeconds: 15 + # -- How often (in seconds) to perform the probe + periodSeconds: 5 + +# -- Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) +readinessProbe: + # -- Enables/Disables the readinessProbe at all + enabled: true + # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. + failureThreshold: 3 + # -- Number of seconds after the container has started before readiness probe are initiated. + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the probe + periodSeconds: 5 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 1 + # -- Number of seconds after which the probe times out. + timeoutSeconds: 5 + resources: requests: # -- CPU resource requests @@ -107,6 +139,9 @@ affinity: {} # -- PodAnnotation configuration podAnnotations: {} +# -- add initContainers to the miw deployment +initContainers: [] + ## @section Managed Identity Wallet Primary Parameters ## miw: diff --git a/dev-assets/docker-environment/docker-compose.yaml b/dev-assets/docker-environment/docker-compose.yaml index aa092e263..a2873cf45 100644 --- a/dev-assets/docker-environment/docker-compose.yaml +++ b/dev-assets/docker-environment/docker-compose.yaml @@ -34,7 +34,7 @@ services: - miw-net postgres: - image: postgres:15.3-alpine3.18 + image: postgres:14.5-alpine3.16 volumes: - postgres_data:/var/lib/postgresql/data - ./postgres/db.sh:/docker-entrypoint-initdb.d/init-database.sh @@ -63,10 +63,30 @@ services: networks: - miw-net + pgadmin: + image: dpage/pgadmin4 + ports: + - "8888:80" + user: root # If removed, the storage mount won't work + env_file: + - ../env-files/env.$DEV_ENVIRONMENT + environment: + PGADMIN_DISABLE_POSTFIX: true + volumes: + - pgadmin_data:/var/lib/pgadmin + - ./pgAdmin/servers.json:/pgadmin4/servers.json + - ./pgAdmin/storage/:/var/lib/pgadmin/storage/pg_admin.com/ + depends_on: + - postgres + networks: + - miw-net + volumes: postgres_data: driver: local + pgadmin_data: + driver: local networks: miw-net: - name: miw-net \ No newline at end of file + name: miw-net diff --git a/dev-assets/docker-environment/pgAdmin/servers.json.tpl b/dev-assets/docker-environment/pgAdmin/servers.json.tpl new file mode 100755 index 000000000..ac34530a5 --- /dev/null +++ b/dev-assets/docker-environment/pgAdmin/servers.json.tpl @@ -0,0 +1,22 @@ +{ + "Servers": { + "1": { + "Name": "Local", + "Group": "Servers", + "Host": "postgres", + "Port": 5432, + "MaintenanceDB": "postgres", + "Username": "$POSTGRES_USER", + "UseSSHTunnel": 0, + "TunnelPort": "22", + "TunnelAuthentication": 0, + "KerberosAuthentication": false, + "ConnectionParameters": { + "sslmode": "prefer", + "connect_timeout": 10, + "sslcert": "/.postgresql/postgresql.crt", + "sslkey": "/.postgresql/postgresql.key" + } + } + } +} diff --git a/dev-assets/docker-environment/pgAdmin/storage/.git-keep b/dev-assets/docker-environment/pgAdmin/storage/.git-keep new file mode 100755 index 000000000..1f8f00cda --- /dev/null +++ b/dev-assets/docker-environment/pgAdmin/storage/.git-keep @@ -0,0 +1,22 @@ +# +# /******************************************************************************** +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ +# + +Is mounted as storage folder inside the pgAdmin container. diff --git a/dev-assets/docker-environment/postgres/init.sql b/dev-assets/docker-environment/postgres/init.sql deleted file mode 100644 index 64f272cf7..000000000 --- a/dev-assets/docker-environment/postgres/init.sql +++ /dev/null @@ -1,21 +0,0 @@ -/* - * ******************************************************************************* - * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0. - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ****************************************************************************** - */ - diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index aec3b1b29..12aed3d56 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -14,6 +14,9 @@ POSTGRES_DB_NAME_MIW=miw POSTGRES_USERNAME_MIW=miw_user POSTGRES_PASSWORD_MIW= +# Docker: pgAdmin config +PGADMIN_DEFAULT_EMAIL=pg@admin.com + # Docker: Keycloak config KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public DB_DATABASE=keycloak @@ -45,5 +48,6 @@ DB_USER=${POSTGRES_USER} DB_NAME=${POSTGRES_DB_NAME_MIW} DB_USER_NAME=${POSTGRES_USERNAME_MIW} DB_PASSWORD=${POSTGRES_PASSWORD_MIW} +PGADMIN_DEFAULT_PASSWORD=${POSTGRES_PASSWORD} ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME} ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index 039992bbf..3f9459316 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -14,6 +14,9 @@ POSTGRES_DB_NAME_MIW=miw POSTGRES_USERNAME_MIW=miw_user POSTGRES_PASSWORD_MIW= +# Docker: pgAdmin config +PGADMIN_DEFAULT_EMAIL=pg@admin.com + # Docker: Keycloak config KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public DB_DATABASE=keycloak @@ -45,5 +48,6 @@ DB_USER=${POSTGRES_USER} DB_NAME=${POSTGRES_DB_NAME_MIW} DB_USER_NAME=${POSTGRES_USERNAME_MIW} DB_PASSWORD=${POSTGRES_PASSWORD_MIW} +PGADMIN_DEFAULT_PASSWORD=${POSTGRES_PASSWORD} ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME} ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} diff --git a/dev-assets/tasks/darwin/app.yaml b/dev-assets/tasks/darwin/app.yaml index 38d7ff285..b5b621afa 100644 --- a/dev-assets/tasks/darwin/app.yaml +++ b/dev-assets/tasks/darwin/app.yaml @@ -38,15 +38,18 @@ tasks: test-report: desc: Generates the test report for MIW + ignore_error: true cmds: + - ./gradlew test - ./gradlew jacocoTestReport coverage: desc: Runs the coverage check cmds: + - task: test-report - ./gradlew jacocoTestCoverageVerification clean: desc: Cleans the build directory cmds: - - ./gradlew clean \ No newline at end of file + - ./gradlew clean diff --git a/dev-assets/tasks/darwin/docker.yaml b/dev-assets/tasks/darwin/docker.yaml index cd3fa1fd5..a7af6cbf2 100644 --- a/dev-assets/tasks/darwin/docker.yaml +++ b/dev-assets/tasks/darwin/docker.yaml @@ -32,9 +32,10 @@ tasks: ignore_error: true vars: OPTIONS: '{{ default "" .OPTIONS }}' - CONTAINERS: '{{ default "postgres keycloak" .CONTAINERS }}' + CONTAINERS: '{{ default "postgres keycloak pgadmin" .CONTAINERS }}' cmds: - cat postgres/db.sh.tpl | envsubst > postgres/db.sh + - cat pgAdmin/servers.json.tpl | envsubst > pgAdmin/servers.json - chmod +x postgres/db.sh - "docker compose up {{.OPTIONS}} {{.CONTAINERS}}" @@ -43,9 +44,10 @@ tasks: dir: dev-assets/docker-environment cmds: - docker compose down - - cmd: docker volume remove docker-environment_postgres_data + - cmd: docker volume remove docker-environment_postgres_data docker-environment_pgadmin_data ignore_error: true - rm -f postgres/db.sh + - rm -f pgAdmin/servers.json start-app: desc: Run the app in a container environment (including middleware aka Postgresql and Keycloak) diff --git a/dev-assets/tasks/linux/app.yaml b/dev-assets/tasks/linux/app.yaml index 91d94813a..f0159dcb6 100644 --- a/dev-assets/tasks/linux/app.yaml +++ b/dev-assets/tasks/linux/app.yaml @@ -33,12 +33,15 @@ tasks: test-report: desc: Generates the test report for MIW + ignore_error: true cmds: + - ./gradlew test - ./gradlew jacocoTestReport coverage: desc: Runs the coverage check cmds: + - task: test-report - ./gradlew jacocoTestCoverageVerification clean: diff --git a/dev-assets/tasks/linux/docker.yaml b/dev-assets/tasks/linux/docker.yaml index cd3fa1fd5..a7af6cbf2 100644 --- a/dev-assets/tasks/linux/docker.yaml +++ b/dev-assets/tasks/linux/docker.yaml @@ -32,9 +32,10 @@ tasks: ignore_error: true vars: OPTIONS: '{{ default "" .OPTIONS }}' - CONTAINERS: '{{ default "postgres keycloak" .CONTAINERS }}' + CONTAINERS: '{{ default "postgres keycloak pgadmin" .CONTAINERS }}' cmds: - cat postgres/db.sh.tpl | envsubst > postgres/db.sh + - cat pgAdmin/servers.json.tpl | envsubst > pgAdmin/servers.json - chmod +x postgres/db.sh - "docker compose up {{.OPTIONS}} {{.CONTAINERS}}" @@ -43,9 +44,10 @@ tasks: dir: dev-assets/docker-environment cmds: - docker compose down - - cmd: docker volume remove docker-environment_postgres_data + - cmd: docker volume remove docker-environment_postgres_data docker-environment_pgadmin_data ignore_error: true - rm -f postgres/db.sh + - rm -f pgAdmin/servers.json start-app: desc: Run the app in a container environment (including middleware aka Postgresql and Keycloak) diff --git a/gradle.properties b/gradle.properties index 0bb2f6277..fdd511775 100644 --- a/gradle.properties +++ b/gradle.properties @@ -4,7 +4,7 @@ jacocoVersion=0.8.9 springBootVersion=3.1.2 springDependencyVersion=1.1.0 groupName=org.eclipse.tractusx -applicationVersion=0.2.0 +applicationVersion=0.2.0-develop.7 openApiVersion=2.1.0 githubUserName= -githubToken= \ No newline at end of file +githubToken=