feat(helm): add pgAdmin to MIW Helm chart

.github/workflows/app-test-coverage-pr.yml

@@ -41,16 +41,10 @@ jobs:
           java-version: '17'
 
       - name: Test app
-        env:
-          GITHUB_USERNAME: ${{ vars.GITHUB_ACTOR }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: ./gradlew test
 
       - name: Get coverage
         if: always()
-        env:
-          GITHUB_USERNAME: ${{ vars.GITHUB_ACTOR }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: ./gradlew jacocoTestReport
 
       - name: Upload test results

.github/workflows/chart-verification.yml

@@ -74,7 +74,7 @@ jobs:
         with:
           image: jnorwood/helm-docs:v1.11.3
           options: -v ${{ github.workspace }}/charts:/helm-docs
-          run: helm-docs
+          run: helm-docs -i managed-identity-wallet/.helmdocsignore
 
       - name: Verify that no changes are required
         run: |
@@ -119,15 +119,13 @@ jobs:
 
       - name: Install Helm unittest plugin
         run: |
-          helm plugin install https://github.com/helm-unittest/helm-unittest.git
+          helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 0.3.5
 
       - name: Run Helm unittests
         run: task helm:unittest
 
       - name: Build app
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_USERNAME: ${{ github.actor }}
           SKIP_GRADLE_TASKS_PARAM: "-x jacocoTestCoverageVerification -x test"
         run: task app:build
 

.github/workflows/dast-scan.yaml

@@ -62,8 +62,6 @@ jobs:
 
       - name: Build app
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_USERNAME: ${{ github.actor }}
           SKIP_GRADLE_TASKS_PARAM: "-x jacocoTestCoverageVerification -x test"
         run: task app:build
 

.github/workflows/release.yml

@@ -64,25 +64,18 @@ jobs:
       - name: Run semantic release
         if: github.event_name != 'pull_request'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_USERNAME: ${{ github.actor }}
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
 
       - name: Run semantic release (dry run)
         if: github.event_name == 'pull_request'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_USERNAME: ${{ github.actor }}
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
 
       - name: Execute Gradle build
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_USERNAME: ${{ github.actor }}
         run: ./gradlew build
 
       - name: Upload build artifact

.github/workflows/veracode.yaml

@@ -63,7 +63,7 @@ jobs:
       - name: Build with Gradle
         uses: gradle/gradle-build-action@v2
         with:
-          arguments: build -PgithubToken=${{ secrets.GITHUB_TOKEN }}
+          arguments: build
 
       - name: Veracode Upload And Scan
         uses: veracode/veracode-uploadandscan-action@0.2.6

CHANGELOG.md

@@ -1,3 +1,26 @@
+# [0.2.0-develop.9](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.8...v0.2.0-develop.9) (2023-11-30)
+
+
+### Bug Fixes
+
+* method name from the cx-ssi-lib has been renamed ([b46d084](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/b46d0846f6b9ccc6b439c82ffec783cd8b933e08))
+
+# [0.2.0-develop.8](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.7...v0.2.0-develop.8) (2023-11-28)
+
+
+### Bug Fixes
+
+* **dev:** add important notes to INSTALL.md ([a7c1b71](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/a7c1b711ac402cbead4e10e5c79d6ba318eaacdb))
+* **dev:** adjust port to request against keycloak ([4a3d317](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/4a3d317363690c78897c5db77a60fc716cd91b42))
+* **dev:** small adjustment to INSTALL.md ([59b6df4](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/59b6df484bd31905f43d8bc9c83e44f0992839fb))
+
+
+### Features
+
+* **devel:** make application port dynamic (parameter) ([8816c89](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/8816c899e8aa2170e753f3250c74552d898520c2))
+* **dev:** update README.md and introduce INSTALL.md for usage ([54b8d4a](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/54b8d4ae9c859db2216ac3f85cbc56ab3cf6b950))
+* **readme:** add "usage" section [WIP] ([6919b71](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6919b71870e9265ae09a66e3354ec43bf7d1d088))
+
 # [0.2.0-develop.7](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.6...v0.2.0-develop.7) (2023-11-23)
 
 

DEPENDENCIES

@@ -118,7 +118,7 @@ maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.11, Apache-2.0
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.11, Apache-2.0, approved, #6997
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.11, Apache-2.0, approved, #7920
 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, EPL-1.0, approved, tools.aspectj
+maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND BSD-3-Clause AND Apache-1.1, approved, #7695
 maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161
 maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlydefined
 maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712

INSTALL.md

@@ -0,0 +1,40 @@
+# Managed Identity Wallets
+
+If you just want to try out MIW (without any developer setup), then you can find a quick start guide here:
+
+(It will only work on macOS or GNU/Linux - For Windows,
+you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install))
+
+- You need to install these tools:
+    - [Docker](https://docs.docker.com/desktop/) (or from your package manager)
+      -> Configure it to run without root permission
+    - Docker [compose plugin](https://docs.docker.com/compose/)
+    - [Taskfile](https://taskfile.dev)
+    - [jq](https://jqlang.github.io/jq/)
+- Clone this repo
+- (Optional) Checkout main (stable) or develop (latest), if not already checked out
+- Copy `dev-assets/env-files/env.docker.dist` to `dev-assets/env-files/env.docker`
+- Set these variables in `env.docker`
+    - POSTGRES_PASSWORD
+    - POSTGRES_PASSWORD_MIW
+    - KEYCLOAK_ADMIN_PASSWORD
+    - ENCRYPTION_KEY (32 random alphanumeric characters)
+- Follow the "docker" path of the "Development setup" to get it up and running:
+    1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds"
+    2. Run `task app:get-token` in another shell and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) )
+    3. Open API doc on http://localhost:8000
+    4. Click on Authorize on Swagger UI and on the dialog paste the token (incl. "Bearer") into the "value" input
+    5. Click on "Authorize" and "close"
+    6. MIW is up, running, and you are authorized to fire requests in the Swagger UI
+    7. If you're done, then run `task docker:stop-app` to clean up everything
+
+> [!IMPORTANT]  
+> You need to use Java 17!
+
+> [!WARNING]
+> If you encounter some kind of database connection errors, then execute `task docker:stop-app`.
+> This will remove all existing Docker volumes, which may cause this error.
+
+> [!IMPORTANT]
+> Ensure you have exactly 32 random alphanumeric characters set 
+> for `ENCRYPTION_KEY` in `dev-assets/env-files/env.docker`

NOTICE.md

@@ -36,13 +36,6 @@ This project leverages the following third party content.
 
 See DEPENDENCIES file.
 
-cx-ssi-lib-0.0.16.jar (0.0.16)  
-    - License:   Apache-2.0  
-    - Licence Path: <https://github.com/catenax-ng/product-lab-ssi/blob/main/cx-ssi-lib/LICENSE>  
-    - Project URL:  <https://github.com/catenax-ng/product-lab-ssi>  
-    - Source URL:   <https://github.com/catenax-ng/product-lab-ssi/tree/main/cx-ssi-lib>  
-    - Download URL: <https://github.com/catenax-ng/product-lab-ssi/packages/1842305?version=0.0.16>
-
 ## Cryptography
 
 Content may contain encryption software. The country in which you are currently

README.md

@@ -2,6 +2,10 @@
 
 The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using `did:web`.
 
+# Usage
+
+See [INSTALL.md](INSTALL.md) 
+
 # Developer Documentation
 
 To run MIW locally, this section describes the tooling as well as the local development setup.
@@ -151,27 +155,23 @@ directory, but without ".dist" at the end.
 
 Description of the env files:
 
-- **env.local**: Setup everything to get ready for flow "local". You need to fill in the passwords.
-- **env.docker**: Setup everything to get ready for flow "docker". You need to fill in the passwords.
+- **env.local**: Set up everything to get ready for flow "local". You need to fill in the passwords. 
+- **env.docker**: Set up everything to get ready for flow "docker". You need to fill in the passwords.
 
-> **IMPORTANT**: ssi-lib is resolving DID documents over network. There are two endpoints that rely on this resolution:
+> **IMPORTANT**: ssi-lib is resolving DID documents over the network. There are two endpoints that rely on this resolution:
 > - Verifiable Credentials - Validation
 > - Verifiable Presentations - Validation
->
-> The following parameters must be added or changed in env.local or env.docker file to ensure that these endpoints work
-> as intended in local development environment:
-> Add: ENFORCE_HTTPS_IN_DID_RESOLUTION=false
-> Change: MIW_HOST_NAME from miw to localhost
-> Change: APPLICATION_PORT from 8000 to 80
-
-> **IMPORTANT**: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start
+>   
+> The following parameters are set in env.local or env.docker file per default:
+> ENFORCE_HTTPS_IN_DID_RESOLUTION=false
+> MIW_HOST_NAME=localhost
+> APPLICATION_PORT=80
+> If you intend to change them, the DID resolving may not work properly anymore!
+
+> **IMPORTANT**: When you are using macOS and the MIW docker container won't start up (stuck somewhere or doesn't start
 > at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your
 > Docker settings (under "features in development"). This should fix the issue.
 
-In both env files (env.local and env.docker) you need to set *GITHUB_USERNAME* and *GITHUB_TOKEN* in order to be able to
-build the app, because the SSI lib is stored in a private repo (you also need the proper rights to access the repo).
-The access token need to have `read:packages` access. (ref: https://github.com/settings/tokens/new)
-
 Note: *SKIP_GRADLE_TASKS_PARAM* is used to pass parameters to the build process of the MIW jar. Currently, it skips the
 tests and code coverage, but speeds up the build time. If you want to activate it, just comment it out
 like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"`

build.gradle

@@ -8,24 +8,12 @@ plugins {
     // used to download the 'dash.jar' for license checks
     // docs: https://github.com/michel-kraemer/gradle-download-task
     id "de.undercouch.download" version "5.5.0"
-
-    // used to convert .env variables to gradle env variables
-    // docs: https://github.com/uzzu/dotenv-gradle
-    id "co.uzzu.dotenv.gradle" version "2.0.0"
 }
 
 group = "${groupName}"
 version = "${applicationVersion}"
 sourceCompatibility = JavaVersion.VERSION_17
 
-// Fetch the environment variables GITHUB_USERNAME, GITHUB_TOKEN
-// these can be set in <project_root>/.env
-// or export GITHUB_USERNAME=...
-//    export GITHUB_TOKEN=...
-// When using `task ...` this is not necessary
-def githubUserName = "${githubUserName}" ? "${githubUserName}" : env.fetch('GITHUB_USERNAME')
-def githubToken = "${githubToken}" ? "${githubToken}" : env.fetch('GITHUB_TOKEN')
-
 // alias for Project.getConfigurations()
 configurations {
     // add a custom config to avoid applying the dev-tools to a production app
@@ -45,13 +33,6 @@ repositories {
         url = uri("https://repo.danubetech.com/repository/maven-public")
     }
     maven { url 'https://jitpack.io' }
-    maven {
-        url = uri("https://maven.pkg.github.com/catenax-ng/product-lab-ssi")
-        credentials {
-            username = "${githubUserName}"
-            password = "${githubToken}"
-        }
-    }
     maven {
         // Used to resolve Dash License Tool
         // Dash has a maven plugin, BUT is not resolvable through mavenCentral()

charts/managed-identity-wallet/.helmdocsignore

@@ -0,0 +1 @@
+charts/

charts/managed-identity-wallet/.helmignore

@@ -24,5 +24,5 @@
 tests/
 values-*.yaml
 README.md.gotmpl
+.helmdocsignore
 ci/
-argocd/

charts/managed-identity-wallet/Chart.lock

@@ -4,9 +4,12 @@ dependencies:
   version: 15.1.6
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 2.8.0
+  version: 2.13.3
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
   version: 11.9.13
-digest: sha256:4ec5952d86e68eb97bc393404e52e5a7371eed72d769440d1fa549c8db8b4a3b
-generated: "2023-08-21T23:08:36.120845+02:00"
+- name: pgadmin4
+  repository: file://charts/pgadmin4
+  version: 1.19.0
+digest: sha256:30c1e41f2c5f35829f68dd52ecc80005b4edf726d9e472801f6bfb834b8be512
+generated: "2023-11-22T12:12:48.461495+01:00"

charts/managed-identity-wallet/Chart.yaml

@@ -25,8 +25,8 @@ description: |
 
 type: application
 
-version: 0.2.0-develop.7
-appVersion: 0.2.0-develop.7
+version: 0.2.0-develop.9
+appVersion: 0.2.0-develop.9
 
 home: https://github.com/eclipse-tractusx/managed-identity-wallet
 keywords:
@@ -58,3 +58,8 @@ dependencies:
     version: 11.9.13
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.internal.enabled
+  - name: pgadmin4
+    repository: file://charts/pgadmin4  # https://helm.runix.net
+    # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE
+    version: 1.19.0
+    condition: pgadmin4.enabled

charts/managed-identity-wallet/README.md

@@ -2,7 +2,7 @@
 
 # managed-identity-wallet
 
-![Version: 0.2.0-develop.4](https://img.shields.io/badge/Version-0.2.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.4](https://img.shields.io/badge/AppVersion-0.2.0--develop.4-informational?style=flat-square)
+![Version: 0.2.0-develop.7](https://img.shields.io/badge/Version-0.2.0--develop.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.7](https://img.shields.io/badge/AppVersion-0.2.0--develop.7-informational?style=flat-square)
 
 Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
 And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains.
@@ -77,6 +77,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 
 | Repository | Name | Version |
 |------------|------|---------|
+| file://charts/pgadmin4 | pgadmin4 | 1.19.0 |
 | https://charts.bitnami.com/bitnami | common | 2.x.x |
 | https://charts.bitnami.com/bitnami | keycloak | 15.1.6 |
 | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
@@ -142,6 +143,15 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12-<current year> |
 | nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) |
 | nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration |
+| pgadmin4.enabled | bool | `true` | Enable to deploy pgAdmin |
+| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email |
+| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) |
+| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin |
+| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers |
+| pgadmin4.ingress.annotations | object | `{}` |  |
+| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress |
+| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) |
+| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) |
 | podAnnotations | object | `{}` | PodAnnotation configuration |
 | podSecurityContext | object | `{}` | PodSecurityContext |
 | postgresql.auth.database | string | `"miw_app"` | Postgresql database to create |

charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+description: pgAdmin4 is a web based administration tool for PostgreSQL database
+name: pgadmin4
+version: 1.19.0
+appVersion: "7.8"
+keywords:
+  - pgadmin
+  - postgres
+  - database
+  - sql
+home: https://www.pgadmin.org/
+icon: https://wiki.postgresql.org/images/3/30/PostgreSQL_logo.3colors.120x120.png
+sources:
+  - https://github.com/rowanruseler/helm-charts
+maintainers:
+  - name: rowanruseler
+    email: rowanruseler@gmail.com