From ca878373e5ab366bf1b6fced3b74406153abab71 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Wed, 3 Apr 2024 16:02:44 +0200 Subject: [PATCH] chore: improve workflows and helm chart (#51) - chore: combine helm chart release and image build - chore: change to absolute paths for image build - chore: add file header - chore: remove unused value - chore: improve owasp scan - docs: change chart description --- .github/workflows/chart-release.yaml | 86 ----- .github/workflows/chart-test.yml | 8 +- .../credential-expiry-app-docker.yml | 4 +- .github/workflows/migrations-docker.yml | 4 +- .github/workflows/owasp-zap.yml | 15 +- .github/workflows/processes-worker-docker.yml | 4 +- .github/workflows/release.yml | 306 ++++++------------ .github/workflows/release_candidate.yml | 8 +- .github/workflows/service-docker.yml | 4 +- charts/ssi-credential-issuer/Chart.yaml | 2 +- .../templates/_helpers.tpl | 19 ++ charts/ssi-credential-issuer/values.yaml | 2 - 12 files changed, 146 insertions(+), 316 deletions(-) delete mode 100644 .github/workflows/chart-release.yaml diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml deleted file mode 100644 index 5ce1c609..00000000 --- a/.github/workflows/chart-release.yaml +++ /dev/null @@ -1,86 +0,0 @@ -############################################################### -# Copyright (c) 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################### - -name: Release Chart - -on: - workflow_dispatch: - push: - paths: - - 'charts/**' - branches: - - main - -jobs: - release: - # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions - # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update helm dependencies for ssi-credential-issuer - run: | - cd charts/ssi-credential-issuer - helm repo add bitnami https://charts.bitnami.com/bitnami - helm dependency update - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_SKIP_EXISTING: "true" - - - name: Get current helm chart version - id: chart-version - run: | - current=$(cat ./charts/ssi-credential-issuer/Chart.yaml | grep "version:" | head -1 | cut -d ":" -d " " -f2) - echo "current=$current" >> $GITHUB_OUTPUT - echo "Exported $current helm chart version" - - - name: Check for previous version - id: version-check - run: | - exists=$(git tag -l "v${{ steps.chart-version.outputs.current }}") - if [[ -n "$exists" ]]; then - echo "exists=true" >> $GITHUB_OUTPUT - else - echo "exists=false" >> $GITHUB_OUTPUT - fi - - - name: Create and push git tag for release workflow to be triggered - run: | - git tag v${{ steps.chart-version.outputs.current }} - git push origin v${{ steps.chart-version.outputs.current }} - if: steps.version-check.outputs.exists == 'false' \ No newline at end of file diff --git a/.github/workflows/chart-test.yml b/.github/workflows/chart-test.yml index 9de0cbc2..40833956 100644 --- a/.github/workflows/chart-test.yml +++ b/.github/workflows/chart-test.yml @@ -65,7 +65,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - file: docker/Dockerfile-credential-issuer-migrations + file: ./docker/Dockerfile-credential-issuer-migrations push: true tags: kind-registry:5000/credential-issuer-migrations:testing @@ -74,7 +74,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - file: docker/Dockerfile-credential-issuer-service + file: ./docker/Dockerfile-credential-issuer-service push: true tags: kind-registry:5000/credential-issuer-service:testing @@ -83,7 +83,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - file: docker/Dockerfile-credential-expiry-app + file: ./docker/Dockerfile-credential-expiry-app push: true tags: kind-registry:5000/credential-expiry-app:testing @@ -92,7 +92,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - file: docker/Dockerfile-credential-issuer-processes-worker + file: ./docker/Dockerfile-credential-issuer-processes-worker push: true tags: kind-registry:5000/credential-issuer-processes-worker:testing diff --git a/.github/workflows/credential-expiry-app-docker.yml b/.github/workflows/credential-expiry-app-docker.yml index ce0b32a2..6bdf8631 100644 --- a/.github/workflows/credential-expiry-app-docker.yml +++ b/.github/workflows/credential-expiry-app-docker.yml @@ -73,7 +73,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-expiry-app + file: ./docker/Dockerfile-credential-expiry-app platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -88,4 +88,4 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - readme-filepath: "./docker/notice-credential-expiry-app.md" + readme-filepath: ./docker/notice-credential-expiry-app.md diff --git a/.github/workflows/migrations-docker.yml b/.github/workflows/migrations-docker.yml index d9a1dc40..27ae0371 100644 --- a/.github/workflows/migrations-docker.yml +++ b/.github/workflows/migrations-docker.yml @@ -74,7 +74,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-migrations + file: ./docker/Dockerfile-credential-issuer-migrations platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -89,4 +89,4 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - readme-filepath: "./docker/notice-credential-issuer-migrations.md" + readme-filepath: ./docker/notice-credential-issuer-migrations.md diff --git a/.github/workflows/owasp-zap.yml b/.github/workflows/owasp-zap.yml index 89b956b9..115ebfc9 100644 --- a/.github/workflows/owasp-zap.yml +++ b/.github/workflows/owasp-zap.yml @@ -65,7 +65,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-migrations + file: ./docker/Dockerfile-credential-issuer-migrations push: true tags: kind-registry:5000/credential-issuer-migrations:testing @@ -74,7 +74,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-service + file: ./docker/Dockerfile-credential-issuer-service push: true tags: kind-registry:5000/credential-issuer-service:testing @@ -83,7 +83,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-processes-worker + file: ./docker/Dockerfile-credential-issuer-processes-worker push: true tags: kind-registry:5000/credential-issuer-processes-worker:testing @@ -92,7 +92,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-expiry-app + file: ./docker/Dockerfile-credential-expiry-app push: true tags: kind-registry:5000/credential-expiry-app:testing @@ -142,15 +142,10 @@ jobs: echo "... done." - - name: Add Summary - if: success() || failure() - run: | - echo "Publishing Job summary... " - cat report_md.md >> $GITHUB_STEP_SUMMARY - - name: Upload HTML report if: success() || failure() uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ZAP scan report path: ./report_html.html + retention-days: 1 diff --git a/.github/workflows/processes-worker-docker.yml b/.github/workflows/processes-worker-docker.yml index 060cb4cd..e68ed8d9 100644 --- a/.github/workflows/processes-worker-docker.yml +++ b/.github/workflows/processes-worker-docker.yml @@ -73,7 +73,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-processes-worker + file: ./docker/Dockerfile-credential-issuer-processes-worker platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -88,4 +88,4 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - readme-filepath: "./docker/notice-credential-issuer-processes-worker.md" + readme-filepath: ./docker/notice-credential-issuer-processes-worker.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 650045c4..560168d4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,255 +20,159 @@ name: Release on: - push: - tags: - - 'v*.*.*' workflow_dispatch: - -env: - IMAGE_NAMESPACE: "tractusx" - IMAGE_NAME_SERVICE: "ssi-credential-issuer-service" - IMAGE_NAME_MIGRATIONS: "ssi-credential-issuer-migrations" - IMAGE_NAME_WORKER: "ssi-credential-issuer-processes-worker" - IMAGE_NAME_EXPIRY: "ssi-credential-expiry-app" + push: + paths: + - 'charts/**' + branches: + - main jobs: - service-release: - runs-on: ubuntu-latest + release-helm-chart: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token permissions: - packages: write - - steps:actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} + fetch-depth: 0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Install Helm + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 - # Create SemVer or ref tags dependent of trigger event - - name: Docker meta - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_SERVICE }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - - - name: Build and push Docker image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 - with: - context: . - file: docker/Dockerfile-credential-issuer-service - platforms: linux/amd64, linux/arm64 - pull: true - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + - name: Update helm dependencies for ssi-credential-issuer + run: | + cd charts/ssi-credential-issuer + helm repo add bitnami https://charts.bitnami.com/bitnami + helm dependency update - # https://github.com/peter-evans/dockerhub-description - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 - with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_SERVICE }} - readme-filepath: "./docker/notice-credential-issuer-service.md" + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.4.1 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_SKIP_EXISTING: "true" - migrations-release: - runs-on: ubuntu-latest + release-images: + needs: release-helm-chart permissions: contents: read - - steps:actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' + runs-on: ubuntu-latest + strategy: + matrix: + include: + - image: tractusx/ssi-credential-issuer-service + dockerfile: ./docker/Dockerfile-credential-issuer-service + dockernotice: ./docker/notice-credential-issuer-service.md + - image: tractusx/ssi-credential-issuer-migrations + dockerfile: ./docker/Dockerfile-credential-issuer-migrations + dockernotice: ./docker/notice-credential-issuer-migrations.md + - image: tractusx/ssi-credential-issuer-processes-worker + dockerfile: ./docker/Dockerfile-credential-issuer-processes-worker + dockernotice: ./docker/notice-credential-issuer-processes-worker.md + - image: tractusx/ssi-credential-expiry-app + dockerfile: ./docker/Dockerfile-credential-expiry-app + dockernotice: ./docker/notice-credential-expiry-app.md + outputs: + app-version: ${{ steps.app-version.outputs.current }} + version-check: ${{ steps.version-check.outputs.exists }} + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Get current appVersion + id: app-version + run: | + current=$(cat ./charts/ssi-credential-issuer/Chart.yaml | grep "appVersion:" | head -1 | cut -d ":" -d " " -f2) + echo "current=$current" >> $GITHUB_OUTPUT + echo "Exported $current appVersion" + + - name: Check for previous version + id: version-check + run: | + exists=$(git tag -l "v${{ steps.app-version.outputs.current }}") + if [[ -n "$exists" ]]; then + echo "exists=true" >> $GITHUB_OUTPUT + else + echo "exists=false" >> $GITHUB_OUTPUT + fi + + - name: Login to GitHub Container Registry uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} + if: steps.version-check.outputs.exists == 'false' - name: Set up Docker Buildx uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + if: steps.version-check.outputs.exists == 'false' - name: Set up QEMU uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + if: steps.version-check.outputs.exists == 'false' # Create SemVer or ref tags dependent of trigger event - name: Docker meta id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_MIGRATIONS }} + images: ${{ matrix.image }} # Automatically prepare image tags; See action docs for more examples. # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - - - name: Build and push Docker image + tags: | + type=ref,event=branch + type=ref,event=pr + type=raw,value=latest + type=semver,pattern={{version}},value=${{ steps.app-version.outputs.current }} + type=semver,pattern={{major}},value=${{ steps.app-version.outputs.current }} + type=semver,pattern={{major}}.{{minor}},value=${{ steps.app-version.outputs.current }} + if: steps.version-check.outputs.exists == 'false' + + - name: Build and push Docker images uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-migrations + file: ${{ matrix.dockerfile }} platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + if: steps.version-check.outputs.exists == 'false' # https://github.com/peter-evans/dockerhub-description - name: Update Docker Hub description - if: github.event_name != 'pull_request' uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_MIGRATIONS }} - readme-filepath: "./docker/notice-credential-issuer-migrations.md" + repository: ${{ matrix.image }} + readme-filepath: ${{ matrix.dockernotice }} + if: steps.version-check.outputs.exists == 'false' - expiry-release: - runs-on: ubuntu-latest + create-tag: + needs: release-images permissions: - contents: read - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - # Create SemVer or ref tags dependent of trigger event - - name: Docker meta - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_EXPIRY }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - - - name: Build and push Docker image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 - with: - context: . - file: docker/Dockerfile-credential-expiry-app - platforms: linux/amd64, linux/arm64 - pull: true - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - # https://github.com/peter-evans/dockerhub-description - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 - with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_EXPIRY }} - readme-filepath: "./docker/notice-credential-expiry-app.md" - - worker-release: + contents: write runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - # Create SemVer or ref tags dependent of trigger event - - name: Docker meta - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_WORKER }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - - - name: Build and push Docker image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 - with: - context: . - file: docker/Dockerfile-credential-issuer-processes-worker - platforms: linux/amd64, linux/arm64 - pull: true - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + fetch-depth: 0 - # https://github.com/peter-evans/dockerhub-description - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 - with: - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_WORKER }} - readme-filepath: "./docker/notice-credential-issuer-processes-worker.md" + - name: Create and push git tag + run: | + git tag v${{ needs.release-images.outputs.app-version }} + git push origin v${{ needs.release-images.outputs.app-version }} + if: needs.release-images.outputs.version-check == 'false' diff --git a/.github/workflows/release_candidate.yml b/.github/workflows/release_candidate.yml index bd1fee65..af8241a1 100644 --- a/.github/workflows/release_candidate.yml +++ b/.github/workflows/release_candidate.yml @@ -68,7 +68,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-service + file: ./docker/Dockerfile-credential-issuer-service platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -120,7 +120,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-migrations + file: ./docker/Dockerfile-credential-issuer-migrations platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -172,7 +172,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-expiry-app + file: ./docker/Dockerfile-credential-expiry-app platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -224,7 +224,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-processes-worker + file: ./docker/Dockerfile-credential-issuer-processes-worker platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/service-docker.yml b/.github/workflows/service-docker.yml index d526715f..76f01b1e 100644 --- a/.github/workflows/service-docker.yml +++ b/.github/workflows/service-docker.yml @@ -73,7 +73,7 @@ jobs: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: context: . - file: docker/Dockerfile-credential-issuer-service + file: ./docker/Dockerfile-credential-issuer-service platforms: linux/amd64, linux/arm64 pull: true push: ${{ github.event_name != 'pull_request' }} @@ -88,4 +88,4 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - readme-filepath: "./docker/notice-credential-issuer-service.md" + readme-filepath: ./docker/notice-credential-issuer-service.md diff --git a/charts/ssi-credential-issuer/Chart.yaml b/charts/ssi-credential-issuer/Chart.yaml index 678f6b2d..4a92b2df 100644 --- a/charts/ssi-credential-issuer/Chart.yaml +++ b/charts/ssi-credential-issuer/Chart.yaml @@ -22,7 +22,7 @@ name: ssi-credential-issuer type: application version: 1.0.0-rc.1 appVersion: 1.0.0-rc.1 -description: Helm chart for Catena-X SSI Credential Issuer +description: Helm chart for SSI Credential Issuer home: https://github.com/eclipse-tractusx/ssi-credential-issuer dependencies: - condition: postgresql.enabled diff --git a/charts/ssi-credential-issuer/templates/_helpers.tpl b/charts/ssi-credential-issuer/templates/_helpers.tpl index 82f4dc42..39905154 100644 --- a/charts/ssi-credential-issuer/templates/_helpers.tpl +++ b/charts/ssi-credential-issuer/templates/_helpers.tpl @@ -1,3 +1,22 @@ +{{- /* +* Copyright (c) 2024 Contributors to the Eclipse Foundation +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + {{/* Expand the name of the chart. */}} diff --git a/charts/ssi-credential-issuer/values.yaml b/charts/ssi-credential-issuer/values.yaml index c2fec2fb..3e84ee0a 100644 --- a/charts/ssi-credential-issuer/values.yaml +++ b/charts/ssi-credential-issuer/values.yaml @@ -217,8 +217,6 @@ externalDatabase: password: "" # -- Secret containing the password non-root username, (default 'issuer'). existingSecret: "issuer-external-db" - # -- Name of an existing secret key containing the database credentials. - existingSecretPasswordKey: "password" # -- Provide details about centralidp (CX IAM) Keycloak instance. centralidp: