diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml index 47bafb3a..07347afe 100644 --- a/.github/workflows/chart-verification.yml +++ b/.github/workflows/chart-verification.yml @@ -156,6 +156,7 @@ jobs: context: . push: true tags: kind-registry:5000/miw:testing + file: ./miw/Dockerfile - uses: actions/setup-python@v4 with: @@ -230,6 +231,7 @@ jobs: charts/managed-identity-wallet \ -n apps \ --wait \ + --timeout 10m \ --set image.tag=testing \ --set image.repository=kind-registry:5000/miw # only run if this is not a PR -OR- if there are new versions available diff --git a/.github/workflows/dast-scan.yaml b/.github/workflows/dast-scan.yaml index 24364172..afe6a25f 100644 --- a/.github/workflows/dast-scan.yaml +++ b/.github/workflows/dast-scan.yaml @@ -77,6 +77,7 @@ jobs: context: . push: true tags: kind-registry:5000/miw:testing + file: ./miw/Dockerfile - name: Install the chart on KinD cluster run: helm install -n apps --create-namespace --wait --set image.tag=testing --set=image.repository=kind-registry:5000/miw testing charts/managed-identity-wallet diff --git a/.github/workflows/release-miw.yml b/.github/workflows/release-miw.yml index 2e79820a..358984fe 100644 --- a/.github/workflows/release-miw.yml +++ b/.github/workflows/release-miw.yml @@ -16,250 +16,251 @@ # SPDX-License-Identifier: Apache-2.0 --- -name: Semantic Release - MIW -on: - push: - paths: - - 'miw/src/**' - - 'miw/build.gradle/**' - - 'wallet-commons/src/**' - - 'build.gradle' - - 'gradle.properties' - - 'settings.gradle' - branches: - - main - - develop - pull_request: - paths: - - 'miw/src/**' - - 'miw/build.gradle/**' - - 'wallet-commons/src/**' - - 'build.gradle' - - 'gradle.properties' - - 'settings.gradle' - branches: - - main - - develop - -env: - IMAGE_NAMESPACE: "tractusx" - IMAGE_NAME: "managed-identity-wallet" - -jobs: - - semantic_release: - name: Repository Release - runs-on: ubuntu-latest - permissions: - # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs - contents: write - pull-requests: write - packages: write - outputs: - next_release: ${{ steps.semantic-release.outputs.next_release }} - will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v2 - - - name: Setup Helm - uses: azure/setup-helm@v4.1.0 - - - name: Setup JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - # setup helm-docs as it is needed during semantic-release - - uses: gabe565/setup-helm-docs-action@v1 - name: Setup helm-docs - if: github.event_name != 'pull_request' - with: - version: v1.11.3 - - - name: Run semantic release - id: semantic-release - if: github.event_name != 'pull_request' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com - GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com - run: | - npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release - - - name: Run semantic release (dry run) - if: github.event_name == 'pull_request' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com - GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com - run: | - npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run - - - name: Execute Gradle build - run: ./gradlew build - - - name: Upload build artifact - uses: actions/upload-artifact@v4 - with: - name: build - path: ./miw/build - if-no-files-found: error - retention-days: 1 - - - name: Upload Helm chart artifact - uses: actions/upload-artifact@v4 - with: - name: charts - path: ./charts - if-no-files-found: error - retention-days: 1 - - - name: Report semantic-release outputs - run: | - echo "::notice::${{ env.next_release }}" - echo "::notice::${{ env.will_create_new_release }}" - - - name: Upload jar to GitHub release - if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }} - run: | - echo "::notice::Uploading jar to GitHub release" - gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar - - docker: - name: Docker Release - needs: semantic_release - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Download build artifact - uses: actions/download-artifact@v4 - with: - name: build - path: ./miw/build - - - name: Download Helm chart artifact - uses: actions/download-artifact@v4 - with: - name: charts - path: ./charts - - # Create SemVer or ref tags dependent of trigger event - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }} - type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }} - type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - - - name: DockerHub login - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - # Use existing DockerHub credentials present as secrets - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Push image - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - file: ./miw/Dockerfile - - # https://github.com/peter-evans/dockerhub-description - # Important step to push image description to DockerHub - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@v3 - with: - # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' - readme-filepath: Docker-hub-notice.md - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - - helm: - name: Helm Release - needs: semantic_release - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Download Helm chart artifact - uses: actions/download-artifact@v4 - with: - name: charts - path: ./charts - - - name: Install Helm - uses: azure/setup-helm@v4.1.0 - - - name: Add Helm dependency repositories - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Release chart - if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' - run: | - # Package MIW chart - helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-) - echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV - - # Commit and push to gh-pages - git add helm-charts - git stash -- helm-charts - git reset --hard - git fetch origin - git checkout gh-pages - git stash pop - - # Generate helm repo index.yaml - helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/ - git add index.yaml - - git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}" - - git push origin gh-pages - - - name: Upload chart to GitHub release - if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }} - HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }} - run: | - echo "::notice::Uploading chart to GitHub release" - gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH" + name: Semantic Release - MIW + on: + push: + paths: + - 'miw/src/**' + - 'miw/build.gradle/**' + - 'wallet-commons/src/**' + - 'build.gradle' + - 'gradle.properties' + - 'settings.gradle' + branches: + - main + - develop + pull_request: + paths: + - 'miw/src/**' + - 'miw/build.gradle/**' + - 'wallet-commons/src/**' + - 'build.gradle' + - 'gradle.properties' + - 'settings.gradle' + branches: + - main + - develop + + env: + IMAGE_NAMESPACE: "tractusx" + IMAGE_NAME: "managed-identity-wallet" + + jobs: + + semantic_release: + name: Repository Release + runs-on: ubuntu-latest + permissions: + # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs + contents: write + pull-requests: write + packages: write + outputs: + next_release: ${{ steps.semantic-release.outputs.next_release }} + will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Validate Gradle wrapper + uses: gradle/wrapper-validation-action@v2 + + - name: Setup Helm + uses: azure/setup-helm@v4.1.0 + + - name: Setup JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + # setup helm-docs as it is needed during semantic-release + - uses: gabe565/setup-helm-docs-action@v1 + name: Setup helm-docs + if: github.event_name != 'pull_request' + with: + version: v1.11.3 + + - name: Run semantic release + id: semantic-release + if: github.event_name != 'pull_request' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com + GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com + run: | + npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release + + - name: Run semantic release (dry run) + if: github.event_name == 'pull_request' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com + GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com + run: | + npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run + + - name: Execute Gradle build + run: ./gradlew build + + - name: Upload build artifact + uses: actions/upload-artifact@v4 + with: + name: build + path: ./miw/build + if-no-files-found: error + retention-days: 1 + + - name: Upload Helm chart artifact + uses: actions/upload-artifact@v4 + with: + name: charts + path: ./charts + if-no-files-found: error + retention-days: 1 + + - name: Report semantic-release outputs + run: | + echo "::notice::${{ env.next_release }}" + echo "::notice::${{ env.will_create_new_release }}" + + - name: Upload jar to GitHub release + if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }} + run: | + echo "::notice::Uploading jar to GitHub release" + gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar + + docker: + name: Docker Release + needs: semantic_release + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Download build artifact + uses: actions/download-artifact@v4 + with: + name: build + path: ./miw/build + + - name: Download Helm chart artifact + uses: actions/download-artifact@v4 + with: + name: charts + path: ./charts + + # Create SemVer or ref tags dependent of trigger event + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Automatically prepare image tags; See action docs for more examples. + # semver patter will generate tags like these for example :1 :1.2 :1.2.3 + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }} + type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }} + type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }} + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} + + - name: DockerHub login + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + # Use existing DockerHub credentials present as secrets + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Push image + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + file: ./miw/Dockerfile + + # https://github.com/peter-evans/dockerhub-description + # Important step to push image description to DockerHub + - name: Update Docker Hub description + if: github.event_name != 'pull_request' + uses: peter-evans/dockerhub-description@v3 + with: + # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' + readme-filepath: Docker-hub-notice.md + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + + helm: + name: Helm Release + needs: semantic_release + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download Helm chart artifact + uses: actions/download-artifact@v4 + with: + name: charts + path: ./charts + + - name: Install Helm + uses: azure/setup-helm@v4.1.0 + + - name: Add Helm dependency repositories + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Release chart + if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' + run: | + # Package MIW chart + helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-) + echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV + + # Commit and push to gh-pages + git add helm-charts + git stash -- helm-charts + git reset --hard + git fetch origin + git checkout gh-pages + git stash pop + + # Generate helm repo index.yaml + helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/ + git add index.yaml + + git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}" + + git push origin gh-pages + + - name: Upload chart to GitHub release + if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }} + HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }} + run: | + echo "::notice::Uploading chart to GitHub release" + gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH" + \ No newline at end of file diff --git a/.github/workflows/release-revocation.yml b/.github/workflows/release-revocation.yml index 2eeafee7..3a95fa1c 100644 --- a/.github/workflows/release-revocation.yml +++ b/.github/workflows/release-revocation.yml @@ -16,250 +16,251 @@ # SPDX-License-Identifier: Apache-2.0 --- -name: Semantic Release - Revocation Service -on: - push: - paths: - - 'revocation-service/src/**' - - 'revocation-service/build.gradle/**' - - 'wallet-commons/src/**' - - 'build.gradle' - - 'gradle.properties' - - 'settings.gradle' - branches: - - main - - develop - pull_request: - paths: - - 'revocation-service/src/**' - - 'revocation-service/build.gradle/**' - - 'wallet-commons/src/**' - - 'build.gradle' - - 'gradle.properties' - - 'settings.gradle' - branches: - - main - - develop - -env: - IMAGE_NAMESPACE: "tractusx" - IMAGE_NAME: "credential-revocation-service" - -jobs: - - semantic_release: - name: Repository Release - runs-on: ubuntu-latest - permissions: - # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs - contents: write - pull-requests: write - packages: write - outputs: - next_release: ${{ steps.semantic-release.outputs.next_release }} - will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Validate Gradle wrapper - uses: gradle/wrapper-validation-action@v2 - - - name: Setup Helm - uses: azure/setup-helm@v4.1.0 - - - name: Setup JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - # setup helm-docs as it is needed during semantic-release - - uses: gabe565/setup-helm-docs-action@v1 - name: Setup helm-docs - if: github.event_name != 'pull_request' - with: - version: v1.11.3 - - - name: Run semantic release - id: semantic-release - if: github.event_name != 'pull_request' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com - GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com - run: | - npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release - - - name: Run semantic release (dry run) - if: github.event_name == 'pull_request' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com - GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com - run: | - npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run - - - name: Execute Gradle build - run: ./gradlew build - - - name: Upload build artifact - uses: actions/upload-artifact@v4 - with: - name: build - path: ./revocation-service/build - if-no-files-found: error - retention-days: 1 - - - name: Upload Helm chart artifact - uses: actions/upload-artifact@v4 - with: - name: charts - path: ./charts - if-no-files-found: error - retention-days: 1 - - - name: Report semantic-release outputs - run: | - echo "::notice::${{ env.next_release }}" - echo "::notice::${{ env.will_create_new_release }}" - - - name: Upload jar to GitHub release - if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }} - run: | - echo "::notice::Uploading jar to GitHub release" - gh release upload "v$RELEASE_VERSION" ./revocation-service/build/libs/revocation-service-latest.jar - - docker: - name: Docker Release - needs: semantic_release - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Download build artifact - uses: actions/download-artifact@v4 - with: - name: build - path: ./revocation-service/build - - - name: Download Helm chart artifact - uses: actions/download-artifact@v4 - with: - name: charts - path: ./charts - - # Create SemVer or ref tags dependent of trigger event - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }} - type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }} - type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - - - name: DockerHub login - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - # Use existing DockerHub credentials present as secrets - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Push image - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - file: ./revocation-service/Dockerfile - - # https://github.com/peter-evans/dockerhub-description - # Important step to push image description to DockerHub - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@v3 - with: - # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' - readme-filepath: Docker-hub-notice.md - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - - helm: - name: Helm Release - needs: semantic_release - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Download Helm chart artifact - uses: actions/download-artifact@v4 - with: - name: charts - path: ./charts - - - name: Install Helm - uses: azure/setup-helm@v4.1.0 - - - name: Add Helm dependency repositories - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Release chart - if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' - run: | - # Package Revocation-service chart,this will not work as we do not have any chart there - helm_package_path=$(helm package -u -d helm-charts ./charts/revocation-service | grep -o 'to: .*' | cut -d' ' -f2-) - echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV - - # Commit and push to gh-pages - git add helm-charts - git stash -- helm-charts - git reset --hard - git fetch origin - git checkout gh-pages - git stash pop - - # Generate helm repo index.yaml - helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/ - git add index.yaml - - git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}" - - git push origin gh-pages - - - name: Upload chart to GitHub release - if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }} - HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }} - run: | - echo "::notice::Uploading chart to GitHub release" - gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH" + name: Semantic Release - Revocation Service + on: + push: + paths: + - 'revocation-service/src/**' + - 'revocation-service/build.gradle/**' + - 'wallet-commons/src/**' + - 'build.gradle' + - 'gradle.properties' + - 'settings.gradle' + branches: + - main + - develop + pull_request: + paths: + - 'revocation-service/src/**' + - 'revocation-service/build.gradle/**' + - 'wallet-commons/src/**' + - 'build.gradle' + - 'gradle.properties' + - 'settings.gradle' + branches: + - main + - develop + + env: + IMAGE_NAMESPACE: "tractusx" + IMAGE_NAME: "credential-revocation-service" + + jobs: + + semantic_release: + name: Repository Release + runs-on: ubuntu-latest + permissions: + # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs + contents: write + pull-requests: write + packages: write + outputs: + next_release: ${{ steps.semantic-release.outputs.next_release }} + will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Validate Gradle wrapper + uses: gradle/wrapper-validation-action@v2 + + - name: Setup Helm + uses: azure/setup-helm@v4.1.0 + + - name: Setup JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + # setup helm-docs as it is needed during semantic-release + - uses: gabe565/setup-helm-docs-action@v1 + name: Setup helm-docs + if: github.event_name != 'pull_request' + with: + version: v1.11.3 + + - name: Run semantic release + id: semantic-release + if: github.event_name != 'pull_request' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com + GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com + run: | + npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release + + - name: Run semantic release (dry run) + if: github.event_name == 'pull_request' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com + GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com + run: | + npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run + + - name: Execute Gradle build + run: ./gradlew build + + - name: Upload build artifact + uses: actions/upload-artifact@v4 + with: + name: build + path: ./revocation-service/build + if-no-files-found: error + retention-days: 1 + + - name: Upload Helm chart artifact + uses: actions/upload-artifact@v4 + with: + name: charts + path: ./charts + if-no-files-found: error + retention-days: 1 + + - name: Report semantic-release outputs + run: | + echo "::notice::${{ env.next_release }}" + echo "::notice::${{ env.will_create_new_release }}" + + - name: Upload jar to GitHub release + if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }} + run: | + echo "::notice::Uploading jar to GitHub release" + gh release upload "v$RELEASE_VERSION" ./revocation-service/build/libs/revocation-service-latest.jar + + docker: + name: Docker Release + needs: semantic_release + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Download build artifact + uses: actions/download-artifact@v4 + with: + name: build + path: ./revocation-service/build + + - name: Download Helm chart artifact + uses: actions/download-artifact@v4 + with: + name: charts + path: ./charts + + # Create SemVer or ref tags dependent of trigger event + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Automatically prepare image tags; See action docs for more examples. + # semver patter will generate tags like these for example :1 :1.2 :1.2.3 + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }} + type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }} + type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }} + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} + + - name: DockerHub login + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + # Use existing DockerHub credentials present as secrets + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Push image + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + file: ./revocation-service/Dockerfile + + # https://github.com/peter-evans/dockerhub-description + # Important step to push image description to DockerHub + - name: Update Docker Hub description + if: github.event_name != 'pull_request' + uses: peter-evans/dockerhub-description@v3 + with: + # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' + readme-filepath: Docker-hub-notice.md + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + + helm: + name: Helm Release + needs: semantic_release + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download Helm chart artifact + uses: actions/download-artifact@v4 + with: + name: charts + path: ./charts + + - name: Install Helm + uses: azure/setup-helm@v4.1.0 + + - name: Add Helm dependency repositories + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Release chart + if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' + run: | + # Package Revocation-service chart,this will not work as we do not have any chart there + helm_package_path=$(helm package -u -d helm-charts ./charts/revocation-service | grep -o 'to: .*' | cut -d' ' -f2-) + echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV + + # Commit and push to gh-pages + git add helm-charts + git stash -- helm-charts + git reset --hard + git fetch origin + git checkout gh-pages + git stash pop + + # Generate helm repo index.yaml + helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/ + git add index.yaml + + git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}" + + git push origin gh-pages + + - name: Upload chart to GitHub release + if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }} + HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }} + run: | + echo "::notice::Uploading chart to GitHub release" + gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH" + \ No newline at end of file diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock index 2fd40018..259b055b 100644 --- a/charts/managed-identity-wallet/Chart.lock +++ b/charts/managed-identity-wallet/Chart.lock @@ -12,4 +12,4 @@ dependencies: repository: file://charts/pgadmin4 version: 1.19.0 digest: sha256:886b90f763f2320a1601e15b06264065a764f51fc34d592c0f0a08bd76f01635 -generated: "2024-08-22T18:04:25.649769241+05:30" +generated: "2024-09-11T11:53:55.835418982+05:30" diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index fb5ba79c..c157e1e5 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -1,6 +1,6 @@ -# Managed Identity Wallet - Verifiable Credential Revocation Service +# managed-identity-wallet ![Version: 1.0.0-develop.4](https://img.shields.io/badge/Version-1.0.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-develop.4](https://img.shields.io/badge/AppVersion-1.0.0--develop.4-informational?style=flat-square) @@ -41,9 +41,9 @@ And at the same it shall support an uninterrupted tracking and tracing and docum ### Install Chart - helm install [RELEASE_NAME] charts/managed-identity-wallet + helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet - #This will spin up the container for Managed Identity Wallet application, Verifiable Credential Revocation Service application, Keycloak and Postgresql + helm install [RELEASE_NAME] tractusx-stable/managed-identity-wallet

(back to top)

@@ -75,179 +75,183 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document ## Requirements -| Repository | Name | Version | -| ---------------------------------- | ---------- | ------- | -| file://charts/pgadmin4 | pgadmin4 | 1.19.0 | -| https://charts.bitnami.com/bitnami | common | 2.x.x | -| https://charts.bitnami.com/bitnami | keycloak | 15.1.6 | +| Repository | Name | Version | +|------------|------|---------| +| file://charts/pgadmin4 | pgadmin4 | 1.19.0 | +| https://charts.bitnami.com/bitnami | common | 2.x.x | +| https://charts.bitnami.com/bitnami | keycloak | 15.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |

(back to top)

## Values -| Key | Type | Default | Description | -| ------------------------------------------------ | ------ | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| affinity | object | `{}` | Affinity configuration | -| envs | object | `{}` | envs Parameters for the application (will be provided as environment variables) | -| extraVolumeMounts | list | `[]` | add volume mounts to the miw deployment | -| extraVolumes | list | `[]` | add volumes to the miw deployment | -| fullnameOverride | string | `""` | String to fully override common.names.fullname template | -| image.pullPolicy | string | `"Always"` | PullPolicy | -| image.repository | string | `"tractusx/managed-identity-wallet"` | Image repository | -| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) | -| ingress.annotations | object | `{}` | Ingress annotations | -| ingress.enabled | bool | `false` | Enable ingress controller resource | -| ingress.hosts | list | `[]` | Ingress accepted hostnames | -| ingress.tls | list | `[]` | Ingress TLS configuration | -| initContainers | list | `[]` | add initContainers to the miw deployment | -| keycloak.auth.adminPassword | string | `""` | Keycloak admin password | -| keycloak.auth.adminUser | string | `"admin"` | Keycloak admin user | -| keycloak.enabled | bool | `true` | Enable to deploy Keycloak | -| keycloak.extraEnvVars | list | `[]` | Extra environment variables | -| keycloak.ingress.annotations | object | `{}` | | -| keycloak.ingress.enabled | bool | `false` | | -| keycloak.ingress.hosts | list | `[]` | | -| keycloak.ingress.tls | list | `[]` | | -| keycloak.keycloakConfigCli.backoffLimit | int | `2` | Number of retries before considering a Job as failed | -| keycloak.keycloakConfigCli.enabled | bool | `true` | Enable to create the miw playground realm | -| keycloak.keycloakConfigCli.existingConfigmap | string | `"keycloak-realm-config"` | Existing configmap name for the realm configuration | -| keycloak.postgresql.auth.database | string | `"miw_keycloak"` | Database name | -| keycloak.postgresql.auth.password | string | `""` | KeycloakPostgresql password to set (if empty one is generated) | -| keycloak.postgresql.auth.username | string | `"miw_keycloak"` | Keycloak PostgreSQL user | -| keycloak.postgresql.enabled | bool | `true` | Enable to deploy PostgreSQL | -| keycloak.postgresql.nameOverride | string | `"keycloak-postgresql"` | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too. | -| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all | -| livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. | -| livenessProbe.initialDelaySeconds | int | `20` | Number of seconds after the container has started before readiness probe are initiated. | -| livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe | -| livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. | -| miw.authorityWallet.bpn | string | `"BPNL000000000000"` | Authority Wallet BPNL | -| miw.authorityWallet.name | string | `""` | Authority Wallet Name | -| miw.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key | -| miw.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key | -| miw.database.encryptionKey.value | string | `""` | Database encryption key for confidential data. Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated. | -| miw.database.host | string | `"{{ .Release.Name }}-postgresql"` | Database host | -| miw.database.name | string | `"miw_app"` | Database name | -| miw.database.port | int | `5432` | Database port | -| miw.database.secret | string | `"{{ .Release.Name }}-postgresql"` | Existing secret name for the database password | -| miw.database.secretPasswordKey | string | `""` | Existing secret key for the database password | -| miw.database.useSSL | bool | `false` | Set to true to enable SSL connection to the database | -| miw.database.user | string | `"miw"` | Database user | -| miw.environment | string | `"dev"` | Runtime environment. Should be ether local, dev, int or prod | -| miw.host | string | `"{{ .Release.Name }}-managed-identity-wallet:8080"` | Host name | -| miw.keycloak.clientId | string | `"miw_private_client"` | Keycloak client id | -| miw.keycloak.realm | string | `"miw_test"` | Keycloak realm | -| miw.keycloak.url | string | `"http://{{ .Release.Name }}-keycloak"` | Keycloak URL | -| miw.logging.level | string | `"INFO"` | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE. | -| miw.ssi.enforceHttpsInDidWebResolution | bool | `true` | Enable to use HTTPS in DID Web Resolution | -| miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12- | -| nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) | -| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to managed-identity-wallet | -| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for miw (defaults to all namespaces) | -| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | -| pgadmin4.enabled | bool | `false` | Enable to deploy pgAdmin | -| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email | -| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) | -| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin | -| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers | -| pgadmin4.ingress.annotations | object | `{}` | | -| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress | -| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) | -| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) | -| podAnnotations | object | `{}` | PodAnnotation configuration | -| podSecurityContext | object | `{}` | PodSecurityContext | -| postgresql.auth.database | string | `"miw_app"` | Postgresql database to create | -| postgresql.auth.enablePostgresUser | bool | `false` | Enable postgresql admin user | -| postgresql.auth.password | string | `""` | Postgresql password to set (if empty one is generated) | -| postgresql.auth.postgresPassword | string | `""` | Postgresql admin user password | -| postgresql.auth.username | string | `"miw"` | Postgresql user to create | -| postgresql.backup.cronjob.schedule | string | `"* */6 * * *"` | Backup schedule | -| postgresql.backup.cronjob.storage.existingClaim | string | `""` | Name of an existing PVC to use | -| postgresql.backup.cronjob.storage.resourcePolicy | string | `"keep"` | Set resource policy to "keep" to avoid removing PVCs during a helm delete operation | -| postgresql.backup.cronjob.storage.size | string | `"8Gi"` | PVC Storage Request for the backup data volume | -| postgresql.backup.enabled | bool | `false` | Enable to create a backup cronjob | -| postgresql.enabled | bool | `true` | Enable to deploy Postgresql | -| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all | -| readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. | -| readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before readiness probe are initiated. | -| readinessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe | -| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | -| readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | -| replicaCount | int | `1` | The amount of replicas to run | -| resources.limits.cpu | int | `2` | CPU resource limits | -| resources.limits.memory | string | `"1Gi"` | Memory resource limits | -| resources.requests.cpu | string | `"250m"` | CPU resource requests | -| resources.requests.memory | string | `"500Mi"` | Memory resource requests | -| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) | -| securityContext.allowPrivilegeEscalation | bool | `false` | Allow privilege escalation | -| securityContext.privileged | bool | `false` | Enable privileged container | -| securityContext.runAsGroup | int | `11111` | Group ID used to run the container | -| securityContext.runAsNonRoot | bool | `true` | Enable to run the container as a non-root user | -| securityContext.runAsUser | int | `11111` | User ID used to run the container | -| service.port | int | `8080` | Kubernetes Service port | -| service.type | string | `"ClusterIP"` | Kubernetes Service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the ServiceAccount | -| serviceAccount.create | bool | `true` | Enable creation of ServiceAccount | -| serviceAccount.name | string | `""` | The name of the ServiceAccount to use. | -| tolerations | list | `[]` | Tolerations configuration | -| vcrs.replicaCount | int | `1` | Number of replicas to run | -| vcrs.url | string | `"https://example.com"` | Application URL | -| vcrs.vcContexts | string | `"https://www.w3.org/2018/credentials/v1, https://w3id.org/vc/status-list/2021/v1"` | App VC context | -| vcrs.domain.url | string | `"https://example.com"` | App domain | -| vcrs.domain.host | string | `"localhost"` | The application name | -| vcrs.appName | string | `"verifiable-credential-revocation-service"` | The configmap name | -| vcrs.appPort | string | `"8081"` | The application port | -| vcrs.appProfile | string | `"local"` | The application profile | -| vcrs.applicationLogLevel | string | `"DEBUG"` | The application log level | -| vcrs.configName | string | `"verifiable-credential-revocation-service-config"` | The service name | -| vcrs.serviceName | string | `"verifiable-credential-revocation-service"` | The secret name | -| vcrs.secretName | string | `"verifiable-credential-revocation-service-secret"` | The secret name | -| vcrs.ingressName | string | `"verifiable-credential-revocation-service-ingress"` | Ingress name | -| vcrs.image.repository | string | `"docker.io/example"` | Image repository | -| vcrs.image.pullPolicy | string | `"IfNotPresent"` | PullPolicy | -| vcrs.image.tag | string | `"latest"` | Image tag (empty one will use "appVersion" value from chart definition) | -| vcrs.resources.requests.cpu | string | `"250m"` | CPU resource requests | -| vcrs.resources.requests.memory | string | `"512Mi"` | Memory resource requests | -| vcrs.resources.limits.cpu | string | `"500m"` | CPU resource limits | -| vcrs.resources.limits.memory | string | `"1Gi"` | Memory resource limits | -| vcrs.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe | -| vcrs.livenessProbe.failureThreshold | int | `5` | Failure threshold for liveness probe | -| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Initial delay before liveness probe starts | -| vcrs.livenessProbe.timeoutSeconds | int | `30` | Timeout for liveness probe | -| vcrs.livenessProbe.periodSeconds | int | `15` | How often to perform liveness probe | -| vcrs.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe | -| vcrs.readinessProbe.failureThreshold | int | `5` | Failure threshold for readiness probe | -| vcrs.readinessProbe.initialDelaySeconds | int | `60` | Initial delay before readiness probe starts | -| vcrs.readinessProbe.timeoutSeconds | int | `15` | Timeout for readiness probe | -| vcrs.readinessProbe.periodSeconds | int | `15` | How often to perform readiness probe | -| vcrs.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful | -| vcrs.ingress.enabled | bool | `false` | Enable to deploy ingress | -| vcrs.ingress.tls | bool | `false` | TLS configuration for ingress | -| vcrs.ingress.urlPrefix | string | `/` | URL prefix for ingress | -| vcrs.ingress.className | string | `"nginx"` | Ingress class name | -| vcrs.ingress.annotations | object | `{}` | Ingress annotations | -| vcrs.ingress.service.type | string | `"ClusterIP"` | Kubernetes Service type | -| vcrs.ingress.service.port | int | `8081` | Kubernetes Service port | -| vcrs.database.databaseHost | string | `"managed-identity-wallet-postgresql"` | The Database Host | -| vcrs.database.databasePort | int | `5432` | The Database Port | -| vcrs.database.databaseName | string | `"vcrs_app"` | The Database Name | -| vcrs.database.databaseUseSSL | bool | `false` | The Database SSL | -| vcrs.database.databaseUsername | string | `"vcrs"` | The Database Username | -| vcrs.database.databaseConnectionPoolSize | int | `10` | The Database connection pool size | -| vcrs.database.databasepass | string | `""` | The Database password | -| vcrs.swagger.enableSwaggerUi | bool | `true` | Enable Swagger UI | -| vcrs.swagger.enableApiDoc | bool | `true` | Enable Swagger API Doc | -| vcrs.security.serviceSecurityEnabed | bool | `true` | Enable application security | -| vcrs.keycloak.enabled | bool | `false` | Enable Keycloak | -| vcrs.keycloak.keycloakRealm | string | `"miw_test"` | Keycloak Realm | -| vcrs.keycloak.clientId | string | `"miw_private_client"` | Keycloak Client ID | -| vcrs.keycloak.publicClientId | string | `"miw_public_client"` | Keycloak Public Client ID | -| vcrs.keycloak.authServerUrl | string | `"http://{{ .Release.Name }}-keycloak"` | Keycloak Auth Server URL | -| vcrs.logging.revocation | string | `"INFO"` | Logging method for revocation | - +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity configuration | +| envs | object | `{}` | envs Parameters for the application (will be provided as environment variables) | +| extraVolumeMounts | list | `[]` | | +| extraVolumes | list | `[]` | add volumes to the miw deployment | +| fullnameOverride | string | `""` | String to fully override common.names.fullname template | +| image.pullPolicy | string | `"Always"` | PullPolicy | +| image.repository | string | `"tractusx/managed-identity-wallet"` | Image repository | +| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) | +| imagePullSecrets | list | `[]` | | +| ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"tls":[]}` | Ingress Configuration | +| ingress.annotations | object | `{}` | Ingress annotations | +| ingress.enabled | bool | `false` | Enable ingress controller resource | +| ingress.hosts | list | `[]` | Ingress accepted hostnames | +| ingress.tls | list | `[]` | Ingress TLS configuration | +| initContainers | list | `[]` | add initContainers to the miw deployment | +| keycloak | object | `{"auth":{"adminPassword":"","adminUser":"admin"},"enabled":true,"extraEnvVars":[],"ingress":{"annotations":{},"enabled":false,"hosts":[],"tls":[]},"keycloakConfigCli":{"backoffLimit":2,"enabled":true,"existingConfigmap":"keycloak-realm-config"},"postgresql":{"auth":{"database":"miw_keycloak","password":"defaultpassword","username":"miw_keycloak"},"enabled":true,"nameOverride":"keycloak-postgresql","volumePermissions":{"enabled":true}}}` | Values for KEYCLOAK | +| keycloak.auth.adminPassword | string | `""` | Keycloak admin password | +| keycloak.auth.adminUser | string | `"admin"` | Keycloak admin user | +| keycloak.enabled | bool | `true` | Enable to deploy Keycloak | +| keycloak.extraEnvVars | list | `[]` | Extra environment variables | +| keycloak.ingress.annotations | object | `{}` | Ingress annotations | +| keycloak.ingress.enabled | bool | `false` | Enable ingress controller resource | +| keycloak.ingress.hosts | list | `[]` | Ingress accepted hostnames | +| keycloak.ingress.tls | list | `[]` | Ingress TLS configuration | +| keycloak.keycloakConfigCli.backoffLimit | int | `2` | Number of retries before considering a Job as failed | +| keycloak.keycloakConfigCli.enabled | bool | `true` | Enable to create the miw playground realm | +| keycloak.keycloakConfigCli.existingConfigmap | string | `"keycloak-realm-config"` | Existing configmap name for the realm configuration | +| keycloak.postgresql.auth.database | string | `"miw_keycloak"` | Database name | +| keycloak.postgresql.auth.password | string | `"defaultpassword"` | KeycloakPostgresql password to set (if empty one is generated) | +| keycloak.postgresql.auth.username | string | `"miw_keycloak"` | Postgresql admin user password | +| keycloak.postgresql.enabled | bool | `true` | Enable to deploy PostgreSQL | +| keycloak.postgresql.nameOverride | string | `"keycloak-postgresql"` | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too. | +| miw | object | `{"authorityWallet":{"bpn":"BPNL000000000000","name":""},"database":{"encryptionKey":{"secret":"","secretKey":"","value":""},"host":"{{ .Release.Name }}-postgresql","name":"miw_app","port":5432,"secret":"verifiable-credential-revocation-service","secretPasswordKey":"password","useSSL":false,"user":"miw"},"environment":"dev","host":"{{ .Release.Name }}-managed-identity-wallet:8080","keycloak":{"clientId":"miw_private_client","realm":"miw_test","url":"http://{{ .Release.Name }}-keycloak"},"livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15},"logging":{"level":"INFO"},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5},"ssi":{"enforceHttpsInDidWebResolution":true,"vcExpiryDate":""}}` | Values for MIW | +| miw.authorityWallet.bpn | string | `"BPNL000000000000"` | Authority Wallet BPNL | +| miw.authorityWallet.name | string | `""` | Authority Wallet Name | +| miw.database.encryptionKey | object | `{"secret":"","secretKey":"","value":""}` | Password encryption configuratons | +| miw.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key | +| miw.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key | +| miw.database.encryptionKey.value | string | `""` | Database encryption key for confidential data. Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated. | +| miw.database.host | string | `"{{ .Release.Name }}-postgresql"` | Database host | +| miw.database.name | string | `"miw_app"` | Database name | +| miw.database.port | int | `5432` | Database port | +| miw.database.secret | string | `"verifiable-credential-revocation-service"` | Existing secret name for the database password | +| miw.database.secretPasswordKey | string | `"password"` | Existing secret key for the database password | +| miw.database.useSSL | bool | `false` | Set to true to enable SSL connection to the database | +| miw.database.user | string | `"miw"` | Database user | +| miw.environment | string | `"dev"` | Runtime environment. Should be ether local, dev, int or prod | +| miw.host | string | `"{{ .Release.Name }}-managed-identity-wallet:8080"` | Host name | +| miw.keycloak.clientId | string | `"miw_private_client"` | Keycloak client id | +| miw.keycloak.realm | string | `"miw_test"` | Keycloak realm | +| miw.keycloak.url | string | `"http://{{ .Release.Name }}-keycloak"` | Keycloak URL | +| miw.livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| miw.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all | +| miw.livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. | +| miw.livenessProbe.initialDelaySeconds | int | `20` | Number of seconds after the container has started before readiness probe are initiated. | +| miw.livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe | +| miw.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. | +| miw.logging.level | string | `"INFO"` | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE. | +| miw.readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| miw.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all | +| miw.readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. | +| miw.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before readiness probe are initiated. | +| miw.readinessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe | +| miw.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| miw.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | +| miw.ssi.enforceHttpsInDidWebResolution | bool | `true` | Enable to use HTTPS in DID Web Resolution | +| miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12- | +| nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) | +| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to managed-identity-wallet | +| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for miw (defaults to all namespaces) | +| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | +| pgadmin4 | object | `{"enabled":false,"env":{"email":"admin@miw.com","password":"very-secret-password"},"extraServerDefinitions":{"enabled":true,"servers":{}},"ingress":{"annotations":{},"enabled":false,"hosts":[],"tls":[]}}` | Values for PGADMIN For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4. | +| pgadmin4.enabled | bool | `false` | Enable to deploy pgAdmin | +| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email | +| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) | +| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin | +| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers | +| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress | +| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) | +| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) | +| podAnnotations | object | `{}` | PodAnnotation configuration | +| podSecurityContext | object | `{}` | Pod security configurations | +| postgresql | object | `{"auth":{"database":"miw_app","enablePostgresUser":true,"existingSecret":"verifiable-credential-revocation-service","username":"miw"},"backup":{"cronjob":{"schedule":"* */6 * * *","storage":{"existingClaim":"","resourcePolicy":"keep","size":"8Gi"}},"enabled":false},"enabled":true,"image":{"debug":true,"tag":"16-debian-12"},"primary":{"extraVolumeMounts":[{"mountPath":"/docker-entrypoint-initdb.d/seed","name":"postgres-seed"}],"extraVolumes":[{"name":"postgres-seed","persistentVolumeClaim":{"claimName":"postgres-seed-pvc"}}],"initdb":{"password":"defaultpassword","scripts":{"init.sql":"CREATE DATABASE vcrs_app;\nCREATE USER vcrs WITH ENCRYPTED PASSWORD 'defaultpassword';\nGRANT ALL PRIVILEGES ON DATABASE vcrs_app TO vcrs;\n\\c vcrs_app\nGRANT ALL ON SCHEMA public TO vcrs;\n"},"user":"postgres"}},"volumePermissions":{"enabled":true}}` | Values for POSTGRESQL For more information on how to configure the PostgreSQL chart see https://github.com/bitnami/charts/tree/main/bitnami/postgresql. | +| postgresql.auth.database | string | `"miw_app"` | Postgresql database to create | +| postgresql.auth.enablePostgresUser | bool | `true` | Enable postgresql admin user | +| postgresql.auth.existingSecret | string | `"verifiable-credential-revocation-service"` | Postgresql root-user and non-root user secret | +| postgresql.auth.username | string | `"miw"` | Postgresql user to create | +| postgresql.backup.cronjob | object | `{"schedule":"* */6 * * *","storage":{"existingClaim":"","resourcePolicy":"keep","size":"8Gi"}}` | Cronjob Configuration | +| postgresql.backup.cronjob.schedule | string | `"* */6 * * *"` | Backup schedule | +| postgresql.backup.cronjob.storage.existingClaim | string | `""` | Name of an existing PVC to use | +| postgresql.backup.cronjob.storage.resourcePolicy | string | `"keep"` | Set resource policy to "keep" to avoid removing PVCs during a helm delete operation | +| postgresql.backup.cronjob.storage.size | string | `"8Gi"` | PVC Storage Request for the backup data volume | +| postgresql.backup.enabled | bool | `false` | Enable to create a backup cronjob | +| postgresql.enabled | bool | `true` | Enable to deploy Postgresql | +| postgresql.image.debug | bool | `true` | Debug logs | +| replicaCount | int | `1` | The amount of replicas to run | +| resources.limits.cpu | int | `2` | CPU resource limits | +| resources.limits.memory | string | `"1Gi"` | Memory resource limits | +| resources.requests.cpu | string | `"250m"` | CPU resource requests | +| resources.requests.memory | string | `"500Mi"` | Memory resource requests | +| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) | +| securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Pod security parameters | +| securityContext.allowPrivilegeEscalation | bool | `false` | Allow privilege escalation | +| securityContext.privileged | bool | `false` | Enable privileged container | +| securityContext.runAsGroup | int | `11111` | Group ID used to run the container | +| securityContext.runAsNonRoot | bool | `true` | Enable to run the container as a non-root user | +| securityContext.runAsUser | int | `11111` | User ID used to run the container | +| service.port | int | `8080` | Kubernetes Service port | +| service.type | string | `"ClusterIP"` | Kubernetes Service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the ServiceAccount | +| serviceAccount.create | bool | `true` | Enable creation of ServiceAccount | +| serviceAccount.name | string | `""` | The name of the ServiceAccount to use. | +| tolerations | list | `[]` | Tolerations configuration | +| vcrs | object | `{"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service","tag":"latest"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"250m","memory":"512Mi"}},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"serviceName":"verifiable-credential-revocation-service"}` | Values for Verifiable Credential Revocation Service application | +| vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name | +| vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key | +| vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key | +| vcrs.database.encryptionKey.value | string | `""` | Database encryption key for confidential data. Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated. | +| vcrs.env.APPLICATION_LOG_LEVEL | string | `"DEBUG"` | The application log level | +| vcrs.env.APPLICATION_NAME | string | `"verifiable-credential-revocation-service"` | The application name | +| vcrs.env.APPLICATION_PORT | int | `8081` | The application port | +| vcrs.env.APPLICATION_PROFILE | string | `"local"` | The application profile | +| vcrs.env.AUTH_SERVER_URL | string | `"http://{{ .Release.Name }}-keycloak"` | Auth URL for Keycloak | +| vcrs.env.DATABASE_CONNECTION_POOL_SIZE | int | `10` | The Database connection pool size | +| vcrs.env.DATABASE_HOST | string | `"managed-identity-wallet-postgresql"` | The Database Host | +| vcrs.env.DATABASE_NAME | string | `"vcrs_app"` | The Database Name | +| vcrs.env.DATABASE_PORT | int | `5432` | The Database Port | +| vcrs.env.DATABASE_USERNAME | string | `"vcrs"` | The Database Name | +| vcrs.env.DATABASE_USE_SSL_COMMUNICATION | bool | `false` | The Database SSL | +| vcrs.env.ENABLE_API_DOC | bool | `true` | Swagger Api Doc | +| vcrs.env.ENABLE_SWAGGER_UI | bool | `true` | Swagger UI config | +| vcrs.env.KEYCLOAK_CLIENT_ID | string | `"miw_private_client"` | ClientID Config | +| vcrs.env.KEYCLOAK_PUBLIC_CLIENT_ID | string | `"miw_public_client"` | ClientID Config | +| vcrs.env.KEYCLOAK_REALM | string | `"miw_test"` | KeyClocak Configurations | +| vcrs.env.MIW_URL | string | `"https://a888-203-129-213-107.ngrok-free.app"` | Revocation application configuration | +| vcrs.fullnameOverride | string | `"verifiable-credential-revocation-service"` | String to partially override common.names.fullname template (will maintain the release name) | +| vcrs.host | string | `"localhost"` | Revocation application configuration | +| vcrs.image.pullPolicy | string | `"IfNotPresent"` | PullPolicy | +| vcrs.image.repository | string | `"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service"` | Image repository | +| vcrs.image.tag | string | `"latest"` | Image tag (empty one will use "appVersion" value from chart definition) | +| vcrs.ingress.service.port | int | `8081` | Kubernetes Service port | +| vcrs.ingress.service.type | string | `"ClusterIP"` | Kubernetes Service type | +| vcrs.livenessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| vcrs.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all | +| vcrs.livenessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. | +| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probes are initiated. | +| vcrs.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe | +| vcrs.livenessProbe.timeoutSeconds | int | `30` | Number of seconds after which the probe times out. | +| vcrs.nameOverride | string | `"verifiable-credential-revocation-service"` | The configmap name | +| vcrs.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all | +| vcrs.readinessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. | +| vcrs.readinessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probe are initiated. | +| vcrs.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe | +| vcrs.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. | +| vcrs.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. | +| vcrs.resources.limits.cpu | string | `"500m"` | CPU resource limits | +| vcrs.resources.limits.memory | string | `"1Gi"` | Memory resource limits | +| vcrs.resources.requests.cpu | string | `"250m"` | CPU resource requests | +| vcrs.resources.requests.memory | string | `"512Mi"` | Memory resource requests | +| vcrs.secretName | string | `"verifiable-credential-revocation-service"` | The Secret name | +| vcrs.secrets.DATABASE_PASSWORD | string | `"defaultpassword"` | The Database Password | +| vcrs.secrets.password | string | `"defaultpassword"` | Postgresql password for MIW non-root User | +| vcrs.secrets.postgres-password | string | `"defaultpassword"` | Postgresql password for postgres root-user | +| vcrs.serviceName | string | `"verifiable-credential-revocation-service"` | The Service name | For more information on how to configure the Keycloak see - https://github.com/bitnami/charts/tree/main/bitnami/keycloak. @@ -315,10 +319,10 @@ when deploying the MIW in a production environment: ## Maintainers -| Name | Email | Url | -| -------------- | ---------------------------------- | ---------------------------------- | +| Name | Email | Url | +| ---- | ------ | --- | | Dominik Pinsel | | | -| Rohit Solanki | | | +| Rohit Solanki | | |

(back to top)

diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index 029f0e0a..cca4627a 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -82,7 +82,7 @@ tests: valueFrom: secretKeyRef: key: password - name: RELEASE-NAME-postgresql + name: verifiable-credential-revocation-service - name: APPLICATION_PORT value: "8080" - name: VC_EXPIRY_DATE diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml index 1e2d3d0b..42b3df29 100644 --- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -137,7 +137,7 @@ tests: valueFrom: secretKeyRef: key: password - name: RELEASE-NAME-postgresql + name: verifiable-credential-revocation-service - name: APPLICATION_PORT value: "8080" - name: VC_EXPIRY_DATE diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 327e51b1..09844c05 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -16,9 +16,8 @@ # # SPDX-License-Identifier: Apache-2.0 ############################################################### -# -# ----------------------------------------------- Values for Managed Identity Wallet ----------------------------------------------- # -# + +# -- Values for Managed Identity Wallet # -- The amount of replicas to run replicaCount: 1 # -- String to partially override common.names.fullname template (will maintain the release name) @@ -32,6 +31,7 @@ image: pullPolicy: Always # -- Image tag (empty one will use "appVersion" value from chart definition) tag: "" +imagePullSecrets: [] # -- Parameters for the application (will be stored as secrets - so, for passwords, ...) secrets: {} # -- envs Parameters for the application (will be provided as environment variables) @@ -48,8 +48,6 @@ service: type: ClusterIP # -- Kubernetes Service port port: 8080 -# -- Image pull secrets -imagePullSecrets: [] # -- Ingress Configuration ingress: # -- Enable ingress controller resource @@ -67,6 +65,7 @@ ingress: # - secretName: chart-example-tls # hosts: # - chart-example.local + className: nginx # -- Pod security configurations podSecurityContext: {} # -- Pod security parameters @@ -114,9 +113,7 @@ networkPolicy: # -- add volumes to the miw deployment extraVolumes: [] extraVolumeMounts: [] -# -# -----------------------------------------------MIW----------------------------------------------- # -# +# -- Values for MIW miw: ## @param miw.host Host name ## @param miw.logging.level Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE. @@ -150,7 +147,7 @@ miw: # -- Database name name: "miw_app" # -- Existing secret name for the database password - secret: "{{ .Release.Name }}-postgresql" + secret: "verifiable-credential-revocation-service" # -- Existing secret key for the database password secretPasswordKey: "password" # -- Password encryption configuratons @@ -194,32 +191,45 @@ miw: successThreshold: 1 # -- Number of seconds after which the probe times out. timeoutSeconds: 5 -# ----------------------------------------------- KEYCLOAK ----------------------------------------------- # -# For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak. + # For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak. +# -- Values for KEYCLOAK keycloak: # -- Enable to deploy Keycloak enabled: true # -- Extra environment variables extraEnvVars: [] - # - name: KEYCLOAK_HOSTNAME - # value: "{{ .Release.Name }}-keycloak" + # - name: KEYCLOAK_HOSTNAME + # value: "keycloak" postgresql: # -- Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too. nameOverride: "keycloak-postgresql" # -- Enable to deploy PostgreSQL enabled: true auth: - # -- Keycloak PostgreSQL user + # -- Postgresql admin user password username: "miw_keycloak" # -- KeycloakPostgresql password to set (if empty one is generated) - password: "" + password: "defaultpassword" # -- Database name database: "miw_keycloak" + volumePermissions: + enabled: true ingress: + # -- Enable ingress controller resource enabled: false + # -- Ingress annotations annotations: {} + # -- Ingress accepted hostnames hosts: [] + # - host: chart-example.local + # paths: + # - path: / + # pathType: Prefix + # -- Ingress TLS configuration tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local auth: # -- Keycloak admin user adminUser: "admin" @@ -232,20 +242,22 @@ keycloak: existingConfigmap: keycloak-realm-config # -- Number of retries before considering a Job as failed backoffLimit: 2 -# ----------------------------------------------- POSTGRESQL ----------------------------------------------- # +# -- Values for POSTGRESQL # For more information on how to configure the PostgreSQL chart see https://github.com/bitnami/charts/tree/main/bitnami/postgresql. postgresql: # -- Enable to deploy Postgresql enabled: true + image: + tag: "16-debian-12" + # -- Debug logs + debug: true auth: # -- Enable postgresql admin user enablePostgresUser: true - # -- Postgresql admin user password - postgresPassword: "adminpass" + # -- Postgresql root-user and non-root user secret + existingSecret: "verifiable-credential-revocation-service" # -- Postgresql user to create username: "miw" - # -- Postgresql password to set (if empty one is generated) - password: "adminpass" # -- Postgresql database to create database: "miw_app" # -- Creating a new database for VCRS application (Edit the DB configurations as required in configmap) @@ -259,18 +271,18 @@ postgresql: name: postgres-seed initdb: user: "postgres" - password: "adminpass" + password: "defaultpassword" scripts: init.sql: | CREATE DATABASE vcrs_app; - CREATE USER vcrs WITH ENCRYPTED PASSWORD 'adminpass'; + CREATE USER vcrs WITH ENCRYPTED PASSWORD 'defaultpassword'; GRANT ALL PRIVILEGES ON DATABASE vcrs_app TO vcrs; \c vcrs_app GRANT ALL ON SCHEMA public TO vcrs; backup: # -- Enable to create a backup cronjob enabled: false - #Cronjob Configuration + # -- Cronjob Configuration cronjob: # -- Backup schedule schedule: "* */6 * * *" @@ -284,9 +296,8 @@ postgresql: size: "8Gi" volumePermissions: enabled: true -# ----------------------------------------------- PGADMIN ----------------------------------------------- # +# -- Values for PGADMIN # For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4. -# (Here we're using a stripped-down version of the pgadmin chart, to just ) pgadmin4: # -- Enable to deploy pgAdmin enabled: false @@ -328,9 +339,7 @@ pgadmin4: subPath: servers.json mountPath: "/pgadmin4/servers.json" readOnly: true -# -# ----------------------------------------------- Values for Verifiable Credential Revocation Service application ----------------------------------------------- # -# +# -- Values for Verifiable Credential Revocation Service application vcrs: replicaCount: 1 # -- Revocation application configuration @@ -339,12 +348,12 @@ vcrs: nameOverride: "verifiable-credential-revocation-service" # -- String to partially override common.names.fullname template (will maintain the release name) fullnameOverride: "verifiable-credential-revocation-service" - # -- ConfigMap Name - configName: "verifiable-credential-revocation-service-config" + # -- ConfigMap Name + configName: "verifiable-credential-revocation-service" # -- The Service name serviceName: "verifiable-credential-revocation-service" # -- The Secret name - secretName: "verifiable-credential-revocation-service-secret" + secretName: "verifiable-credential-revocation-service" image: # -- Image repository repository: public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service @@ -360,12 +369,12 @@ vcrs: # -- The application profile APPLICATION_PROFILE: local # -- The Database Host - DATABASE_HOST: "{{ .Release.Name }}-postgresql" + DATABASE_HOST: managed-identity-wallet-postgresql # -- The Database Port DATABASE_PORT: 5432 # -- The Database Name DATABASE_NAME: vcrs_app - # -- The Database SSL + # -- The Database SSL DATABASE_USE_SSL_COMMUNICATION: false # -- The Database Name DATABASE_USERNAME: vcrs @@ -381,7 +390,7 @@ vcrs: SERVICE_SECURITY_ENABLED: true # -- KeyClocak Configurations KEYCLOAK_REALM: miw_test - # -- ClientID Config + # -- ClientID Config KEYCLOAK_CLIENT_ID: miw_private_client # -- ClientID Config KEYCLOAK_PUBLIC_CLIENT_ID: miw_public_client @@ -395,7 +404,11 @@ vcrs: APP_LOG_LEVEL: INFO secrets: # -- The Database Password - DATABASE_PASSWORD: "adminpass" + DATABASE_PASSWORD: "defaultpassword" + # -- Postgresql password for MIW non-root User + password: "defaultpassword" + # -- Postgresql password for postgres root-user + postgres-password: "defaultpassword" resources: requests: # -- CPU resource requests @@ -434,21 +447,22 @@ vcrs: # -- Number of seconds after which the probe times out. timeoutSeconds: 15 # -- ingress configuration + ingressName: "verifiable-credential-revocation-service-ingress" ingress: enabled: false - className: "nginx" - annotations: - kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" hosts: - - host: vcrs.example.org - paths: - - path: / - pathType: Prefix - tls: - - secretName: chart-example-tls - hosts: - - vcrs.example.org + # - host: chart-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local service: # -- Kubernetes Service type type: ClusterIP