Cofinity-X-Archive · nitin-vavdiya · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,250 @@
+# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+---
+
+    name: Semantic Release
+    on:
+      push:
+        branches:
+          - main
+          - develop
+      pull_request:
+        branches:
+          - main
+          - develop
+
+    env:
+      IMAGE_NAMESPACE: "tractusx"
+      IMAGE_NAME: "managed-identity-wallet"
+
+    jobs:
+
+      semantic_release:
+        name: Repository Release
+        runs-on: ubuntu-latest
+        permissions:
+          # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+          contents: write
+          pull-requests: write
+          packages: write
+        outputs:
+          next_release: ${{ steps.semantic-release.outputs.next_release }}
+          will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
+        steps:
+          - name: Checkout repository
+            uses: actions/checkout@v4
+
+          - name: Validate Gradle wrapper
+            uses: gradle/wrapper-validation-action@v2
+
+          - name: Setup Helm
+            uses: azure/[email protected]
+
+          - name: Setup JDK 17
+            uses: actions/setup-java@v4
+            with:
+              java-version: '17'
+              distribution: 'temurin'
+
+          - name: Setup Node.js
+            uses: actions/setup-node@v4
+            with:
+              node-version: 20
+
+            # setup helm-docs as it is needed during semantic-release
+          - uses: gabe565/setup-helm-docs-action@v1
+            name: Setup helm-docs
+            if: github.event_name != 'pull_request'
+            with:
+              version: v1.11.3
+
+          - name: Run semantic release
+            id: semantic-release
+            if: github.event_name != 'pull_request'
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+              GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            run: |
+              npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
+
+          - name: Run semantic release (dry run)
+            if: github.event_name == 'pull_request'
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+              GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            run: |
+              npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
+
+          - name: Execute Gradle build
+            run: ./gradlew build
+
+          - name: Upload build artifact
+            uses: actions/upload-artifact@v4
+            with:
+              name: build
+              path: ./miw/build
+              if-no-files-found: error
+              retention-days: 1
+
+          - name: Upload Helm chart artifact
+            uses: actions/upload-artifact@v4
+            with:
+              name: charts
+              path: ./charts
+              if-no-files-found: error
+              retention-days: 1
+
+          - name: Report semantic-release outputs
+            run: |
+              echo "::notice::${{ env.next_release }}"
+              echo "::notice::${{ env.will_create_new_release }}"
+
+          - name: Upload jar to GitHub release
+            if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
+            env:
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
+            run: |
+              echo "::notice::Uploading jar to GitHub release"
+              gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar
+
+      docker:
+        name: Docker Release
+        needs: semantic_release
+        runs-on: ubuntu-latest
+        steps:
+          - name: Checkout repository
+            uses: actions/checkout@v4
+          - name: Download build artifact
+            uses: actions/download-artifact@v4
+            with:
+              name: build
+              path: ./miw/build
+
+          - name: Download Helm chart artifact
+            uses: actions/download-artifact@v4
+            with:
+              name: charts
+              path: ./charts
+
+          # Create SemVer or ref tags dependent of trigger event
+          - name: Docker meta
+            id: meta
+            uses: docker/metadata-action@v5
+            with:
+              images: |
+                ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+              # Automatically prepare image tags; See action docs for more examples.
+              # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+              tags: |
+                type=ref,event=branch
+                type=ref,event=pr
+                type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
+                type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
+                type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
+                type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+
+          - name: DockerHub login
+            if: github.event_name != 'pull_request'
+            uses: docker/login-action@v3
+            with:
+              # Use existing DockerHub credentials present as secrets
+              username: ${{ secrets.DOCKER_HUB_USER }}
+              password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+          - name: Push image
+            uses: docker/build-push-action@v5
+            with:
+              context: .
+              push: ${{ github.event_name != 'pull_request' }}
+              tags: ${{ steps.meta.outputs.tags }}
+              labels: ${{ steps.meta.outputs.labels }}
+
+          # https://github.com/peter-evans/dockerhub-description
+          # Important step to push image description to DockerHub
+          - name: Update Docker Hub description
+            if: github.event_name != 'pull_request'
+            uses: peter-evans/dockerhub-description@v3
+            with:
+              # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+              readme-filepath: Docker-hub-notice.md
+              username: ${{ secrets.DOCKER_HUB_USER }}
+              password: ${{ secrets.DOCKER_HUB_TOKEN }}
+              repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+
+      helm:
+        name: Helm Release
+        needs: semantic_release
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write
+        steps:
+          - name: Checkout repository
+            uses: actions/checkout@v4
+
+          - name: Download Helm chart artifact
+            uses: actions/download-artifact@v4
+            with:
+              name: charts
+              path: ./charts
+
+          - name: Install Helm
+            uses: azure/[email protected]
+
+          - name: Add Helm dependency repositories
+            run: |
+              helm repo add bitnami https://charts.bitnami.com/bitnami
+
+          - name: Configure Git
+            run: |
+              git config user.name "$GITHUB_ACTOR"
+              git config user.email "[email protected]"
+
+          - name: Release chart
+            if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+            run: |
+              # Package MIW chart
+              helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
+              echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
+
+              # Commit and push to gh-pages
+              git add helm-charts
+              git stash -- helm-charts
+              git reset --hard
+              git fetch origin
+              git checkout gh-pages
+              git stash pop
+
+              # Generate helm repo index.yaml
+              helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
+              git add index.yaml
+
+              git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
+
+              git push origin gh-pages
+
+          - name: Upload chart to GitHub release
+            if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+            env:
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
+              HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
+            run: |
+              echo "::notice::Uploading chart to GitHub release"
+              gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
@@ -201,7 +201,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
 | serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
 | tolerations | list | `[]` | Tolerations configuration |
-| vcrs | object | `{"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service","tag":"latest"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"250m","memory":"512Mi"}},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"serviceName":"verifiable-credential-revocation-service"}` | Values for Verifiable Credential Revocation Service application |
+| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":2,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
 | vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name |
 | vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
 | vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
@@ -226,27 +226,23 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | vcrs.fullnameOverride | string | `"verifiable-credential-revocation-service"` | String to partially override common.names.fullname template (will maintain the release name) |
 | vcrs.host | string | `"localhost"` | Revocation application configuration |
 | vcrs.image.pullPolicy | string | `"IfNotPresent"` | PullPolicy |
-| vcrs.image.repository | string | `"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service"` | Image repository |
+| vcrs.image.repository | string | `"tractusx/verifiable-credential-revocation-service"` | Image repository |
 | vcrs.image.tag | string | `"latest"` | Image tag (empty one will use "appVersion" value from chart definition) |
 | vcrs.ingress.service.port | int | `8081` | Kubernetes Service port |
 | vcrs.ingress.service.type | string | `"ClusterIP"` | Kubernetes Service type |
-| vcrs.livenessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| vcrs.livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | vcrs.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all |
-| vcrs.livenessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
-| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probes are initiated. |
-| vcrs.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe |
+| vcrs.livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
+| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probe are initiated. |
+| vcrs.livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
 | vcrs.livenessProbe.timeoutSeconds | int | `30` | Number of seconds after which the probe times out. |
 | vcrs.nameOverride | string | `"verifiable-credential-revocation-service"` | The configmap name |
+| vcrs.readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | vcrs.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all |
-| vcrs.readinessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
+| vcrs.readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
 | vcrs.readinessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probe are initiated. |
-| vcrs.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe |
-| vcrs.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. |
-| vcrs.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. |
-| vcrs.resources.limits.cpu | string | `"500m"` | CPU resource limits |
-| vcrs.resources.limits.memory | string | `"1Gi"` | Memory resource limits |
-| vcrs.resources.requests.cpu | string | `"250m"` | CPU resource requests |
-| vcrs.resources.requests.memory | string | `"512Mi"` | Memory resource requests |
+| vcrs.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the probe |
+| vcrs.readinessProbe.timeoutSeconds | int | `30` | Number of seconds after which the probe times out. |
 | vcrs.secretName | string | `"verifiable-credential-revocation-service"` | The Secret name |
 | vcrs.secrets.DATABASE_PASSWORD | string | `"defaultpassword"` | The Database Password |
 | vcrs.secrets.password | string | `"defaultpassword"` | Postgresql password for MIW non-root User |