diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index fc880b4f..623a6667 100755 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -80,7 +80,11 @@ jobs: - name: Run chart-testing (install - with args) if: steps.list-changed.outputs.changed == 'true' - run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml" + run: | + kubectl create ns kc-reporter + kubectl -n kc-reporter create secret generic kc-reporter \ + --from-literal=clientSecret=test + ct install --target-branch ${{ github.event.repository.default_branch }} --namespace kc-reporter --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml" - uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e9d7858e..63112e72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,10 +19,6 @@ jobs: attestations: write id-token: write steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - uses: actions/create-github-app-token@v1 id: app-token @@ -30,6 +26,24 @@ jobs: app-id: ${{ vars.CI_APP_ID }} private-key: ${{ secrets.CI_PRIVATE_KEY }} + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ steps.app-token.outputs.token }} + ref: ${{ github.head_ref }} + + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + + - name: Configure Git author + run: | + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' + - name: Setup NodeJS uses: actions/setup-node@v4 with: @@ -40,16 +54,9 @@ jobs: uses: actions/setup-java@v4 # Does also set up Maven and GPG with: distribution: 'temurin' # As good as any other, see: https://github.com/actions/setup-java#supported-distributions - java-package: 'jdk' java-version: '21' - check-latest: true - cache: 'maven' - - name: Configure git - run: | - git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' - git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' - - name: npm build and test + - name: Package Application run: | npm run clean npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }} @@ -57,6 +64,7 @@ jobs: - name: Install Helm uses: azure/setup-helm@v4 + - name: Install Python uses: actions/setup-python@v5 with: @@ -73,9 +81,67 @@ jobs: - name: Helm Package run: | + + # Increment a version string using Semantic Versioning (SemVer) terminology. + # Parse command line options. + # Source: https://github.com/fmahnke/shell-semver + # + # usage: increment_version.sh [-Mmp] major.minor.patch + increment_version() { + while getopts ":Mmp" Option + do + case $Option in + M ) major=true;; + m ) minor=true;; + p ) patch=true;; + * ) patch=true;; + esac + done + + # shellcheck disable=SC2004,SC2206 + shift $(($OPTIND - 1)) + + version=$1 + + # Build array from version string. + # shellcheck disable=SC2206 + a=( ${version//./ } ) + # If version string is missing or has the wrong number of members, show usage message. + if [ ${#a[@]} -ne 3 ] + then + echo "usage: $(basename $0) [-Mmp] major.minor.patch" + exit 1 + fi + + # Increment version numbers as requested. + + if [ -n "$major" ] + then + ((a[0]++)) + a[1]=0 + a[2]=0 + fi + + if [ -n "$minor" ] + then + ((a[1]++)) + a[2]=0 + fi + + if [ -n "$patch" ] + then + ((a[2]++)) + fi + + echo "${a[0]}.${a[1]}.${a[2]}" + } + export HELM_CHART_DIR=charts/keycloak-reporter chartVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "version: " | sed -E -n "s/^version: \s*(.*)$/\1/p") - sed -i 's/version: '"$chartVersion"'/version: '"${{ github.event.inputs.releaseversion }}"'/g' $HELM_CHART_DIR/Chart.yaml + appVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "appVersion: " | sed -E -n "s/^appVersion: \s*(.*)$/\1/p") + newVersion=$(increment_version -p $chartVersion) + sed -i 's/version: '"$chartVersion"'/version: '"$newVersion"'/g' $HELM_CHART_DIR/Chart.yaml + sed -i 's/appVersion: '"$appVersion"'/appVersion: '"${{ github.event.inputs.releaseversion }}"'/g' $HELM_CHART_DIR/Chart.yaml helm-docs helm package $HELM_CHART_DIR git add . @@ -88,12 +154,12 @@ jobs: uses: TriPSs/conventional-changelog-action@v5 with: input-file: CHANGELOG.md - github-token: ${{ secrets.GITHUB_TOKEN }} - version-file: target/config.json + github-token: ${{ steps.app-token.outputs.token }} + version-file: package.json pre-release: true skip-bump: true skip-tag: true - skip-on-empty: false + skip-on-empty: true tag-prefix: 'v' - name: Create Release on GH @@ -106,16 +172,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Add SPI to github release - uses: actions/upload-release-asset@v1 - with: - upload_url: ${{ steps.tag-and-release.outputs.upload_url }} - asset_path: spi/target/keycloak-auditor-spi.jar - asset_name: keycloak-auditor-spi.jar - asset_content_type: application/zip - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Publish npm package run: | npm publish diff --git a/CHANGELOG.md b/CHANGELOG.md index 23e55764..1cf1aae9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,37 @@ +## [0.8.14](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.12...v0.8.14) (2024-09-17) + + +### Bug Fixes + +* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.10 ([ac7118b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ac7118bbcdd08dc4df3e33aca1d207ff946abbe6)) +* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.4 ([e79d129](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e79d129308de45c661374303990aad06a3264a48)) +* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.5 ([179de86](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/179de86d06f61eadf6975bee86784fab0fc510a2)) +* **deps:** update dependency @slack/webhook to v7.0.3 ([483dce5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/483dce5975e0722e531f673035703ef78983afa0)) +* **deps:** update dependency ms-teams-webhook to v2.2.0 ([38e4184](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/38e41849a6a5eb41edafe813f8d9dcd7bfc37f7e)) +* **deps:** update dependency ms-teams-webhook to v2.2.1 ([eb91bcf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/eb91bcff5142099cada7ed1cb9cceac71ebfd9bd)) +* **deps:** update dependency ms-teams-webhook to v2.2.2 ([1ccd777](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1ccd7771918077cadbe74e88e78554e7307871b1)) +* **deps:** update dependency npm to v10.8.3 ([b14ebf4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b14ebf4f2fa6295aad533f610949425313cb92ce)) +* **deps:** update dependency openid-client to v5.7.0 ([8688200](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8688200de26bd62077aeec9f01ce8f503e92e296)) + + + +## [0.8.13](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.12...v) (2024-09-17) + + +### Bug Fixes + +* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.10 ([ac7118b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ac7118bbcdd08dc4df3e33aca1d207ff946abbe6)) +* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.4 ([e79d129](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e79d129308de45c661374303990aad06a3264a48)) +* **deps:** update dependency @keycloak/keycloak-admin-client to v25.0.5 ([179de86](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/179de86d06f61eadf6975bee86784fab0fc510a2)) +* **deps:** update dependency @slack/webhook to v7.0.3 ([483dce5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/483dce5975e0722e531f673035703ef78983afa0)) +* **deps:** update dependency ms-teams-webhook to v2.2.0 ([38e4184](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/38e41849a6a5eb41edafe813f8d9dcd7bfc37f7e)) +* **deps:** update dependency ms-teams-webhook to v2.2.1 ([eb91bcf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/eb91bcff5142099cada7ed1cb9cceac71ebfd9bd)) +* **deps:** update dependency ms-teams-webhook to v2.2.2 ([1ccd777](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1ccd7771918077cadbe74e88e78554e7307871b1)) +* **deps:** update dependency npm to v10.8.3 ([b14ebf4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b14ebf4f2fa6295aad533f610949425313cb92ce)) +* **deps:** update dependency openid-client to v5.7.0 ([8688200](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8688200de26bd62077aeec9f01ce8f503e92e296)) + + + ## [0.8.12](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.8.11...v0.8.12) (2024-07-29) diff --git a/charts/keycloak-reporter/Chart.yaml b/charts/keycloak-reporter/Chart.yaml index c248ea45..86003ca6 100644 --- a/charts/keycloak-reporter/Chart.yaml +++ b/charts/keycloak-reporter/Chart.yaml @@ -15,14 +15,14 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.3.3 +version: 1.3.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. # renovate: datasource=docker depName=ContinuousSecurityTooling/keycloak-reporter -appVersion: '0.8.10' +appVersion: 0.8.10 maintainers: # Martin Reinhardt - name: hypery2k diff --git a/charts/keycloak-reporter/README.md b/charts/keycloak-reporter/README.md index ffe480ca..f2ad6cc7 100644 --- a/charts/keycloak-reporter/README.md +++ b/charts/keycloak-reporter/README.md @@ -1,6 +1,6 @@ # keycloak-reporter -![Version: 1.3.3](https://img.shields.io/badge/Version-1.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.10](https://img.shields.io/badge/AppVersion-0.8.10-informational?style=flat-square) +![Version: 1.3.4](https://img.shields.io/badge/Version-1.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.10](https://img.shields.io/badge/AppVersion-0.8.10-informational?style=flat-square) Keycloak user and client reporting tool for automated regular access checks. @@ -35,4 +35,4 @@ Keycloak user and client reporting tool for automated regular access checks. | tolerations | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/package-lock.json b/package-lock.json index 30e393c3..e9998288 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@continuoussecuritytooling/keycloak-reporter", - "version": "0.8.12", + "version": "0.8.14", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@continuoussecuritytooling/keycloak-reporter", - "version": "0.8.12", + "version": "0.8.14", "license": "MIT", "dependencies": { "@continuoussecuritytooling/keycloak-auditor": "^2.0.0", diff --git a/package.json b/package.json index 20c93a23..625ec17f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@continuoussecuritytooling/keycloak-reporter", - "version": "0.8.12", + "version": "0.8.14", "description": "Reporting Tools for Keycloak", "main": "dist/index.js", "bin": {