Skip to content

Commit

Permalink
Release version 0.0.3 (#38)
Browse files Browse the repository at this point in the history
* chore(build): adapt to latest upstream EDC

* feat: add ingress example + tests (#28)

* build(deps): bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#26)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@0.18.0...0.19.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump flyway from 10.10.0 to 10.11.0 (#27)

Bumps `flyway` from 10.10.0 to 10.11.0.

Updates `org.flywaydb:flyway-core` from 10.10.0 to 10.11.0
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](flyway/flyway@flyway-10.10.0...flyway-10.11.0)

Updates `org.flywaydb:flyway-database-postgresql` from 10.10.0 to 10.11.0

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.flywaydb:flyway-database-postgresql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add Authorization header validation (#29)

* feat: add auth service

* checkstyle

* DEPENDENCIES

* update gradle task dependencies

* expect 401 on directory ingress

* DEPENDENCIES

* chore: bump EDC to 0.6.1

* feat: add K8s ingress for Mgmt API (#33)

* feat: read DB secrets and API key from vault (#35)

* feat: read db config and api key from vault

* helm docs, lint

* DEPENDENCIES

* separate vault deployment in test

* wait for ready pods

* add hashicorp rep

* change readiness condition

* change wait condition again

* added comment [skip ci]

* build(deps): bump azure/setup-helm from 3.5 to 4 (#30)

Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.5 to 4.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](Azure/setup-helm@v3.5...v4)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump azure/setup-kubectl from 3.2 to 4 (#31)

Bumps [azure/setup-kubectl](https://github.com/azure/setup-kubectl) from 3.2 to 4.
- [Release notes](https://github.com/azure/setup-kubectl/releases)
- [Changelog](https://github.com/Azure/setup-kubectl/blob/main/CHANGELOG.md)
- [Commits](Azure/setup-kubectl@v3.2...v4)

---
updated-dependencies:
- dependency-name: azure/setup-kubectl
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump checkmarx/kics-github-action from 1.6 to 2 (#36)

Bumps [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) from 1.6 to 2.
- [Release notes](https://github.com/checkmarx/kics-github-action/releases)
- [Commits](Checkmarx/kics-github-action@v1.6...v2)

---
updated-dependencies:
- dependency-name: checkmarx/kics-github-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump flyway from 10.11.0 to 10.11.1 (#37)

* build(deps): bump flyway from 10.11.0 to 10.11.1

Bumps `flyway` from 10.11.0 to 10.11.1.

Updates `org.flywaydb:flyway-core` from 10.11.0 to 10.11.1
- [Release notes](https://github.com/flyway/flyway/releases)
- [Commits](flyway/flyway@flyway-10.11.0...flyway-10.11.1)

Updates `org.flywaydb:flyway-database-postgresql` from 10.11.0 to 10.11.1

---
updated-dependencies:
- dependency-name: org.flywaydb:flyway-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.flywaydb:flyway-database-postgresql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* DEPENDENCIES

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paul Latzelsperger <[email protected]>

* chore: pin EDC version to 0.6.2

* chore: add debug lines for auth

* fix: use correct image in chart

* Prepare release 0.0.3

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: eclipse-tractusx-bot <[email protected]>
Co-authored-by: Paul Latzelsperger <[email protected]>
Co-authored-by: Paul Latzelsperger <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
5 people authored Apr 25, 2024
1 parent 7db5f68 commit 8788f60
Show file tree
Hide file tree
Showing 46 changed files with 1,372 additions and 235 deletions.
47 changes: 33 additions & 14 deletions .github/actions/run-deployment-test/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,12 @@ inputs:

rootDir:
required: true
description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory"
description: "The directory that contains the docker file"

values_file:
# required: true
required: false
description: "A yaml file that contains the values for the test installation. will be modified!"
cluster-config:
required: true
description: "YAML file to contain KinD cluster configuration"
default: system-tests/helm/kind.config.yaml

runs:
using: "composite"
Expand All @@ -68,26 +68,45 @@ runs:

- name: Create k8s Kind Cluster
uses: helm/[email protected]
with:
config: ${{ inputs.cluster-config }}

- name: Load images into KinD
shell: bash
run: |
kind get clusters | xargs -n1 kind load docker-image ${{ inputs.imagename }}:${{ inputs.image_tag }} --name
###################################################
# Install the test infrastructure
###################################################
# - name: "Generate test credentials"
# shell: bash
# run: |-
# sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \
# ${{ inputs.values_file }}"
- name: "Install NGINX ingress controller"
shell: bash
run: |
# see: https://kind.sigs.k8s.io/docs/user/ingress/#ingress-nginx
# install NGINX ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
# wait for ingress to become available
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=90s
- name: "Install Vault chart"
shell: bash
run: |
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault \
-f system-tests/helm/values-vault-test.yaml \
--wait-for-jobs --timeout=120s --dependency-update
# wait for Vault pod to become ready
kubectl wait --for=condition=ready pod \
--selector=app.kubernetes.io/name=vault \
--timeout=90s
- name: Install Runtime
shell: bash
run: ${{ inputs.helm_command }}


#################
### Tear Down ###
#################
Expand Down
13 changes: 13 additions & 0 deletions .github/workflows/deployment-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,16 +67,29 @@ jobs:
with:
imagename: ${{ matrix.variant.name }}
rootDir: runtimes/${{ matrix.variant.name }}
cluster-config: "system-tests/helm/kind.config.yaml"
helm_command: |-
helm install ${{ matrix.variant.name }} ${{ matrix.variant.chart }} \
--set server.image.pullPolicy="Never" \
--set server.image.tag="latest" \
--set server.image.repository="${{ matrix.variant.name }}" \
--set fullnameOverride="${{ matrix.variant.name }}" \
-f system-tests/helm/values-test.yaml \
--wait-for-jobs --timeout=120s --dependency-update
# wait for the pod to become ready
kubectl rollout status deployment ${{ matrix.variant.name }}
# execute the helm test
helm test ${{ matrix.variant.name }}
# verify ingress is available. expect 401, because we don't have a valid VP/VC (MembershipCred)
code=$(curl -X GET -IL -sw "%{http_code}" -k https://localhost/api/directory/bpn-directory -H "content-type: application/json" -o /dev/null)
if [ "$code" -ne "401" ]; then
echo "BDRS Directory API not ready, status = $code"
exit 1;
fi
# verify management API is reachable as well.
# in production scenarios, the Managment API should NEVER be on the same ingress as the public API
curl -X GET --fail -k -L https://localhost/api/management/bpn-directory -H "content-type: application/json" -H "x-api-key: password" -o -
2 changes: 1 addition & 1 deletion .github/workflows/helm-lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
with:
fetch-depth: 0
- name: helm (setup)
uses: azure/setup-helm@v3.5
uses: azure/setup-helm@v4
with:
version: v3.8.1
- name: python (setup)
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/kics.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
- uses: actions/checkout@v4

- name: KICS scan
uses: checkmarx/kics-github-action@v1.6
uses: checkmarx/kics-github-action@v2
continue-on-error: true # kics 1.6 fails
with:
path: "."
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-new-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ jobs:
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v3.5
uses: azure/setup-helm@v4
with:
version: v3.8.1
- name: Package helm, update index.yaml and push to gh-pages
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.18.0
uses: aquasecurity/trivy-action@0.19.0
with:
scan-type: "config"
# ignore-unfixed: true
Expand Down Expand Up @@ -98,7 +98,7 @@ jobs:
## the next two steps will only execute if the image exists check was successful
- name: Run Trivy vulnerability scanner
if: success() && steps.imageCheck.outcome != 'failure'
uses: aquasecurity/trivy-action@0.18.0
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: "tractusx/${{ matrix.image }}:sha-${{ needs.git-sha7.outputs.value }}"
format: "sarif"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/upgradeability-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ jobs:
uses: actions/checkout@v4

- name: "Setup Helm"
uses: azure/setup-helm@v3.5
uses: azure/setup-helm@v4
with:
version: v3.8.1

- name: "Setup Kubectl"
uses: azure/setup-kubectl@v3.2
uses: azure/setup-kubectl@v4
with:
version: 'v1.28.2'

Expand Down
Loading

0 comments on commit 8788f60

Please sign in to comment.