From b154ede0ec7845a18269d4c344057a72483b9649 Mon Sep 17 00:00:00 2001 From: "fabio.d.mota" Date: Fri, 24 Nov 2023 18:25:33 +0000 Subject: [PATCH] fix(frontend): Fix QG4 findings --- .github/workflows/build.yml | 1 - .github/workflows/helm-chart-test.yaml | 3 +- .github/workflows/trivy.yml | 18 +- Dockerfile | 2 + SECURITY.md | 17 +- charts/country-risk/Chart.yaml | 8 +- charts/country-risk/README.md | 156 +++++++++--------- .../charts/country-risk-backend/Chart.yaml | 4 +- .../charts/country-risk-backend/README.md | 2 +- .../charts/country-risk-backend/values.yaml | 4 +- .../charts/country-risk-frontend/Chart.yaml | 4 +- .../charts/country-risk-frontend/README.md | 90 +++++----- .../charts/country-risk-frontend/values.yaml | 4 +- charts/country-risk/values.yaml | 8 +- docs/Arc42-Documentation.md | 10 +- docs/User-Guide.md | 10 ++ 16 files changed, 183 insertions(+), 158 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55da9172..f89ccad7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,6 @@ on: branches: - "main" - "dev" - - "fix/*" tags: - "v*.*.*" - "v*.*.*-*" diff --git a/.github/workflows/helm-chart-test.yaml b/.github/workflows/helm-chart-test.yaml index 518f3c75..5cad98fe 100644 --- a/.github/workflows/helm-chart-test.yaml +++ b/.github/workflows/helm-chart-test.yaml @@ -10,7 +10,8 @@ on: pull_request: paths: - 'charts/country-risk/**' - + workflow_dispatch: + # Trigger manually jobs: lint-test: runs-on: ubuntu-latest diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 6729ff39..2506a537 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,4 +1,4 @@ -name: "Trivy" +name: "Trivy Stable" on: push: @@ -9,12 +9,6 @@ on: - 'src/**' - 'package.json' - 'Dockerfile' - # pull_request: - # The branches below must be a subset of the branches above - # branches: [ main ] - # paths-ignore: - # - "**/*.md" - # - "**/*.txt" schedule: # Once a day - cron: "0 0 * * *" @@ -34,15 +28,13 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.14.0 with: scan-type: "config" - # ignore-unfixed: true - exit-code: "1" hide-progress: false format: "sarif" output: "trivy-results1.sarif" - severity: "CRITICAL,HIGH" + vuln-type: "os,library" - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 @@ -68,10 +60,10 @@ jobs: # For public images, no ENV vars must be set. - name: Run Trivy vulnerability scanner if: always() - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.14.0 with: # Path to Docker image - image-ref: "ghcr.io/catenax-ng/tx-vas-country-risk-frontend:main" + image-ref: "tractusx/vas-country-risk:latest" format: "sarif" output: "trivy-results2.sarif" exit-code: "1" diff --git a/Dockerfile b/Dockerfile index 3d5bb5f0..c160678f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,6 +31,8 @@ COPY public ./public COPY --chown=node:node .env . COPY src ./src +COPY LICENSE NOTICE.md DEPENDENCIES SECURITY.md /app/dist/ + # Set permissions RUN chown -R node:node /app && \ chmod -R u+rwx,g+rx,o-rwx /app diff --git a/SECURITY.md b/SECURITY.md index 7d8fced7..77aaad51 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,5 +2,18 @@ ## Reporting a Vulnerability -Please report a found vulnerability here: -[https://www.eclipse.org/security/](https://www.eclipse.org/security/) \ No newline at end of file +Please do **not** report security vulnerabilities through public GitHub issues. + +Please report vulnerabilities to this repository via **GitHub security advisories** instead. + +How? Inside affected repository → security tab + +for contributor: +→ Report a vulnerability + +for committer: +→ advisories → New draft security advisory + +In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/ + +See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability) \ No newline at end of file diff --git a/charts/country-risk/Chart.yaml b/charts/country-risk/Chart.yaml index 603bd9cf..ce103117 100644 --- a/charts/country-risk/Chart.yaml +++ b/charts/country-risk/Chart.yaml @@ -20,8 +20,8 @@ apiVersion: v2 name: country-risk type: application -version: 1.1.1 -appVersion: "1.2.0" +version: 3.0.3 +appVersion: "1.2.1" description: A Helm chart for deploying the Country Risk service home: https://github.com/eclipse-tractusx/vas-country-risk-frontend sources: @@ -38,6 +38,6 @@ dependencies: repository: https://helm.runix.net version: 1.x.x - name: country-risk-backend - version: 3.0.2 + version: 3.0.3 - name: country-risk-frontend - version: 3.0.2 + version: 3.0.3 diff --git a/charts/country-risk/README.md b/charts/country-risk/README.md index 1f104019..f8f039b4 100644 --- a/charts/country-risk/README.md +++ b/charts/country-risk/README.md @@ -90,7 +90,7 @@ This way you are able to overwrite any configuration property of the `.env` file # country-risk -![Version: 2.0.9](https://img.shields.io/badge/Version-2.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.1](https://img.shields.io/badge/AppVersion-1.1.1-informational?style=flat-square) +![Version: 3.0.3](https://img.shields.io/badge/Version-3.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square) A Helm chart for deploying the Country Risk service @@ -110,84 +110,84 @@ A Helm chart for deploying the Country Risk service ## Values -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0] | object | `{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}` | Match Pod rules | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Key that is used to determine the topology of the cluster | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight | int | `100` | | -| autoscaling | object | `{"enabled":false}` | Specifies whether autoscaling should be enabled for the pod | -| backend.appName | string | `"vas-country-risk-backend"` | Name of the backend service | -| backend.applicationSecret | object | `{"clientId":"","clientSecret":"","enabled":true}` | Defines the client secret and client ID | -| backend.applicationSecret.clientId | string | `""` | String value that represents the client ID | -| backend.applicationSecret.clientSecret | string | `""` | String value that represents the client secret | -| backend.applicationSecret.enabled | bool | `true` | Value that specifies whether the application secret should be used | -| backend.configmap.create | bool | `true` | | -| backend.configmap.data.security_enabled | string | `"false"` | Security configurations for the application | -| backend.configmap.data.spring_profiles_active | string | `"dev"` | Which profile should be activated for the application | -| backend.image.name | string | `"catenax-ng/tx-vas-country-risk-backend"` | Name of the docker image | -| backend.image.pullPolicy | string | `"Always"` | | -| backend.image.registry | string | `"ghcr.io"` | | -| backend.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| backend.ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | HTTP traffic should be redirected to HTTPS | -| backend.ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"` | Ingress controller should pass SSL traffic directly to the backend pods | -| backend.ingress.className | string | `"nginx"` | Class name | -| backend.ingress.enabled | bool | `false` | Ingress enabled or not | -| certificate | object | `{"host":"localhost"}` | ------------------------------------------------------------------------------------------------------------ | -| certificate.host | string | `"localhost"` | Hostname for the certificate | -| elastic.enabled | bool | `false` | Should elastic be enabled or not | -| elastic.security.tls | object | `{"restEncryption":false}` | Information about the transport layer security (TLS) | -| elastic.security.tls.restEncryption | bool | `false` | Encryption for the REST requests made to the Elastic cluster | -| frontend.appName | string | `"vas-country-risk-frontend"` | Name of the frontend service | -| frontend.applicationSecret | object | `{"enabled":false}` | Defines the client secret and client ID | -| frontend.configmap.create | bool | `true` | | -| frontend.image.name | string | `"catenax-ng/tx-vas-country-risk-frontend"` | Name of the docker image | -| frontend.image.pullPolicy | string | `"Always"` | | -| frontend.image.registry | string | `"ghcr.io"` | | -| frontend.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| frontend.ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | HTTP traffic should be redirected to HTTPS | -| frontend.ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"` | Ingress controller should pass SSL traffic directly to the backend pods | -| frontend.ingress.className | string | `"nginx"` | Class name | -| frontend.ingress.enabled | bool | `false` | Ingress enabled or not | -| imagePullSecrets | list | `[]` | List of secrets to be used | -| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":60,"path":"/management/health/liveness","periodSeconds":10,"port":8080,"successThreshold":1,"timeoutSeconds":1}` | Determines if a pod is still alive or not | -| livenessProbe.initialDelaySeconds | int | `60` | Number of seconds to wait before performing the first liveness probe | -| livenessProbe.path | string | `"/management/health/liveness"` | HTTP endpoint | -| livenessProbe.periodSeconds | int | `10` | Number of seconds to wait between consecutive probes | -| livenessProbe.port | int | `8080` | Port used | -| livenessProbe.successThreshold | int | `1` | Number of consecutive successful probes before a pod is considered healthy | -| livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which a liveness probe times out | -| nodeSelector | object | `{}` | Node placement constraints | -| pgadmin4.enabled | bool | `false` | Should pgadmin4 be enabled or not | -| pgadmin4.env.email | string | `"vas@catena-x.net"` | Email used on the Env environment | -| pgadmin4.ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-prod"` | Cluster issuer used for the ingress | -| pgadmin4.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | Class for the pgadmin4 deployment | -| pgadmin4.ingress.enabled | bool | `true` | Ingress enabled or not | -| pgadmin4.secret.path | string | `"value-added-service/data/country-risk/dev/pgadmin4"` | Path where the information related to the secret | -| podAnnotations | object | `{}` | Annotations to be added to the running pod | -| podSecurityContext | object | `{"fsGroup":2000}` | Configuration for security-related options of the running pod | -| podSecurityContext.fsGroup | int | `2000` | Set the file system group ID for all containers in the pod | -| postgres.appName | string | `"vas-country-risk-postgres"` | Database application name | -| postgres.auth | object | `{"database":"vas","username":"vas"}` | Configuration values for the Database | -| postgres.enabled | bool | `true` | Should postgres DB be enabled or not | -| postgres.environment | string | `"dev"` | Type of environment the database is running | -| postgres.ingress.className | string | `"nginx"` | | -| postgres.ingress.enabled | bool | `true` | Ingress enabled or not | -| postgres.service.port | int | `5432` | Port to be used on this service | -| postgres.service.type | string | `"ClusterIP"` | Type of service to be used | +| Key | Type | Default | Description | +|-----|------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0] | object | `{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}` | Match Pod rules | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Key that is used to determine the topology of the cluster | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight | int | `100` | | +| autoscaling | object | `{"enabled":false}` | Specifies whether autoscaling should be enabled for the pod | +| backend.appName | string | `"vas-country-risk-backend"` | Name of the backend service | +| backend.applicationSecret | object | `{"clientId":"","clientSecret":"","enabled":true}` | Defines the client secret and client ID | +| backend.applicationSecret.clientId | string | `""` | String value that represents the client ID | +| backend.applicationSecret.clientSecret | string | `""` | String value that represents the client secret | +| backend.applicationSecret.enabled | bool | `true` | Value that specifies whether the application secret should be used | +| backend.configmap.create | bool | `true` | | +| backend.configmap.data.security_enabled | string | `"false"` | Security configurations for the application | +| backend.configmap.data.spring_profiles_active | string | `"dev"` | Which profile should be activated for the application | +| backend.image.name | string | `"vas-country-risk-backend"` | Name of the docker image | +| backend.image.pullPolicy | string | `"Always"` | | +| backend.image.registry | string | `"tractusx"` | | +| backend.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | HTTP traffic should be redirected to HTTPS | +| backend.ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"` | Ingress controller should pass SSL traffic directly to the backend pods | +| backend.ingress.className | string | `"nginx"` | Class name | +| backend.ingress.enabled | bool | `false` | Ingress enabled or not | +| certificate | object | `{"host":"localhost"}` | ------------------------------------------------------------------------------------------------------------ | +| certificate.host | string | `"localhost"` | Hostname for the certificate | +| elastic.enabled | bool | `false` | Should elastic be enabled or not | +| elastic.security.tls | object | `{"restEncryption":false}` | Information about the transport layer security (TLS) | +| elastic.security.tls.restEncryption | bool | `false` | Encryption for the REST requests made to the Elastic cluster | +| frontend.appName | string | `"vas-country-risk-frontend"` | Name of the frontend service | +| frontend.applicationSecret | object | `{"enabled":false}` | Defines the client secret and client ID | +| frontend.configmap.create | bool | `true` | | +| frontend.image.name | string | `"vas-country-risk"` | Name of the docker image | +| frontend.image.pullPolicy | string | `"Always"` | | +| frontend.image.registry | string | `"tractusx"` | | +| frontend.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | HTTP traffic should be redirected to HTTPS | +| frontend.ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"` | Ingress controller should pass SSL traffic directly to the backend pods | +| frontend.ingress.className | string | `"nginx"` | Class name | +| frontend.ingress.enabled | bool | `false` | Ingress enabled or not | +| imagePullSecrets | list | `[]` | List of secrets to be used | +| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":60,"path":"/management/health/liveness","periodSeconds":10,"port":8080,"successThreshold":1,"timeoutSeconds":1}` | Determines if a pod is still alive or not | +| livenessProbe.initialDelaySeconds | int | `60` | Number of seconds to wait before performing the first liveness probe | +| livenessProbe.path | string | `"/management/health/liveness"` | HTTP endpoint | +| livenessProbe.periodSeconds | int | `10` | Number of seconds to wait between consecutive probes | +| livenessProbe.port | int | `8080` | Port used | +| livenessProbe.successThreshold | int | `1` | Number of consecutive successful probes before a pod is considered healthy | +| livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which a liveness probe times out | +| nodeSelector | object | `{}` | Node placement constraints | +| pgadmin4.enabled | bool | `false` | Should pgadmin4 be enabled or not | +| pgadmin4.env.email | string | `"vas@catena-x.net"` | Email used on the Env environment | +| pgadmin4.ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-prod"` | Cluster issuer used for the ingress | +| pgadmin4.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | Class for the pgadmin4 deployment | +| pgadmin4.ingress.enabled | bool | `true` | Ingress enabled or not | +| pgadmin4.secret.path | string | `"value-added-service/data/country-risk/dev/pgadmin4"` | Path where the information related to the secret | +| podAnnotations | object | `{}` | Annotations to be added to the running pod | +| podSecurityContext | object | `{"fsGroup":2000}` | Configuration for security-related options of the running pod | +| podSecurityContext.fsGroup | int | `2000` | Set the file system group ID for all containers in the pod | +| postgres.appName | string | `"vas-country-risk-postgres"` | Database application name | +| postgres.auth | object | `{"database":"vas","username":"vas"}` | Configuration values for the Database | +| postgres.enabled | bool | `true` | Should postgres DB be enabled or not | +| postgres.environment | string | `"dev"` | Type of environment the database is running | +| postgres.ingress.className | string | `"nginx"` | | +| postgres.ingress.enabled | bool | `true` | Ingress enabled or not | +| postgres.service.port | int | `5432` | Port to be used on this service | +| postgres.service.type | string | `"ClusterIP"` | Type of service to be used | | readinessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":60,"path":"/management/health/readiness","periodSeconds":10,"port":8080,"successThreshold":1,"timeoutSeconds":1}` | Determine when a pod is ready to start accepting requests | -| replicaCount | int | `1` | Number of replicas of a Kubernetes deployment | -| resources.limits | object | `{"cpu":"800m","memory":"2Gi"}` | Maximum amount of resources that the deployment should be able to consume | -| resources.requests | object | `{"cpu":"300m","memory":"1Gi"}` | Minimum amount of resources that the deployment should be guaranteed to receive | -| securityContext.allowPrivilegeEscalation | bool | `false` | Specifies if processes running inside the container can gain more privileges than its initial user | -| securityContext.capabilities | object | `{"drop":["ALL"]}` | Capabilities that the process inside the container should have | -| securityContext.runAsGroup | int | `3000` | Specifies the group ID that the process inside the container should run | -| securityContext.runAsNonRoot | bool | `true` | Specifies whether the process inside the container should run as a non-root user | -| securityContext.runAsUser | int | `101` | Specifies the user ID that the process inside the container should run | -| service | object | `{"port":8080,"type":"ClusterIP"}` | Service that should be created for the pod | -| service.port | int | `8080` | Service port | -| service.type | string | `"ClusterIP"` | Type of service to be used | -| springProfiles[0] | string | `"dev"` | | -| tolerations | list | `[]` | Pod toleration constraints | +| replicaCount | int | `1` | Number of replicas of a Kubernetes deployment | +| resources.limits | object | `{"cpu":"800m","memory":"2Gi"}` | Maximum amount of resources that the deployment should be able to consume | +| resources.requests | object | `{"cpu":"300m","memory":"1Gi"}` | Minimum amount of resources that the deployment should be guaranteed to receive | +| securityContext.allowPrivilegeEscalation | bool | `false` | Specifies if processes running inside the container can gain more privileges than its initial user | +| securityContext.capabilities | object | `{"drop":["ALL"]}` | Capabilities that the process inside the container should have | +| securityContext.runAsGroup | int | `3000` | Specifies the group ID that the process inside the container should run | +| securityContext.runAsNonRoot | bool | `true` | Specifies whether the process inside the container should run as a non-root user | +| securityContext.runAsUser | int | `101` | Specifies the user ID that the process inside the container should run | +| service | object | `{"port":8080,"type":"ClusterIP"}` | Service that should be created for the pod | +| service.port | int | `8080` | Service port | +| service.type | string | `"ClusterIP"` | Type of service to be used | +| springProfiles[0] | string | `"dev"` | | +| tolerations | list | `[]` | Pod toleration constraints | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/country-risk/charts/country-risk-backend/Chart.yaml b/charts/country-risk/charts/country-risk-backend/Chart.yaml index c95cb763..f248c629 100644 --- a/charts/country-risk/charts/country-risk-backend/Chart.yaml +++ b/charts/country-risk/charts/country-risk-backend/Chart.yaml @@ -36,13 +36,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.0.2 +version: 3.0.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.2.0" +appVersion: "1.2.1" dependencies: - name: postgresql diff --git a/charts/country-risk/charts/country-risk-backend/README.md b/charts/country-risk/charts/country-risk-backend/README.md index 61c53f79..273f758d 100644 --- a/charts/country-risk/charts/country-risk-backend/README.md +++ b/charts/country-risk/charts/country-risk-backend/README.md @@ -148,7 +148,7 @@ vas: ### country-risk-backend -![Version: 2.0.6](https://img.shields.io/badge/Version-2.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 3.0.3](https://img.shields.io/badge/Version-3.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square) A Helm chart for deploying the Country Risk service diff --git a/charts/country-risk/charts/country-risk-backend/values.yaml b/charts/country-risk/charts/country-risk-backend/values.yaml index e0dd831a..0d6cd57d 100644 --- a/charts/country-risk/charts/country-risk-backend/values.yaml +++ b/charts/country-risk/charts/country-risk-backend/values.yaml @@ -25,9 +25,9 @@ replicaCount: 1 image: - registry: "ghcr.io" + registry: "tractusx" # -- Name of the docker image - name: "catenax-ng/tx-vas-country-risk-backend" + name: "vas-country-risk-backend" pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" diff --git a/charts/country-risk/charts/country-risk-frontend/Chart.yaml b/charts/country-risk/charts/country-risk-frontend/Chart.yaml index 20fb4009..da093933 100644 --- a/charts/country-risk/charts/country-risk-frontend/Chart.yaml +++ b/charts/country-risk/charts/country-risk-frontend/Chart.yaml @@ -34,10 +34,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.0.2 +version: 3.0.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.2.0" +appVersion: "1.2.1" diff --git a/charts/country-risk/charts/country-risk-frontend/README.md b/charts/country-risk/charts/country-risk-frontend/README.md index 76aaa945..ef3e5971 100644 --- a/charts/country-risk/charts/country-risk-frontend/README.md +++ b/charts/country-risk/charts/country-risk-frontend/README.md @@ -88,57 +88,57 @@ This way you are able to overwrite any configuration property of the `.env` file # country-risk-frontend -![Version: 2.0.7](https://img.shields.io/badge/Version-2.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 3.0.3](https://img.shields.io/badge/Version-3.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square) A Helm chart for deploying the Country Risk service ## Values -| Key | Type | Default | Description | -|-----|------|--------------------------------------------------------------|-------------| +| Key | Type | Default | Description | +|-----|------|-------------------------------------------------------|-------------| | affinity..podAffinityTerm.labelSelector.matchExpressions[0] | object | `{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}` | Match Pod rules | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Key that is used to determine the topology of the cluster | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight | int | `100` | | -| appName | string | `"vas-country-risk-frontend"` | Name of the backend service | -| applicationSecret | object | `{"enabled":false}` | Defines the client secret and client ID | -| autoscaling | object | `{"enabled":false}` | Specifies whether autoscaling should be enabled for the pod | -| certificate.host | string | `"localhost"` | Hostname for the certificate | -| configmap.create | bool | `true` | | -| elastic.enabled | bool | `false` | Should elastic be enabled or not | -| elastic.security.tls | object | `{"restEncryption":false}` | Information about the transport layer security (TLS) | -| elastic.security.tls.restEncryption | bool | `false` | Encryption for the REST requests made to the Elastic cluster | -| image.name | string | `"catenax-ng/tx-vas-country-risk-frontend"` | Name of the docker image | -| image.pullPolicy | string | `"Always"` | | -| image.registry | string | `"ghcr.io"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | List of secrets to be used | -| ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | HTTP traffic should be redirected to HTTPS | -| ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"` | Ingress controller should pass SSL traffic directly to the backend pods | -| ingress.className | string | `"nginx"` | Class name | -| ingress.enabled | bool | `false` | Ingress enabled or not | -| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":10,...}` | Determines if a pod is still alive or not | -| livenessProbe.initialDelaySeconds | int | `10` | Number of seconds to wait before performing the first liveness probe | -| livenessProbe.periodSeconds | int | `1000` | Number of seconds to wait between consecutive probes | -| livenessProbe.successThreshold | int | `1` | Number of consecutive successful probes before a pod is considered healthy | -| livenessProbe.timeoutSeconds | int | `1000` | Number of seconds after which a liveness probe times out | -| nodeSelector | object | `{}` | Node placement constraints | -| podAnnotations | object | `{}` | Annotations to be added to the running pod | -| podSecurityContext | object | `{"fsGroup":2000}` | Configuration for security-related options of the running pod | -| podSecurityContext.fsGroup | int | `2000` | Set the file system group ID for all containers in the pod | -| readinessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":10,...}` | Determine when a pod is ready to start accepting requests | -| replicaCount | int | `1` | Number of replicas of a Kubernetes deployment | -| resources.limits | object | `{"cpu":"800m","memory":"2Gi"}` | Maximum amount of resources that the deployment should be able to consume | -| resources.requests | object | `{"cpu":"300m","memory":"1Gi"}` | Minimum amount of resources that the deployment should be guaranteed to receive | -| securityContext.allowPrivilegeEscalation | bool | `false` | Specifies if processes running inside the container can gain more privileges than its initial user | -| securityContext.capabilities | object | `{"drop":["ALL"]}` | Capabilities that the process inside the container should have | -| securityContext.runAsGroup | int | `3000` | Specifies the group ID that the process inside the container should run | -| securityContext.runAsNonRoot | bool | `true` | Specifies whether the process inside the container should run as a non-root user | -| securityContext.runAsUser | int | `10001` | Specifies the user ID that the process inside the container should run | -| service | object | `{"port":8080,"type":"ClusterIP"}` | Service that should be created for the pod | -| service.port | int | `8080` | Service port | -| service.type | string | `"ClusterIP"` | Type of service to be used | -| springProfiles[0] | string | `"dev"` | | -| tolerations | list | `[]` | Pod toleration constraints | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Key that is used to determine the topology of the cluster | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight | int | `100` | | +| appName | string | `"vas-country-risk-frontend"` | Name of the backend service | +| applicationSecret | object | `{"enabled":false}` | Defines the client secret and client ID | +| autoscaling | object | `{"enabled":false}` | Specifies whether autoscaling should be enabled for the pod | +| certificate.host | string | `"localhost"` | Hostname for the certificate | +| configmap.create | bool | `true` | | +| elastic.enabled | bool | `false` | Should elastic be enabled or not | +| elastic.security.tls | object | `{"restEncryption":false}` | Information about the transport layer security (TLS) | +| elastic.security.tls.restEncryption | bool | `false` | Encryption for the REST requests made to the Elastic cluster | +| image.name | string | `"vas-country-risk"` | Name of the docker image | +| image.pullPolicy | string | `"Always"` | | +| image.registry | string | `"tractusx"` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | List of secrets to be used | +| ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" | string | `"true"` | HTTP traffic should be redirected to HTTPS | +| ingress.annotations."nginx.ingress.kubernetes.io/ssl-passthrough" | string | `"true"` | Ingress controller should pass SSL traffic directly to the backend pods | +| ingress.className | string | `"nginx"` | Class name | +| ingress.enabled | bool | `false` | Ingress enabled or not | +| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":10,...}` | Determines if a pod is still alive or not | +| livenessProbe.initialDelaySeconds | int | `10` | Number of seconds to wait before performing the first liveness probe | +| livenessProbe.periodSeconds | int | `1000` | Number of seconds to wait between consecutive probes | +| livenessProbe.successThreshold | int | `1` | Number of consecutive successful probes before a pod is considered healthy | +| livenessProbe.timeoutSeconds | int | `1000` | Number of seconds after which a liveness probe times out | +| nodeSelector | object | `{}` | Node placement constraints | +| podAnnotations | object | `{}` | Annotations to be added to the running pod | +| podSecurityContext | object | `{"fsGroup":2000}` | Configuration for security-related options of the running pod | +| podSecurityContext.fsGroup | int | `2000` | Set the file system group ID for all containers in the pod | +| readinessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":10,...}` | Determine when a pod is ready to start accepting requests | +| replicaCount | int | `1` | Number of replicas of a Kubernetes deployment | +| resources.limits | object | `{"cpu":"800m","memory":"2Gi"}` | Maximum amount of resources that the deployment should be able to consume | +| resources.requests | object | `{"cpu":"300m","memory":"1Gi"}` | Minimum amount of resources that the deployment should be guaranteed to receive | +| securityContext.allowPrivilegeEscalation | bool | `false` | Specifies if processes running inside the container can gain more privileges than its initial user | +| securityContext.capabilities | object | `{"drop":["ALL"]}` | Capabilities that the process inside the container should have | +| securityContext.runAsGroup | int | `3000` | Specifies the group ID that the process inside the container should run | +| securityContext.runAsNonRoot | bool | `true` | Specifies whether the process inside the container should run as a non-root user | +| securityContext.runAsUser | int | `10001` | Specifies the user ID that the process inside the container should run | +| service | object | `{"port":8080,"type":"ClusterIP"}` | Service that should be created for the pod | +| service.port | int | `8080` | Service port | +| service.type | string | `"ClusterIP"` | Type of service to be used | +| springProfiles[0] | string | `"dev"` | | +| tolerations | list | `[]` | Pod toleration constraints | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/country-risk/charts/country-risk-frontend/values.yaml b/charts/country-risk/charts/country-risk-frontend/values.yaml index 65285252..cbe52971 100644 --- a/charts/country-risk/charts/country-risk-frontend/values.yaml +++ b/charts/country-risk/charts/country-risk-frontend/values.yaml @@ -25,9 +25,9 @@ replicaCount: 1 image: - registry: "ghcr.io" + registry: "tractusx" # -- Name of the docker image - name: "catenax-ng/tx-vas-country-risk-frontend" + name: "vas-country-risk" pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" diff --git a/charts/country-risk/values.yaml b/charts/country-risk/values.yaml index 2e19bff0..1c48b236 100644 --- a/charts/country-risk/values.yaml +++ b/charts/country-risk/values.yaml @@ -23,9 +23,9 @@ country-risk-frontend: replicaCount: 1 image: - registry: "ghcr.io" + registry: "tractusx" # -- Name of the docker image - name: "catenax-ng/tx-vas-country-risk-frontend" + name: "vas-country-risk" pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" @@ -155,9 +155,9 @@ country-risk-backend: replicaCount: 1 image: - registry: "ghcr.io" + registry: "tractusx" # -- Name of the docker image - name: "catenax-ng/tx-vas-country-risk-backend" + name: "vas-country-risk-backend" pullPolicy: Always # -- Overrides the image tag whose default is the chart appVersion. tag: "" diff --git a/docs/Arc42-Documentation.md b/docs/Arc42-Documentation.md index f64d2220..4aa9d4ce 100644 --- a/docs/Arc42-Documentation.md +++ b/docs/Arc42-Documentation.md @@ -1,4 +1,12 @@ -# +## NOTICE + +This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0). + +- SPDX-License-Identifier: Apache-2.0 +- Licence Path: https://creativecommons.org/licenses/by/4.0/legalcode +- Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation +- Copyright (c) 2022, 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +- Source URL: https://github.com/eclipse-tractusx/vas-country-risk **About arc42** diff --git a/docs/User-Guide.md b/docs/User-Guide.md index c5748fc3..bac1bee0 100644 --- a/docs/User-Guide.md +++ b/docs/User-Guide.md @@ -1,3 +1,13 @@ +## NOTICE + +This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0). + +- SPDX-License-Identifier: Apache-2.0 +- Licence Path: https://creativecommons.org/licenses/by/4.0/legalcode +- Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation +- Copyright (c) 2022, 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +- Source URL: https://github.com/eclipse-tractusx/vas-country-risk + # User Guides ## Portal to Dashboard