Release version 0.0.3 (#38)

* chore(build): adapt to latest upstream EDC * feat: add ingress example + tests (#28) * build(deps): bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#26) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.18.0...0.19.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump flyway from 10.10.0 to 10.11.0 (#27) Bumps `flyway` from 10.10.0 to 10.11.0. Updates `org.flywaydb:flyway-core` from 10.10.0 to 10.11.0 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](flyway/flyway@flyway-10.10.0...flyway-10.11.0) Updates `org.flywaydb:flyway-database-postgresql` from 10.10.0 to 10.11.0 --- updated-dependencies: - dependency-name: org.flywaydb:flyway-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.flywaydb:flyway-database-postgresql dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add Authorization header validation (#29) * feat: add auth service * checkstyle * DEPENDENCIES * update gradle task dependencies * expect 401 on directory ingress * DEPENDENCIES * chore: bump EDC to 0.6.1 * feat: add K8s ingress for Mgmt API (#33) * feat: read DB secrets and API key from vault (#35) * feat: read db config and api key from vault * helm docs, lint * DEPENDENCIES * separate vault deployment in test * wait for ready pods * add hashicorp rep * change readiness condition * change wait condition again * added comment [skip ci] * build(deps): bump azure/setup-helm from 3.5 to 4 (#30) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.5 to 4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@v3.5...v4) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump azure/setup-kubectl from 3.2 to 4 (#31) Bumps [azure/setup-kubectl](https://github.com/azure/setup-kubectl) from 3.2 to 4. - [Release notes](https://github.com/azure/setup-kubectl/releases) - [Changelog](https://github.com/Azure/setup-kubectl/blob/main/CHANGELOG.md) - [Commits](Azure/setup-kubectl@v3.2...v4) --- updated-dependencies: - dependency-name: azure/setup-kubectl dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump checkmarx/kics-github-action from 1.6 to 2 (#36) Bumps [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) from 1.6 to 2. - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](Checkmarx/kics-github-action@v1.6...v2) --- updated-dependencies: - dependency-name: checkmarx/kics-github-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump flyway from 10.11.0 to 10.11.1 (#37) * build(deps): bump flyway from 10.11.0 to 10.11.1 Bumps `flyway` from 10.11.0 to 10.11.1. Updates `org.flywaydb:flyway-core` from 10.11.0 to 10.11.1 - [Release notes](https://github.com/flyway/flyway/releases) - [Commits](flyway/flyway@flyway-10.11.0...flyway-10.11.1) Updates `org.flywaydb:flyway-database-postgresql` from 10.11.0 to 10.11.1 --- updated-dependencies: - dependency-name: org.flywaydb:flyway-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.flywaydb:flyway-database-postgresql dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * DEPENDENCIES --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Paul Latzelsperger <[email protected]> * chore: pin EDC version to 0.6.2 * chore: add debug lines for auth * fix: use correct image in chart * Prepare release 0.0.3 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: eclipse-tractusx-bot <[email protected]> Co-authored-by: Paul Latzelsperger <[email protected]> Co-authored-by: Paul Latzelsperger <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
eclipse-tractusx · Apr 25, 2024 · 8788f60 · 8788f60
1 parent 7db5f68
commit 8788f60
Show file tree

Hide file tree

Showing 46 changed files with 1,372 additions and 235 deletions.
diff --git a/.github/actions/run-deployment-test/action.yml b/.github/actions/run-deployment-test/action.yml
@@ -38,12 +38,12 @@ inputs:
 
   rootDir:
     required: true
-    description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory"
+    description: "The directory that contains the docker file"
 
-  values_file:
-    #    required: true
-    required: false
-    description: "A yaml file that contains the values for the test installation. will be modified!"
+  cluster-config:
+    required: true
+    description: "YAML file to contain KinD cluster configuration"
+    default: system-tests/helm/kind.config.yaml
 
 runs:
   using: "composite"
@@ -68,26 +68,45 @@ runs:
 
     - name: Create k8s Kind Cluster
       uses: helm/[email protected]
+      with:
+        config: ${{ inputs.cluster-config }}
 
     - name: Load images into KinD
       shell: bash
       run: |
         kind get clusters | xargs -n1 kind load docker-image ${{ inputs.imagename }}:${{ inputs.image_tag }} --name
 
-    ###################################################
-    # Install the test infrastructure
-    ###################################################
-    #    - name: "Generate test credentials"
-    #      shell: bash
-    #      run: |-
-    #        sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \
-    #               ${{ inputs.values_file }}"
+    - name: "Install NGINX ingress controller"
+      shell: bash
+      run: |
+        # see: https://kind.sigs.k8s.io/docs/user/ingress/#ingress-nginx
+        # install NGINX ingress controller
+        kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+        
+        # wait for ingress to become available
+        kubectl wait --namespace ingress-nginx \
+          --for=condition=ready pod \
+          --selector=app.kubernetes.io/component=controller \
+          --timeout=90s
+
+    - name: "Install Vault chart"
+      shell: bash
+      run: |
+        helm repo add hashicorp https://helm.releases.hashicorp.com  
+        
+        helm install vault hashicorp/vault \
+          -f system-tests/helm/values-vault-test.yaml \
+          --wait-for-jobs --timeout=120s --dependency-update
+        
+        # wait for Vault pod to become ready
+        kubectl wait --for=condition=ready pod \
+         --selector=app.kubernetes.io/name=vault \
+         --timeout=90s
 
     - name: Install Runtime
       shell: bash
       run: ${{ inputs.helm_command }}
 
-
     #################
     ### Tear Down ###
     #################

diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml
@@ -67,16 +67,29 @@ jobs:
         with:
           imagename: ${{ matrix.variant.name }}
           rootDir: runtimes/${{ matrix.variant.name }}
+          cluster-config: "system-tests/helm/kind.config.yaml"
           helm_command: |-
             helm install ${{ matrix.variant.name }} ${{ matrix.variant.chart }} \
             --set server.image.pullPolicy="Never" \
             --set server.image.tag="latest" \
             --set server.image.repository="${{ matrix.variant.name }}" \
             --set fullnameOverride="${{ matrix.variant.name }}" \
+            -f system-tests/helm/values-test.yaml \
             --wait-for-jobs --timeout=120s --dependency-update
             
             # wait for the pod to become ready
             kubectl rollout status deployment ${{ matrix.variant.name }}
             
             # execute the helm test
             helm test ${{ matrix.variant.name }}
+
+            # verify ingress is available. expect 401, because we don't have a valid VP/VC (MembershipCred)
+            code=$(curl -X GET -IL -sw "%{http_code}" -k https://localhost/api/directory/bpn-directory -H "content-type: application/json" -o /dev/null)
+            if [ "$code" -ne "401" ]; then
+              echo "BDRS Directory API not ready, status = $code"
+              exit 1;
+            fi
+            
+            # verify management API is reachable as well. 
+            # in production scenarios, the Managment API should NEVER be on the same ingress as the public API
+            curl -X GET --fail -k -L https://localhost/api/management/bpn-directory -H "content-type: application/json" -H "x-api-key: password" -o -
diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml
@@ -49,7 +49,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: helm (setup)
-        uses: azure/setup-helm@v3.5
+        uses: azure/setup-helm@v4
         with:
           version: v3.8.1
       - name: python (setup)

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
@@ -44,7 +44,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: KICS scan
-        uses: checkmarx/kics-github-action@v1.6
+        uses: checkmarx/kics-github-action@v2
         continue-on-error: true # kics 1.6 fails
         with:
           path: "."

diff --git a/.github/workflows/publish-new-release.yml b/.github/workflows/publish-new-release.yml
@@ -141,7 +141,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Install Helm
-        uses: azure/setup-helm@v3.5
+        uses: azure/setup-helm@v4
         with:
           version: v3.8.1
       - name: Package helm, update index.yaml and push to gh-pages

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -58,7 +58,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.19.0
         with:
           scan-type: "config"
           # ignore-unfixed: true
@@ -98,7 +98,7 @@ jobs:
         ## the next two steps will only execute if the image exists check was successful
       - name: Run Trivy vulnerability scanner
         if: success() && steps.imageCheck.outcome != 'failure'
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.19.0
         with:
           image-ref: "tractusx/${{ matrix.image }}:sha-${{ needs.git-sha7.outputs.value }}"
           format: "sarif"

diff --git a/.github/workflows/upgradeability-test.yaml b/.github/workflows/upgradeability-test.yaml
@@ -46,12 +46,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: "Setup Helm"
-        uses: azure/setup-helm@v3.5
+        uses: azure/setup-helm@v4
         with:
           version: v3.8.1
 
       - name: "Setup Kubectl"
-        uses: azure/setup-kubectl@v3.2
+        uses: azure/setup-kubectl@v4
         with:
           version: 'v1.28.2'