build(v1.0.0-rc.3): merge main into dev

.github/dependabot.yml

@@ -0,0 +1,60 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+---
+version: 2
+updates:
+  # NuGet
+  -
+    package-ecosystem: "nuget"
+    target-branch: dev
+    directory: /
+    labels:
+      - "dependabot"
+      - "dependencies"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+
+  # Github Actions
+  -
+    package-ecosystem: "github-actions"
+    target-branch: dev
+    directory: /
+    labels:
+      - "dependabot"
+      - "github-actions"
+    schedule:
+      interval: "weekly"
+
+  # Docker
+  -
+    package-ecosystem: "docker"
+    target-branch: dev
+    directory: ./docker/
+    labels:
+      - "dependabot"
+      - "docker"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/workflows/release.yml

@@ -121,22 +121,22 @@ jobs:
         id: meta
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
-           images: ${{ matrix.image }}
-           # Automatically prepare image tags; See action docs for more examples. 
-           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
-           tags: |
-             type=ref,event=branch
-             type=ref,event=pr
-             type=raw,value=latest
-             type=semver,pattern={{version}},value=${{ needs.release-helm-chart.outputs.app-version }}
-             type=semver,pattern={{major}},value=${{ needs.release-helm-chart.outputs.app-version }}
-             type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-helm-chart.outputs.app-version }}
+          images: ${{ matrix.image }}
+          # Automatically prepare image tags; See action docs for more examples. 
+          # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=raw,value=latest
+            type=semver,pattern={{version}},value=${{ needs.release-helm-chart.outputs.app-version }}
+            type=semver,pattern={{major}},value=${{ needs.release-helm-chart.outputs.app-version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-helm-chart.outputs.app-version }}
 
       - name: Build and push Docker images
         uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
         with:
           context: .
-          file: {{ matrix.dockerfile }}
+          file: ${{ matrix.dockerfile }}
           platforms: linux/amd64, linux/arm64
           pull: true
           push: ${{ github.event_name != 'pull_request' }}

CHANGELOG.md

@@ -1,5 +1,33 @@
 # Changelog
 
+## [1.0.0-rc.1](https://github.com/eclipse-tractusx/policy-hub/compare/v0.1.0...v1.0.0-rc.1) (2024-04-30)
+
+
+### Features
+
+* **bpnl:** add bpnl policy handling ([#116](https://github.com/eclipse-tractusx/policy-hub/issues/116)) ([421202b](https://github.com/eclipse-tractusx/policy-hub/commit/421202b80a8916a0747c39135905eea0479a2540))
+* **helm_db-dependency:** change image tag to get latest minor updates ([a2663c1](https://github.com/eclipse-tractusx/policy-hub/commit/a2663c16e260eb33dd969c36d15a1ea77821efd6))
+* **helm:** change image tag retrieval for fallback to appVersion ([39b5b69](https://github.com/eclipse-tractusx/policy-hub/commit/39b5b6953c0a3c72f10c66ecc71b097144ac02ae))
+* **helm:** change ingress according to TRG-5.04 ([b00b25f](https://github.com/eclipse-tractusx/policy-hub/commit/b00b25f1cd684bddbaf2461c1405db3321a929d8))
+* **helm:** consolidate centralidp configuration ([660ad6f](https://github.com/eclipse-tractusx/policy-hub/commit/660ad6faec42d14a9e5d2f139a6a0488506fb06c))
+* **helm:** move health checks to service ([7b92236](https://github.com/eclipse-tractusx/policy-hub/commit/7b9223693fe7a65a33d01fd25ee7c51fa2f788a5))
+* **helm:** move passwords for db dependency to according section ([26b0b4e](https://github.com/eclipse-tractusx/policy-hub/commit/26b0b4e688742f59ead334253a19d9715d04729d))
+* **helm:** set resource limits ([913c837](https://github.com/eclipse-tractusx/policy-hub/commit/913c837a6750eca2362a6197f67cf60e7a9e1e70))
+* **net8:** upgrade to .net8 ([#102](https://github.com/eclipse-tractusx/policy-hub/issues/102)) ([fb9e3c9](https://github.com/eclipse-tractusx/policy-hub/commit/fb9e3c944bbee02f5800ab99095ffb439bc91dd3)), closes [#19](https://github.com/eclipse-tractusx/policy-hub/issues/19)
+* **policy:** add value check to post endpoint ([#97](https://github.com/eclipse-tractusx/policy-hub/issues/97)) ([2039af0](https://github.com/eclipse-tractusx/policy-hub/commit/2039af081fe41add04518a0932948e989967dbac)), closes [#68](https://github.com/eclipse-tractusx/policy-hub/issues/68)
+* **policy:** policy seeding data update ([#88](https://github.com/eclipse-tractusx/policy-hub/issues/88)) ([10bb931](https://github.com/eclipse-tractusx/policy-hub/commit/10bb931387e93260d84bdacf59f1fcd77b76e169)), closes [#25](https://github.com/eclipse-tractusx/policy-hub/issues/25)
+* **template:** policyhub restrict or operand to access policies ([#107](https://github.com/eclipse-tractusx/policy-hub/issues/107)) ([6a4cacd](https://github.com/eclipse-tractusx/policy-hub/commit/6a4cacd607325fecf08ce567c13b2d3bacd2e636)), closes [#43](https://github.com/eclipse-tractusx/policy-hub/issues/43)
+
+
+### Bug Fixes
+
+* **helm:** fix label and username for external database ([#72](https://github.com/eclipse-tractusx/policy-hub/issues/72)) ([e9817ff](https://github.com/eclipse-tractusx/policy-hub/commit/e9817ffd1d38db9525338e965248f7375a592857))
+
+
+### Miscellaneous Chores
+
+* release 1.0.0-rc.1 ([9f1cb78](https://github.com/eclipse-tractusx/policy-hub/commit/9f1cb78344b742bf7a834369d99720a6ff5eeaff))
+
 ## [0.1.0](https://github.com/eclipse-tractusx/policy-hub/compare/v0.1.0-rc.3...v0.1.0) (2024-03-06)
 
 

charts/policy-hub/Chart.yaml

@@ -20,8 +20,8 @@
 apiVersion: v2
 name: policy-hub
 type: application
-version: 0.1.0
-appVersion: 0.1.0
+version: 1.0.0-rc.1
+appVersion: 1.0.0-rc.1
 description: Helm chart for Policy Hub
 home: https://github.com/eclipse-tractusx/policy-hub
 dependencies:

charts/policy-hub/README.md

@@ -27,7 +27,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: policy-hub
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 0.1.0
+    version: 1.0.0-rc.1
 ```
 
 ## Requirements
@@ -40,48 +40,37 @@ dependencies:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| centralidpAddress | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. |
-| ingress.enabled | bool | `false` | Policy Hub ingress parameters, enable ingress record generation for policy-hub. |
-| ingress.className | string | `"nginx"` |  |
-| ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` |  |
-| ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` |  |
-| ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" | string | `"8m"` |  |
-| ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" | string | `"https://*.example.org"` | Provide CORS allowed origin. |
-| ingress.tls[0] | object | `{"hosts":["policy-hub.example.org"],"secretName":""}` | Provide tls secret. |
-| ingress.tls[0].hosts | list | `["policy-hub.example.org"]` | Provide host for tls secret. |
-| ingress.hosts[0] | object | `{"host":"policy-hub.example.org","paths":[{"path":"/api/policy-hub","pathType":"Prefix"}]}` | Provide default path for the ingress record. |
-| dotnetEnvironment | string | `"Production"` |  |
-| dbConnection.schema | string | `"hub"` |  |
-| dbConnection.sslMode | string | `"Disable"` |  |
-| keycloak.central.authRealm | string | `"CX-Central"` |  |
-| keycloak.central.jwtBearerOptions.requireHttpsMetadata | string | `"true"` |  |
-| keycloak.central.jwtBearerOptions.metadataPath | string | `"/auth/realms/CX-Central/.well-known/openid-configuration"` |  |
-| keycloak.central.jwtBearerOptions.tokenValidationParameters.validIssuerPath | string | `"/auth/realms/CX-Central"` |  |
-| keycloak.central.jwtBearerOptions.tokenValidationParameters.validAudience | string | `"Cl23-CX-Policy-Hub"` |  |
-| keycloak.central.jwtBearerOptions.refreshInterval | string | `"00:00:30"` |  |
-| keycloak.central.tokenPath | string | `"/auth/realms/CX-Central/protocol/openid-connect/token"` |  |
-| keycloak.central.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path |
-| healthChecks.startup.path | string | `"/health/startup"` |  |
-| healthChecks.liveness.path | string | `"/healthz"` |  |
-| healthChecks.readyness.path | string | `"/ready"` |  |
-| policyhub.image | string | `"docker.io/tractusx/policy-hub-service:0.1.0"` |  |
+| policyhub.image.name | string | `"docker.io/tractusx/policy-hub-service"` |  |
+| policyhub.image.tag | string | `""` |  |
 | policyhub.imagePullPolicy | string | `"IfNotPresent"` |  |
-| policyhub.resources | object | `{"requests":{"cpu":"15m","memory":"300M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. |
+| policyhub.resources | object | `{"limits":{"cpu":"45m","memory":"300M"},"requests":{"cpu":"15m","memory":"300M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 | policyhub.logging.businessLogic | string | `"Information"` |  |
 | policyhub.logging.default | string | `"Information"` |  |
+| policyhub.healthChecks.startup.path | string | `"/health/startup"` |  |
 | policyhub.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` |  |
 | policyhub.healthChecks.startup.tags[0].value | string | `"policyhubdb"` |  |
+| policyhub.healthChecks.liveness.path | string | `"/healthz"` |  |
+| policyhub.healthChecks.readyness.path | string | `"/ready"` |  |
 | policyhub.swaggerEnabled | bool | `false` |  |
-| policyhubmigrations.image | string | `"docker.io/tractusx/policy-hub-migrations:0.1.0"` |  |
+| policyhubmigrations.image.name | string | `"docker.io/tractusx/policy-hub-migrations"` |  |
+| policyhubmigrations.image.tag | string | `""` |  |
 | policyhubmigrations.imagePullPolicy | string | `"IfNotPresent"` |  |
-| policyhubmigrations.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. |
+| policyhubmigrations.resources | object | `{"limits":{"cpu":"45m","memory":"105M"},"requests":{"cpu":"15m","memory":"105M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 | policyhubmigrations.seeding.testDataEnvironments | string | `""` |  |
 | policyhubmigrations.seeding.testDataPaths | string | `"Seeder/Data"` |  |
 | policyhubmigrations.logging.default | string | `"Information"` |  |
+| dotnetEnvironment | string | `"Production"` |  |
+| dbConnection.schema | string | `"hub"` |  |
+| dbConnection.sslMode | string | `"Disable"` |  |
 | postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "policy-hub-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. |
+| postgresql.image | object | `{"tag":"15-debian-11"}` | Setting image tag to major to get latest minor updates |
+| postgresql.commonLabels."app.kubernetes.io/version" | string | `"15"` |  |
 | postgresql.auth.username | string | `"hub"` | Non-root username. |
 | postgresql.auth.database | string | `"policy-hub"` | Database name. |
 | postgresql.auth.existingSecret | string | `"{{ .Release.Name }}-phub-postgres"` | Secret containing the passwords for root usernames postgres and non-root username hub. Should not be changed without changing the "phub-postgresSecretName" template as well. |
+| postgresql.auth.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. |
+| postgresql.auth.password | string | `""` | Password for the non-root username 'hub'. Secret-key 'password'. |
+| postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
 | postgresql.architecture | string | `"replication"` |  |
 | postgresql.audit.pgAuditLog | string | `"write, ddl"` |  |
 | postgresql.audit.logLinePrefix | string | `"%m %u %d "` |  |
@@ -90,14 +79,17 @@ dependencies:
 | postgresql.readReplicas.extendedConfiguration | string | `""` | Extended PostgreSQL read only replicas configuration (increase of max_connections recommended - default is 100) |
 | externalDatabase.host | string | `"phub-postgres-ext"` | External PostgreSQL configuration IMPORTANT: non-root db user needs to be created beforehand on external database. And the init script (02-init-db.sql) available in templates/configmap-postgres-init.yaml needs to be executed beforehand. Database host ('-primary' is added as postfix). |
 | externalDatabase.port | int | `5432` | Database port number. |
-| externalDatabase.user | string | `"hub"` | Non-root username for policy-hub. |
+| externalDatabase.username | string | `"hub"` | Non-root username for policy-hub. |
 | externalDatabase.database | string | `"policy-hub"` | Database name. |
 | externalDatabase.password | string | `""` | Password for the non-root username (default 'hub'). Secret-key 'password'. |
 | externalDatabase.existingSecret | string | `"policy-hub-external-db"` | Secret containing the password non-root username, (default 'hub'). |
-| externalDatabase.existingSecretPasswordKey | string | `"password"` | Name of an existing secret key containing the database credentials. |
-| secrets.postgresql.auth.existingSecret.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. |
-| secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'hub'. Secret-key 'password'. |
-| secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
+| centralidp | object | `{"address":"https://centralidp.example.org","authRealm":"CX-Central","jwtBearerOptions":{"metadataPath":"/auth/realms/CX-Central/.well-known/openid-configuration","refreshInterval":"00:00:30","requireHttpsMetadata":"true","tokenValidationParameters":{"validAudience":"Cl23-CX-Policy-Hub","validIssuerPath":"/auth/realms/CX-Central"}},"tokenPath":"/auth/realms/CX-Central/protocol/openid-connect/token","useAuthTrail":true}` | Provide details about centralidp (CX IAM) Keycloak instance. |
+| centralidp.address | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. |
+| centralidp.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path |
+| ingress.enabled | bool | `false` | Policy Hub ingress parameters, enable ingress record generation for policy-hub. |
+| ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. |
+| ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. |
+| ingress.hosts[0] | object | `{"host":"","paths":[{"path":"/api/policy-hub","pathType":"Prefix"}]}` | Provide default path for the ingress record. |
 | portContainer | int | `8080` |  |
 | portService | int | `8080` |  |
 | replicaCount | int | `3` |  |

consortia/argocd-app-templates/appsetup-beta.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/policy-hub
     repoURL: 'https://github.com/eclipse-tractusx/policy-hub.git'
-    targetRevision: policy-hub-1.0.0
+    targetRevision: policy-hub-1.0.0-rc.1
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/policy-hub
     repoURL: 'https://github.com/eclipse-tractusx/policy-hub.git'
-    targetRevision: policy-hub-0.1.0
+    targetRevision: policy-hub-1.0.0-rc.1
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/appsetup-pen.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/policy-hub
     repoURL: 'https://github.com/eclipse-tractusx/policy-hub.git'
-    targetRevision: policy-hub-0.1.0
+    targetRevision: policy-hub-1.0.0-rc.1
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/appsetup-stable.yaml

@@ -29,7 +29,7 @@ spec:
   source:
     path: ''
     repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
-    targetRevision: policy-hub-0.1.0
+    targetRevision: policy-hub-1.0.0-rc.1
     plugin:
       env:
         - name: HELM_VALUES

src/Directory.Build.props

@@ -19,7 +19,7 @@
 
 <Project>
   <PropertyGroup>
-    <VersionPrefix>0.1.0</VersionPrefix>
-    <VersionSuffix></VersionSuffix>
+    <VersionPrefix>1.0.0</VersionPrefix>
+    <VersionSuffix>rc.1</VersionSuffix>
   </PropertyGroup>
 </Project>