Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release COMS v0.8.0 #254

Merged
merged 2 commits into from
Mar 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/actions/build-push-container/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,23 +39,23 @@ runs:
echo "HAS_DOCKERHUB=${{ fromJson(inputs.dockerhub_username != '' && inputs.dockerhub_token != '') }}" >> $GITHUB_ENV

- name: Login to Github Container Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.GH_USERNAME }}
password: ${{ inputs.github_token }}

- name: Login to Dockerhub Container Registry
if: env.HAS_DOCKERHUB == 'true'
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ inputs.dockerhub_username }}
password: ${{ inputs.dockerhub_token }}

- name: Prepare Container Metadata tags
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}
Expand All @@ -74,7 +74,7 @@ runs:

- name: Build and Push to Container Registry
id: builder
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: ${{ inputs.context }}
push: true
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -57,7 +57,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -71,4 +71,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
4 changes: 2 additions & 2 deletions .github/workflows/on-pr-closed.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ jobs:
helm uninstall --namespace ${{ env.NAMESPACE_PREFIX }}-dev pr-${{ github.event.number }} --timeout 10m --wait
oc delete --namespace ${{ env.NAMESPACE_PREFIX }}-dev cm,secret --selector app.kubernetes.io/instance=pr-${{ github.event.number }}
- name: Remove Release Comment on PR
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@v2.9.0
with:
header: release
delete: true
- name: Remove Github Deployment Environment
uses: strumwolf/delete-deployment-environment@v2
uses: strumwolf/delete-deployment-environment@v3
with:
environment: pr
onlyRemoveDeployments: true
Expand Down
4 changes: 2 additions & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ At this time, only the latest version of Common Object Management Service is sup

| Version | Supported |
| ------- | ------------------ |
| 0.7.0 | :white_check_mark: |
| < 0.7.x | :x: |
| 0.8.0 | :white_check_mark: |
| < 0.8.x | :x: |

## Reporting a Bug

Expand Down
4 changes: 2 additions & 2 deletions app/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion app/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "common-object-management-service",
"version": "0.7.0",
"version": "0.8.0",
"private": true,
"description": "",
"author": "NR Common Service Showcase <NR.CommonServiceShowcase@gov.bc.ca>",
Expand Down
2 changes: 1 addition & 1 deletion bcgovpubcode.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ product_information:
product_technology_information:
backend_frameworks:
- name: Express
version: 4.18.2
version: 4.18.3
- name: Other
version: Knex
- name: Other
Expand Down
4 changes: 2 additions & 2 deletions charts/coms/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: common-object-management-service
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.21
version: 0.0.22
kubeVersion: ">= 1.13.0"
description: A microservice for managing access control to S3 Objects
# A chart can be either an 'application' or a 'library' chart.
Expand Down Expand Up @@ -43,6 +43,6 @@ maintainers:
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.7.0"
appVersion: "0.8.0"
deprecated: false
annotations: {}
46 changes: 23 additions & 23 deletions charts/coms/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# common-object-management-service

![Version: 0.0.21](https://img.shields.io/badge/Version-0.0.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square)
![Version: 0.0.22](https://img.shields.io/badge/Version-0.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square)

A microservice for managing access control to S3 Objects

Expand Down Expand Up @@ -33,46 +33,46 @@ Kubernetes: `>= 1.13.0`
| autoscaling.maxReplicas | int | `16` | |
| autoscaling.minReplicas | int | `2` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| basicAuthSecretOverride.password | string | `nil` | |
| basicAuthSecretOverride.username | string | `nil` | |
| basicAuthSecretOverride.password | string | `nil` | Basic authentication password |
| basicAuthSecretOverride.username | string | `nil` | Basic authentication username |
| config.configMap | object | `{"DB_PORT":"5432","KC_IDENTITYKEY":null,"KC_PUBLICKEY":null,"KC_REALM":null,"KC_SERVERURL":null,"OBJECTSTORAGE_BUCKET":null,"OBJECTSTORAGE_ENDPOINT":null,"OBJECTSTORAGE_KEY":null,"SERVER_LOGLEVEL":"http","SERVER_PORT":"3000","SERVER_TEMP_EXPIRESIN":"300"}` | These values will be wholesale added to the configmap as is; refer to the coms documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
| config.enabled | bool | `false` | |
| config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. |
| config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
| dbSecretOverride.password | string | `nil` | |
| dbSecretOverride.username | string | `nil` | |
| dbSecretOverride.password | string | `nil` | Database password |
| dbSecretOverride.username | string | `nil` | Database username |
| failurePolicy | string | `"Retry"` | |
| features.basicAuth | bool | `false` | Specifies whether basic auth is enabled |
| features.defaultBucket | bool | `false` | Specifies whether a default bucket is enabled |
| features.oidcAuth | bool | `false` | Specifies whether oidc auth is enabled |
| fullnameOverride | string | `nil` | String to fully override fullname |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"docker.io/bcgovimages"` | |
| image.tag | string | `nil` | |
| image.pullPolicy | string | `"IfNotPresent"` | Default image pull policy |
| image.repository | string | `"docker.io/bcgovimages"` | Default image repository |
| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | Specify docker-registry secret names as an array |
| keycloakSecretOverride.password | string | `nil` | |
| keycloakSecretOverride.username | string | `nil` | |
| keycloakSecretOverride.password | string | `nil` | Keycloak password |
| keycloakSecretOverride.username | string | `nil` | Keycloak username |
| nameOverride | string | `nil` | String to partially override fullname |
| networkPolicy.enabled | bool | `true` | Specifies whether a network policy should be created |
| objectStorageSecretOverride.password | string | `nil` | |
| objectStorageSecretOverride.username | string | `nil` | |
| patroni.enabled | bool | `false` | |
| objectStorageSecretOverride.password | string | `nil` | Object storage password |
| objectStorageSecretOverride.username | string | `nil` | Object storage username |
| patroni.enabled | bool | `false` | Controls whether to enable managing a Patroni db dependency as a part of the helm release |
| podAnnotations | object | `{}` | Annotations for coms pods |
| podSecurityContext | object | `{}` | |
| podSecurityContext | object | `{}` | Privilege and access control settings |
| replicaCount | int | `2` | |
| resources.limits.cpu | string | `"200m"` | |
| resources.limits.memory | string | `"512Mi"` | |
| resources.requests.cpu | string | `"50m"` | |
| resources.requests.memory | string | `"128Mi"` | |
| resources.limits.cpu | string | `"200m"` | Limit Peak CPU (in millicores ex. 1000m) |
| resources.limits.memory | string | `"512Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) |
| resources.requests.cpu | string | `"50m"` | Requested CPU (in millicores ex. 500m) |
| resources.requests.memory | string | `"128Mi"` | Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi) |
| route.annotations | object | `{}` | Annotations to add to the route |
| route.enabled | bool | `true` | Specifies whether a route should be created |
| route.host | string | `"chart-example.local"` | |
| route.tls.insecureEdgeTerminationPolicy | string | `"Redirect"` | |
| route.tls.termination | string | `"edge"` | |
| route.wildcardPolicy | string | `"None"` | |
| securityContext | object | `{}` | |
| service.port | int | `3000` | |
| service.portName | string | `"http"` | |
| service.type | string | `"ClusterIP"` | |
| securityContext | object | `{}` | Privilege and access control settings |
| service.port | int | `3000` | Service port |
| service.portName | string | `"http"` | Service port name |
| service.type | string | `"ClusterIP"` | Service type |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.enabled | bool | `false` | Specifies whether a service account should be created |
| serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
Expand Down
25 changes: 22 additions & 3 deletions charts/coms/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@
replicaCount: 2

image:
# -- Default image repository
repository: docker.io/bcgovimages
# -- Default image pull policy
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
# -- Overrides the image tag whose default is the chart appVersion.
tag: ~

# -- Specify docker-registry secret names as an array
Expand All @@ -23,9 +25,11 @@ failurePolicy: Retry
# -- Annotations for coms pods
podAnnotations: {}

# -- Privilege and access control settings
podSecurityContext: {}
# fsGroup: 2000

# -- Privilege and access control settings
securityContext: {}
# capabilities:
# drop:
Expand Down Expand Up @@ -73,8 +77,11 @@ networkPolicy:
enabled: true

service:
# -- Service type
type: ClusterIP
# -- Service port
port: 3000
# -- Service port name
portName: http

route:
Expand All @@ -97,10 +104,14 @@ resources:
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
# -- Limit Peak CPU (in millicores ex. 1000m)
cpu: 200m
# -- Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi)
memory: 512Mi
requests:
# -- Requested CPU (in millicores ex. 500m)
cpu: 50m
# -- Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi)
memory: 128Mi

features:
Expand All @@ -112,7 +123,7 @@ features:
oidcAuth: false

config:
# Set to true if you want to let Helm manage and overwrite your configmaps.
# -- Set to true if you want to let Helm manage and overwrite your configmaps.
enabled: false

# -- This should be set to true if and only if you require configmaps and secrets to be release
Expand Down Expand Up @@ -154,21 +165,29 @@ config:

# Modify the following variables if you need to acquire secret values from a custom-named resource
basicAuthSecretOverride:
# -- Basic authentication username
username: ~
# -- Basic authentication password
password: ~
dbSecretOverride:
# -- Database username
username: ~
# -- Database password
password: ~
keycloakSecretOverride:
# -- Keycloak username
username: ~
# -- Keycloak password
password: ~
objectStorageSecretOverride:
# -- Object storage username
username: ~
# -- Object storage password
password: ~

# Patroni subchart configuration overrides
patroni:
# Controls whether to enable managing a Patroni db dependency as a part of the helm release
# -- Controls whether to enable managing a Patroni db dependency as a part of the helm release
enabled: false

# replicaCount: 3
Expand Down
Loading