feature: create in-mem helm chart (#219)

* feature: create the tractusx-connector-memory chart * pr remarks * pr remarks * increase waiting for negotiation, sometimes takes longer then 2 seconds * Apply suggestions from code review Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com> * pr remarks * Update charts/tractusx-connector-memory/templates/deployment-runtime.yaml Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com> --------- Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com>
eclipse-tractusx · Apr 17, 2023 · ec424a8 · ec424a8
1 parent fd241d0
commit ec424a8
Show file tree

Hide file tree

Showing 58 changed files with 2,883 additions and 199 deletions.
diff --git a/.github/actions/publish-docker-image/action.yml b/.github/actions/publish-docker-image/action.yml
@@ -48,7 +48,6 @@ runs:
     # Login to DockerHub
     #####################
     - name: DockerHub login
-      if: github.event_name != 'pull_request'
       uses: docker/login-action@v2
       with:
         username: ${{ inputs.docker_user }}
@@ -108,7 +107,6 @@ runs:
     # https://github.com/peter-evans/dockerhub-description
     ###############################
     - name: Update Docker Hub description
-      if: github.event_name != 'pull_request'
       uses: peter-evans/dockerhub-description@v3
       with:
         readme-filepath: ${{ inputs.rootDir }}/notice.md

diff --git a/.github/actions/run-deployment-test/action.yml b/.github/actions/run-deployment-test/action.yml
@@ -0,0 +1,103 @@
+#
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Run Deployment Test"
+description: "Build and publish a Docker Image to DockerHub"
+inputs:
+  imagename:
+    required: true
+    description: "name of the docker image, e.g. edc-runtime-memory"
+
+  image_tag:
+    required: false
+    default: "latest"
+    description: "docker image tag, defaults to 'latest'"
+
+  helm_command:
+    required: true
+    description: "command which is executed to install the chart. must also include verification commands, such as 'helm test'"
+
+  rootDir:
+    required: true
+    description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v3.3.0
+
+    - name: Cache ContainerD Image Layers
+      uses: actions/cache@v3
+      with:
+        path: /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs
+        key: ${{ runner.os }}-io.containerd.snapshotter.v1.overlayfs
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3.11.0
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: 'gradle'
+
+    - name: Build docker images
+      shell: bash
+      run: |-
+        ./gradlew -p ${{ inputs.rootDir }} dockerize
+
+    - name: Setup Helm
+      uses: azure/setup-helm@v3.5
+      with:
+        version: v3.8.1
+
+    - name: Setup Kubectl
+      uses: azure/setup-kubectl@v3.2
+
+    - name: Create k8s Kind Cluster
+      uses: helm/kind-action@v1.5.0
+
+    - name: Load images into KinD
+      shell: bash
+      run: |
+        kind get clusters | xargs -n1 kind load docker-image ${{ inputs.imagename }}:${{ inputs.image_tag }} --name
+
+    ###################################################
+    # Install the test infrastructure
+    ###################################################
+    - name: Install Infrastructure
+      shell: bash
+      run: |-
+        helm install infra edc-tests/deployment/src/main/resources/helm/test-infrastructure \
+        --wait-for-jobs --timeout=30s --dependency-update
+
+    - name: Install Runtime
+      shell: bash
+      run: ${{ inputs.helm_command }}
+
+
+    #################
+    ### Tear Down ###
+    #################
+    - name: Destroy the kind cluster
+      if: always()
+      shell: bash
+      run: >-
+        kind get clusters | xargs -n1 kind delete cluster --name
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -55,13 +55,15 @@ jobs:
       SONAR_TOKEN: ${{ steps.secret-presence.outputs.SONAR_TOKEN }}
       GPG_PRIVATE_KEY: ${{ steps.secret-presence.outputs.GPG_PRIVATE_KEY }}
       GPG_PASSPHRASE: ${{ steps.secret-presence.outputs.GPG_PASSPHRASE }}
+      DOCKER_HUB_TOKEN: ${{ steps.secret-presence.outputs.DOCKER_HUB_TOKEN }}
     steps:
       - name: Check whether secrets exist
         id: secret-presence
         run: |
           [ ! -z "${{ secrets.SONAR_TOKEN }}" ] && echo "::set-output name=SONAR_TOKEN::true"
           [ ! -z "${{ secrets.GPG_PRIVATE_KEY }}" ] && echo "::set-output name=GPG_PRIVATE_KEY::true"
           [ ! -z "${{ secrets.GPG_PASSPHRASE }}" ] && echo "::set-output name=GPG_PASSPHRASE::true"
+          [ ! -z "${{ secrets.DOCKER_HUB_TOKEN }}" ] && echo "::set-output name=DOCKER_HUB_TOKEN::true"
           exit 0
 
   build-extensions:
@@ -89,11 +91,13 @@ jobs:
     name: "Create Docker Images for the ControlPlane"
     runs-on: ubuntu-latest
     needs: [ secret-presence ]
+    if: |
+      needs.secret-presence.outputs.DOCKER_HUB_TOKEN
     strategy:
       fail-fast: false
       matrix:
         name:
-          - edc-controlplane-memory
+          - edc-runtime-memory
           - edc-controlplane-memory-hashicorp-vault
           - edc-controlplane-postgresql
           - edc-controlplane-postgresql-hashicorp-vault
@@ -110,8 +114,11 @@ jobs:
           docker_token: ${{ secrets.DOCKER_HUB_TOKEN }}
 
   build-dataplane:
+    name: "Create Docker Images for the DataPlane"
     runs-on: ubuntu-latest
     needs: [ secret-presence ]
+    if: |
+      needs.secret-presence.outputs.DOCKER_HUB_TOKEN
     strategy:
       fail-fast: false
       matrix:
@@ -135,7 +142,7 @@ jobs:
     permissions:
       contents: read
       packages: write
-    needs: [ secret-presence, build-controlplane, build-dataplane, build-extensions ]
+    needs: [ secret-presence, build-extensions ]
 
     # do not run on PR branches, do not run on releases
     if: |

diff --git a/.github/workflows/business-tests.yaml b/.github/workflows/business-tests.yaml
@@ -166,7 +166,6 @@ jobs:
             sleep 5s
 
             # Wait for supporting infrastructure to become ready (control-/data-plane, backend service)
-            kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=backend --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=backend --tail 500 && exit 1 )
             kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=idsdaps --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=idsdaps --tail 500 && exit 1 )
             kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=vault --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=vault --tail 500 && exit 1 )
             kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=sokrates-postgresql --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=sokrates-postgresql --tail 500 && exit 1 )

diff --git a/.github/workflows/deploy-test-secrets b/.github/workflows/deploy-test-secrets
@@ -0,0 +1,51 @@
+daps-key:-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCv+NUvK7ppJPiM
+wZPaQQxE745T5pV38O/Mkay5m82nnd5BoMoCdhhRTy3Efy79FhvBfGruFBLLGzsQ
+FOEUY53Albeumo2gmpZSKjJR/M2ifK4MTaRniVOWL5mEcZSKPhsItKpxdLaiYfB6
+8uzqkqNICtmAQRSclYKzLBM9xHLEtxDWCbnzYFCHoOELGi+PTNIFsUnsT3QuKaJ/
+ejb47vdA/EZbwCQdtTyJ6i54jGhZUp0WMwq1Go2uhzJsygPmT2da/ZZZc7BNNEQE
+sUSMZSpMH807TG/TunstotrzO4ShhpV4zbJ2FV/VlxH7yuCawmnR84F/KnXs9fUc
+RSrQfuYBAgMBAAECggEAO+KjsjTgcG3bhBNQnMLsSP15Y0Yicbn18ZlVvaivGS7Z
+d14fwSytY+ZdPfTGaey/L16HCVSdfK9cr0Fbw9OO2P5ajzobnp9dLsMbctlkpbpm
+hNtbarzKTF8QkIkSsuUl0BWjt46vpJ1N+Jl5VO7oUFkY4dPEDvG2lAEY3zlekWDm
+cQeOC/YgpoW4xfRwPPS6QE0w3Q+H5NfNjfz+mSHeItTlVfTKDRliWQLPWeRZFuXh
+FlRFUQnTmEE/9wpIe3Hn7WXJ3fQqcYDzxU7/zwwY9I7bB15SgVHlR0ENDPAD5X8F
+MVZ3EcLlqGBy+WvTWALp6pc8YfhW3fiTWyuamXtNrQKBgQDonsIzBKEOOKdKGW0e
+uyw79ErmnmzkY5nuMrMxrmTA4WKCfJ/YRRA+4sxiltWsIJ3UkHe3OBCSSCdj79hb
+ugb/+UzE70hOdgrct2NUQqbrj3gvsVvU8ZRQgTRMqKpmC0zY7KOMx6NU85z3IvS1
+z5fjszcUv4kLQlldYGSAuqPy+wKBgQDBqIkc8p/wcw7ygo1q/GerNeszfoxiIFp8
+h4RWLVhkwrcXFz30wBlUWuv5/kxU8tmJcmXxe72EmUstd6wvNOAnYwCiile6zQiJ
+vsr1axavZnGOtNGUp6DUAsd2iviBl7IZ7kAcqCrQo4ivGhfHmahH3hmg8wuAMjYB
+8f+FSPgaMwKBgQC7W4tMrjDOFIFhJEOIWfcRvvxI7VcFSNelS76aiDzsQVwnfxr7
+hPzFucQmsBgfUBHvMADMWGK4f1cCnh5kGtwidXgIsjVJxLeQ+EAPkLOCzQZfW3l8
+dKshgD9QcxTzpaxal5ZPAEikVqaZQtVYToCmzCTUGETYBbOWitnH+Qut2wKBgQC6
+Y6DcSLUhc0xOotLDxv1sbu/aVxF8nFEbDD+Vxf0Otc4MnmUWPRHj+8KlkVkcZcR0
+IrP1kThd+EDAGS+TG9wmbIY+6tH3S8HM+eJUBWcHGJ1xUZ1p61DC3Y3nDWiTKlLT
+3Fi+fCkBOHSku4Npq/2odh7Kp0JJd4o9oxJg0VNhuwKBgQDSFn7dqFE0Xmwc40Vr
+0wJH8cPWXKGt7KJENpj894buk2DniLD4w2x874dzTjrOFi6fKxEzbBNA9Rq9UPo8
+u9gKvl/IyWmV0c4zFCNMjRwVdnkMEte/lXcJZ67T4FXZByqAZlhrr/v0FD442Z9B
+AjWFbUiBCFOo+gpAFcQGrkOQHA==
+-----END PRIVATE KEY-----;daps-crt:-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIUXFgjbN7jxGRUDkoUvEwcN3zcew8wDQYJKoZIhvcNAQEL
+BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
+cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0
+bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ
+TjEyMzQwHhcNMjIwNTEwMDc1NzMzWhcNMjMwNTEwMDc1NzMzWjCBkDELMAkGA1UE
+BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK
+DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD
+DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/41S8rumkk+IzBk9pBDETvjlPmlXfw
+78yRrLmbzaed3kGgygJ2GFFPLcR/Lv0WG8F8au4UEssbOxAU4RRjncCVt66ajaCa
+llIqMlH8zaJ8rgxNpGeJU5YvmYRxlIo+Gwi0qnF0tqJh8Hry7OqSo0gK2YBBFJyV
+grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21
+PInqLniMaFlSnRYzCrUaja6HMmzKA+ZPZ1r9lllzsE00RASxRIxlKkwfzTtMb9O6
+ey2i2vM7hKGGlXjNsnYVX9WXEfvK4JrCadHzgX8qdez19RxFKtB+5gECAwEAAaNT
+MFEwHQYDVR0OBBYEFOcHLXRWZjHwexDqtgMGTCN/7aZlMB8GA1UdIwQYMBaAFOcH
+LXRWZjHwexDqtgMGTCN/7aZlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAD2a5kuIdICNXfYLpSe7AIONwZVucaArYtpXBxHEy5lMJsTEJgjZzypd
+iIMU7onEQGVbii6yVNpWfIpJYM4e8ytVdJuk5evclVKZs/lZ2IshLyWFVj+ITh2E
+28X4C/Hnmt4MPBCNowQf71nMp4LEziBgXp54qFV9C+qSTEVdrherRE0PU/zKyX10
+S/P5o42weTHnAO/pBN/8AmL3AymynKVgcPaW46IjjRAuc6kfZWCrYQ0M4+/7Ws5r
+uM55Zae/L+C82OTNNaaK324ogsCkORPeQ23OCrRD8rZJmQ9bpoOGglPminfwEOhB
+UHtyKgmvqCyOV3G/4G93W/xsLV0kxLA=
+-----END CERTIFICATE-----
diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml
@@ -0,0 +1,67 @@
+#
+#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
+#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Deployment Tests"
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+  release:
+    types:
+      - published
+  pull_request:
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+    branches:
+      - '*'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  deployment-test-memory:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3.3.0
+      - uses: ./.github/actions/run-deployment-test
+        name: "Run deployment test using KinD and Helm"
+        with:
+          imagename: edc-runtime-memory
+          rootDir: edc-controlplane/edc-runtime-memory
+          helm_command: |-
+            helm install tx-inmem charts/tractusx-connector-memory \
+            -f charts/tractusx-connector-memory/example.yaml \
+            --set vault.secrets="$(cat ./.github/workflows/deploy-test-secrets)" \
+            --wait-for-jobs --timeout=120s
+            
+            # wait for the pod to become ready
+            kubectl rollout status deployment tx-inmem
+            
+            # execute the helm test
+            helm test tx-inmem
diff --git a/.github/workflows/publish-docker.yaml b/.github/workflows/publish-docker.yaml
@@ -42,7 +42,7 @@ jobs:
       fail-fast: false
       matrix:
         name:
-          - edc-controlplane-memory
+          - edc-runtime-memory
           - edc-controlplane-memory-hashicorp-vault
           - edc-controlplane-postgresql
           - edc-controlplane-postgresql-hashicorp-vault

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -6,7 +6,7 @@ on:
     - cron: "0 0 * * *"
   workflow_dispatch:
   workflow_run:
-    workflows: ["Build"]
+    workflows: [ "Build" ]
     branches:
       - main
       - releases
@@ -24,8 +24,7 @@ jobs:
     outputs:
       value: ${{ steps.git-sha7.outputs.SHA7 }}
     steps:
-      -
-        name: Resolve git 7-chars sha
+      - name: Resolve git 7-chars sha
         id: git-sha7
         run: |
           echo "::set-output name=SHA7::${GITHUB_SHA::7}"
@@ -37,11 +36,9 @@ jobs:
       contents: read
       security-events: write
     steps:
-      -
-        name: Checkout repository
+      - name: Checkout repository
         uses: actions/checkout@v3.3.0
-      -
-        name: Run Trivy vulnerability scanner in repo mode
+      - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
         with:
           scan-type: "config"
@@ -51,8 +48,7 @@ jobs:
           format: "sarif"
           output: "trivy-results-config.sarif"
           severity: "CRITICAL,HIGH"
-      -
-        name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         if: always()
         with:
@@ -69,18 +65,16 @@ jobs:
       fail-fast: false # continue scanning other images although if the other has been vulnerable
       matrix:
         image:
-          - edc-controlplane-memory
+          - edc-runtime-memory
           - edc-controlplane-memory-hashicorp-vault
           - edc-controlplane-postgresql
           - edc-controlplane-postgresql-hashicorp-vault
           - edc-dataplane-azure-vault
           - edc-dataplane-hashicorp-vault
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v3.3.0
-      -
-        name: Run Trivy vulnerability scanner
+      - name: Run Trivy vulnerability scanner
         if: always()
         uses: aquasecurity/trivy-action@master
         with:
@@ -90,8 +84,7 @@ jobs:
           exit-code: "1"
           severity: "CRITICAL,HIGH"
           timeout: "10m0s"
-      -
-        name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy scan results to GitHub Security tab
         if: always()
         uses: github/codeql-action/upload-sarif@v2
         with: