From 87602f2e0062bdea2b3d144a2cbc27b83de9e2f1 Mon Sep 17 00:00:00 2001 From: Manas Ranjan Dikshit Date: Fri, 14 Nov 2025 01:36:11 +0530 Subject: [PATCH 1/6] Update config.yaml --- deploy/helm/templates/chatbot/config.yaml | 44 +++++++++++------------ 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/deploy/helm/templates/chatbot/config.yaml b/deploy/helm/templates/chatbot/config.yaml index 94be0c0e..5cea4319 100644 --- a/deploy/helm/templates/chatbot/config.yaml +++ b/deploy/helm/templates/chatbot/config.yaml @@ -6,25 +6,25 @@ metadata: release: {{ .Release.Name }} {{- toYaml .Values.chatbot.config.labels | nindent 4 }} data: - SERVER_PORT: {{ .Values.chatbot.port | quote }} - IDENTITY_SERVICE: {{ .Values.identity.service.name }}:{{ .Values.identity.port }} - WEB_SERVICE: {{ .Values.web.service.name }} - TLS_ENABLED: {{ .Values.tlsEnabled | quote }} - DB_HOST: {{ .Values.postgresdb.service.name }} - DB_USER: {{ .Values.postgresdb.config.postgresUser }} - DB_PASSWORD: {{ .Values.postgresdb.config.postgresPassword }} - DB_NAME: {{ .Values.postgresdb.config.postgresDbName }} - DB_PORT: {{ .Values.postgresdb.port | quote }} - MONGO_DB_HOST: {{ .Values.mongodb.service.name }} - MONGO_DB_PORT: {{ .Values.mongodb.port | quote }} - MONGO_DB_USER: {{ .Values.mongodb.config.mongoUser }} - MONGO_DB_PASSWORD: {{ .Values.mongodb.config.mongoPassword }} - MONGO_DB_NAME: {{ .Values.mongodb.config.mongoDbName }} - CHATBOT_OPENAI_API_KEY: {{ .Values.openAIApiKey }} - DEFAULT_MODEL: {{ .Values.chatbot.config.defaultModel | quote }} - MAX_CONTENT_LENGTH: {{ .Values.chatbot.config.maxContentLength | quote }} - CHROMA_HOST: {{ .Values.chromadb.service.name }} - CHROMA_PORT: {{ .Values.chromadb.port | quote }} - API_USER: {{ .Values.chatbot.config.apiUser | quote }} - API_PASSWORD: {{ .Values.chatbot.config.apiPassword | quote }} - OPENAPI_SPEC: {{ .Values.chatbot.config.openapiSpec | quote }} + SERVER_PORT: {{ .Values.chatbot.port | quote }} + IDENTITY_SERVICE: {{ printf "%s:%s" .Values.identity.service.name .Values.identity.port | quote }} + WEB_SERVICE: {{ .Values.web.service.name | quote }} + TLS_ENABLED: {{ .Values.tlsEnabled | quote }} + DB_HOST: {{ .Values.postgresdb.service.name | quote }} + DB_USER: {{ .Values.postgresdb.config.postgresUser | quote }} + DB_PASSWORD: {{ .Values.postgresdb.config.postgresPassword | quote }} + DB_NAME: {{ .Values.postgresdb.config.postgresDbName | quote }} + DB_PORT: {{ .Values.postgresdb.port | quote }} + MONGO_DB_HOST: {{ .Values.mongodb.service.name | quote }} + MONGO_DB_PORT: {{ .Values.mongodb.port | quote }} + MONGO_DB_USER: {{ .Values.mongodb.config.mongoUser | quote }} + MONGO_DB_PASSWORD: {{ .Values.mongodb.config.mongoPassword | quote }} + MONGO_DB_NAME: {{ .Values.mongodb.config.mongoDbName | quote }} + CHATBOT_OPENAI_API_KEY: {{ .Values.openAIApiKey | quote }} + DEFAULT_MODEL: {{ .Values.chatbot.config.defaultModel | quote }} + MAX_CONTENT_LENGTH: {{ .Values.chatbot.config.maxContentLength | quote }} + CHROMA_HOST: {{ .Values.chromadb.service.name | quote }} + CHROMA_PORT: {{ .Values.chromadb.port | quote }} + API_USER: {{ .Values.chatbot.config.apiUser | quote }} + API_PASSWORD: {{ .Values.chatbot.config.apiPassword | quote }} + OPENAPI_SPEC: {{ .Values.chatbot.config.openapiSpec | quote }} From 8fa5c02086d064c089bea76e4f9b06dabe012493 Mon Sep 17 00:00:00 2001 From: Manas Ranjan Dikshit Date: Fri, 14 Nov 2025 01:37:32 +0530 Subject: [PATCH 2/6] Quote environment variable values in config.yaml --- deploy/helm/templates/community/config.yaml | 28 ++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/deploy/helm/templates/community/config.yaml b/deploy/helm/templates/community/config.yaml index f858c006..3cc1345a 100644 --- a/deploy/helm/templates/community/config.yaml +++ b/deploy/helm/templates/community/config.yaml @@ -8,17 +8,17 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} data: - LOG_LEVEL: {{ .Values.logLevel | upper }} - IDENTITY_SERVICE: {{ .Values.identity.service.name }}:{{ .Values.identity.port }} - DB_HOST: {{ .Values.postgresdb.service.name }} - DB_USER: {{ .Values.postgresdb.config.postgresUser }} - DB_PASSWORD: {{ .Values.postgresdb.config.postgresPassword }} - DB_NAME: {{ .Values.postgresdb.config.postgresDbName }} - DB_PORT: {{ .Values.postgresdb.port | quote }} - MONGO_DB_HOST: {{ .Values.mongodb.service.name }} - MONGO_DB_PORT: {{ .Values.mongodb.port | quote }} - MONGO_DB_USER: {{ .Values.mongodb.config.mongoUser }} - MONGO_DB_PASSWORD: {{ .Values.mongodb.config.mongoPassword }} - MONGO_DB_NAME: {{ .Values.mongodb.config.mongoDbName }} - SERVER_PORT: {{ .Values.community.port | quote }} - TLS_ENABLED: {{ .Values.tlsEnabled | quote }} + LOG_LEVEL: {{ .Values.logLevel | upper | quote }} + IDENTITY_SERVICE: {{ printf "%s:%s" .Values.identity.service.name .Values.identity.port | quote }} + DB_HOST: {{ .Values.postgresdb.service.name | quote }} + DB_USER: {{ .Values.postgresdb.config.postgresUser | quote }} + DB_PASSWORD: {{ .Values.postgresdb.config.postgresPassword | quote }} + DB_NAME: {{ .Values.postgresdb.config.postgresDbName | quote }} + DB_PORT: {{ .Values.postgresdb.port | quote }} + MONGO_DB_HOST: {{ .Values.mongodb.service.name | quote }} + MONGO_DB_PORT: {{ .Values.mongodb.port | quote }} + MONGO_DB_USER: {{ .Values.mongodb.config.mongoUser | quote }} + MONGO_DB_PASSWORD: {{ .Values.mongodb.config.mongoPassword | quote }} + MONGO_DB_NAME: {{ .Values.mongodb.config.mongoDbName | quote }} + SERVER_PORT: {{ .Values.community.port | quote }} + TLS_ENABLED: {{ .Values.tlsEnabled | quote }} From e850499f949afa5472f8ce977f16466e6fc6cff9 Mon Sep 17 00:00:00 2001 From: Manas Ranjan Dikshit Date: Fri, 14 Nov 2025 01:38:06 +0530 Subject: [PATCH 3/6] Quote all values in identity config.yaml --- deploy/helm/templates/identity/config.yaml | 38 +++++++++++----------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/deploy/helm/templates/identity/config.yaml b/deploy/helm/templates/identity/config.yaml index 98046df2..e453ba94 100644 --- a/deploy/helm/templates/identity/config.yaml +++ b/deploy/helm/templates/identity/config.yaml @@ -8,32 +8,32 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} data: - LOG_LEVEL: {{ .Values.logLevel | upper }} - JWT_SECRET: {{ .Values.jwtSecret }} #Used for creating a JWT. Can be anything - APP_NAME: {{ .Values.identity.config.appName }} + LOG_LEVEL: {{ .Values.logLevel | upper | quote }} + JWT_SECRET: {{ .Values.jwtSecret | quote }} # Used for creating a JWT. Can be anything + APP_NAME: {{ .Values.identity.config.appName | quote }} ENABLE_SHELL_INJECTION: {{ .Values.enableShellInjection | quote }} ENABLE_LOG4J: {{ .Values.enableLog4j | quote }} - DB_HOST: {{ .Values.postgresdb.service.name }} - DB_USER: {{ .Values.postgresdb.config.postgresUser }} - DB_PASSWORD: {{ .Values.postgresdb.config.postgresPassword }} - DB_NAME: {{ .Values.postgresdb.config.postgresDbName }} + DB_HOST: {{ .Values.postgresdb.service.name | quote }} + DB_USER: {{ .Values.postgresdb.config.postgresUser | quote }} + DB_PASSWORD: {{ .Values.postgresdb.config.postgresPassword | quote }} + DB_NAME: {{ .Values.postgresdb.config.postgresDbName | quote }} DB_PORT: {{ .Values.postgresdb.port | quote }} - MAILHOG_HOST: {{ .Values.mailhog.smtpService.name }} + MAILHOG_HOST: {{ .Values.mailhog.smtpService.name | quote }} MAILHOG_PORT: {{ .Values.mailhog.smtpPort | quote }} - MAILHOG_DOMAIN: {{ .Values.identity.config.mailhogDomain }} - SMTP_HOST: {{ .Values.identity.config.smtpHost}} + MAILHOG_DOMAIN: {{ .Values.identity.config.mailhogDomain | quote }} + SMTP_HOST: {{ .Values.identity.config.smtpHost | quote }} SMTP_PORT: {{ .Values.identity.config.smtpPort | quote }} - SMTP_EMAIL: {{ .Values.identity.config.smtpEmail }} - SMTP_PASS: {{ .Values.identity.config.smtpPass }} - SMTP_FROM: {{ .Values.identity.config.smtpFrom }} + SMTP_EMAIL: {{ .Values.identity.config.smtpEmail | quote }} + SMTP_PASS: {{ .Values.identity.config.smtpPass | quote }} + SMTP_FROM: {{ .Values.identity.config.smtpFrom | quote }} SMTP_AUTH: {{ .Values.identity.config.smtpAuth | quote }} JWT_EXPIRATION: {{ .Values.jwtExpiration | quote }} SMTP_STARTTLS: {{ .Values.identity.config.smtpStartTLS | quote }} SERVER_PORT: {{ .Values.identity.port | quote }} - API_GATEWAY_URL: {{ if .Values.apiGatewayServiceInstall }}"https://{{ .Values.apiGatewayService.service.name }}"{{ else }}{{ .Values.apiGatewayServiceUrl }}{{ end }} + API_GATEWAY_URL: {{ if .Values.apiGatewayServiceInstall }}"https://{{ .Values.apiGatewayService.service.name }}"{{ else }}{{ .Values.apiGatewayServiceUrl | quote }}{{ end }} TLS_ENABLED: {{ .Values.tlsEnabled | quote }} - TLS_KEYSTORE_TYPE: {{ .Values.identity.config.keyStoreType }} - TLS_KEYSTORE: {{ .Values.identity.config.keyStore }} - TLS_KEYSTORE_PASSWORD: {{ .Values.identity.config.keyStorePassword }} - TLS_KEY_PASSWORD: {{ .Values.identity.config.keyPassword }} - TLS_KEY_ALIAS: {{ .Values.identity.config.keyAlias }} + TLS_KEYSTORE_TYPE: {{ .Values.identity.config.keyStoreType | quote }} + TLS_KEYSTORE: {{ .Values.identity.config.keyStore | quote }} + TLS_KEYSTORE_PASSWORD: {{ .Values.identity.config.keyStorePassword | quote }} + TLS_KEY_PASSWORD: {{ .Values.identity.config.keyPassword | quote }} + TLS_KEY_ALIAS: {{ .Values.identity.config.keyAlias | quote }} From 07fe96bc884738ad7b547938720561d444e77b27 Mon Sep 17 00:00:00 2001 From: Manas Ranjan Dikshit Date: Fri, 14 Nov 2025 01:38:32 +0530 Subject: [PATCH 4/6] Quote Mongo URI and Mailhog storage values --- deploy/helm/templates/mailhog/config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/helm/templates/mailhog/config.yaml b/deploy/helm/templates/mailhog/config.yaml index 127fb66c..a4bd608c 100644 --- a/deploy/helm/templates/mailhog/config.yaml +++ b/deploy/helm/templates/mailhog/config.yaml @@ -6,5 +6,5 @@ metadata: release: {{ .Release.Name }} {{- toYaml .Values.mailhog.config.labels | nindent 4 }} data: - MH_MONGO_URI: {{ .Values.mongodb.config.mongoUri }} - MH_STORAGE: {{ .Values.mailhog.config.mailhogStorage }} + MH_MONGO_URI: {{ .Values.mongodb.config.mongoUri | quote }} + MH_STORAGE: {{ .Values.mailhog.config.mailhogStorage | quote }} From 018f9fa3b91c877a9d4c56bdf99d2973885a9395 Mon Sep 17 00:00:00 2001 From: Manas Ranjan Dikshit Date: Fri, 14 Nov 2025 01:39:05 +0530 Subject: [PATCH 5/6] Refactor service URLs to use printf and quote --- deploy/helm/templates/web/configmap.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/helm/templates/web/configmap.yaml b/deploy/helm/templates/web/configmap.yaml index 41d49846..9ed2c1b7 100644 --- a/deploy/helm/templates/web/configmap.yaml +++ b/deploy/helm/templates/web/configmap.yaml @@ -6,9 +6,9 @@ metadata: release: {{ .Release.Name }} {{- toYaml .Values.web.config.labels | nindent 4 }} data: - COMMUNITY_SERVICE: {{ .Values.community.service.name }}:{{ .Values.community.port }} - IDENTITY_SERVICE: {{ .Values.identity.service.name }}:{{ .Values.identity.port }} - WORKSHOP_SERVICE: {{ .Values.workshop.service.name }}:{{ .Values.workshop.port }} - CHATBOT_SERVICE: {{ .Values.chatbot.service.name }}:{{ .Values.chatbot.port }} - MAILHOG_WEB_SERVICE: {{ .Values.mailhog.webService.name }}:{{ .Values.mailhog.webPort }} + COMMUNITY_SERVICE: {{ printf "%s:%s" .Values.community.service.name .Values.community.port | quote }} + IDENTITY_SERVICE: {{ printf "%s:%s" .Values.identity.service.name .Values.identity.port | quote }} + WORKSHOP_SERVICE: {{ printf "%s:%s" .Values.workshop.service.name .Values.workshop.port | quote }} + CHATBOT_SERVICE: {{ printf "%s:%s" .Values.chatbot.service.name .Values.chatbot.port | quote }} + MAILHOG_WEB_SERVICE: {{ printf "%s:%s" .Values.mailhog.webService.name .Values.mailhog.webPort | quote }} TLS_ENABLED: {{ .Values.tlsEnabled | quote }} From 374494a6178e5c13bfe6837ab8fe89dca5c05103 Mon Sep 17 00:00:00 2001 From: Manas Ranjan Dikshit Date: Mon, 17 Nov 2025 02:34:55 +0530 Subject: [PATCH 6/6] Update pr-build.yml --- .github/workflows/pr-build.yml | 44 ++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index e76aff84..388b4202 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -8,6 +8,13 @@ on: - 'deploy/**' - '.github/workflows/**' workflow_dispatch: + +# ✅ Global permissions so coverage and PR checks can post results when allowed +permissions: + contents: read + pull-requests: write + checks: write + jobs: build-context: runs-on: ubuntu-latest @@ -16,6 +23,7 @@ jobs: env: GITHUB_CONTEXT: ${{ toJson(github) }} run: echo "$GITHUB_CONTEXT" + build: needs: build-context runs-on: ubuntu-latest @@ -68,14 +76,16 @@ jobs: echo "TAG_NAME=${{ steps.branch-name.outputs.base_ref_branch }}" >> ${GITHUB_ENV} echo "TAG_LATEST=${{ steps.branch-name.outputs.base_ref_branch }}" >> ${GITHUB_ENV} - # setup Docker build action + # Docker setup - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v3 + - name: Set up QEMU id: qemu uses: docker/setup-qemu-action@v3 + # Build all service images - name: Build crapi-identity image uses: docker/build-push-action@v3 with: @@ -101,13 +111,13 @@ jobs: - name: Build crapi-chatbot image uses: docker/build-push-action@v3 with: - context: ./services/chatbot - tags: crapi/crapi-chatbot:${{ env.TAG_LATEST }},crapi/crapi-chatbot:${{ env.TAG_NAME }} - push: false - load: true - platforms: linux/amd64 - cache-from: type=gha,scope==chatbot-service - cache-to: type=gha,mode=max,scope=chatbot-service + context: ./services/chatbot + tags: crapi/crapi-chatbot:${{ env.TAG_LATEST }},crapi/crapi-chatbot:${{ env.TAG_NAME }} + push: false + load: true + platforms: linux/amd64 + cache-from: type=gha,scope=chatbot-service + cache-to: type=gha,mode=max,scope=chatbot-service - name: Build crapi-community image uses: docker/build-push-action@v3 @@ -162,12 +172,12 @@ jobs: - name: Cleanup docker before running if: always() continue-on-error: true - run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans + run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans - name: Run crAPI using built images run: | - cd deploy/docker - VERSION=${{ env.TAG_NAME }} docker compose -f docker-compose.yml --compatibility up -d + cd deploy/docker + VERSION=${{ env.TAG_NAME }} docker compose -f docker-compose.yml --compatibility up -d - name: Install Node uses: actions/setup-node@v3 @@ -186,7 +196,7 @@ jobs: - name: Cleanup docker if: always() - run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans + run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans tests: @@ -234,13 +244,9 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v8.0.0 with: - # Require: The version of golangci-lint to use. - # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. - # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. version: v2.2.1 working-directory: services/community - - name: Install system dependencies for workshop run: | sudo apt-get update @@ -275,11 +281,13 @@ jobs: coverage report coverage xml -o coverage.xml + # ✅ Skip coverage comment on forks to avoid HttpError - name: Publish Coverage for workshop + if: github.event.pull_request.head.repo.full_name == github.repository uses: orgoro/coverage@v3.2 with: - coverageFile: services/workshop/coverage.xml - token: ${{ secrets.GITHUB_TOKEN }} + coverageFile: services/workshop/coverage.xml + token: ${{ secrets.GITHUB_TOKEN }} - name: node prettier run: |