Merge pull request #254 from bcgov/chore/release

Release COMS v0.8.0

.github/actions/build-push-container/action.yaml

@@ -39,23 +39,23 @@ runs:
         echo "HAS_DOCKERHUB=${{ fromJson(inputs.dockerhub_username != '' && inputs.dockerhub_token != '') }}" >> $GITHUB_ENV
 
     - name: Login to Github Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ env.GH_USERNAME }}
         password: ${{ inputs.github_token }}
 
     - name: Login to Dockerhub Container Registry
       if: env.HAS_DOCKERHUB == 'true'
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: docker.io
         username: ${{ inputs.dockerhub_username }}
         password: ${{ inputs.dockerhub_token }}
 
     - name: Prepare Container Metadata tags
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@v5
       with:
         images: |
           ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}
@@ -74,7 +74,7 @@ runs:
 
     - name: Build and Push to Container Registry
       id: builder
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v5
       with:
         context: ${{ inputs.context }}
         push: true

.github/workflows/codeql-analysis.yaml

@@ -46,7 +46,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -71,4 +71,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/on-pr-closed.yaml

@@ -41,12 +41,12 @@ jobs:
           helm uninstall --namespace ${{ env.NAMESPACE_PREFIX }}-dev pr-${{ github.event.number }} --timeout 10m --wait
           oc delete --namespace ${{ env.NAMESPACE_PREFIX }}-dev cm,secret --selector app.kubernetes.io/instance=pr-${{ github.event.number }}
       - name: Remove Release Comment on PR
-        uses: marocchino/sticky-pull-request-comment@v2
+        uses: marocchino/sticky-pull-request-comment@v2.9.0
         with:
           header: release
           delete: true
       - name: Remove Github Deployment Environment
-        uses: strumwolf/delete-deployment-environment@v2
+        uses: strumwolf/delete-deployment-environment@v3
         with:
           environment: pr
           onlyRemoveDeployments: true

SECURITY.md

@@ -14,8 +14,8 @@ At this time, only the latest version of Common Object Management Service is sup
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.7.0   | :white_check_mark: |
-| < 0.7.x | :x:                |
+| 0.8.0   | :white_check_mark: |
+| < 0.8.x | :x:                |
 
 ## Reporting a Bug
 

app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "common-object-management-service",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "private": true,
   "description": "",
   "author": "NR Common Service Showcase <NR.CommonServiceShowcase@gov.bc.ca>",

bcgovpubcode.yml

@@ -30,7 +30,7 @@ product_information:
 product_technology_information:
   backend_frameworks:
     - name: Express
-      version: 4.18.2
+      version: 4.18.3
     - name: Other
       version: Knex
     - name: Other

charts/coms/Chart.yaml

@@ -3,7 +3,7 @@ name: common-object-management-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.21
+version: 0.0.22
 kubeVersion: ">= 1.13.0"
 description: A microservice for managing access control to S3 Objects
 # A chart can be either an 'application' or a 'library' chart.
@@ -43,6 +43,6 @@ maintainers:
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.7.0"
+appVersion: "0.8.0"
 deprecated: false
 annotations: {}

charts/coms/README.md

@@ -1,6 +1,6 @@
 # common-object-management-service
 
-![Version: 0.0.21](https://img.shields.io/badge/Version-0.0.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square)
+![Version: 0.0.22](https://img.shields.io/badge/Version-0.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square)
 
 A microservice for managing access control to S3 Objects
 
@@ -33,46 +33,46 @@ Kubernetes: `>= 1.13.0`
 | autoscaling.maxReplicas | int | `16` |  |
 | autoscaling.minReplicas | int | `2` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
-| basicAuthSecretOverride.password | string | `nil` |  |
-| basicAuthSecretOverride.username | string | `nil` |  |
+| basicAuthSecretOverride.password | string | `nil` | Basic authentication password |
+| basicAuthSecretOverride.username | string | `nil` | Basic authentication username |
 | config.configMap | object | `{"DB_PORT":"5432","KC_IDENTITYKEY":null,"KC_PUBLICKEY":null,"KC_REALM":null,"KC_SERVERURL":null,"OBJECTSTORAGE_BUCKET":null,"OBJECTSTORAGE_ENDPOINT":null,"OBJECTSTORAGE_KEY":null,"SERVER_LOGLEVEL":"http","SERVER_PORT":"3000","SERVER_TEMP_EXPIRESIN":"300"}` | These values will be wholesale added to the configmap as is; refer to the coms documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
-| config.enabled | bool | `false` |  |
+| config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. |
 | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
-| dbSecretOverride.password | string | `nil` |  |
-| dbSecretOverride.username | string | `nil` |  |
+| dbSecretOverride.password | string | `nil` | Database password |
+| dbSecretOverride.username | string | `nil` | Database username |
 | failurePolicy | string | `"Retry"` |  |
 | features.basicAuth | bool | `false` | Specifies whether basic auth is enabled |
 | features.defaultBucket | bool | `false` | Specifies whether a default bucket is enabled |
 | features.oidcAuth | bool | `false` | Specifies whether oidc auth is enabled |
 | fullnameOverride | string | `nil` | String to fully override fullname |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"docker.io/bcgovimages"` |  |
-| image.tag | string | `nil` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | Default image pull policy |
+| image.repository | string | `"docker.io/bcgovimages"` | Default image repository |
+| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | Specify docker-registry secret names as an array |
-| keycloakSecretOverride.password | string | `nil` |  |
-| keycloakSecretOverride.username | string | `nil` |  |
+| keycloakSecretOverride.password | string | `nil` | Keycloak password |
+| keycloakSecretOverride.username | string | `nil` | Keycloak username |
 | nameOverride | string | `nil` | String to partially override fullname |
 | networkPolicy.enabled | bool | `true` | Specifies whether a network policy should be created |
-| objectStorageSecretOverride.password | string | `nil` |  |
-| objectStorageSecretOverride.username | string | `nil` |  |
-| patroni.enabled | bool | `false` |  |
+| objectStorageSecretOverride.password | string | `nil` | Object storage password |
+| objectStorageSecretOverride.username | string | `nil` | Object storage username |
+| patroni.enabled | bool | `false` | Controls whether to enable managing a Patroni db dependency as a part of the helm release |
 | podAnnotations | object | `{}` | Annotations for coms pods |
-| podSecurityContext | object | `{}` |  |
+| podSecurityContext | object | `{}` | Privilege and access control settings |
 | replicaCount | int | `2` |  |
-| resources.limits.cpu | string | `"200m"` |  |
-| resources.limits.memory | string | `"512Mi"` |  |
-| resources.requests.cpu | string | `"50m"` |  |
-| resources.requests.memory | string | `"128Mi"` |  |
+| resources.limits.cpu | string | `"200m"` | Limit Peak CPU (in millicores ex. 1000m) |
+| resources.limits.memory | string | `"512Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) |
+| resources.requests.cpu | string | `"50m"` | Requested CPU (in millicores ex. 500m) |
+| resources.requests.memory | string | `"128Mi"` | Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi) |
 | route.annotations | object | `{}` | Annotations to add to the route |
 | route.enabled | bool | `true` | Specifies whether a route should be created |
 | route.host | string | `"chart-example.local"` |  |
 | route.tls.insecureEdgeTerminationPolicy | string | `"Redirect"` |  |
 | route.tls.termination | string | `"edge"` |  |
 | route.wildcardPolicy | string | `"None"` |  |
-| securityContext | object | `{}` |  |
-| service.port | int | `3000` |  |
-| service.portName | string | `"http"` |  |
-| service.type | string | `"ClusterIP"` |  |
+| securityContext | object | `{}` | Privilege and access control settings |
+| service.port | int | `3000` | Service port |
+| service.portName | string | `"http"` | Service port name |
+| service.type | string | `"ClusterIP"` | Service type |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.enabled | bool | `false` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |

charts/coms/values.yaml

@@ -5,9 +5,11 @@
 replicaCount: 2
 
 image:
+  # -- Default image repository
   repository: docker.io/bcgovimages
+  # -- Default image pull policy
   pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- Overrides the image tag whose default is the chart appVersion.
   tag: ~
 
 # -- Specify docker-registry secret names as an array
@@ -23,9 +25,11 @@ failurePolicy: Retry
 # -- Annotations for coms pods
 podAnnotations: {}
 
+# -- Privilege and access control settings
 podSecurityContext: {}
   # fsGroup: 2000
 
+# -- Privilege and access control settings
 securityContext: {}
   # capabilities:
   #   drop:
@@ -73,8 +77,11 @@ networkPolicy:
   enabled: true
 
 service:
+  # -- Service type
   type: ClusterIP
+  # -- Service port
   port: 3000
+  # -- Service port name
   portName: http
 
 route:
@@ -97,10 +104,14 @@ resources:
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   limits:
+    # -- Limit Peak CPU (in millicores ex. 1000m)
     cpu: 200m
+    # -- Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi)
     memory: 512Mi
   requests:
+    # -- Requested CPU (in millicores ex. 500m)
     cpu: 50m
+    # -- Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi)
     memory: 128Mi
 
 features:
@@ -112,7 +123,7 @@ features:
   oidcAuth: false
 
 config:
-  # Set to true if you want to let Helm manage and overwrite your configmaps.
+  # -- Set to true if you want to let Helm manage and overwrite your configmaps.
   enabled: false
 
   # -- This should be set to true if and only if you require configmaps and secrets to be release
@@ -154,21 +165,29 @@ config:
 
 # Modify the following variables if you need to acquire secret values from a custom-named resource
 basicAuthSecretOverride:
+  # -- Basic authentication username
   username: ~
+  # -- Basic authentication password
   password: ~
 dbSecretOverride:
+  # -- Database username
   username: ~
+  # -- Database password
   password: ~
 keycloakSecretOverride:
+  # -- Keycloak username
   username: ~
+  # -- Keycloak password
   password: ~
 objectStorageSecretOverride:
+  # -- Object storage username
   username: ~
+  # -- Object storage password
   password: ~
 
 # Patroni subchart configuration overrides
 patroni:
-  # Controls whether to enable managing a Patroni db dependency as a part of the helm release
+  # -- Controls whether to enable managing a Patroni db dependency as a part of the helm release
   enabled: false
 
   # replicaCount: 3