OPSEXP-2277 Migration of APS helm chart (#254)

.github/workflows/lint-test.yaml

@@ -67,12 +67,21 @@ jobs:
           username: ${{ secrets.quay_username }}
           password: ${{ secrets.quay_password }}
 
+      - name: Get Activiti License from S3
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACSLICENSE_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_ACSLICENSE_SECRET_ACCESS_KEY }}
+        run: aws s3 cp s3://aps-licenses/single-tenant/activiti.lic /tmp/activiti.lic
+
       - name: Prepare namespace for install
         if: steps.list-changed.outputs.changed == 'true'
         run: |
           kubectl create ns "$INSTALL_NAMESPACE"
           kubectl create secret generic quay-registry-secret --from-file=.dockerconfigjson="${HOME}"/.docker/config.json --type=kubernetes.io/dockerconfigjson -n "$INSTALL_NAMESPACE"
           kubectl create secret generic broker-secret --from-literal=BROKER_URL="failover:(nio://activemq:61616)?timeout=3000" --from-literal=BROKER_USERNAME=admin --from-literal=BROKER_PASSWORD=admin -n "$INSTALL_NAMESPACE"
+          kubectl create secret generic aps-license --from-file=activiti.lic=/tmp/activiti.lic -n "$INSTALL_NAMESPACE"
 
       - name: Prepare charts mocks for testing
         if: steps.list-changed.outputs.changed == 'true'

charts/alfresco-process-services/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/alfresco-process-services/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: alfresco-common
+  repository: https://alfresco.github.io/alfresco-helm-charts/
+  version: 3.1.2
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.8.5
+digest: sha256:246b7e17ba0ec1f58a318abbb41ae6ee7f364dc96ca918b3941f142adc6ed3cf
+generated: "2024-03-20T14:27:16.899283+01:00"

charts/alfresco-process-services/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+description: A Helm chart for Alfresco Process Services
+name: alfresco-process-services
+version: 1.0.0-alpha.0
+appVersion: 24.1.0
+dependencies:
+  - name: alfresco-common
+    version: 3.1.2
+    repository: https://alfresco.github.io/alfresco-helm-charts/
+  - name: postgresql
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 12.8.5
+    tags:
+      - ci
+icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4

charts/alfresco-process-services/README.md

@@ -0,0 +1,122 @@
+# alfresco-process-services
+
+![Version: 1.0.0-alpha.0](https://img.shields.io/badge/Version-1.0.0--alpha.0-informational?style=flat-square) ![AppVersion: 24.1.0](https://img.shields.io/badge/AppVersion-24.1.0-informational?style=flat-square)
+
+A Helm chart for Alfresco Process Services
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.2 |
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.8.5 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| adminApp.affinity | object | `{}` |  |
+| adminApp.environment.ACTIVITI_ADMIN_DATASOURCE_DRIVER | string | `"org.postgresql.Driver"` | Set the JDBC driver Class |
+| adminApp.environment.ACTIVITI_ADMIN_HIBERNATE_DIALECT | string | `"org.hibernate.dialect.PostgreSQLDialect"` | Hibernate dialect (must match the driver) |
+| adminApp.environment.ACTIVITI_ADMIN_REST_APP_HOST | string | `"http://localhost"` | activiti-app address |
+| adminApp.environment.ACTIVITI_ADMIN_REST_APP_PASSWORD | string | `"admin"` | activiti-app password |
+| adminApp.environment.ACTIVITI_ADMIN_REST_APP_PORT | string | `"80"` | activiti-app port |
+| adminApp.environment.ACTIVITI_ADMIN_REST_APP_USERNAME | string | `"[email protected]"` | activiti-app username |
+| adminApp.image.internalPort | int | `8080` |  |
+| adminApp.image.pullPolicy | string | `"IfNotPresent"` |  |
+| adminApp.image.repository | string | `"quay.io/alfresco/alfresco-process-services-admin"` |  |
+| adminApp.image.tag | string | `"24.1.0"` |  |
+| adminApp.ingress.className | string | `"nginx"` |  |
+| adminApp.ingress.maxUploadSize | string | `"5G"` |  |
+| adminApp.ingress.path | string | `"/activiti-admin"` |  |
+| adminApp.livenessProbe.failureThreshold | int | `5` |  |
+| adminApp.livenessProbe.initialDelaySeconds | int | `25` |  |
+| adminApp.livenessProbe.path | string | `"/activiti-admin/"` |  |
+| adminApp.livenessProbe.periodSeconds | int | `10` |  |
+| adminApp.livenessProbe.timeoutSeconds | int | `5` |  |
+| adminApp.nodeSelector | object | `{}` |  |
+| adminApp.podAnnotations | object | `{}` |  |
+| adminApp.podLabels | object | `{}` |  |
+| adminApp.podSecurityContext | object | `{}` |  |
+| adminApp.readinessProbe.failureThreshold | int | `5` |  |
+| adminApp.readinessProbe.initialDelaySeconds | int | `25` |  |
+| adminApp.readinessProbe.path | string | `"/activiti-admin/"` |  |
+| adminApp.readinessProbe.periodSeconds | int | `10` |  |
+| adminApp.readinessProbe.timeoutSeconds | int | `5` |  |
+| adminApp.replicacount | int | `1` |  |
+| adminApp.service.externalPort | int | `80` |  |
+| adminApp.service.name | string | `"aps-admin"` |  |
+| adminApp.service.type | string | `"ClusterIP"` |  |
+| adminApp.tolerations | list | `[]` |  |
+| adminApp.volumeMounts | list | `[]` |  |
+| adminApp.volumes | list | `[]` |  |
+| database.existingConfigMap.keys.url | string | `"DATABASE_URL"` | configmap key where to find the URL of the database |
+| database.existingConfigMap.name | string | `nil` |  |
+| database.existingSecret.keys.password | string | `"DATABASE_PASSWORD"` | Key within the secret holding the database password |
+| database.existingSecret.keys.username | string | `"DATABASE_USERNAME"` | Key within the secret holding the database username |
+| database.existingSecret.name | string | `nil` | Name of a pre-existing secret containing database credentials |
+| database.password | string | `nil` | JDBC password to use to connect to the DB |
+| database.url | object | `{"admin":null,"aps":null}` | JDBC url to connect to the external DB |
+| database.username | string | `nil` | JDBC username to use to connect to the DB |
+| global.alfrescoRegistryPullSecrets | string | `"quay-registry-secret"` |  |
+| ingress.enabled | bool | `true` |  |
+| ingress.hostName | string | `""` |  |
+| ingress.protocol | string | `"http"` |  |
+| license.secretName | string | `nil` |  |
+| processEngine.affinity | object | `{}` |  |
+| processEngine.environment.ACTIVITI_CORS_ALLOWED_HEADERS | string | `"Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token"` | Cross Origin Resource Sharing configuration allowed http headers |
+| processEngine.environment.ACTIVITI_CORS_ALLOWED_METHODS | string | `"GET,POST,HEAD,OPTIONS,PUT,DELETE"` | Cross Origin Resource Sharing configuration allowed http methods |
+| processEngine.environment.ACTIVITI_CORS_ALLOWED_ORIGIN_PATTERNS | string | `"*"` | Cross Origin Resource Sharing configuration allowed origins (list of glob-like patterns) |
+| processEngine.environment.ACTIVITI_CORS_ENABLED | string | `"true"` | Cross Origin Resource Sharing configuration toggle |
+| processEngine.environment.ACTIVITI_CSRF_DISABLED | string | `"true"` | Cross Site Resource Forgery configuration toggle |
+| processEngine.environment.ACTIVITI_DATASOURCE_DRIVER | string | `"org.postgresql.Driver"` | Set the JDBC driver Class |
+| processEngine.environment.ACTIVITI_HIBERNATE_DIALECT | string | `"org.hibernate.dialect.PostgreSQLDialect"` | Hibernate dialect (must match the driver) |
+| processEngine.environment.IDENTITY_CREDENTIALS_SECRET | string | `""` | Alfresco Identity Service application secret |
+| processEngine.environment.IDENTITY_SERVICE_ALWAYS_REFRESH_TOKEN | string | `"true"` | Alfresco Identity Service refresh service token |
+| processEngine.environment.IDENTITY_SERVICE_AUTH | string | `"http://localhost:8080/auth"` | Alfresco Identity Service address |
+| processEngine.environment.IDENTITY_SERVICE_AUTODETECT_BEARER_ONLY | string | `"true"` | Alfresco Identity Service Bearer only toggle |
+| processEngine.environment.IDENTITY_SERVICE_ENABLED | string | `"false"` | Alfresco Identity Service configuration toggle |
+| processEngine.environment.IDENTITY_SERVICE_ENABLE_BASIC_AUTH | string | `"true"` | Alfresco Identity Service allow basic authentication (should only be used over SSL) |
+| processEngine.environment.IDENTITY_SERVICE_PRINCIPAL_ATTRIBUTE | string | `"email"` | Alfresco Identity Service Attribute to map to user login |
+| processEngine.environment.IDENTITY_SERVICE_PUBLIC_CLIENT | string | `"true"` | Alfresco Identity Service public client toggle |
+| processEngine.environment.IDENTITY_SERVICE_REALM | string | `"alfresco"` | Alfresco Identity Service Realm |
+| processEngine.environment.IDENTITY_SERVICE_RESOURCE | string | `"alfresco"` | Alfresco Identity Service resource name to use |
+| processEngine.environment.IDENTITY_SERVICE_SSL_REQUIRED | string | `"none"` | Alfresco Identity Service force using SSL |
+| processEngine.environment.IDENTITY_SERVICE_TOKEN_STORE | string | `"session"` | Alfresco Identity Service token storage configuration |
+| processEngine.environment.IDENTITY_SERVICE_USE_BROWSER_BASED_LOGOUT | string | `"true"` | Alfresco Identity Service browser initiated logout toggle |
+| processEngine.image.internalPort | int | `8080` |  |
+| processEngine.image.pullPolicy | string | `"IfNotPresent"` |  |
+| processEngine.image.repository | string | `"quay.io/alfresco/alfresco-process-services"` |  |
+| processEngine.image.tag | string | `"24.1.0"` |  |
+| processEngine.ingress.className | string | `"nginx"` |  |
+| processEngine.ingress.maxUploadSize | string | `"5G"` |  |
+| processEngine.ingress.path | string | `"/activiti-app"` |  |
+| processEngine.livenessProbe.failureThreshold | int | `5` |  |
+| processEngine.livenessProbe.initialDelaySeconds | int | `25` |  |
+| processEngine.livenessProbe.path | string | `"/activiti-app/app/rest/locale"` |  |
+| processEngine.livenessProbe.periodSeconds | int | `10` |  |
+| processEngine.livenessProbe.timeoutSeconds | int | `5` |  |
+| processEngine.nodeSelector | object | `{}` |  |
+| processEngine.persistence.accessModes[0] | string | `"ReadWriteOnce"` |  |
+| processEngine.persistence.baseSize | string | `"20Gi"` | Initial default size of dynamically provisioned storage |
+| processEngine.persistence.data | object | `{"mountPath":"/usr/local/data","subPath":"alfresco-process-services/process-data"}` | Where to mount data into the container |
+| processEngine.persistence.enabled | bool | `false` | Persist processEngine data |
+| processEngine.persistence.existingClaim | string | `nil` | Define if you want to reuse an already existing PVC |
+| processEngine.persistence.storageClass | string | `nil` | Define if you already have a custom storage class defined for dynamically provisioned storage |
+| processEngine.podAnnotations | object | `{}` |  |
+| processEngine.podLabels | object | `{}` |  |
+| processEngine.podSecurityContext.fsGroup | int | `33007` |  |
+| processEngine.podSecurityContext.runAsGroup | int | `33007` |  |
+| processEngine.podSecurityContext.runAsUser | int | `33007` |  |
+| processEngine.readinessProbe.failureThreshold | int | `5` |  |
+| processEngine.readinessProbe.initialDelaySeconds | int | `25` |  |
+| processEngine.readinessProbe.path | string | `"/activiti-app/app/rest/locale"` |  |
+| processEngine.readinessProbe.periodSeconds | int | `10` |  |
+| processEngine.readinessProbe.timeoutSeconds | int | `5` |  |
+| processEngine.replicaCount | int | `1` |  |
+| processEngine.service.externalPort | int | `80` |  |
+| processEngine.service.name | string | `"aps"` |  |
+| processEngine.service.type | string | `"ClusterIP"` |  |
+| processEngine.tolerations | list | `[]` |  |
+| processEngine.volumeMounts | list | `[]` |  |
+| processEngine.volumes | list | `[]` |  |

charts/alfresco-process-services/README.md.gotmpl

@@ -0,0 +1,16 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/alfresco-process-services/ci/default-values.yaml

@@ -0,0 +1,22 @@
+database:
+  url:
+    aps: postgresql://pg-postgresql-aps:5432/postgres
+    admin: postgresql://pg-postgresql-aps:5432/activiti-admin
+  username: &dbuser alfresco
+  password: &dbpass alfresco-pass
+postgresql:
+  fullnameOverride: pg-postgresql-aps
+  image:
+    tag: 14.9.0
+  auth:
+    username: *dbuser
+    password: *dbpass
+    database: activiti-admin
+license:
+  secretName: aps-license
+processEngine:
+  environment:
+    ACTIVITI_CORS_ALLOWED_ORIGINS: "http://localhost"
+    JAVA_OPTS: "-Dapp.review-workflows.enabled=true"
+tags:
+  ci: true

charts/alfresco-process-services/templates/NOTES.txt

@@ -0,0 +1,12 @@
+Thank you for installing {{ .Chart.Name }}!
+
+     ,---.     ,--------,    ,---.
+   /   0  \   /  .---. /  ,'   ,-'
+  /  .-.  /  /  '---' /   `.  \,
+ /  / /  /  /  / ---'   .-'    /
+`--' `--'  `--'         `-----'
+
+{{ .Release.Name }}, your release of Alfresco Process Service offers the endpoint bellow on your cluster:
+
+Activiti App: {{ .Values.processEngine.ingress.path | default "/" }}
+Admin App: {{ .Values.adminApp.ingress.path | default "/" }}

charts/alfresco-process-services/templates/_helpers-label.tpl

@@ -0,0 +1,19 @@
+{{- define "alfresco-process-services.aps.labels" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "aps" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.labels" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.aps.selectorLabels" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "aps" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.selectorLabels" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.admin.labels" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "admin" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.labels" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.admin.selectorLabels" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "admin" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.selectorLabels" $scope }}
+{{- end }}

charts/alfresco-process-services/templates/_helpers-name.tpl

@@ -0,0 +1,54 @@
+{{- define "alfresco-process-services.deployment-aps.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "aps" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.deployment-admin.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "admin" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.ingress-aps.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "ingress-aps" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.ingress-admin.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "ingress-admin" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.config-aps.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "configmap-aps" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.config-admin.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "configmap-admin" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.database-config-aps.name" -}}
+{{- $ctx := dict "Values" (dict "nameOverride" "database-aps") "Chart" .Chart "Release" .Release }}
+{{- template "alfresco-process-services.fullname" $ctx }}
+{{- end -}}
+
+{{- define "alfresco-process-services.database-config-admin.name" -}}
+{{- $ctx := dict "Values" (dict "nameOverride" "database-admin") "Chart" .Chart "Release" .Release }}
+{{- template "alfresco-process-services.fullname" $ctx }}
+{{- end -}}
+
+{{- define "alfresco-process-services.database-secret.name" -}}
+{{- $ctx := dict "Values" (dict "nameOverride" "database-secret") "Chart" .Chart "Release" .Release }}
+{{- template "alfresco-process-services.fullname" $ctx }}
+{{- end -}}
+
+{{- define "alfresco-process-services.service-aps.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "service-aps" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}
+
+{{- define "alfresco-process-services.service-admin.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "service-admin" ) "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-process-services.fullname" $scope }}
+{{- end }}

charts/alfresco-process-services/templates/_helpers.tpl

@@ -0,0 +1,60 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "alfresco-process-services.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "alfresco-process-services.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create a default fully qualified name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "aps.fullname" -}}
+{{- template "alfresco-process-services.fullname" . }}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "alfresco-process-services.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "alfresco-process-services.labels" -}}
+helm.sh/chart: {{ include "alfresco-process-services.chart" . }}
+{{ include "alfresco-process-services.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: {{ .Chart.Name }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "alfresco-process-services.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "alfresco-process-services.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/alfresco-process-services/templates/config-admin-database.yaml

@@ -0,0 +1,13 @@
+{{- if not .Values.database.existingConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: >-
+    {{ template "alfresco-process-services.database-config-admin.name" . }}
+  labels:
+    {{- include "alfresco-process-services.admin.labels" . | nindent 4 }}
+data:
+  {{- with .Values.database }}
+  DATABASE_URL: {{ hasPrefix "jdbc:" .url.admin | ternary .url.admin (print "jdbc:" .url.admin) }}
+  {{- end }}
+{{- end }}