feat: add asr endpoints, dockerfiles and helm chart (#14)

* add get endpoint for credentials
* add swagger
* add post endpoint to validate json schemas
* add dockerfiles, helm chart and environment configuration
* improve GH workflows
* improve docs

---------

Refs: #4 #6 #7 #11
Co-authored-by: Evelyn Gurschler <[email protected]>
Co-authored-by: Norbert Truchsess <[email protected]>
Reviewed-by: Evelyn Gurschler <[email protected]>
Reviewed-by: Norbert Truchsess <[email protected]>

.github/dependabot.yml

@@ -32,6 +32,11 @@ updates:
     ignore:
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
 
   # Github Actions
   -
@@ -42,6 +47,9 @@ updates:
       - "github-actions"
     schedule:
       interval: "weekly"
+    groups:
+      dependencies:
+        dependency-type: "production"
 
   # Docker
   -
@@ -55,3 +63,6 @@ updates:
     ignore:
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+    groups:
+      dependencies:
+        dependency-type: "production"

.github/workflows/chart-test.yml

@@ -22,11 +22,11 @@ name: Lint and Test Chart
 on:
   push:
     paths:
-      - 'charts/ssi-authority-schema-registry/**'
+      - 'charts/ssi-asr/**'
     branches: [main]
   pull_request:
     paths:
-      - 'charts/ssi-authority-schema-registry/**'
+      - 'charts/ssi-asr/**'
   workflow_dispatch:
     inputs:
       node_image:
@@ -65,7 +65,7 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
-          file: ./docker/Dockerfile-ssi-asr-migrations
+          file: ./docker/Dockerfile-registry-migrations
           push: true
           tags: kind-registry:5000/ssi-authority-schema-registry-migrations:testing
 
@@ -74,7 +74,7 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
-          file: ./docker/Dockerfile-ssi-asr-service
+          file: ./docker/Dockerfile-registry-service
           push: true
           tags: kind-registry:5000/ssi-authority-schema-registry-service:testing
 
@@ -103,7 +103,7 @@ jobs:
         run: ct lint --validate-maintainers=false --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Run chart-testing (install)
-        run: ct install --charts charts/ssi-authority-schema-registry --config charts/chart-testing-config.yaml --helm-extra-set-args "--set service.image.name=kind-registry:5000/ssi-authority-schema-registry-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/ssi-authority-schema-registry-migrations --set migrations.image.tag=testing"
+        run: ct install --charts charts/ssi-asr --config charts/chart-testing-config.yaml --helm-extra-set-args "--set service.image.name=kind-registry:5000/ssi-authority-schema-registry-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/ssi-authority-schema-registry-migrations --set migrations.image.tag=testing"
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
 
       # TODO: uncomment the step after the first stable release
@@ -113,7 +113,7 @@ jobs:
       #   run: |
       #     helm repo add bitnami https://charts.bitnami.com/bitnami
       #     helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
-      #     helm install ssi-asr tractusx-dev/ssi-authority-schema-registry --version ${{ github.event.inputs.upgrade_from || '1.0.0' }} --namespace upgrade --create-namespace
+      #     helm install registry tractusx-dev/ssi-authority-schema-registry --version ${{ github.event.inputs.upgrade_from || '1.0.0' }} --namespace upgrade --create-namespace
       #     helm dependency update charts/ssi-asr
-      #     helm upgrade ssi-asr charts/ssi-asr --set service.image.name=kind-registry:5000/ssi-authority-schema-registry-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/ssi-authority-schema-registry-migrations --set migrations.image.tag=testing --namespace upgrade
+      #     helm upgrade registry charts/ssi-asr --set service.image.name=kind-registry:5000/ssi-authority-schema-registry-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/ssi-authority-schema-registry-migrations --set migrations.image.tag=testing --namespace upgrade
       #   if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'

.github/workflows/codeql.yml

@@ -73,7 +73,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227
+        uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.227
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -87,7 +87,7 @@ jobs:
       # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup.
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227
+        uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.227
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -100,6 +100,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227
+        uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.227
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/kics.yml

@@ -24,7 +24,7 @@ on:
     branches: [main]
   # pull_request:
   # The branches below must be a subset of the branches above
-  # branches: [main, dev]
+  # branches: [main]
   # paths-ignore:
   #   - "**/*.md"
   #   - "**/*.txt"

.github/workflows/migrations-docker.yml

@@ -19,7 +19,7 @@
 
 name: Build Migrations Image
 
-on: 
+on:
   push:
     paths:
       # service and transitive paths
@@ -28,7 +28,7 @@ on:
       # workflow file
       - '.github/workflows/ssi-authority-schema-registry-migrations.yml'
       # dockerfile
-      - 'docker/Dockerfile-ssi-asr-migrations'
+      - 'docker/Dockerfile-registry-migrations'
 
     branches:
       - 'main'
@@ -74,7 +74,7 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
-          file: ./docker/Dockerfile-ssi-asr-migrations
+          file: ./docker/Dockerfile-registry-migrations
           platforms: linux/amd64, linux/arm64
           pull: true
           push: ${{ github.event_name != 'pull_request' }}
@@ -89,4 +89,4 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-          readme-filepath: ./docker/notice-ssi-asr-migrations.md
+          readme-filepath: ./docker/notice-registry-migrations.md

.github/workflows/owasp-zap.yml

@@ -65,7 +65,7 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
-          file: ./docker/Dockerfile-ssi-asr-migrations
+          file: ./docker/Dockerfile-registry-migrations
           push: true
           tags: kind-registry:5000/ssi-authority-schema-registry-migrations:testing
 
@@ -74,7 +74,7 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
-          file: ./docker/Dockerfile-ssi-asr-service
+          file: ./docker/Dockerfile-registry-service
           push: true
           tags: kind-registry:5000/ssi-authority-schema-registry-service:testing
 
@@ -85,11 +85,11 @@ jobs:
 
       - name: Update Helm dependencies
         run: |
-          cd charts/ssi-authority-schema-registry
+          cd charts/ssi-asr
           helm dependency build
 
       - name: Install the chart on KinD cluster
-        run: helm install testing -n apps --create-namespace --wait --set service.image.name=kind-registry:5000/ssi-authority-schema-registry-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/ssi-authority-schema-registry-migrations --set migrations.image.tag=testing
+        run: helm install testing -n apps --create-namespace --wait --set service.image.name=kind-registry:5000/ssi-authority-schema-registry-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/ssi-authority-schema-registry-migrations --set migrations.image.tag=testing --set service.swaggerEnabled=true charts/ssi-asr
 
       - name: Configure port forward to app in KinD
         run: |
@@ -98,7 +98,7 @@ jobs:
           echo "-> IP: $IP_ADDR"
           echo "IP_ADDR=$IP_ADDR" >> $GITHUB_ENV
 
-          POD_NAME=$(kubectl get pods --namespace apps -l "app.kubernetes.io/name=ssi-authority-schema-registry,app.kubernetes.io/instance=testing" -o jsonpath="{.items[0].metadata.name}")
+          POD_NAME=$(kubectl get pods --namespace apps -l "app.kubernetes.io/name=ssi-asr,app.kubernetes.io/instance=testing" -o jsonpath="{.items[0].metadata.name}")
           CONTAINER_PORT=$(kubectl get pod --namespace apps $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
 
           echo "Port-forwarding 0.0.0.0:8080 to $POD_NAME:$CONTAINER_PORT..."
@@ -120,7 +120,7 @@ jobs:
           docker pull ghcr.io/zaproxy/zaproxy:stable -q
 
           echo "Starting ZAP Docker container..."
-          docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t http://$IP_ADDR:8080/api/registry/swagger/v2/swagger.json -f openapi -w report_md.md -r report_html.html -T 1
+          docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t http://$IP_ADDR:8080/api/registry/swagger/v1/swagger.json -f openapi -w report_md.md -r report_html.html -T 1
           
           echo "... done."
 

.github/workflows/release.yml

@@ -21,11 +21,13 @@ name: Release
 
 on:
   workflow_dispatch:
-  push:
-    paths:
-      - 'charts/**'
-    branches:
-      - main
+  # TODO: uncomment after the first release
+  # push:
+  #   paths:
+  #     - 'charts/**'
+  #   branches:
+  #     - 'main'
+  #     - 'release/v*.*.*'
 
 jobs:
   release-helm-chart:
@@ -90,11 +92,11 @@ jobs:
       matrix:
         include:
           - image: tractusx/ssi-authority-schema-registry-service
-            dockerfile: ./docker/Dockerfile-ssi-asr-service
-            dockernotice: ./docker/notice-ssi-asr-service.md
+            dockerfile: ./docker/Dockerfile-registry-service
+            dockernotice: ./docker/notice-registry-service.md
           - image: tractusx/ssi-authority-schema-registry-migrations
-            dockerfile: ./docker/Dockerfile-ssi-asr-migrations
-            dockernotice: ./docker/notice-ssi-asr-migrations.md
+            dockerfile: ./docker/Dockerfile-registry-migrations
+            dockernotice: ./docker/notice-registry-migrations.md
     outputs:
       app-version: ${{ steps.app-version.outputs.current }}
       version-check: ${{ steps.version-check.outputs.exists }}

.github/workflows/release_candidate.yml

@@ -34,11 +34,11 @@ jobs:
       matrix:
         include:
           - image: tractusx/ssi-authority-schema-registry-service
-            dockerfile: ./docker/Dockerfile-ssi-asr-service
-            dockernotice: ./docker/notice-ssi-asr-service.md
+            dockerfile: ./docker/Dockerfile-registry-service
+            dockernotice: ./docker/notice-registry-service.md
           - image: tractusx/ssi-authority-schema-registry-migrations
-            dockerfile: ./docker/Dockerfile-ssi-asr-migrations
-            dockernotice: ./docker/notice-ssi-asr-migrations.md
+            dockerfile: ./docker/Dockerfile-registry-migrations
+            dockernotice: ./docker/notice-registry-migrations.md
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/service-docker.yml

@@ -27,7 +27,7 @@ on:
       # workflow file
       - '.github/workflows/ssi-authority-schema-registry-service.yml'
       # dockerfile
-      - 'docker/Dockerfile-ssi-asr-service'
+      - 'docker/Dockerfile-registry-service'
 
     branches:
       - 'main'
@@ -73,7 +73,7 @@ jobs:
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
-          file: ./docker/Dockerfile-ssi-asr-service
+          file: ./docker/Dockerfile-registry-service
           platforms: linux/amd64, linux/arm64
           pull: true
           push: ${{ github.event_name != 'pull_request' }}
@@ -88,4 +88,4 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-          readme-filepath: ./docker/notice-ssi-asr-service.md
+          readme-filepath: ./docker/notice-registry-service.md

.github/workflows/trivy-main.yml

@@ -20,7 +20,7 @@
 # Depending on the location of your Docker container
 # you need to change the path to the specific Docker registry.
 #
-name: "Trivy Dev"
+name: "Trivy Main"
 
 on:
   push:

.sonarcloud.properties

@@ -0,0 +1 @@
+sonar.cpd.exclusions = src/database/SsiAuthoritySchemaRegistry.Migrations/Migrations/*

DEPENDENCIES

@@ -0,0 +1,47 @@
+nuget/nuget/-/AutoFixture.AutoFakeItEasy/4.18.1, MIT, approved, #10064
+nuget/nuget/-/AutoFixture/4.18.1, MIT, approved, #10057
+nuget/nuget/-/Castle.Core/5.1.1, Apache-2.0, approved, #13966
+nuget/nuget/-/EFCore.NamingConventions/8.0.3, Apache-2.0, approved, #13983
+nuget/nuget/-/FakeItEasy/8.2.0, MIT, approved, #15170
+nuget/nuget/-/Fare/2.1.1, MIT, approved, clearlydefined
+nuget/nuget/-/FluentAssertions/6.12.0, MIT AND Apache-2.0 AND BSD-3-Clause AND CC-BY-3.0-US AND (GPL-2.0-only OR MIT) AND OFL-1.1 AND WTFPL, approved, #13976
+nuget/nuget/-/Flurl.Signed/3.0.6, MIT, approved, #3501
+nuget/nuget/-/Humanizer.Core/2.14.1, MIT, approved, #10060
+nuget/nuget/-/Json.More.Net/2.0.1.2, MIT AND OFL-1.1 AND CC-BY-SA-4.0, approved, #15173
+nuget/nuget/-/JsonPointer.Net/5.0.0, MIT AND OFL-1.1 AND CC-BY-SA-4.0, approved, #15172
+nuget/nuget/-/JsonSchema.Net/7.0.2, MIT AND OFL-1.1 AND CC-BY-SA-4.0, approved, #15171
+nuget/nuget/-/Mono.TextTemplating/2.2.1, MIT, approved, #15073
+nuget/nuget/-/Newtonsoft.Json/13.0.3, MIT AND BSD-3-Clause, approved, #3266
+nuget/nuget/-/Npgsql.EntityFrameworkCore.PostgreSQL/8.0.4, PostgreSQL AND MIT, approved, #13972
+nuget/nuget/-/Npgsql/8.0.3, PostgreSQL, approved, #13963
+nuget/nuget/-/SSH.NET/2023.0.0, MIT AND (MIT AND MS-PL) AND ISC, approved, #13965
+nuget/nuget/-/Serilog.AspNetCore/8.0.1, Apache-2.0 AND MIT, approved, #13967
+nuget/nuget/-/Serilog.Enrichers.CorrelationId/3.0.1, MIT, approved, clearlydefined
+nuget/nuget/-/Serilog.Enrichers.Environment/2.3.0, Apache-2.0, approved, #13959
+nuget/nuget/-/Serilog.Enrichers.Process/2.0.2, Apache-2.0, approved, clearlydefined
+nuget/nuget/-/Serilog.Enrichers.Sensitive/1.7.3, MIT, approved, clearlydefined
+nuget/nuget/-/Serilog.Enrichers.Thread/3.1.0, Apache-2.0, approved, clearlydefined
+nuget/nuget/-/Serilog.Extensions.Hosting/8.0.0, Apache-2.0, approved, #13962
+nuget/nuget/-/Serilog.Extensions.Logging/8.0.0, Apache-2.0, approved, #13985
+nuget/nuget/-/Serilog.Formatting.Compact/2.0.0, Apache-2.0, approved, #13981
+nuget/nuget/-/Serilog.Settings.Configuration/8.0.0, Apache-2.0, approved, #13988
+nuget/nuget/-/Serilog.Sinks.Console/5.0.1, Apache-2.0, approved, #13980
+nuget/nuget/-/Serilog.Sinks.Debug/2.0.0, Apache-2.0, approved, clearlydefined
+nuget/nuget/-/Serilog.Sinks.File/5.0.0, Apache-2.0, approved, #11116
+nuget/nuget/-/Serilog/3.1.1, Apache-2.0, approved, #13978
+nuget/nuget/-/SharpZipLib/1.4.2, MIT AND GFDL-1.3-or-later AND (Apache-2.0 AND MIT) AND WTFPL AND bzip2-1.0.6 AND LicenseRef-Permissive-license-with-conditions AND LicenseRef-Permission-Notice, approved, #10058
+nuget/nuget/-/SshNet.Security.Cryptography/1.3.0, MIT, approved, clearlydefined
+nuget/nuget/-/Swashbuckle.AspNetCore.Swagger/6.5.0, MIT AND Apache-2.0, approved, #7160
+nuget/nuget/-/Swashbuckle.AspNetCore.SwaggerGen/6.5.0, MIT AND Apache-2.0, approved, #7156
+nuget/nuget/-/Swashbuckle.AspNetCore.SwaggerUI/6.5.0, MIT AND Apache-2.0, approved, #7158
+nuget/nuget/-/Swashbuckle.AspNetCore/6.5.0, MIT AND Apache-2.0, approved, #7159
+nuget/nuget/-/Testcontainers.PostgreSql/3.8.0, MIT, approved, #15169
+nuget/nuget/-/Testcontainers/3.8.0, MIT, approved, #15178
+nuget/nuget/-/xunit.abstractions/2.0.3, Apache-2.0, approved, clearlydefined
+nuget/nuget/-/xunit.analyzers/1.11.0, Apache-2.0 AND MIT, approved, #14197
+nuget/nuget/-/xunit.assert/2.7.0, Apache-2.0 AND MIT, approved, #13971
+nuget/nuget/-/xunit.core/2.7.0, Apache-2.0, approved, #13979
+nuget/nuget/-/xunit.extensibility.core/2.7.0, Apache-2.0 AND MIT, approved, #13974
+nuget/nuget/-/xunit.extensibility.execution/2.7.0, Apache-2.0, approved, #13977
+nuget/nuget/-/xunit.runner.visualstudio/2.5.7, Apache-2.0 AND MIT, approved, #10065
+nuget/nuget/-/xunit/2.7.0, Apache-2.0 AND MIT, approved, #13969

README.md

@@ -1,10 +1,10 @@
 # SSI-Authority-Schema-Registry
 
-This repository contains the backend code for the SSI Authority & Schema Registry written in C#.
+This repository contains the backend code for the SSI Authority & Schema Registry (SSI ASR) written in C#.
 
 For **information about the SSI Authority & Schema Registry**, please refer to the documentation, especially the context and scope section in the [architecture documentation](./docs/architecture).
 
-For **installation** details, please refer to the [README.md](./charts/ssi-authority-schema-registry/README.md) of the provided helm chart.
+For **installation** details, please refer to the [README.md](./charts/ssi-asr/README.md) of the provided helm chart.
 
 ## How to build and run
 

charts/chart-testing-config.yaml

@@ -0,0 +1,23 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+validate-maintainers: false
+chart-repos:
+  - bitnami=https://charts.bitnami.com/bitnami
+  - tractusx-dev=https://eclipse-tractusx.github.io/charts/dev

charts/ssi-asr/.helmignore

@@ -0,0 +1,27 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+# Custom dirs and files
+argocd/
+*.gotmpl