Merge pull request #1278 from eclipse-tractusx/chore/1222-fix-open-trgs

Chore/1222 fix open TRGs
eclipse-tractusx · Jul 23, 2024 · 658d780 · 658d780
2 parents eb293da + 4f1ba97
commit 658d780
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 110 deletions.
diff --git a/.github/workflows/docker-image-branch_frontend.yml b/.github/workflows/docker-image-branch_frontend.yml
@@ -20,7 +20,6 @@ on:
   pull_request:
 
 env:
-  GHCR_REGISTRY: ghcr.io
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   FRONTEND_IMAGE_DOCKER_HUB: traceability-foss-frontend
 
@@ -41,27 +40,6 @@ jobs:
         with:
           ref: ${{ github.ref }}
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push for GHCR ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.event.pull_request.head.sha }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./frontend/Dockerfile
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.event.pull_request.head.sha }}
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}

diff --git a/.github/workflows/docker-image-main_backend.yml b/.github/workflows/docker-image-main_backend.yml
@@ -24,7 +24,6 @@ on:
 
 
 env:
-  GHCR_REGISTRY: ghcr.io
   JAVA_VERSION: 17
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   BACKEND_IMAGE_DOCKER_HUB: traceability-foss
@@ -47,26 +46,6 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build & Push docker image for GHCR ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ github.sha }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ github.sha }}
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}

diff --git a/.github/workflows/docker-image-main_frontend.yml b/.github/workflows/docker-image-main_frontend.yml
@@ -22,7 +22,6 @@ on:
     branches: main
 
 env:
-  GHCR_REGISTRY: ghcr.io
   DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   FRONTEND_IMAGE_DOCKER_HUB: traceability-foss-frontend
@@ -42,27 +41,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push to GHCR Registry ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.sha }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./frontend/Dockerfile
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.sha }}
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}

diff --git a/.github/workflows/docker-image-tag-release.yaml b/.github/workflows/docker-image-tag-release.yaml
@@ -25,7 +25,6 @@ on:
 
 env:
   TAG_NAME: "${{ github.ref_name }}"
-  GHCR_REGISTRY: ghcr.io
   JAVA_VERSION: 17
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   BACKEND_IMAGE_DOCKER_HUB: traceability-foss
@@ -45,27 +44,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push to GHCR Registry ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ env.TAG_NAME }} and :latest
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./frontend/Dockerfile
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ env.TAG_NAME }}, ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:latest
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
@@ -121,26 +99,6 @@ jobs:
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build & push docker image for GHCR Registry ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.TAG_NAME }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.TAG_NAME }}, ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:latest
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,9 +9,15 @@ _**For better traceability add the corresponding GitHub issue number in each cha
 ## [UNRELEASED - DD.MM.YYYY]
 ### Changed
 - #1070 Convert png to svg according to TRG 1.04 - Diagrams as code / Editable static files
-- #XXX update springboot to 3.2.8 from 3.2.5
+
 - #XXX update IRS chart version from 7.3.1 to 7.4.0
 - #XXX updated publish documentation action
+- #1222 Removed image publishing to GHCR
+- #1222 Adjust backend baseimage in Dockerfile to major version eclipse-temurin:21-jre-alpine
+- #XXX update springboot to 3.2.8 from 3.2.5
+
+
+
 
 ## [13.0.0 - 19.07.2024]
 

diff --git a/Dockerfile b/Dockerfile
@@ -39,7 +39,7 @@ COPY tx-backend tx-backend
 RUN --mount=type=cache,target=/root/.m2 mvn -B clean package -pl :$BUILD_TARGET -am -DskipTests
 
 # Copy the jar and build image
-FROM eclipse-temurin:21-jre-alpine@sha256:23467b3e42617ca197f43f58bc5fb03ca4cb059d68acd49c67128bfded132d67 AS traceability-app
+FROM eclipse-temurin:21-jre-alpine AS traceability-app
 
 ARG UID=10000
 ARG GID=1000

diff --git a/charts/traceability-foss/CHANGELOG.md b/charts/traceability-foss/CHANGELOG.md
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## Unreleased
+
+### Changed
+
+- #1222 enabled read-only filesystem by default for backend
+
+### Added
+
+- added /tmp volume to backend container
+
 ## [1.3.42] - 2024-07-19
 ### No changes
 

diff --git a/charts/traceability-foss/charts/backend/templates/deployment.yaml b/charts/traceability-foss/charts/backend/templates/deployment.yaml
@@ -164,6 +164,9 @@ spec:
             - name: http-trusted
               containerPort: 8181
               protocol: TCP
+          volumeMounts:
+            - name: tmp
+              mountPath: /tmp
           # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes
         {{- if .Values.healthCheck.enabled }}
           livenessProbe:
@@ -190,6 +193,9 @@ spec:
         {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: tmp
+          emptyDir: {}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/traceability-foss/values.yaml b/charts/traceability-foss/values.yaml
@@ -207,7 +207,7 @@ backend:
     capabilities:
       drop:
         - ALL
-    readOnlyRootFilesystem: false
+    readOnlyRootFilesystem: true
 
   service:
     type: ClusterIP