From a06f2b31b13d1633c6ec0b8d0c4c3216e434e92e Mon Sep 17 00:00:00 2001
From: jhartmann <jaro.hartmann@doubleslash.de>
Date: Tue, 23 Jul 2024 16:06:00 +0200
Subject: [PATCH 1/4] chore(workflows):[#1222] TRG 4.05 Remove image publish to
 GHCR

---
 .../docker-image-branch_frontend.yml          | 22 ----------
 .../workflows/docker-image-main_backend.yml   | 21 ----------
 .../workflows/docker-image-main_frontend.yml  | 22 ----------
 .../workflows/docker-image-tag-release.yaml   | 42 -------------------
 4 files changed, 107 deletions(-)

diff --git a/.github/workflows/docker-image-branch_frontend.yml b/.github/workflows/docker-image-branch_frontend.yml
index 5589cbf7fb..21686cff20 100644
--- a/.github/workflows/docker-image-branch_frontend.yml
+++ b/.github/workflows/docker-image-branch_frontend.yml
@@ -20,7 +20,6 @@ on:
   pull_request:
 
 env:
-  GHCR_REGISTRY: ghcr.io
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   FRONTEND_IMAGE_DOCKER_HUB: traceability-foss-frontend
 
@@ -41,27 +40,6 @@ jobs:
         with:
           ref: ${{ github.ref }}
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push for GHCR ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.event.pull_request.head.sha }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./frontend/Dockerfile
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.event.pull_request.head.sha }}
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
diff --git a/.github/workflows/docker-image-main_backend.yml b/.github/workflows/docker-image-main_backend.yml
index edee938cec..346f0b58b7 100644
--- a/.github/workflows/docker-image-main_backend.yml
+++ b/.github/workflows/docker-image-main_backend.yml
@@ -24,7 +24,6 @@ on:
 
 
 env:
-  GHCR_REGISTRY: ghcr.io
   JAVA_VERSION: 17
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   BACKEND_IMAGE_DOCKER_HUB: traceability-foss
@@ -47,26 +46,6 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build & Push docker image for GHCR ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ github.sha }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ github.sha }}
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
diff --git a/.github/workflows/docker-image-main_frontend.yml b/.github/workflows/docker-image-main_frontend.yml
index 1ce831c328..b8211c0d67 100644
--- a/.github/workflows/docker-image-main_frontend.yml
+++ b/.github/workflows/docker-image-main_frontend.yml
@@ -22,7 +22,6 @@ on:
     branches: main
 
 env:
-  GHCR_REGISTRY: ghcr.io
   DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   FRONTEND_IMAGE_DOCKER_HUB: traceability-foss-frontend
@@ -42,27 +41,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push to GHCR Registry ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.sha }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./frontend/Dockerfile
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ github.sha }}
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
diff --git a/.github/workflows/docker-image-tag-release.yaml b/.github/workflows/docker-image-tag-release.yaml
index 6a62ab120e..c0aaf0e1a2 100644
--- a/.github/workflows/docker-image-tag-release.yaml
+++ b/.github/workflows/docker-image-tag-release.yaml
@@ -25,7 +25,6 @@ on:
 
 env:
   TAG_NAME: "${{ github.ref_name }}"
-  GHCR_REGISTRY: ghcr.io
   JAVA_VERSION: 17
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
   BACKEND_IMAGE_DOCKER_HUB: traceability-foss
@@ -45,27 +44,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push to GHCR Registry ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ env.TAG_NAME }} and :latest
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./frontend/Dockerfile
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:${{ env.TAG_NAME }}, ${{ env.GHCR_REGISTRY }}/${{ github.repository }}-frontend:latest
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
@@ -121,26 +99,6 @@ jobs:
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
-      - name: Login to GHCR Registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.GHCR_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build & push docker image for GHCR Registry ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.TAG_NAME }}
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER == ''
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:${{ env.TAG_NAME }}, ${{ env.GHCR_REGISTRY }}/${{ github.repository }}:latest
-
       - name: Login to Docker Hub
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}

From 5a98ba03ddf62249c208ab8bf92c0a8f3cee8839 Mon Sep 17 00:00:00 2001
From: jhartmann <jaro.hartmann@doubleslash.de>
Date: Tue, 23 Jul 2024 16:06:53 +0200
Subject: [PATCH 2/4] chore(Docker):[#1222] TRG 4.02 Use minor or major Image
 Tag

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index ef68455762..155c3bfa3b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,7 +39,7 @@ COPY tx-backend tx-backend
 RUN --mount=type=cache,target=/root/.m2 mvn -B clean package -pl :$BUILD_TARGET -am -DskipTests
 
 # Copy the jar and build image
-FROM eclipse-temurin:21-jre-alpine@sha256:23467b3e42617ca197f43f58bc5fb03ca4cb059d68acd49c67128bfded132d67 AS traceability-app
+FROM eclipse-temurin:21-jre-alpine AS traceability-app
 
 ARG UID=10000
 ARG GID=1000

From 0ebcbe3e4f4545b1bc3382bcb66f8076f0e75512 Mon Sep 17 00:00:00 2001
From: jhartmann <jaro.hartmann@doubleslash.de>
Date: Tue, 23 Jul 2024 16:12:33 +0200
Subject: [PATCH 3/4] chore(charts):[#1222] TRG 4.07 Read-only filesystem

---
 .../charts/backend/templates/deployment.yaml                | 6 ++++++
 charts/traceability-foss/values.yaml                        | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/charts/traceability-foss/charts/backend/templates/deployment.yaml b/charts/traceability-foss/charts/backend/templates/deployment.yaml
index 18502238aa..cbc031564a 100644
--- a/charts/traceability-foss/charts/backend/templates/deployment.yaml
+++ b/charts/traceability-foss/charts/backend/templates/deployment.yaml
@@ -164,6 +164,9 @@ spec:
             - name: http-trusted
               containerPort: 8181
               protocol: TCP
+          volumeMounts:
+            - name: tmp
+              mountPath: /tmp
           # @url: https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes
         {{- if .Values.healthCheck.enabled }}
           livenessProbe:
@@ -190,6 +193,9 @@ spec:
         {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: tmp
+          emptyDir: {}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
diff --git a/charts/traceability-foss/values.yaml b/charts/traceability-foss/values.yaml
index 20eeb2dc4d..e5d0061267 100644
--- a/charts/traceability-foss/values.yaml
+++ b/charts/traceability-foss/values.yaml
@@ -207,7 +207,7 @@ backend:
     capabilities:
       drop:
         - ALL
-    readOnlyRootFilesystem: false
+    readOnlyRootFilesystem: true
 
   service:
     type: ClusterIP

From 3867a4f570b2507bddc55cb4dc0b94d8810de953 Mon Sep 17 00:00:00 2001
From: jhartmann <jaro.hartmann@doubleslash.de>
Date: Tue, 23 Jul 2024 16:18:03 +0200
Subject: [PATCH 4/4] chore(docs):[#1222] update changelogs

---
 CHANGELOG.md                          |  2 ++
 charts/traceability-foss/CHANGELOG.md | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35e253c19f..aa0ec3c19b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,8 @@ _**For better traceability add the corresponding GitHub issue number in each cha
 - #1070 Convert png to svg according to TRG 1.04 - Diagrams as code / Editable static files
 - #xxx update IRS chart version from 7.3.1 to 7.4.0
 - XXXX updated publish documentation action
+- #1222 Removed image publishing to GHCR
+- #1222 Adjust backend baseimage in Dockerfile to major version eclipse-temurin:21-jre-alpine
 
 ## [13.0.0 - 19.07.2024]
 
diff --git a/charts/traceability-foss/CHANGELOG.md b/charts/traceability-foss/CHANGELOG.md
index a61fb7c28b..6ffc4cdb7c 100644
--- a/charts/traceability-foss/CHANGELOG.md
+++ b/charts/traceability-foss/CHANGELOG.md
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## Unreleased
+
+### Changed
+
+- #1222 enabled read-only filesystem by default for backend
+
+### Added
+
+- added /tmp volume to backend container
+
 ## [1.3.42] - 2024-07-19
 ### No changes