Merge pull request #15 from catenax-ng/feature/CXAR-921-agent-plane-qg4

feat:cxar 921 agent plane qg4

.github/workflows/build.yml

@@ -18,91 +18,82 @@
 #  SPDX-License-Identifier: Apache-2.0
 #
 
----
 name: "Build"
 
 on:
+  # Runs automatically on main and release branches
   push:
     branches:
       - main
-      - releases
-    tags:
-      - 'v*.*.*'
-      - 'v*.*.*-*'
-  release:
-    types:
-      - published
+      - 'releases/**'
+  # Runs automatically on all code-related PRs to main and release branches
   pull_request:
+    branches:
+      - main
+      - 'releases/**'
     paths-ignore:
       - 'charts/**'
       - 'docs/**'
       - '**/*.md'
-    branches:
-      - '*'
+  # Can be scheduled on all branches and version tags
   workflow_dispatch:
+    tags:
+      - 'v*.*.*'
+      - 'v*.*.*-*'
     branches:
-      - 'releases/**'
+      - '*'
 
+# the docker registry and namespace
 env:
   IMAGE_NAMESPACE: "tractusx"
 
+# If build is triggered several times, e.g., through subsequent pushes
+# into the same PR, cancel the previous runs, see below
 concurrency:
   # cancel only running jobs on pull requests
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+# Actual build/deploy logic
 jobs:
-  pre_job:
-    # continue-on-error: true # Uncomment once integration is finished
-    runs-on: ubuntu-latest
-    # Map a step output to a job output
-    outputs:
-      should_skip: ${{ steps.skip_check.outputs.should_skip }}
-    steps:
-      - id: skip_check
-        uses: fkirc/skip-duplicate-actions@v5
-        with:
-          # All of these options are optional, so you can remove them if you are happy with the defaults
-          concurrent_skipping: 'same_content'
-          skip_after_successful_duplicate: 'true'
-          do_not_skip: '["push", "pull_request", "workflow_dispatch", "schedule"]'
-
-  build_java:
-    name: Build Java
+  # Build maven stuff
+  build:
+    name: Build/Deploy Maven & Docker Artifacts
     runs-on: ubuntu-latest
     permissions: write-all
-    needs: pre_job
-    if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
     strategy:
       fail-fast: false
-
     steps:
+      # Get the Code
       - name: Checkout repository
         uses: actions/checkout@v3
         with:
           submodules: recursive
 
-      # We need to manually instruct maven
+      # Setup build environment
       - uses: ./.github/actions/setup-java
 
+      # Enabled deployment access (if either running on main or a version tag on eclipse-tractusx) 
       - name: Login to GitHub Container Registry
-        if: ${{ (github.repository == 'catenax-ng/product-agents-edc' || github.repository == 'eclipse-tractusx/knowledge-agents-edc') && ( github.ref == 'refs/heads/main' ||  startsWith(github.ref, 'refs/tags/v')) }}
+        if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents-edc' && ( github.ref == 'refs/heads/main' ||  startsWith(github.ref, 'refs/tags/v')) }}
         uses: docker/login-action@v2
         with:
           # Use existing DockerHub credentials present as secrets
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
+      # Run Maven Deploy (if either running on main or a version tag on eclipse-tractusx) 
       - name: Deploy Java via Maven
-        if: ${{ (github.repository == 'catenax-ng/product-agents-edc' || github.repository == 'eclipse-tractusx/knowledge-agents-edc') && ( github.ref == 'refs/heads/main' ||  startsWith(github.ref, 'refs/tags/v')) }}
+        if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents-edc' && ( github.ref == 'refs/heads/main' ||  startsWith(github.ref, 'refs/tags/v')) }}
         run: |
           ./mvnw -s settings.xml deploy
         env:
           GITHUB_ACTOR: ${{ github.actor }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      # Run Maven Install (otherwise)
       - name: Build Java via Maven
-        if: ${{ ( github.repository != 'catenax-ng/product-agents-edc' && github.repository != 'eclipse-tractusx/knowledge-agents-edc') || ( github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/v')) }}
+        if: ${{ github.repository != 'eclipse-tractusx/knowledge-agents-edc' || ( github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/v')) }}
         run: |
           ./mvnw -s settings.xml install
         env:
@@ -115,58 +106,68 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: |
-            ${{ env.IMAGE_NAMESPACE }}/agent-plane-hashicorp
+            ${{ env.IMAGE_NAMESPACE }}/agentplane-hashicorp
           # Automatically prepare image tags; See action docs for more examples. 
           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
           tags: |
-            type=ref,event=branch
-            type=ref,event=pr
+            type=sha,event=branch
+            type=sha,event=pr
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Agent Plane Hashicorp Container Build and push
         uses: docker/build-push-action@v3
         with:
-          context: agent-plane-hashicorp
-          file: agent-plane/agent-plane-hashcorp/src/main/docker/Dockerfile
+          context: agent-plane/agentplane-hashicorp
+          file: agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
           # Build image for verification purposes on every trigger event. Only push if event is not a PR
-          push: ${{ ( github.repository != 'catenax-ng/product-agents-edc' && github.repository != 'eclipse-tractusx/knowledge-agents-edc') || ( github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/v')) }}
+          push: ${{ github.repository == 'eclipse-tractusx/knowledge-agents-edc'  && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }}
           tags: ${{ steps.meta-hash.outputs.tags }}
           labels: ${{ steps.meta-hash.outputs.labels }}
 
+      # Important step to push image description to DockerHub - since this is version independent, we always take it from main
+      - name: Update Docker Hub description for Agent Plane Hashicorp
+        if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents-edc'  && github.ref == 'refs/heads/main' }}
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          readme-filepath: agent-plane/agentplane-hashicorp/README.md 
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/agentplane-hashicorp
+
       # Create SemVer or ref tags dependent of trigger event
       - name: Docker Meta Agent Plane Azure Vault
         id: meta-azr
         uses: docker/metadata-action@v4
         with:
           images: |
-            ${{ env.IMAGE_NAMESPACE }}/agent-plane-azure-vault
+            ${{ env.IMAGE_NAMESPACE }}/agentplane-azure-vault
           # Automatically prepare image tags; See action docs for more examples. 
           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
           tags: |
-            type=ref,event=branch
-            type=ref,event=pr
+            type=sha,event=branch
+            type=sha,event=pr
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Agent Plane Azure Vault Container Build and push
         uses: docker/build-push-action@v3
         with:
-          context: agent-plane/agent-plane-azure-vault/.
-          file: agent-plane/agent-plane-azure-vault/src/main/docker/Dockerfile
+          context: agent-plane/agentplane-azure-vault/.
+          file: agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
           # Build image for verification purposes on every trigger event. Only push if event is not a PR
-          push: ${{ (github.repository == 'catenax-ng/product-agents' || github.repository == 'eclipse-tractusx/knowledge-agents')  && (github.ref == 'refs/heads/main' ||  startsWith(github.ref, 'refs/tags/v')) }}
+          push: ${{ github.repository == 'eclipse-tractusx/knowledge-agents-edc'  && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }}
           tags: ${{ steps.meta-azr.outputs.tags }}
           labels: ${{ steps.meta-azr.outputs.labels }}
 
-
-      # Report unit test output to github job
-      - if: success() || failure()
-        name: Java Test Report
-        uses: dorny/test-reporter@v1
+      # Important step to push image description to DockerHub - since this is version independent, we always take it from main
+      - name: Update Docker Hub description for Agent Plane Azure Vault
+        if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents-edc'  && github.ref == 'refs/heads/main' }}
+        uses: peter-evans/dockerhub-description@v3
         with:
-          name: Test Report Java
-          path: '**/surefire-reports/TEST-*.xml'
-          reporter: java-junit
+          readme-filepath: agent-plane/agentplane-azure-vault/README.md 
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/agentplane-azure-vault

.github/workflows/helm-chart-lint.yml

@@ -21,17 +21,36 @@ name: Lint and Test Charts
 
 # Run chart linting and tests on each pull request
 on:
+  # Runs automatically on pushes and PRs into main and release branches, if changes to the chart have been performed
   push:
     branches:
       - main
-      - releases
+      - 'releases/**'
     paths:
       - .github/workflows/**
       - charts/**
   pull_request:
+    branches:
+      - main
+      - 'releases/**'
     paths:
       - .github/workflows/**
       - charts/**
+  # Can be triggered to investigate upgrades
+  workflow_dispatch:
+    inputs:
+      node_image:
+        description: 'kindest/node image for k8s kind cluster'
+        # k8s version from 3.1 release as default
+        default: 'kindest/node:v1.24.6'
+        required: false
+        type: string
+      upgrade_from:
+        description: 'chart version to upgrade from'
+        # chart version from 3.2 release as default
+        default: 'x.x.x'
+        required: false
+        type: string
 
 jobs:
   lint-test:
@@ -47,10 +66,9 @@ jobs:
         with:
           version: v3.10.3
 
-      # Setup python as a prerequisite for chart linting
       - uses: actions/setup-python@v4
         with:
-          python-version: 3.7
+          python-version: 3.9
 
       - name: Set up chart-testing
         uses: helm/[email protected]
@@ -66,14 +84,3 @@ jobs:
       # run chart linting
       - name: Run chart-testing (lint)
         run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/config/chart-testing-config.yaml
-
-      # Preparing a kind cluster to install and test charts on
-      - name: Create kind cluster
-        uses: helm/[email protected]
-        if: ${{ env.CHART_CHANGED == 'true' }}
-
-      # install the chart to the kind cluster and run helm test
-      # define charts to test with the --charts parameter
-      - name: Run chart-testing (install)
-        run: ct install --charts charts/agent-connector,charts/agent-connector-azure-vault,charts/agent-connector-memory --config charts/config/chart-testing-config.yaml
-        if: ${{ env.CHART_CHANGED == 'true' }}

.github/workflows/helm-chart-release.yml

@@ -20,13 +20,19 @@
 name: Release Charts
 
 on:
+  # May be invoked manually
   workflow_dispatch:
+    branches:
+      - main
+      - 'releases/**'
+  # Or by pushing to the chart dir of some dev/ release branch
   push:
     # prevent unnecessary GH action runs for files outside of charts folder
     paths:
       - 'charts/**'
     branches:
       - main
+      - 'releases/**'
 
 jobs:
   release:

.github/workflows/kics.yml

@@ -22,11 +22,17 @@ name: "KICS"
 
 on:
   push:
-    branches: [main, releases]
+    branches: 
+     - main
+     - 'releases/**'
   pull_request:
-    branches: [main, releases]
+    branches: 
+      - main
+      - 'releases/**'
+
   workflow_dispatch:
 
+  # Since rules may change should run regularily
   schedule:
     - cron: "0 0 * * *"
 

.github/workflows/trivy.yml

@@ -28,11 +28,9 @@ on:
     workflows: [ "Build" ]
     branches:
       - main
-      - releases
-      - release/*
-      - hotfix/*
     tags:
-      - '[0-9]+.[0-9]+.[0-9]+'
+      - 'v*.*.*'
+      - 'v*.*.*-*'
     types:
       - completed
 
@@ -46,8 +44,7 @@ jobs:
       - name: Resolve git 7-chars sha
         id: git-sha7
         run: |
-          echo "SHA7=1.9.5-SNAPSHOT" >> $GITHUB_OUTPUT
-#          echo "SHA7=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+          echo "SHA7=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
 
   trivy-analyze-config:
     runs-on: ubuntu-latest
@@ -93,15 +90,15 @@ jobs:
       - name: "Check if image exists"
         id: imageCheck
         run: |
-          docker manifest inspect tractusx/knowledge-agents-edc/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}
+          docker manifest inspect tractusx/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}
         continue-on-error: true
 
         ## the next two steps will only execute if the image exists check was successful
       - name: Run Trivy vulnerability scanner
         if: success() && steps.imageCheck.outcome != 'failure'
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "tractusx/knowledge-agents-edc/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}"
+          image-ref: "tractusx/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}"
           format: "sarif"
           output: "trivy-results-${{ matrix.image }}.sarif"
           exit-code: "1"

.tractusx

@@ -1,3 +1,22 @@
-product: "Tractus-X Knowledge Agents EDC Extensions"
+###############################################################
+# Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+product: "Tractus-X Knowledge Agents EDC Extensions (KA-EDC)"
 leadingRepository: "https://github.com/eclipse-tractusx/knowledge-agents-edc"
 repositories: []

README.md

@@ -87,9 +87,12 @@ mvn -s settings.xml publish
 
 Deployment can be done
 * via [JAR libraries](https://github.com/orgs/eclipse-tractusx/packages?repo_name=knowledge-agents-edc&ecosystem=maven) copied into your Java runtime
-* via [Docker images](https://github.com/orgs/eclipse-tractusx/packages?repo_name=knowledge-agents-edc&ecosystem=docker) 
+* via [Docker images](https://hub.docker.com/r/tractusx) 
 * via [Helm Charts (Stable Versions)](https://eclipse-tractusx.github.io/charts/stable) or [Helm Charts (Dev Versions)](https://eclipse-tractusx.github.io/charts/stable)
 
 See the [user documentation](docs/README.md) for more detailed deployment information.
 
+### Notice for Docker Images
 
+* [Notice for Agent Data Plane Running Against Hashicorp Vault](agent-plane/agentplane-hashicorp/README.md#notice-for-docker-images)
+* [Notice for Agent Data Plane Running Against Azure Vault](agent-plane/agentplane-azure-vault/README.md#notice-for-docker-images)