chore: nightly release (#1961)

* chore: nightly release

Signed-off-by: moabu <[email protected]>

* chore: fix chart annotations

Signed-off-by: moabu <[email protected]>

* ci: address workflows security

Signed-off-by: moabu <[email protected]>

---------

Signed-off-by: moabu <[email protected]>

.github/workflows/activate-release.yml

@@ -5,6 +5,8 @@ on:
   pull_request:
     types:
       - closed
+permissions:
+  contents: read
 jobs:
   create_release:
     if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'autorelease:pending')) }}

.github/workflows/build-docs.yml

@@ -28,6 +28,8 @@ on:
 concurrency:
   group: run-once
   cancel-in-progress: false
+permissions:
+  contents: read
 jobs:
   build:
     if: github.repository_owner == 'GluuFederation'

.github/workflows/build-packages.yml

@@ -5,6 +5,8 @@ on:
     tags:
     - 'v**'
     - 'nightly'
+permissions:
+  contents: read
 jobs:
   publish_binary_packages:
     if: github.repository == 'GluuFederation/flex'
@@ -98,7 +100,7 @@ jobs:
       id: run_build
       run: |
          cd flex/
-         sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="v1.2.0" --jans-setup-branch="v1.2.0" -download-exit -yes --keep-downloads --keep-setup -force-download
+         sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="main" --jans-setup-branch="main" -download-exit -yes --keep-downloads --keep-setup -force-download
          cp -r /opt/dist flex-src/opt/
          cp -r /opt/jans flex-src/opt/
          touch flex-src/opt/jans/jans-setup/package

.github/workflows/central_code_quality_check.yml

@@ -21,7 +21,8 @@ on:
       - 'docker-**/version.txt'
       - '**.md'
   workflow_dispatch:
-
+permissions:
+  contents: read
 jobs:
   sonar-scan:
     name: sonar scan

.github/workflows/clean_github_cache.yml

@@ -4,7 +4,8 @@ on:
     types:
       - closed
   workflow_dispatch:
-
+permissions:
+  contents: read
 jobs:
   cleanup:
     runs-on: ubuntu-latest

.github/workflows/codeql-analysis.yml

@@ -9,7 +9,8 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '0 8 * * *'
-
+permissions:
+  contents: read
 jobs:
   analyze:
     name: Analyze

.github/workflows/commit-check.yml

@@ -15,7 +15,8 @@ on:
       - reopened
       - synchronize
   push:
-
+permissions:
+  contents: read
 jobs:
   check-commit-message:
     name: Check Commit Message
@@ -24,7 +25,7 @@ jobs:
       - name: Checkout Project
         uses: actions/checkout@v3
         with:
-          # We need to fetch with a depth of 2 for pull_request so we can do HEAD^2
+          # We need to fetch with a depth of 2 for pull_request, so we can do HEAD^2
           fetch-depth: 2
 
       - uses: actions/setup-node@v3

.github/workflows/delete_workflow_runs.yml

@@ -3,6 +3,8 @@ on:
   schedule:
     - cron: '0 0 */2 * *'
   workflow_dispatch:
+permissions:
+  contents: read
 jobs:
   del_runs:
     runs-on: ubuntu-latest

.github/workflows/docker_build_image.yml

@@ -74,9 +74,9 @@ jobs:
         if: steps.build_docker_image.outputs.build || github.event_name == 'tags'
         run: |
           sudo apt-get update
-          #sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
 
 
@@ -149,11 +149,11 @@ jobs:
         if: github.event_name == 'workflow_dispatch'
         run: |
           sudo apt-get update
-          #sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
-          sudo apt-get install jq
+          sudo apt-get install --ignore-installed jq
 
       - name: Update Build date in Dockerfile
         if: github.event_name == 'workflow_dispatch'

.github/workflows/docker_imagescan.yml

@@ -18,6 +18,8 @@ on:
       - "!docker-**/version.txt"
       - "!**.md"
   workflow_dispatch:
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/label_pr_issues.yml

@@ -13,7 +13,8 @@ on:
       - opened
       - edited
   workflow_dispatch:
-
+permissions:
+  contents: read
 jobs:
   label:
     # This cannot run on forks as the user mo-auto does not have access to forks
@@ -32,11 +33,11 @@ jobs:
       - name: Install dependencies
         run: |
           sudo apt-get update
-          sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
-          sudo apt-get install jq
+          sudo apt-get install --ignore-installed jq
           curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
           echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
           sudo apt update

.github/workflows/test-report.yml

@@ -4,6 +4,8 @@ on:
     workflows: ['Test Linux installer']
     types:
       - completed
+permissions:
+  contents: read
 jobs:
   report:
     runs-on: ubuntu-latest

.github/workflows/test_docker_linux_installer.yml

@@ -11,6 +11,8 @@ on:
       - main
     paths:
       - "flex-linux-setup/**"
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-20.04

.github/workflows/testcases.yml

@@ -15,6 +15,8 @@ on:
       - "pygluu/**"
       - "tests/**"
       - "setup.py"
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/update_janssen_helm_chart.yml

@@ -6,6 +6,8 @@ on:
       - main
     paths:
       - 'charts/gluu/*'
+permissions:
+  contents: read
 jobs:
   createPullRequest:
     runs-on: ubuntu-latest
@@ -23,10 +25,10 @@ jobs:
       - name: Install dependencies
         run: |
           sudo apt-get update
-          sudo python3 -m pip install --upgrade pip
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
-          sudo apt-get install jq
+          sudo apt-get install --ignore-installed jq
 
       - name: install helm-docs
         run: |

.github/workflows/uploadrelease.yml

@@ -12,6 +12,8 @@ on:
         required: false
   schedule:
     - cron: "0 0 * * *"
+permissions:
+  contents: read
 jobs:
   publish:
     name: Publish for ${{ matrix.asset_name }}

admin-ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gluu-admin-ui",
-  "version": "5.2.0",
+  "version": "0.0.0",
   "description": "UI to administer the jans-sever features",
   "keywords": [
     "jans-server",

automation/rancher-partner-charts/questions.yaml

@@ -703,7 +703,7 @@ questions:
 - variable: auth-server.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The Auth Server Image tag"
   label: Auth Server image tag
   group: "Images"
@@ -732,7 +732,7 @@ questions:
 - variable: admin-ui.image.tag
   required: true
   type: string
-  default: "5.2.0-1"
+  default: "0.0.0-nightly"
   description: "The AdminUI Image tag"
   label: AdminUI image tag
   group: "Images"
@@ -761,7 +761,7 @@ questions:
 - variable: auth-server-key-rotation.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The Auth Server Image tag"
   label: Auth Server KeyRotation image tag
   group: "Images"
@@ -790,7 +790,7 @@ questions:
 - variable: casa.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The Casa Image tag"
   label: Casa image tag
   group: "Images"
@@ -819,7 +819,7 @@ questions:
 - variable: config.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The Configurator Image tag"
   label: Configurator image tag
   group: "Images"
@@ -848,7 +848,7 @@ questions:
 - variable: config-api.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The ConfigAPI Image tag"
   label: ConfigAPI image tag
   group: "Images"
@@ -877,7 +877,7 @@ questions:
 - variable: fido2.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The Fido2 Image tag"
   label: Fido2 image tag
   group: "Images"
@@ -906,7 +906,7 @@ questions:
 - variable: persistence.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The Persistence Image tag"
   label: Persistence image tag
   group: "Images"
@@ -935,7 +935,7 @@ questions:
 - variable: scim.image.tag
   required: true
   type: string
-  default: "1.2.0-1"
+  default: "0.0.0-nightly"
   description: "The SCIM Image tag"
   label: SCIM image tag
   group: "Images"

charts/gluu-all-in-one/Chart.yaml

@@ -3,13 +3,13 @@ annotations:
   artifacthub.io/containsSecurityUpdates: 'true'
   artifacthub.io/images: |
     - name: all-in-one
-      image: ghcr.io/gluufederation/flex/flex-all-in-one:1.2.0-1
+      image: ghcr.io/gluufederation/flex/flex-all-in-one:0.0.0-nightly
   artifacthub.io/license: Apache-2.0
   catalog.cattle.io/certified: partner
   catalog.cattle.io/release-name: gluu-all-in-one
   catalog.cattle.io/display-name: Gluu Flex Cloud Identity and Access Management All-in-One
 apiVersion: v2
-appVersion: "5.2.0"
+appVersion: "0.0.0-nightly"
 icon: >-
   https://gluu.org/docs/gluu-server/favicon.ico
 home: https://docs.gluu.org
@@ -21,4 +21,4 @@ maintainers:
     email: [email protected]
 description: Gluu Access and Identity Management All-in-One Chart. This chart deploys the selected janssen microservice all in one deployment.
 name: gluu-all-in-one
-version: 5.2.0
+version: 0.0.0-nightly

charts/gluu-all-in-one/README.md

@@ -1,6 +1,6 @@
 # gluu-all-in-one
 
-![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: 5.2.0](https://img.shields.io/badge/AppVersion-5.2.0-informational?style=flat-square)
+![Version: 0.0.0-nightly](https://img.shields.io/badge/Version-0.0.0--nightly-informational?style=flat-square) ![AppVersion: 0.0.0-nightly](https://img.shields.io/badge/AppVersion-0.0.0--nightly-informational?style=flat-square)
 
 Gluu Access and Identity Management All-in-One Chart. This chart deploys the selected janssen microservice all in one deployment.
 
@@ -35,7 +35,7 @@ Kubernetes: `>=v1.22.0-0`
 | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
 | alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress |
 | auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRegister":false,"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedToken":false,"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"authzenAdditionalAnnotations":{},"authzenConfigEnabled":true,"authzenConfigLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false}` | Parameters used globally across all services helm charts. |
-| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.2.0-1"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"0.0.0-nightly"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
 | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | auth-server-key-rotation.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. |
@@ -46,7 +46,7 @@ Kubernetes: `>=v1.22.0-0`
 | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/certmanager"` | Image  to use for deploying. |
-| auth-server-key-rotation.image.tag | string | `"1.2.0-1"` | Image  tag to use for deploying. |
+| auth-server-key-rotation.image.tag | string | `"0.0.0-nightly"` | Image  tag to use for deploying. |
 | auth-server-key-rotation.initKeysLife | int | `48` | The initial auth server key rotation keys life in hours |
 | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours |
 | auth-server-key-rotation.keysPushDelay | int | `0` | Delay (in seconds) before pushing private keys to Auth server |
@@ -278,7 +278,7 @@ Kubernetes: `>=v1.22.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"ghcr.io/gluufederation/flex/flex-all-in-one"` | Image  to use for deploying. |
-| image.tag | string | `"1.2.0-1"` | Image  tag to use for deploying. |
+| image.tag | string | `"0.0.0-nightly"` | Image  tag to use for deploying. |
 | isFqdnRegistered | bool | `false` | Boolean flag to enable mapping lbIp  to fqdn inside pods on clouds that provide static ip for load balancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. |
 | istio.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | istio.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
@@ -287,7 +287,7 @@ Kubernetes: `>=v1.22.0-0`
 | istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. |
 | istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. |
 | istio.tlsSecretName | string | `"istio-tls-certificate"` |  |
-| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":false,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"1.2.0-1"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients |
+| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":false,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"0.0.0-nightly"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients |
 | kc-scheduler.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | kc-scheduler.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | kc-scheduler.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. |
@@ -298,7 +298,7 @@ Kubernetes: `>=v1.22.0-0`
 | kc-scheduler.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | kc-scheduler.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | kc-scheduler.image.repository | string | `"ghcr.io/janssenproject/jans/kc-scheduler"` | Image  to use for deploying. |
-| kc-scheduler.image.tag | string | `"1.2.0-1"` | Image  tag to use for deploying. |
+| kc-scheduler.image.tag | string | `"0.0.0-nightly"` | Image  tag to use for deploying. |
 | kc-scheduler.interval | int | `10` | Interval of running the scheduler (in minutes) |
 | kc-scheduler.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
 | kc-scheduler.resources.limits.cpu | string | `"300m"` | CPU limit. |