diff --git a/.release-please-manifest.json b/.release-please-manifest.json index ef0bac20..855a48c4 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,13 +1,13 @@ { - "packages/auth-bundler": "12.0.0", - "packages/auth-core": "12.0.0", - "packages/auth-openapi": "12.0.0", - "packages/token-openapi": "12.0.0", - "packages/test-utils": "12.0.0", - "apps/auth-cron": "12.0.0", - "apps/auth-manager": "12.0.0", - "apps/token-kiosk": "12.0.0", - "apps/auth-ui": "12.0.0", - "apps/kiosk-ui": "12.0.0", - ".": "12.0.0" + "packages/auth-bundler": "1.13.0", + "packages/auth-core": "1.13.0", + "packages/auth-openapi": "1.13.0", + "packages/token-openapi": "1.13.0", + "packages/test-utils": "1.13.0", + "apps/auth-cron": "1.13.0", + "apps/auth-manager": "1.13.0", + "apps/token-kiosk": "1.13.0", + "apps/auth-ui": "1.13.0", + "apps/kiosk-ui": "1.13.0", + ".": "1.13.0" } diff --git a/apps/auth-cron/src/telemetry/logger.ts b/apps/auth-cron/src/telemetry/logger.ts index 26b1d854..1bde957b 100644 --- a/apps/auth-cron/src/telemetry/logger.ts +++ b/apps/auth-cron/src/telemetry/logger.ts @@ -3,11 +3,10 @@ import { jsLogger } from '@map-colonies/js-logger'; import { setLogger } from '@map-colonies/auth-bundler'; import { getConfig } from '../config'; -const loggerConfig = getConfig().get('telemetry.logger'); - let logger: Logger; export async function initializeLogger(): Promise { + const loggerConfig = getConfig().get('telemetry.logger'); logger = await jsLogger({ ...loggerConfig, prettyPrint: loggerConfig.prettyPrint }); setLogger(logger); diff --git a/apps/auth-manager/helm/values.yaml b/apps/auth-manager/helm/values.yaml index 90add454..39f72b47 100644 --- a/apps/auth-manager/helm/values.yaml +++ b/apps/auth-manager/helm/values.yaml @@ -85,7 +85,7 @@ resources: route: enabled: true - path: / + path: /api host: timeout: enabled: false # defaults to 30s by openshift diff --git a/apps/auth-ui/helm/.helmignore b/apps/auth-ui/helm/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/apps/auth-ui/helm/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/apps/auth-ui/helm/Chart.lock b/apps/auth-ui/helm/Chart.lock deleted file mode 100644 index dddaa122..00000000 --- a/apps/auth-ui/helm/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: mclabels - repository: oci://acrarolibotnonprod.azurecr.io/helm/infra - version: 1.0.1 -digest: sha256:a97237cd8966ab9d4f8c0b8dda2ad110fbff5d485da868124fdce2a5dbbfa208 -generated: "2025-11-20T09:46:27.58388203+02:00" diff --git a/apps/auth-ui/helm/Chart.yaml b/apps/auth-ui/helm/Chart.yaml deleted file mode 100644 index b3f741d0..00000000 --- a/apps/auth-ui/helm/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: auth-ui -description: A Helm chart for auth-ui service -type: application -version: 1.12.0 -appVersion: 1.12.0 -dependencies: - - name: mclabels - version: 1.0.1 - repository: oci://acrarolibotnonprod.azurecr.io/helm/infra diff --git a/apps/auth-ui/helm/templates/_helpers.tpl b/apps/auth-ui/helm/templates/_helpers.tpl deleted file mode 100644 index eedc3dd9..00000000 --- a/apps/auth-ui/helm/templates/_helpers.tpl +++ /dev/null @@ -1,114 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "auth-ui.name" -}} -{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "auth-ui.fullname" -}} -{{- $name := default .Chart.Name }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "auth-ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "auth-ui.labels" -}} -helm.sh/chart: {{ include "auth-ui.chart" . }} -{{ include "auth-ui.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ include "mclabels.labels" . }} -{{- end }} - -{{/* -Returns the tag of the chart. -*/}} -{{- define "auth-ui.tag" -}} -{{- default (printf "v%s" .Chart.AppVersion) .Values.image.tag }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "auth-ui.selectorLabels" -}} -app.kubernetes.io/name: {{ include "auth-ui.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{ include "mclabels.selectorLabels" . }} -{{- end }} - -{{/* -Returns the cloud provider name from global if exists or from the chart's values, defaults to minikube -*/}} -{{- define "auth-ui.cloudProviderFlavor" -}} -{{- if .Values.global.cloudProvider.flavor }} - {{- .Values.global.cloudProvider.flavor -}} -{{- else if .Values.cloudProvider -}} - {{- .Values.cloudProvider.flavor | default "minikube" -}} -{{- else -}} - {{ "minikube" }} -{{- end -}} -{{- end -}} - -{{/* -Returns the cloud provider docker registry url from global if exists or from the chart's values -*/}} -{{- define "auth-ui.cloudProviderDockerRegistryUrl" -}} -{{- if .Values.global.cloudProvider.dockerRegistryUrl }} - {{- printf "%s/" .Values.global.cloudProvider.dockerRegistryUrl -}} -{{- else if .Values.cloudProvider.dockerRegistryUrl -}} - {{- printf "%s/" .Values.cloudProvider.dockerRegistryUrl -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the cloud provider image pull secret name from global if exists or from the chart's values -*/}} -{{- define "auth-ui.cloudProviderImagePullSecretName" -}} -{{- if .Values.global.cloudProvider.imagePullSecretName }} - {{- .Values.global.cloudProvider.imagePullSecretName -}} -{{- else if .Values.cloudProvider.imagePullSecretName -}} - {{- .Values.cloudProvider.imagePullSecretName -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the tracing url from global if exists or from the chart's values -*/}} -{{- define "auth-ui.tracingUrl" -}} -{{- if .Values.global.tracing.url }} - {{- .Values.global.tracing.url -}} -{{- else if .Values.cloudProvider -}} - {{- .Values.env.tracing.url -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the tracing url from global if exists or from the chart's values -*/}} -{{- define "auth-ui.metricsUrl" -}} -{{- if .Values.global.metrics.url }} - {{- .Values.global.metrics.url -}} -{{- else -}} - {{- .Values.env.metrics.url -}} -{{- end -}} -{{- end -}} diff --git a/apps/auth-ui/helm/templates/configmap.yaml b/apps/auth-ui/helm/templates/configmap.yaml deleted file mode 100644 index 4734b4ed..00000000 --- a/apps/auth-ui/helm/templates/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- $chartName := include "auth-ui.name" . -}} -{{- if .Values.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-{{ $chartName }}-configmap -data: - config.json: {{ .Values.config | quote }} -{{- end }} diff --git a/apps/auth-ui/helm/templates/deployment.yaml b/apps/auth-ui/helm/templates/deployment.yaml deleted file mode 100644 index bf40e48c..00000000 --- a/apps/auth-ui/helm/templates/deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- $releaseName := .Release.Name -}} -{{- $chartName := include "auth-ui.name" . -}} -{{- $cloudProviderDockerRegistryUrl := include "auth-ui.cloudProviderDockerRegistryUrl" . -}} -{{- $cloudProviderImagePullSecretName := include "auth-ui.cloudProviderImagePullSecretName" . -}} -{{- $imageTag := include "auth-ui.tag" . -}} -{{- if .Values.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $releaseName }}-{{ $chartName }} - labels: - app: {{ $chartName }} - component: {{ $chartName }} - release: {{ $releaseName }} - {{- include "auth-ui.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ $chartName }} - release: {{ $releaseName }} - run: {{ $releaseName }}-{{ $chartName }} - {{- include "auth-ui.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - app: {{ $chartName }} - release: {{ $releaseName }} - run: {{ $releaseName }}-{{ $chartName }} - {{- include "auth-ui.labels" . | nindent 8 }} - {{- if .Values.resetOnConfigChange }} - annotations: - {{ include "mclabels.annotations" . | nindent 8 }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- if .Values.additionalPodAnnotations }} - {{- toYaml .Values.additionalPodAnnotations | nindent 8}} - {{- end }} - {{- end }} - spec: - {{- if $cloudProviderImagePullSecretName }} - imagePullSecrets: - - name: {{ $cloudProviderImagePullSecretName | quote }} - {{- end }} - containers: - - name: {{ $releaseName }}-{{ $chartName }}-deployment - {{- with .Values.image }} - image: {{ $cloudProviderDockerRegistryUrl }}{{ .repository }}:{{ $imageTag }} - {{- end }} - volumeMounts: - {{- if .Values.ca.enabled }} - - mountPath: {{ printf "%s/%s" .Values.ca.path .Values.ca.key | quote }} - name: root-ca - subPath: {{ quote .Values.ca.key }} - {{- end }} - - name: config-volume - mountPath: /usr/src/app/packages/auth-ui/config.json - subPath: config.json - env: - - name: SERVER_PORT - value: {{ .Values.env.targetPort | quote }} - {{- if .Values.ca.enabled }} - - name: REQUESTS_CA_BUNDLE - value: {{ printf "%s/%s" .Values.ca.path .Values.ca.key | quote }} - - name: NODE_EXTRA_CA_CERTS - value: {{ printf "%s/%s" .Values.ca.path .Values.ca.key | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- toYaml .Values.extraEnvVars | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.env.targetPort }} - protocol: TCP - livenessProbe: - initialDelaySeconds: {{ .Values.initialDelaySeconds }} - httpGet: - path: /liveness - port: {{ .Values.env.targetPort }} - httpHeaders: - - name: Access-Control-Allow-Origin - value: "*" - - name: Access-Control-Allow-Methods - value: "GET, OPTIONS" - - name: Access-Control-Allow-Headers - value: "Content-Type, Authorization" - {{- if .Values.resources.enabled }} - resources: - {{- toYaml .Values.resources.value | nindent 12 }} - {{- end }} - volumes: - {{- if .Values.ca.enabled }} - - name: root-ca - secret: - secretName: {{ .Values.ca.secretName }} - {{- end }} - - name: config-volume - configMap: - name: {{ $releaseName }}-{{ $chartName }}-configmap -{{- end -}} diff --git a/apps/auth-ui/helm/templates/ingress.yaml b/apps/auth-ui/helm/templates/ingress.yaml deleted file mode 100644 index 4285b842..00000000 --- a/apps/auth-ui/helm/templates/ingress.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- $releaseName := .Release.Name -}} -{{- $chartName := include "auth-ui.name" . -}} -{{- $servicePort := .Values.env.port -}} -{{- if and (.Values.enabled) (.Values.ingress.enabled) -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $releaseName }}-{{ $chartName }}-ingress - labels: - {{- include "auth-ui.labels" . | nindent 4 }} - {{- if .Values.ingress.labels }} - {{- toYaml .Values.ingress.labels | nindent 4 }} - {{- end }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} - backend: - service: - name: {{ $releaseName }}-{{ $chartName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/apps/auth-ui/helm/templates/route.yaml b/apps/auth-ui/helm/templates/route.yaml deleted file mode 100644 index 0a1837de..00000000 --- a/apps/auth-ui/helm/templates/route.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $releaseName := .Release.Name -}} -{{- $chartName := include "auth-ui.name" . -}} -{{- $cloudProviderFlavor := include "auth-ui.cloudProviderFlavor" . -}} -{{- if and (and (.Values.enabled) (eq $cloudProviderFlavor "openshift")) (.Values.route.enabled) -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $releaseName }}-{{ $chartName }}-route - annotations: - haproxy.router.openshift.io/rewrite-target: / - {{- if .Values.route.timeout.enabled }} - haproxy.router.openshift.io/timeout: {{ .Values.route.timeout.duration }} - {{- end }} -spec: - path: {{ .Values.route.path | default "/" }} - {{- if .Values.route.host }} - host: {{ .Values.route.host }} - {{- end }} - to: - kind: Service - name: {{ $releaseName }}-{{ $chartName }} - {{- if .Values.route.tls.enabled }} - tls: - termination: {{ .Values.route.tls.termination | quote }} - insecureEdgeTerminationPolicy: {{ .Values.route.tls.insecureEdgeTerminationPolicy | quote }} - {{- if .Values.route.tls.useCerts }} - certificate: {{ .Values.route.tls.certificate | quote }} - key: {{ .Values.route.tls.key | quote }} - caCertificate: {{ .Values.route.tls.caCertificate | quote }} - {{- end }} - {{- end -}} -{{- end -}} diff --git a/apps/auth-ui/helm/templates/service.yaml b/apps/auth-ui/helm/templates/service.yaml deleted file mode 100644 index 635611cf..00000000 --- a/apps/auth-ui/helm/templates/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- $releaseName := .Release.Name -}} -{{- $chartName := include "auth-ui.name" . -}} -{{- if .Values.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ $releaseName }}-{{ $chartName }} - labels: - app: {{ $chartName }} - component: {{ $chartName }} - release: {{ $releaseName }} - {{- include "auth-ui.labels" . | nindent 4 }} -spec: - ports: - - port: {{ .Values.env.port }} - targetPort: {{ .Values.env.targetPort }} - protocol: TCP - name: http - selector: - app: {{ $chartName }} - release: {{ $releaseName }} - run: {{ $releaseName }}-{{ $chartName }} - {{- include "auth-ui.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/apps/auth-ui/helm/values.yaml b/apps/auth-ui/helm/values.yaml deleted file mode 100644 index 8a8bc287..00000000 --- a/apps/auth-ui/helm/values.yaml +++ /dev/null @@ -1,107 +0,0 @@ -global: - cloudProvider: {} - tracing: {} - metrics: {} - -mclabels: - component: frontend - owner: infra - partOf: authentication - -enabled: true -environment: development -replicaCount: 1 -initialDelaySeconds: 60 -resetOnConfigChange: true - -extraEnvVars: [] - -cloudProvider: - dockerRegistryUrl: acrarolibotnonprod.azurecr.io - imagePullSecretName: 'acr-registry' - flavor: openshift - -ca: - enabled: false - secretName: 'root-ca' - path: '/usr/local/share/ca-certificates' - key: 'ca.crt' - -image: - repository: infra/auth-ui - # tag: '' - -env: - port: 80 - targetPort: 3000 - tracing: - enabled: false - url: http://localhost:55681/v1/trace - metrics: - enabled: false - url: http://localhost:55681/v1/metrics - -config: | - { - "8080": { - "name": "localhost 8080", - "url": "https://auth-manager-service", - "envs": [ - { - "envKey": "prod", - "opaUrl": "https://opa-la-service" - } - ] - } - } - -additionalPodAnnotations: {} - -resources: - enabled: true - value: - limits: - cpu: 400m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -route: - enabled: true - path: / - host: - timeout: - enabled: false # defaults to 30s by openshift - duration: 60s # supported units (us, ms, s, m, h, d) - tls: - enabled: true - termination: edge - insecureEdgeTerminationPolicy: Redirect - useCerts: false - certificate: - key: - caCertificate: - -ingress: - enabled: false - className: "" - labels: {} - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: [] - # - host: auth-ui.domain.com - # paths: - # - path: / - # pathType: ImplementationSpecific - path: / - # host: 'localhost' - # cors: - # enabled: true - # origin: '*' - tls: [] - # - secretName: chart-example-tls - # hosts: - # - auth-ui.domain.com - diff --git a/apps/auth-ui/package.json b/apps/auth-ui/package.json index 0ff78c5e..ea94e227 100644 --- a/apps/auth-ui/package.json +++ b/apps/auth-ui/package.json @@ -6,7 +6,7 @@ "scripts": { "dev": "vite", "build": "tsc && vite build", - "build:docker": "docker buildx build --build-arg APP_NAME=$npm_package_name -f Dockerfile -t ${DOCKER_REGISTRY:-}${npm_package_name}:${DOCKER_TAG:-latest} ${DOCKER_FLAGS:-} ../..", + "build:docker": "docker buildx build --build-arg APP_NAME=$npm_package_name -f ../../docker/frontend.Dockerfile -t ${DOCKER_REGISTRY:-}${npm_package_name}:${DOCKER_TAG:-latest} ${DOCKER_FLAGS:-} ../..", "build:docker-no-cache": "cross-env DOCKER_FLAGS=--no-cache pnpm run build:docker", "lint": "eslint . --ext ts,tsx --report-unused-disable-directives --max-warnings 0", "preview": "vite preview", diff --git a/apps/kiosk-ui/package.json b/apps/kiosk-ui/package.json index fd8d5126..32bf9af0 100644 --- a/apps/kiosk-ui/package.json +++ b/apps/kiosk-ui/package.json @@ -8,7 +8,9 @@ "build": "tsc -b && vite build", "lint": "eslint .", "preview": "vite preview", - "knip": "knip --directory ../.. --workspace apps/kiosk-ui" + "knip": "knip --directory ../.. --workspace apps/kiosk-ui", + "build:docker": "docker buildx build --build-arg APP_NAME=$npm_package_name -f ../../docker/frontend.Dockerfile -t ${DOCKER_REGISTRY:-}${npm_package_name}:${DOCKER_TAG:-latest} ${DOCKER_FLAGS:-} ../..", + "build:docker-no-cache": "cross-env DOCKER_FLAGS=--no-cache pnpm run build:docker" }, "dependencies": { "@radix-ui/react-dialog": "^1.1.14", diff --git a/apps/token-kiosk/helm/Chart.lock b/apps/token-kiosk/helm/Chart.lock index 9e545cce..9fc3517e 100644 --- a/apps/token-kiosk/helm/Chart.lock +++ b/apps/token-kiosk/helm/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: oci://acrarolibotnonprod.azurecr.io/helm/infra version: 1.0.1 digest: sha256:a97237cd8966ab9d4f8c0b8dda2ad110fbff5d485da868124fdce2a5dbbfa208 -generated: "2025-11-20T09:48:33.086549554+02:00" +generated: "2026-05-31T15:00:54.711246441+03:00" diff --git a/apps/token-kiosk/helm/values.yaml b/apps/token-kiosk/helm/values.yaml index 1a96c4e5..96dfa01a 100644 --- a/apps/token-kiosk/helm/values.yaml +++ b/apps/token-kiosk/helm/values.yaml @@ -119,12 +119,12 @@ resources: route: enabled: true - path: / + path: /api host: timeout: enabled: false # defaults to 30s by openshift duration: 60s # supported units (us, ms, s, m, h, d) - rewriteTarget: '' + rewriteTarget: '/' tls: enabled: true termination: edge diff --git a/apps/token-kiosk/src/serverBuilder.ts b/apps/token-kiosk/src/serverBuilder.ts index 9c25c122..48e6b590 100644 --- a/apps/token-kiosk/src/serverBuilder.ts +++ b/apps/token-kiosk/src/serverBuilder.ts @@ -55,13 +55,10 @@ export class ServerBuilder { } private buildRoutes(): void { - const router = Router(); - router.use('/auth', this.authRouter); - router.use('/token', this.tokenRouter); - router.use('/guides', this.guidesRouter); - router.use('/files', this.qlrRouter); - - this.serverInstance.use('/api', router); + this.serverInstance.use('/auth', this.authRouter); + this.serverInstance.use('/token', this.tokenRouter); + this.serverInstance.use('/guides', this.guidesRouter); + this.serverInstance.use('/files', this.qlrRouter); this.buildDocsRoutes(); } @@ -76,8 +73,6 @@ export class ServerBuilder { this.serverInstance.use(bodyParser.json(this.config.get('server.request.payload'))); - this.serverInstance.use(expressStatic('public')); - this.serverInstance.use(this.authMiddleware); const ignorePathRegex = new RegExp(`^${this.config.get('openapiConfig.basePath')}/.*`, 'i'); diff --git a/apps/token-kiosk/tests/files/files.spec.ts b/apps/token-kiosk/tests/files/files.spec.ts index 9643d821..cf284b23 100644 --- a/apps/token-kiosk/tests/files/files.spec.ts +++ b/apps/token-kiosk/tests/files/files.spec.ts @@ -48,7 +48,7 @@ describe('guides', function () { useChild: true, }); - requestSender = await createRequestSender(OPENAPI_PATH, app, { baseUrl: '/api' }); + requestSender = await createRequestSender(OPENAPI_PATH, app); drizzle = container.resolve(SERVICES.DRIZZLE); nock('http://localhost:8082').get('/key/prod/latest').reply(httpStatusCodes.OK, privateKey); diff --git a/apps/token-kiosk/tests/guides/guides.spec.ts b/apps/token-kiosk/tests/guides/guides.spec.ts index c2c0674a..bc78ad58 100644 --- a/apps/token-kiosk/tests/guides/guides.spec.ts +++ b/apps/token-kiosk/tests/guides/guides.spec.ts @@ -41,7 +41,7 @@ describe('guides', function () { useChild: true, }); - requestSender = await createRequestSender(OPENAPI_PATH, app, { baseUrl: '/api' }); + requestSender = await createRequestSender(OPENAPI_PATH, app); }); afterEach(function () { diff --git a/apps/token-kiosk/tests/token/token.spec.ts b/apps/token-kiosk/tests/token/token.spec.ts index b3b4dae4..bdadce4e 100644 --- a/apps/token-kiosk/tests/token/token.spec.ts +++ b/apps/token-kiosk/tests/token/token.spec.ts @@ -55,7 +55,7 @@ describe('token', function () { useChild: true, }); - requestSender = await createRequestSender(OPENAPI_PATH, app, { baseUrl: '/api' }); + requestSender = await createRequestSender(OPENAPI_PATH, app); drizzle = container.resolve(SERVICES.DRIZZLE); }); diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile index 519d2fe2..287f64e5 100644 --- a/docker/backend.Dockerfile +++ b/docker/backend.Dockerfile @@ -5,7 +5,7 @@ FROM node:${NODE_VERSION}-slim AS base WORKDIR /app ENV PNPM_HOME="/pnpm" -ENV PATH="$PNPM_HOME:$PATH" +ENV PATH="$PNPM_HOME/bin:$PATH" ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 RUN corepack enable @@ -35,7 +35,9 @@ RUN pnpm --filter ${APP_NAME} deploy --prod --legacy /prod-app FROM node:${NODE_VERSION}-alpine AS runner -RUN apk add dumb-init +RUN apk add dumb-init && \ + wget -O /usr/bin/opa https://openpolicyagent.org/downloads/v1.0.1/opa_linux_amd64_static && \ + chmod a+x /usr/bin/opa ENV NODE_ENV=production diff --git a/apps/auth-ui/Dockerfile b/docker/frontend.Dockerfile similarity index 64% rename from apps/auth-ui/Dockerfile rename to docker/frontend.Dockerfile index bc0d17c4..827d9f00 100644 --- a/apps/auth-ui/Dockerfile +++ b/docker/frontend.Dockerfile @@ -5,7 +5,7 @@ FROM node:${NODE_VERSION}-slim AS base WORKDIR /app ENV PNPM_HOME="/pnpm" -ENV PATH="$PNPM_HOME:$PATH" +ENV PATH="$PNPM_HOME/bin:$PATH" ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 RUN corepack enable @@ -31,21 +31,8 @@ COPY --from=pruner /app/out/full/ . RUN pnpm turbo build --filter ${APP_NAME}... -RUN pnpm --filter ${APP_NAME} deploy --prod --legacy /prod-app - -FROM node:${NODE_VERSION}-alpine AS runner +FROM acrarolibotnonprod.azurecr.io/common/nginx:v2.1.6 AS runner ARG APP_NAME -ENV NODE_ENV=production -ENV SERVER_PORT=3000 - -WORKDIR /app - -COPY --chown=node:node --from=builder /prod-app/dist . - -RUN npm i -g serve - -USER node -EXPOSE 3000 -CMD [ "serve", "-s", "." ] +COPY --from=builder /app/apps/${APP_NAME}/dist /usr/share/nginx/html diff --git a/helm/.helmignore b/helm/.helmignore index e44282c3..b07de70d 100644 --- a/helm/.helmignore +++ b/helm/.helmignore @@ -23,4 +23,4 @@ *.tmproj .vscode/ Chart.lock -*.tgz +/*.tgz diff --git a/helm/Chart.lock b/helm/Chart.lock index 4bbc2406..b0535667 100644 --- a/helm/Chart.lock +++ b/helm/Chart.lock @@ -1,18 +1,21 @@ dependencies: - name: opa repository: file://charts/opa - version: 1.10.0 + version: 1.12.0 - name: auth-cron - repository: file://../packages/auth-cron/helm - version: 1.10.0 + repository: file://../apps/auth-cron/helm + version: 1.12.0 - name: auth-manager - repository: file://../packages/auth-manager/helm - version: 1.10.0 -- name: auth-ui - repository: file://../packages/auth-ui/helm - version: 1.10.0 + repository: file://../apps/auth-manager/helm + version: 1.12.0 +- name: nginx + repository: oci://acrarolibotnonprod.azurecr.io/helm/common + version: 2.1.6 - name: token-kiosk - repository: file://../packages/token-kiosk/helm - version: 1.10.0 -digest: sha256:164eb2c4310304fd4d51860fe117047c570e721db34f97747a7a958bef3a9c7a -generated: "2026-01-11T19:22:51.855858+02:00" + repository: file://../apps/token-kiosk/helm + version: 1.12.0 +- name: nginx + repository: oci://acrarolibotnonprod.azurecr.io/helm/common + version: 2.1.6 +digest: sha256:49f1a50c589b1760030c7a449e779d5ca15acdbf8173ef953aceb699b88a170f +generated: "2026-06-01T12:20:36.236385936+03:00" diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 9d635bed..f012341f 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -2,20 +2,31 @@ apiVersion: v2 name: opa-la description: A Helm chart for opa-la type: application -version: 1.12.0 +version: 1.12.0 # x-release-please-version dependencies: - name: opa repository: file://charts/opa condition: opa.enabled + version: 1.12.0 # x-release-please-version - name: auth-cron - repository: file://../packages/auth-cron/helm + repository: file://../apps/auth-cron/helm condition: auth-cron.enabled + version: 1.12.0 # x-release-please-version - name: auth-manager - repository: file://../packages/auth-manager/helm + repository: file://../apps/auth-manager/helm condition: auth-manager.enabled - - name: auth-ui - repository: file://../packages/auth-ui/helm + version: 1.12.0 # x-release-please-version + - name: nginx + repository: oci://acrarolibotnonprod.azurecr.io/helm/common condition: auth-ui.enabled + alias: auth-ui + version: 2.1.6 - name: token-kiosk - repository: file://../packages/token-kiosk/helm + repository: file://../apps/token-kiosk/helm condition: token-kiosk.enabled + version: 1.12.0 # x-release-please-version + - name: nginx + repository: oci://acrarolibotnonprod.azurecr.io/helm/common + condition: kiosk-ui.enabled + alias: kiosk-ui + version: 2.1.6 diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml new file mode 100644 index 00000000..3ce561e1 --- /dev/null +++ b/helm/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- $chartName := include "opa-la.name" . -}} +{{- if or (index .Values "auth-ui" "enabled") (index .Values "kiosk-ui" "enabled") -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-opa-la-configmap +data: + config.json: {{ index .Values "auth-ui" "config" | quote }} + extension.conf: | + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index dfb94df5..1c563fa7 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -121,51 +121,45 @@ auth-manager: auth-ui: enabled: true + config: | + {} + replicaCount: 1 cloudProvider: *cloudProvider - ca: *ca + mclabels: + owner: infra + partOf: authentication + component: frontend + logScraping: false image: repository: infra/auth-ui - config: | - { - "Local": { - "name": "localhost", - "url": "https://infra-opala-auth-manager", - "envs": [ - { - "envKey": "prod", - "opaUrl": "https://infra-opala-opa-service" - } - ] - } - } + tag: v12.0.0 # x-release-please-version + extraVolumes: + - name: config + configMap: + name: '{{ .Release.Name }}-opa-la-configmap' + extraVolumeMounts: + - name: config + mountPath: /etc/nginx/conf.d/extensions/extension.conf + subPath: extension.conf + - name: config + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + opentelemetry: + ratio: 1 + nginx: + extensions: + location: + enabled: true + fileName: extension.conf + authorization: + enabled: false + backend: + enabled: false route: enabled: true host: *host tls: *tls - ingress: - enabled: false - className: "" - labels: {} - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: [] - # - host: auth-ui.domain.com - # paths: - # - path: / - # pathType: ImplementationSpecific - path: / - # host: 'localhost' - # cors: - # enabled: true - # origin: '*' - tls: [] - # - secretName: chart-example-tls - # hosts: - # - auth-ui.domain.com - - token-kiosk: enabled: true cloudProvider: *cloudProvider @@ -176,3 +170,39 @@ token-kiosk: offlineMode: *configOfflineMode serverUrl: *configServerUrl name: 'infra-token-kiosk' + +kiosk-ui: + enabled: true + replicaCount: 1 + cloudProvider: *cloudProvider + mclabels: + owner: infra + partOf: authentication + component: frontend + logScraping: false + image: + repository: infra/kiosk-ui + tag: v12.0.0 # x-release-please-version + extraVolumes: + - name: config + configMap: + name: '{{ .Release.Name }}-opa-la-configmap' + extraVolumeMounts: + - name: config + mountPath: /etc/nginx/conf.d/extensions/extension.conf + subPath: extension.conf + opentelemetry: + ratio: 1 + nginx: + extensions: + location: + enabled: true + fileName: extension.conf + authorization: + enabled: false + backend: + enabled: false + route: + enabled: true + host: *host + tls: *tls diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 00000000..10b588fa --- /dev/null +++ b/nginx.conf @@ -0,0 +1,45 @@ +load_module modules/ngx_otel_module.so; +load_module modules/ngx_http_js_module.so; +worker_processes 4; + +error_log /var/log/nginx/error.log warn; +pid /tmp/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + otel_service_name nginx; + otel_exporter { + endpoint localhost:4317; + } + + map $server_protocol $otel_network_protocol_name { + (.+)/.+$ $1; + default "http"; + } + + map $server_protocol $otel_network_protocol_version { + .+/(.+)$ $1; + default "1.1"; + } + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + include /etc/nginx/log_format.conf; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/release-please-config.json b/release-please-config.json index b30b5b6d..a6b2b024 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -143,7 +143,9 @@ "glob": true, "path": "**/Chart.yaml", "jsonpath": "$.version" - } + }, + { "type": "generic", "glob": true, "path": "**/values.yaml" }, + { "type": "generic", "path": "helm/Chart.yaml" } ] } }