Merge branch 'develop' into chatbot

Author: piyushroshan

.github/workflows/pr-build.yml

@@ -8,7 +8,6 @@ on:
       - 'deploy/**'
       - '.github/workflows/**'
   workflow_dispatch:
-
 jobs:
   build-context:
     runs-on: ubuntu-latest
@@ -22,6 +21,10 @@ jobs:
     runs-on: ubuntu-latest
     env:
       PLATFORMS: "linux/amd64,linux/arm64"
+    permissions:
+      pull-requests: write # Required to post comments
+      contents: read
+      checks: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -159,10 +162,12 @@ jobs:
       - name: Cleanup docker before running
         if: always()
         continue-on-error: true
-        run:  docker-compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans
+        run:  docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans
 
       - name: Run crAPI using built images
-        run: VERSION=${{ env.TAG_NAME }} docker-compose -f deploy/docker/docker-compose.yml --compatibility up -d
+        run: |
+             cd deploy/docker
+             VERSION=${{ env.TAG_NAME }} docker compose -f docker-compose.yml --compatibility up -d
 
       - name: Install Node
         uses: actions/setup-node@v3
@@ -181,12 +186,16 @@ jobs:
 
       - name: Cleanup docker
         if: always()
-        run:  docker-compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans
+        run:  docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans
 
 
   tests:
     needs: build-context
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
+      checks: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -208,7 +217,7 @@ jobs:
           go-version: '1.21'
 
       - name: Start the database
-        run: docker-compose -f services/docker-database.yml up -d
+        run: docker compose -f services/docker-database.yml up -d
 
       - name: Run identity tests
         run: |
@@ -262,7 +271,7 @@ jobs:
           coverage xml -o coverage.xml
 
       - name: Publish Coverage for workshop
-        uses: orgoro/coverage@v3.1
+        uses: orgoro/coverage@v3.2
         with:
             coverageFile: services/workshop/coverage.xml
             token: ${{ secrets.GITHUB_TOKEN }}
@@ -271,4 +280,4 @@ jobs:
         run: |
           cd services/web
           npm install
-          npm run lint
+          npm run lint

LICENSE.md

@@ -3,7 +3,7 @@
                         http://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
+ 
    1. Definitions.
 
       "License" shall mean the terms and conditions for use, reproduction,

README.md

@@ -10,68 +10,113 @@ know more about crAPI, please check [crAPI's overview][overview].
 
 ## QuickStart Guide
 
-### Docker and docker-compose
+### Docker and docker compose
 
-You'll need to have Docker and docker-compose installed and running on your host system. Also, the version of docker-compose should be `1.27.0` or above. Check your docker-compose version using:
+You'll need to have Docker and docker compose installed and running on your host system. Also, the version of docker compose should be `1.27.0` or above. Check your docker compose version using:
 ```
-docker-compose version
+docker compose version
 ```
 
+**Upgrade your docker compose version if you get errors like**
+
+```ERROR: Invalid interpolation format for ...```
+
 #### Using prebuilt images
-You can use prebuilt images generated by our CI workflow.
+You can use prebuilt images generated by our CI workflow by downloading the docker compose and **.env** files.
 
  - To use the latest stable version.
 
       - Linux Machine
 
       ```
-      curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
+      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
+      
+      unzip /tmp/crapi.zip
+      
+      cd crAPI-main/deploy/docker
+
+      docker compose pull
+
+      docker compose -f docker-compose.yml --compatibility up -d
+      ```
+      
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      docker-compose pull
+      For example to expose the system to all network interfaces.
 
-      docker-compose -f docker-compose.yml --compatibility up -d
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker-compose.yml --compatibility up -d
       ```
 
       - Windows Machine
 
       ```
-      curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
+      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
+
+      tar -xf .\crapi.zip
+     
+      cd crAPI-main/deploy/docker
+
+      docker compose pull
+
+      docker compose -f docker-compose.yml --compatibility up -d
+      ```
+     
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      docker-compose pull
+      For example to expose the system to all network interfaces.
 
-      docker-compose -f docker-compose.yml --compatibility up -d
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker-compose.yml --compatibility up -d
       ```
 
   - To use the latest development version
 
       - Linux Machine
 
       ```
-      curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
+      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
+      
+      unzip /tmp/crapi.zip
+      
+      cd crAPI-develop/deploy/docker
+
+      docker compose pull
+
+      docker compose -f docker-compose.yml --compatibility up -d
+      ```
+      
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      VERSION=develop docker-compose pull
+      For example to expose the system to all network interfaces.
 
-      VERSION=develop docker-compose -f docker-compose.yml --compatibility up -d
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker-compose.yml --compatibility up -d
       ```
 
       - Windows Machine
 
       ```
-      curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
+      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
 
-      set "VERSION=develop"
+      tar -xf .\crapi.zip
+     
+      cd crAPI-develop/deploy/docker
 
-      docker-compose pull
+      docker compose pull
 
-      docker-compose -f docker-compose.yml --compatibility up -d
+      docker compose -f docker-compose.yml --compatibility up -d
       ```
+     
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      - To Stop and Cleanup crAPI
+      For example to expose the system to all network interfaces.
 
       ```
-      docker-compose -f docker-compose.yml --compatibility down –volumes
+      LISTEN_IP="0.0.0.0" docker compose -f docker-compose.yml --compatibility up -d
       ```
 
+
 Visit [http://localhost:8888](http://localhost:8888)
 
 **Note**: All emails are sent to mailhog service by default and can be checked on
@@ -117,4 +162,4 @@ To know more about challenges in crAPI. Visit [challenges]
 [virtualbox]: https://www.virtualbox.org/wiki/Downloads
 
 ## Troubleshooting guide for general issues while installing and running crAPI
-If you need any help with installing and running crAPI you can check out this guide: [Troubleshooting guide crAPI](https://github.com/OWASP/crAPI/blob/main/docs/troubleshooting.md). If this doesn't solve your problem, please create an issue in Github Issues.
+If you need any help with installing and running crAPI you can check out this guide: [Troubleshooting guide crAPI](https://github.com/OWASP/crAPI/blob/main/docs/troubleshooting.md). If this doesn't solve your problem, please create an issue in Github Issues.

deploy/docker/docker-compose.yml

@@ -18,7 +18,7 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:8080:8080"
     volumes:
-      - ./keys:/keys
+      - ./keys:/app/keys
     environment:
       - LOG_LEVEL=${LOG_LEVEL:-INFO}
       - DB_NAME=crapi
@@ -178,7 +178,9 @@ services:
     image: crapi/crapi-web:${VERSION:-latest}
     ports:
       - "${LISTEN_IP:-127.0.0.1}:8888:80"
+      - "${LISTEN_IP:-127.0.0.1}:30080:80"
       - "${LISTEN_IP:-127.0.0.1}:8443:443"
+      - "${LISTEN_IP:-127.0.0.1}:30443:443"
     environment:
       - COMMUNITY_SERVICE=crapi-community:${COMMUNITY_SERVER_PORT:-8087}
       - IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
@@ -194,7 +196,7 @@ services:
       crapi-workshop:
         condition: service_healthy
     healthcheck:
-      test: curl 0.0.0.0:80/web/health
+      test: curl 0.0.0.0:80/health
       interval: 15s
       timeout: 15s
       retries: 15
@@ -276,7 +278,7 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:8443:443" # https
     healthcheck:
-      test: echo -n "GET / HTTP/1.1\n\n\n" > /dev/tcp/127.0.0.1/443
+      test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443'
       interval: 15s
       timeout: 15s
       retries: 15

deploy/helm/templates/mongodb/statefulset.yaml

@@ -34,4 +34,5 @@ spec:
       volumes:
         - name: mongodb-data
           persistentVolumeClaim:
-            claimName: {{ .Values.mongodb.pvc.name }}
+            claimName: {{ .Values.mongodb.storage.pvc.name }}
+            

deploy/helm/templates/mongodb/storage.yaml

@@ -1,16 +1,34 @@
-kind: PersistentVolumeClaim
+{{- if eq .Values.mongodb.storage.type "manual" }}
 apiVersion: v1
- 
+kind: PersistentVolume
+metadata:
+  name: {{ .Values.mongodb.storage.pv.name }}
+  labels:
+    release: {{ .Release.Name }}
+    {{- toYaml .Values.mongodb.storage.pv.labels | nindent 4 }}
+spec:
+  storageClassName: {{ .Values.mongodb.storage.type }}
+  capacity:
+    storage: {{ .Values.mongodb.storage.pv.resources.storage }}
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: {{ .Values.mongodb.storage.pv.hostPath }}
+---
+{{- end }}
+apiVersion: v1
+kind: PersistentVolumeClaim
 metadata:
-  name: {{ .Values.mongodb.pvc.name }}
+  name: {{ .Values.mongodb.storage.pvc.name }}
   labels:
     release: {{ .Release.Name }}
-    {{- toYaml .Values.mongodb.pvc.labels | nindent 4 }}
- 
+    {{- toYaml .Values.mongodb.storage.pvc.labels | nindent 4 }}
 spec:
-  #storageClassName: local-path
+  {{- if ne .Values.mongodb.storage.type "default" }}
+  storageClassName: {{ .Values.mongodb.storage.type }}
+  {{- end }}
   accessModes:
     - ReadWriteOnce
- 
   resources:
-    {{- toYaml .Values.mongodb.pvc.resources | nindent 4 }}
+    {{- toYaml .Values.mongodb.storage.pvc.resources | nindent 4 }}
+

deploy/helm/templates/postgres/statefulset.yaml

@@ -37,4 +37,4 @@ spec:
       volumes:
         - name: postgres-data
           persistentVolumeClaim:
-            claimName: {{ .Values.postgresdb.pvc.name }}
+            claimName: {{ .Values.postgresdb.storage.pvc.name }}

deploy/helm/templates/postgres/storage.yaml

@@ -1,16 +1,33 @@
-kind: PersistentVolumeClaim
+{{- if eq .Values.postgresdb.storage.type "manual" }}
 apiVersion: v1
- 
+kind: PersistentVolume
+metadata:
+  name: {{ .Values.postgresdb.storage.pv.name }}
+  labels:
+    release: {{ .Release.Name }}
+    {{- toYaml .Values.postgresdb.storage.pv.labels | nindent 4 }}
+spec:
+  storageClassName: {{ .Values.postgresdb.storage.type }}
+  capacity:
+    storage: {{ .Values.postgresdb.storage.pv.resources.storage }}
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: {{ .Values.postgresdb.storage.pv.hostPath }}
+---
+{{- end }}
+apiVersion: v1
+kind: PersistentVolumeClaim
 metadata:
-  name: {{ .Values.postgresdb.pvc.name }}
+  name: {{ .Values.postgresdb.storage.pvc.name }}
   labels:
     release: {{ .Release.Name }}
-    {{- toYaml .Values.postgresdb.pvc.labels | nindent 4 }}
-
+    {{- toYaml .Values.postgresdb.storage.pvc.labels | nindent 4 }}
 spec:
-  #storageClassName: local-path
+  {{- if ne .Values.postgresdb.storage.type "default" }}
+  storageClassName: {{ .Values.postgresdb.storage.type }}
+  {{- end }}
   accessModes:
     - ReadWriteOnce
- 
   resources:
-    {{- toYaml .Values.postgresdb.pvc.resources | nindent 4 }}
+    {{- toYaml .Values.postgresdb.storage.pvc.resources | nindent 4 }}

deploy/helm/values-pv.yaml

@@ -0,0 +1,37 @@
+mongodb:
+  storage: 
+    type: "manual"
+    pv:
+      name: mongodb-pv
+      labels:
+        app: mongodb
+      resources:
+        storage: 2Gi
+      hostPath: /mnt/mongodb
+      accessModes: ReadWriteOnce
+    pvc:
+      name: mongodb-pv-claim
+      labels:
+        app: mongodb
+      resources:
+        requests:
+          storage: 2Gi
+
+postgresdb:
+  storage:
+    type: "manual"
+    pv:
+      name: postgres-pv
+      labels:
+        app: postgresdb
+      resources:
+        storage: 2Gi
+      hostPath: /mnt/postgresdb
+    pvc:
+      name: postgres-pv-claim
+      labels:
+        app: postgresdb
+      accessModes: ReadWriteOnce
+      resources:
+        requests:
+          storage: 2Gi