diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f35d9fb9..65f50f1b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -132,15 +132,6 @@ variables: TESTS_BRANCH: description: "Branch of E2E-tests on which the test pipeline is triggered" value: "main" - RUN_UMS_TESTS: - description: "Run E2E test suite of SouvAP Dev team" - value: "no" - options: - - "yes" - - "no" - UMS_TESTS_BRANCH: - description: "Branch of E2E test suite of SouvAP Dev team" - value: "main" .deploy-common: cache: {} @@ -443,34 +434,6 @@ run-tests: }" \ "https://${TESTS_PROJECT_URL}/trigger/pipeline" -run-souvap-dev-tests: - extends: ".deploy-common" - environment: - name: "${NAMESPACE}" - stage: "tests" - rules: - - if: > - $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_UMS_TESTS == "yes" - when: "on_success" - script: - - *ums-default-password - - | - curl --request POST \ - --header "Content-Type: application/json" \ - --data "{ \ - \"ref\": \"${UMS_TESTS_BRANCH}\", \ - \"token\": \"${CI_JOB_TOKEN}\", \ - \"variables\": { \ - \"portal_base_url\": \"https://portal.${DOMAIN}\", \ - \"username\": \"${DEFAULT_USER_NAME}\", \ - \"password\": \"${DEFAULT_USER_PASSWORD}\", \ - \"admin_username\": \"${DEFAULT_ADMIN_NAME}\", \ - \"admin_password\": \"${DEFAULT_ADMIN_PASSWORD}\", \ - \"keycloak_base_url\": \"https://id.${DOMAIN}\" \ - } \ - }" \ - "https://${UMS_TESTS_PROJECT_URL}/trigger/pipeline" - avscan-prepare: stage: ".pre" rules: @@ -580,14 +543,12 @@ opendesk-linter: image: "registry.souvap-univention.de/souvap/tooling/images/semantic-release-patched:latest" tags: [] - conventional-commits-linter: rules: - if: "$JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'" when: "never" - when: "always" - common-yaml-linter: rules: - if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|triggers|web|merge_request_event'" diff --git a/README.md b/README.md index 4e1b9687..2400c9ff 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze SPDX-License-Identifier: Apache-2.0 --> -![logo](./helmfile/environments/default/theme/logo_portal_background.svg) +

openDesk Deployment Automation

openDesk is a Kubernetes based, open-source and cloud-native digital workplace suite provided by the "Projektgruppe für Aufbau ZenDiS" of Germany's Federal Ministry of the Interior. diff --git a/docs/requirements.md b/docs/requirements.md index 1c67850a..f974f10e 100644 --- a/docs/requirements.md +++ b/docs/requirements.md @@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0 This section covers the internal system requirements as well as external service requirements for productive use. -* [TL;DR;](#tldr) +* [tl;dr](#tldr) * [Hardware](#hardware) * [Kubernetes](#kubernetes) * [Ingress controller](#ingress-controller) @@ -17,7 +17,7 @@ This section covers the internal system requirements as well as external service * [Deployment](#deployment) -# TL;DR; +# tl;dr openDesk is a Kubernetes only solution and requires an existing Kubernetes (K8s) cluster. - K8s cluster >= 1.24, [CNCF Certified Kubernetes Distro](https://www.cncf.io/certification/software-conformance/) diff --git a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl index eafe3c5d..72a86d6b 100644 --- a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl @@ -86,6 +86,7 @@ config: authorizationServicesEnabled: false attributes: backchannel.logout.session.required: true + backchannel.logout.revoke.offline.tokens: true backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout" protocolMappers: - name: "intercom-audience" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index e48d3aaf..9496b6e9 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -4,7 +4,7 @@ images: clamd: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "clamav/clamav" @@ -23,7 +23,7 @@ images: # @mirrorFrom: ['23', '5', '6'] cryptpad: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=cryptpad/cryptpad # dependencyType=supplier registry: "registry.opencode.de" @@ -54,7 +54,7 @@ images: # @mirrorFrom: ['1', '8', '0'] freshclam: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "clamav/clamav" @@ -81,7 +81,7 @@ images: # @mirrorFrom: ['1', '6'] jibri: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=jitsi/jibri # dependencyType=supplier registry: "registry.opencode.de" @@ -92,7 +92,7 @@ images: # @mirrorFrom: ['8922'] jicofo: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=jitsi/jicofo # dependencyType=supplier registry: "registry.opencode.de" @@ -103,7 +103,7 @@ images: # @mirrorFrom: ['8922'] jitsi: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=jitsi/web # dependencyType=supplier registry: "registry.opencode.de" @@ -125,7 +125,7 @@ images: # @mirrorFrom: ['2023', '12', '14'] jitsiPatchJVB: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=bitnami/kubectl # dependencyType=external registry: "registry-1.docker.io" @@ -134,7 +134,7 @@ images: # @supplier: "Nordeck" jvb: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=jitsi/jvb # dependencyType=supplier registry: "registry.opencode.de" @@ -145,7 +145,7 @@ images: # @mirrorFrom: ['8922'] mariadb: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "library/mariadb" @@ -197,7 +197,7 @@ images: # @mirrorFrom: ['1', '6', '0'] matrixUserVerificationService: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=matrixdotorg/matrix-user-verification-service # dependencyType=supplier registry: "registry.opencode.de" @@ -208,7 +208,7 @@ images: # @mirrorFrom: ['3', '0', '0'] memcached: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "bitnami/memcached" @@ -216,7 +216,7 @@ images: # @supplier: "openDesk" milter: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "clamav/clamav" @@ -224,7 +224,7 @@ images: # @supplier: "openDesk" minio: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "bitnami/minio" @@ -272,7 +272,7 @@ images: # @supplier: "openDesk" openproject: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=openproject/open_desk # dependencyType=supplier registry: "registry.opencode.de" @@ -291,7 +291,7 @@ images: # @supplier: "openDesk" openprojectInitDb: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=postgres # dependencyType=external registry: "registry-1.docker.io" @@ -300,7 +300,7 @@ images: # @supplier: "OpenProject" openxchangeBootstrap: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "alpine/k8s" @@ -448,7 +448,7 @@ images: # @supplier: "openDesk" postgresql: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "library/postgres" @@ -456,7 +456,7 @@ images: # @supplier: "openDesk" prosody: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=jitsi/prosody # dependencyType=supplier registry: "registry.opencode.de" @@ -467,7 +467,7 @@ images: # @mirrorFrom: ['8922'] redis: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=bitnami/redis # dependencyType=external registry: "registry-1.docker.io" @@ -476,7 +476,7 @@ images: # @supplier: "openDesk" synapse: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=matrixdotorg/synapse # dependencyType=supplier registry: "registry.opencode.de" @@ -487,7 +487,7 @@ images: # @mirrorFrom: ['1', '91', '2'] synapseCreateUser: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "alpine/k8s" @@ -506,7 +506,7 @@ images: # @mirrorFrom: ['1', '0', '0'] synapseWeb: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "rapidfort/haproxy-official" @@ -722,12 +722,13 @@ images: # @mirrorFrom: ['0', '3', '2'] umsStackGateway: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # upstreamRepository=bitnami/nginx # dependencyType=external - registry: "docker.io" + registry: "registry-1.docker.io" repository: "bitnami/nginx" tag: "1.25.3@sha256:40ce0d6b8f5fc174a4df8c59c8893164c540192ee862cb7253650a30d9dc3b73" + # @supplier: "Univention" umsStoreDav: # renovate: # upstreamRegistry=registry.souvap-univention.de @@ -785,7 +786,7 @@ images: # @mirrorFrom: ['0', '9', '4'] wellKnown: # renovate: - # upstreamRegistry=docker.io + # upstreamRegistry=registry-1.docker.io # dependencyType=external registry: "registry-1.docker.io" repository: "library/nginx"