feat: trufflehog workgflow added

.github/workflows/chart-verification.yml

@@ -156,6 +156,7 @@ jobs:
           context: .
           push: true
           tags: kind-registry:5000/miw:testing
+          file: ./miw/Dockerfile
 
       - uses: actions/setup-python@v4
         with:
@@ -230,6 +231,7 @@ jobs:
             charts/managed-identity-wallet \
             -n apps \
             --wait \
+            --timeout 10m \
             --set image.tag=testing \
             --set image.repository=kind-registry:5000/miw
         # only run if this is not a PR -OR- if there are new versions available

.github/workflows/dast-scan.yaml

@@ -77,6 +77,7 @@ jobs:
           context: .
           push: true
           tags: kind-registry:5000/miw:testing
+          file: ./miw/Dockerfile
 
       - name: Install the chart on KinD cluster
         run: helm install -n apps --create-namespace --wait --set image.tag=testing --set=image.repository=kind-registry:5000/miw testing charts/managed-identity-wallet

.github/workflows/release-miw.yml

@@ -0,0 +1,266 @@
+# Copyright (c) 2021-2024 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+---
+
+  name: Semantic Release - MIW
+  on:
+    push:
+      paths:
+        - 'miw/src/**'
+        - 'miw/build.gradle/**'
+        - 'wallet-commons/src/**'
+        - 'build.gradle'
+        - 'gradle.properties'
+        - 'settings.gradle'
+      branches:
+        - main
+        - develop
+    pull_request:
+      paths:
+        - 'miw/src/**'
+        - 'miw/build.gradle/**'
+        - 'wallet-commons/src/**'
+        - 'build.gradle'
+        - 'gradle.properties'
+        - 'settings.gradle'
+      branches:
+        - main
+        - develop
+
+  env:
+    IMAGE_NAMESPACE: "tractusx"
+    IMAGE_NAME: "managed-identity-wallet"
+
+  jobs:
+
+    semantic_release:
+      name: Repository Release
+      runs-on: ubuntu-latest
+      permissions:
+        # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+        contents: write
+        pull-requests: write
+        packages: write
+      outputs:
+        next_release: ${{ steps.semantic-release.outputs.next_release }}
+        will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+
+        - name: Validate Gradle wrapper
+          uses: gradle/wrapper-validation-action@v2
+
+        - name: Setup Helm
+          uses: azure/[email protected]
+
+        - name: Setup JDK 17
+          uses: actions/setup-java@v4
+          with:
+            java-version: '17'
+            distribution: 'temurin'
+
+        - name: Setup Node.js
+          uses: actions/setup-node@v4
+          with:
+            node-version: 20
+
+          # setup helm-docs as it is needed during semantic-release
+        - uses: gabe565/setup-helm-docs-action@v1
+          name: Setup helm-docs
+          if: github.event_name != 'pull_request'
+          with:
+            version: v1.11.3
+
+        - name: Run semantic release
+          id: semantic-release
+          if: github.event_name != 'pull_request'
+          env:
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          run: |
+            npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
+
+        - name: Run semantic release (dry run)
+          if: github.event_name == 'pull_request'
+          env:
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          run: |
+            npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
+
+        - name: Execute Gradle build
+          run: ./gradlew build
+
+        - name: Upload build artifact
+          uses: actions/upload-artifact@v4
+          with:
+            name: build
+            path: ./miw/build
+            if-no-files-found: error
+            retention-days: 1
+
+        - name: Upload Helm chart artifact
+          uses: actions/upload-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+            if-no-files-found: error
+            retention-days: 1
+
+        - name: Report semantic-release outputs
+          run: |
+            echo "::notice::${{ env.next_release }}"
+            echo "::notice::${{ env.will_create_new_release }}"
+
+        - name: Upload jar to GitHub release
+          if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
+          run: |
+            echo "::notice::Uploading jar to GitHub release"
+            gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar
+
+    docker:
+      name: Docker Release
+      needs: semantic_release
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+        - name: Download build artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: build
+            path: ./miw/build
+
+        - name: Download Helm chart artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+
+        # Create SemVer or ref tags dependent of trigger event
+        - name: Docker meta
+          id: meta
+          uses: docker/metadata-action@v5
+          with:
+            images: |
+              ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+            # Automatically prepare image tags; See action docs for more examples.
+            # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+            tags: |
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+
+        - name: DockerHub login
+          if: github.event_name != 'pull_request'
+          uses: docker/login-action@v3
+          with:
+            # Use existing DockerHub credentials present as secrets
+            username: ${{ secrets.DOCKER_HUB_USER }}
+            password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+        - name: Push image
+          uses: docker/build-push-action@v5
+          with:
+            context: .
+            push: ${{ github.event_name != 'pull_request' }}
+            tags: ${{ steps.meta.outputs.tags }}
+            labels: ${{ steps.meta.outputs.labels }}
+            file: ./miw/Dockerfile
+
+        # https://github.com/peter-evans/dockerhub-description
+        # Important step to push image description to DockerHub
+        - name: Update Docker Hub description
+          if: github.event_name != 'pull_request'
+          uses: peter-evans/dockerhub-description@v3
+          with:
+            # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+            readme-filepath: Docker-hub-notice.md
+            username: ${{ secrets.DOCKER_HUB_USER }}
+            password: ${{ secrets.DOCKER_HUB_TOKEN }}
+            repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+
+    helm:
+      name: Helm Release
+      needs: semantic_release
+      runs-on: ubuntu-latest
+      permissions:
+        contents: write
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+
+        - name: Download Helm chart artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+
+        - name: Install Helm
+          uses: azure/[email protected]
+
+        - name: Add Helm dependency repositories
+          run: |
+            helm repo add bitnami https://charts.bitnami.com/bitnami
+
+        - name: Configure Git
+          run: |
+            git config user.name "$GITHUB_ACTOR"
+            git config user.email "[email protected]"
+
+        - name: Release chart
+          if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+          run: |
+            # Package MIW chart
+            helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
+            echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
+
+            # Commit and push to gh-pages
+            git add helm-charts
+            git stash -- helm-charts
+            git reset --hard
+            git fetch origin
+            git checkout gh-pages
+            git stash pop
+
+            # Generate helm repo index.yaml
+            helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
+            git add index.yaml
+
+            git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
+
+            git push origin gh-pages
+
+        - name: Upload chart to GitHub release
+          if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
+            HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
+          run: |
+            echo "::notice::Uploading chart to GitHub release"
+            gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
+