Merge pull request #22 from sgantaya/main

Done the changes for 1.2.0 release.

.dockerignore

@@ -1,6 +1,16 @@
 .git
+.github
+.vscode
+build
+platform-scripts
+docker
+docs
+build_and_deploy_to_aws_dataplane.sh
+dist-types
 node_modules
-packages/*/src
+packages/*/dist
 packages/*/node_modules
-plugins
+plugins/*/dist
+plugins/*/node_modules
 *.local.yaml
+

.gitignore

@@ -140,4 +140,4 @@ environment.sh
 
 .idea
 # E2E test reports
-e2e-test-report/
+e2e-test-report/

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1 - Create yarn install skeleton layer
-FROM --platform=$BUILDPLATFORM node:18-bookworm-slim AS packages
+FROM node:18-bookworm-slim AS packages
 
 WORKDIR /app
 COPY package.json yarn.lock ./
@@ -12,7 +12,7 @@ COPY plugins plugins
 RUN find packages \! -name "package.json" -mindepth 2 -maxdepth 2 -exec rm -rf {} \+
 
 # Stage 2 - Install dependencies and build packages
-FROM --platform=$BUILDPLATFORM node:18-bookworm-slim AS build
+FROM node:18-bookworm-slim AS build
 
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
@@ -42,7 +42,7 @@ RUN mkdir packages/backend/dist/skeleton packages/backend/dist/bundle \
     && tar xzf packages/backend/dist/bundle.tar.gz -C packages/backend/dist/bundle
 
 # Stage 3 - Build the actual backend image and install production dependencies
-FROM --platform=$TARGETPLATFORM node:18-bookworm-slim
+FROM --platform=linux/amd64 node:18-bookworm-slim
 
 # Install sqlite3 dependencies. You can skip this if you don't use sqlite3 in the image,
 # in which case you should also move better-sqlite3 to "devDependencies" in package.json.

app-config.production.yaml

@@ -10,6 +10,11 @@ app:
         links:
           - url: 'https://support.tibco.com/s/'
             title: 'TIBCO Support'
+      - title: 'TIBCO Documentation Page'
+        icon: 'docs'
+        links:
+          - url: 'https://docs.tibco.com/go/platform-cp/1.2.0/doc/html#cshid=developer_hub_overview'
+            title: 'TIBCO® Developer Hub Documentation'
 
 organization:
   name: TIBCO Software's

app-config.yaml

@@ -9,6 +9,12 @@ app:
         links:
           - url: 'https://support.tibco.com/s/'
             title: 'TIBCO Support'
+      - title: 'TIBCO Documentation Page'
+        icon: 'docs'
+        links:
+          - url: 'https://docs.tibco.com/go/platform-cp/1.2.0/doc/html#cshid=developer_hub_overview'
+            title: 'TIBCO® Developer Hub Documentation'
+  developerHubVersion: 1.2.0
 
 organization:
   name: TIBCO Software's
@@ -60,7 +66,7 @@ integrations:
       # apps:
       #   - $include: github-backstage-app-credentials.yaml
       # This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
-      # about setting up the GitHub integration here: https://backstage.io/docs/getting-started/configuration#setting-up-a-github-integration
+      # about setting up the GitHub integration here: https://backstage.io/docs/integrations/github/locations#configuration
       token: ${GITHUB_TOKEN}
     ### Example for how to add your GitHub Enterprise instance using the API:
     # - host: ghe.example.net
@@ -88,6 +94,7 @@ auth:
   #  github:
   #   organizations: ['<YOUR-ORG-NAME>']
   providers:
+    # See https://backstage.io/docs/auth/guest/provider
     github:
       development:
         clientId: ${AUTH_GITHUB_CLIENT_ID}

backstage.json

@@ -1,3 +1,3 @@
 {
-  "version": "1.21.1"
+  "version": "1.25.0"
 }

build/platform/charts/tibco-developer-hub/Chart.yaml

@@ -6,9 +6,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.6
+version: 1.2.11
 
-appVersion: "1.1.0"
+appVersion: "1.2.0"
 
 dependencies:
   - name: common

build/platform/charts/tibco-developer-hub/templates/app-config-configmap.yaml

@@ -14,5 +14,9 @@ data:
     value passed from backstage.appConfig.cpLink will have precedence
  */}}
   app-config.yaml: |
+{{- if .Values.backstage.tibcoDeveloperHubCustomAppVersion }}
+    {{- include "common.tplvalues.render" ( dict "value" (merge .Values.backstage.appConfig (dict "cpLink" .Values.global.cp.cpHostname) (dict "tibcoDeveloperHubCustomAppVersion" .Values.backstage.tibcoDeveloperHubCustomAppVersion)) "context" $) | nindent 4 }}
+{{- else }}
     {{- include "common.tplvalues.render" ( dict "value" (merge .Values.backstage.appConfig (dict "cpLink" .Values.global.cp.cpHostname)) "context" $) | nindent 4 }}
+{{- end }}  
 {{- end }}

build/platform/charts/tibco-developer-hub/templates/backstage-deployment.yaml

@@ -63,7 +63,7 @@ spec:
           configMap:
             name: backstage-app-config
         {{- end }}
-        {{- if .Values.enableLogging }}
+        {{- if .Values.global.cp.logging.fluentbit.enabled }}
         - name: podlogs
           hostPath:
             path: /var/log/pods
@@ -75,7 +75,7 @@ spec:
         - name: config-volume
           configMap:
             name: tibco-developer-hub-fluentbit-config
-  {{- end }}
+        {{- end }}
       {{- if or .Values.backstage.image.pullSecrets .Values.global.cp.containerRegistry.secret }}
       imagePullSecrets:
       {{- if .Values.global.cp.containerRegistry.secret }}
@@ -207,10 +207,14 @@ spec:
               {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.extraVolumeMounts "context" $ ) | nindent 12 }}
             {{- end }}
           {{- end }}
-        {{- if .Values.enableLogging }}
+        {{- if .Values.global.cp.logging.fluentbit.enabled }}
         - name: fluentbit
           image: {{ include "fluentbit.image" . }}
           imagePullPolicy: {{ .Values.fluentbit.image.pullPolicy }}
+          {{- if .Values.fluentbit.securityContext }}
+          securityContext:
+            {{- toYaml .Values.fluentbit.securityContext | nindent 12 }}
+          {{- end }}
           env:
             - name: POD_NAMESPACE
               valueFrom:

build/platform/charts/tibco-developer-hub/templates/fluentbit-configmap.yaml

@@ -2,7 +2,7 @@
 # This file is subject to the license terms contained
 # in the license file that is distributed with this file.
 
-{{- if .Values.enableLogging }}
+{{- if .Values.global.cp.logging.fluentbit.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:

build/platform/charts/tibco-developer-hub/templates/well-known-configuration-ingress.yaml

@@ -19,6 +19,8 @@ metadata:
     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
     nginx.ingress.kubernetes.io/upstream-vhost: {{ $cpHostname }}
     nginx.ingress.kubernetes.io/rewrite-target: /.well-known/openid-configuration
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      proxy_set_header x-cp-host {{ $cpHostname }};
 spec:
   ingressClassName: nginx
   rules:

build/platform/charts/tibco-developer-hub/values.yaml

@@ -25,11 +25,13 @@ global:
     containerRegistry:
       secret: ""
       url: ""
+    logging:
+      fluentbit:
+        enabled: true
   # -- Global Docker registry secret names as an array
   # </br> E.g. `imagePullSecrets: [myRegistryKeySecretName]`
   imagePullSecrets: []
 
-
 # -- Common parameters
 
 # -- Override Kubernetes version
@@ -108,7 +110,7 @@ backstage:
     jfrogRepository: tibco-platform-local-docker/dx/tibco-hub
 
     # -- Backstage image tag (immutable tags are recommended)
-    tag: "381"
+    tag: "463"
 
     # -- Specify a imagePullPolicy.
     # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -177,11 +179,28 @@ backstage:
   # -- Security settings for a Pod.
   #  The security settings that you specify for a Pod apply to all Containers in the Pod.
   # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-  podSecurityContext: {}
+  # This configuration ensures that the pod is run with non-root privileges for enhanced security.
+  # The user, group, and filesystem group IDs are all set to 1000.
+  # The filesystem group change policy is set to "Always", meaning the filesystem group is always set to the fsGroup.
+  # The seccomp (secure computing mode) profile is set to RuntimeDefault, which means it uses the default profile provided by the runtime.
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: "Always"
+    seccompProfile:
+      type: RuntimeDefault
 
   # -- Security settings for a Container.
   # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-  containerSecurityContext: {}
+  # It specifies that privilege escalation is not allowed for security reasons.
+  # Additionally, it drops all capabilities, which is a common security practice to minimize potential risks.
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
 
   # Allows to define the appConfig as a multiline string that generates a ConfigMap
   # automatically, not requiring to have it pre provisioned as with the extraAppConfig key.
@@ -292,7 +311,7 @@ postgresql:
     registry: ""
     repository: pdx/postgresql
     jfrogRepository: tibco-platform-local-docker/dx/postgresql
-    tag: 14.5.0-debian-11-r35
+    tag: 14.12.0-debian-12-r4
   commonLabels: '{{- include "tibcohub.platform.commonLabels" . -}}'
 
   # -- The authentication details of the Postgres database
@@ -318,6 +337,32 @@ postgresql:
 
       # -- The key in which Postgres will look for, for the replication password, in the existing Secret
       replicationPasswordKey: replication-password
+  primary:
+    # This configuration ensures that the pod is run with non-root privileges for enhanced security.
+    # The user, group, and filesystem group IDs are all set to 1000.
+    # The filesystem group change policy is set to "Always", meaning the filesystem group is always set to the fsGroup.
+    # The seccomp (secure computing mode) profile is set to RuntimeDefault, which means it uses the default profile provided by the runtime.
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 1001
+      runAsGroup: 1001
+      fsGroup: 1001
+      fsGroupChangePolicy: "Always"
+      seccompProfile:
+        type: RuntimeDefault
+
+    # # -- Security settings for a Container.
+    # # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+    # # It specifies that privilege escalation is not allowed for security reasons.
+    # # Additionally, it drops all capabilities, which is a common security practice to minimize potential risks.
+    containerSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 1001
+      runAsGroup: 0   # see https://github.com/bitnami/charts/issues/13985#issuecomment-1411654273
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
 
   # -- PostgreSQL architecture (`standalone` or `replication`)
   architecture: standalone
@@ -381,16 +426,20 @@ metrics:
     # <br /> Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the [Prometheus metrics tutorial](https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md).
     path: /metrics
 
-# Configuration needed for Fluentbit Sidecar for logging
-enableLogging: true
-
 fluentbit:
   image:
     registry: ""
     repository: pdx/fluent-bit
     jfrogRepository: tibco-platform-local-docker/dx/fluent-bit
-    tag: 2.1.6
+    tag: 3.0.2
     pullPolicy: Always
+  securityContext:
+    runAsNonRoot: false
+    runAsUser: 0
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
 
 autoscaling:
 
@@ -412,5 +461,5 @@ initContainer:
     registry: ""
     repository: pdx/postgresql
     jfrogRepository: tibco-platform-local-docker/dx/postgresql
-    tag: 14.5.0-debian-11-r35
+    tag: 14.12.0-debian-12-r4
     digest: ""

build/platform/provision-samples/recipe.template.yaml

@@ -19,13 +19,13 @@
 capabilityId: tibcohub
 version:
   - 1
-  - 1
+  - 2
   - 0
 recipe:
   helmCharts:
     - name: tibco-developer-hub
       namespace: ${NAMESPACE}
-      version: 1.1.6
+      version: 1.2.11
       repository:
         chartMuseum:
           host: ${HELM_REPO}

build/platform/provision-samples/tibco-hub-cp-recipe.json

@@ -16,7 +16,7 @@
     "dependsOn": [
       {
         "capabilityId": "OAUTH2PROXY",
-        "version": [1, 1, 0]
+        "version": [1, 2, 0]
       }
     ],
     "provisioningRoles": ["DEV_OPS"],
@@ -29,7 +29,7 @@
             "install": true
           },
           "name": "tibco-developer-hub",
-          "version": "1.1.6",
+          "version": "1.2.11",
           "namespace": "${NAMESPACE}",
           "repository": {
             "chartMuseum": {

build_and_push_custom_image_to_aws_ecr.sh

@@ -0,0 +1,16 @@
+echo "Building and push The TIBCO DeveloperHub custom docker image to AWS ECR"
+
+# ---- Configuration ---
+# Local AWS profile to use
+AWS_PROFILE="<AWS_PROFILE>"
+# AWS Region of ECR
+AWS_REGION="<AWS_REGION>"
+# AWS Account number
+AWS_ACCOUNT_NR="<AWS_ACCOUNT_NUMBER>"
+# Name of the container image repository (in ECR)
+CONTAINER_NAME="<ECR_CONTAINER_NAME>"
+
+
+# Do the build & push to ECR
+cd ./platform-scripts
+./aws_build_and_push_devhub_container_to_ecr.sh "$AWS_PROFILE" "$AWS_REGION" "$AWS_ACCOUNT_NR" "$CONTAINER_NAME"

config.d.ts

@@ -16,6 +16,11 @@ export interface Config {
      * @visibility frontend
      */
     showBuildVersion?: boolean;
+    /**
+     * Show developer hub version. String value. Displays currently deployed version.
+     * @visibility frontend
+     */
+    developerHubVersion?: string;
   };
   // enable and configure loading org entities into catalog
   orgCatalog?: {
@@ -77,10 +82,15 @@ export interface Config {
     }[];
   };
   /**
-   * Control plain link for the TIBCO® Developer Hub
+   * Control plane link for the TIBCO® Developer Hub
    * @visibility frontend
    */
   cpLink?: string;
+  /**
+   * Custom version name for the TIBCO® Developer Hub
+   * @visibility frontend
+   */
+  tibcoDeveloperHubCustomAppVersion?: string;
   /**
    * Frontend root URL
    * @visibility frontend