eclipse-xpanse
diff --git a/‎.github/workflows/build-zitadel-dev-images.yml
+60-12 b/‎.github/workflows/build-zitadel-dev-images.yml
+60-12
diff --git a/‎.gitignore
+2-1 b/‎.gitignore
+2-1
diff --git a/‎zitadel/README.md
+1-1 b/‎zitadel/README.md
+1-1
diff --git a/‎zitadel/local/build/Dockerfile
+5 b/‎zitadel/local/build/Dockerfile
+5
diff --git a/‎zitadel/local/build/build-dev-zitadel-images.md
+21 b/‎zitadel/local/build/build-dev-zitadel-images.md
+21
diff --git a/‎zitadel/local/build/docker-compose.yaml
+50 b/‎zitadel/local/build/docker-compose.yaml
+50
diff --git a/‎zitadel/local/build/machinekey/.gitkeep b/‎zitadel/local/build/machinekey/.gitkeep
diff --git a/‎zitadel/local/compose/docker-compose-local.yaml
-38 b/‎zitadel/local/compose/docker-compose-local.yaml
-38
diff --git a/‎zitadel/local/local-installation-steps.md
-37 b/‎zitadel/local/local-installation-steps.md
-37
diff --git a/‎zitadel/local/run/docker-compose.yml
+29 b/‎zitadel/local/run/docker-compose.yml
+29
diff --git a/‎zitadel/local/run/run-dev-zitadel-containers.md
+40 b/‎zitadel/local/run/run-dev-zitadel-containers.md
+40
diff --git a/‎zitadel/static/docker_run_zitadel_services.png
-8.9 KB b/‎zitadel/static/docker_run_zitadel_services.png
-8.9 KB
diff --git a/‎zitadel/terraform/client-credentials.tf
+1-39 b/‎zitadel/terraform/client-credentials.tf
+1-39
@@ -3,9 +3,17 @@ name: Build Zitadel Dev Images
 on:
   workflow_dispatch:
 
+env:
+  BOT_USER_NAME: eclipse-xpanse-bot
+  BOT_EMAIL_ID: [email protected]
+  REGISTRY: ghcr.io
+
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
 
     steps:
       - name: Check out code
@@ -14,28 +22,68 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ env.BOT_USER_NAME }}
+          password: ${{ secrets.BOT_GITHUB_DOCKER_TOKEN }}
+
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.6.0
+          terraform_version: 1.6.1
 
-      - name: start containers using docker compose
+      - name: build custom postgres image with changed PGDATA
         run: |
-          docker compose up -d
-        working-directory: zitadel/local/compose
+          docker build -t custom-pg-db:latest .
+        working-directory: zitadel/local/build
 
-      - name: copy admin service account key
+      - name: start containers using docker build
         run: |
-          cp machineKey/zitadel-admin-sa.json ../../terraform
-        working-directory: zitadel/local/compose
+          mkdir ${{ runner.temp }}/machinekey
+          VOLUME_POINT=${{ runner.temp }}/machinekey docker compose up -d
+        working-directory: zitadel/local/build
+
+      - name: Wait for API Response
+        uses: mydea/action-wait-for-api@v1
+        continue-on-error: true
+        with:
+          url: "http://localhost:8088/debug/healthz"
+          expected-status: "200"   # You can specify other 2xx codes as needed
+          timeout: "60"           # Maximum wait time in seconds
+          interval: "10"
 
       - name: copy admin service account key
-        run: |  
-          curl -sSL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -o wait-for-it.sh
-          chmod +x wait-for-it.sh
-          ./wait-for-it.sh localhost:8088 --timeout=180 --strict -- echo "Application is up!"  
+        run: |
+          cp ${{ runner.temp }}/machinekey/* .
+        working-directory: zitadel/terraform
 
       - name: configure Zitadel
         run: |
+          terraform init 
           terraform apply -var-file=environments/local.tfvars -auto-approve
-        working-directory: zitadel/terraform
+          terraform output -json > output.json
+        working-directory: zitadel/terraform
+
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: access details  # Name of the artifact
+          path: zitadel/terraform/*.json
+
+      - name: commit images
+        run: |
+          JOB_LINK="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          docker stop compose-zitadel-1
+          docker stop compose-db-1
+          docker commit  --change="LABEL job_link=\"$JOB_LINK\""  compose-zitadel-1 xpanse-zitadel-dev-server
+          docker commit  --change="LABEL job_link=\"$JOB_LINK\""  compose-db-1 xpanse-zitadel-dev-db
+
+      - name: Build and push Docker image
+        run: |
+          JOB_LINK="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          docker tag xpanse-zitadel-dev-server:latest ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-server:latest
+          docker tag xpanse-zitadel-dev-db:latest ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-db:latest
+          docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-server:latest
+          docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-db:latest
@@ -5,4 +5,5 @@
 *.hcl
 *.tfstate
 *token.json
-*.tfstate.backup
+*.tfstate.backup
+zitadel-admin-sa.json
@@ -12,7 +12,7 @@ config the xpanse project with the service instance of Zitadel.
 
 Here are two types of service instance deployment solutions. You can deploy a local service instance
 of Zitadel according
-to the document [local-installation-steps.md](local/local-installation-steps.md) or deploy a
+to the document [local-installation-steps.md](local/run/run-dev-zitadel-containers) or deploy a
 production service instance of
 Zitadel according to the
 document [testbed-installation-steps.md](testlab/testbed-installation-steps.md).
 
@@ -0,0 +1,5 @@
+FROM postgres:16-alpine
+
+# This is necessary. Otherwise the data written to the container will not be part of the created image.
+RUN mkdir -p /var/lib/postgresql-static/data
+ENV PGDATA=/var/lib/postgresql-static/data
@@ -0,0 +1,21 @@
+# Build Zitadel Dev Docker Images
+
+To enhance developer experience, we prepare the Zitadel development docker images with all necessary configurations. 
+The developer will have to simply start these application and database docker containers and 
+then the environment is ready to use without any additional configuration. 
+
+## Image Build Job
+
+The GitHub action [build-dev-images](../../../.github/workflows/build-zitadel-dev-images.yml) builds the necessary images 
+and uploads it to the GitHub packages and also uploads all configuration details to action artifacts.
+
+> Images will be always simply built with 'latest' tag. 
+
+## Configure Client Systems
+
+Whenever this job is executed, the images generated will contain new information for all clients. 
+Hence, it is necessary for the developer to also update the following files whenever a new image is created 
+and also inform team that the latest images must be pulled. 
+
+- [xpanse UI auth config](https://github.com/eclipse-xpanse/xpanse-ui/blob/main/.env.zitadel-local)
+- [xpanse app auth config](https://github.com/eclipse-xpanse/xpanse/blob/main/runtime/src/main/resources/application-zitadel.properties)
@@ -0,0 +1,50 @@
+services:
+  zitadel:
+    user: "${UID:-1001}"
+    restart: 'always'
+    networks:
+      - 'zitadel'
+    image: 'ghcr.io/zitadel/zitadel:latest'
+    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
+    environment:
+      ZITADEL_DATABASE_POSTGRES_HOST: db
+      ZITADEL_DATABASE_POSTGRES_PORT: 5432
+      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
+      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
+      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
+      ZITADEL_EXTERNALSECURE: false
+      ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH: /machinekey/zitadel-admin-sa.json
+      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME: zitadel-admin-sa
+      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME: Admin
+      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE: 1
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: false
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: Zitadel@123 # Default admin password.
+    depends_on:
+      db:
+        condition: 'service_healthy'
+    ports:
+      - '8088:8080'
+    volumes:
+      - ${VOLUME_POINT:-./machinekey}:/machinekey:rw
+
+  db:
+    restart: 'always'
+    image: custom-pg-db # Custom postgres image.
+    environment:
+      PGUSER: postgres
+      POSTGRES_PASSWORD: postgres
+    networks:
+      - 'zitadel'
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres" ]
+      interval: '10s'
+      timeout: '2400s'
+      retries: 500
+      start_period: '20s'
+
+networks:
+  zitadel:
@@ -0,0 +1,29 @@
+services:
+  zitadel:
+    # The user should have the permission to write to ./machinekey
+    user: "${UID:-1001}"
+    restart: 'always'
+    networks:
+      - 'zitadel-dev'
+    image: ghcr.io/eclipse-xpanse/xpanse-zitadel-dev-server:latest # image built locally by commiting an already initialized zitadel server
+    command: 'start --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
+    depends_on:
+      db:
+        condition: 'service_healthy'
+    ports:
+      - '8088:8080'
+
+  db:
+    restart: 'always'
+    image: ghcr.io/eclipse-xpanse/xpanse-zitadel-dev-db:latest # image built locally by commiting an already initialized zitadel Postgres DB
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres" ]
+      interval: '10s'
+      timeout: '2400s'
+      retries: 500
+      start_period: '20s'
+    networks:
+      - 'zitadel-dev'
+
+networks:
+  zitadel-dev:
@@ -0,0 +1,40 @@
+# Local Development Applications of Xpanse with Local Service of Zitadel
+
+This document will describe how to use docker to build a local service of Zitadel.
+
+Clone project [xpanse-iam](https://github.com/eclipse-xpanse/xpanse-iam.git) from remote to workspace in local machine.
+Then enter the root path.
+
+```shell
+git clone https://github.com/eclipse-xpanse/xpanse-iam.git
+cd xpanse-iam/zitadel/local
+ ```
+
+## Deploy Local Service of Zitadel
+
+Before deploying the local service of Zitadel, please install and start the Docker and Docker Compose service in the
+local machine. Then start the local service of Zitadel using the below command:
+
+```shell
+docker compose up -d --pull always
+ ```
+
+The below display appears to indicate that the service has started normally. 
+This step can take around 2 minutes since the database container must sync the changes from 
+
+```shell
+ ✔ Network run_zitadel-dev  Created                                                                                                                                                                                                                                                                            0.4s 
+ ✔ Container run-db-1       Healthy                                                                                                                                                                                                                                                                           10.1s 
+ ✔ Container run-zitadel-1  Started  
+```
+
+Now you can open favorite internet browser and navigate to http://localhost:8088/ui/console. This is the default IAM
+admin users login:
+
+* username: [email protected]
+* password: Zitadel@123
+
+Other application users can be found [here](../../terraform/environments/local.tfvars).
+
+
+
@@ -4,43 +4,5 @@ resource "zitadel_machine_user" "api_client_user" {
   name        = "api-client"
   description = "user for xpanse to make authenticated API calls"
   access_token_type = "ACCESS_TOKEN_TYPE_JWT"
-}
-
-// get the default organization ID. The deployer user is on the default organization.
-data "zitadel_orgs" "default" {
-  name = "ZITADEL"
-  name_method = "TEXT_QUERY_METHOD_EQUALS"
-}
-
-// get the user ID of the deployer user.
-data "zitadel_machine_users" "deployer" {
-  user_name        = "deployer"
-  user_name_method = "TEXT_QUERY_METHOD_EQUALS"
-}
-
-resource "zitadel_instance_member" "default" {
-  user_id = data.zitadel_machine_users.deployer.user_ids[0]
-  roles   = ["IAM_OWNER"]
-}
-
-resource "zitadel_personal_access_token" "apiclient_user_id_token" {
-  org_id          = data.zitadel_orgs.default.ids[0]
-  user_id         = data.zitadel_machine_users.deployer.user_ids[0]
-}
-
-// direct API call since no terraform module available for creating client credentials
-resource "terracurl_request" "machine_secret" {
-    name = "machine_secret"
-    url = "https://${var.domain}:${var.port}/management/v1/users/${resource.zitadel_machine_user.api_client_user.id}/secret"
-    method = "PUT"
-    response_codes = [
-        200
-      ]
-    headers = {
-        x-zitadel-orgid = zitadel_org.xpanse.id
-        Content-Type = "application/json"
-        Accept = "application/json"
-        Authorization = "Bearer ${resource.zitadel_personal_access_token.apiclient_user_id_token.token}"
-        }
-    request_body = ""
+  with_secret = true
 }