Merge pull request #25 from swaroopar/feature/buildDevZitadelImage

Feature/build dev zitadel image

Author: iskey

.github/workflows/build-zitadel-dev-images.yml

@@ -0,0 +1,89 @@
+name: Build Zitadel Dev Images
+
+on:
+  workflow_dispatch:
+
+env:
+  BOT_USER_NAME: eclipse-xpanse-bot
+  BOT_EMAIL_ID: [email protected]
+  REGISTRY: ghcr.io
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ env.BOT_USER_NAME }}
+          password: ${{ secrets.BOT_GITHUB_DOCKER_TOKEN }}
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.6.1
+
+      - name: build custom postgres image with changed PGDATA
+        run: |
+          docker build -t custom-pg-db:latest .
+        working-directory: zitadel/local/build
+
+      - name: start containers using docker build
+        run: |
+          mkdir ${{ runner.temp }}/machinekey
+          VOLUME_POINT=${{ runner.temp }}/machinekey docker compose up -d
+        working-directory: zitadel/local/build
+
+      - name: Wait for API Response
+        uses: mydea/action-wait-for-api@v1
+        continue-on-error: true
+        with:
+          url: "http://localhost:8088/debug/healthz"
+          expected-status: "200"   # You can specify other 2xx codes as needed
+          timeout: "60"           # Maximum wait time in seconds
+          interval: "10"
+
+      - name: copy admin service account key
+        run: |
+          cp ${{ runner.temp }}/machinekey/* .
+        working-directory: zitadel/terraform
+
+      - name: configure Zitadel
+        run: |
+          terraform init 
+          terraform apply -var-file=environments/local.tfvars -auto-approve
+          terraform output -json > output.json
+        working-directory: zitadel/terraform
+
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: access details  # Name of the artifact
+          path: zitadel/terraform/*.json
+
+      - name: commit images
+        run: |
+          JOB_LINK="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          docker stop compose-zitadel-1
+          docker stop compose-db-1
+          docker commit  --change="LABEL job_link=\"$JOB_LINK\""  compose-zitadel-1 xpanse-zitadel-dev-server
+          docker commit  --change="LABEL job_link=\"$JOB_LINK\""  compose-db-1 xpanse-zitadel-dev-db
+
+      - name: Build and push Docker image
+        run: |
+          JOB_LINK="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          docker tag xpanse-zitadel-dev-server:latest ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-server:latest
+          docker tag xpanse-zitadel-dev-db:latest ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-db:latest
+          docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-server:latest
+          docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/xpanse-zitadel-dev-db:latest

.gitignore

@@ -5,4 +5,5 @@
 *.hcl
 *.tfstate
 *token.json
-*.tfstate.backup
+*.tfstate.backup
+zitadel-admin-sa.json

zitadel/README.md

@@ -12,7 +12,7 @@ config the xpanse project with the service instance of Zitadel.
 
 Here are two types of service instance deployment solutions. You can deploy a local service instance
 of Zitadel according
-to the document [local-installation-steps.md](local/local-installation-steps.md) or deploy a
+to the document [local-installation-steps.md](local/run/run-dev-zitadel-containers) or deploy a
 production service instance of
 Zitadel according to the
 document [testbed-installation-steps.md](testlab/testbed-installation-steps.md).

zitadel/local/build/Dockerfile

@@ -0,0 +1,5 @@
+FROM postgres:16-alpine
+
+# This is necessary. Otherwise the data written to the container will not be part of the created image.
+RUN mkdir -p /var/lib/postgresql-static/data
+ENV PGDATA=/var/lib/postgresql-static/data

zitadel/local/build/build-dev-zitadel-images.md

@@ -0,0 +1,21 @@
+# Build Zitadel Dev Docker Images
+
+To enhance developer experience, we prepare the Zitadel development docker images with all necessary configurations. 
+The developer will have to simply start these application and database docker containers and 
+then the environment is ready to use without any additional configuration. 
+
+## Image Build Job
+
+The GitHub action [build-dev-images](../../../.github/workflows/build-zitadel-dev-images.yml) builds the necessary images 
+and uploads it to the GitHub packages and also uploads all configuration details to action artifacts.
+
+> Images will be always simply built with 'latest' tag. 
+
+## Configure Client Systems
+
+Whenever this job is executed, the images generated will contain new information for all clients. 
+Hence, it is necessary for the developer to also update the following files whenever a new image is created 
+and also inform team that the latest images must be pulled. 
+
+- [xpanse UI auth config](https://github.com/eclipse-xpanse/xpanse-ui/blob/main/.env.zitadel-local)
+- [xpanse app auth config](https://github.com/eclipse-xpanse/xpanse/blob/main/runtime/src/main/resources/application-zitadel.properties)

zitadel/local/build/docker-compose.yaml

@@ -0,0 +1,50 @@
+services:
+  zitadel:
+    user: "${UID:-1001}"
+    restart: 'always'
+    networks:
+      - 'zitadel'
+    image: 'ghcr.io/zitadel/zitadel:latest'
+    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
+    environment:
+      ZITADEL_DATABASE_POSTGRES_HOST: db
+      ZITADEL_DATABASE_POSTGRES_PORT: 5432
+      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
+      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
+      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
+      ZITADEL_EXTERNALSECURE: false
+      ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH: /machinekey/zitadel-admin-sa.json
+      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME: zitadel-admin-sa
+      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME: Admin
+      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE: 1
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: false
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: Zitadel@123 # Default admin password.
+    depends_on:
+      db:
+        condition: 'service_healthy'
+    ports:
+      - '8088:8080'
+    volumes:
+      - ${VOLUME_POINT:-./machinekey}:/machinekey:rw
+
+  db:
+    restart: 'always'
+    image: custom-pg-db # Custom postgres image.
+    environment:
+      PGUSER: postgres
+      POSTGRES_PASSWORD: postgres
+    networks:
+      - 'zitadel'
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres" ]
+      interval: '10s'
+      timeout: '2400s'
+      retries: 500
+      start_period: '20s'
+
+networks:
+  zitadel:

zitadel/local/build/machinekey/.gitkeep

@@ -0,0 +1,29 @@
+services:
+  zitadel:
+    # The user should have the permission to write to ./machinekey
+    user: "${UID:-1001}"
+    restart: 'always'
+    networks:
+      - 'zitadel-dev'
+    image: ghcr.io/eclipse-xpanse/xpanse-zitadel-dev-server:latest # image built locally by commiting an already initialized zitadel server
+    command: 'start --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
+    depends_on:
+      db:
+        condition: 'service_healthy'
+    ports:
+      - '8088:8080'
+
+  db:
+    restart: 'always'
+    image: ghcr.io/eclipse-xpanse/xpanse-zitadel-dev-db:latest # image built locally by commiting an already initialized zitadel Postgres DB
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres" ]
+      interval: '10s'
+      timeout: '2400s'
+      retries: 500
+      start_period: '20s'
+    networks:
+      - 'zitadel-dev'
+
+networks:
+  zitadel-dev: