francoisvandenplas · callaertanthony · Nov 6, 2024 · Nov 6, 2024 · Nov 11, 2024 · Nov 12, 2024
diff --git a/.dev/dev_arm64.yaml → .dev/dev.yaml b/.dev/dev_arm64.yaml → .dev/dev.yaml
@@ -1,9 +1,3 @@
-# This is a compose file designed for arm64/Apple Silicon systems
-# To adapt this to x86 please find and replace ".arm64" with empty
-
-# ARM64 supported images for kafka can be found here
-# https://hub.docker.com/r/confluentinc/cp-kafka/tags?page=1&name=arm64
----
 version: '3.8'
 name: "kafbat-ui-dev"
 
@@ -32,8 +26,7 @@ services:
       KAFKA_CLUSTERS_0_AUDIT_CONSOLEAUDITENABLED: 'true'
 
   kafka0:
-    image: confluentinc/cp-kafka:7.6.0.arm64
-    user: "0:0"
+    image: confluentinc/cp-kafka:7.8.0
     hostname: kafka0
     container_name: kafka0
     ports:
@@ -60,7 +53,7 @@ services:
       CLUSTER_ID: 'MkU3OEVBNTcwNTJENDM2Qk'
 
   schema-registry0:
-    image: confluentinc/cp-schema-registry:7.6.0.arm64
+    image: confluentinc/cp-schema-registry:7.8.0
     ports:
       - 8085:8085
     depends_on:
@@ -76,7 +69,7 @@ services:
       SCHEMA_REGISTRY_KAFKASTORE_TOPIC: _schemas
 
   kafka-connect0:
-    image: confluentinc/cp-kafka-connect:7.6.0.arm64
+    image: confluentinc/cp-kafka-connect:7.8.0
     ports:
       - 8083:8083
     depends_on:
@@ -101,7 +94,7 @@ services:
       CONNECT_PLUGIN_PATH: "/usr/share/java,/usr/share/confluent-hub-components,/usr/local/share/kafka/plugins,/usr/share/filestream-connectors"
 
   ksqldb0:
-    image: confluentinc/cp-ksqldb-server:7.6.0.arm64
+    image: confluentinc/cp-ksqldb-server:7.8.0
     depends_on:
       - kafka0
       - kafka-connect0
@@ -119,7 +112,7 @@ services:
       KSQL_CACHE_MAX_BYTES_BUFFERING: 0
 
   kafka-init-topics:
-    image: confluentinc/cp-kafka:7.6.0.arm64
+    image: confluentinc/cp-kafka:7.8.0
     volumes:
       - ../documentation/compose/data/message.json:/data/message.json
     depends_on:

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -1 +1,2 @@
 github: [kafbat]
+open_collective: kafka-ui
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -14,6 +14,23 @@ updates:
     - "type/dependencies"
     - "scope/backend"
 
+- package-ecosystem: docker
+  directory: "/api"
+  schedule:
+    interval: weekly
+    time: "10:00"
+    timezone: Europe/London
+  reviewers:
+    - "kafbat/backend"
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: "azul/zulu-openjdk-alpine"
+    # Limit dependabot pull requests to minor Java upgrades
+    update-types: ["version-update:semver-major"]
+  labels:
+    - "type/dependencies"
+    - "scope/backend"
+
 - package-ecosystem: npm
   directory: "/frontend"
   schedule:

diff --git a/.github/workflows/backend_main.yml b/.github/workflows/backend_main.yml
@@ -19,7 +19,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  build-and-test:
     uses: ./.github/workflows/backend_tests.yml
     with:
       event_name: ${{ github.event_name }}
diff --git a/.github/workflows/backend_pr.yml b/.github/workflows/backend_pr.yml
@@ -20,7 +20,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  build-and-test:
     uses: ./.github/workflows/backend_tests.yml
     with:
       event_name: ${{ github.event_name }}
diff --git a/.github/workflows/backend_tests.yml b/.github/workflows/backend_tests.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 

diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
       - name: Build

diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
       - name: Build

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -45,7 +45,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 

diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml
@@ -1,5 +1,9 @@
 name: "Infra: CVE checks"
 on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ "main" ]
   workflow_dispatch:
   schedule:
     # * is a special character in YAML so you have to quote this string
@@ -9,7 +13,8 @@ permissions:
   contents: read
 
 jobs:
-  build-and-test:
+
+  check-cves:
     runs-on: ubuntu-latest
 
     steps:
@@ -20,7 +25,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 
@@ -62,8 +67,17 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
 
       - name: Run CVE checks
-        uses: aquasecurity/trivy-action@0.19.0
+        uses: aquasecurity/trivy-action@0.29.0
         with:
           image-ref: "ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }}"
           format: "table"
           exit-code: "1"
+
+  notify:
+    needs: check-cves
+    if: ${{ always() && needs.build-and-test.result == 'failure' && github.event_name == 'schedule' }}
+    uses: ./.github/workflows/infra_discord_hook.yml
+    with:
+      message: "Attention! CVE checks run failed! Please fix them CVEs :("
+    secrets:
+      DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL_CVE }}
diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml
@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        registry: [ 'docker.io', 'ghcr.io', 'ecr' ]
+        registry: [ 'docker.io', 'ghcr.io', 'public.ecr.aws' ]
 
     runs-on: ubuntu-latest
     steps:
@@ -31,7 +31,8 @@ jobs:
           name: image
           path: /tmp
 
-      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      # setup containerd to preserve provenance attestations:
+      # https://docs.docker.com/build/attestations/#creating-attestations
       - name: Setup docker with containerd
         uses: crazy-max/ghaction-setup-docker@v3
         with:
@@ -63,33 +64,33 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Configure AWS credentials
-        if: matrix.registry == 'ecr'
+        if: matrix.registry == 'public.ecr.aws'
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: us-east-1 # This region only for public ECR
           role-to-assume: ${{ secrets.AWS_ROLE }}
 
       - name: Login to public ECR
-        if: matrix.registry == 'ecr'
+        if: matrix.registry == 'public.ecr.aws'
         id: login-ecr-public
         uses: aws-actions/amazon-ecr-login@v2
         with:
           registry-type: public
 
-      - name: define env vars
+      - name: Define env vars for container registry URL
         run: |
-          if [ ${{matrix.registry }} == 'docker.io' ]; then
-            echo "REGISTRY=${{ matrix.registry }}" >> $GITHUB_ENV
-            echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV
-          elif [ ${{ matrix.registry }} == 'ghcr.io' ]; then
-            echo "REGISTRY=${{ matrix.registry }}" >> $GITHUB_ENV
-            echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV
-          elif [ ${{ matrix.registry }} == 'ecr' ]; then
+          if [ ${{ matrix.registry }} == 'public.ecr.aws' ]; then
+            # vars.ECR_REGISTRY value is expected to be of the `public.ecr.aws/<public_ecr_id>` form
+            # The `public_ecr_id` must be a *default* alias associated with public regsitry (rather
+            # than a custom alias)
             echo "REGISTRY=${{ vars.ECR_REGISTRY }}" >> $GITHUB_ENV
+            # Trim GH Org name so that resulting Public ECR URL has no duplicate org name
+            # Public ECR default alias: public.ecr.aws/<public_ecr_id>/kafka-ui
+            # Public ECR custom alias:  public.ecr.aws/kafbat/kafka-ui
+            echo "REPOSITORY=$(basename ${{ github.repository }})" >> $GITHUB_ENV
+          else # this covers the case of docker.io and ghcr.io
+            echo "REGISTRY=${{ matrix.registry }}" >> $GITHUB_ENV
             echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV
-          else
-            echo "REGISTRY=" >> $GITHUB_ENV
-            echo "REPOSITORY=notworking" >> $GITHUB_ENV
           fi
 
       - name: Push images to ${{ matrix.registry }}

diff --git a/.github/workflows/e2e-run.yml b/.github/workflows/e2e-run.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v3
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 
@@ -72,7 +72,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v3
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 

diff --git a/.github/workflows/frontend_main.yml b/.github/workflows/frontend_main.yml
@@ -15,5 +15,5 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  build-and-test:
     uses: ./.github/workflows/frontend_tests.yml
diff --git a/.github/workflows/frontend_pr.yml b/.github/workflows/frontend_pr.yml
@@ -16,5 +16,5 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  build-and-test:
     uses: ./.github/workflows/frontend_tests.yml
diff --git a/.github/workflows/frontend_tests.yml b/.github/workflows/frontend_tests.yml
@@ -23,12 +23,12 @@ jobs:
 
       - uses: pnpm/[email protected]
         with:
-          version: 9.11.0
+          version: 9.15.4
 
       - name: Install node
         uses: actions/[email protected]
         with:
-          node-version: "18.17.1"
+          node-version: "22.12.0"
           cache: "pnpm"
           cache-dependency-path: "./frontend/pnpm-lock.yaml"
 

diff --git a/.github/workflows/infra_discord_hook.yml b/.github/workflows/infra_discord_hook.yml
@@ -0,0 +1,27 @@
+name: 'Discord hook'
+
+on:
+  workflow_call:
+    inputs:
+      message:
+        description: 'Message text'
+        required: true
+        type: string
+    secrets:
+      DISCORD_WEBHOOK_URL:
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+
+  hook:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Discord on Failure
+        uses: Ilshidur/[email protected]
+        with:
+          args: ${{ inputs.message }}
+        env:
+          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 

diff --git a/.github/workflows/md-links.yml b/.github/workflows/md-links.yml
@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 jobs:
-  build-and-test:
+  lint-md:
     runs-on: ubuntu-latest
 
     steps:

diff --git a/.github/workflows/pr_linter.yml b/.github/workflows/pr_linter.yml
@@ -5,13 +5,12 @@ on:
 permissions:
   checks: write
 jobs:
-  task-check:
+  check-tasks:
     runs-on: ubuntu-latest
     steps:
       - uses: kentaro-m/[email protected]
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
       - uses: dekinderfiets/[email protected]
-        if: false # TODO remove when public
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: "17"
+          java-version: "21"
           distribution: "zulu"
           cache: "maven"
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
 

diff --git a/.github/workflows/separate_env_public_create.yml b/.github/workflows/separate_env_public_create.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'zulu'
           cache: 'maven'
       - name: Build

diff --git a/.github/workflows/workflow_linter.yml b/.github/workflows/workflow_linter.yml
@@ -9,7 +9,7 @@ permissions:
   contents: read
 
 jobs:
-  build-and-test:
+  lint-workflows:
     runs-on: ubuntu-latest
 
     steps:

diff --git a/.gitignore b/.gitignore
@@ -42,3 +42,4 @@ build/
 *.tgz
 
 /docker/*.override.yaml
+/e2e-tests/allure-results/
Original file line number	Diff line number	Diff line change
Expand Up		@@ -42,3 +42,4 @@ build/
		*.tgz

		/docker/*.override.yaml
		/e2e-tests/allure-results/