Merge branch '2.x-docker-image' of 'https://github.com/jjmerchante/grimoirelab'

Merges #783
Closes #783

Author: jjmerchante

.github/workflows/docker-image.yml

@@ -15,13 +15,17 @@ jobs:
   build-image:
     runs-on: ubuntu-latest
     environment: docker-release
+    permissions:
+      contents: read
+      id-token: write # needed for signing the images with GitHub OIDC Token
+
     steps:
       - name: Install Cosign
-        uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
 
       - name: Docker metadata
         id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: |
             ${{ env.DOCKER_IMAGE_NAME }}
@@ -30,33 +34,35 @@ jobs:
             type=raw,value=${{ inputs.version }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
         with:
           platforms: linux/arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Login to DockerHub
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build and push
         id: build-and-push
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           platforms: linux/amd64,linux/arm64
           context: "{{defaultContext}}:docker"
           push: true
           tags: ${{ steps.meta.outputs.tags }}
 
-      - name: Sign image with a key
-        run: |
-          echo "${TAGS}" | xargs -I {} cosign sign -y -r --key env://COSIGN_PRIVATE_KEY "{}@${DIGEST}"
+      - name: Sign the images with GitHub OIDC Token
         env:
-          TAGS: ${{ steps.meta.outputs.tags }}
-          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.meta.outputs.tags }}
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}

.github/workflows/tests.yml

@@ -31,8 +31,7 @@ jobs:
         python-version: ${{ matrix.python-version }}
     - name: Install poetry
       run: |
-        curl -sSL https://install.python-poetry.org | python3 -
-        echo "PATH=$HOME/.poetry/bin:$PATH" >> $GITHUB_ENV
+        pipx install poetry
     - name: Install dependencies
       run: |
         poetry install --with tests -vvv

README.md

@@ -23,7 +23,7 @@ or visiting the [GrimoireLab website](https://chaoss.github.io/grimoirelab).
 - Linux/MacOS (Windows not supported yet)
 - Python >= 3.11
 - MySQL >= 8.0/ MariaDB >= 11.4
-- Redis database >= 7.4
+- Redis / Valkey database
 - OpenSearch >= 2.0
 
 To simplify the setup of the development environment, you can use the provided
@@ -104,7 +104,7 @@ Some environment variables you might need to change are:
 
 - **GrimoireLab common settings**:
   - `GRIMOIRELAB_DEBUG`: to activate the debug mode (`true` or `false` values)
-- **Redis configuration**
+- **Redis/Valkey configuration**
   - `GRIMOIRELAB_REDIS_HOST`: ip address of the server
   - `GRIMOIRELAB_REDIS_PORT`: port of the server
   - `GRIMOIRELAB_REDIS_PASSWORD`: password for the server

default-grimoirelab-settings/nginx.conf.template

@@ -1,7 +1,4 @@
 
-upstream sortinghat {
-  server sortinghat:9314;
-}
 upstream grimoirelab_core {
   server grimoirelab_core:9314;
 }
@@ -21,23 +18,6 @@ server {
       uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
   }
 
-  location /identities {
-      rewrite ^/identities/(.*) /$1 break;
-
-      include /etc/nginx/uwsgi_params;
-      uwsgi_pass sortinghat;
-      uwsgi_param Host $host;
-      uwsgi_param X-Real-IP $remote_addr;
-      uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-      uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
-  }
-
-  location ~ ^/identities/(css|js|fonts)/ {
-    rewrite ^/identities/(.*) /$1 break;
-
-    root /sortinghat;
-  }
-
   location /static/ {
     alias /grimoirelab_core/;
   }

docker-compose/README.md

@@ -83,7 +83,7 @@ for running GrimoireLab in development mode.
 By default, it includes:
 
 - MariaDB running on port 3306
-- Redis running on port 6379
+- Valkey running on port 6379
 - OpenSearch running on port 9200
 - OpenSearch Dashboards running on port 5601
 

docker-compose/docker-compose-development.yml

@@ -1,49 +1,20 @@
-version: '2.2'
-
 services:
-    mariadb:
-      image: mariadb:11.4
-      ports:
-        - "3306:3306"
-      environment:
-        - MYSQL_ROOT_PASSWORD=
-        - MYSQL_ALLOW_EMPTY_PASSWORD=yes
-      healthcheck:
-        test: [ "CMD", "/usr/local/bin/healthcheck.sh", "--su=root", "--connect", "--innodb_initialized" ]
-        retries: 5
+  mariadb:
+    extends:
+      file: ./docker-compose.yml
+      service: mariadb
 
-    redis:
-      image: redis:7.4
-      ports:
-        - "6379:6379"
-      healthcheck:
-        test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
-        retries: 5
+  valkey:
+    extends:
+      file: ./docker-compose.yml
+      service: valkey
 
-    opensearch-node1:
-      image: opensearchproject/opensearch:2.11.1
-      environment:
-        - cluster.name=opensearch-cluster
-        - node.name=opensearch-node1
-        - discovery.type=single-node
-        - bootstrap.memory_lock=true
-        - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      ulimits:
-        memlock:
-          soft: -1
-          hard: -1
-        nofile:
-          soft: 65536
-          hard: 65536
-      ports:
-        - 9200:9200
-        - 9600:9600
+  opensearch-node1:
+    extends:
+      file: ./docker-compose.yml
+      service: opensearch-node1
 
-    opensearch-dashboards:
-      image: opensearchproject/opensearch-dashboards:2.11.1
-      ports:
-        - 5601:5601
-      expose:
-        - "5601"
-      environment:
-        OPENSEARCH_HOSTS: '["https://opensearch-node1:9200"]'
+  opensearch-dashboards:
+    extends:
+      file: ./docker-compose.yml
+      service: opensearch-dashboards