Release version v1.8

.github/workflows/ci.yaml

@@ -15,16 +15,16 @@ jobs:
           EOF
 
       - name: Check out repository code
-        uses: actions/[email protected].6
+        uses: actions/[email protected].7
 
       - name: Install Golang
-        uses: actions/[email protected].1
+        uses: actions/[email protected].2
         with:
           go-version-file: go.mod
           check-latest: true
           cache: true
 
-      - uses: actions/[email protected].2
+      - uses: actions/[email protected].3
         with:
           node-version: '18'
 
@@ -39,7 +39,7 @@ jobs:
         run: go mod download
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6.0.1
+        uses: golangci/golangci-lint-action@v6.1.0
         with:
           version: v1.57.2
           args: --timeout 7m

.github/workflows/master-build.yaml

@@ -19,10 +19,10 @@ jobs:
           EOF
 
       - name: Check out repository code
-        uses: actions/[email protected].6
+        uses: actions/[email protected].7
 
       - name: Log in to GHCR.io
-        uses: docker/login-action@v3.2.0
+        uses: docker/login-action@v3.3.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -60,9 +60,9 @@ jobs:
           EOF
 
       - name: Check out repository code
-        uses: actions/[email protected].6
+        uses: actions/[email protected].7
       - name: Log in to GHCR.io
-        uses: docker/login-action@v3.2.0
+        uses: docker/login-action@v3.3.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}

CONTRIBUTING.md

@@ -9,7 +9,12 @@
 
 ## Contributor Guidelines and Governance
 
-Please see [CONTRIBUTING](https://github.com/spiffe/spiffe/blob/main/CONTRIBUTING.md) and [GOVERNANCE](https://github.com/spiffe/spiffe/blob/main/GOVERNANCE.md) from the SPIFFE project. 
+Please see [CONTRIBUTING](https://github.com/spiffe/spiffe/blob/main/CONTRIBUTING.md) and [GOVERNANCE](https://github.com/spiffe/spiffe/blob/main/GOVERNANCE.md) from the SPIFFE project for community guidelines. 
+
+> [!IMPORTANT] 
+> Before opening a new issue, search for any existing issues [here](https://github.com/spiffe/tornjak/issues) to avoid duplication.
+
+If you're new to this project, we recommend you join us on [Slack](https://spiffe.slack.com/archives/C024JTTK58T) for discussion of potential new features. 
 
 ## Pre-built images
 
@@ -26,20 +31,54 @@ In order to build, we require the following installations:
 
 ## Building Executables and Images
 
-Building Tornjak manually can be done with the Makefile. Notable make targets follow:
+Building Tornjak manually can be done with the Makefile. Below is a list of local executable builds: 
 - `make bin/tornjak-backend`: makes the Go executable of the Tornjak backend
 - `make bin/tornjak-manager`: makes the Go executable of the Tornjak manager
 - `make frontend-local-build`: makes the optimized ReactJS app locally for the Tornjak frontend. Uses environment variable configuration as in tornjak-frontend/.env
+
+And below is a list of container image builds: 
 - `make image-tornjak-backend`: containerizes Go executable of the Tornjak backend
 - `make image-tornjak-manager`:containerizes Go executable of the Tornjak manager
 - `make image-tornjak-frontend`: containerizes React JS app for the Tornjak frontend
-- `make image-tornjak`: containerizes Tornjak backend with Tornjak frontend
 
 For usage instructions of the containers, please see our [USAGE document](./USAGE.md) to get started.
 
 ## Development
 
-We welcome all development attempst and contributions from the community. The easiest place to start is by reviewing our code architecture diagrams available in our [api documentation](./docs/tornjak-ui-api-documentation.md#11-overview).
+We welcome all development attempts and contributions from the community. The easiest place to start is by reviewing our code architecture diagrams available in our [api documentation](./docs/tornjak-ui-api-documentation.md#11-overview).
+
+## Opening a pull request
+
+1. Fork the tornjak repo
+2. Ensure your branch is based on the latest commit in `dev`
+3. Commit changes to your fork. Make sure your commit messages contain a `Signed-off-by: <your-email-address>` line (see `git-commit --signoff`) to certify the [DCO](/DCO)
+4. Test your PR locally and ensure all tests in Github actions pass
+5. Open a [pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/)
+  against the upstream `dev` branch
+
+> [!IMPORTANT] 
+> Please make sure you open all PRs against the `dev` branch
+
+> [!IMPORTANT] 
+> For any new feature design, or feature level changes, please create an issue first, then submit a PR with design details before code implementation.
+
+## After your pull request is submitted
+
+At least one maintainer must approve the pull request.
+
+Once your pull request is submitted, it's your responsibility to:
+
+* Respond to reviewer's feedback
+* Keep it merge-ready at all times until it has been approved and actually merged
+
+Following approval, the pull request will be merged by the last maintainer to approve the request.
+
+#### Third-party code
+
+When third-party code must be included, all licenses must be preserved. This includes modified
+third-party code and excerpts, as well.
+
+Thank you for contributing to Tornjak!
 
 ## Local testing
 

Dockerfile.backend-container

@@ -18,10 +18,10 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then CC=aarch64-alpine-linux-musl; fi && \
     go build --tags 'sqlite_json' -mod=vendor -ldflags '-s -w -linkmode external -extldflags "-static"' -o bin/tornjak-backend ./cmd/agent/main.go
 
 FROM alpine AS runtime
-RUN mkdir -p /opt/spire
+RUN mkdir -p /opt/tornjak
 
-WORKDIR /opt/spire
-ENTRYPOINT ["/opt/spire/run_backend.sh"]
+WORKDIR /opt/tornjak
+ENTRYPOINT ["/opt/tornjak/run_backend.sh"]
 
 # Add init
 COPY scripts/run_backend.sh run_backend.sh

Dockerfile.backend-container.ubi

@@ -18,10 +18,10 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then CC=aarch64-alpine-linux-musl; fi && \
     go build --tags 'sqlite_json' -mod=vendor -ldflags '-s -w -linkmode external -extldflags "-static"' -o bin/tornjak-backend ./cmd/agent/main.go
 
 FROM registry.access.redhat.com/ubi8-micro:latest AS runtime
-RUN mkdir -p /opt/spire
+RUN mkdir -p /opt/tornjak
 
-WORKDIR /opt/spire
-ENTRYPOINT ["/opt/spire/run_backend.sh"]
+WORKDIR /opt/tornjak
+ENTRYPOINT ["/opt/tornjak/run_backend.sh"]
 
 # Add init
 COPY scripts/run_backend.sh run_backend.sh

USAGE.md

@@ -1,14 +1,14 @@
 # Usage
 
-We publish four container images currently:
+We publish and support three container images currently:
 - [Tornjak Backend](https://github.com/spiffe/tornjak/pkgs/container/tornjak-backend): This image can be deployed as a sidecar with any SPIRE server. 
 - [Tornjak Manager](https://github.com/spiffe/tornjak/pkgs/container/tornjak-manager): A container that runs this image exposes a port to register multiple Tornjak backends and forward typical commands to multiple Tornjak backends from one API. 
 - [Tornjak Frontend](https://github.com/spiffe/tornjak/pkgs/container/tornjak-frontend): This image is typically deployed after the Tornjak Backend or Manager are deployed, as it requires a URL to connect directly to the Tornjak backend API.  
-- [Tornjak](https://github.com/spiffe/tornjak/pkgs/container/tornjak): This image containing both Tornjak Backend and Frontend components can deployed as a sidecar alongside a SPIRE Server container
 
-NOTE: Previously, we had images placing the Tornjak backend and SPIRE server in the same container, but these are currently deprecated. The above is a comprehensive list of images
+> [!NOTE]
+> Previously, we had images placing the Tornjak backend and SPIRE server in the same container, but these are currently deprecated. The above is a comprehensive list of supported images
 
-Pre-built images can be found at the above links. To decide which tag to use, typically choose a release from [this page](https://github.com/spiffe/tornjak/releases) and choose the corresponding tag. For example, if you are interested in release `tornjak-1.0.2`, then choose image tag `v1.0.2`.
+Pre-built images can be found at the above links. To decide which tag to use, typically choose a release from [this page](https://github.com/spiffe/tornjak/releases) and choose the corresponding tag. For example, if you are interested in release `v1.7.0`, then choose image tag `v1.7.0`.
 
 ### Compatibility Table
 
@@ -17,11 +17,11 @@ Please see below for compatibility charts of SPIRE server versions with Tornjak:
 | Tornjak version        | SPIRE Server version |
 | :--------------------- | :------------------- |
 | v1.1.x, v1.2.x, v1.3.x | v1.1.x, v1.2.x, v1.3.x, v1.4.x |
-| v1.4.x, v1.5.x, v1.6.x | v1.5.x, v1.6.x, v1.7.x, v1.8.x, v1.9.x|
+| v1.4.x, v1.5.x, v1.6.x, v1.7.x | v1.5.x, v1.6.x, v1.7.x, v1.8.x, v1.9.x|
 
-## Tornjak Backend
+## [Tornjak Backend](https://github.com/spiffe/tornjak/pkgs/container/tornjak-backend)
 
-This is meant to be deployed where it can access a SPIRE server. To run, the container has three arguments:
+The backend is designed to be deployed where it can access a SPIRE server. To run, the container has three arguments:
 
 | Flag                   | Description                                                 | Default | Arguments | Required |
 |:-----------------------|:------------------------------------------------------------|:--------|:----------|:---------|
@@ -49,7 +49,9 @@ This creates a service listening on container port 50000, forwarded to localhost
 
 ## Tornjak Frontend
 
-The frontend is meant to connect to either the Tornjak backend or the Tornjak manager. To run the container, we must set some environment variables:
+The Tornjak frontend container exposes a browser application and must be able to connect to either the Tornjak backend or the Tornjak manager. 
+
+The container requires certain environment variables be set. Below is a comprehensive list of all environment variables: 
 
 | Variable                    | Description | Default | Example Argument | Required |
 |:----------------------------|-------------|--|--|--|
@@ -64,26 +66,11 @@ The frontend is meant to connect to either the Tornjak backend or the Tornjak ma
 | `REACT_APP_SPIRE_HEALTH_CHECK_ENABLE` | Enable SPIRE health check component | `false` | `true` | false |
 
 ```
-docker run -p 3000:8080 -e REACT_APP_API_SERVER_URI='http://localhost:50000' -e REACT_APP_TORNJAK_MANAGER=true -e PORT_FE-8080 -e REACT_APP_SPIRE_HEALTH_CHECK=true ghcr.io/spiffe/tornjak-frontend:latest
+docker run -p 3000:8080 -e REACT_APP_API_SERVER_URI='http://localhost:50000' -e REACT_APP_TORNJAK_MANAGER=true -e PORT_FE=8080 -e REACT_APP_SPIRE_HEALTH_CHECK=true ghcr.io/spiffe/tornjak-frontend:latest
 ```
 
 The above command is an example of how to run the frontend. This creates a UI available at http://localhost:3000 forwarded from container port `8080`. It is listening to a Tornjak manager component available at http://localhost:50000, and knows to run in manager mode with the `REACT_APP_TORNJAK_MANAGER` flag. The last environment variables namely, `REACT_APP_SPIRE_HEALTH_CHECK_ENABLE` is used to enable the SPIRE health check component. 
 
-## Tornjak
-
-This container may be used as an alternative to having a frontend and backend container separately. The backend is configured exactly as the [Tornjak backend] with container arguments, and the frontend is configured exactly as the [Tornjak frontend] with container environment variables. 
-
-An example command:
-
-```
-docker run -p 10000:10000 -p 3000:8080 -e REACT_APP_API_SERVER_URI='http://localhost:10000' -e PORT_FE-8080 -e PORT_BE-10000 ghcr.io/spiffe/tornjak:latest --spire-config <SPIRE CONFIG PATH> --tornjak-config <TORNJAK CONFIG PATH>
-```
-
-The above command creates a UI available at `http://localhost:3000` forwarded from container port `8080`. It is listening to the Tornjak backend at `http://localhost:10000`, as given by the `REACT_APP_API_SERVER_URI` value. At the same time, the container is exposing port `10000` for the backend, which reads the SPIRE config and Tornjak config at `<SPIRE CONFIG PATH>` and `<TORNJAK CONFIG PATH>` respectively. 
-
-NOTE: The value of `REACT_APP_API_SERVER_URI` must be a URI that is separately available to any browser that accesses the frontend. Therefore, in production environments, it is necessary that backend service endpoint be public. 
-
-
 ## Further steps
 
 It is recommended to try a full deployment of the Tornjak frontend, backend, and SPIRE Server in minikube. Please see our [tutorial document](docs/quickstart/README.md) for step-by-step instructions.