Merge remote-tracking branch 'origin/master' into ja_20231203_hapi_7_0

Author: dotasek

.github/workflows/chart-test.yaml

@@ -10,7 +10,7 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-22.04
-    container: quay.io/helmpack/chart-testing:v3.8.0@sha256:f058c660a28d99a9394ae081d98921efe068079531f247c86b8054e3c9d407aa
+    container: quay.io/helmpack/chart-testing:v3.10.1@sha256:7d8a7f99fc5840142249cc33ed6d9752fc66b92f9e1bf792d987ee85227d84da
     steps:
       - name: Install helm-docs
         working-directory: /tmp
@@ -27,7 +27,7 @@ jobs:
           git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter
 
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
@@ -41,17 +41,17 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        k8s-version: [1.25.9, 1.26.4, 1.27.2]
+        k8s-version: [1.25.11, 1.26.6, 1.27.3, 1.28.0, 1.29.0]
     needs:
       - lint
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -62,7 +62,7 @@ jobs:
           fi
 
       - name: Create k8s Kind Cluster
-        uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
         if: ${{ steps.list-changed.outputs.changed == 'true' }}
         with:
           cluster_name: kind-cluster-k8s-${{ matrix.k8s-version }}

charts/hapi-fhir-jpaserver/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 12.5.6
-digest: sha256:4d21dbc02bbdb55b957b0093e37376853727de82396abfadfaf1d738bd51b8e6
-generated: "2023-06-03T20:58:45.922102213+02:00"
+  version: 13.2.27
+digest: sha256:6374f6f32d32adbe6763c48e2d817d85ec20a1784b2aea1fb0312c658f8e58e9
+generated: "2024-01-10T17:56:36.521957926+01:00"

charts/hapi-fhir-jpaserver/Chart.yaml

@@ -7,21 +7,25 @@ sources:
   - https://github.com/hapifhir/hapi-fhir-jpaserver-starter
 dependencies:
   - name: postgresql
-    version: 12.5.6
+    version: 13.2.27
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
-appVersion: 6.8.3
-version: 0.14.0
+appVersion: 6.10.1
+version: 0.15.0
 annotations:
   artifacthub.io/license: Apache-2.0
+  artifacthub.io/containsSecurityUpdates: "false"
+  artifacthub.io/operator: "false"
+  artifacthub.io/prerelease: "false"
+  artifacthub.io/recommendations: |
+    - url: https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
+    - url: https://artifacthub.io/packages/helm/bitnami/postgresql
   artifacthub.io/changes: |
     # When using the list of objects option the valid supported kinds are
     # added, changed, deprecated, removed, fixed, and security.
-    - kind: added
-      description: updated starter image to 6.8.3
-    - kind: fixed
-      description: incorrect handling of existing secret database config
-    - kind: added
-      description: support for using a non-admin user for the postgres database
-    - kind: added
-      description: ability to create a dedicated ServiceAccount
+    - kind: changed
+      description: updated starter image to 6.10.1
+    - kind: changed
+      description: updated curlimages/curl to 8.5.0
+    - kind: changed
+      description: "updated postgresql sub-chart to 13.2.27. ⚠️: this updates the used PostgreSQL image from v15 to v16."

charts/hapi-fhir-jpaserver/README.md

@@ -1,6 +1,6 @@
 # HAPI FHIR JPA Server Starter Helm Chart
 
-![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.8.3](https://img.shields.io/badge/AppVersion-6.8.3-informational?style=flat-square)
+![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.10.1](https://img.shields.io/badge/AppVersion-6.10.1-informational?style=flat-square)
 
 This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
 
@@ -15,7 +15,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 
 | Repository | Name | Version |
 |------------|------|---------|
-| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.5.6 |
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 13.2.27 |
 
 ## Values
 
@@ -36,7 +36,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
 | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted |
 | image.repository | string | `"hapiproject/hapi"` | the path inside the repository |
-| image.tag | string | `"v6.8.3@sha256:6195f1116ebabfb0a608addde043b3e524c456c4d4f35b3d25025afd7dcd2e27"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
+| image.tag | string | `"v6.10.1@sha256:4eac1b3481180b028616d1fab7e657e368538063d75f7ed3be2032e34c657dd4"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
 | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
 | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
 | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
@@ -57,10 +57,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | postgresql.auth.database | string | `"fhir"` | name for a custom database to create |
 | postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. |
 | postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used |
-| postgresql.primary.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
-| postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
-| postgresql.primary.containerSecurityContext.runAsNonRoot | bool | `true` |  |
-| postgresql.primary.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | replicaCount | int | `1` | number of replicas to deploy |
 | resources | object | `{}` | configure the FHIR server's resource requests and limits |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |

charts/hapi-fhir-jpaserver/templates/deployment.yaml

@@ -31,7 +31,7 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: wait-for-db-to-be-ready
-          image: docker.io/bitnami/postgresql:15.3.0-debian-11-r7@sha256:cc301eef743685f4f69d1d719853988e8a9650c90fd9521f4742ce400b3fdf6a
+          image: docker.io/bitnami/postgresql:16.1.0-debian-11-r18@sha256:06f1f2297f6241a02bd8e8c025b31625254ca66784ac75a4a62e945fa611d045
           imagePullPolicy: IfNotPresent
           {{- with .Values.restrictedContainerSecurityContext }}
           securityContext:

charts/hapi-fhir-jpaserver/values.yaml

@@ -7,7 +7,7 @@ image:
   # -- the path inside the repository
   repository: hapiproject/hapi
   # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image.
-  tag: "v6.8.3@sha256:6195f1116ebabfb0a608addde043b3e524c456c4d4f35b3d25025afd7dcd2e27"
+  tag: "v6.10.1@sha256:4eac1b3481180b028616d1fab7e657e368538063d75f7ed3be2032e34c657dd4"
   # -- image pullPolicy to use
   pullPolicy: IfNotPresent
 
@@ -121,15 +121,6 @@ postgresql:
     # picked from this secret in this case.
     # The value is evaluated as a template.
     existingSecret: ""
-  primary:
-    containerSecurityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-          - ALL
-      runAsNonRoot: true
-      seccompProfile:
-        type: RuntimeDefault
 
 # -- readiness probe
 # @ignored
@@ -240,7 +231,7 @@ curl:
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
+    tag: 8.6.0@sha256:c3b8bee303c6c6beed656cfc921218c529d65aa61114eb9e27c62047a1271b9b
 
 tests:
   # -- configure the test pods resource requests and limits

configs/app/index.html

@@ -0,0 +1,3 @@
+<p>
+    Greetings from the custom web app page!
+</p>

custom/about.html

@@ -0,0 +1,14 @@
+<p>
+    <b>This is a custom about page! It means you have configured 'custom_content_path: ./custom' in the application.yaml</b>
+</p>
+<p>
+    This server provides a complete implementation of the FHIR Specification
+    using a 100% open source software stack.
+</p>
+<p>
+    This server is built
+    from a number of modules of the
+    <a href="https://github.com/hapifhir/hapi-fhir/">HAPI FHIR</a>
+    project, which is a 100% open-source (Apache 2.0 Licensed) Java based
+    implementation of the FHIR specification.
+</p>

custom/logo.jpg

@@ -0,0 +1,14 @@
+<p>
+    <b>This is a custom welcome page! It means you have configured 'custom_content_path: ./custom' in the application.yaml</b>
+</p>
+<p>
+    This server provides a complete implementation of the FHIR Specification
+    using a 100% open source software stack.
+</p>
+<p>
+    This server is built
+    from a number of modules of the
+    <a href="https://github.com/hapifhir/hapi-fhir/">HAPI FHIR</a>
+    project, which is a 100% open-source (Apache 2.0 Licensed) Java based
+    implementation of the FHIR specification.
+</p>