feat: genai stack (#3)

* genai stack inital stack

Author: daniel-butler-irl

.catalog-onboard-pipeline.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+offerings:
+  - name: Watson_X_-_Generative_AI
+    kind: solution
+    catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd
+    offering_id: d113359a-921d-4474-965a-4e612c4c1bfe
+    variations:
+      - name: genai-stack-1234
+        mark_ready: false
+        install_type: fullstack
+        format_kind: stack
+        validation_type: projects
+        scc:
+          instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
+          region: us-south

.releaserc

@@ -10,6 +10,9 @@
     }],
     ["@semantic-release/exec", {
       "successCmd": "echo \"SEMVER_VERSION=${nextRelease.version}\" >> $GITHUB_ENV"
-    }]
+    }],
+      ["@semantic-release/exec",{
+        "publishCmd": "./ci/trigger-catalog-onboarding-pipeline.sh --version=v${nextRelease.version}"
+      }]
   ]
 }

ibm_catalog.json

@@ -1,19 +1,283 @@
 {
-  "products": [
-    {
-      "label": "stack-template",
-      "name": "stack-template",
-      "product_kind": "solution",
-      "tags": [
-        "converged_infra"
-      ],
-      "offering_icon_url": "https://globalcatalog.cloud.ibm.com/api/v1/1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc/artifacts/solution.svg",
-      "flavors": [
-        {
-          "compliance": {},
-          "architecture": {}
-        }
-      ]
-    }
-  ]
+	"products": [
+		{
+			"label": "Watson X - Generative AI",
+			"name": "Watson_X_-_Generative_AI",
+			"product_kind": "solution",
+			"tags": [
+				"watson",
+				"converged_infra"
+			],
+			"keywords": [
+				"watson",
+				"ai",
+				"compliance",
+				"fscloud",
+				"genai",
+				"ibmcloud",
+				"financial services",
+				"watsonx",
+				"llm",
+				"secure",
+				"secret manager",
+				"key protect",
+				"scc"
+			],
+			"short_description": "Deploys a sample Retrieval Augmented Generation application, including all supporting IBM Cloud and Watson services.",
+			"long_description": "This deployable architecture provides a comprehensive foundation for trust, observability, security, and regulatory compliance  by configuring and deploying various services, including:\n- Configuring IBM Cloud Account: with recommended values meeting the [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about)\n- Deploying Observability Services: for application and platform logging and monitoring\n- Deploying Keys and Secrets Management Services: for storage and management of encryption keys and secrets\n- Deploying CI/CD/CC Pipelines: for secure application lifecycle management\n- Deploying a Suite of Watson AI Services: to provide AI capabilities to the application \n\nThese configured and deployed services enable a secure and trustworthy deployment of Generative AI applications on IBM Cloud.\n\n# Objective\n\nThis deployable architecture is designed to showcase a fully automated deployment of a retrieval augmented generation application through IBM Cloud Project, providing a flexible and customizable foundation for your own Watson-based application deployments on IBM Cloud. This architecture deploys the following [banking sample application](https://github.com/IBM/gen-ai-rag-watsonx-sample-application) by default.\n\nBy leveraging this architecture, you can accelerate your deployment and tailor it to meet your unique business needs and enterprise goals.",
+			"offering_docs_url": "https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md",
+			"offering_icon_url": "https://globalcatalog.cloud.ibm.com/api/v1/1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc/artifacts/solution.svg",
+			"features": [
+				{
+					"title": "Retrieval Augmented Generation sample pattern",
+					"description": "Deploy a banking retrieval augmented generation (RAG) sample application to IBM Cloud Code Engine using Continous Delivery."
+				},
+				{
+					"title": "Ensure Observability",
+					"description": "Provides observability by deploying services such as IBM Log Analysis, IBM Monitoring, IBM Activity Tracker, and log retention."
+				},
+				{
+					"title": "Implement Security",
+					"description": "The architecture ensures security by deploying IBM Key Protect and IBM Secrets Manager."
+				},
+				{
+					"title": "Achieve Regulatory Compliance",
+					"description": "Ensures regulatory compliance by implementing CI/CD/CC pipelines, along with IBM SCC for secure application lifecycle management."
+				},
+				{
+					"title": "Establish Trust",
+					"description": "Ensures trust by configuring the IBM Cloud account to align with compliance settings as defined in the Financial Services framework."
+				}
+			],
+			"flavors": [
+				{
+					"label": "GenAI Stack",
+					"name": "genai-stack-1234",
+					"licenses": [
+						{
+							"id": "LICENSE",
+							"name": "LICENSE",
+							"type": "text/plain",
+							"description": "LICENSE"
+						}
+					],
+					"compliance": {
+						"authority": "scc-v3",
+						"profiles": [
+							{
+								"profile_name": "AI ICT Guardrails",
+								"profile_version": "1.0.0"
+							}
+						]
+					},
+					"iam_permissions": [
+						{
+							"service_name": "iam-groups",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Administrator"
+							]
+						},
+						{
+							"service_name": "cloud-object-storage",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::serviceRole:Manager",
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "iam-identity",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Administrator"
+							]
+						},
+						{
+							"service_name": "atracker",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::serviceRole:Writer",
+								"crn:v1:bluemix:public:iam::::role:Administrator"
+							]
+						},
+						{
+							"service_name": "kms",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::serviceRole:Manager",
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "compliance",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::serviceRole:Manager",
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "pm-20",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "data-science-experience",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "aiopenscale",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "conversation",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						},
+						{
+							"service_name": "discovery",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Editor"
+							]
+						}
+					],
+					"architecture": {
+						"features": [
+							{
+								"title": "Retrieval Augmented Generation sample pattern",
+								"description": "Deploy a banking retrieval augmented generation (RAG) sample application to IBM Cloud Code Engine using Continous Delivery."
+							},
+							{
+								"title": "Ensure Observability",
+								"description": "The architecture provides observability by deploying services such as IBM Log Analysis, IBM Monitoring, IBM Activity Tracker, and log retention through Cloud Object Storage buckets."
+							},
+							{
+								"title": "Implement Security",
+								"description": "The architecture ensures security by deploying IBM Key Protect and IBM Secrets Manager."
+							},
+							{
+								"title": "Achieve Regulatory Compliance",
+								"description": "The architecture ensures regulatory compliance by implementing CI/CD/CC pipelines, along with IBM Security Compliance Center (SCC) for secure application lifecycle management."
+							},
+							{
+								"title": "Establish Trust",
+								"description": "The architecture ensures trust by configuring the IBM Cloud account to align with compliance settings as defined in the Financial Services framework."
+							}
+						],
+						"diagrams": [
+							{
+								"diagram": {
+									"url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/RAG Pattern v2-part-2.svg",
+									"caption": "Reference architecture",
+									"type": "image/svg+xml",
+									"thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/RAG Pattern v2-part-2.svg"
+								},
+								"description": "Reference architecture"
+							},
+							{
+								"diagram": {
+									"url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg",
+									"caption": "Solution components",
+									"type": "image/svg+xml",
+									"thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-retrieval-augmented-generation/main/reference-architecture/rag-stack.svg"
+								},
+								"description": "Solution components"
+							}
+						]
+					},
+					"configuration": [
+						{
+							"key": "prefix",
+							"type": "string",
+							"default_value": "gen-ai",
+							"description": "A prefix added to the name of all resources created by this solution. Used to avoid name clashes in the target account when existing this solution multiple times.",
+							"required": true
+						},
+						{
+							"key": "signing_key",
+							"type": "password",
+							"description": "The key used to sign the application image built by the CI pipeline deployed in this solution; please refer to the documentation at https://github.com/terraform-ibm-modules/stack-retrieval-augmented-generation/blob/main/README.md for generating the key; if not set, all resources will deploy successfully, but the initial CI pipeline execution will fail at the signing step.",
+							"display_name": "Multiline secure value",
+							"required": false,
+							"custom_config": {
+								"type": "multiline_secure_value",
+								"grouping": "deployment",
+								"original_grouping": "deployment"
+							}
+						},
+						{
+							"key": "region",
+							"type": "string",
+							"default_value": "us-south",
+							"description": "The region in which all resources are deployed.",
+							"required": false,
+							"options": [
+								{
+									"displayname": "us-south",
+									"value": "us-south"
+								},
+								{
+									"displayname": "eu-de",
+									"value": "eu-de"
+								}
+							]
+						},
+						{
+							"key": "resource_group_name",
+							"type": "string",
+							"default_value": "rag-services",
+							"description": "The name of the resource group that is created by this solution. The actual name is prefixed with the value of the input 'prefix'.  All resources created by this solution are deployed in this resource group.",
+							"required": false
+						},
+						{
+							"key": "watsonx_admin_api_key",
+							"type": "password",
+							"description": "The API key used to provision the watson project resources. If not set, the API key used to deploy the solution is used.",
+							"required": false
+						},
+						{
+							"key": "secret_manager_service_plan",
+							"type": "string",
+							"default_value": "trial",
+							"description": "The service/pricing plan to use when provisioning a new Secrets Manager instance. Only one trial instance is allowed per account.",
+							"required": false,
+							"options": [
+								{
+									"displayname": "Trial",
+									"value": "trial"
+								},
+								{
+									"displayname": "Standard",
+									"value": "standard"
+								}
+							]
+						},
+						{
+							"key": "existing_secrets_manager_crn",
+							"type": "string",
+							"default_value": "__NULL__",
+							"description": "The CRN of an existing secret manager instance to use in this solution. If not set, a new secret manager instance is provisioned.",
+							"required": false
+						},
+						{
+							"key": "enable_platform_logs_metrics",
+							"type": "boolean",
+							"default_value": false,
+							"description": "Whether to provision logging and monitoring instances are configured to receive all platform logs and metrics in the target region. There can only be one instance per region provisioned for platform logs/metrics.",
+							"required": false
+						},
+						{
+							"key": "existing_kms_instance_crn",
+							"type": "string",
+							"default_value": "__NULL__",
+							"description": "The CRN of an existing KMS instance to use in this solution. If not set, a new KP instance is provisioned.",
+							"required": false
+						}
+					],
+					"install_type": "fullstack"
+				}
+			]
+		}
+	]
 }