From 498053b4d59c449c48ee034e77206ad8f3c6f05c Mon Sep 17 00:00:00 2001
From: Giovanni Toraldo <71768+gionn@users.noreply.github.com>
Date: Wed, 28 Feb 2024 10:46:10 +0100
Subject: [PATCH] OPSEXP-2502 Add required security context to adf app chart
 (#235)

---
 charts/alfresco-adf-app/Chart.lock                | 6 +++---
 charts/alfresco-adf-app/Chart.yaml                | 4 ++--
 charts/alfresco-adf-app/README.md                 | 7 ++++---
 charts/alfresco-adf-app/templates/_helpers.tpl    | 1 +
 charts/alfresco-adf-app/templates/deployment.yaml | 2 ++
 charts/alfresco-adf-app/values.yaml               | 5 ++++-
 6 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/charts/alfresco-adf-app/Chart.lock b/charts/alfresco-adf-app/Chart.lock
index 365571ab..56fa511b 100644
--- a/charts/alfresco-adf-app/Chart.lock
+++ b/charts/alfresco-adf-app/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: alfresco-common
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 3.1.0
-digest: sha256:9c28428c3dce7c46decd859744075a51482adc21b4c21427840695fcaa23039d
-generated: "2024-02-15T18:04:01.787711+01:00"
+  version: 3.1.2
+digest: sha256:230deb46616c8921522dc68470ba18d8d445b931e8eb49ba09d4d3042732a24b
+generated: "2024-02-28T10:02:05.315617+01:00"
diff --git a/charts/alfresco-adf-app/Chart.yaml b/charts/alfresco-adf-app/Chart.yaml
index 6f50746f..2121dd4d 100644
--- a/charts/alfresco-adf-app/Chart.yaml
+++ b/charts/alfresco-adf-app/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: alfresco-adf-app
 description: A generic Alfresco Development Framework Helm chart for Kubernetes
 type: application
-version: 0.1.0-alpha.0
+version: 0.1.0-alpha.1
 dependencies:
   - name: alfresco-common
-    version: 3.1.0
+    version: 3.1.2
     repository: https://alfresco.github.io/alfresco-helm-charts/
diff --git a/charts/alfresco-adf-app/README.md b/charts/alfresco-adf-app/README.md
index 402e88a3..1dfe2c04 100644
--- a/charts/alfresco-adf-app/README.md
+++ b/charts/alfresco-adf-app/README.md
@@ -1,6 +1,6 @@
 # alfresco-adf-app
 
-![Version: 0.1.0-alpha.0](https://img.shields.io/badge/Version-0.1.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.0-alpha.1](https://img.shields.io/badge/Version-0.1.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A generic Alfresco Development Framework Helm chart for Kubernetes
 
@@ -10,7 +10,7 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.0 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.2 |
 
 ## Values
 
@@ -35,7 +35,8 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
+| podSecurityContext.runAsNonRoot | bool | `true` |  |
+| podSecurityContext.runAsUser | int | `101` | Retrocompat with Activiti Common chart |
 | replicaCount | int | `1` |  |
 | resources.limits.cpu | string | `"100m"` |  |
 | resources.limits.memory | string | `"128Mi"` |  |
diff --git a/charts/alfresco-adf-app/templates/_helpers.tpl b/charts/alfresco-adf-app/templates/_helpers.tpl
index fe6275ba..6f75767a 100644
--- a/charts/alfresco-adf-app/templates/_helpers.tpl
+++ b/charts/alfresco-adf-app/templates/_helpers.tpl
@@ -40,6 +40,7 @@ helm.sh/chart: {{ include "alfresco-adf-app.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: {{ .Chart.Name }}
 {{- end }}
 
 {{/*
diff --git a/charts/alfresco-adf-app/templates/deployment.yaml b/charts/alfresco-adf-app/templates/deployment.yaml
index 22562941..7ec1bdbd 100644
--- a/charts/alfresco-adf-app/templates/deployment.yaml
+++ b/charts/alfresco-adf-app/templates/deployment.yaml
@@ -4,6 +4,8 @@ metadata:
   name: {{ include "alfresco-adf-app.fullname" . }}
   labels:
     {{- include "alfresco-adf-app.labels" . | nindent 4 }}
+  annotations:
+    checkov.io/skip1: CKV_K8S_40=older docker images requires specific uid
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
diff --git a/charts/alfresco-adf-app/values.yaml b/charts/alfresco-adf-app/values.yaml
index 85972779..75d54776 100644
--- a/charts/alfresco-adf-app/values.yaml
+++ b/charts/alfresco-adf-app/values.yaml
@@ -23,7 +23,10 @@ serviceAccount:
 podAnnotations: {}
 podLabels: {}
 
-podSecurityContext: {}
+podSecurityContext:
+  # -- Retrocompat with Activiti Common chart
+  runAsUser: 101
+  runAsNonRoot: true
 
 securityContext: {}