- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow.
- Strengthened admin credentials in realm configuration to meet password policy requirements.
- Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic:
- Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image.
- Switched health endpoint from `/ready` to `/live` for single-node use.
- Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup.
- Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Documented the completed Keycloak hardening steps, including PKCE S256 support, CORS security improvements, strengthened password policy, and logout redirect URI configurations. Verified and updated the `meldestelle-realm.json` and roadmap to reflect these changes.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Added a Prometheus scrape job for Keycloak metrics. Updated Alertmanager to use Mailpit for local testing. Completed documentation consolidation and marked cleanup-related tasks as done in the master roadmap.
Removed `# syntax=docker/dockerfile:1.8` from various Dockerfiles as it is no longer needed. Updated `.gitea/workflows/docker-publish.yaml` to enhance ARM64 build reliability with host driver enforcement and commented out unused caching configurations for clarity.
Replaced Redis with Valkey as the caching backend across infrastructure and application modules. Updated configurations, templates, and health checks to reflect Valkey-specific parameters. Improved compatibility with enhanced configurability, including max memory and memory eviction policy settings.
Updated `dc-infra.yaml` to enable automatic restart (`unless-stopped`), introduce dynamic memory allocations via environment variables, and adjust healthcheck intervals for reduced load. Enhanced `postgresql.conf` with performance tuning comments, schema search path inclusion for Keycloak and app users, and SSL adjustments for internal communication.
Updated Dockerfile to streamline the hybrid build process and optimize artifact integration. Modified Caddyfile for better routing logic, enhanced security headers, Prometheus metrics, and improved API proxy handling. Adjusted `dc-gui.yaml` for container stability and simplified runtime configuration for `apiBaseUrl`. Expanded documentation with troubleshooting and session logs.
Replaced multi-stage Docker builds with a hybrid approach that pre-builds frontend artifacts locally and copies them into the container. Removed Kotlin Multiplatform configurations from the root project to resolve NodeJsRootPlugin conflicts. Adjusted `.dockerignore` to allow pre-built artifacts and increased Gradle/Kotlin daemon memory for faster builds. Updated Caddyfile for runtime stability and added documentation for new build processes.
- Updated Gradle version in `.env`, Dockerfiles, and wrapper to 9.3.1.
- Replaced alias-based application of `kotlinMultiplatform` plugin with direct `id` usage in subprojects to resolve "Plugin loaded multiple times" error.
- Applied centralized plugin management and Gradle daemon optimizations to improve Docker build stability and address KMP classloading issues.
Introduced `config.json` runtime configuration fetch mechanism to support the "Build Once, Deploy Everywhere" pattern. Replaced NGINX with Caddy for SPA deployment, enabling SPA routing, security headers, and static asset management. Updated Gradle and Kotlin/JS build configurations to align with the new runtime environment. Enhanced Dockerfile and health checks for optimized CI/CD workflows and improved SPA delivery.
- Updated Webpack config to exclude SQLite workers from parsing and Terser minification, fixing related errors and improving build speed.
- Adjusted Dockerfile to disable source maps for production builds, reducing build time and memory usage.
- Modified Gradle build configuration to respect the `noSourceMaps` flag during Docker builds.
- Adjusted Dockerfile’s build process for production-only artifacts.
- Removed unused `WEB_BUILD_PROFILE` from `dc-gui.yaml`.
- Optimized Gradle settings for better caching and performance.
- Updated `.dockerignore` to include source packages previously excluded by mistake.
- Documented E2E smoke test results for Ktor 3.4.0 and Exposed 1.0.0 migration in new reports and session logs.
- Introduced a fallback mechanism for desktop and web-app builds, ensuring robustness in distribution creation and static asset handling.
- Added a default SVG favicon to prevent 404 errors in the web-app.
- Updated Nginx configuration and Dockerfiles to include improved artifact paths, fallback handling, and script corrections.
Added `contracts/` directory to the Docker build context and adjusted Gradle setup to handle required dependencies. Simplified Dockerfile by removing redundant comments and streamlined artifact copying for NGINX configuration. Updated `.dockerignore` to exclude `docs/` directory from the build context.
Improved `PlatformConfig` API base URL resolution with enhanced logging and fallback logic. Revised database initialization with version checks, schema migration, and error handling. Updated Keycloak configuration to enable `Direct Access Grants` and refine CORS/redirect settings. Adjusted Webpack proxy settings for correct API routing.
- Added `sqlite.worker.js` for custom SQLite Web Worker setup compatible with SQLDelight.
- Enhanced Webpack configuration in `sqlite-config.js` for SQLite-related assets and dynamic path resolution.
- Updated Koin `apiClient` setup to dynamically inject Authorization headers using the `HttpSend` plugin.
- Fixed Keycloak realm configuration to include new local URLs (`http://localhost:8080`).
- Removed redundant Web Worker copy tasks from Gradle and adjusted Kotlin code for streamlined worker creation.
Updated Dockerfiles to fix frontend path references after refactoring. Refactored `networkModule` to replace the `Auth` plugin with manual auth header injection for enhanced logout support. Adjusted Keycloak realm configuration to set default credentials as non-temporary. Improved error handling in `AuthApiClient` with detailed response messages.
Added Mailpit setup and updated Keycloak configuration in local development runbooks. Improved Docker Compose stability with updated service dependencies and configurations. Archived outdated journal entries and documents for better organization.
Enhanced `ping-service` documentation with architectural, implementation, and API details. Added a new journal entry outlining the troubleshooting steps for backend startup issues, including fixes for Dockerfile paths, Gradle build conflicts, and Keycloak pre-build configuration.
Added a comprehensive runbook detailing the local Docker-based development setup. Updated Dockerfile paths for Nginx and Keycloak to simplify configuration and improve clarity.
Umfangreiches Refactoring der Projektkonfiguration zur klaren Trennung von Build-, Runtime- und Applikations-Logik.
Änderungen im Detail:
- Struktur: Neuorganisation des `config/` Verzeichnisses in logische Bereiche:
- `config/docker`: Reine Infrastruktur-Configs (Postgres, Redis, Nginx, Monitoring).
- `config/quality`: Statische Code-Analyse (Detekt, Lint).
- `config/app`: Gemeinsame Spring-Boot-Konfigurationen.
- Docker Compose:
- Einführung von Profilen (`infra`, `backend`, `ops`, `gui`, `tools`) für gezieltes Starten von Teilbereichen.
- Anpassung aller Volume-Pfade auf die neue Struktur.
- Spring Boot Config:
- Zentralisierung gemeinsamer Einstellungen (Datasource, Redis, JPA) in `config/app/base-application.yml`.
- Parametrisierung der Hosts für nahtlosen Wechsel zwischen Docker und Localhost.
- Bereinigung der service-spezifischen `application.yaml` Dateien (z.B. Ping-Service).
- Cleanup: Entfernen redundanter "Ghost-Files" (`versions.toml`, `central.toml`, `config/.env`), um eine echte Single Source of Truth (SSoT) zu gewährleisten.
