chore: jira license setup

.github/workflows/lint.yaml

@@ -1,15 +1,16 @@
 # Copyright 2024 Defense Unicorns
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
-name: Scan
+name: Lint
 
 on:
   # This workflow is triggered on pull requests to the main branch.
   pull_request:
-    # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
-    types: [milestoned, opened, reopened, synchronize]
+    branches: [main]
+    # milestoned is added here so that a PR can be re-triggered if it is milestoned.
+    types: [milestoned, opened, edited, synchronize]
 
 jobs:
-  validate:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@7826099a1ceb4657f9cd502968dea8e0e7753ac6 # v1.7.0
+  run:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@664946ed5f6a5fe6a19f4ba6fcdc909981aefbe4 # v1.6.2
     secrets: inherit

.github/workflows/release.yaml

@@ -17,16 +17,21 @@ permissions:
 jobs:
   publish:
     permissions:
-      contents: write # Allows reading the content of the repository.
-      packages: write # Allows reading the content of the repository's packages.
+      contents: write
+      packages: write
       id-token: write
     strategy:
       matrix:
-        flavor: [upstream, registry1]
-        architecture: [amd64]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@7826099a1ceb4657f9cd502968dea8e0e7753ac6 # v1.7.0
+        flavor: [upstream, registry1, unicorn]
+        architecture: [amd64, arm64]
+        exclude:
+          - flavor: upstream
+            architecture: arm64
+          - flavor: unicorn
+            architecture: arm64
+    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@664946ed5f6a5fe6a19f4ba6fcdc909981aefbe4 # v1.6.2
     with:
       flavor: ${{ matrix.flavor }}
-      runsOn: uds-marketplace-ubuntu-big-boy-8-core
+      runsOn: ${{ matrix.architecture == 'arm64' && 'uds-marketplace-ubuntu-arm64-4-core' || 'uds-marketplace-ubuntu-big-boy-4-core' }}
       uds-releaser: true
     secrets: inherit # Inherits all secrets from the parent workflow.

.github/workflows/test.yaml

@@ -3,48 +3,48 @@
 
 name: Test
 
-# This workflow is triggered on pull requests to the main branch.
 on:
+  # This workflow is triggered on pull requests to the main branch.
   pull_request:
-    branches: [main]
-    types: [milestoned, opened, synchronize]
+    # milestoned is added here so that a PR can be re-triggered if it is milestoned.
+    types: [milestoned, opened, reopened, synchronize]
     paths-ignore:
       - "**.md"
       - "**.jpg"
       - "**.png"
       - "**.gif"
       - "**.svg"
-      - "adr/**"
-      - "docs/**"
-      - ".gitignore"
-      - "renovate.json"
-      - ".release-please-config.json"
-      - "release-please-config.json"
-      - "oscal-component.yaml"
-      - "CODEOWNERS"
-      - "LICENSE"
-      - "CONTRIBUTING.md"
-      - "SECURITY.md"
+      - adr/**
+      - docs/**
+      - .gitignore
+      - renovate.json
+      - .release-please-config.json
+      - release-please-config.json
+      - CODEOWNERS
+      - LICENSE
+      - CONTRIBUTING.md
+      - SECURITY.md
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+  packages: read # Allows reading the content of the repository's packages.
+  id-token: write
 
 # Abort prior jobs in the same workflow / PR
 concurrency:
   group: test-${{ github.ref }}
   cancel-in-progress: true
 
-permissions:
-  contents: read
-  id-token: write
-  packages: read
-
 jobs:
   check-flavor:
-    runs-on: uds-marketplace-ubuntu-big-boy-8-core
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: test-flavor
-        uses: defenseunicorns/uds-common/.github/actions/test-flavor@7826099a1ceb4657f9cd502968dea8e0e7753ac6 # v1.7.0
+        uses: defenseunicorns/uds-common/.github/actions/test-flavor@664946ed5f6a5fe6a19f4ba6fcdc909981aefbe4 # v1.6.2
         id: test-flavor
     outputs:
       upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
@@ -55,12 +55,12 @@ jobs:
       fail-fast: false
       matrix:
         type: [install, upgrade]
-        flavor: [upstream, registry1]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@7826099a1ceb4657f9cd502968dea8e0e7753ac6 # v1.7.0
+        flavor: [upstream, unicorn]
+    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@664946ed5f6a5fe6a19f4ba6fcdc909981aefbe4 # v1.6.2
     with:
+      timeout: 30
       runsOn: uds-marketplace-ubuntu-big-boy-8-core
       upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}
       flavor: ${{ matrix.flavor }}
       type: ${{ matrix.type }}
-      reports-path: "tests/.playwright/reports/"
     secrets: inherit # Inherits all secrets from the parent workflow.

.gitignore

@@ -19,10 +19,20 @@ zarf-sbom
 tmp/
 values-*.yaml
 overlay-values-*
+.tool-versions
 
 # Terraform
 test/tf/public-ec2-instance/.test-data
 test/tf/public-ec2-instance/.terraform
 terraform.tfstate
 terraform.tfstate.backup
 .terraform.lock.hcl
+
+# Tests
+node_modules/
+.playwright/
+tests/*.png
+
+# VSCode
+.vscode/
+

README.md

@@ -8,7 +8,7 @@ This package is designed to be deployed on [UDS Core](https://github.com/defense
 
 > Jira software is a popular project management tool used by teams to plan, track, and manage their work. It offers features such as issue tracking, agile project management, and customizable workflows, making it a versatile solution for software development and other project-based teams.
 
-## Pre-requisites
+## Prerequisites
 
 The Jira Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core) with the dependencies listed below being configured prior to deployment.
 

chart/templates/jira-admin.yaml

@@ -0,0 +1,13 @@
+# Copyright 2025 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: jira-admin
+type: Opaque
+data:
+  username: {{ .Values.setup.admin.username | b64enc }}
+  password: {{ .Values.setup.admin.password | b64enc }}
+  email: {{ .Values.setup.admin.email | b64enc }}
+  fullname: {{ .Values.setup.admin.fullname | b64enc }}

chart/templates/jira-python-exemption.yaml

@@ -0,0 +1,20 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+apiVersion: uds.dev/v1alpha1
+kind: Exemption
+metadata:
+  name: "jira-setup-exemption"
+  namespace: uds-policy-exemptions
+spec:
+  exemptions:
+    - description: Allow Jira setup job to run as root for Python package installation
+      matcher:
+        kind: pod
+        name: ^jira-setup-.*
+        namespace: jira
+      policies:
+        - RequireNonRootUser
+        - DropAllCapabilities
+        - RestrictCapabilities
+        - DisallowPrivileged