chore: Update charm libraries

.github/dependabot.yml

@@ -3,20 +3,62 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore: "
+    groups:
+      github_actions:
+        patterns:
+          - "*"
 
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore: "
+    groups:
+      pip_dependencies:
+        patterns:
+          - "*"
 
   - package-ecosystem: "terraform"
     directory: "/terraform/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     commit-message:
       prefix: "chore: "
+    groups:
+      terraform_modules:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    target-branch: v1.4
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - v1.4
+
+  - package-ecosystem: "pip"
+    target-branch: v1.4
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - v1.4
+
+  - package-ecosystem: "terraform"
+    target-branch: v1.4
+    directory: "/terraform/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore: "
+    labels:
+      - v1.4

.github/workflows/1_4_scheduled_runs.yaml

@@ -0,0 +1,45 @@
+name: Release 1.4
+
+on:
+  schedule:
+    - cron: '0 3 * * 0'
+
+jobs:
+  codeql:
+    name: CodeQL Analysis
+    uses: canonical/sdcore-github-workflows/.github/workflows/codeql-analysis.yml@v0.0
+    with:
+      branch-name: "v1.4"
+
+  lint-report:
+    uses: canonical/sdcore-github-workflows/.github/workflows/lint-report.yaml@v0.0
+    with:
+      branch-name: "v1.4"
+
+  terraform-check:
+    uses: canonical/sdcore-github-workflows/.github/workflows/terraform.yaml@v0.0
+    with:
+      branch-name: "v1.4"
+
+  static-analysis:
+    uses: canonical/sdcore-github-workflows/.github/workflows/static-analysis.yaml@v0.0
+    with:
+      branch-name: "v1.4"
+
+  unit-tests-with-coverage:
+    uses: canonical/sdcore-github-workflows/.github/workflows/unit-test.yaml@v0.0
+    with:
+      branch-name: "v1.4"
+
+  integration-test:
+    uses: canonical/sdcore-github-workflows/.github/workflows/integration-test.yaml@v0.0
+    with:
+      branch-name: "v1.4"
+      charm-file-name: "sdcore-pcf-k8s_ubuntu-22.04-amd64.charm"
+
+  update-libs:
+    name: Update libs
+    uses: canonical/sdcore-github-workflows/.github/workflows/update-libs.yaml@v0.0
+    with:
+      branch-name: "v1.4"
+    secrets: inherit

.github/workflows/dependabot_pr.yaml

@@ -2,11 +2,14 @@ name: "Dependabot Auto Approve and Merge"
 
 on:
   pull_request:
+    branches:
+      - main
+      - v1.4
 
 permissions:
   pull-requests: write
   contents: write
 
 jobs:
   auto-merge:
-    uses: canonical/sdcore-github-workflows/.github/workflows/dependabot_pr.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/dependabot_pr.yaml@v1.0.0

.github/workflows/issues.yaml

@@ -7,6 +7,6 @@ on:
 jobs:
   update:
     name: Update Issue
-    uses: canonical/sdcore-github-workflows/.github/workflows/issues.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/issues.yaml@v1.0.0
     secrets:
       JIRA_URL: ${{ secrets.JIRA_URL }}

.github/workflows/main.yaml

@@ -9,27 +9,39 @@ on:
     - cron: "0 7 * * 0"
 
 jobs:
+  codeql:
+    name: CodeQL Analysis
+    uses: canonical/sdcore-github-workflows/.github/workflows/codeql-analysis.yml@v1.0.0
+
   check-libraries:
-    uses: canonical/sdcore-github-workflows/.github/workflows/check-libraries.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/check-libraries.yaml@v1.0.0
     secrets:
       CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }}
 
   lint-report:
-    uses: canonical/sdcore-github-workflows/.github/workflows/lint-report.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/lint-report.yaml@v1.0.0
 
   terraform-check:
-    uses: canonical/sdcore-github-workflows/.github/workflows/terraform.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/terraform.yaml@v1.0.0
 
   static-analysis:
-    uses: canonical/sdcore-github-workflows/.github/workflows/static-analysis.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/static-analysis.yaml@v1.0.0
 
   unit-tests-with-coverage:
-    uses: canonical/sdcore-github-workflows/.github/workflows/unit-test.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/unit-test.yaml@v1.0.0
+
+  build:
+    needs:
+      - lint-report
+      - static-analysis
+      - unit-tests-with-coverage
+    uses: canonical/sdcore-github-workflows/.github/workflows/build.yaml@v1.0.0
+    secrets: inherit
 
   integration-test:
-    uses: canonical/sdcore-github-workflows/.github/workflows/integration-test.yaml@v0.0.1
-    with:
-      charm-file-name: "sdcore-pcf-k8s_ubuntu-22.04-amd64.charm"
+    needs:
+      - build
+    uses: canonical/sdcore-github-workflows/.github/workflows/integration-test.yaml@v1.0.0
 
   publish-charm:
     name: Publish Charm
@@ -39,10 +51,9 @@ jobs:
       - unit-tests-with-coverage
       - integration-test
     if: ${{ github.ref_name == 'main' }}
-    uses: canonical/sdcore-github-workflows/.github/workflows/publish-charm.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/publish-charm.yaml@v1.0.0
     with:
-      charm-file-name: "sdcore-pcf-k8s_ubuntu-22.04-amd64.charm"
-      track-name: 1.4
+      track-name: 1.5
     secrets:
       CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }}
 
@@ -54,10 +65,9 @@ jobs:
       - unit-tests-with-coverage
       - integration-test
     if: ${{ (github.ref_name != 'main') && (github.event_name == 'push') }}
-    uses: canonical/sdcore-github-workflows/.github/workflows/publish-charm.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/publish-charm.yaml@v1.0.0
     with:
       branch-name: ${{ github.ref_name }}
-      charm-file-name: "sdcore-pcf-k8s_ubuntu-22.04-amd64.charm"
-      track-name: 1.4
+      track-name: 1.5
     secrets:
       CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }}

.github/workflows/promote.yaml

@@ -15,17 +15,15 @@ on:
         description: Name of the charmhub track to publish
         options:
           - '1.4'
+          - '1.5'
           - latest
 
 
 jobs:
   promote:
     name: Promote Charm
-    uses: canonical/sdcore-github-workflows/.github/workflows/promote.yaml@v0.0.1
+    uses: canonical/sdcore-github-workflows/.github/workflows/promote.yaml@v1.0.0
     with:
       promotion: ${{ github.event.inputs.promotion }}
       track-name: ${{ github.event.inputs.track-name }}
-
-    secrets:
-      CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    secrets: inherit

.github/workflows/update-libs.yaml

@@ -11,44 +11,5 @@ permissions:
 jobs:
   update-lib:
     name: Check libraries
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up SSH Key for Signing Commits
-        run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.BOT_PRIVATE_SIGNING_KEY }}" > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          echo "${{ secrets.BOT_PUBLIC_SIGNING_KEY }}" > ~/.ssh/id_rsa.pub
-          chmod 644 ~/.ssh/id_rsa.pub
-          git config --global user.email "telco-engineers@lists.canonical.com"
-          git config --global user.name "telcobot"
-          git config --global user.signingkey ~/.ssh/id_rsa.pub
-          git config --global commit.gpgsign true
-          git config --global gpg.format ssh
-
-      - name: Fetch charm libraries
-        run: |
-          sudo snap install charmcraft --classic --channel latest/stable
-          charmcraft fetch-lib
-        env:
-          CHARMCRAFT_AUTH: "${{ secrets.CHARMCRAFT_AUTH }}"
-
-      - name: Create a PR for local changes
-        uses: peter-evans/create-pull-request@v6.0.4
-        with:
-          token: ${{ secrets.TELCO_GITHUB_BOT_TOKEN }}
-          commit-message: "chore: update charm libraries"
-          committer: "Telcobot <telco-engineers@lists.canonical.com>"
-          author: "Telcobot <telco-engineers@lists.canonical.com>"
-          title: "chore: Update charm libraries"
-          body: |
-            Automated action to fetch latest version of charm libraries. The branch of this PR 
-            will be wiped during the next check. Unless you really know what you're doing, you 
-            most likely don't want to push any commits to this branch.
-          branch: "chore/auto-libs"
-          delete-branch: true
+    uses: canonical/sdcore-github-workflows/.github/workflows/update-libs.yaml@v1.0.0
+    secrets: inherit

CONTRIBUTING.md

@@ -45,10 +45,14 @@ There are some pre-configured environments
 that can be used for linting and formatting code when you're preparing contributions to the charm:
 
 ```shell
-tox -e lint          # code style
-tox -e static        # static analysis
-tox -e unit          # unit tests
-tox -e integration   # integration tests
+tox -e lint                                             # code style
+tox -e static                                           # static analysis
+tox -e unit                                             # unit tests
+tox -e integration -- --charm_path=PATH_TO_BUILD_CHARM  # integration tests
+```
+
+```note
+Integration tests require the charm to be built with `charmcraft pack` first.
 ```
 
 ## Build

README.md

@@ -1,24 +1,27 @@
-# SD-Core PCF Operator (k8s)
+# Aether SD-Core PCF Operator (k8s)
 [![CharmHub Badge](https://charmhub.io/sdcore-pcf-k8s/badge.svg)](https://charmhub.io/sdcore-pcf-k8s)
 
-A Charmed Operator for SD-Core's Policy Control Function (PCF) component for K8s. 
+A Charmed Operator for Aether SD-Core's Policy Control Function (PCF) component for K8s. 
 
 ## Usage
 
 ```bash
 juju deploy mongodb-k8s --channel=6/beta --trust
-juju deploy sdcore-nrf-k8s --channel=1.4/edge
-juju deploy sdcore-pcf-k8s --channel=1.4/edge 
-
-juju deploy self-signed-certificates
-
-juju integrate sdcore-pcf-k8s mongodb-k8s
-juju integrate sdcore-nrf-k8s self-signed-certificates
+juju deploy sdcore-nrf-k8s --channel=1.5/edge
+juju deploy sdcore-pcf-k8s --channel=1.5/edge 
+juju deploy sdcore-nms-k8s --channel=1.5/edge
+juju deploy self-signed-certificates --channel=stable
+
+juju integrate sdcore-nms-k8s:common_database mongodb-k8s:database
+juju integrate sdcore-nms-k8s:auth_database mongodb-k8s:database
+juju integrate sdcore-nrf-k8s self-signed-certificates:certificates
+juju integrate sdcore-nrf-k8s:database mongodb-k8s
 juju integrate sdcore-pcf-k8s:fiveg_nrf sdcore-nrf-k8s:fiveg_nrf
 juju integrate sdcore-pcf-k8s:certificates self-signed-certificates:certificates
+juju integrate sdcore-pcf-k8s:sdcore_config sdcore-nms-k8s:sdcore_config
 ```
 
 ## Image
 
-**pcf**: `ghcr.io/canonical/sdcore-pcf:1.4.0`
+**pcf**: `ghcr.io/canonical/sdcore-pcf:1.4.2`
 

SECURITY.md

@@ -0,0 +1,7 @@
+# Security policy
+
+To report a security issue, file a [Private Security Report](https://github.com/canonical/sdcore-pcf-k8s-operator/security/advisories/new)
+with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about
+what you can expect when you contact us and what we expect from you.