Metaform · paullatzelsperger · Dec 2, 2025 · Dec 1, 2025 · Dec 1, 2025 · Dec 1, 2025
diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml
@@ -0,0 +1,112 @@
+#
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Run E2E Tests"
+
+on:
+  push:
+  pull_request:
+
+  workflow_run:
+    workflows: [ "Draft Release" ]
+    types:
+      - completed
+
+  schedule:
+    - cron: '0 3 * * *'  # Run at 3am UTC every day
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+
+jobs:
+  E2E-Tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: eclipse-edc/.github/.github/actions/setup-build@main
+
+      - name: "Setup Kubectl"
+        uses: azure/setup-kubectl@v4
+
+      - name: "Build runtime images"
+        run: |
+          ./gradlew dockerize
+          docker buildx build -f launchers/postgres/Dockerfile -t ghcr.io/metaform/jad/postgres:wal2json launchers/postgres
+
+      - name: "Create k8s Kind Cluster"
+        uses: helm/kind-action@v1.12.0
+        with:
+          config: kind.config.yaml
+          cluster_name: jad
+
+      - name: "Load runtime images into KinD"
+        run: |
+          kind load docker-image -n jad ghcr.io/metaform/jad/postgres:wal2json \
+                                ghcr.io/metaform/jad/controlplane:latest \
+                                ghcr.io/metaform/jad/dataplane:latest \
+                                ghcr.io/metaform/jad/identity-hub:latest \
+                                ghcr.io/metaform/jad/issuerservice:latest \
+
+
+      - name: "Install nginx ingress controller"
+        run: |-
+          kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
+          kubectl wait --namespace ingress-nginx \
+            --for=condition=ready pod \
+            --selector=app.kubernetes.io/component=controller \
+            --timeout=90s
+
+      - name: "Deploy JAD infrastructure"
+        run: |
+          # deploying the infrastructure first, wait for it to finish and deploying the applications afterwards is 
+          # the safest way to avoid race conditions between apps and infra, e.g. vault.
+
+          kubectl apply -f k8s/base
+          kubectl wait --for=condition=Ready pods --all -n edc-v --timeout=90s
+
+      - name: "Deploy JAD applications"
+        run: |-
+          # this is crucial - without it, KinD would take the prebuilt images from GHCR
+          grep -rlZ "imagePullPolicy:.*Always" . | xargs sed -i "s/imagePullPolicy:.*Always/imagePullPolicy: Never/g"
+
+          kubectl apply -f k8s/apps
+          kubectl wait --namespace edc-v \
+            --for=condition=ready pod \
+            --selector=type=edcv-app \
+            --timeout=90s
+
+      - name: "Run E2E Test"
+        run: |
+          ./gradlew test -DincludeTags="EndToEndTest"
+
+      - name: "Print log if test failed"
+        if: failure()
+        run: |-
+          kubectl logs deployment/controlplane -n edc-v
+          kubectl logs deployment/dataplane -n edc-v
+
+      - name: "Destroy the KinD cluster"
+        run: >-
+          kind delete cluster -n jad
diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
@@ -79,13 +79,3 @@ jobs:
         run: |
           ./gradlew shadowJar
           ./gradlew test -DincludeTags="PostgresqlIntegrationTest"
-
-  e2e-Tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-      - uses: eclipse-edc/.github/.github/actions/setup-build@main
-      - name: End to End Integration Tests
-        run: |
-          ./gradlew shadowJar
-          ./gradlew test -DincludeTags="EndToEndTest"
diff --git a/README.md b/README.md
@@ -194,7 +194,7 @@ Create another environment to suit your setup:
 
 ### Update deployment manifests
 
-in [keycloak.yaml](k8s/keycloak.yaml) and [vault.yaml](k8s/vault.yaml), update the `host` fields in the `Ingress`
+in [keycloak.yaml](k8s/base/keycloak.yaml) and [vault.yaml](k8s/base/vault.yaml), update the `host` fields in the `Ingress`
 resources to match your DNS:
 
 ```yaml
@@ -204,7 +204,7 @@ spec:
       http:
 ```
 
-Next, in the [controlplane-config.yaml](./k8s/controlplane-config.yaml) change the expected issuer URL to match your
+Next, in the [controlplane-config.yaml](k8s/apps/controlplane-config.yaml) change the expected issuer URL to match your
 DNS:
 ```yaml
 edc.iam.oauth2.issuer: "http://keycloak.localhost/realms/edcv" # change to "http://auth.yourdomain.com/realms/edcv"

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -53,6 +53,7 @@ subprojects {
                 val dockerContextDir = project.projectDir
                 dockerFile.set(file("$dockerContextDir/src/main/docker/Dockerfile"))
                 images.add("ghcr.io/metaform/jad/${project.name}:${project.version}")
+                images.add("ghcr.io/metaform/jad/${project.name}:latest")
 
                 //images.add("${project.name}:latest")
                 // specify platform with the -Dplatform flag:

diff --git a/dependabot.yml b/dependabot.yml
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -2,8 +2,12 @@
 format.version = "1.1"
 
 [versions]
+awaitility = "4.3.0"
 edc = "0.15.0-SNAPSHOT"
 edc-build = "1.1.4"
+jackson = "2.20.1"
+jackson-annotations = "2.20"
+restAssured = "5.5.6"
 bouncyCastle-jdk18on = "1.83"
 
 [libraries]
@@ -20,6 +24,7 @@ edc-core-participantcontext-config = { module = "org.eclipse.edc:participant-con
 edc-core-edrstore = { module = "org.eclipse.edc:edr-store-core", version.ref = "edc" }
 edc-dcp = { module = "org.eclipse.edc:decentralized-claims-service", version.ref = "edc" }
 edc-api-observability = { module = "org.eclipse.edc:api-observability", version.ref = "edc" }
+edc-junit = { module = "org.eclipse.edc:junit", version.ref = "edc" }
 edc-dataplane-v2 = { module = "org.eclipse.edc:data-plane-public-api-v2", version.ref = "edc" }
 edc-core-dataplane-selector = { module = "org.eclipse.edc:data-plane-selector-core", version.ref = "edc" }
 edc-core-dataplane-signaling-client = { module = "org.eclipse.edc:data-plane-signaling-client", version.ref = "edc" }
@@ -64,6 +69,7 @@ edc-spi-edrstore = { module = "org.eclipse.edc:edr-store-spi", version.ref = "ed
 
 # identityhub SPI modules
 edc-ih-spi-credentials = { module = "org.eclipse.edc:verifiable-credential-spi", version.ref = "edc" }
+edc-ih-spi-participantcontext = { module = "org.eclipse.edc:participant-context-spi", version.ref = "edc" }
 edc-ih-spi = { module = "org.eclipse.edc:identity-hub-spi", version.ref = "edc" }
 
 # identityhub API modules
@@ -84,9 +90,13 @@ edc-bom-issuerservice = { module = "org.eclipse.edc:issuerservice-bom", version.
 edc-bom-issuerservice-sql = { module = "org.eclipse.edc:issuerservice-feature-sql-bom", version.ref = "edc" }
 
 # Third party deps
+awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility" }
 bouncyCastle-bcprovJdk18on = { module = "org.bouncycastle:bcprov-jdk18on", version.ref = "bouncyCastle-jdk18on" }
+jackson-annotations = { module = "com.fasterxml.jackson.core:jackson-annotations", version.ref = "jackson-annotations" }
+jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jackson" }
 tink = { module = "com.google.crypto.tink:tink", version = "1.19.0" }
 nats-client = { module = "io.nats:jnats", version = "2.24.1" }
+restAssured = { module = "io.rest-assured:rest-assured", version.ref = "restAssured" }
 
 [bundles]
 dcp = [

diff --git a/k8s/controlplane-config.yaml → k8s/apps/controlplane-config.yaml b/k8s/controlplane-config.yaml → k8s/apps/controlplane-config.yaml
diff --git a/k8s/controlplane.yaml → k8s/apps/controlplane.yaml b/k8s/controlplane.yaml → k8s/apps/controlplane.yaml
@@ -30,6 +30,7 @@ spec:
       labels:
         app: controlplane
         platform: edcv
+        type: edcv-app
     spec:
       containers:
         - name: controlplane

diff --git a/k8s/dataplane-config.yaml → k8s/apps/dataplane-config.yaml b/k8s/dataplane-config.yaml → k8s/apps/dataplane-config.yaml
diff --git a/k8s/dataplane.yaml → k8s/apps/dataplane.yaml b/k8s/dataplane.yaml → k8s/apps/dataplane.yaml
@@ -30,6 +30,7 @@ spec:
       labels:
         app: dataplane
         platform: edcv
+        type: edcv-app
     spec:
       containers:
         - name: dataplane

diff --git a/k8s/identityhub-config.yaml → k8s/apps/identityhub-config.yaml b/k8s/identityhub-config.yaml → k8s/apps/identityhub-config.yaml
diff --git a/k8s/identityhub.yaml → k8s/apps/identityhub.yaml b/k8s/identityhub.yaml → k8s/apps/identityhub.yaml
@@ -30,6 +30,7 @@ spec:
       labels:
         app: identityhub
         platform: edcv
+        type: edcv-app
     spec:
       containers:
         - name: identityhub

diff --git a/k8s/issuerservice-config.yaml → k8s/apps/issuerservice-config.yaml b/k8s/issuerservice-config.yaml → k8s/apps/issuerservice-config.yaml
diff --git a/k8s/issuerservice.yaml → k8s/apps/issuerservice.yaml b/k8s/issuerservice.yaml → k8s/apps/issuerservice.yaml
@@ -30,6 +30,7 @@ spec:
       labels:
         app: issuerservice
         platform: edcv
+        type: edcv-app
     spec:
       containers:
         - name: issuerservice

diff --git a/k8s/edcv-namespace.yaml → k8s/base/edcv-namespace.yaml b/k8s/edcv-namespace.yaml → k8s/base/edcv-namespace.yaml
diff --git a/k8s/keycloak.yaml → k8s/base/keycloak.yaml b/k8s/keycloak.yaml → k8s/base/keycloak.yaml
diff --git a/k8s/nats.yaml → k8s/base/nats.yaml b/k8s/nats.yaml → k8s/base/nats.yaml
diff --git a/k8s/postgres.yaml → k8s/base/postgres.yaml b/k8s/postgres.yaml → k8s/base/postgres.yaml
diff --git a/k8s/vault.yaml → k8s/base/vault.yaml b/k8s/vault.yaml → k8s/base/vault.yaml
@@ -130,7 +130,7 @@ spec:
               {
                 "role_type": "jwt",
                 "user_claim": "participant_context_id",
-                "bound_issuer": "http://auth.vps.beardyinc.com/realms/edcv",
+                "bound_issuer": "http://vault.localhost/realms/edcv",
                 "bound_claims": {
                   "role": "participant"
                 },
@@ -163,8 +163,7 @@ metadata:
   namespace: edc-v
 spec:
   rules:
-#    - host: vault.localhost
-    - host: vault.vps.beardyinc.com
+    - host: vault.localhost
       http:
         paths:
           - path: /

diff --git a/k8s/kustomization.yml b/k8s/kustomization.yml
@@ -12,17 +12,17 @@
 #
 
 resources:
-  - edcv-namespace.yaml
-  - postgres.yaml
-  - nats.yaml
-  - keycloak.yaml
-  - vault.yaml
-  - controlplane-config.yaml
-  - controlplane.yaml
-  - dataplane-config.yaml
-  - dataplane.yaml
-  - issuerservice-config.yaml
-  - issuerservice.yaml
-  - identityhub-config.yaml
-  - identityhub.yaml
+  - base/edcv-namespace.yaml
+  - base/postgres.yaml
+  - base/nats.yaml
+  - base/keycloak.yaml
+  - base/vault.yaml
+  - apps/controlplane-config.yaml
+  - apps/controlplane.yaml
+  - apps/dataplane-config.yaml
+  - apps/dataplane.yaml
+  - apps/issuerservice-config.yaml
+  - apps/issuerservice.yaml
+  - apps/identityhub-config.yaml
+  - apps/identityhub.yaml