Merge branch 'main' into chore/outdated-cves

.trivyignore

@@ -5,8 +5,12 @@ CVE-2024-22871
 CVE-2024-7885
 CVE-2024-1635
 CVE-2024-47554
+CVE-2024-47535
+CVE-2023-4639
+CVE-2024-4109
 # nodejs
 CVE-2024-37890
+CVE-2024-21538
 # clojure
 CVE-2024-22871
 # pebble

README.md

@@ -1,48 +1,105 @@
-<!--
+# Penpot Charm
+
 [![CharmHub Badge](https://charmhub.io/penpot/badge.svg)](https://charmhub.io/penpot)
 [![Publish to edge](https://github.com/canonical/penpot-operator/actions/workflows/publish_charm.yaml/badge.svg)](https://github.com/canonical/penpot-operator/actions/workflows/publish_charm.yaml)
 [![Promote charm](https://github.com/canonical/penpot-operator/actions/workflows/promote_charm.yaml/badge.svg)](https://github.com/canonical/penpot-operator/actions/workflows/promote_charm.yaml)
 [![Discourse Status](https://img.shields.io/discourse/status?server=https%3A%2F%2Fdiscourse.charmhub.io&style=flat&label=CharmHub%20Discourse)](https://discourse.charmhub.io)
--->
-
-A Juju charm that deploys and manages [Penpot](https://penpot.app) on Kubernetes. Penpot is the
-web-based open-source design tool that bridges the gap between designers and
-developers.
-
-<!--
-This charm simplifies initial deployment and "day N" operations of Penpot,
-such as scaling the number of instances, integration with external
-authentication providers, access to S3 for redundant file storage and more. It
-allows for deployment on many different Kubernetes platforms, from [MicroK8s](https://microk8s.io) to
-[Charmed Kubernetes](https://ubuntu.com/kubernetes) to public cloud Kubernetes
-offerings.
--->
-
-As such, the charm makes it easy for those looking to take control of their
-own Penpot deployment while keeping operations simple, and gives them the
-freedom to deploy on the Kubernetes platform of their choice.
-
-<!--
-For DevOps or SRE teams this charm will make operating Penpot simple and
-straightforward through Juju's clean interface. It will allow easy deployment
-into multiple environments for testing of changes, and supports scaling out for
-enterprise deployments.
--->
 
-## Project and community
+A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators)
+for deploying and managing the [Penpot](https://penpot.app) open-source
+design tool for design and code collaboration in your systems.
+
+This charm simplifies the configuration and maintenance of Penpot across a 
+range of environments, allowing designers to create stunning designs and interactive prototypes, 
+design systems at scale, and make their workflow easy and fast with ready-to-use code.
+
+## Get started
+In this section, we will deploy the Penpot charm.  
+You’ll need a workstation, e.g., a laptop, with sufficient resources to launch a virtual machine with 4 CPUs, 8 GB RAM, and 50 GB disk space.
+
+### Set up
+You can follow the tutorial [here](https://juju.is/docs/juju/set-up--tear-down-your-test-environment#heading--set-up-automatically) to set up a test environment for Juju with LXD.
+
+### Deploy
+From inside the virtual machine, deploy Penpot charm's dependencies using the `juju deploy` command.
+
+```
+juju deploy minio --config access-key=minioadmin --config secret-key=minioadmin
+juju deploy postgresql-k8s --channel 14/stable --trust
+juju deploy redis-k8s --channel latest/edge
+juju deploy s3-integrator --config "endpoint=http://minio-endpoints.penpot-test.svc.cluster.local:9000" --config bucket=penpot
+juju deploy nginx-ingress-integrator --trust --config service-hostname=penpot.local --config path-routes=/
+juju deploy self-signed-certificates
+juju integrate self-signed-certificates nginx-ingress-integrator
+```
+
+Configure minio to provide a S3 compatible storage for the Penpot charm.
+
+```
+export AWS_ACCESS_KEY_ID=minioadmin
+export AWS_SECRET_ACCESS_KEY=minioadmin
+export AWS_ENDPOINT_URL=http://$(juju status --format=json | jq -r '.applications.minio.units."minio/0".address'):9000
+aws s3 mb s3://penpot
+juju run s3-integrator/0 sync-s3-credentials --string-args access-key=minioadmin secret-key=minioadmin
+```
+
+Deploy the Penpot charm and integrate the Penpot charm with all its dependencies.
+
+```
+juju deploy penpot --channel latest/edge
+juju integrate penpot postgresql-k8s
+juju integrate penpot redis-k8s
+juju integrate penpot s3-integrator
+juju integrate penpot nginx-ingress-integrator
+```
+
+### Basic operations
+When the Penpot charm has completed deployment and installation, you can access Penpot from a browser.  
+First, we need to modify the `/etc/hosts` file to point the `penpot.local` domain to the IP address of the virtual machine.  
+After that, we can access the Penpot instance in the browser using the address `https://penpot.local`.  
+Note that `https` is required for Penpot to function. You may need to bypass the certificate security warning in the browser, as we are using a self-signed certificate.  
 
-The Penpot Operator is a member of the Ubuntu family. It's an
-open source project that warmly welcomes community projects, contributions,
-suggestions, fixes and constructive feedback.
-* [Code of conduct](https://ubuntu.com/community/code-of-conduct)
-* [Get support](https://discourse.charmhub.io/)
-<!--
-* [Contribute](https://charmhub.io/penpot/docs/contributing)
-* [Roadmap](https://charmhub.io/penpot/docs/roadmap)
--->
-Thinking about using Penpot for your next project? [Get in touch](https://chat.charmhub.io/charmhub/channels/charm-dev)!
-
----
-<!--
-For further details, [see the charm's detailed documentation](https://charmhub.io/penpot/docs).
--->
+Inside the virtual machine, run the following command to create a Penpot account, and use the returned credentials to log in with this account.
+
+```
+juju run penpot/0 create-profile --string-args [email protected] fullname="John Doe"
+```
+
+For additional configurations and actions available for the Penpot charm, refer to the [`charmcraft.yaml`](./charmcraft.yaml) file.
+
+## Integrations
+
+### `postgresql` integration
+The [`postgresql`](https://charmhub.io/postgresql) or [`postgresql-k8s`](https://charmhub.io/postgresql) charm can 
+provide the PostgreSQL database required for Penpot to run.
+
+### `s3` integration
+The [`s3-integrator`](https://charmhub.io/s3-integrator) charm can configure Penpot with S3-compatible storage, 
+which is necessary for Penpot to run.
+
+### `redis` integration
+The [`redis-k8s`](https://charmhub.io/redis-k8s) charm can provide the Redis database required for Penpot to run.
+
+### `ingress` integration
+The [`nginx-ingress-integrator`](https://charmhub.io/nginx-ingress-integrator) or 
+[`traefik-k8s`](https://charmhub.io/traefik-k8s) charm can provide the ingress service required for Penpot to run. 
+Penpot mandates HTTPS, so please enable HTTPS on the respective ingress charms.
+
+### `smtp` integration
+[`smtp-integrator`](https://charmhub.io/smtp-integrator) and other charms implementing the `smtp` integration can 
+optionally provide SMTP credentials to enable the Penpot charm to send email notifications and other email-related functionality.
+
+### `oauth`
+[Identity Platform bundle](https://charmhub.io/identity-platform) and other charms implementing the `oauth` 
+integration can optionally provide OpenID Connect settings for the Penpot charm. 
+This will disable the user/password login in the Penpot charm and switch to using the OpenID Connect login flow.
+
+## Learn more
+* [Read more](https://charmhub.io/penpot)
+* [Official webpage](https://penpot.app/)
+* [Troubleshooting](https://matrix.to/#/#charmhub-charmdev:ubuntu.com)
+
+## Project and community
+* [Issues](https://github.com/canonical/penpot-operator/issues)
+* [Contributing](https://charmhub.io/penpot/docs/how-to-contribute)
+* [Matrix](https://matrix.to/#/#charmhub-charmdev:ubuntu.com)