mosip · ckm007 · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026
diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
@@ -39,7 +39,6 @@ jobs:
             SERVICE_NAME: 'admin-ui'
             NPM_BUILD: true
             BUILD_ARTIFACT: 'admin-ui'
-            SQUASH_LAYERS: '11'
       fail-fast: false
     name: ${{ matrix.SERVICE_NAME }}
     uses: mosip/kattu/.github/workflows/docker-build.yml@master
@@ -48,7 +47,6 @@ jobs:
       SERVICE_NAME: ${{ matrix.SERVICE_NAME }}
       NPM_BUILD: ${{ matrix.NPM_BUILD }}
       BUILD_ARTIFACT: ${{ matrix.BUILD_ARTIFACT }}
-      SQUASH_LAYERS: ${{ matrix.SQUASH_LAYERS }}
     secrets:
       DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
       ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
@@ -187,4 +185,3 @@ jobs:
       JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
       JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
       JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
-
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,108 @@
+# AGENTS.md
+
+This file provides guidance to AI agents when working with code in this repository.
+
+## Project Overview
+
+MOSIP Admin Portal — an Angular 8 SPA used by privileged administrative personnel to manage master data (Registration Centers, Devices, Machines, Users), run key management operations, check packet/RID status, and perform bulk uploads. It is the **authoritative interface** for post-deployment master data updates in a MOSIP deployment; changes should go through the portal (not raw DB scripts) to enforce business rule constraints.
+
+The repo has two independently buildable modules:
+- `admin-ui/` — the Angular frontend
+- `uitest-admin/` — a Selenium + TestNG automation test suite (Java 21, Maven)
+
+---
+
+## Commands
+
+### Frontend (`admin-ui/`)
+
+```bash
+cd admin-ui
+npm install           # install dependencies
+ng serve              # dev server at http://localhost:4200 (auto-reloads)
+ng build              # development build → dist/
+ng build --prod       # production build (AOT, minified)
+ng test               # unit tests via Karma
+ng lint               # lint
+ng e2e                # end-to-end tests via Protractor
+```
+
+### UI Test Suite (`uitest-admin/`)
+
+```bash
+cd uitest-admin
+mvn clean install     # build and package the fat JAR
+
+# Run tests against a deployed environment
+java -Dpath=https://admin.<env>.mosip.net/ \
+     -DKeyclockURL=https://iam.<env>.mosip.net \
+     -Denv.user=api-internal.<env> \
+     -Denv.endpoint=https://api-internal.<env>.mosip.net \
+     -jar target/uitest-admin-1.3.0-jar-with-dependencies.jar
+```
+
+Control test execution via `src/main/resources/TestData.json`:
+- `setExcludedGroups`: comma-separated group tags to skip (e.g. `"BL,CT"`)
+- `headless`: `"yes"` for headless Chrome
+
+---
+
+## Architecture
+
+### Runtime Configuration
+
+The app does **not** use Angular `environment.ts` for the API base URL. At startup, `AppConfigService` fetches `assets/config.json` and exposes it globally. `app.constants.ts` reads `config.baseUrl` at module load time. This means API targets are set at deploy time, not build time. Key config fields: `baseUrl`, `primaryLangCode`, `locationHierarchyLevel`, `supportedLanguages`, `countryCode`, `filterValueMaxRecords`.
+
+### Module & Routing Structure
+
+Hash routing (`useHash: true`) with `PreloadAllModules`. The root route redirects to `/admin`, which is guarded by `LanguageGuard` (initialises i18n) and `AuthguardService` (Keycloak token check).
+
+All feature areas are **lazy-loaded modules** under `/admin`:
+
+| Route | Module | Roles |
+|---|---|---|
+| `/admin/resources` | ResourcesModule | GLOBAL_ADMIN, ZONAL_ADMIN, MASTERDATA_ADMIN |
+| `/admin/masterdata` | MasterdataModule | GLOBAL_ADMIN, ZONAL_ADMIN, MASTERDATA_ADMIN |
+| `/admin/bulkupload` | BulkuploadModule | all roles |
+| `/admin/keymanager` | KeymanagerModule | KEY_MAKER |
+| `/admin/packet-status`, `/admin/rid-status`, `/admin/lost-rid-status` | — | REGISTRATION_ADMIN |
+
+Menu item visibility is driven by `RolesService` reading Keycloak roles from the JWT.
+
+### HTTP & Auth
+
+`AuthInterceptor` (registered in `CoreModule`) attaches the Keycloak bearer token to every outgoing request and handles 401/403 redirects. All API calls go through Angular's `HttpClient` — never `fetch` or XHR directly.
+
+API paths are constructed in `app.constants.ts` as `<baseUrl> + <MASTERDATA_BASE_URL> + <entity>/search` (POST with filter/sort/pagination payloads). The search pattern is uniform across all master data entities.
+
+### Core Services
+
+- **`DataStorageService`** — in-memory cache for filter values, languages, and lookup data to avoid redundant API calls across components.
+- **`AuditService`** — logs every significant user action with MOSIP audit event IDs (ADM-002 through ADM-085+). Every feature interaction should call this.
+- **`CommonService`** — shared utility calls (language list, zone tree, etc.).
+- **`CanDeactivateGuard`** — prevents navigation away from forms with unsaved changes.
+
+### MOSIP Domain Concepts (relevant to code decisions)
+
+- **Zone hierarchy**: Admins are assigned to a zone; `ZONAL_ADMIN` can only see/edit resources within their zone. Zone filtering is applied server-side via the masterdata APIs.
+- **Master data search API**: All list/search pages POST to `.../search` with a `{ filters: [], sort: [], pagination: {} }` body — not GET with query params.
+- **Language support**: All master data entities have language-specific fields. The UI sends `langCode` in payloads. Supported: `eng`, `ara`, `fra`, `tam`, `kan`, `hin`. i18n strings live in `admin-ui/src/assets/i18n/<lang>.json`.
+- **Deactivation vs deletion**: Master data records are deactivated (`isActive: false`), not deleted. UI should reflect this.
+
+### UI Test Suite Structure
+
+15 test classes run in parallel (8 threads) via TestNG, one per master-data entity/feature. `KnownIssueListener` cross-references `Known_Issues.txt` to suppress known failures. Test reports go to `admintest/Reports/` (ExtentReports) and `testng-report/`.
+
+---
+
+## CI/CD
+
+`.github/workflows/push-trigger.yml` triggers on push to `develop`, `release-*`, `master`, `1.*`, and on PRs. Pipeline jobs in order:
+
+1. `build-admin-ui` — npm build
+2. `build-docker-admin-ui` — Docker image
+3. `sonar-analysis` — SonarCloud (skipped on PRs)
+4. `build-maven-uitest-admin` → `build-uitest-admin-local` → `build-docker-uitest-admin`
+5. `sonar-analysis-uitest-admin`
+
+Helm chart publishing is triggered by changes under `helm/**` via `chart-lint-publish.yml`.
diff --git a/README.md b/README.md
@@ -1,12 +1,27 @@
 # Admin Portal
-[![Maven Package upon a push](https://github.com/mosip/keymanager/actions/workflows/push_trigger.yml/badge.svg?branch=release-1.2.0.1)](https://github.com/mosip/admin-ui/actions/workflows/push_trigger.yml)
+[![admin-ui build upon a push](https://github.com/mosip/admin-ui/actions/workflows/push-trigger.yml/badge.svg?branch=develop)](https://github.com/mosip/admin-ui/actions/workflows/push-trigger.yml)
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=develop&project=mosip_admin-ui&metric=alert_status)](https://sonarcloud.io/dashboard?branch=develop&id=mosip_admin-ui)
 
 ## Overview
-See [overview and portal user guide](https://docs.mosip.io/1.2.0/modules/administration/admin-portal-user-guide).
+An admin application is a web-based application used by a privileged group of administrative personnel to manage various master data sets. The various resources that an Admin can manage are:
+
+* Center (Registration centers)
+* Device
+* Machine
+* Users (Admin, Registration staff)
+
+Along with the resource and data management, the admin can generate master keys, check registration status, retrieve lost RID, and resume processing of paused packets. To start using the Admin portal, an admin user must be assigned to a zone.
+ Refer [overview and portal user guide](https://docs.mosip.io/1.2.0/modules/administration/admin-portal-user-guide).
 
 This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 8.0.3.
 
+### Local Setup (for Development or Contribution)
+The project can be set up in two ways:
+
+1. [Local Setup (for Development or Contribution)](#local-setup-for-development-or-contribution)
+2. [Local Setup with Docker (Easy Setup for Demos)](#local-setup-with-docker-easy-setup-for-demos)
+
+### Local Setup (for Development or Contribution)
 ## Development server
 
 Run `ng serve` for a dev server. Navigate to `http://localhost:4200/`. The app will automatically reload if you change any of the source files.
@@ -27,7 +42,44 @@ Run `ng test` to execute the unit tests via [Karma](https://karma-runner.github.
 
 Run `ng e2e` to execute the end-to-end tests via [Protractor](http://www.protractortest.org/).
 
-## Deployment in K8 cluster with other MOSIP services:
+### Local Setup with Docker (Easy Setup for Demos)
+#### Build Docker Images Locally
+
+Recommended for contributors or developers who want to modify or build the services from source.
+
+1. Clone and build the project:
+
+```text
+git clone <repo-url>
+```
+```text
+cd admin-ui
+```
+2. Navigate to each service directory and build the Docker image:
+```text
+cd admin-ui/<service-directory>
+```
+```text
+docker build -t <service-name> .
+```
+#### Running the Services
+
+Start each service using Docker:
+
+```text
+docker run -d -p <port>:<port> --name <service-name> <service-name>
+```
+#### Verify Installation
+
+Check that all containers are running:
+
+```text
+docker ps
+```
+Access the services at `http://localhost:<port>` using the port mappings listed above.
+
+## Deployment
+### Kubernetes
 ### Pre-requisites
 * Set KUBECONFIG variable to point to existing K8 cluster kubeconfig file:
     * ```
@@ -48,11 +100,17 @@ Run `ng e2e` to execute the end-to-end tests via [Protractor](http://www.protrac
     $ cd deploy
     $ ./restart.sh
    ```
+### Product Documentation
+To learn more about admin services from a functional perspective and use case scenarios, refer to our main documentation: [Click here](https://docs.mosip.io/1.2.0/id-lifecycle-management/support-systems/administration).
+
+## Contribution & Community
 
+* To learn how you can contribute code to this application, [click here](https://docs.mosip.io/1.2.0/community/code-contributions).
 
-## Further help 
+* If you have questions or encounter issues, visit the [MOSIP Community](https://community.mosip.io/) for support.
+* For any GitHub issues: [Report here](https://github.com/mosip/admin-ui/issues)
 
-To get more help on the Angular CLI use `ng help` or go check out the [Angular CLI README](https://github.com/angular/angular-cli/blob/master/README.md).
+This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 8.0.3.
 
 ## License
-This project is licensed under the terms of [Mozilla Public License 2.0](../LICENSE).
+This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE)
diff --git a/deploy/admin-ui/install.sh b/deploy/admin-ui/install.sh
@@ -44,4 +44,4 @@ set -o errexit   ## set -e : exit the script if any statement returns a non-true
 set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
 set -o errtrace  # trace ERR through 'time command' and other functions
 set -o pipefail  # trace ERR through pipes
-installing_admin_ui   # calling function
+installing_admin_ui   # calling function
diff --git a/deploy/admin-uitestrig/install.sh b/deploy/admin-uitestrig/install.sh
@@ -94,4 +94,4 @@ set -o errexit   ## set -e : exit the script if any statement returns a non-true
 set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
 set -o errtrace  # trace ERR through 'time command' and other functions
 set -o pipefail  # trace ERR through pipes
-installing_uitestrig   # calling function
+installing_uitestrig   # calling function
diff --git a/helm/admin-ui/.gitignore b/helm/admin-ui/.gitignore
@@ -1 +1,2 @@
 charts/
+Chart.lock
diff --git a/helm/admin-ui/templates/deployment.yaml b/helm/admin-ui/templates/deployment.yaml
@@ -33,6 +33,7 @@ spec:
       {{- if .Values.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
       {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds | default 60 }}
       {{- if .Values.affinity }}
       affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
       {{- else }}
@@ -104,10 +105,8 @@ spec:
             {{- end }}
             {{- end }}
             {{- if .Values.extraEnvVarsSecret }}
-            {{- range .Values.extraEnvVarsSecret }}
             - secretRef:
-                name: {{ . }}
-            {{- end }}
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
             {{- end }}
           volumeMounts:
             - name: conf-file