diff --git a/.gitignore b/.gitignore index 871e656c9..162a5755e 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,6 @@ snyk.sarif # VS Code .vscode + +# Artifacts +*.jar diff --git a/README.md b/README.md index 098543b21..a71ea33e5 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ testing and deploying. - React Query - MirageJS -You can lear more about this service [looking its README](frontend/README.md) +You can learn more about this service [looking its README](frontend/README.md) **SPAR Back-end REST API - Postgres** @@ -47,7 +47,7 @@ You can lear more about this service [looking its README](frontend/README.md) - Spring Web MVC Framework - JPA and Hibernate Framework -You can lear more about this service [looking its README](backend/README.md) +You can learn more about this service [looking its README](backend/README.md) **SPAR Back-end REST API - Oracle THE** @@ -57,7 +57,7 @@ You can lear more about this service [looking its README](backend/README.md) - Spring Web MVC Framework - JPA and Hibernate Framework -You can lear more about this service [looking its README](oracle-api/README.md) +You can learn more about this service [looking its README](oracle-api/README.md) # Getting started @@ -73,9 +73,11 @@ Docker Compose. Run with: ```sh -docker-compose up --build +docker-compose up --build -d ``` +There should be four running services: + You can clean and remove the containers with ```sh docker-compose down --remove-orphans diff --git a/backend/.mvn/wrapper/maven-wrapper.properties b/backend/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 000000000..6f40a26ed --- /dev/null +++ b/backend/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip +wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar diff --git a/backend/CONTRIBUTING.md b/backend/CONTRIBUTING.md new file mode 100644 index 000000000..3d4da0d16 --- /dev/null +++ b/backend/CONTRIBUTING.md @@ -0,0 +1,144 @@ +# Contributing guide + +Thanks for taking a moment and reading this guide. Is very important to have +everyone on the same page. This guide describes how to: +- Set up your environment +- Run this application +- Run tests +- Submit pull requests +- Follow our code practices + +(If you are new to GitHub, you might start with a [basic tutorial](https://help.github.com/articles/set-up-git) and check out a more detailed guide to [pull requests](https://help.github.com/articles/using-pull-requests/).) + +All contributors retain the original copyright to their stuff, but by +contributing to this project, you grant a world-wide, royalty-free, +perpetual, irrevocable, non-exclusive, transferable license to all +users **under the terms of the [license](./LICENSE.md) under which +this project is distributed**. + +## Set up your environment + +### Git + +Make sure you have Git installed on your machine. You can follow +[this link](https://git-scm.com/downloads) for instructions. + +### Docker + +We containerize our application with Docker images. + +Note: things are way +easier if you don't need to run docker commands with root (sudo). Take a look +[here](https://docs.docker.com/engine/install/#server) to learn how to +install. Note that Docker Desktop shouldn't be used for this project, +due to license matters. + +### Java and Maven + +An easy way of getting both Java and Maven on your machine is using +SDK Man. Take a look [here](https://sdkman.io/) to learn how to install. +For this project we're using Java 17 (OpenSDK). + +### IDE + +We recommend IntelliJ IDEA Community, because all of its plugins and +configurations possibilities, here's [the website](https://www.jetbrains.com/idea/download). +But feel free to use Eclipse or other IDE of your choice. + +### Code style + +Our Java code is formatted following the [Google Java Style Guide](https://google.github.io/styleguide/javaguide.html). +A formatter and plugins based on it for Eclipse and IntelliJ are available and make writing +style-conformant code quite easy. Check the installation notes on the +[formatter's project page](https://github.com/google/google-java-format). + +We configured a tool to validate changes submitted to us in accordance to our style guide. **Passing +such validation, however, doesn't mean that the code conforms to the style guide**, as some rules +cannot be checked by this tool. We ask you to check if your code adheres to the following rules +before submitting it. + +- [2.2 File encoding: UTF-8](https://google.github.io/styleguide/javaguide.html#s2.2-file-encoding) +- [5.2.2 Class names](https://google.github.io/styleguide/javaguide.html#s5.2.2-class-names) +- [5.2.3 Method names](https://google.github.io/styleguide/javaguide.html#s5.2.3-method-names) +- [5.2.4 Constant names](https://google.github.io/styleguide/javaguide.html#s5.2.4-constant-names) +- [5.3 Camel case: defined](https://google.github.io/styleguide/javaguide.html#s5.3-camel-case) +- [6.1 @Override: always used](https://google.github.io/styleguide/javaguide.html#s6.1-override-annotation) + +You can check your code before submitting with `./mvnw --no-transfer-progress checkstyle:checkstyle -Dcheckstyle.skip=false --file pom.xml` + +## Run this application + +After setting up your environment you might want to see this service running. +You can get it up and running by typing (in the project root directory): + +```sh +./mvnw spring-boot:run +``` + +In case you want to debug with remote JVM, you can do it with this command: + +```sh +./mvnw spring-boot:run -Dspring-boot.run.jvmArguments="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005" +``` + +Note: You need a running Postgres service to have a fully working environment. You +can do that with Docker or Docker and the Compose plugin. Follow these steps: + +```sh +cd database +docker-compose up --build +``` + +## Run tests + +For unit tests, please use this command: + +```sh +./mvnw test --file pom.xml +``` + +And for integration tests: + +```sh +./mvnw verify -P integration-test --file pom.xml +``` + +Tests coverage and reports can be seen on your commits and pull requests. +But in case you want to check it locally, use this command to run all tests: + +```sh +./mvnw --no-transfer-progress clean verify -P all-tests --file pom.xml +``` + +And check out the html file generated: + +```sh +x-www-browser target/coverage-reports/merged-test-report/index.html # For Linux +open target/coverage-reports/merged-test-report/index.html # For MacOS +``` + +## Submit pull requests + +We use git flow, so all code changes happen through Pull Requests. There's a +Pull Request template that you can fill. The more complete the better. If you +have images, screen capture or diagrams, that helps a lot. Don't forget to add +reviewers, assign to yourself and add a label. + +## Database versioning + +Any permanent alteration to the database schema (creation or alteration of tables, +columns, etc.) should be done through Flyway. [Here's a brief explanation on how +versioning with Flyway works](https://flywaydb.org/documentation/getstarted/how). + +Each migration should have its own file, which must follow [this naming +pattern](https://flywaydb.org/documentation/concepts/migrations#naming). + +## Follow our best practices + +- Java source code must be formatted according to +[Google Java Style Guide](https://google.github.io/styleguide/javaguide.html), +as mentioned. There's a pipeline to unsure all of our code is good to go. +- We try to use [conventional commits](https://www.conventionalcommits.org/) +because it makes the process of generating changelogs way easier. So we encourage +you to read at least the [summary](https://www.conventionalcommits.org/en/v1.0.0/#summary) +that summarize and give some examples. \ No newline at end of file diff --git a/backend/Dockerfile b/backend/Dockerfile index b5fdfe1b1..02b1c07d4 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -22,4 +22,5 @@ COPY dockerfile-entrypoint.sh /usr/share/service/dockerfile-entrypoint.sh EXPOSE 8090 USER 1001 +HEALTHCHECK --interval=35s --timeout=4s CMD curl -f http://localhost:8090/actuator/health | grep '"status":"UP"' ENTRYPOINT ["/usr/share/service/dockerfile-entrypoint.sh"] diff --git a/backend/README.md b/backend/README.md new file mode 100644 index 000000000..17f458576 --- /dev/null +++ b/backend/README.md @@ -0,0 +1,101 @@ +# SPAR Back-end REST API + +This repository holds a set of policies, standards, guides, and pipelines to +get started with a back-end API. Before writing your first line of code, please +take a moment and check out our [CONTRIBUTING](CONTRIBUTING.md) guide. + +## Our Policy + +- Work in the open: That means that everything we do should be open, should be +public. Please, don't create private repositories unless you have a very strong +reason. Keeping things public is a must follow rule for BC Government. +- Customer centred services: All the work that's been created is to improve users, +customers, and friends usability and experience. Is important to keep that in mind +because as engineers sometimes we face technical issues, however, our goal is +to have a good product. +- Community based work: Remember that you're not alone. It's very likely that +your problem is someone else's problem. Let's figure it out together. So, ask +a question using our channels. We have [our own Stackoverflow](https://stackoverflow.developer.gov.bc.ca/) +and [our Rocket Chat](https://chat.developer.gov.bc.ca/) channel. + +# Stack + +Here you can find a comprehensive list of all languages and tools that are been used +in this service. And also everything you need to get started, build locally, test +and deploy it. + +- Java ecosystem + - Maven + - Open JDK 17 + - Spring Web MVC Framework + - JPA and Hibernate Framework +- Testing + - JUnit 5 + - Mockito and Mock MVC + - Automated tests with Postman and Newman +- Database + - PostgreSQL + - Versioning with [Flyway](https://flywaydb.org/) +- DevOps + - Docker + - Docker Composer + - Sonar Cloud + - Deploy to OpenShift with GitHub Actions +- Tools (Recommendations) + - IntelliJ IDEA + - Postman + - DBeaver + +# Getting started + +Once you have cloned this repository, can get it running by typing: `./mvnw spring-boot:run` +from the project root directory. You **must** provide three environment variables for database +access configuration: + +Then head to http://localhost:8090/actuator/health to check if the system was successfully launched: +the `status` property should have the value *UP*. + +Before writing your first line of code, and learn more about the checks, including +tests, please take a moment and check out our [CONTRIBUTING](CONTRIBUTING.md) guide. + +## Quick look + +If all you want is to take a quick look at the running service, you can do it by using Docker Compose. + +Be aware of the required environment variables: + +```sh +FORESTCLIENTAPI_KEY=[key-here] + +``` + +✅ You can export all environment variables from a .env file with this command (On Linux): + +```sh +export $(cat .env | xargs) +``` + +Run with (from the project root): +```sh +docker-compose up --build backend -d +``` + +⚠️ You'll need a PostgreSQL database running. Here's how you can get it up and running: + +Run with (from the project root): +```sh +docker-compose up --build database -d +``` + +Use this environment variables + +```sh +POSTGRES_USER=postgres +POSTGRES_DB=postgres +POSTGRES_PASSWORD=default +``` + +## Getting help + +As mentioned, we're here to help. Feel free to start a conversation +on Rocket chat or ask a question on Stackoverflow. \ No newline at end of file diff --git a/backend/mvnw b/backend/mvnw index 8a8fb2282..8d937f4c1 100755 --- a/backend/mvnw +++ b/backend/mvnw @@ -8,7 +8,7 @@ # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # -# https://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an @@ -19,7 +19,7 @@ # ---------------------------------------------------------------------------- # ---------------------------------------------------------------------------- -# Maven Start Up Batch script +# Apache Maven Wrapper startup batch script, version 3.2.0 # # Required ENV vars: # ------------------ @@ -27,7 +27,6 @@ # # Optional ENV vars # ----------------- -# M2_HOME - location of maven2's installed home dir # MAVEN_OPTS - parameters passed to the Java VM when running Maven # e.g. to debug Maven itself, use # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 @@ -54,7 +53,7 @@ fi cygwin=false; darwin=false; mingw=false -case "`uname`" in +case "$(uname)" in CYGWIN*) cygwin=true ;; MINGW*) mingw=true;; Darwin*) darwin=true @@ -62,9 +61,9 @@ case "`uname`" in # See https://developer.apple.com/library/mac/qa/qa1170/_index.html if [ -z "$JAVA_HOME" ]; then if [ -x "/usr/libexec/java_home" ]; then - export JAVA_HOME="`/usr/libexec/java_home`" + JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME else - export JAVA_HOME="/Library/Java/Home" + JAVA_HOME="/Library/Java/Home"; export JAVA_HOME fi fi ;; @@ -72,68 +71,38 @@ esac if [ -z "$JAVA_HOME" ] ; then if [ -r /etc/gentoo-release ] ; then - JAVA_HOME=`java-config --jre-home` + JAVA_HOME=$(java-config --jre-home) fi fi -if [ -z "$M2_HOME" ] ; then - ## resolve links - $0 may be a link to maven's home - PRG="$0" - - # need this for relative symlinks - while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG="`dirname "$PRG"`/$link" - fi - done - - saveddir=`pwd` - - M2_HOME=`dirname "$PRG"`/.. - - # make it fully qualified - M2_HOME=`cd "$M2_HOME" && pwd` - - cd "$saveddir" - # echo Using m2 at $M2_HOME -fi - # For Cygwin, ensure paths are in UNIX format before anything is touched if $cygwin ; then - [ -n "$M2_HOME" ] && - M2_HOME=`cygpath --unix "$M2_HOME"` [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + JAVA_HOME=$(cygpath --unix "$JAVA_HOME") [ -n "$CLASSPATH" ] && - CLASSPATH=`cygpath --path --unix "$CLASSPATH"` + CLASSPATH=$(cygpath --path --unix "$CLASSPATH") fi # For Mingw, ensure paths are in UNIX format before anything is touched if $mingw ; then - [ -n "$M2_HOME" ] && - M2_HOME="`(cd "$M2_HOME"; pwd)`" - [ -n "$JAVA_HOME" ] && - JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] && + JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)" fi if [ -z "$JAVA_HOME" ]; then - javaExecutable="`which javac`" - if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + javaExecutable="$(which javac)" + if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then # readlink(1) is not available as standard on Solaris 10. - readLink=`which readlink` - if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + readLink=$(which readlink) + if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then if $darwin ; then - javaHome="`dirname \"$javaExecutable\"`" - javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + javaHome="$(dirname "\"$javaExecutable\"")" + javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac" else - javaExecutable="`readlink -f \"$javaExecutable\"`" + javaExecutable="$(readlink -f "\"$javaExecutable\"")" fi - javaHome="`dirname \"$javaExecutable\"`" - javaHome=`expr "$javaHome" : '\(.*\)/bin'` + javaHome="$(dirname "\"$javaExecutable\"")" + javaHome=$(expr "$javaHome" : '\(.*\)/bin') JAVA_HOME="$javaHome" export JAVA_HOME fi @@ -149,7 +118,7 @@ if [ -z "$JAVACMD" ] ; then JAVACMD="$JAVA_HOME/bin/java" fi else - JAVACMD="`\\unset -f command; \\command -v java`" + JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)" fi fi @@ -163,12 +132,9 @@ if [ -z "$JAVA_HOME" ] ; then echo "Warning: JAVA_HOME environment variable is not set." fi -CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher - # traverses directory structure from process work directory to filesystem root # first directory with .mvn subdirectory is considered project base directory find_maven_basedir() { - if [ -z "$1" ] then echo "Path not specified to find_maven_basedir" @@ -184,96 +150,99 @@ find_maven_basedir() { fi # workaround for JBEAP-8937 (on Solaris 10/Sparc) if [ -d "${wdir}" ]; then - wdir=`cd "$wdir/.."; pwd` + wdir=$(cd "$wdir/.." || exit 1; pwd) fi # end of workaround done - echo "${basedir}" + printf '%s' "$(cd "$basedir" || exit 1; pwd)" } # concatenates all lines of a file concat_lines() { if [ -f "$1" ]; then - echo "$(tr -s '\n' ' ' < "$1")" + # Remove \r in case we run on Windows within Git Bash + # and check out the repository with auto CRLF management + # enabled. Otherwise, we may read lines that are delimited with + # \r\n and produce $'-Xarg\r' rather than -Xarg due to word + # splitting rules. + tr -s '\r\n' ' ' < "$1" + fi +} + +log() { + if [ "$MVNW_VERBOSE" = true ]; then + printf '%s\n' "$1" fi } -BASE_DIR=`find_maven_basedir "$(pwd)"` +BASE_DIR=$(find_maven_basedir "$(dirname "$0")") if [ -z "$BASE_DIR" ]; then exit 1; fi +MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR +log "$MAVEN_PROJECTBASEDIR" + ########################################################################################## # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central # This allows using the maven wrapper in projects that prohibit checking in binary data. ########################################################################################## -if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then - if [ "$MVNW_VERBOSE" = true ]; then - echo "Found .mvn/wrapper/maven-wrapper.jar" - fi +wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" +if [ -r "$wrapperJarPath" ]; then + log "Found $wrapperJarPath" else - if [ "$MVNW_VERBOSE" = true ]; then - echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." - fi + log "Couldn't find $wrapperJarPath, downloading it ..." + if [ -n "$MVNW_REPOURL" ]; then - jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" else - jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" fi - while IFS="=" read key value; do - case "$key" in (wrapperUrl) jarUrl="$value"; break ;; + while IFS="=" read -r key value; do + # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' ) + safeValue=$(echo "$value" | tr -d '\r') + case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;; esac - done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" - if [ "$MVNW_VERBOSE" = true ]; then - echo "Downloading from: $jarUrl" - fi - wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" + done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties" + log "Downloading from: $wrapperUrl" + if $cygwin; then - wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` + wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath") fi if command -v wget > /dev/null; then - if [ "$MVNW_VERBOSE" = true ]; then - echo "Found wget ... using wget" - fi + log "Found wget ... using wget" + [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet" if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then - wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" + wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" else - wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" + wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" fi elif command -v curl > /dev/null; then - if [ "$MVNW_VERBOSE" = true ]; then - echo "Found curl ... using curl" - fi + log "Found curl ... using curl" + [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent" if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then - curl -o "$wrapperJarPath" "$jarUrl" -f + curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath" else - curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f + curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath" fi - else - if [ "$MVNW_VERBOSE" = true ]; then - echo "Falling back to using Java to download" - fi - javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" + log "Falling back to using Java to download" + javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java" + javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class" # For Cygwin, switch paths to Windows format before running javac if $cygwin; then - javaClass=`cygpath --path --windows "$javaClass"` + javaSource=$(cygpath --path --windows "$javaSource") + javaClass=$(cygpath --path --windows "$javaClass") fi - if [ -e "$javaClass" ]; then - if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then - if [ "$MVNW_VERBOSE" = true ]; then - echo " - Compiling MavenWrapperDownloader.java ..." - fi - # Compiling the Java class - ("$JAVA_HOME/bin/javac" "$javaClass") + if [ -e "$javaSource" ]; then + if [ ! -e "$javaClass" ]; then + log " - Compiling MavenWrapperDownloader.java ..." + ("$JAVA_HOME/bin/javac" "$javaSource") fi - if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then - # Running the downloader - if [ "$MVNW_VERBOSE" = true ]; then - echo " - Running MavenWrapperDownloader.java ..." - fi - ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") + if [ -e "$javaClass" ]; then + log " - Running MavenWrapperDownloader.java ..." + ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath" fi fi fi @@ -282,35 +251,58 @@ fi # End of extension ########################################################################################## -export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} -if [ "$MVNW_VERBOSE" = true ]; then - echo $MAVEN_PROJECTBASEDIR +# If specified, validate the SHA-256 sum of the Maven wrapper jar file +wrapperSha256Sum="" +while IFS="=" read -r key value; do + case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;; + esac +done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties" +if [ -n "$wrapperSha256Sum" ]; then + wrapperSha256Result=false + if command -v sha256sum > /dev/null; then + if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then + wrapperSha256Result=true + fi + elif command -v shasum > /dev/null; then + if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then + wrapperSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." + echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties." + exit 1 + fi + if [ $wrapperSha256Result = false ]; then + echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2 + echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2 + echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2 + exit 1 + fi fi + MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" # For Cygwin, switch paths to Windows format before running java if $cygwin; then - [ -n "$M2_HOME" ] && - M2_HOME=`cygpath --path --windows "$M2_HOME"` [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME") [ -n "$CLASSPATH" ] && - CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + CLASSPATH=$(cygpath --path --windows "$CLASSPATH") [ -n "$MAVEN_PROJECTBASEDIR" ] && - MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` + MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR") fi # Provide a "standardized" way to retrieve the CLI args that will # work with both Windows and non-Windows executions. -MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" +MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*" export MAVEN_CMD_LINE_ARGS WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain +# shellcheck disable=SC2086 # safe args exec "$JAVACMD" \ $MAVEN_OPTS \ $MAVEN_DEBUG_OPTS \ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ - "-Dmaven.home=${M2_HOME}" \ "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/backend/mvnw.cmd b/backend/mvnw.cmd index 1d8ab018e..f80fbad3e 100644 --- a/backend/mvnw.cmd +++ b/backend/mvnw.cmd @@ -1,188 +1,205 @@ -@REM ---------------------------------------------------------------------------- -@REM Licensed to the Apache Software Foundation (ASF) under one -@REM or more contributor license agreements. See the NOTICE file -@REM distributed with this work for additional information -@REM regarding copyright ownership. The ASF licenses this file -@REM to you under the Apache License, Version 2.0 (the -@REM "License"); you may not use this file except in compliance -@REM with the License. You may obtain a copy of the License at -@REM -@REM https://www.apache.org/licenses/LICENSE-2.0 -@REM -@REM Unless required by applicable law or agreed to in writing, -@REM software distributed under the License is distributed on an -@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -@REM KIND, either express or implied. See the License for the -@REM specific language governing permissions and limitations -@REM under the License. -@REM ---------------------------------------------------------------------------- - -@REM ---------------------------------------------------------------------------- -@REM Maven Start Up Batch script -@REM -@REM Required ENV vars: -@REM JAVA_HOME - location of a JDK home dir -@REM -@REM Optional ENV vars -@REM M2_HOME - location of maven2's installed home dir -@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands -@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending -@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven -@REM e.g. to debug Maven itself, use -@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files -@REM ---------------------------------------------------------------------------- - -@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' -@echo off -@REM set title of command window -title %0 -@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' -@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% - -@REM set %HOME% to equivalent of $HOME -if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") - -@REM Execute a user defined script before this one -if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre -@REM check for pre script, once with legacy .bat ending and once with .cmd ending -if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* -if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* -:skipRcPre - -@setlocal - -set ERROR_CODE=0 - -@REM To isolate internal variables from possible post scripts, we use another setlocal -@setlocal - -@REM ==== START VALIDATION ==== -if not "%JAVA_HOME%" == "" goto OkJHome - -echo. -echo Error: JAVA_HOME not found in your environment. >&2 -echo Please set the JAVA_HOME variable in your environment to match the >&2 -echo location of your Java installation. >&2 -echo. -goto error - -:OkJHome -if exist "%JAVA_HOME%\bin\java.exe" goto init - -echo. -echo Error: JAVA_HOME is set to an invalid directory. >&2 -echo JAVA_HOME = "%JAVA_HOME%" >&2 -echo Please set the JAVA_HOME variable in your environment to match the >&2 -echo location of your Java installation. >&2 -echo. -goto error - -@REM ==== END VALIDATION ==== - -:init - -@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". -@REM Fallback to current working directory if not found. - -set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% -IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir - -set EXEC_DIR=%CD% -set WDIR=%EXEC_DIR% -:findBaseDir -IF EXIST "%WDIR%"\.mvn goto baseDirFound -cd .. -IF "%WDIR%"=="%CD%" goto baseDirNotFound -set WDIR=%CD% -goto findBaseDir - -:baseDirFound -set MAVEN_PROJECTBASEDIR=%WDIR% -cd "%EXEC_DIR%" -goto endDetectBaseDir - -:baseDirNotFound -set MAVEN_PROJECTBASEDIR=%EXEC_DIR% -cd "%EXEC_DIR%" - -:endDetectBaseDir - -IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig - -@setlocal EnableExtensions EnableDelayedExpansion -for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a -@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% - -:endReadAdditionalConfig - -SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" -set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" -set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain - -set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" - -FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( - IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B -) - -@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central -@REM This allows using the maven wrapper in projects that prohibit checking in binary data. -if exist %WRAPPER_JAR% ( - if "%MVNW_VERBOSE%" == "true" ( - echo Found %WRAPPER_JAR% - ) -) else ( - if not "%MVNW_REPOURL%" == "" ( - SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" - ) - if "%MVNW_VERBOSE%" == "true" ( - echo Couldn't find %WRAPPER_JAR%, downloading it ... - echo Downloading from: %DOWNLOAD_URL% - ) - - powershell -Command "&{"^ - "$webclient = new-object System.Net.WebClient;"^ - "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ - "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ - "}"^ - "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ - "}" - if "%MVNW_VERBOSE%" == "true" ( - echo Finished downloading %WRAPPER_JAR% - ) -) -@REM End of extension - -@REM Provide a "standardized" way to retrieve the CLI args that will -@REM work with both Windows and non-Windows executions. -set MAVEN_CMD_LINE_ARGS=%* - -%MAVEN_JAVA_EXE% ^ - %JVM_CONFIG_MAVEN_PROPS% ^ - %MAVEN_OPTS% ^ - %MAVEN_DEBUG_OPTS% ^ - -classpath %WRAPPER_JAR% ^ - "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ - %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* -if ERRORLEVEL 1 goto error -goto end - -:error -set ERROR_CODE=1 - -:end -@endlocal & set ERROR_CODE=%ERROR_CODE% - -if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost -@REM check for post script, once with legacy .bat ending and once with .cmd ending -if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" -if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" -:skipRcPost - -@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' -if "%MAVEN_BATCH_PAUSE%"=="on" pause - -if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% - -cmd /C exit /B %ERROR_CODE% +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.2.0 +@REM +@REM Required ENV vars: +@REM JAVA_HOME - location of a JDK home dir +@REM +@REM Optional ENV vars +@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands +@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending +@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven +@REM e.g. to debug Maven itself, use +@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files +@REM ---------------------------------------------------------------------------- + +@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' +@echo off +@REM set title of command window +title %0 +@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' +@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% + +@REM set %HOME% to equivalent of $HOME +if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") + +@REM Execute a user defined script before this one +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre +@REM check for pre script, once with legacy .bat ending and once with .cmd ending +if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* +if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* +:skipRcPre + +@setlocal + +set ERROR_CODE=0 + +@REM To isolate internal variables from possible post scripts, we use another setlocal +@setlocal + +@REM ==== START VALIDATION ==== +if not "%JAVA_HOME%" == "" goto OkJHome + +echo. +echo Error: JAVA_HOME not found in your environment. >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +:OkJHome +if exist "%JAVA_HOME%\bin\java.exe" goto init + +echo. +echo Error: JAVA_HOME is set to an invalid directory. >&2 +echo JAVA_HOME = "%JAVA_HOME%" >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +@REM ==== END VALIDATION ==== + +:init + +@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". +@REM Fallback to current working directory if not found. + +set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% +IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir + +set EXEC_DIR=%CD% +set WDIR=%EXEC_DIR% +:findBaseDir +IF EXIST "%WDIR%"\.mvn goto baseDirFound +cd .. +IF "%WDIR%"=="%CD%" goto baseDirNotFound +set WDIR=%CD% +goto findBaseDir + +:baseDirFound +set MAVEN_PROJECTBASEDIR=%WDIR% +cd "%EXEC_DIR%" +goto endDetectBaseDir + +:baseDirNotFound +set MAVEN_PROJECTBASEDIR=%EXEC_DIR% +cd "%EXEC_DIR%" + +:endDetectBaseDir + +IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig + +@setlocal EnableExtensions EnableDelayedExpansion +for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a +@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% + +:endReadAdditionalConfig + +SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" +set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" +set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" + +FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( + IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B +) + +@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +@REM This allows using the maven wrapper in projects that prohibit checking in binary data. +if exist %WRAPPER_JAR% ( + if "%MVNW_VERBOSE%" == "true" ( + echo Found %WRAPPER_JAR% + ) +) else ( + if not "%MVNW_REPOURL%" == "" ( + SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" + ) + if "%MVNW_VERBOSE%" == "true" ( + echo Couldn't find %WRAPPER_JAR%, downloading it ... + echo Downloading from: %WRAPPER_URL% + ) + + powershell -Command "&{"^ + "$webclient = new-object System.Net.WebClient;"^ + "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ + "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ + "}"^ + "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^ + "}" + if "%MVNW_VERBOSE%" == "true" ( + echo Finished downloading %WRAPPER_JAR% + ) +) +@REM End of extension + +@REM If specified, validate the SHA-256 sum of the Maven wrapper jar file +SET WRAPPER_SHA_256_SUM="" +FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( + IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B +) +IF NOT %WRAPPER_SHA_256_SUM%=="" ( + powershell -Command "&{"^ + "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^ + "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^ + " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^ + " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^ + " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^ + " exit 1;"^ + "}"^ + "}" + if ERRORLEVEL 1 goto error +) + +@REM Provide a "standardized" way to retrieve the CLI args that will +@REM work with both Windows and non-Windows executions. +set MAVEN_CMD_LINE_ARGS=%* + +%MAVEN_JAVA_EXE% ^ + %JVM_CONFIG_MAVEN_PROPS% ^ + %MAVEN_OPTS% ^ + %MAVEN_DEBUG_OPTS% ^ + -classpath %WRAPPER_JAR% ^ + "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ + %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* +if ERRORLEVEL 1 goto error +goto end + +:error +set ERROR_CODE=1 + +:end +@endlocal & set ERROR_CODE=%ERROR_CODE% + +if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost +@REM check for post script, once with legacy .bat ending and once with .cmd ending +if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" +if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" +:skipRcPost + +@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' +if "%MAVEN_BATCH_PAUSE%"=="on" pause + +if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% + +cmd /C exit /B %ERROR_CODE% diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 1bd3cda7e..198ca1891 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -14,7 +14,7 @@ management.endpoint.health.show-details = always # Others nr-spar-backend-version = ${NR_SPAR_BACKEND_VERSION:#{'snapshot'}} -server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://localhost:8090'}} +server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://127.*, http://localhost:300*'}} # Database, datasource and JPA spring.datasource.driver-class-name = org.postgresql.Driver diff --git a/backend/src/test/resources/application.properties b/backend/src/test/resources/application.properties index e7450bac6..5dcafe674 100644 --- a/backend/src/test/resources/application.properties +++ b/backend/src/test/resources/application.properties @@ -23,6 +23,6 @@ management.endpoint.health.show-details = always # Others nr-spar-backend-version = ${NR_SPAR_BACKEND_VERSION:#{'dev'}} -server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://localhost:300*'}} +server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://127.*, http://localhost:300*'}} forest-client-api.key= forest-client-api.address=https://nonexistent.org diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 000000000..368e798f0 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,125 @@ +version: '3.9' + +services: + database: + container_name: database + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: default + POSTGRES_DB: postgres + hostname: database + ports: + - "5432:5432" + networks: + - local + restart: always + volumes: + - /pgdata + build: + context: ./database + dockerfile: Dockerfile + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U postgres -d postgres" ] + interval: 5s + timeout: 5s + retries: 5 + + backend: + container_name: backend + depends_on: + database: + condition: service_healthy + environment: + NR_SPAR_BACKEND_VERSION: dev + KEYCLOAK_REALM_URL: https://test.loginproxy.gov.bc.ca/auth/realms/standard + POSTGRESQL_HOST: database + POSTGRESQL_DATABASE: postgres + POSTGRESQL_USER: postgres + POSTGRESQL_PASSWORD: default + FORESTCLIENTAPI_ADDRESS: https://nr-forest-client-api-prod.api.gov.bc.ca/api + FORESTCLIENTAPI_KEY: ${FORESTCLIENTAPI_KEY} + JAVA_OPTS: ${JAVA_OPTS} + healthcheck: + test: + [ + "CMD", + "wget", + "--no-verbose", + "--tries=1", + "--spider", + "http://localhost:8090/actuator/health" + ] + interval: 1m30s + timeout: 3s + retries: 3 + start_period: 40s + hostname: backend + ports: + - "8090:8090" + networks: + - local + build: + context: ./backend + dockerfile: Dockerfile + + oracle-api: + container_name: oracle-api + environment: + NR_SPAR_ORACLE_API_VERSION: "dev" + SERVER_PORT: "8091" + DATABASE_HOST: "nrcdb03.bcgov" + DATABASE_PORT: "1543" + SERVICE_NAME: "dbq01.nrs.bcgov" + DATABASE_USER: ${DATABASE_USER} + DATABASE_PASSWORD: ${DATABASE_PASSWORD} + KEYCLOAK_REALM_URL: "https://test.loginproxy.gov.bc.ca/auth/realms/standard" + JAVA_OPTS: ${JAVA_OPTS} + healthcheck: + test: [ "CMD", "java", "HealthCheck" ] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s + hostname: oracle-api + ports: + - "8091:8091" + networks: + - local + build: + context: ./oracle-api + dockerfile: Dockerfile + + frontend: + container_name: frontend + environment: + REACT_APP_NRSPARWEBAPP_VERSION: dev + REACT_APP_SERVER_URL: "http://localhost:8090" + REACT_APP_ORACLE_SERVER_URL: "http://localhost:8091" + REACT_APP_KC_URL: https://test.loginproxy.gov.bc.ca/auth + REACT_APP_KC_REALM: standard + REACT_APP_KC_CLIENT_ID: seed-planning-test-4296 + ports: + - "3000:3000" + networks: + - local + restart: always + build: + context: ./frontend + dockerfile: Dockerfile + healthcheck: + test: + [ + "CMD", + "wget", + "--no-verbose", + "--tries=1", + "--spider", + "http://localhost:3000/" + ] + interval: 15s + timeout: 5s + retries: 5 + +networks: + local: + name: spar diff --git a/frontend/Dockerfile b/frontend/Dockerfile index a618f8a40..d4ce535a5 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -4,11 +4,11 @@ FROM node:16.19.1-alpine3.17 AS build # Copy and build WORKDIR /app COPY . . -RUN yarn install --frozen-lockfile --prefer-offline +RUN apk add --no-cache python3 g++ make &&\ + yarn install --frozen-lockfile --prefer-offline RUN yarn build:production RUN rm -rf node_modules - # Deploy FROM node:16.19.1-alpine3.17 @@ -21,6 +21,6 @@ RUN yarn global add serve@14.2.0 react-inject-env@2.1.0 && \ # User and startup EXPOSE 3000 USER 1001 -HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000 +HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3000/ CMD react-inject-env set -d . && \ - serve -s . + serve --no-clipboard --single . diff --git a/frontend/README.md b/frontend/README.md index 3f97ce792..16fa30804 100644 --- a/frontend/README.md +++ b/frontend/README.md @@ -82,22 +82,11 @@ our [CONTRIBUTING](CONTRIBUTING.md) guide. ## Quick look But if all you want is to take a quick look on the running service, you can do it by -using Docker. +using Docker Compose. -⚠️ Note that you'll need those environment variables mentioned above! - -Build Docker image: +Run with (from the project root): ```sh -cd frontend -docker build -t frontend . -``` - -Then run with: -``` -docker run -p 3000:3000 \ - --env-file .env \ - --tty --interactive \ - frontend +docker-compose up --build frontend -d ``` ## Getting help diff --git a/oracle-api/CONTRIBUTING.md b/oracle-api/CONTRIBUTING.md index 023c810a5..37cbf693d 100644 --- a/oracle-api/CONTRIBUTING.md +++ b/oracle-api/CONTRIBUTING.md @@ -69,23 +69,43 @@ You can check your code before submitting with `./mvnw --no-transfer-progress ch ## Run this application After setting up your environment you might want to see this service running. -You can get it up and running by typing `./mvnw spring-boot:run` in the project -root directory. +You can get it up and running by typing (in the project root directory): + +```sh +./mvnw spring-boot:run +``` In case you want to debug with remote JVM, you can do it with this command: -`./mvnw spring-boot:run -Dspring-boot.run.jvmArguments="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"` -Note: TODO add here about database and running HOW-TOs. +```sh +./mvnw spring-boot:run -Dspring-boot.run.jvmArguments="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005" +``` ## Run tests -For unit tests, please use this command: `./mvnw test --file pom.xml` +For unit tests, please use this command: +```sh +./mvnw test --file pom.xml +``` + +And for integration tests: +```sh +./mvnw verify -P integration-test --file pom.xml +``` + +Tests coverage and reports can be seen on your commits and pull requests. +But in case you want to check it locally, use this command to run all tests: + +```sh +./mvnw --no-transfer-progress clean verify -P all-tests --file pom.xml +``` -And for integration tests, this one: `./mvnw verify -P integration-test --file pom.xml` +And check out the html file generated: -Tests coverage reports can be seen on your commits and pull requests. But in case you -want to check locally, use this command to run all tests `./mvnw --no-transfer-progress clean verify -P all-tests --file pom.xml`, -and check out the files inside `target/coverage-reports/` +```sh +x-www-browser target/coverage-reports/merged-test-report/index.html # For Linux +open target/coverage-reports/merged-test-report/index.html # For MacOS +``` ## Submit pull requests diff --git a/oracle-api/Dockerfile b/oracle-api/Dockerfile index f1cc2c859..b833fe270 100644 --- a/oracle-api/Dockerfile +++ b/oracle-api/Dockerfile @@ -7,7 +7,7 @@ COPY . ./ RUN ./mvnw --no-transfer-progress --update-snapshots clean package -Dtests.skip=true -Dskip.unit.tests=true # Deploy container -FROM eclipse-temurin:17-jdk-alpine AS deploy +FROM eclipse-temurin:17.0.7_7-jre-jammy AS deploy ENV LANG en_CA.UTF-8 ENV LANGUAGE en_CA.UTF-8 ENV LC_ALL en_CA.UTF-8 @@ -24,5 +24,5 @@ RUN mkdir config dump public && \ # Port, user and entrypoint EXPOSE 8090 USER 1001 -HEALTHCHECK --interval=35s --timeout=4s CMD wget --spider -S http://127.0.0.1:8090/check +HEALTHCHECK --interval=35s --timeout=4s CMD java HealthCheck ENTRYPOINT ["/usr/share/service/dockerfile-entrypoint.sh"] diff --git a/oracle-api/HealthCheck.java b/oracle-api/HealthCheck.java index 95ae8a93c..6374d5dac 100644 --- a/oracle-api/HealthCheck.java +++ b/oracle-api/HealthCheck.java @@ -3,15 +3,20 @@ import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse.BodyHandlers; +import java.util.Objects; public class HealthCheck { public static void main(String[] args) throws IOException, InterruptedException { var client = HttpClient.newHttpClient(); - var request = - HttpRequest.newBuilder() - .uri(URI.create("http://localhost:8090/actuator/health")) + String port = System.getenv("SERVER_PORT"); + if (Objects.isNull(port)) { + port = "8090"; + } + + var request = HttpRequest.newBuilder() + .uri(URI.create("http://localhost:"+port+"/actuator/health")) .header("accept", "application/json") .build(); diff --git a/oracle-api/README.md b/oracle-api/README.md index ea3307506..480a97623 100644 --- a/oracle-api/README.md +++ b/oracle-api/README.md @@ -1,9 +1,4 @@ -[![Lifecycle:Experimental](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/nr-spar-oracle-api) -![Coverage](.github/badges/jacoco.svg) -![Branches](.github/badges/branches.svg) -[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=bcgov_nr-backend-starting-api&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=bcgov_nr-backend-starting-api) - -# Natural Resources SPAR Oracle API +# SPAR Oracle API This repository holds a set of policies, standards, guides, and pipelines to get started with a back-end API. Before writing your first line of code, please @@ -57,14 +52,7 @@ and deploy it. ## Getting started Once you have cloned this repository, can get it running by typing: `./mvnw spring-boot:run` -from the project root directory. You **must** provide three environment variables for database -access configuration: - -- `DATABASE_HOST` -- `DATABASE_PORT` -- `SERVICE_NAME` (the database's name) -- `DATABASE_USER` -- `DATABASE_PASSWORD` +from the project root directory. You **must** provide bellow environment variables: Then head to http://localhost:8090/actuator/health to check if the system was successfully launched: the `status` property should have the value *UP*. @@ -75,17 +63,12 @@ tests, please take a moment and check out our [CONTRIBUTING](CONTRIBUTING.md) gu ### Quick look But if all you want is to take a quick look on the running service, you can do it by -using Docker. +using Docker and the Composer plugin. Note that you'll need these environment variables: ```sh -NR_SPAR_ORACLE_API_VERSION=dev -DATABASE_HOST=nrcdb03.bcgov -DATABASE_PORT=1543 -SERVICE_NAME=fortmp1.nrs.bcgov DATABASE_USER=[user-here] DATABASE_PASSWORD=[password-here] -KEYCLOAK_REALM_URL=KEYCLOAK_REALM_URL=https://test.loginproxy.gov.bc.ca/auth/realms/standard ``` ✅ You can export all environment variables from a .env file with this command (On Linux): @@ -94,25 +77,12 @@ KEYCLOAK_REALM_URL=KEYCLOAK_REALM_URL=https://test.loginproxy.gov.bc.ca/auth/rea export $(cat .env | xargs) ``` -Build the service: +Run with (from the project root): ```sh -cd oracle-api -docker build -t oracle-api . -``` - -Then run with: -``` -docker run -p 8090:8090 \ - -e KEYCLOAK_REALM_URL=https://test.loginproxy.gov.bc.ca/auth/realms/standard \ - -t oracle-api -``` - -However, if you have docker-compose you can do: -``` -docker-compose up --build --force-recreate --no-deps +docker-compose up --build oracle-api -d ``` -You'll need to provide the address of the DNS server to be used by the container in the environment +If you're in Brazil, you'll need to provide the address of the DNS server to be used by the container in the environment variable `DNS_ADDRESS`: you can find the address of the DNS server you're using right now using [nslookup](https://en.wikipedia.org/wiki/Nslookup), for instance. @@ -121,4 +91,4 @@ You can then check the API documentation accessing `localhost:8090/swagger-ui.ht ## Getting help As mentioned, we're here to help. Feel free to start a conversation -on Rocket chat or ask a question on Stackoverflow. \ No newline at end of file +on Rocket chat or ask a question on Stackoverflow. diff --git a/oracle-api/README_template.md b/oracle-api/README_template.md deleted file mode 100644 index 38eb1bb9d..000000000 --- a/oracle-api/README_template.md +++ /dev/null @@ -1,193 +0,0 @@ - - -[![Contributors](https://img.shields.io/github/contributors/bcgov/greenfield-template)](/../../graphs/contributors) -[![Forks](https://img.shields.io/github/forks/bcgov/greenfield-template)](/../../network/members) -[![Stargazers](https://img.shields.io/github/stars/bcgov/greenfield-template)](/../../stargazers) -[![Issues](https://img.shields.io/github/issues/bcgov/greenfield-template)](/../../issues) -[![MIT License](https://img.shields.io/github/license/bcgov/greenfield-template.svg)](/LICENSE.md) -[![Lifecycle](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) - -# Greenfield Template - DevOps Quickstart - -## Overview - -The Greenfield-template is a fully functional set of pipeline workflows and a starter application stack intended to help Agile DevOps teams hit the ground running. Currently supports OpenShift with plans for AWS (Amazon Web Services). Pipelines are run using [GitHub Actions](https://github.com/bcgov/greenfield-template/actions). - -Features: -* Pull Request-based pipeline -* Sandboxed development deployments -* Gated production deployments -* Container publishing (ghcr.io) and importing (OpenShift) -* Security, vulnerability, infrastructure and container scan tools -* Automatic dependency patching with Pull Requests -* Enforced code reviews and pipeline checks -* Templates and setup documentation -* Starter TypeScript application stack - -This project is in active development. Please visit our [issues](https://github.com/bcgov/greenfield-template/issues) page to view or request features. - -### Workflow 1 of 3: PR Open - -![1/3: PR Open](.github/graphics/pipeline1of3.png) - -### Workflow 2 of 3: PR Close - -![2/3: PR Close](.github/graphics/pipeline2of3.png) - -### Workflow 3 of 3: Main Merge - -![3/3: Main Merge](.github/graphics/pipeline3of3.png) - -### Deployments - -Out-of-the-box, sandboxed, pull request-based development deployments allowing for multiple developers to work on and see their features at once. - -Deployment to production is gatekept using GitHub environments, requiring sign off from code maintainers. - -Deployment to test, staging or pre-prod (pick a name!) is currently planned to be transitory, allowing access to gatekept data, but only stopping before production deployment if a failure occurs. (work in progress) - -Successful deployments are linked in Pull Request comments. - -![Deployment Update](.github/graphics/deploymentUpdate.png) - -### Builds - -Builds are handled by Docker Actions and published to the GitHub Container Registry (ghcr.io). This allows for publicly accessible builds that can be consumed by OpenShift, Amazon Web Services or any other container service. - -![Packages](.github/graphics/packages.png) - -### Testing - -Unit tests are run in jest, but other test frameworks can always be installed. SonarCube should be configured to pick up sarif files and provide coverage reports. - -### Code Quality - -Code quality is reporting are performed by: - -* SonarCloud -* CodeQL - -Sonar reports are provided as Pull Request comments. - -![Sonar Cloud Update](.github/graphics/sonarUpdate.png) - -### Code Coverage - -Code coverage is generated by any included tests. Results are provided as Pull Request comments. - -![Code Coverage](.github/graphics/codeCoverage.png) - -### Security Scanning - -Dependency, container and vulnerability scanning is performed by: - -* Trivy -* Snyk - -### Penetration Testing - -Penetration testing and reporting is performed by: - -* OWASP ZAP - -### Dependency Management - -Dependency scanning, patching and updating by PR is performed by: - -* Snyk - -![Dependency Management](.github/graphics/depMgmt.png) - -### Higher-Level Environments - -Higher-level environments come after DEV deployments and are usually called any of TEST, STAGING, PRE-PROD or PROD. Since data and token access is more frequently sensitive access must be controlled by only allowing access from a merge to the main branch. - -### Higher-Level Environment Gatekeeping - -Optionally, higher-level deployments can be prevented until manually approved. - -![Prod Request](.github/graphics/prodRequest.png) - -![Prod Accept](.github/graphics/prodAccept.png) - -## Workflows - -### 1: Pull Request Opened/Modified - -This workflow is triggered when a Pull Request to the main branch is created or modified. Each development deployment is separate, using its own stack. This avoids collisions between development environments and provides isolation for testing and experimentation. Pipeline steps are enforced, preventing merge of failing code. - -The workflow, located [here](https://github.com/bcgov/greenfield-template/blob/main/.github/workflows/pr-open.yml), includes: - -* [Pull Request](https://github.com/bcgov/greenfield-template/pulls)-based ephemeral, sandboxed environments -* [Docker](https://github.com/marketplace/actions/build-and-push-docker-images)/[Podman](https://podman.io) container building -* [Build caching](https://github.com/marketplace/actions/cache) to save time and bandwidth -* [GitHub Container Registry](https://github.com/bcgov/greenfield-template/pkgs/container/greenfield-template) image publishing -* [RedHat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) deployment, with other options under consideration -* [Jest](https://jestjs.io/) JavaScript testing enforced in-pipeline -* [SonarCloud](https://sonarcloud.io/) static analysis test coverage reporting - -![Pull Request Open](.github/graphics/pr-open.png) - -Triggers are used to determine whether images need to be built or previous ones consumed. Partial or full skips, like when limited to documentation, are shown below. - -![Pull Request Partially Skipped](.github/graphics/skipPartial.png) - -![Pull Request Fully Skipped](.github/graphics/skipFull.png) - -When a PR is merged, the message comment below is added. Despite showing on this pull request it is actually handled by the next pipeline. - -![Merge Notification](.github/graphics/mergeNotification.png) - -### 2: Pull Request Close Pipeline - -The workflow, located [here](https://github.com/bcgov/greenfield-template/blob/main/.github/workflows/pr-close.yml), fires when a pull request is closed. - -* ghcr.io cleanup of dev images over 14 days-old -* OpenShift dev artifact removal - -When a pull request is merged to main, one additional job is run. This promotes the new images to the TEST environment. - -* Image promotion to higher-level environments - -![Pull Request Close/Merge](.github/graphics/pr-cleanup.png) - -If this closure was triggered by a merge to the main branch it will trigger the following workflow. - -### 3: Pull Request Main Merge Pipeline - -The workflow, located [here](https://github.com/bcgov/greenfield-template/blob/main/.github/workflows/merge-main.yml), includes: - -* [GitHub CodeQL](https://codeql.github.com/) semantic code analysis and vulerability scanning -* [OWASP ZAP](https://www.zaproxy.org/) Zed Attack Proxy web app penetration testing -* [SonarCloud](https://sonarcloud.io/) static analysis for continuous code quality and security scanning -* [Snyk](https://snyk.io/) vulnerability scanning and PR-based dependency patching -* [Tryvy](https://aquasecurity.github.io/trivy) repository and base image scanning -* Higher-level deployments (e.g. TEST, STAGING, PRE-PROD, PROD) -* Publishing of production images to the GitHub Container Registry (ghcr.io) - -![Main Merge](.github/graphics/main-merge.png) - - -# Starter Application - -The starter stack includes a frontend, backend and postgres database. The frontend and backend are buld with [NestJS](https://docs.nestjs.com). They currently do very little, but provide placeholders for more functional products. See the backend and frontend folders for source, including Dockerfiles. - -Features: -* [TypeScript](https://www.typescriptlang.org/) strong-typing for JavaScript -* [NestJS](https://docs.nestjs.com) frontend and backend -* [ESLint](https://eslint.org/) linting enforced on code staging (currently disabled) -* [Postgres](https://www.postgresql.org/) database - -Local development can be supported using Docker Compose. Please be aware that Podman and Podman Compose work as drop-in replacements for the Docker counterparts. - -`docker-compose up -d` - -# Getting Started - -Initial setup is intended to take four hours or less. This depends greatly on intended complexity, features selected/excluded and outside cooperation. - -Please read [our setup guide](./SETUP.md) for more information. - -## Example APIs, UIs and Metabase/Oracle Templates - -Templates for APIs, UIs and Metabase/Oracle can be used to kickstart or extend projects. Please visit our collaborators' [NR Architecture Templates](https://github.com/bcgov/nr-arch-templates) repository for more information. diff --git a/oracle-api/SETUP.md b/oracle-api/SETUP.md deleted file mode 100644 index b25286f87..000000000 --- a/oracle-api/SETUP.md +++ /dev/null @@ -1,316 +0,0 @@ -# Getting Started - -Initial setup is intended to take four hours or less. This depends greatly on intended complexity, features selected/excluded and outside cooperation. - -## Contents - -* Documentation: - * *.md -* Workflows: - * Pull Request-based (.github/workflows/pr-open.yml) - * On Close (.github/workflows/pr-close.yml) - * Main Merge (.github/workflows/main.yml) -* Hello World! starter application - * TypeScript source in src/ - * One Jest test in test/ - * JavaScript container in Dockerfile -* Misc: - * nestjs - * eslint - * lint-staged - -Not included: - -* Repository secrets -* Environment secrets -* Issues -* Pull requests -* JavaScript (transpiled/created in dist/) - - -## Prerequisites - -The following are required: - -* BC Government IDIR accounts for anyone submitting requests -* GitHub accounts for all participating team members - * [Sign Up is free](https://github.com/signup) -* Membership in the BCGov GitHub organization - * Provide GitHub IDs to [BCGov's Just Ask](https://just-ask.developer.gov.bc.ca/) -* Project namespaces (pick one): - * OpenShift - [Register a New Project](https://registry.developer.gov.bc.ca/public-landing) - * Amazon Web Services - coming soon! - - -## Consuming This Template - -![image](./.github/graphics/newRepo.png) - -Create a new repository using this repository as a template. -* Select bcgov/greenfield-template under Repository template -* Check Codecov | Code Coverage to grant access -* Jira cannot be unchecked (I try every time!) - - -## Setting Up the GitHub Repository - - -### Pull Request Handling - -Squash merging is recommended for simplified histories ad ease of rollback. - -Cleaning up merged branches is recommended for your DevOps Specialist's fragile sanity. - -From GitHub: -1. Select Settings (gear, top right) -> General (selected automatically) -2. Scroll to Pull Requests - * `[check] Allow squash merging` - * `[check] Automatically delete head branches` - - -## Closing Repo-Mountie Issues - -repo-mountie is a BCGov bot that likes to spam us. Here are a few issues to expect. - -Lets use common phrasing - * Includes examples of inappropriate and preferred phrasing - * The default branch should be named `main` - * Close the issue - -Add missing topics - * Topics improve discoverability - * Directions will be included - * Close the issue - - -## Action Secrets - -Action Secrets are consumed by workflows, including 3rd party Actions. Please use Environment secrets for highly sensitive content. - -Manage Action Secrets from your Repo > Settings > Secrets > Actions. - - -### Required - -**GHTOKEN** - -* Default token, not viewable, common to all repositories -* Variable: `{{ secrets.GHTOKEN }}` - -**GHPROJECT_TOKEN** (TODO: check that this is still in use) - -* Personal Access Token for writing to Pull Requests -* Variable: `{{ secrets.GHPROJECT_TOKEN }}` - -**OC_SERVER** - -* OpenShift server address -* Variable: `{{ secrets.OC_SERVER }}` -* Value (pick one of): - * `https://api.gold.devops.gov.bc.ca:6443` - * `https://api.silver.devops.gov.bc.ca:6443` - - -### Optional - -Provide these tokens or comment their jobs out: - -* ./github/workflows/pr-open.yml -* ./github/workflows/main.yml - -**SNYK_TOKEN** - -* Vulnerability, dependency and infrastructure code scanning -* Acquire a free token at [Snyk.io](https://snyk.io/) -* Variable: `{{ secrets.SNYK_TOKEN }}` - -**SONAR_TOKEN** - -* Code quality and security scanning -* Request to [import a GitHub repository](https://github.com/BCDevOps/devops-requests/issues/new/choose) -* Variable: `{{ secrets.SONAR_TOKEN }}` - - -## Environment Secrets - -Secrets can be grouped into and protected by Environments. [Features include](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment): - -* Required reviewers -* Wait timer -* Deployment branches - -Manage Environments and their Secrets from your Repo > Settings > Environments. - -**Environment: dev** - -Create a new Environment to hold the keys to our development deployment. - -Environment name: `dev` - -No protection rules are required yet: - - * [`unchecked`] Required reviewers - * [`unchecked`] Wait timer - * Deployment branches: `All branches` - -**Environment: prod** - -Create a new Environment to hold the keys to our development deployment. - -Environment name: `prod` - -Protection rules are required: - - * [`check`] Required reviewers - * Provide GitHub IDs as appropriate - * [`unchecked`] Wait timer - * Deployment branches: `All branches` - -### Required - -**NAMESPACE** - -* OpenShift Development namespace (see **Prerequisites**) -* Variable: `{{ secrets.OC_NAMESPACE }}` - -**OC_TOKEN** - -* OpenShift pipeline account token (see **Getting an OpenShift Account Token**) -* Variable: `{{ secrets.OC_TOKEN }}` - - -#### Getting an OpenShift Account Token - -Please assume that your OpenShift platform team has provisioned a pipeline account. - -1. Login to your OpenShift cluster - * E.g. BCGov [Gold](https://console.apps.silver.devops.gov.bc.ca/) or [Silver](https://console.apps.silver.devops.gov.bc.ca/) -2. Select your DEV namespace (provided by the OpenShift platform team) -3. Select Secrets (under Workloads for Administrator view) -4. Select `pipeline-token-...` or a similarly privileged token -5. Under Data, copy `token` -6. Paste into the GitHub Environment Secret `OC_TOKEN` (see above) - -## First Pipeline Run - -By now all relevant tokens should be provided. We are going to assume that Synk and SonarCloud aren't on hand yet, so let's comment themout. Please revise as appropriate. - -Steps in this section use a terminal. Several GUIs alternatives are avilable, but out of scope. - -Required: -* Git CLI installed and configured -* Access to a command prompt: - * Linux command terminal - * MacOS command terminal - * Windows Subsystem for Linux (WSL) - - -### Create a Branch and Make Changes - -1. Create and switch to a new branch - ``` - git checkout -b - ``` -2. Edit the following workflows - * Pull Requests: `.github/workflows/pr-open.yml` - * Main Merge: `.github/workflows/main.yml` -3. Comment out the following jobs - * `snyk` (PR only) - * `sonarcloud` (both) -3. Stage changes and create commits (repeat as necessary) - ``` - git add .github/workflows/ - git commit -m "Pipeline: comment out snyk and sonarcloud" - ``` -4. Push the commits - ``` - # First time only - git push -u origin - - # Subsequent times - git push origin - ``` - -### Create a Pull Request - -This is where things start to get exciting! - -From your GitHub repository: -1. Select *Pull Requests* -2. Click *New pull request* (big green button) - * Title: `Pipeline: comment out snyk and sonarcloud` - * Body: `Pipeline: comment out snyk and sonarcloud` - * Target Branch: `` - * Source Branch: `main` -3. Proceed according the the pipeline's directions! - - -## Packages - -Packages are available from your repository (link on right) or your organization's package lists. - -E.g. https://github.com/orgs/bcgov/packages?repo_name=greenfield-template - - -### Branch Protection - -This is required to prevent direct pushes and merges to the default branch. One full pipeline run must be completed before Make sure that `main` is the default branch. - -From GitHub: -1. Select Settings (gear, top right) -> Branches (under Code and Automation) -2. Click `Add Rule` or edit an existing rule -3. Under `Protect matching branches` specify the following: - * Branch name pattern: `main` - * `[check] Require a pull request before merging` - * `[check] Require approvals` (default = 1) - * `[check] Dismiss stale pull request approvals when new commits are pushed` - * `[check] Require review from Code Owners` - * `[check] Require status checks to pass before merging` - * `[check] Require branches to be up to date before merging` - * `Status checks that are required` requires to the search box to select: - * `Check` - * `Tests-Backend` - * `Tests-Frontend` - * `Build-Backend` - * `Build-Frontend` - * `Deploy-Dev` - * `Deploy-Prod` - * `Trivy-Repo` - * `Trivy-Backend` - * `Trivy-Frontend` - * `Zap-Dev-Backend` - * `Zap-Dev-Frontend` - * `Zap-Prod-Backend` - * `Zap-Prod-Frontend` - * `SonarCloud` (optional) - * `[check] Require conversation resolution before merging` - * `[check] Include administrators` (optional) - - -## Adding Team Members - -Don't forget to add your team members! - -From GitHub: -1. Select Settings (gear, top right) -> Collaborators and teams (under Access) -2. Click `Add people` or `Add teams` -3. Use the search box to find people or teams -4. Choose a role (one of) - * `Read` - * `Triage` - * `Write` - * `Maintain` - * `Admin` -5. Click *Add * - - -## Troubleshooting - -* If failed to get authentication at the build docker image stage, check if updated to use the secrets [GHCR token and username](https://github.com/marketplace/actions/docker-build-push-action), the default GitHub token might not work - -* If failed to authenticate to openshfit at the deploy stage, check if the service account “pipeline” has the right ability to get project and do deploy - -* If networking is unsuccessful, even with routes in place, try adding network policies for ingress and inter-namespace traffic. - ``` - oc process -f .github/openshift/networkPolicies.yml | oc apply -f - - ``` diff --git a/oracle-api/docker-compose.yml b/oracle-api/docker-compose.yml deleted file mode 100644 index 30f7dcc67..000000000 --- a/oracle-api/docker-compose.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: '3.9' - -services: - oracle-api: - build: - context: . - container_name: oracle-api - environment: - NR_SPAR_ORACLE_API_VERSION: "dev" - DATABASE_HOST: "nrcdb03.bcgov" - DATABASE_PORT: "1543" - SERVICE_NAME: "fortmp1.nrs.bcgov" - DATABASE_USER: ${DATABASE_USER} - DATABASE_PASSWORD: ${DATABASE_PASSWORD} - KEYCLOAK_REALM_URL: "https://test.loginproxy.gov.bc.ca/auth/realms/standard" - JAVA_OPTS: ${JAVA_OPTS} - healthcheck: - test: ["CMD", "java", "HealthCheck"] - interval: 1m30s - timeout: 10s - retries: 3 - start_period: 40s - image: bcgov/nr-spar-oracle-api:latest - network_mode: "host" - volumes: - - ./target:/usr/share/service/artifacts diff --git a/oracle-api/src/main/resources/application.properties b/oracle-api/src/main/resources/application.properties index a72f17c9c..b5fa11a43 100644 --- a/oracle-api/src/main/resources/application.properties +++ b/oracle-api/src/main/resources/application.properties @@ -1,6 +1,6 @@ # Server and application spring.application.name = nr-fsa-service-api-4139 -server.port = 8090 +server.port = ${SERVER_PORT:8090} # Key Cloak, authentication and security keycloak-auth = ${KEYCLOAK_REALM_URL:https://empty.com/auth} @@ -8,7 +8,7 @@ spring.security.oauth2.resourceserver.jwt.issuer-uri = ${keycloak-auth} spring.security.oauth2.resourceserver.jwt.jwk-set-uri = ${keycloak-auth}/protocol/openid-connect/certs # Database, datasource and JPA -spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver +spring.datasource.driver-class-name=oracle.jdbc.OracleDriver spring.datasource.url = jdbc:oracle:thin:@tcps://${DATABASE_HOST}:${DATABASE_PORT}/${SERVICE_NAME} spring.datasource.username = ${DATABASE_USER} spring.datasource.password = ${DATABASE_PASSWORD} @@ -26,4 +26,4 @@ management.endpoint.health.show-details = always # Others nr-spar-oracle-api.version = ${NR_SPAR_ORACLE_API_VERSION:dev} -server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://localhost:300*'}} +server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://localhost:300*, http://127.*'}} diff --git a/oracle-api/src/test/resources/application.properties b/oracle-api/src/test/resources/application.properties index b932b4385..94941d835 100644 --- a/oracle-api/src/test/resources/application.properties +++ b/oracle-api/src/test/resources/application.properties @@ -19,4 +19,4 @@ management.endpoint.health.show-details = always # Others nr-spar-oracle-api.version = ${NR_SPAR_ORACLE_API_VERSION:dev} -server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://localhost:300*'}} +server.allowed.cors.origins = ${ALLOWED_ORIGINS:#{'http://127.*, http://localhost:300*'}}