diff --git a/.bamboo/E2E-tests-with-flake-detection/cleanup.sh b/.bamboo/E2E-tests-with-flake-detection/cleanup.sh index 8d0987ff81a4..76edadb1320b 100755 --- a/.bamboo/E2E-tests-with-flake-detection/cleanup.sh +++ b/.bamboo/E2E-tests-with-flake-detection/cleanup.sh @@ -1,7 +1,28 @@ #!/bin/sh -cd src/main/docker/cypress - # HOST_HOSTNAME not really necessary for shutdown but otherwise docker-compose complains export HOST_HOSTNAME=$(hostname) -docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml down -v +# show all running docker containers and volumes after the cleanup to detect issues +echo "SHOW RUNNING Docker containers and volumes:" +docker ps -a +docker volume ls +# first kill ALL containers on the bamboo agent +echo "KILLING Docker containers, volumes and networks:" +docker container stop $(docker ps -a -q) || true +docker container rm $(docker ps -a -q) || true +docker volume rm $(docker volume ls -q) || true + +# then kill remaining project volumes and networks which should be easy removable as not bound to containers anymore +docker compose -f ./docker/cypress-E2E-tests.yml -f ./docker/cypress-E2E-tests-coverage-override.yml down -v + + +# show all running docker containers and volumes after the cleanup to detect issues +echo "SHOW RUNNING Docker containers and volumes:" +docker ps -a +docker volume ls + +# show docker and docker compose version +echo "VERSIONS:" +docker compose version || true +docker-compose version || true +docker version || true diff --git a/.bamboo/E2E-tests-with-flake-detection/execute.sh b/.bamboo/E2E-tests-with-flake-detection/execute.sh index 5c26cdf3eb5d..08e2acd32592 100755 --- a/.bamboo/E2E-tests-with-flake-detection/execute.sh +++ b/.bamboo/E2E-tests-with-flake-detection/execute.sh @@ -4,29 +4,26 @@ mkdir -p build/libs mv ./*.war build/libs/ +# pass current host's hostname to the docker container for server.url (see docker compose config file) +export HOST_HOSTNAME=$(hostname) + # Load git history needed for analysis git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*" - git fetch --unshallow || git fetch --all -docker build . -f ./src/main/docker/Dockerfile -t artemis:coverage-latest - -# Start Artemis docker containers with docker-compose -cd src/main/docker/cypress - -# pass current host's hostname to the docker container for server.url (see docker compose config file) -export HOST_HOSTNAME=$(hostname) - -docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml pull +cd docker +docker build .. --build-arg WAR_FILE_STAGE=external_builder -f ./artemis/Dockerfile -t artemis:coverage-latest +docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml pull nginx mysql docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml build --no-cache --pull artemis-cypress #do not pull the base image artemis:coverage-latest for artemis-app as it's stored locally and built above -docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml build --no-cache artemis-app +docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml build --build-arg WAR_FILE_STAGE=external_builder --no-cache artemis-app docker compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml up --exit-code-from artemis-cypress exitCode=$? +cd .. echo "Cypress container exit code: $exitCode" if [ $exitCode -eq 0 ] then - touch ../../../../.successful + touch .successful else echo "Not creating success file because the tests failed" fi diff --git a/.bamboo/E2E-tests/cleanup.sh b/.bamboo/E2E-tests/cleanup.sh index 26439e29e5fa..71221faa15ca 100755 --- a/.bamboo/E2E-tests/cleanup.sh +++ b/.bamboo/E2E-tests/cleanup.sh @@ -1,7 +1,26 @@ #!/bin/sh -cd src/main/docker/cypress - # HOST_HOSTNAME not really necessary for shutdown but otherwise docker-compose complains export HOST_HOSTNAME=$(hostname) -docker compose -f cypress-E2E-tests.yml down -v +# show all running docker containers and volumes after the cleanup to detect issues +echo "SHOW RUNNING Docker containers and volumes:" +docker ps -a +docker volume ls +# first kill ALL containers on the bamboo agent +echo "KILLING Docker containers, volumes and networks:" +docker container stop $(docker ps -a -q) || true +docker container rm $(docker ps -a -q) || true +docker volume rm $(docker volume ls -q) || true + +docker compose -f ./docker/cypress-E2E-tests.yml down -v + +# show all running docker containers and volumes after the cleanup to detect issues +echo "SHOW RUNNING Docker containers and volumes:" +docker ps -a +docker volume ls + +# show docker and docker compose version +echo "VERSIONS:" +docker compose version || true +docker-compose version || true +docker version || true diff --git a/.bamboo/E2E-tests/execute.sh b/.bamboo/E2E-tests/execute.sh index 91ac74bbd125..3863644ffe52 100755 --- a/.bamboo/E2E-tests/execute.sh +++ b/.bamboo/E2E-tests/execute.sh @@ -4,20 +4,20 @@ mkdir -p build/libs mv ./*.war build/libs/ -# Start Artemis docker containers with docker-compose -cd src/main/docker/cypress - # pass current host's hostname to the docker container for server.url (see docker compose config file) export HOST_HOSTNAME=$(hostname) -docker compose -f cypress-E2E-tests.yml pull -docker compose -f cypress-E2E-tests.yml build --no-cache --pull +cd docker +#just pull everything else than artemis-app as we build it later either way +docker compose -f cypress-E2E-tests.yml pull artemis-cypress mysql nginx +docker compose -f cypress-E2E-tests.yml build --build-arg WAR_FILE_STAGE=external_builder --no-cache --pull artemis-app docker compose -f cypress-E2E-tests.yml up --exit-code-from artemis-cypress exitCode=$? +cd .. echo "Cypress container exit code: $exitCode" if [ $exitCode -eq 0 ] then - touch ../../../../.successful + touch .successful else echo "Not creating success file because the tests failed" fi diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000000..49dfbf7dd04f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,39 @@ +# https://docs.docker.com/engine/reference/builder/#dockerignore-file +classes/ +generated-sources/ +generated-test-sources/ +h2db/ +maven-archiver/ +maven-status/ +reports/ +surefire-reports/ +test-classes/ +test-results/ +www/ +!*.jar +!*.war + +# exclude hidden directories like .idea, .gradle, .cache, .github +.* +# do not exclude .git as it's necessary to insert the commit id into the build +!.git +# do not exclude .eslint files as they are required in the build process +!.eslintignore +!.eslintrc +# do not exclude .npmrc as it's required in the build process for setting the correct node options +!.npmrc +# exclude node_modules if installed locally +node_modules +# exclude build binaries except a pre-built .war file +build/* +!build/libs/*.war + +# exclude the docker files and the /docker/.docker-data folders +docker/ + +# files inside of the root directory not needed +CITATION.cff +CODE_OF_CONDUCT.md +LICENSE +README.md +SECURITY.md diff --git a/.eslintignore b/.eslintignore index 01f8918f1a2f..bc77361a3b14 100644 --- a/.eslintignore +++ b/.eslintignore @@ -11,7 +11,7 @@ node_modules/ out/ repos/ repos-download/ -src/main/docker/ +docker/ src/main/generated/ src/main/resources/ uploads/ diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 8d91a890c88b..adef291ee20d 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -40,6 +40,7 @@ env: jobs: build: + name: Build .war artifact runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -73,18 +74,10 @@ jobs: asset_content_type: application/x-webarchive docker: + name: Build and Push Docker Image if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'ls1intum/Artemis' }} - needs: build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Download Artifact - uses: actions/download-artifact@v3 - with: - name: Artemis.war - - name: Build Docker Image - run: docker build --build-arg WAR_PATH=. -t artemis -f src/main/docker/Dockerfile . - - name: Compute Tag uses: actions/github-script@v6 id: compute-tag @@ -106,22 +99,30 @@ jobs: } } return "FALSE"; - - # Push to GitHub Container Registry + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + # Build and Push to GitHub Container Registry - name: Login to GitHub Container Registry uses: docker/login-action@v2 + if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and Push to GitHub Container Registry + uses: docker/build-push-action@v3 if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} - - name: Push to GitHub Container Registry - env: - TAG: ${{ steps.compute-tag.outputs.result }} - run: | - docker tag artemis ghcr.io/ls1intum/artemis:$TAG - docker push ghcr.io/ls1intum/artemis:$TAG - if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} + with: + # TODO: maybe even add arm/v7 for older DevBoards and arm64 for Mac M1 and new DevBoards + # TODO: add arm64 support by first building the .war file in a amd64 step then creating the runtime env + platforms: amd64 + file: ./docker/artemis/Dockerfile + context: . + tags: ghcr.io/ls1intum/artemis:${{ steps.compute-tag.outputs.result }} + push: true # TODO: Push to Docker Hub (develop + tag) diff --git a/.gitignore b/.gitignore index 1ef0f5c37766..fce11a8804ea 100644 --- a/.gitignore +++ b/.gitignore @@ -18,7 +18,7 @@ node_modules/ npm-debug.log.* /.awcache/* .node-gyp/ -/.cache-loader/* +/.cache-loader/ ###################### # SASS @@ -59,8 +59,9 @@ local.properties ###################### # Intellij ###################### -.idea/ -!.idea/runConfigurations/* +.idea/* +!.idea/runConfigurations/ +!.idea/icon.svg *.iml *.iws *.ipr @@ -151,6 +152,11 @@ Desktop.ini repos/ repos-download/ /templates/ +.bash_history +.v8flags.*.json +/src/main/generated +/coverage +/exports ###################### # Gradle Wrapper @@ -171,20 +177,26 @@ repos-download/ ###################### # Docker ###################### -.bash_history -.v8flags.*.json -/.cache-loader -/src/main/generated -/coverage -/exports -/src/main/docker/.env -/src/main/resources/config/application-local*.yml -/src/main/resources/id_* -/src/main/resources/known_hosts +/docker/.env +/docker/.docker-data/artemis-data/* +!/docker/.docker-data/artemis-data/.gitkeep +/docker/.docker-data/artemis-mysql-data/* +!/docker/.docker-data/artemis-mysql-data/.gitkeep + +###################### +# Cypress +###################### /src/test/cypress/screenshots/ /src/test/cypress/videos/ /src/test/cypress/build +###################### +# Artemis configs +###################### +/src/main/resources/config/application-local*.yml +/src/main/resources/id_* +/src/main/resources/known_hosts + ###################### # Coverage Files ###################### diff --git a/.idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml b/.idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml new file mode 100644 index 000000000000..0f6a9fb531c3 --- /dev/null +++ b/.idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml @@ -0,0 +1,15 @@ + + + + \ No newline at end of file diff --git a/bootstrap.sh b/bootstrap.sh deleted file mode 100644 index ea86e1aabf51..000000000000 --- a/bootstrap.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# Entrypoint file for Docker Images of Artemis. The deployment of the application is set to /opt/artemis - -cd /opt/artemis || exit 1 - -if [ -z "$(ls -A config)" ]; then - echo "Config is Empty .. copying default ones .." - cp -n -a /defaults/artemis/. config/ -else - echo "Config is not empty .. not copying default configs .." -fi - -# Ensure at least the directories are owned by artemis. "-R" takes too long -chown artemis:artemis config data - -echo "Starting application..." -exec gosu artemis java \ - -Djdk.tls.ephemeralDHKeySize=2048 \ - -DLC_CTYPE=UTF-8 \ - -Dfile.encoding=UTF-8 \ - -Dsun.jnu.encoding=UTF-8 \ - -Djava.security.egd=file:/dev/./urandom \ - -Xmx2048m \ - --add-modules java.se \ - --add-exports java.base/jdk.internal.ref=ALL-UNNAMED \ - --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED \ - --add-opens java.base/java.lang=ALL-UNNAMED \ - --add-opens java.base/java.nio=ALL-UNNAMED \ - --add-opens java.base/sun.nio.ch=ALL-UNNAMED \ - --add-opens java.management/sun.management=ALL-UNNAMED \ - --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED \ - -jar Artemis.war diff --git a/build.gradle b/build.gradle index 7ca31e1d11f0..ef148d3844b2 100644 --- a/build.gradle +++ b/build.gradle @@ -61,7 +61,18 @@ spotless { java { target project.fileTree(project.rootDir) { include "**/*.java" - exclude "**/src/main/java/de/tum/in/www1/artemis/service/connectors/BambooService.java", "**/src/test/resources/test-data/repository-export/EncodingISO_8559_1.java", "**/node_modules/**", "**/out/**", "**/repos/**", "**/repos-download/**", "**/build/**", "**/src/main/generated/**", "**/src/main/resources/templates/**" + exclude( + "**/src/main/java/de/tum/in/www1/artemis/service/connectors/BambooService.java", + "**/src/test/resources/test-data/repository-export/EncodingISO_8559_1.java", + "**/node_modules/**", + "**/out/**", + "**/repos/**", + "**/repos-download/**", + "**/build/**", + "**/src/main/generated/**", + "**/src/main/resources/templates/**", + "/docker/**" + ) } importOrderFile "artemis-spotless.importorder" eclipse("4.19.0").configFile "artemis-spotless-style.xml" @@ -404,10 +415,6 @@ checkstyle { maxErrors = 0 } -task buildJarForDocker (type: Exec) { - commandLine "./gradlew", "build", "-x", "webapp", "-x", "test", "-x", "jacocoTestCoverageVerification" -} - def isNonStable = { String version -> def stableKeyword = ["RELEASE", "FINAL", "GA"].any { it -> version.toUpperCase().contains(it) } def regex = /^[0-9,.v-]+(-r)?$/ diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index ad68439d6195..000000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: '3' - -# NOTE: this docker compose file starts the artemis-server (as jar file) and the artemis-client in separate containers. This setup is aimed for development. -# If you want to start the whole Artemis application (server and client) in the same container, you need to specify a different service and -# you have to execute the command './gradlew -Pprod -Pwar clean bootWar && java -jar build/libs/*.war --spring.profiles.active=dev,artemis,bamboo,bitbucket,jira' - -services: - artemis-server: - command: sh -c "(apt update && apt install -y fontconfig fonts-dejavu graphviz || true) && ./gradlew buildJarForDocker && java -jar --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED build/libs/Artemis-*.jar" - depends_on: - - artemis-mysql - image: eclipse-temurin:17-jdk - environment: - - SPRING_DATASOURCE_URL=jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - - SPRING_PROFILES_ACTIVE=dev,bamboo,bitbucket,jira,artemis,scheduling - networks: - - artemis - ports: - - 8080:8080 - volumes: - - ./:/server/ - working_dir: /server - - artemis-client: - command: sh -c "npm install && npm run start-docker" - depends_on: - - artemis-server - image: node:18.14.0-alpine - networks: - - artemis - ports: - - 9000:9000 - volumes: - - ./:/client/ - working_dir: /client - - artemis-mysql: - command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp - environment: - - MYSQL_ALLOW_EMPTY_PASSWORD=yes - - MYSQL_ROOT_PASSWORD= - - MYSQL_DATABASE=Artemis - image: mysql:8.0.32 - networks: - - artemis - ports: - - 3306:3306 - volumes: - - ./data/.db:/var/lib/mysql - -networks: - artemis: - driver: bridge diff --git a/docker/.docker-data/artemis-data/.gitkeep b/docker/.docker-data/artemis-data/.gitkeep new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/docker/.docker-data/artemis-mysql-data/.gitkeep b/docker/.docker-data/artemis-mysql-data/.gitkeep new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000000..7eb564ccd4a1 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,4 @@ +# Docker Compose Configurations + +An overview of all possible setups can be found in the docs at `docs/dev/setup.rst` in the section +`Alternative: Docker Compose Setup`. diff --git a/docker/artemis-dev-mysql.yml b/docker/artemis-dev-mysql.yml new file mode 100644 index 000000000000..c42bcdbfe532 --- /dev/null +++ b/docker/artemis-dev-mysql.yml @@ -0,0 +1,41 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Dev-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- + +services: + artemis-app: + extends: + file: ./artemis.yml + service: artemis-app + # just add this linux workaround for docker compose in a development version of artemis as developers + # might want to access external services on the docker host + extra_hosts: + - "host.docker.internal:host-gateway" + ports: + - "8080:8080" + - "5005:5005" # Java Remote Debugging port declared in the java cmd options + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "5005" + environment: + # The following enables the Java Remote Debugging port. More infos in the documentation: + # https://docs.artemis.cit.tum.de/dev/setup.html#debugging-with-docker + _JAVA_OPTIONS: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 + SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,dev,docker + depends_on: + mysql: + condition: service_healthy + mysql: + extends: + file: ./mysql.yml + service: mysql + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data + artemis-data: + name: artemis-data diff --git a/docker/artemis-prod-mysql.yml b/docker/artemis-prod-mysql.yml new file mode 100644 index 000000000000..c9a7fd859019 --- /dev/null +++ b/docker/artemis-prod-mysql.yml @@ -0,0 +1,38 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Prod-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- +# this is the default artemis production setup also linked to in the docker-compose.yml in the project root +# ---------------------------------------------------------------------------------------------------------------------- + +services: + artemis-app: + extends: + file: ./artemis.yml + service: artemis-app + depends_on: + mysql: + condition: service_healthy + restart: on-failure:3 + volumes: + - ./.docker-data/artemis-data:/opt/artemis/data + mysql: + extends: + file: ./mysql.yml + service: mysql + restart: on-failure:3 + volumes: + - ./.docker-data/artemis-mysql-data:/var/lib/mysql + nginx: + extends: + file: ./nginx.yml + service: nginx + # the artemis-app service needs to be started, otherwise there are problems with name resolution in docker + depends_on: + artemis-app: + condition: service_started + restart: on-failure:3 + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/docker/artemis.yml b/docker/artemis.yml new file mode 100644 index 000000000000..e87d770818cb --- /dev/null +++ b/docker/artemis.yml @@ -0,0 +1,45 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + artemis-app: + container_name: artemis-app + platform: linux/amd64 + # look in the docs for more information about how to build your Artemis code with Docker + # https://docs.artemis.cit.tum.de/dev/setup/# + image: ghcr.io/ls1intum/artemis + build: + context: .. + dockerfile: docker/artemis/Dockerfile + pull: true + target: runtime + volumes: + - artemis-data:/opt/artemis/data + env_file: + - ./artemis/config/prod-application-local.env + # environments can also be used for custom overrides (alternative to application-local.yml) + # the following environments are necessary for docker images orchestrated by docker compose + environment: + SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,prod,docker + # if you need to use another port than 8080 or one fixed port for all artemis-app containers in the future + # you will probably not be able to override this setting outside the artemis.yml + # as stated in the docker compose docs (at least not when this was committed) + # https://docs.docker.com/compose/compose-file/#finding-referenced-service + healthcheck: + test: wget -nv -t1 --spider http://localhost:8080/actuator/health || exit 1 + start_period: 600s + interval: 1s + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "8080" + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-data: + name: artemis-data diff --git a/docker/artemis/Dockerfile b/docker/artemis/Dockerfile new file mode 100644 index 000000000000..6b7c9a895189 --- /dev/null +++ b/docker/artemis/Dockerfile @@ -0,0 +1,107 @@ +#----------------------------------------------------------------------------------------------------------------------- +# Artemis Dockerfile +#----------------------------------------------------------------------------------------------------------------------- +# Possible ways to build the Docker Image (assuming you are located in the project root direcotry): +# +# using Docker Compose (no cache and pulling latest base images): +# cd docker && docker compose build --no-cache --pull artemis-app +# +# using Docker Compose with an external .war file (no cache and pulling latest base images): +# cd docker && docker compose build --build-arg WAR_FILE_STAGE=external_builder --no-cache --pull artemis-app +# +# using Docker (no cache): +# docker build . -f ./docker/artemis/Dockerfile -t ghcr.io/ls1intum/artemis:latest --no-cache +# +# using Docker with an external .war file (no cache): +# docker build --build-arg WAR_FILE_STAGE=external_builder . -f ./docker/artemis/Dockerfile -t ghcr.io/ls1intum/artemis:latest --no-cache +#----------------------------------------------------------------------------------------------------------------------- + +# defines the default .war file build stage (options: builder, external_builder) +ARG WAR_FILE_STAGE="builder" + +#----------------------------------------------------------------------------------------------------------------------- +# build stage +#----------------------------------------------------------------------------------------------------------------------- +FROM docker.io/library/eclipse-temurin:17-jdk as builder + +WORKDIR /opt/artemis +# so far just using the .dockerignore to define what isn't necessary here +COPY . . + +RUN ./gradlew -i --stacktrace --no-daemon -Pprod -Pwar clean bootWar + +#----------------------------------------------------------------------------------------------------------------------- +# external build stage +#----------------------------------------------------------------------------------------------------------------------- +FROM docker.io/library/alpine:3 as external_builder + +#default path of the built .war files +ARG WAR_FILE_PATH="/opt/artemis/build/libs" + +# transfer the .war file from the current directory to the default WAR_FILE_PATH +WORKDIR ${WAR_FILE_PATH} +COPY ./build/libs/*.war Artemis.war + +#----------------------------------------------------------------------------------------------------------------------- +# war file stage (decides whether an external .war file will be used or the Docker built .war file) +#----------------------------------------------------------------------------------------------------------------------- +FROM ${WAR_FILE_STAGE} as war_file + +#----------------------------------------------------------------------------------------------------------------------- +# runtime stage +#----------------------------------------------------------------------------------------------------------------------- +FROM docker.io/library/eclipse-temurin:17-jdk as runtime + +#default path of the built .war files +ARG WAR_FILE_PATH="/opt/artemis/build/libs" + +# Docker Compose: wget (healthcheck docker compose) +# Artemis: graphviz, locales +RUN echo "Installing needed dependencies" \ + && apt-get update && apt-get install -y --no-install-recommends locales graphviz wget \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# See https://github.com/ls1intum/Artemis/issues/4439 +RUN echo "Fixing locales" \ + && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ + && locale-gen +ENV LC_ALL en_US.UTF-8 +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US.UTF-8 + +# Create directories for volumes, create artemis user and set right owners +RUN mkdir -p /opt/artemis/config /opt/artemis/data /opt/artemis/public/content \ + && useradd -Ums /bin/bash artemis \ + && chown -R artemis:artemis /opt/artemis +USER artemis:artemis + +# Copy Artemis.war to execution location +WORKDIR /opt/artemis + +COPY --chown=artemis:artemis --from=war_file ${WAR_FILE_PATH}/*.war Artemis.war + +VOLUME ["/opt/artemis/config"] +VOLUME ["/opt/artemis/data"] +VOLUME ["/opt/artemis/public/content"] + +EXPOSE 8080 + +# use exec format (square brackets) as otherwise the shell fromat will not forward signals +CMD [ "java", \ +"-Djdk.tls.ephemeralDHKeySize=2048", \ +"-DLC_CTYPE=UTF-8", \ +"-Dfile.encoding=UTF-8", \ +"-Dsun.jnu.encoding=UTF-8", \ +"-Djava.security.egd=file:/dev/./urandom", \ +"-Xmx5120m", \ +"-Xms2560m", \ +"--add-modules", "java.se", \ +"--add-exports", "java.base/jdk.internal.ref=ALL-UNNAMED", \ +"--add-exports", "java.naming/com.sun.jndi.ldap=ALL-UNNAMED", \ +"--add-opens", "java.base/java.lang=ALL-UNNAMED", \ +"--add-opens", "java.base/java.nio=ALL-UNNAMED", \ +"--add-opens", "java.base/sun.nio.ch=ALL-UNNAMED", \ +"--add-opens", "java.management/sun.management=ALL-UNNAMED", \ +"--add-opens", "jdk.management/com.sun.management.internal=ALL-UNNAMED", \ +"-jar", "/opt/artemis/Artemis.war" ] diff --git a/docker/artemis/config/cypress-application-local.env b/docker/artemis/config/cypress-application-local.env new file mode 100644 index 000000000000..bb5bb445f0a5 --- /dev/null +++ b/docker/artemis/config/cypress-application-local.env @@ -0,0 +1,54 @@ +SPRING_DATASOURCE_USERNAME="root" +SPRING_DATASOURCE_PASSWORD="" +SPRING_DATASOURCE_HIKARI_MAXIMUMPOOLSIZE="100" +SPRING_JPA_HIBERNATE_CONNECTION_CHARSET="utf8mb4" +SPRING_JPA_HIBERNATE_CONNECTION_CHARACTERENCODING="utf8mb4" +SPRING_JPA_HIBERNATE_CONNECTION_USEUNICODE="true" +SPRING_PROMETHEUS_MONITORINGIP="131.159.89.160" + +# for bamboo and bitbucket notifications on /api/programming-exercises/new-result it seems like port +# 54321 is internally open for the bamboo agents +# also can't use SSL for this as the hostnames are not integrated in the self-signed certificate +SERVER_URL="http://${HOST_HOSTNAME}:54321" + +# We don't need secure passwords for testing. Lower rounds will speed up tests. 4 is the lowest +ARTEMIS_BCRYPTSALTROUNDS="4" + +ARTEMIS_USERMANAGEMENT_USEEXTERNAL="true" +ARTEMIS_USERMANAGEMENT_EXTERNAL_URL="https://jira-prelive.ase.in.tum.de" +ARTEMIS_USERMANAGEMENT_EXTERNAL_USER="${bamboo_jira_prelive_admin_user}" +ARTEMIS_USERMANAGEMENT_EXTERNAL_PASSWORD="${bamboo_jira_prelive_admin_password}" +ARTEMIS_USERMANAGEMENT_EXTERNAL_ADMINGROUPNAME="artemis-dev" +ARTEMIS_USERMANAGEMENT_INTERNALADMIN_USERNAME="${bamboo_artemis_admin_username}" +ARTEMIS_USERMANAGEMENT_INTERNALADMIN_PASSWORD="${bamboo_artemis_admin_password}" +ARTEMIS_USERMANAGEMENT_LOGIN_ACCOUNTNAME="TUM" + +ARTEMIS_VERSIONCONTROL_URL="https://bitbucket-prelive.ase.in.tum.de" +ARTEMIS_VERSIONCONTROL_USER="${bamboo_jira_prelive_admin_user}" +ARTEMIS_VERSIONCONTROL_PASSWORD="${bamboo_jira_prelive_admin_password}" + +ARTEMIS_CONTINUOUSINTEGRATION_URL="https://bamboo-prelive.ase.in.tum.de" +ARTEMIS_CONTINUOUSINTEGRATION_USER="${bamboo_jira_prelive_admin_user}" +ARTEMIS_CONTINUOUSINTEGRATION_PASSWORD="${bamboo_jira_prelive_admin_password}" +ARTEMIS_CONTINUOUSINTEGRATION_TOKEN="${bamboo_ARTEMIS_CONTINUOUS_INTEGRATION_TOKEN_SECRET}" +ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE="${bamboo_ARTEMIS_CONTINUOUS_INTEGRATION_ARTEMIS_AUTHENTICATION_TOKEN_VALUE_SECRET}" +ARTEMIS_CONTINUOUSINTEGRATION_VCSAPPLICATIONLINKNAME="Bitbucket Prelive" +ARTEMIS_CONTINUOUSINTEGRATION_EMPTYCOMMITNECESSARY="true" + +ARTEMIS_APOLLON_CONVERSIONSERVICEURL="https://apollon.ase.in.tum.de/api/converter" + +# Token is valid 3 days +JHIPSTER_SECURITY_AUTHENTICATION_JWT_TOKENVALIDITYINSECONDS="259200" +# Token is valid 30 days +JHIPSTER_SECURITY_AUTHENTICATION_JWT_TOKENVALIDITYINSECONDSFORREMEMBERME="2592000" + +# Properties to be exposed on the /info management endpoint + +INFO_IMPRINT="https://ase.in.tum.de/lehrstuhl_1/component/content/article/179-imprint" +INFO_TESTSERVER="true" +INFO_TEXTASSESSMENTANALYTICSENABLED="true" +INFO_STUDENTEXAMSTORESESSIONDATA="true" + +LOGGING_FILE_NAME="/opt/artemis/data/artemis.log" + +MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED="true" diff --git a/docker/artemis/config/prod-application-local.env b/docker/artemis/config/prod-application-local.env new file mode 100644 index 000000000000..5443db42f034 --- /dev/null +++ b/docker/artemis/config/prod-application-local.env @@ -0,0 +1,20 @@ +# Secret Overrides +ARTEMIS_ATHENE_BASE64SECRET="YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo=" +ARTEMIS_USERMANAGEMENT_INTERNALADMIN_USERNAME="artemis_admin" +ARTEMIS_USERMANAGEMENT_INTERNALADMIN_PASSWORD="artemis_admin" + +SPRING_DATASOURCE_USERNAME="root" +SPRING_DATASOURCE_PASSWORD="" + +SPRING_MAIL_USERNAME="" +SPRING_MAIL_PASSWORD="" + +SPRING_WEBSOCKET_BROKER_USERNAME="guest" +SPRING_WEBSOCKET_BROKER_PASSWORD="guest" + +JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64SECRET="bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=" +JHIPSTER_REGISTRY_PASSWORD="AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG)" + + +# Plain Prod Artemis Overrides +ARTEMIS_USERMANAGEMENT_USEEXTERNAL="false" diff --git a/docker/atlassian.yml b/docker/atlassian.yml new file mode 100644 index 000000000000..592f282eb790 --- /dev/null +++ b/docker/atlassian.yml @@ -0,0 +1,90 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Atlassian Setup +# ---------------------------------------------------------------------------------------------------------------------- + +services: + jira: + container_name: artemis-jira + hostname: jira + extra_hosts: + - "host.docker.internal:host-gateway" + image: ghcr.io/ls1intum/artemis-jira:9.4.3 + pull_policy: always + volumes: + - artemis-jira-data:/var/atlassian/application-data/jira + ports: + - "8081:8080" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "8080" + networks: + - artemis + bitbucket: + container_name: artemis-bitbucket + hostname: bitbucket + extra_hosts: + - "host.docker.internal:host-gateway" + image: ghcr.io/ls1intum/artemis-bitbucket:8.8.2 + pull_policy: always + volumes: + - artemis-bitbucket-data:/var/atlassian/application-data/bitbucket + environment: + SPRING_APPLICATION_JSON: '{"plugin":{"ssh":{"baseurl":"ssh://bitbucket:7999"}}}' + ports: + - "7990:7990" + - "7999:7999" + # expose the ports to make them reachable docker internally even if the external port mapping changes + expose: + - "7990" + - "7999" + networks: + - artemis + bamboo: + container_name: artemis-bamboo + hostname: bamboo + extra_hosts: + - "host.docker.internal:host-gateway" + image: ghcr.io/ls1intum/artemis-bamboo:9.2.1 + pull_policy: always + volumes: + - artemis-bamboo-data:/var/atlassian/application-data/bamboo + ports: + - "54663:54663" + - "8085:8085" + # expose the ports to make them reachable docker internally even if the external port mapping changes + expose: + - "54663" + - "8085" + networks: + - artemis + + bamboo-build-agent: + container_name: artemis-bamboo-build-agent + hostname: bamboo-build-agent + extra_hosts: + - "host.docker.internal:host-gateway" + image: ghcr.io/ls1intum/artemis-bamboo-build-agent:9.2.1 + pull_policy: always + volumes: + # The following path needs to be the same absolute path on the host because of the docker socket: + # https://confluence.atlassian.com/bamkb/bamboo-in-docker-build-fails-due-to-a-missing-working-directory-when-using-docker-runner-1027119339.html + - /var/atlassian/application-data/bamboo-agent:/var/atlassian/application-data/bamboo-agent + - /var/run/docker.sock:/var/run/docker.sock + environment: + BAMBOO_SERVER: "http://bamboo:8085" + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-jira-data: + name: artemis-jira-data + artemis-bitbucket-data: + name: artemis-bitbucket-data + artemis-bamboo-data: + name: artemis-bamboo-data + artemis-bamboo-build-agent: + name: artemis-bamboo-build-agent diff --git a/src/main/docker/atlassian-setup.sh b/docker/atlassian/atlassian-setup.sh similarity index 100% rename from src/main/docker/atlassian-setup.sh rename to docker/atlassian/atlassian-setup.sh diff --git a/docker/broker-registry.yml b/docker/broker-registry.yml new file mode 100644 index 000000000000..74b9b79a3325 --- /dev/null +++ b/docker/broker-registry.yml @@ -0,0 +1,36 @@ +services: + jhipster-registry: + container_name: artemis-jhipster-registry + image: docker.io/jhipster/jhipster-registry:v6.1.2 + pull_policy: always + volumes: + - ./registry:/central-config + # When run with the "dev" Spring profile, the JHipster Registry will + # read the config from the local filesystem (registry directory) + # When run with the "prod" Spring profile, it will read the configuration from a Git repository + # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config + environment: + _JAVA_OPTIONS: -Xmx512m -Xms256m + SPRING_PROFILES_ACTIVE: dev,openapi + SPRING_SECURITY_USER_PASSWORD: admin + JHIPSTER_REGISTRY_PASSWORD: admin + SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE: native + SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS: file:./central-config/localhost-config/ + ports: + - "8761:8761" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "8761" + + activemq-broker: + container_name: artemis-activemq-broker + image: docker.io/vromero/activemq-artemis:latest + pull_policy: always + environment: + ARTEMIS_USERNAME: guest + ARTEMIS_PASSWORD: guest + ports: + - "61613:61613" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "61613" diff --git a/src/main/docker/cypress/cypress-E2E-tests-coverage-override.yml b/docker/cypress-E2E-tests-coverage-override.yml similarity index 62% rename from src/main/docker/cypress/cypress-E2E-tests-coverage-override.yml rename to docker/cypress-E2E-tests-coverage-override.yml index bac518243616..77b0fb1b77ad 100644 --- a/src/main/docker/cypress/cypress-E2E-tests-coverage-override.yml +++ b/docker/cypress-E2E-tests-coverage-override.yml @@ -1,14 +1,20 @@ -version: '2.4' services: artemis-app: build: - dockerfile: src/main/docker/cypress/coverage.Dockerfile + dockerfile: docker/cypress/coverage.Dockerfile ports: - "6300:6300" # JaCoCo agent port + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "6300" + environment: + # add jacocoagent to java command + _JAVA_OPTIONS: -javaagent:jacocoagent.jar=output=tcpserver,address=* artemis-cypress: + pull_policy: never build: - context: . + context: ./cypress dockerfile: cypress.Dockerfile args: - CYPRESS_BROWSER=node18.12.0-chrome107 diff --git a/docker/cypress-E2E-tests.yml b/docker/cypress-E2E-tests.yml new file mode 100644 index 000000000000..562bee42a470 --- /dev/null +++ b/docker/cypress-E2E-tests.yml @@ -0,0 +1,72 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Cypress Setup +# ---------------------------------------------------------------------------------------------------------------------- + +services: + mysql: + extends: + file: ./mysql.yml + service: mysql + + artemis-app: + extends: + file: ./artemis.yml + service: artemis-app + depends_on: + mysql: + condition: service_healthy + env_file: + - ./artemis/config/cypress-application-local.env + environment: + SPRING_PROFILES_ACTIVE: "artemis,bamboo,bitbucket,jira,prod,docker" + + nginx: + extends: + file: ./nginx.yml + service: nginx + # the artemis-app service needs to be started, otherwise there are problems with name resolution in docker + depends_on: + artemis-app: + condition: service_started + volumes: + - ./nginx/artemis-nginx-cypress.conf:/etc/nginx/conf.d/artemis-nginx-cypress.conf:ro + ports: + - "80:80" + - "443:443" + # see comments in artemis/config/cypress-application-local.env why this port is necessary + - "54321:54321" + + artemis-cypress: + # Cypress image with node and chrome browser installed (Cypress installation needs to be done separately because we require additional dependencies) + image: docker.io/cypress/browsers:node18.12.0-chrome107 + pull_policy: always + depends_on: + artemis-app: + condition: service_healthy + environment: + CYPRESS_baseUrl: "https://artemis-nginx" + CYPRESS_video: "${bamboo_cypress_video_enabled}" + CYPRESS_adminUsername: "${bamboo_artemis_admin_username}" + CYPRESS_adminPassword: "${bamboo_artemis_admin_password}" + CYPRESS_username: "${bamboo_cypress_username_template}" + CYPRESS_password: "${bamboo_cypress_password_template}" + CYPRESS_allowGroupCustomization: "true" + CYPRESS_studentGroupName: "artemis-e2etest-students" + CYPRESS_tutorGroupName: "artemis-e2etest-tutors" + CYPRESS_editorGroupName: "artemis-e2etest-editors" + CYPRESS_instructorGroupName: "artemis-e2etest-instructors" + command: sh -c "cd /app/artemis/src/test/cypress && chmod 777 /root && npm ci && npm run cypress:run -- --config retries=2" + volumes: + - ..:/app/artemis + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data + artemis-data: + name: artemis-data diff --git a/docker/cypress/coverage.Dockerfile b/docker/cypress/coverage.Dockerfile new file mode 100644 index 000000000000..c0152cfd04cc --- /dev/null +++ b/docker/cypress/coverage.Dockerfile @@ -0,0 +1,14 @@ +FROM artemis:coverage-latest as runtime + +USER root + +RUN echo "Installing needed dependencies" \ + && apt-get update && apt-get install -y --no-install-recommends unzip \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Install Jacocco Agent +RUN wget "https://search.maven.org/remotecontent?filepath=org/jacoco/jacoco/0.8.8/jacoco-0.8.8.zip" -O temp.zip \ + && unzip temp.zip "lib/jacocoagent.jar" -d . \ + && mv lib/jacocoagent.jar . \ + && rm -rf lib temp.zip diff --git a/src/main/docker/cypress/cypress.Dockerfile b/docker/cypress/cypress.Dockerfile similarity index 100% rename from src/main/docker/cypress/cypress.Dockerfile rename to docker/cypress/cypress.Dockerfile diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 000000000000..16f78b2ea5f4 --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,24 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Prod-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- + +# this links to /docker/artemis-prod-mysql.yml which is the default artemis production docker compose setup + +services: + artemis-app: + extends: + file: ./artemis-prod-mysql.yml + service: artemis-app + mysql: + extends: + file: ./artemis-prod-mysql.yml + service: mysql + nginx: + extends: + file: ./artemis-prod-mysql.yml + service: nginx + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/docker/gitlab-gitlabci.yml b/docker/gitlab-gitlabci.yml new file mode 100644 index 000000000000..c454136ffa4e --- /dev/null +++ b/docker/gitlab-gitlabci.yml @@ -0,0 +1,62 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab-GitLabCI Setup +# ---------------------------------------------------------------------------------------------------------------------- + +services: + gitlab: + # TODO: check if more settings can also be integrated into gitlab.yml + extends: + file: ./gitlab.yml + service: gitlab + volumes: + - artemis-gitlab-data:/var/opt/gitlab + - artemis-gitlab-logs:/var/log/gitlab + - artemis-gitlab-config:/etc/gitlab + environment: + GITLAB_OMNIBUS_CONFIG: | + external_url "${GIT_SERVER_NAME}" + prometheus_monitoring['enable'] = false + gitlab_rails['gitlab_shell_ssh_port'] = 2222 + gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'] + letsencrypt['enable'] = ${SSL_ENABLED} + letsencrypt['auto_renew_hour'] = "12" + letsencrypt['auto_renew_minute'] = "30" + letsencrypt['auto_renew_day_of_month'] = "*/7" + ports: + - "2222:22" + - "80:80" + - "443:443" + # expose the ports to make them reachable docker internally even if the external port mapping changes + expose: + - "22" + - "80" + - "443" + shm_size: "256m" + gitlab-runner: + image: docker.io/gitlab/gitlab-runner:latest + pull_policy: always + container_name: artemis-gitlab-runner + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /usr/local/bin/docker:/usr/bin/docker + - artemis-gitlabci-runner-config:/etc/gitlab-runner + hostname: 'gitlab-runner' + extra_hosts: + - "host.docker.internal:host-gateway" + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis + +volumes: + artemis-gitlab-data: + name: artemis-gitlab-data + artemis-gitlab-logs: + name: artemis-gitlab-logs + artemis-gitlab-config: + name: artemis-gitlab-config + artemis-gitlabci-runner-config: + name: artemis-gitlabci-runner-config diff --git a/docker/gitlab-jenkins.yml b/docker/gitlab-jenkins.yml new file mode 100644 index 000000000000..50d9bbbde539 --- /dev/null +++ b/docker/gitlab-jenkins.yml @@ -0,0 +1,27 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab-Jenkins Setup +# ---------------------------------------------------------------------------------------------------------------------- + +services: + gitlab: + extends: + file: ./gitlab.yml + service: gitlab + jenkins: + extends: + file: ./jenkins.yml + service: jenkins + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-gitlab-data: + name: artemis-gitlab-data + artemis-gitlab-logs: + name: artemis-gitlab-logs + artemis-gitlab-config: + name: artemis-gitlab-config + artemis-jenkins-data: + name: artemis-jenkins-data diff --git a/docker/gitlab.yml b/docker/gitlab.yml new file mode 100644 index 000000000000..3203f5922142 --- /dev/null +++ b/docker/gitlab.yml @@ -0,0 +1,40 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + gitlab: + container_name: artemis-gitlab + extra_hosts: + - "host.docker.internal:host-gateway" + build: ./gitlab + platform: linux/amd64 + volumes: + - artemis-gitlab-data:/var/opt/gitlab + - artemis-gitlab-logs:/var/log/gitlab + - artemis-gitlab-config:/etc/gitlab + - ./gitlab/gitlab-local-setup.sh:/gitlab-local-setup.sh + environment: + GITLAB_OMNIBUS_CONFIG: "prometheus_monitoring['enable'] = false; gitlab_rails['gitlab_shell_ssh_port'] = 2222; gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0']" + GITLAB_ROOT_PASSWORD: + ports: + - "2222:22" + - "8081:80" + # expose the ports to make them reachable docker internally even if the external port mapping changes + expose: + - "22" + - "80" + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-gitlab-data: + name: artemis-gitlab-data + artemis-gitlab-logs: + name: artemis-gitlab-logs + artemis-gitlab-config: + name: artemis-gitlab-config diff --git a/src/main/docker/gitlab/Dockerfile b/docker/gitlab/Dockerfile similarity index 92% rename from src/main/docker/gitlab/Dockerfile rename to docker/gitlab/Dockerfile index 322ba6610f64..0ce362376a2b 100644 --- a/src/main/docker/gitlab/Dockerfile +++ b/docker/gitlab/Dockerfile @@ -1,4 +1,4 @@ -FROM gitlab/gitlab-ce:latest +FROM docker.io/gitlab/gitlab-ce:latest LABEL description="Gitlab for local development environment packaged with jq" diff --git a/src/main/docker/gitlab/README.md b/docker/gitlab/README.md similarity index 81% rename from src/main/docker/gitlab/README.md rename to docker/gitlab/README.md index f87881a66ad6..7f8c7f23827b 100644 --- a/src/main/docker/gitlab/README.md +++ b/docker/gitlab/README.md @@ -2,13 +2,16 @@ First, configure the environment parameters: ```bash -cp src/main/docker/env.example.gitlab-gitlabci.txt src/main/docker/.env -vi src/main/docker/.env +cp docker/gitlab/env.example.gitlab-gitlabci.txt docker/gitlab/gitlab-gitlabci.env +vi docker/gitlab/gitlab-gitlabci.env ``` Run the following command to start GitLab and a GitLab Runner in a Docker container: + ```bash -docker-compose -f src/main/docker/gitlab-gitlabci.yml --env-file src/main/docker/.env up --build -d +docker compose -f docker/gitlab-gitlabci.yml --env-file docker/gitlab/gitlab-gitlabci.env up --build -d ``` Then log on to http://localhost/ with the password (`sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password`) and go to http://localhost/admin/runners. diff --git a/src/main/docker/env.example.gitlab-gitlabci.txt b/docker/gitlab/env.example.gitlab-gitlabci.txt similarity index 100% rename from src/main/docker/env.example.gitlab-gitlabci.txt rename to docker/gitlab/env.example.gitlab-gitlabci.txt diff --git a/src/main/docker/gitlab/gitlab-local-setup.sh b/docker/gitlab/gitlab-local-setup.sh similarity index 100% rename from src/main/docker/gitlab/gitlab-local-setup.sh rename to docker/gitlab/gitlab-local-setup.sh diff --git a/src/main/docker/gitlab/gitlab-setup.sh b/docker/gitlab/gitlab-setup.sh similarity index 97% rename from src/main/docker/gitlab/gitlab-setup.sh rename to docker/gitlab/gitlab-setup.sh index 19b3dc896bf2..8cf2cf68e386 100755 --- a/src/main/docker/gitlab/gitlab-setup.sh +++ b/docker/gitlab/gitlab-setup.sh @@ -3,7 +3,7 @@ # Gitlab setup script # # If you have any questions, ask Simon Leiß # # This script can be run by using the command # -# docker-compose -f src/main/docker/gitlab-jenkins.yml exec artemis-gitlab /./gitlab-setup.sh # +# docker compose -f docker/gitlab-jenkins.yml exec artemis-gitlab /./gitlab-setup.sh # ################################################################################################### @@ -48,7 +48,7 @@ SSH_CHANGED=$REPLY if [[ $SSH_CHANGED =~ ^[Yy]$ ]] then echo - echo "Alright, we will setup the new SSH port now. Make sure to use the same port in the docker-compose file." + echo "Alright, we will setup the new SSH port now. Make sure to use the same port in the docker compose file." read -p "What alternative SSH port should be used? [e.g. \"2222\"]. Do not include any quotation marks.`echo $'\n> '`" -r echo SSH_PORT=$REPLY diff --git a/docker/jenkins.yml b/docker/jenkins.yml new file mode 100644 index 000000000000..df9396376aff --- /dev/null +++ b/docker/jenkins.yml @@ -0,0 +1,36 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Jenkins base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + jenkins: + container_name: artemis-jenkins + extra_hosts: + - "host.docker.internal:host-gateway" + build: ./jenkins + user: root + volumes: + - artemis-jenkins-data:/var/jenkins_home + - ./jenkins/jenkins-disable-csrf.groovy:/var/jenkins_home/init.groovy # Disable CSRF token + - ./jenkins/master-key-only-for-testing.key:/var/jenkins_home/master.key # Preset master key to use pre-generated secrets + - ./jenkins/jenkins-casc-config.yml:/usr/share/jenkins/ref/jenkins-casc-config.yml:ro + - /var/run/docker.sock:/var/run/docker.sock + - /usr/bin/docker:/usr/bin/docker:ro + ports: + - "8082:8080" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "8080" + networks: + - artemis + environment: + CASC_JENKINS_CONFIG: "/usr/share/jenkins/ref/jenkins-casc-config.yml" + JAVA_OPTS: + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-jenkins-data: + name: artemis-jenkins-data diff --git a/src/main/docker/jenkins/Dockerfile b/docker/jenkins/Dockerfile similarity index 92% rename from src/main/docker/jenkins/Dockerfile rename to docker/jenkins/Dockerfile index fed9c3302d52..f9c41c841e52 100644 --- a/src/main/docker/jenkins/Dockerfile +++ b/docker/jenkins/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:lts +FROM docker.io/jenkins/jenkins:lts LABEL description="Jenkins with plugins pre-installed for Artemis" diff --git a/src/main/docker/jenkins/jenkins-casc-config.yml b/docker/jenkins/jenkins-casc-config.yml similarity index 100% rename from src/main/docker/jenkins/jenkins-casc-config.yml rename to docker/jenkins/jenkins-casc-config.yml diff --git a/src/main/docker/jenkins/jenkins-disable-csrf.groovy b/docker/jenkins/jenkins-disable-csrf.groovy similarity index 100% rename from src/main/docker/jenkins/jenkins-disable-csrf.groovy rename to docker/jenkins/jenkins-disable-csrf.groovy diff --git a/src/main/docker/jenkins/master-key-only-for-testing.key b/docker/jenkins/master-key-only-for-testing.key similarity index 100% rename from src/main/docker/jenkins/master-key-only-for-testing.key rename to docker/jenkins/master-key-only-for-testing.key diff --git a/src/main/docker/jenkins/plugins.yml b/docker/jenkins/plugins.yml similarity index 100% rename from src/main/docker/jenkins/plugins.yml rename to docker/jenkins/plugins.yml diff --git a/docker/mailhog.yml b/docker/mailhog.yml new file mode 100644 index 000000000000..5145f67cdff4 --- /dev/null +++ b/docker/mailhog.yml @@ -0,0 +1,34 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Mailhog service +# +# Out of the box this setup just works with a containerized dev Artemis instance +# see comments above artemis-app on how to get it working wit a non-containerized Artemis instance +# ---------------------------------------------------------------------------------------------------------------------- +services: + mailhog: + container_name: artemis-mailhog + image: mailhog/mailhog + pull_policy: always + ports: + - "1025:1025" + - "8025:8025" + # expose the ports to make them reachable docker internally even if the external port mapping changes + expose: + - "1025" + - "8025" + networks: + - artemis + + # comment this section if you use mailhog with a non-containerized Artemis instance + # and add the following spring configuration in your application-local.yml + artemis-app: + environment: + SPRING_MAIL_HOST: "mailhog" + SPRING_MAIL_PORT: "1025" + SPRING_MAIL_USERNAME: + SPRING_MAIL_PASSWORD: + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/docker/monitoring.yml b/docker/monitoring.yml new file mode 100644 index 000000000000..9c237f83b69b --- /dev/null +++ b/docker/monitoring.yml @@ -0,0 +1,45 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Monitoring setup +# ---------------------------------------------------------------------------------------------------------------------- +# This configuration is intended for development purpose, it's **your** responsibility to harden it for production +# +# Out of the box this setup just works with a non-containerized Artemis instancezs +# ---------------------------------------------------------------------------------------------------------------------- + +services: + prometheus: + container_name: artemis-prometheus + image: docker.io/prom/prometheus:v2.34.0 + pull_policy: always + volumes: + - ./monitoring/prometheus/:/etc/prometheus/ + # If you want to expose these ports outside your dev PC, + # remove the "127.0.0.1:" prefix + ports: + - "127.0.0.1:9090:9090" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "9090" + # On macOS, remove next line and replace localhost by host.docker.internal in prometheus/prometheus.yml and + # grafana/provisioning/datasources/datasource.yml + network_mode: 'host' # to test locally running service + grafana: + container_name: artemis-grafana + image: docker.io/grafana/grafana:9.0.2 + pull_policy: always + volumes: + - ./monitoring/grafana/provisioning/:/etc/grafana/provisioning/ + environment: + GF_SECURITY_ADMIN_PASSWORD: "admin" + GF_USERS_ALLOW_SIGN_UP: "false" + GF_INSTALL_PLUGINS: "grafana-piechart-panel" + # If you want to expose these ports outside your dev PC, + # remove the "127.0.0.1:" prefix + ports: + - "127.0.0.1:3000:3000" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "3000" + # On macOS, remove next line and replace localhost by host.docker.internal in prometheus/prometheus.yml and + # grafana/provisioning/datasources/datasource.yml + network_mode: 'host' # to test locally running service diff --git a/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json b/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json new file mode 100644 index 000000000000..0b9000232294 --- /dev/null +++ b/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json @@ -0,0 +1,395 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(artemis_instance_websocket_users)", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis User - Sum", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:147", + "format": "short", + "logBase": 1, + "min": "0", + "show": true + }, + { + "$$hashKey": "object:148", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "artemis_instance_websocket_users", + "instant": false, + "interval": "", + "legendFormat": "{{instance_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis User", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:147", + "format": "short", + "logBase": 1, + "min": "0", + "show": true + }, + { + "$$hashKey": "object:148", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (instance_name) (artemis_health)", + "interval": "", + "legendFormat": "{{instance_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis Health - external systems", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:521", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:522", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (healthindicator) (artemis_health)", + "interval": "", + "legendFormat": "{{healthindicator}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis-Health per External System", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:227", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:228", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + } + ], + "refresh": "30s", + "schemaVersion": 34, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Artemis Statistics", + "uid": "d9vRDInMz", + "version": 1, + "weekStart": "" +} diff --git a/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml b/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml new file mode 100644 index 000000000000..4c237cf2d90c --- /dev/null +++ b/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml @@ -0,0 +1,11 @@ +apiVersion: 1 + +providers: + - name: 'Artemis' + orgId: 1 + folder: 'Artemis' + type: file + disableDeletion: false + editable: true + options: + path: /etc/grafana/provisioning/dashboards/artemis diff --git a/docker/monitoring/grafana/provisioning/datasources/datasource.yml b/docker/monitoring/grafana/provisioning/datasources/datasource.yml new file mode 100644 index 000000000000..17f90a28df11 --- /dev/null +++ b/docker/monitoring/grafana/provisioning/datasources/datasource.yml @@ -0,0 +1,12 @@ +apiVersion: 1 + +datasources: + - name: Prometheus + uid: prometheus_default + type: prometheus + access: proxy + orgId: 1 + url: http://localhost:9090 + basicAuth: false + isDefault: true + editable: true diff --git a/src/main/docker/prometheus/prometheus.yml b/docker/monitoring/prometheus/prometheus.yml similarity index 100% rename from src/main/docker/prometheus/prometheus.yml rename to docker/monitoring/prometheus/prometheus.yml diff --git a/docker/mysql.yml b/docker/mysql.yml new file mode 100644 index 000000000000..842b125dca19 --- /dev/null +++ b/docker/mysql.yml @@ -0,0 +1,40 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# MySQL base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + mysql: + container_name: artemis-mysql + image: docker.io/library/mysql:8.0.32 + pull_policy: always + volumes: + - artemis-mysql-data:/var/lib/mysql + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "yes" + MYSQL_ROOT_PASSWORD: + MYSQL_DATABASE: "Artemis" + ports: + - "127.0.0.1:3306:3306" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "3306" + command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp + # mbind: Operation not permitted workaround for docker compose (see https://github.com/docker-library/mysql/issues/303) + cap_add: + - SYS_NICE # CAP_SYS_NICE + healthcheck: + test: mysqladmin ping -h 127.0.0.1 -u root --silent + interval: 5s + timeout: 3s + retries: 30 + start_period: 300s + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data diff --git a/docker/nginx.yml b/docker/nginx.yml new file mode 100644 index 000000000000..5562e7c7e6fa --- /dev/null +++ b/docker/nginx.yml @@ -0,0 +1,50 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Nginx base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + nginx: + # nginx setup based on artemis prod ansible repository + # TODO: merge KIT settings for the proxy + # TODO: Adjust worker_rlimit_nofile in nginx.conf (from ansible task) + # TODO: Adjust worker_connections in nginx.conf (from ansible task) + # TODO: Adjust worker_connections in nginx.conf (from ansible task) + # TODO: Ensure file-max limit in sysctl.conf (from ansible task) + # TODO: Copy security-limits nginx.conf (from ansible task) + # TODO: Copy systemd-limits nginx.conf (from ansible task) + container_name: artemis-nginx + image: nginx:1.23 + pull_policy: always + volumes: + - ./nginx/timeouts.conf:/etc/nginx/conf.d/timeouts.conf:ro + - ./nginx/artemis-nginx.conf:/etc/nginx/conf.d/artemis-nginx.conf:ro + - ./nginx/artemis-server.conf:/etc/nginx/includes/artemis-server.conf:ro + - ./nginx/dhparam.pem:/etc/nginx/dhparam.pem:ro + - ./nginx/nginx_502.html:/usr/share/nginx/html/502.html:ro + - ./nginx/70-artemis-setup.sh:/docker-entrypoint.d/70-artemis-setup.sh + # TODO: move the certs to a place for testing in cypress and/or development envs + - ../src/test/cypress/certs/artemis-nginx+4.pem:/certs/fullchain.pem:ro + - ../src/test/cypress/certs/artemis-nginx+4-key.pem:/certs/priv_key.pem:ro + #- ./pki:/etc/pki/nginx:ro + #- ./defaults/templates:/etc/nginx/templates:ro + #- ./defaults/nginx.conf:/etc/nginx/nginx.conf:ro + #- ./defaults/proxy.conf:/etc/nginx/proxy.conf:ro + #- ./defaults/ssl.conf:/etc/nginx/ssl.conf:ro + #- ./defaults/dhparam.pem:/etc/nginx/dhparam.pem:ro + ports: + - "80:80" + - "443:443" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "80" + - "443" + healthcheck: + test: service nginx status || exit 1 + start_period: 60s + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/src/main/docker/cypress/nginx-files/70-artemis-setup.sh b/docker/nginx/70-artemis-setup.sh similarity index 100% rename from src/main/docker/cypress/nginx-files/70-artemis-setup.sh rename to docker/nginx/70-artemis-setup.sh diff --git a/docker/nginx/artemis-nginx-cypress.conf b/docker/nginx/artemis-nginx-cypress.conf new file mode 100644 index 000000000000..72342b9fdc38 --- /dev/null +++ b/docker/nginx/artemis-nginx-cypress.conf @@ -0,0 +1,7 @@ +server { + listen 54321 default_server; + listen [::]:54321 default_server; + server_name _; + + include includes/artemis-server.conf; +} diff --git a/src/main/docker/cypress/nginx-files/artemis-nginx.conf b/docker/nginx/artemis-nginx.conf similarity index 90% rename from src/main/docker/cypress/nginx-files/artemis-nginx.conf rename to docker/nginx/artemis-nginx.conf index e9953144e93f..cee75c0ace5f 100644 --- a/src/main/docker/cypress/nginx-files/artemis-nginx.conf +++ b/docker/nginx/artemis-nginx.conf @@ -17,14 +17,6 @@ server { return 301 https://$host$request_uri; } -server { - listen 54321 default_server; - listen [::]:54321 default_server; - server_name _; - - include includes/artemis-server.conf; -} - server { listen 443 ssl http2; listen [::]:443 ssl http2; diff --git a/src/main/docker/cypress/nginx-files/artemis-server.conf b/docker/nginx/artemis-server.conf similarity index 100% rename from src/main/docker/cypress/nginx-files/artemis-server.conf rename to docker/nginx/artemis-server.conf diff --git a/src/main/docker/cypress/nginx-files/dhparam.pem b/docker/nginx/dhparam.pem similarity index 100% rename from src/main/docker/cypress/nginx-files/dhparam.pem rename to docker/nginx/dhparam.pem diff --git a/src/main/docker/cypress/nginx-files/nginx_502.html b/docker/nginx/nginx_502.html similarity index 100% rename from src/main/docker/cypress/nginx-files/nginx_502.html rename to docker/nginx/nginx_502.html diff --git a/src/main/docker/cypress/nginx-files/timeouts.conf b/docker/nginx/timeouts.conf similarity index 100% rename from src/main/docker/cypress/nginx-files/timeouts.conf rename to docker/nginx/timeouts.conf diff --git a/src/main/docker/postgresql.yml b/docker/postgresql.yml similarity index 95% rename from src/main/docker/postgresql.yml rename to docker/postgresql.yml index c0c41e0b6c11..b0005b2f5520 100644 --- a/src/main/docker/postgresql.yml +++ b/docker/postgresql.yml @@ -16,13 +16,13 @@ services: POSTGRES_USER: postgres POSTGRES_DB: Artemis ports: - - 5432:5432 + - "5432:5432" healthcheck: test: pg_isready -U postgres -d Artemis interval: 5s timeout: 3s retries: 30 - start_period: 30s + start_period: 300s shm_size: '256m' networks: - artemis diff --git a/src/main/docker/central-server-config/README.md b/docker/registry/README.md similarity index 56% rename from src/main/docker/central-server-config/README.md rename to docker/registry/README.md index 8330d4810e6d..43008746194c 100644 --- a/src/main/docker/central-server-config/README.md +++ b/docker/registry/README.md @@ -1,8 +1,11 @@ # Central configuration sources details +The docker compose files in this directory don't follow the project wide docker compose file structure as they are +apparently included as bind mounts in `../broker-registry.yml`. + The JHipster-Registry will use the following directories as its configuration source : -- localhost-config : when running the registry in docker with the jhipster-registry.yml docker-compose file -- docker-config : when running the registry and the app both in docker with the app.yml docker-compose file +- localhost-config : when running the registry in docker with the jhipster-registry.yml docker compose file +- docker-config : when running the registry and the app both in docker with the app.yml docker compose file For more info, refer to https://www.jhipster.tech/jhipster-registry/#spring-cloud-config diff --git a/src/main/docker/central-server-config/docker-config/application.yml b/docker/registry/docker-config/application.yml similarity index 100% rename from src/main/docker/central-server-config/docker-config/application.yml rename to docker/registry/docker-config/application.yml diff --git a/src/main/docker/central-server-config/localhost-config/application.yml b/docker/registry/localhost-config/application.yml similarity index 100% rename from src/main/docker/central-server-config/localhost-config/application.yml rename to docker/registry/localhost-config/application.yml diff --git a/docker/saml-test.yml b/docker/saml-test.yml new file mode 100644 index 000000000000..63fb677b0741 --- /dev/null +++ b/docker/saml-test.yml @@ -0,0 +1,37 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# SAML2 Testing service +# ---------------------------------------------------------------------------------------------------------------------- +# based on the work of: https://github.com/kit-sdq/Artemis-SAML2-Test-Docker +# +# when using this service you have to manually add the saml2 spring profile in your Artemis configuration +# +# Out of the box this setup just works with a containerized Artemis instance +# see comments above artemis-app on how to get it working wit a non-containerized Artemis instance +# ---------------------------------------------------------------------------------------------------------------------- + +services: + saml-test: + container_name: artemis-saml-test + image: docker.io/jamedjo/test-saml-idp + pull_policy: always + ports: + - "9980:8080" + # expose the port to make it reachable docker internally even if the external port mapping changes + expose: + - "8080" + volumes: + - ./saml-test/saml20-sp-remote.php:/var/www/simplesamlphp/metadata/saml20-sp-remote.php + - ./saml-test/config.php:/var/www/simplesamlphp/config/config.php + networks: + - artemis + + # comment this section if you use the saml-test service with a non-containerized Artemis instance + # and copy the ./saml-test/application-saml2.yml to your server configs + artemis-app: + volumes: + - ./saml-test/application-saml2.yml:/opt/artemis/config/application-saml2.yml + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/docker/saml-test/application-saml2.yml b/docker/saml-test/application-saml2.yml new file mode 100644 index 000000000000..e859455d7d62 --- /dev/null +++ b/docker/saml-test/application-saml2.yml @@ -0,0 +1,25 @@ +saml2: + username-pattern: 'saml2-{first_name}_{last_name}' + first-name-pattern: '{first_name}' + last-name-pattern: '{last_name}' + email-pattern: '{email}' + registration-number-pattern: '{uid}' + identity-providers: + - metadata: http://saml-test:8080/simplesaml/saml2/idp/metadata.php + registration-id: testidp + entity-id: artemis + cert-file: # data/saml/cert (optional) Set this path to the Certificate for encryption/signing or leave it blank + key-file: # data/saml/key path-to-key (optional) Set this path to the Key for encryption/signing or leave it blank + +info.saml2: + # The name of the SAML2 identity provider shown on the login page (optional) + identity-provider-name: + # The label for the SAML2 login button (e.g., 'Shibboleth Login') + button-label: 'SAML2 Login' + # Disables the password-based login user interface, but leaves the API enabled. + # Use the URL query parameter '?showLoginForm' to display the login form nevertheless. + password-login-disabled: false + # Sends an e-mail to the new user with a link to set the Artemis password. This password allows login to Artemis and its + # services such as GitLab and Jenkins. This allows the users to use password-based Git workflows. + # Enables the password reset function in Artemis. + enable-password: true diff --git a/docker/saml-test/config.php b/docker/saml-test/config.php new file mode 100644 index 000000000000..b3b3fad36ef8 --- /dev/null +++ b/docker/saml-test/config.php @@ -0,0 +1,851 @@ + 'http://localhost:9980/simplesaml/', + 'certdir' => 'cert/', + 'loggingdir' => 'log/', + 'datadir' => 'data/', + + /* + * A directory where SimpleSAMLphp can save temporary files. + * + * SimpleSAMLphp will attempt to create this directory if it doesn't exist. + */ + 'tempdir' => '/tmp/simplesaml', + + + /* + * If you enable this option, SimpleSAMLphp will log all sent and received messages + * to the log file. + * + * This option also enables logging of the messages that are encrypted and decrypted. + * + * Note: The messages are logged with the DEBUG log level, so you also need to set + * the 'logging.level' option to LOG_DEBUG. + */ + 'debug' => true, + + /* + * When showerrors is enabled, all error messages and stack traces will be output + * to the browser. + * + * When errorreporting is enabled, a form will be presented for the user to report + * the error to technicalcontact_email. + */ + 'showerrors' => true, + 'errorreporting' => true, + + /** + * Custom error show function called from SimpleSAML_Error_Error::show. + * See docs/simplesamlphp-errorhandling.txt for function code example. + * + * Example: + * 'errors.show_function' => array('sspmod_example_Error_Show', 'show'), + */ + + /** + * This option allows you to enable validation of XML data against its + * schemas. A warning will be written to the log if validation fails. + */ + 'debug.validatexml' => false, + + /** + * This password must be kept secret, and modified from the default value 123. + * This password will give access to the installation page of SimpleSAMLphp with + * metadata listing and diagnostics pages. + * You can also put a hash here; run "bin/pwgen.php" to generate one. + */ + 'auth.adminpassword' => ((getenv('SIMPLESAMLPHP_ADMIN_PASSWORD') != '') ? getenv('SIMPLESAMLPHP_ADMIN_PASSWORD') : 'secret'), + 'admin.protectindexpage' => false, + 'admin.protectmetadata' => false, + + /** + * This is a secret salt used by SimpleSAMLphp when it needs to generate a secure hash + * of a value. It must be changed from its default value to a secret value. The value of + * 'secretsalt' can be any valid string of any length. + * + * A possible way to generate a random salt is by running the following command from a unix shell: + * tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo + */ + 'secretsalt' => ((getenv('SIMPLESAMLPHP_SECRET_SALT') != '') ? getenv('SIMPLESAMLPHP_SECRET_SALT') : 'defaultsecretsalt'), + + /* + * Some information about the technical persons running this installation. + * The email address will be used as the recipient address for error reports, and + * also as the technical contact in generated metadata. + */ + 'technicalcontact_name' => 'Administrator', + 'technicalcontact_email' => 'na@example.org', + + /* + * The timezone of the server. This option should be set to the timezone you want + * SimpleSAMLphp to report the time in. The default is to guess the timezone based + * on your system timezone. + * + * See this page for a list of valid timezones: http://php.net/manual/en/timezones.php + */ + 'timezone' => null, + + /* + * Logging. + * + * define the minimum log level to log + * SimpleSAML_Logger::ERR No statistics, only errors + * SimpleSAML_Logger::WARNING No statistics, only warnings/errors + * SimpleSAML_Logger::NOTICE Statistics and errors + * SimpleSAML_Logger::INFO Verbose logs + * SimpleSAML_Logger::DEBUG Full debug logs - not recommended for production + * + * Choose logging handler. + * + * Options: [syslog,file,errorlog] + * + */ + 'logging.level' => SimpleSAML_Logger::DEBUG, + 'logging.handler' => 'errorlog', + + /* + * Specify the format of the logs. Its use varies depending on the log handler used (for instance, you cannot + * control here how dates are displayed when using the syslog or errorlog handlers), but in general the options + * are: + * + * - %date{}: the date and time, with its format specified inside the brackets. See the PHP documentation + * of the strftime() function for more information on the format. If the brackets are omitted, the standard + * format is applied. This can be useful if you just want to control the placement of the date, but don't care + * about the format. + * + * - %process: the name of the SimpleSAMLphp process. Remember you can configure this in the 'logging.processname' + * option below. + * + * - %level: the log level (name or number depending on the handler used). + * + * - %stat: if the log entry is intended for statistical purposes, it will print the string 'STAT ' (bear in mind + * the trailing space). + * + * - %trackid: the track ID, an identifier that allows you to track a single session. + * + * - %srcip: the IP address of the client. If you are behind a proxy, make sure to modify the + * $_SERVER['REMOTE_ADDR'] variable on your code accordingly to the X-Forwarded-For header. + * + * - %msg: the message to be logged. + * + */ + //'logging.format' => '%date{%b %d %H:%M:%S} %process %level %stat[%trackid] %msg', + + /* + * Choose which facility should be used when logging with syslog. + * + * These can be used for filtering the syslog output from SimpleSAMLphp into its + * own file by configuring the syslog daemon. + * + * See the documentation for openlog (http://php.net/manual/en/function.openlog.php) for available + * facilities. Note that only LOG_USER is valid on windows. + * + * The default is to use LOG_LOCAL5 if available, and fall back to LOG_USER if not. + */ + 'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER, + + /* + * The process name that should be used when logging to syslog. + * The value is also written out by the other logging handlers. + */ + 'logging.processname' => 'simplesamlphp', + + /* Logging: file - Logfilename in the loggingdir from above. + */ + 'logging.logfile' => 'simplesamlphp.log', + + /* (New) statistics output configuration. + * + * This is an array of outputs. Each output has at least a 'class' option, which + * selects the output. + */ + 'statistics.out' => array(// Log statistics to the normal log. + /* + array( + 'class' => 'core:Log', + 'level' => 'notice', + ), + */ + // Log statistics to files in a directory. One file per day. + /* + array( + 'class' => 'core:File', + 'directory' => '/var/log/stats', + ), + */ + ), + + + + /* + * Database + * + * This database configuration is optional. If you are not using + * core functionality or modules that require a database, you can + * skip this configuration. + */ + + /* + * Database connection string. + * Ensure that you have the required PDO database driver installed + * for your connection string. + */ + 'database.dsn' => 'mysql:host=localhost;dbname=saml', + + /* + * SQL database credentials + */ + 'database.username' => 'simplesamlphp', + 'database.password' => 'secret', + + /* + * (Optional) Table prefix + */ + 'database.prefix' => '', + + /* + * True or false if you would like a persistent database connection + */ + 'database.persistent' => false, + + /* + * Database slave configuration is optional as well. If you are only + * running a single database server, leave this blank. If you have + * a master/slave configuration, you can define as many slave servers + * as you want here. Slaves will be picked at random to be queried from. + * + * Configuration options in the slave array are exactly the same as the + * options for the master (shown above) with the exception of the table + * prefix. + */ + 'database.slaves' => array( + /* + array( + 'dsn' => 'mysql:host=myslave;dbname=saml', + 'username' => 'simplesamlphp', + 'password' => 'secret', + 'persistent' => false, + ), + */ + ), + + + + /* + * Enable + * + * Which functionality in SimpleSAMLphp do you want to enable. Normally you would enable only + * one of the functionalities below, but in some cases you could run multiple functionalities. + * In example when you are setting up a federation bridge. + */ + 'enable.saml20-idp' => true, + 'enable.shib13-idp' => true, + 'enable.adfs-idp' => false, + 'enable.wsfed-sp' => false, + 'enable.authmemcookie' => false, + + + /* + * Module enable configuration + * + * Configuration to override module enabling/disabling. + * + * Example: + * + * 'module.enable' => array( + * // Setting to TRUE enables. + * 'exampleauth' => TRUE, + * // Setting to FALSE disables. + * 'saml' => FALSE, + * // Unset or NULL uses default. + * 'core' => NULL, + * ), + * + */ + + + /* + * This value is the duration of the session in seconds. Make sure that the time duration of + * cookies both at the SP and the IdP exceeds this duration. + */ + 'session.duration' => 8 * (60 * 60), // 8 hours. + + /* + * Sets the duration, in seconds, data should be stored in the datastore. As the datastore is used for + * login and logout requests, thid option will control the maximum time these operations can take. + * The default is 4 hours (4*60*60) seconds, which should be more than enough for these operations. + */ + 'session.datastore.timeout' => (4 * 60 * 60), // 4 hours + + /* + * Sets the duration, in seconds, auth state should be stored. + */ + 'session.state.timeout' => (60 * 60), // 1 hour + + /* + * Option to override the default settings for the session cookie name + */ + 'session.cookie.name' => 'SimpleSAMLSessionIDIdp', + + /* + * Expiration time for the session cookie, in seconds. + * + * Defaults to 0, which means that the cookie expires when the browser is closed. + * + * Example: + * 'session.cookie.lifetime' => 30*60, + */ + 'session.cookie.lifetime' => 0, + + /* + * Limit the path of the cookies. + * + * Can be used to limit the path of the cookies to a specific subdirectory. + * + * Example: + * 'session.cookie.path' => '/simplesaml/', + */ + 'session.cookie.path' => '/', + + /* + * Cookie domain. + * + * Can be used to make the session cookie available to several domains. + * + * Example: + * 'session.cookie.domain' => '.example.org', + */ + 'session.cookie.domain' => null, + + /* + * Set the secure flag in the cookie. + * + * Set this to TRUE if the user only accesses your service + * through https. If the user can access the service through + * both http and https, this must be set to FALSE. + */ + 'session.cookie.secure' => false, + + /* + * Enable secure POST from HTTPS to HTTP. + * + * If you have some SP's on HTTP and IdP is normally on HTTPS, this option + * enables secure POSTing to HTTP endpoint without warning from browser. + * + * For this to work, module.php/core/postredirect.php must be accessible + * also via HTTP on IdP, e.g. if your IdP is on + * https://idp.example.org/ssp/, then + * http://idp.example.org/ssp/module.php/core/postredirect.php must be accessible. + */ + 'enable.http_post' => true, + + /* + * Options to override the default settings for php sessions. + */ + 'session.phpsession.cookiename' => 'PHPSESSIDIDP', + 'session.phpsession.savepath' => null, + 'session.phpsession.httponly' => true, + + /* + * Option to override the default settings for the auth token cookie + */ + 'session.authtoken.cookiename' => 'SimpleSAMLAuthTokenIdp', + + /* + * Options for remember me feature for IdP sessions. Remember me feature + * has to be also implemented in authentication source used. + * + * Option 'session.cookie.lifetime' should be set to zero (0), i.e. cookie + * expires on browser session if remember me is not checked. + * + * Session duration ('session.duration' option) should be set according to + * 'session.rememberme.lifetime' option. + * + * It's advised to use remember me feature with session checking function + * defined with 'session.check_function' option. + */ + 'session.rememberme.enable' => false, + 'session.rememberme.checked' => false, + 'session.rememberme.lifetime' => (14 * 86400), + + /** + * Custom function for session checking called on session init and loading. + * See docs/simplesamlphp-advancedfeatures.txt for function code example. + * + * Example: + * 'session.check_function' => array('sspmod_example_Util', 'checkSession'), + */ + + /* + * Languages available, RTL languages, and what language is default + */ + 'language.available' => array( + 'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', + 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', + 'he', 'id', 'sr', 'lv', 'ro', 'eu' + ), + 'language.rtl' => array('ar', 'dv', 'fa', 'ur', 'he'), + 'language.default' => 'en', + + /* + * Options to override the default settings for the language parameter + */ + 'language.parameter.name' => 'language', + 'language.parameter.setcookie' => true, + + /* + * Options to override the default settings for the language cookie + */ + 'language.cookie.name' => 'language', + 'language.cookie.domain' => null, + 'language.cookie.path' => '/', + 'language.cookie.lifetime' => (60 * 60 * 24 * 900), + + /** + * Custom getLanguage function called from SimpleSAML_XHTML_Template::getLanguage(). + * Function should return language code of one of the available languages or NULL. + * See SimpleSAML_XHTML_Template::getLanguage() source code for more info. + * + * This option can be used to implement a custom function for determining + * the default language for the user. + * + * Example: + * 'language.get_language_function' => array('sspmod_example_Template', 'getLanguage'), + */ + + /* + * Extra dictionary for attribute names. + * This can be used to define local attributes. + * + * The format of the parameter is a string with :. + * + * Specifying this option will cause us to look for modules//dictionaries/.definition.json + * The dictionary should look something like: + * + * { + * "firstattribute": { + * "en": "English name", + * "no": "Norwegian name" + * }, + * "secondattribute": { + * "en": "English name", + * "no": "Norwegian name" + * } + * } + * + * Note that all attribute names in the dictionary must in lowercase. + * + * Example: 'attributes.extradictionary' => 'ourmodule:ourattributes', + */ + 'attributes.extradictionary' => null, + + /* + * Which theme directory should be used? + */ + 'theme.use' => 'default', + + + /* + * Default IdP for WS-Fed. + */ + 'default-wsfed-idp' => 'urn:federation:pingfederate:localhost', + + /* + * Whether the discovery service should allow the user to save his choice of IdP. + */ + 'idpdisco.enableremember' => true, + 'idpdisco.rememberchecked' => true, + + // Disco service only accepts entities it knows. + 'idpdisco.validate' => true, + + 'idpdisco.extDiscoveryStorage' => null, + + /* + * IdP Discovery service look configuration. + * Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box + * gives the best use experience. + * + * When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown. + * This makes it easier for the user to choose the IdP + * + * Options: [links,dropdown] + * + */ + 'idpdisco.layout' => 'dropdown', + + /* + * Whether SimpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication + * responses. + * + * The default is to sign the assertion element, but that can be overridden by setting this + * option to TRUE. It can also be overridden on a pr. SP basis by adding an option with the + * same name to the metadata of the SP. + */ + 'shib13.signresponse' => true, + + + /* + * Authentication processing filters that will be executed for all IdPs + * Both Shibboleth and SAML 2.0 + */ + 'authproc.idp' => array( + /* Enable the authproc filter below to add URN Prefixces to all attributes + 10 => array( + 'class' => 'core:AttributeMap', 'addurnprefix' + ), */ + /* Enable the authproc filter below to automatically generated eduPersonTargetedID. + 20 => 'core:TargetedID', + */ + + // Adopts language from attribute to use in UI + 30 => 'core:LanguageAdaptor', + + /* Add a realm attribute from edupersonprincipalname + 40 => 'core:AttributeRealm', + */ + 45 => array( + 'class' => 'core:StatisticsWithAttribute', + 'attributename' => 'realm', + 'type' => 'saml20-idp-SSO', + ), + + /* When called without parameters, it will fallback to filter attributes ‹the old way› + * by checking the 'attributes' parameter in metadata on IdP hosted and SP remote. + */ + 50 => 'core:AttributeLimit', + + /* + * Search attribute "distinguishedName" for pattern and replaces if found + + 60 => array( + 'class' => 'core:AttributeAlter', + 'pattern' => '/OU=studerende/', + 'replacement' => 'Student', + 'subject' => 'distinguishedName', + '%replace', + ), + */ + + /* + * Consent module is enabled (with no permanent storage, using cookies). + + 90 => array( + 'class' => 'consent:Consent', + 'store' => 'consent:Cookie', + 'focus' => 'yes', + 'checked' => TRUE + ), + */ + // If language is set in Consent module it will be added as an attribute. + 99 => 'core:LanguageAdaptor', + ), + /* + * Authentication processing filters that will be executed for all SPs + * Both Shibboleth and SAML 2.0 + */ + 'authproc.sp' => array( + /* + 10 => array( + 'class' => 'core:AttributeMap', 'removeurnprefix' + ), + */ + + /* + * Generate the 'group' attribute populated from other variables, including eduPersonAffiliation. + 60 => array( + 'class' => 'core:GenerateGroups', 'eduPersonAffiliation' + ), + */ + /* + * All users will be members of 'users' and 'members' + 61 => array( + 'class' => 'core:AttributeAdd', 'groups' => array('users', 'members') + ), + */ + + // Adopts language from attribute to use in UI + 90 => 'core:LanguageAdaptor', + + ), + + + /* + * This option configures the metadata sources. The metadata sources is given as an array with + * different metadata sources. When searching for metadata, simpleSAMPphp will search through + * the array from start to end. + * + * Each element in the array is an associative array which configures the metadata source. + * The type of the metadata source is given by the 'type' element. For each type we have + * different configuration options. + * + * Flat file metadata handler: + * - 'type': This is always 'flatfile'. + * - 'directory': The directory we will load the metadata files from. The default value for + * this option is the value of the 'metadatadir' configuration option, or + * 'metadata/' if that option is unset. + * + * XML metadata handler: + * This metadata handler parses an XML file with either an EntityDescriptor element or an + * EntitiesDescriptor element. The XML file may be stored locally, or (for debugging) on a remote + * web server. + * The XML hetadata handler defines the following options: + * - 'type': This is always 'xml'. + * - 'file': Path to the XML file with the metadata. + * - 'url': The URL to fetch metadata from. THIS IS ONLY FOR DEBUGGING - THERE IS NO CACHING OF THE RESPONSE. + * + * MDX metadata handler: + * This metadata handler looks up for the metadata of an entity at the given MDX server. + * The MDX metadata handler defines the following options: + * - 'type': This is always 'mdx'. + * - 'server': URL of the MDX server (url:port). Mandatory. + * - 'validateFingerprint': The fingerprint of the certificate used to sign the metadata. + * You don't need this option if you don't want to validate the signature on the metadata. Optional. + * - 'cachedir': Directory where metadata can be cached. Optional. + * - 'cachelength': Maximum time metadata cah be cached, in seconds. Default to 24 + * hours (86400 seconds). Optional. + * + * PDO metadata handler: + * This metadata handler looks up metadata of an entity stored in a database. + * + * Note: If you are using the PDO metadata handler, you must configure the database + * options in this configuration file. + * + * The PDO metadata handler defines the following options: + * - 'type': This is always 'pdo'. + * + * + * Examples: + * + * This example defines two flatfile sources. One is the default metadata directory, the other + * is a metadata directory with autogenerated metadata files. + * + * 'metadata.sources' => array( + * array('type' => 'flatfile'), + * array('type' => 'flatfile', 'directory' => 'metadata-generated'), + * ), + * + * This example defines a flatfile source and an XML source. + * 'metadata.sources' => array( + * array('type' => 'flatfile'), + * array('type' => 'xml', 'file' => 'idp.example.org-idpMeta.xml'), + * ), + * + * This example defines an mdx source. + * 'metadata.sources' => array( + * array('type' => 'mdx', server => 'http://mdx.server.com:8080', 'cachedir' => '/var/simplesamlphp/mdx-cache', 'cachelength' => 86400) + * ), + * + * This example defines an pdo source. + * 'metadata.sources' => array( + * array('type' => 'pdo') + * ), + * + * Default: + * 'metadata.sources' => array( + * array('type' => 'flatfile') + * ), + */ + 'metadata.sources' => array( + array('type' => 'flatfile'), + ), + + + /* + * Configure the datastore for SimpleSAMLphp. + * + * - 'phpsession': Limited datastore, which uses the PHP session. + * - 'memcache': Key-value datastore, based on memcache. + * - 'sql': SQL datastore, using PDO. + * + * The default datastore is 'phpsession'. + * + * (This option replaces the old 'session.handler'-option.) + */ + 'store.type' => 'phpsession', + + + /* + * The DSN the sql datastore should connect to. + * + * See http://www.php.net/manual/en/pdo.drivers.php for the various + * syntaxes. + */ + 'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3', + + /* + * The username and password to use when connecting to the database. + */ + 'store.sql.username' => null, + 'store.sql.password' => null, + + /* + * The prefix we should use on our tables. + */ + 'store.sql.prefix' => 'SimpleSAMLphp', + + + /* + * Configuration for the 'memcache' session store. This allows you to store + * multiple redundant copies of sessions on different memcache servers. + * + * 'memcache_store.servers' is an array of server groups. Every data + * item will be mirrored in every server group. + * + * Each server group is an array of servers. The data items will be + * load-balanced between all servers in each server group. + * + * Each server is an array of parameters for the server. The following + * options are available: + * - 'hostname': This is the hostname or ip address where the + * memcache server runs. This is the only required option. + * - 'port': This is the port number of the memcache server. If this + * option isn't set, then we will use the 'memcache.default_port' + * ini setting. This is 11211 by default. + * - 'weight': This sets the weight of this server in this server + * group. http://php.net/manual/en/function.Memcache-addServer.php + * contains more information about the weight option. + * - 'timeout': The timeout for this server. By default, the timeout + * is 3 seconds. + * + * Example of redundant configuration with load balancing: + * This configuration makes it possible to lose both servers in the + * a-group or both servers in the b-group without losing any sessions. + * Note that sessions will be lost if one server is lost from both the + * a-group and the b-group. + * + * 'memcache_store.servers' => array( + * array( + * array('hostname' => 'mc_a1'), + * array('hostname' => 'mc_a2'), + * ), + * array( + * array('hostname' => 'mc_b1'), + * array('hostname' => 'mc_b2'), + * ), + * ), + * + * Example of simple configuration with only one memcache server, + * running on the same computer as the web server: + * Note that all sessions will be lost if the memcache server crashes. + * + * 'memcache_store.servers' => array( + * array( + * array('hostname' => 'localhost'), + * ), + * ), + * + */ + 'memcache_store.servers' => array( + array( + array('hostname' => 'localhost'), + ), + ), + + + /* + * This value allows you to set a prefix for memcache-keys. The default + * for this value is 'SimpleSAMLphp', which is fine in most cases. + * + * When running multiple instances of SSP on the same host, and more + * than one instance is using memcache, you probably want to assign + * a unique value per instance to this setting to avoid data collision. + */ + 'memcache_store.prefix' => null, + + + /* + * This value is the duration data should be stored in memcache. Data + * will be dropped from the memcache servers when this time expires. + * The time will be reset every time the data is written to the + * memcache servers. + * + * This value should always be larger than the 'session.duration' + * option. Not doing this may result in the session being deleted from + * the memcache servers while it is still in use. + * + * Set this value to 0 if you don't want data to expire. + * + * Note: The oldest data will always be deleted if the memcache server + * runs out of storage space. + */ + 'memcache_store.expires' => 36 * (60 * 60), // 36 hours. + + + /* + * Should signing of generated metadata be enabled by default. + * + * Metadata signing can also be enabled for a individual SP or IdP by setting the + * same option in the metadata for the SP or IdP. + */ + 'metadata.sign.enable' => false, + + /* + * The default key & certificate which should be used to sign generated metadata. These + * are files stored in the cert dir. + * These values can be overridden by the options with the same names in the SP or + * IdP metadata. + * + * If these aren't specified here or in the metadata for the SP or IdP, then + * the 'certificate' and 'privatekey' option in the metadata will be used. + * if those aren't set, signing of metadata will fail. + */ + 'metadata.sign.privatekey' => null, + 'metadata.sign.privatekey_pass' => null, + 'metadata.sign.certificate' => null, + + + /* + * Proxy to use for retrieving URLs. + * + * Example: + * 'proxy' => 'tcp://proxy.example.com:5100' + */ + 'proxy' => null, + + /* + * Array of domains that are allowed when generating links or redirections + * to URLs. SimpleSAMLphp will use this option to determine whether to + * to consider a given URL valid or not, but you should always validate + * URLs obtained from the input on your own (i.e. ReturnTo or RelayState + * parameters obtained from the $_REQUEST array). + * + * SimpleSAMLphp will automatically add your own domain (either by checking + * it dynamically, or by using the domain defined in the 'baseurlpath' + * directive, the latter having precedence) to the list of trusted domains, + * in case this option is NOT set to NULL. In that case, you are explicitly + * telling SimpleSAMLphp to verify URLs. + * + * Set to an empty array to disallow ALL redirections or links pointing to + * an external URL other than your own domain. This is the default behaviour. + * + * Set to NULL to disable checking of URLs. DO NOT DO THIS UNLESS YOU KNOW + * WHAT YOU ARE DOING! + * + * Example: + * 'trusted.url.domains' => array('sp.example.com', 'app.example.com'), + */ + 'trusted.url.domains' => array(), + +); diff --git a/docker/saml-test/saml20-sp-remote.php b/docker/saml-test/saml20-sp-remote.php new file mode 100644 index 000000000000..5a11e0bdf5dd --- /dev/null +++ b/docker/saml-test/saml20-sp-remote.php @@ -0,0 +1,14 @@ + 'http://localhost:8080/login/saml2/sso/testidp', + 'SingleLogoutService' => getenv('SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE'), + 'simplesaml.nameidattribute' => 'uid', + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent', +); diff --git a/docs/README.md b/docs/README.md index 46cfa3a2e123..80a6895a019b 100644 --- a/docs/README.md +++ b/docs/README.md @@ -62,7 +62,7 @@ docker run --rm -v ${PWD}/docs:/docs $(docker build -q -t sphinx -f docs/Dockerf To auto-generate the documentation as HTML file and live-reload on changes, use the provided docker command from the project root: ```bash -docker run --rm -v ${PWD}/docs:/docs -p 8000:8000 $(docker build -q -t sphinx -f docs/Dockerfile ./docs) +docker run --rm -it -v ${PWD}/docs:/docs -p 8000:8000 $(docker build -q -t sphinx -f docs/Dockerfile ./docs) ``` ## Tool support diff --git a/docs/dev/cypress.rst b/docs/dev/cypress.rst index 5c1807cdbf00..d8c1e38fcd2b 100644 --- a/docs/dev/cypress.rst +++ b/docs/dev/cypress.rst @@ -22,7 +22,7 @@ Artemis Deployment on Bamboo Build Agent ---------------------------------------- Every execution of the Cypress test suite requires its own deployment of Artemis. The easiest way to accomplish this is to deploy Artemis locally on the build agent, which executes the Cypress tests. -Using docker-compose we can start a MySQL database and the Artemis server locally on the build agent and +Using ``docker compose`` we can start a MySQL database and the Artemis server locally on the build agent and connect it to the prelive system in the university data center. .. figure:: cypress/cypress_bamboo_deployment_diagram.svg @@ -39,20 +39,20 @@ In total there are three Docker containers started in the Bamboo build agent: The container automatically creates a new database 'Artemis' and configures it with the recommended settings for Artemis. The Cypress setup reuses the already existing - `MySQL docker image `__ + `MySQL docker image `__ from the standard Artemis Docker setup. 2. Artemis The Docker image for the Artemis container is created from the already existing - `Dockerfile `__. + `Dockerfile `__. When the Bamboo build of the Cypress test suite starts, it retrieves the Artemis executable (.war file) from the `Artemis build plan `_. Upon creation of the Artemis Docker image the executable is copied into the image together with configuration files for the Artemis server. The main configuration of the Artemis server is contained in the - `application.yml file `__. + `application.yml file `__. However, this file does not contain any security relevant information. Security relevant settings like the credentials to the Jira admin account in the prelive system are instead passed to the Docker container via environment variables. @@ -115,20 +115,20 @@ flaky tests based on the changed code. To do this, we have some special Docker c 1. Docker Image Extensions - We extend the existing `Dockerfile <./src/main/docker/Dockerfile>`__ to create the Docker image for the Artemis + We extend the existing `Dockerfile <./docker/artemis/Dockerfile>`__ to create the Docker image for the Artemis container. For the flaky test detection build plan, we need to change the Artemis startup and add the :code:`unzip` dependency. To do this, we have a special Dockerfile that extends the original one and adds these changes. The - Dockerfile can be found `here <./src/main/docker/cypress/coverage.Dockerfile>`__. To do this, the regular image + Dockerfile can be found `here <./docker/cypress/coverage.Dockerfile>`__. To do this, the regular image has to be built and tagged with :code:`artemis:coverage-latest`. Additionally, we need Java in the Cypress container for the flaky test detection, so we have a special Dockerfile for the Cypress container that extends the original one and adds the Java installation. This Dockerfile can be found - `here <./src/main/docker/cypress/cypress.Dockerfile>`__. + `here <./docker/cypress/cypress.Dockerfile>`__. 2. Docker Compose Changes The Docker Compose file for the flaky test detection is located - `here <./src/main/docker/cypress/cypress-E2E-tests-coverage-override.yml>`__. This file includes some overrides for the regular + `here <./docker/cypress/cypress-E2E-tests-coverage-override.yml>`__. This file includes some overrides for the regular Docker Compose file. The main differences are that we use the extended Dockerfiles for the Artemis and Cypress containers, and we also change the Cypress startup command to include our coverage analysis. To use the overrides, you can run the following command: :code:`docker-compose -f cypress-E2E-tests.yml -f cypress-E2E-tests-coverage-override.yml up`. @@ -154,7 +154,7 @@ This build plan is automatically executed every 8 hours and verifies that test s The difference of this setup is that the Artemis server is deployed on a separate environment which already contains the necessary configuration files for the Artemis server to connect to the prelive system. The Docker image for the Cypress container should be exactly the same as the Cypress image used in -the docker-compose file for the deployment on a Bamboo build agent. +the *docker compose* file for the deployment on a Bamboo build agent. Maintenance ----------- @@ -165,7 +165,7 @@ Since the Cypress test suite simulates a real user, it makes sense to execute th the latest Chrome browser. The Cypress Docker image we use always has a specific Chrome version installed. Therefore, the -`docker-compose file `__ +`docker-compose file `__ as well as the `build plan configuration for the Cypress tests on test server 3 `__ should be updated every month to make sure that the latest Cypress image for the Chrome browser is used. diff --git a/docs/dev/setup.rst b/docs/dev/setup.rst index 0cde86154340..f94f76ce8e0b 100644 --- a/docs/dev/setup.rst +++ b/docs/dev/setup.rst @@ -65,8 +65,10 @@ MySQL Setup `Download `_ and install the MySQL Community Server (8.0.x). -As an alternative to a native MySQL setup, you can run the MySQL Database Server inside a Docker container -using e.g. ``docker-compose -f src/main/docker/mysql.yml up``. +You have to run a database on your local machine to be able to start Artemis. + +We recommend to start the database in a docker container. You can run the MySQL Database Server +using e.g. ``docker compose -f docker/mysql.yml up``. If you run your own MySQL server, make sure to specify the default ``character-set`` as ``utf8mb4`` and the default ``collation`` as ``utf8mb4_unicode_ci``. @@ -315,12 +317,22 @@ Run the server via Docker Dockerfile """""""""" -You can find the latest Artemis Dockerfile at ``src/main/docker/Dockerfile``. +You can find the latest Artemis Dockerfile at ``docker/artemis/Dockerfile``. + +* The Dockerfile has `multiple stages `__: A **builder** stage, + building the ``.war`` file, an optional **external_builder** stage to import a pre-built ``.war`` file, + a **war_file** stage to choose between the builder stages via build argument and a **runtime** stage with minimal + dependencies just for running artemis. -* The Dockerfile defines three Docker volumes +* The Dockerfile defines three Docker volumes (at the specified paths inside the container): - * ``/opt/artemis/config``: This will be used to store the configuration of Artemis in YAML files. - If this directory is empty, the default configuration of Artemis will be copied upon container start. + * **/opt/artemis/config:** + + This can be used to store additional configuration of Artemis in YAML files. + The usage is optional and we recommend using the environment files for overriding your custom configurations + instead of using ``src/main/resources/application-local.yml`` as such an additional configuration file. + The other configurations like ``src/main/resources/application.yml``, ... are built into the ``.war`` file and + therefore are not needed in this directory. .. tip:: Instead of mounting this config directory, you can also use environment variables for the configuration as @@ -334,17 +346,17 @@ You can find the latest Artemis Dockerfile at ``src/main/docker/Dockerfile``. To ease the transition of an existing set of YAML configuration files into the environment variable style, a `helper script `__ can be used. - * ``/opt/artemis/data``: This directory should be used for any data (e.g., local clone of repositories). - Therefore, configure Artemis to store this files into this directory. In order to do that, you have to change - some properties in configuration files (i.e., ``artemis.repo-clone-path``, ``artemis.repo-download-clone-path``, + * **/opt/artemis/data:** + + This directory should be used for any data (e.g., local clone of repositories). + This is preconfigured in the ``docker`` Java Spring profile (which sets the following values: + ``artemis.repo-clone-path``, ``artemis.repo-download-clone-path``, ``artemis.course-archives-path``, ``artemis.submission-export-path``, and ``artemis.file-upload-path``). - Otherwise you'll get permission failures. - * ``/opt/artemis/public/content``: This directory will be used for branding. - You can specify a favicon, ``imprint.html``, and ``privacy_statement.html`` here. -* The Dockerfile sets the correct permissions to the folders that are mounted to the volumes on startup (not recursive). + * **/opt/artemis/public/content:** -* The startup script is located `here `__. + This directory will be used for branding. + You can specify a favicon, ``imprint.html``, and ``privacy_statement.html`` here. * The Dockerfile assumes that the mounted volumes are located on a file system with the following locale settings (see `#4439 `__ for more details): @@ -353,6 +365,26 @@ You can find the latest Artemis Dockerfile at ``src/main/docker/Dockerfile``. * LANG ``en_US.UTF-8`` * LANGUAGE ``en_US.UTF-8`` +.. _Docker Debugging: + +Debugging with Docker +""""""""""""""""""""" + +| The Docker containers have the possibility to enable Java Remote Debugging via Java environment variables. +| Java Remote Debugging allows you to use your preferred debugger connected to port 5005. + For IntelliJ you can use the `Remote Java Debugging for Docker` profile being shipped in the git repository. + +With the following Java environment variable you can configure the Remote Java Debugging inside a container: + +:: + + _JAVA_OPTIONS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005" + +| This is already preset in the Docker Compose **Artemis-Dev-MySQL** Setup. +| For issues at the startup you might have to suspend the java command until a Debugger connected. + This is possible by setting ``suspend=y``. + + Run the server via a run configuration in IntelliJ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -627,41 +659,169 @@ HTTP. We need to extend the configuration in the file ------------------------------------------------------------------------------------------------------------------------ -Alternative: Docker-Compose Setup +Alternative: Docker Compose Setup --------------------------------- -A full functioning development environment can also be set up using -docker-compose: +Getting Started with Docker Compose +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +1. Install `Docker Desktop `__ or + `Docker Engine and Docker CLI with the Docker Compose Plugin `__ + (``docker compose`` command). + + We **DON'T support** the usage of the **Compose standalone** binary (``docker-compose`` command) as its installation + method `is no longer supported by Docker `__. + + We recommend the latest version of Docker Desktop or Docker Engine and Docker CLI with Docker Compose Plugin. + The minimum version for Docker Compose is 1.27.0+ as of this version the + `latest Compose file format is supported `__. + + .. hint:: + Make sure that Docker Desktop has enough memory (~ 6GB). To adapt it, go to ``Settings -> Resources``. + +2. Check that all local network ports used by Docker Compose are free (e.g. you haven't started a local MySQL server + when you would like to start a Docker Compose instance of mysql) +3. Run ``docker compose pull && docker compose up`` in the directory ``docker/`` +4. Open the Artemis instance in your browser at https://localhost +5. Run ``docker compose down`` in the directory ``docker/`` to stop and remove the docker containers + +.. tip:: + | The first ``docker compose pull`` command is just necessary the first time as an extra step, + as otherwise Artemis will be built from source as you don't already have an Artemis Image locally. + | + | For Arm-based Macs, Dev boards, etc. you will have to build the Artemis Docker Image first as we currently do not + distribute Docker Images for these architectures. + +Other Docker Compose Setups +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. figure:: setup/artemis-docker-file-structure.drawio.png + :align: center + :target: ../../_images/artemis-docker-file-structure.drawio.png + + Overview of the Artemis Docker / Docker Compose structure + +The easiest way to configure a local deployment via Docker is a deployment with a *docker compose* file. +In the directory ``docker/`` you can find the following *docker compose* files for different **setups**: -1. Install `docker `__ and `docker-compose `__ -2. Configure the credentials in ``application-artemis.yml`` in the folder ``src/main/resources/config`` as described above -3. Run ``docker-compose up`` -4. Go to http://localhost:9000 +* ``artemis-dev-mysql.yml``: **Artemis-Dev-MySQL** Setup containing the development build of Artemis and a MySQL DB +* ``artemis-prod-mysql.yml``: **Artemis-Prod-MySQL** Setup containing the production build of Artemis and a MySQL DB +* ``atlassian.yml``: **Atlassian** Setup containing a Jira, Bitbucket and Bamboo instance + (see `Bamboo, Bitbucket and Jira Setup Guide <#bamboo-bitbucket-and-jira-setup>`__ + for the configuration of this setup) +* ``gitlab-gitlabci.yml``: **GitLab-GitLabCI** Setup containing a GitLab and GitLabCI instance +* ``gitlab-jenkins.yml``: **GitLab-Jenkins** Setup containing a GitLab and Jenkins instance + (see `Gitlab Server Quickstart Guide <#gitlab-server-quickstart>`__ for the configuration of this setup) +* ``monitoring.yml``: **Prometheus-Grafana** Setup containing a Prometheus and Grafana instance +* ``mysql.yml``: **MySQL** Setup containing a MySQL DB instance +* ``nginx.yml``: **Nginx** Setup containing a preconfigured Nginx instance +* ``postgresql.yml``: **PostgreSQL** Setup containing a PostgreSQL DB instance -The client and the server will run in different containers. As Npm is -used with its live reload mode to build and run the client, any change -in the client’s codebase will trigger a rebuild automatically. In case -of changes in the codebase of the server one has to restart the -``artemis-server`` container via -``docker-compose restart artemis-server``. +Two example commands to run such setups: -(Native) Running and Debugging from IDEs is currently not supported. +.. code:: bash + + docker compose -f docker/atlassian.yml up + docker compose -f docker/mysql.yml -f docker/gitlab-jenkins.yml up + +.. tip:: + There is also a single ``docker-compose.yml`` in the directory ``docker/`` which mirrors the setup of ``artemis-prod-mysql.yml``. + This should provide a quick way, without manual changes necessary, for new contributors to startup an Artemis instance. + If the documentation just mentions to run ``docker compose`` without a ``-f `` argument, it's + assumed you are running the command from the ``docker/`` directory.F + +For each service being used in these *docker compose* files a **base service** (containing similar settings) +is defined in the following files: + +* ``artemis.yml``: **Artemis Service** +* ``mysql.yml``: **MySQL DB Service** +* ``nginx.yml``: **Nginx Service** +* ``postgresql.yml``: **PostgreSQL DB Service** +* ``gitlab.yml``: **GitLab Service** +* ``jenkins.yml``: **Jenkins Service** + +For testing mails or SAML logins you can append the following services to any setup with an artemis container: + +* ``mailhog.yml``: **Mailhog Service** (email testing tool) +* ``saml-test.yml``: **Saml-Test Service** (SAML Test Identity Provider for testing SAML features) + +An example command to run such an extended setup: + +.. code:: bash + + docker compose -f docker/artemis-dev-mysql.yml -f docker/mailhog.yml up + +.. warning:: + If you want to run multiple *docker compose* setups in parallel on one host you might have to modify + volume, container and network names! + +Folder structure +"""""""""""""""" + +| **Base services** (compose file with just one service) and **setups** (compose files with multiple services) + should be located directly in ``docker/``. +| Additional files like configuration files, Dockerfile, ... + should be in a subdirectory with the **base service** or **setup** name (``docker//``). + +Artemis Base Service +^^^^^^^^^^^^^^^^^^^^ + +Everything related to the Docker Image of Artemis (built by the Dockerfile) can be found +`in the Server Setup section <#run-the-server-via-docker>`__. +All Artemis related settings changed in Docker compose files are described here. + +| The ``artemis.yml`` **base service** (e.g. in the ``artemis-prod-mysql.yml`` setup) defaults to the latest + Artemis Docker Image tag in your local docker registry. +| If you want to build the checked out version run ``docker compose build artemis-app`` before starting Artemis. +| If you want a specific version from the GitHub container registry change the ``image:`` value to the desired image + for the ``artemis-app`` service and run ``docker compose pull artemis-app``. + +Debugging with Docker +^^^^^^^^^^^^^^^^^^^^^ + +See the `Debugging with Docker <#docker-debugging>`__ section for detailed information. +In all development *docker compose* setups like ``artemis-dev-mysql.yml`` Java Remote Debugging is enabled by default. + +Service, Container and Volume names +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Service names for the usage within *docker compose* are kept short, like ``mysql``, to make it easier +to use them in a CLI. + +Container and volume names are prepended with ``artemis-`` in order to not interfere with other container or volume +names on your system. Get a shell into the containers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. tip:: + To keep the documentation short, we will use the standard form of ``docker compose COMMAND`` from this point on. + You can use the following commands also with the ``-f docker/.yml`` argument pointing + to a specific setup. + - app container: - ``docker exec -it $(docker-compose ps -q artemis-app) sh`` + ``docker compose exec artemis-app bash`` or if the container is not yet running: + ``docker compose run --rm artemis-app bash`` - mysql container: - ``docker exec -it $(docker-compose ps -q artemis-mysql) mysql`` + ``docker compose exec mysql bash`` or directly into mysql ``docker compose exec mysql mysql`` + +Analog for other services. Other useful commands ^^^^^^^^^^^^^^^^^^^^^ -- Stop the server: ``docker-compose stop artemis-server`` (restart via - ``docker-compose start artemis-server``) -- Stop the client: ``docker-compose stop artemis-client`` (restart via - ``docker-compose start artemis-client``) +- Start a setup in the background: ``docker compose up -d`` +- Stop and remove containers of a setup: ``docker compose down`` +- Stop, remove containers and volumes: ``docker compose down -v`` +- Remove artemis related volumes/state: ``docker volume rm artemis-data artemis-mysql-data`` + + This is helpful in setups where you just want to delete the state of artemis + but not of Jenkins and GitLab for instance. +- Stop a service: ``docker compose stop `` (restart via + ``docker compose start ``) +- Restart a service: ``docker compose restart `` +- Remove all local Docker containers: ``docker container rm $(docker ps -a -q)`` +- Remove all local Artemis Docker images: ``docker rmi $(docker images -q ghcr.io/ls1intum/artemis)`` ------------------------------------------------------------------------------------------------------------------------ diff --git a/docs/dev/setup/artemis-docker-file-structure.drawio.png b/docs/dev/setup/artemis-docker-file-structure.drawio.png new file mode 100644 index 000000000000..b044c28fb014 Binary files /dev/null and b/docs/dev/setup/artemis-docker-file-structure.drawio.png differ diff --git a/docs/dev/setup/bamboo-bitbucket-jira.rst b/docs/dev/setup/bamboo-bitbucket-jira.rst index f73a3336ff20..2b429cc85978 100644 --- a/docs/dev/setup/bamboo-bitbucket-jira.rst +++ b/docs/dev/setup/bamboo-bitbucket-jira.rst @@ -1,3 +1,5 @@ +.. _Bamboo Bitbucket and Jira Setup: + Bamboo, Bitbucket and Jira Setup -------------------------------- @@ -32,15 +34,15 @@ setup is present. Docker-Compose ^^^^^^^^^^^^^^ -Before you start the docker-compose, check if the bamboo version in the +Before you start the *docker compose*, check if the bamboo version in the ``build.gradle`` (search for ``com.atlassian.bamboo:bamboo-specs``) is equal to the bamboo version number in the docker compose in -``src/main/docker/atlassian.yml`` +``docker/atlassian.yml`` If the version number is not equal, adjust the version number. -Further details about the docker-compose setup can be found in ``src/main/docker`` +Further details about the *docker compose* setup can be found in ``docker`` -Execute the docker-compose file e.g. with -``docker-compose -f src/main/docker/atlassian.yml up -d``. +Execute the *docker compose* file e.g. with +``docker compose -f docker/atlassian.yml up -d``. Error Handling: It can happen that there is an overload with other docker networks @@ -51,7 +53,7 @@ Make sure that docker has enough memory (~ 6GB). To adapt it, go to ``Settings In case you want to enable Swift or C programming exercises, refer to the readme in -``src/main/docker`` +``docker`` Configure Bamboo, Bitbucket and Jira @@ -71,13 +73,12 @@ under ``localhost:7990``. #. Provide the just created license key during the setup and create an admin user with the same credentials in all 3 applications. - For the Bamboo database you can choose H2. - Also, you can select the evaluation/internal/test/dev setups if you are asked. - - Put the admin username and password into ``application-local.yml`` at ``artemis.version-control.user`` - and ``artemis.continuous-integration.user``. + - Bamboo: - Follow the additional steps for Jira and Bitbucket: + - Choose the H2 database + - Select the evaluation/internal/test/dev setups if you are asked + - Put the admin username and password into ``application-local.yml`` at ``artemis.version-control.user`` + and ``artemis.continuous-integration.user``. - Jira: @@ -105,8 +106,8 @@ under ``localhost:7990``. Execute the shell script ``atlassian-setup.sh`` in the - ``src/main/docker/atlassian`` directory (e.g. with - ``src/main/docker/./atlassian-setup.sh``). This script creates + ``docker/atlassian`` directory (e.g. with + ``./docker/atlassian/atlassian-setup.sh``). This script creates groups, users and assigns the user to their respective group. In addition, it configures disabled application links between the 3 applications. @@ -133,32 +134,32 @@ under ``localhost:7990``. - **Jira:** * - .. figure:: setup/bamboo-bitbucket-jira/bamboo_bitbucket_applicationLink.png :align: center - :target: ../_images/bamboo_bitbucket_applicationLink.png + :target: ../../_images/bamboo_bitbucket_applicationLink.png Bamboo → Bitbucket - .. figure:: setup/bamboo-bitbucket-jira/bitbucket_bamboo_applicationLink.png :align: center - :target: ../_images/bitbucket_bamboo_applicationLink.png + :target: ../../_images/bitbucket_bamboo_applicationLink.png Bitbucket → Bamboo - .. figure:: setup/bamboo-bitbucket-jira/jira_bamboo_applicationLink.png :align: center - :target: ../_images/jira_bamboo_applicationLink.png + :target: ../../_images/jira_bamboo_applicationLink.png Jira → Bamboo * - .. figure:: setup/bamboo-bitbucket-jira/bamboo_jira_applicationLink.png :align: center - :target: ../_images/bamboo_jira_applicationLink.png + :target: ../../_images/bamboo_jira_applicationLink.png Bamboo → Jira - .. figure:: setup/bamboo-bitbucket-jira/bitbucket_jira_applicationLink.png :align: center - :target: ../_images/bitbucket_jira_applicationLink.png + :target: ../../_images/bitbucket_jira_applicationLink.png Bitbucket → Jira - .. figure:: setup/bamboo-bitbucket-jira/jira_bitbucket_applicationLink.png :align: center - :target: ../_images/jira_bitbucket_applicationLink.png + :target: ../../_images/jira_bitbucket_applicationLink.png Jira → Bitbucket @@ -218,23 +219,21 @@ under ``localhost:7990``. and add it to bamboo. Go to Bamboo → Manage apps → Upload app → select the downloaded .jar file → Upload -#. Add Maven and JDK: - - - Go to Bamboo → Server capabilities → Add capabilities menu → - Capability type ``Executable`` → select type ``Maven 3.x`` → insert - ``Maven 3`` as executable label → insert ``/artemis`` as path. +#. Authorize the Bamboo agent. Bamboo Administration → Agents → Remote agents → Agent authentication - - Add capabilities menu → Capability type ``JDK`` → insert ``JDK17`` - as JDK label → insert ``/usr/lib/jvm/java-17-oracle`` as Java home. + Approve the agent and edit the IP address in a development setup to ``*.*.*.*`` as the Docker container doesn't + have a static IP address. -#. Create a Bamboo agent. Configure → Agents → Add local agent + .. figure:: setup/bamboo-bitbucket-jira/bamboo_agent_configuration.png + :target: ../../_images/bamboo_agent_configuration.png + :align: center #. Generate a personal access token While username and password can still be used as a fallback, this option is already marked as deprecated and will be removed in the future. - #. Personal access token for Bamboo. + #. Personal access token for Bamboo: - Log in as the admin user and go to Bamboo → Profile (top right corner) → Personal access tokens → Create token @@ -252,7 +251,7 @@ under ``localhost:7990``. password: token: #insert the token here - #. Personal access token for Bitbucket + #. Personal access token for Bitbucket: - Log in as the admin user and go to Bitbucket → Your profile image (top right corner) → Manage account → HTTP access tokens → Create token diff --git a/docs/dev/setup/bamboo-bitbucket-jira/bamboo_agent_configuration.png b/docs/dev/setup/bamboo-bitbucket-jira/bamboo_agent_configuration.png new file mode 100644 index 000000000000..69930970bc4b Binary files /dev/null and b/docs/dev/setup/bamboo-bitbucket-jira/bamboo_agent_configuration.png differ diff --git a/docs/dev/setup/gitlabci-gitlab.rst b/docs/dev/setup/gitlabci-gitlab.rst index 606cdea3cf9f..bf311b33d047 100644 --- a/docs/dev/setup/gitlabci-gitlab.rst +++ b/docs/dev/setup/gitlabci-gitlab.rst @@ -38,12 +38,12 @@ GitLab 2. Configure GitLab .. code:: bash - cp src/main/docker/env.example.gitlab-gitlabci.txt src/main/docker/.env + cp docker/env.example.gitlab-gitlabci.txt docker/.env 3. Start GitLab and the GitLab Runner .. code:: bash - docker-compose -f src/main/docker/gitlab-gitlabci.yml --env-file src/main/docker/.env up --build -d + docker-compose -f docker/gitlab-gitlabci.yml --env-file docker/.env up --build -d 4. Get your GitLab root password .. code:: bash diff --git a/docs/dev/setup/jenkins-gitlab.rst b/docs/dev/setup/jenkins-gitlab.rst index 643a54dd4068..5edffbf779c8 100644 --- a/docs/dev/setup/jenkins-gitlab.rst +++ b/docs/dev/setup/jenkins-gitlab.rst @@ -57,13 +57,13 @@ the `Gitlab Server Quickstart <#gitlab-server-quickstart>`__ guide. user: root password: artemis_admin # created in Gitlab Server Quickstart step 2 token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 - ci-token: jenkins-secret-token # generated in Jenkins Server Quickstart step 8 + ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 continuous-integration: user: artemis_admin password: artemis_admin url: http://localhost:8082 empty-commit-necessary: true - secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # generated in Automated Jenkins Server step 3 + secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 vcs-credentials: artemis_gitlab_admin_credentials artemis-authentication-token-key: artemis_notification_plugin_token artemis-authentication-token-value: artemis_admin @@ -146,13 +146,13 @@ the random password in step 2) and generate random access tokens (instead of the Set the variable ``GENERATE_ACCESS_TOKENS`` to ``true`` in the ``gitlab-local-setup.sh`` script and use the generated tokens instead of the predefined ones. -1. Start the GitLab container defined in `src/main/docker/gitlab-jenkins-mysql.yml` by running +1. Start the GitLab container defined in `docker/gitlab-jenkins-mysql.yml` by running :: - GITLAB_ROOT_PASSWORD=artemis_admin docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d gitlab + GITLAB_ROOT_PASSWORD=artemis_admin docker compose -f docker/.yml up --build -d gitlab - If you want to generate a random password for the ``root`` user, remove the part before ``docker-compose`` from + If you want to generate a random password for the ``root`` user, remove the part before ``docker compose`` from the command. The file uses the ``GITLAB_OMNIBUS_CONFIG`` environment variable to configure the Gitlab instance after the container @@ -169,7 +169,7 @@ tokens instead of the predefined ones. .. code:: bash - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab cat /etc/gitlab/initial_root_password + docker compose -f docker/.yml exec gitlab cat /etc/gitlab/initial_root_password 3. Insert the GitLab root user password in the file ``application-local.yml`` (in src/main/resources) and insert the GitLab admin account. @@ -188,19 +188,19 @@ tokens instead of the predefined ones. :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_user, :read_api, :read_repository, :write_repository, :sudo], name: 'Artemis Admin Token'); token.set_token('artemis-gitlab-token'); token.save!" + docker compose -f docker/.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_user, :read_api, :read_repository, :write_repository, :sudo], name: 'Artemis Admin Token'); token.set_token('artemis-gitlab-token'); token.save!" | You can also manually create in by navigating to ``http://localhost:8081/-/profile/personal_access_tokens`` and generate a token with all scopes. | Copy this token into the ``ADMIN_PERSONAL_ACCESS_TOKEN`` field in the - ``src/main/docker/gitlab/gitlab-local-setup.sh`` file. + ``docker/gitlab/gitlab-local-setup.sh`` file. | If you used the command to generate the token, you don't have to change the ``gitlab-local-setup.sh`` file. 5. Adjust the GitLab setup by running, this will configure GitLab's network setting to allow local requests: :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab /bin/sh -c "sh /gitlab-local-setup.sh" + docker compose -f docker/.yml exec gitlab /bin/sh -c "sh /gitlab-local-setup.sh" This script can also generate random access tokens, which should be used in a production setup. Change the variable ``$GENERATE_ACCESS_TOKENS`` to ``true`` to generate the random tokens and insert them into the Artemis @@ -469,16 +469,16 @@ do either do it manually or using the following command: :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_repository], name: 'Jenkins'); token.set_token('jenkins-gitlab-token'); token.save!" + docker compose -f docker/.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_repository], name: 'Jenkins'); token.set_token('jenkins-gitlab-token'); token.save!" -2. You can now deploy Jenkins. A ``src/main/docker/gitlab-jenkins-mysql.yml`` file is provided which deploys the - Jenkins, GitLab, and Mysql containers bound to static ip addresses. You can deploy them by running: +2. You can now first build and deploy Jenkins, then you can also start the other services which weren't started yet: :: - JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d + JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f docker/.yml up --build -d jenkins + docker compose -f docker/.yml up -d Jenkins is then reachable under ``http://localhost:8082/`` and you can login using the credentials specified in ``jenkins-casc-config.yml`` (defaults to ``artemis_admin`` as both username and password). @@ -503,20 +503,20 @@ do either do it manually or using the following command: use-external: false internal-admin: username: artemis_admin - password: artemis-admin + password: artemis_admin version-control: url: http://localhost:8081 user: artemis_admin password: artemis_admin - ci-token: # generated in step 9 + ci-token: # pre-generated or replaced in Automated Jenkins Server step 3 continuous-integration: - url: http://localhost:8082 user: artemis_admin password: artemis_admin + url: http://localhost:8082 + secret-push-token: # pre-generated or replaced in Automated Jenkins Server step 3 vcs-credentials: artemis_gitlab_admin_credentials artemis-authentication-token-key: artemis_notification_plugin_token artemis-authentication-token-value: artemis_admin - secret-push-token: # generated in step 3 5. Open the ``src/main/resources/config/application-jenkins.yml`` and change the following: Again, if you are using a development setup, the template in the beginning of this page already contains the @@ -553,9 +553,7 @@ Manual Jenkins Server Setup To perform all these steps automatically, you can prepare a Docker image: - Create a Dockerfile with the content found `here ` - or `here ` in case you want to additionally - install Swift/SwiftLint. + Create a Dockerfile with the content found `here `. Copy it in a file named ``Dockerfile``, e.g. in the folder ``/opt/jenkins/`` using ``vim Dockerfile``. @@ -703,7 +701,7 @@ Required Jenkins Plugins `Plugin Installation Manager Tool for Jenkins `__ to automatically install the plugins listed below. If you used the Dockerfile, you can skip these steps and `Server Notification Plugin <#server-notification-plugin>`__. -The list of plugins is maintained in ``src/main/docker/jenkins/plugins.yml``. +The list of plugins is maintained in ``docker/jenkins/plugins.yml``. You will need to install the following plugins (apart from the @@ -940,7 +938,7 @@ the following steps: 12. In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden. This is done be executing the following command: - ``docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < src/main/docker/jenkins/jenkins-disable-csrf.groovy`` + ``docker compose -f docker/.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < docker/jenkins/jenkins-disable-csrf.groovy`` The last step is to disable the ``use-crumb`` option in ``application-local.yml``: @@ -964,11 +962,11 @@ and the corresponding Docker image can be found on For example, if you want to upgrade Jenkins to version ``2.289.2``, you will need to use the ``jenkins/jenkins:2.289.2-lts`` image. -2. If you're using docker-compose, you can simply use the following command and skip the next steps. +2. If you're using ``docker compose``, you can simply use the following command and skip the next steps. :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d + docker compose -f docker/.yml up --build -d 3. Build the new Docker image: @@ -1353,62 +1351,3 @@ If you haven’t done so, generate the DH param file: ssl_stapling_verify on; resolver valid=300s; resolver_timeout 5s; - -Deployment Artemis / GitLab / Jenkins using Docker on Local machine -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Execute the following steps in addition to the ones described above: - -Preparation -""""""""""" - -1. Create a Docker network named “artemis” with - ``docker network create artemis``. - -.. _gitlab-1: - -GitLab -"""""" - -1. Add the GitLab container to the created network with - ``docker network connect artemis gitlab``. -2. Get the URL of the GitLab container with the first IP returned by - ``docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' gitlab``. -3. Use this IP in the ``application-artemis.yml`` file at - ``artemis.version-control.url``. - -.. _jenkins-2: - -Jenkins -""""""" - -1. Add the Jenkins container to the created network with - ``docker network connect artemis jenkins``. -2. Get the URL of the GitLab container with the first IP returned by - ``docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' jenkins``. -3. Use this IP in the ``application-artemis.yml`` file at - ``artemis.continuous-integration.url``. - -.. _artemis-1: - -Artemis -""""""" - -1. In ``docker-compose.yml``: - - 1. Make sure to use unique ports, e.g. 8080 for Artemis, 8081 for GitLab and 8082 for Jenkins. - 2. Change the ``SPRING_PROFILES_ACTIVE`` environment variable to ``dev,jenkins,gitlab,artemis,scheduling``. - -2. In ``src/main/resources/config/application-dev.yml`` at ``server:`` use ``port: 8080`` for Artemis. - -3. Run ``docker-compose up``. - -4. After the container has been deployed run - ``docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' artemis_artemis-server`` - and copy the first resulting IP. - -5. In ``src/main/resources/config/application-dev.yml`` at ``server:`` - at ``url:`` paste the copied IP with the port number, e.g. ``url: http://172.33.0.1:8080``. - -6. Stop the Artemis docker container with Control-C and re-run - ``docker-compose up``. diff --git a/docs/dev/setup/kubernetes.rst b/docs/dev/setup/kubernetes.rst index decccf57ed3e..08acd693e1ba 100644 --- a/docs/dev/setup/kubernetes.rst +++ b/docs/dev/setup/kubernetes.rst @@ -318,7 +318,7 @@ Run Docker build and prepare the Artemis image to be pushed in DockerHub using t :: - docker build -t /artemis -f src/main/docker/Dockerfile . + docker build -t /artemis -f docker/artemis/Dockerfile . This will create the Docker image by copying the war file which was generated by the previous command. diff --git a/src/main/docker/.dockerignore b/src/main/docker/.dockerignore deleted file mode 100644 index b03bdc71eeee..000000000000 --- a/src/main/docker/.dockerignore +++ /dev/null @@ -1,14 +0,0 @@ -# https://docs.docker.com/engine/reference/builder/#dockerignore-file -classes/ -generated-sources/ -generated-test-sources/ -h2db/ -maven-archiver/ -maven-status/ -reports/ -surefire-reports/ -test-classes/ -test-results/ -www/ -!*.jar -!*.war diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile deleted file mode 100644 index 79fc18fa15a5..000000000000 --- a/src/main/docker/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -FROM docker.io/library/eclipse-temurin:17-jdk - -ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ - JHIPSTER_SLEEP=0 \ - JAVA_OPTS="" - -# Specify profiles for Spring Boot -ENV spring.profiles.active "" - -RUN echo "Installing needed dependencies" \ - && apt-get update && apt-get install -y --no-install-recommends locales graphviz wget \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# See https://github.com/ls1intum/Artemis/issues/4439 -RUN echo "Fixing locales" \ - && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ - && locale-gen - -ENV LC_ALL en_US.UTF-8 -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US.UTF-8 - -ARG GOSU_VERSION=1.12 - -RUN echo "Installing gosu (needed for bootstrap.sh)" \ - && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true - -# Copy default configuration to container -WORKDIR /defaults/artemis -COPY src/main/resources/config/application*.yml ./ - -# Copy Artemis.war to execution location -WORKDIR /opt/artemis -ARG WAR_PATH=build/libs -COPY $WAR_PATH/*.war Artemis.war - -COPY bootstrap.sh /bootstrap.sh - -RUN chmod +x /bootstrap.sh \ - && useradd -ms /bin/bash artemis - -# Create directories for volumes -RUN mkdir -p /opt/artemis/config /opt/artemis/data /opt/artemis/public/content - -VOLUME ["/opt/artemis/config"] -VOLUME ["/opt/artemis/data"] -VOLUME ["/opt/artemis/public/content"] - -EXPOSE 8080 - -ENTRYPOINT ["/bin/bash", "/bootstrap.sh"] diff --git a/src/main/docker/README.md b/src/main/docker/README.md deleted file mode 100644 index 4b019a116d77..000000000000 --- a/src/main/docker/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Docker Configurations - - -## Atlassian Setup - -You can start a local Atlassian stack (Jira, Bitbucket, Bamboo) using the `atlassian.yml` docker-compose file. We build the docker images in [this repository](https://github.com/ls1intum/Artemis-Local-Setup-Docker) - -Start vanilla atlassian stack: -``` -docker-compose -f atlassian.yml up -d -``` - - -Start atlassian stack which can execute `C` builds: - -``` -docker-compose -f atlassian.yml -f atlassian.c.override.yml up -d -``` - -Start atlassian stack which can execute `swift` builds: -``` -docker-compose -f atlassian.yml -f atlassian.swift.override.yml up -d -``` diff --git a/src/main/docker/activemq.yml b/src/main/docker/activemq.yml deleted file mode 100644 index 4b088cb7cd81..000000000000 --- a/src/main/docker/activemq.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: '2' -services: - activemq-broker: - image: vromero/activemq-artemis:latest - environment: - - ARTEMIS_USERNAME=guest - - ARTEMIS_PASSWORD=guest - ports: - - 61613:61613 diff --git a/src/main/docker/app.yml b/src/main/docker/app.yml deleted file mode 100644 index 426f2b23c52b..000000000000 --- a/src/main/docker/app.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: '2.4' -services: - artemis-app: - image: artemis - environment: - - _JAVA_OPTIONS=-Xmx512m -Xms256m - - SPRING_PROFILES_ACTIVE=prod,openapi - - MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true - - SPRING_DATASOURCE_URL=jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - - EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://admin:$${jhipster.registry.password}@jhipster-registry:8761/eureka - - SPRING_CLOUD_CONFIG_URI=http://admin:$${jhipster.registry.password}@jhipster-registry:8761/config - - JHIPSTER_SLEEP=30 # gives time for other services to boot before the application - ports: - - 8080:8080 - networks: - - artemis - depends_on: - - artemis-mysql - artemis-mysql: - extends: - file: mysql.yml - service: artemis-mysql - -networks: - artemis: - driver: "bridge" diff --git a/src/main/docker/atlassian.c.override.yml b/src/main/docker/atlassian.c.override.yml deleted file mode 100644 index 57baacb6685a..000000000000 --- a/src/main/docker/atlassian.c.override.yml +++ /dev/null @@ -1,4 +0,0 @@ -version: "2" -services: - bamboo: - image: ghcr.io/ls1intum/artemis-bamboo:9.2.1-c diff --git a/src/main/docker/atlassian.swift.override.yml b/src/main/docker/atlassian.swift.override.yml deleted file mode 100644 index f8556d872607..000000000000 --- a/src/main/docker/atlassian.swift.override.yml +++ /dev/null @@ -1,4 +0,0 @@ -version: "2" -services: - bamboo: - image: ghcr.io/ls1intum/artemis-bamboo:9.2.1-swift diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml deleted file mode 100644 index 2a53fff6326f..000000000000 --- a/src/main/docker/atlassian.yml +++ /dev/null @@ -1,52 +0,0 @@ -version: "2" -services: - jira: - container_name: artemis_jira - image: ghcr.io/ls1intum/artemis-jira:9.4.3 - volumes: - - artemis-jira:/var/atlassian/application-data/jira - ports: - - "8081:8080" - hostname: jira - networks: - artemis: - ipv4_address: 172.20.0.2 - bitbucket: - container_name: artemis_bitbucket - image: ghcr.io/ls1intum/artemis-bitbucket:8.8.2 - volumes: - - artemis-bitbucket:/var/atlassian/application-data/bitbucket - environment: - - SPRING_APPLICATION_JSON={"plugin":{"ssh":{"baseurl":"ssh://bitbucket:7999"}}} - ports: - - "7990:7990" - - "7999:7999" - hostname: bitbucket - networks: - artemis: - ipv4_address: 172.20.0.3 - bamboo: - container_name: artemis_bamboo - image: ghcr.io/ls1intum/artemis-bamboo:9.2.1 - volumes: - - artemis-bamboo:/var/atlassian/application-data/bamboo - ports: - - "54663:54663" - - "8085:8085" - hostname: bamboo - networks: - artemis: - ipv4_address: 172.20.0.4 - -networks: - artemis: - driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.20.0.0/24 - -volumes: - artemis-jira: - artemis-bitbucket: - artemis-bamboo: diff --git a/src/main/docker/cypress/application.yml b/src/main/docker/cypress/application.yml deleted file mode 100644 index cd6da36d8df8..000000000000 --- a/src/main/docker/cypress/application.yml +++ /dev/null @@ -1,77 +0,0 @@ -spring: - datasource: - type: com.zaxxer.hikari.HikariDataSource - url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&allowPublicKeyRetrieval=true&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - username: Artemis - password: eeNg6Ahcooasdfthafie - hikari: - poolName: Hikari - auto-commit: false - maximumPoolSize: 100 - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 250 - prepStmtCacheSqlLimit: 2048 - useServerPrepStmts: true - jpa: - hibernate: - connection: - charSet: utf8mb4 - characterEncoding: utf8mb4 - useUnicode: true - prometheus: - monitoringIp: "131.159.89.160" - mail: - host: localhost - port: 25 - username: - password: - thymeleaf: - cache: true - -server: - port: 8080 - url: http://localhost - -artemis: - course-archives-path: ./data/course-archives - repo-clone-path: ./data/repos - repo-download-clone-path: ./data/repos-download - file-upload-path: ./data/uploads - submission-export-path: ./data/exports - bcrypt-salt-rounds: 4 # We don't need secure passwords for testing. Lower rounds will speed up tests. 4 ist the lowest - user-management: - use-external: true - external: - admin-group-name: artemis-dev - login: - account-name: TUM - continuous-integration: - vcs-application-link-name: Bitbucket Prelive - empty-commit-necessary: true - apollon: - conversion-service-url: https://apollon.ase.in.tum.de/api/converter - -jhipster: - security: - authentication: - jwt: - token-validity-in-seconds: 259200 # Token is valid 3 days - token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days - -# Properties to be exposed on the /info management endpoint -info: - imprint: https://ase.in.tum.de/lehrstuhl_1/component/content/article/179-imprint - test-server: true - text-assessment-analytics-enabled: true - student-exam-store-session-data: true - -logging: - file: - name: '/opt/artemis/data/artemis.log' - -management: - metrics: - export: - prometheus: - enabled: true diff --git a/src/main/docker/cypress/bootstrap-coverage.sh b/src/main/docker/cypress/bootstrap-coverage.sh deleted file mode 100644 index 1ac5ac72e823..000000000000 --- a/src/main/docker/cypress/bootstrap-coverage.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# Entrypoint file for Docker Images of Artemis. The deployment of the application is set to /opt/artemis - -cd /opt/artemis || exit 1 - -if [ -z "$(ls -A config)" ]; then - echo "Config is Empty .. copying default ones .." - cp -n -a /defaults/artemis/. config/ -else - echo "Config is not empty .. not copying default configs .." -fi - -# Ensure at least the directories are owned by artemis. "-R" takes too long -chown artemis:artemis config data - -wget "https://search.maven.org/remotecontent?filepath=org/jacoco/jacoco/0.8.8/jacoco-0.8.8.zip" -O temp.zip -unzip temp.zip "lib/jacocoagent.jar" -d . -mv lib/jacocoagent.jar . -rm -rf lib temp.zip - -echo "Starting application..." -exec gosu artemis java \ - -Djdk.tls.ephemeralDHKeySize=2048 \ - -DLC_CTYPE=UTF-8 \ - -Dfile.encoding=UTF-8 \ - -Dsun.jnu.encoding=UTF-8 \ - -Djava.security.egd=file:/dev/./urandom \ - -Xmx2048m \ - --add-modules java.se \ - --add-exports java.base/jdk.internal.ref=ALL-UNNAMED \ - --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED \ - --add-opens java.base/java.lang=ALL-UNNAMED \ - --add-opens java.base/java.nio=ALL-UNNAMED \ - --add-opens java.base/sun.nio.ch=ALL-UNNAMED \ - --add-opens java.management/sun.management=ALL-UNNAMED \ - --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED \ - -javaagent:jacocoagent.jar=output=tcpserver,address=* \ - -jar Artemis.war diff --git a/src/main/docker/cypress/coverage.Dockerfile b/src/main/docker/cypress/coverage.Dockerfile deleted file mode 100644 index d097b338ed49..000000000000 --- a/src/main/docker/cypress/coverage.Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM artemis:coverage-latest - -RUN echo "Installing needed dependencies" \ - && apt-get update && apt-get install -y --no-install-recommends unzip \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -COPY src/main/docker/cypress/bootstrap-coverage.sh /bootstrap.sh - -RUN chmod +x /bootstrap.sh diff --git a/src/main/docker/cypress/cypress-E2E-tests.yml b/src/main/docker/cypress/cypress-E2E-tests.yml deleted file mode 100644 index e81ed8dfe071..000000000000 --- a/src/main/docker/cypress/cypress-E2E-tests.yml +++ /dev/null @@ -1,127 +0,0 @@ -#TODO: ask for newer docker-compose version on bamboo agents -version: '2.4' - -services: - artemis-mysql: - extends: - file: ../mysql.yml - service: artemis-mysql - healthcheck: - test: mysqladmin ping -h localhost - interval: 5s - timeout: 3s - retries: 30 - start_period: 30s - - artemis-app: - build: - # This is required to copy the Artemis war file properly into the container - context: ../../../.. - dockerfile: src/main/docker/Dockerfile - restart: "unless-stopped" - volumes: - - ../../resources/config/application-prod.yml:/opt/artemis/config/application-prod.yml:ro - - ./application.yml:/opt/artemis/config/application.yml:ro - environment: - _JAVA_OPTIONS: "-Xmx5120m -Xms2560m" - JHIPSTER_SLEEP: "30" # gives time for other services to boot before the application - spring.profiles.active: "prod,bamboo,bitbucket,jira,artemis" - spring.datasource.url: "jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC" - spring.datasource.username: "root" - spring.datasource.password: "" - artemis.user-management.internal-admin.username: "${bamboo_artemis_admin_username}" - artemis.user-management.internal-admin.password: "${bamboo_artemis_admin_password}" - artemis.user-management.external.url: "https://jira-prelive.ase.in.tum.de" - artemis.user-management.external.user: "${bamboo_jira_prelive_admin_user}" - artemis.user-management.external.password: "${bamboo_jira_prelive_admin_password}" - artemis.version-control.url: "https://bitbucket-prelive.ase.in.tum.de" - artemis.version-control.user: "${bamboo_jira_prelive_admin_user}" - artemis.version-control.password: "${bamboo_jira_prelive_admin_password}" - artemis.continuous-integration.url: "https://bamboo-prelive.ase.in.tum.de" - artemis.continuous-integration.user: "${bamboo_jira_prelive_admin_user}" - artemis.continuous-integration.password: "${bamboo_jira_prelive_admin_password}" - artemis.continuous-integration.token: "${bamboo_ARTEMIS_CONTINUOUS_INTEGRATION_TOKEN_SECRET}" - artemis.continuous-integration.artemis-authentication-token-value: "${bamboo_ARTEMIS_CONTINUOUS_INTEGRATION_ARTEMIS_AUTHENTICATION_TOKEN_VALUE_SECRET}" - # for bamboo and bitbucket notifications on /api/programming-exercises/new-result it seems like port - # 54321 is internally open for the bamboo agents - # also can't use SSL for this as the hostnames are not integrated in the self-signed certificate - server.url: "http://${HOST_HOSTNAME}:54321" - ports: - - 8080:8080 - networks: - - artemis - healthcheck: - test: wget -nv -t1 --spider http://localhost:8080/actuator/health || exit 1 - start_period: 300s - interval: 1s - depends_on: - artemis-mysql: - condition: service_healthy - - artemis-nginx: - # nginx setup based on artemis prod ansible repository - # TODO: merge KIT settings for the proxy - # TODO: Adjust worker_rlimit_nofile in nginx.conf (from ansible task) - # TODO: Adjust worker_connections in nginx.conf (from ansible task) - # TODO: Adjust worker_connections in nginx.conf (from ansible task) - # TODO: Ensure file-max limit in sysctl.conf (from ansible task) - # TODO: Copy security-limits nginx.conf (from ansible task) - # TODO: Copy systemd-limits nginx.conf (from ansible task) - image: nginx:latest - restart: "unless-stopped" - volumes: - - ./nginx-files/timeouts.conf:/etc/nginx/conf.d/timeouts.conf:ro - - ./nginx-files/artemis-nginx.conf:/etc/nginx/conf.d/artemis-nginx.conf:ro - - ./nginx-files/artemis-server.conf:/etc/nginx/includes/artemis-server.conf:ro - - ./nginx-files/dhparam.pem:/etc/nginx/dhparam.pem:ro - - ./nginx-files/nginx_502.html:/usr/share/nginx/html/502.html:ro - - ./nginx-files/70-artemis-setup.sh:/docker-entrypoint.d/70-artemis-setup.sh - - ../../../test/cypress/certs/artemis-nginx+4.pem:/certs/fullchain.pem:ro - - ../../../test/cypress/certs/artemis-nginx+4-key.pem:/certs/priv_key.pem:ro - #- ./pki:/etc/pki/nginx:ro - #- ./defaults/templates:/etc/nginx/templates:ro - #- ./defaults/nginx.conf:/etc/nginx/nginx.conf:ro - #- ./defaults/proxy.conf:/etc/nginx/proxy.conf:ro - #- ./defaults/ssl.conf:/etc/nginx/ssl.conf:ro - #- ./defaults/dhparam.pem:/etc/nginx/dhparam.pem:ro - ports: - - 80:80 - - 443:443 - # see comments above in artemis-app why this port is needed - - 54321:54321 - depends_on: - artemis-app: - condition: service_started - healthcheck: - test: service nginx status || exit 1 - start_period: 30s - networks: - - artemis - - artemis-cypress: - # Cypress image with node and chrome browser installed (Cypress installation needs to be done separately because we require additional dependencies) - image: cypress/browsers:node18.12.0-chrome107 - depends_on: - artemis-app: - condition: service_healthy - environment: - CYPRESS_baseUrl: "https://artemis-nginx" - CYPRESS_video: "${bamboo_cypress_video_enabled}" - CYPRESS_adminUsername: "${bamboo_artemis_admin_username}" - CYPRESS_adminPassword: "${bamboo_artemis_admin_password}" - CYPRESS_username: "${bamboo_cypress_username_template}" - CYPRESS_password: "${bamboo_cypress_password_template}" - CYPRESS_allowGroupCustomization: "true" - CYPRESS_studentGroupName: "artemis-e2etest-students" - CYPRESS_tutorGroupName: "artemis-e2etest-tutors" - CYPRESS_editorGroupName: "artemis-e2etest-editors" - CYPRESS_instructorGroupName: "artemis-e2etest-instructors" - command: sh -c "cd /app/artemis/src/test/cypress && chmod 777 /root && npm ci && npm run cypress:run -- --config retries=2" - volumes: - - ../../../../:/app/artemis - networks: - - artemis - -networks: - artemis: - driver: "bridge" diff --git a/src/main/docker/docker-compose.yml b/src/main/docker/docker-compose.yml deleted file mode 100644 index 91f7fef70149..000000000000 --- a/src/main/docker/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: '2.4' -services: - artemis-app: - platform: linux/x86_64 - image: ghcr.io/ls1intum/artemis - build: - context: ../../.. - dockerfile: src/main/docker/Dockerfile - volumes: - - ../resources/config/application-dev.yml:/opt/artemis/application-dev.yml:ro - - ../resources/config/application-artemis.yml:/opt/artemis/application-artemis.yml:ro - environment: - _JAVA_OPTIONS: -Xmx5120m -Xms2560m - SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling,athene,local - SPRING_DATASOURCE_URL: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - SPRING_DATASOURCE_USERNAME: root - SPRING_DATASOURCE_PASSWORD: - JHIPSTER_SLEEP: 30 # gives time for other services to boot before the application - ports: - - 8080:8080 - networks: - - artemis - depends_on: - - artemis-mysql - artemis-mysql: - extends: - file: mysql.yml - service: artemis-mysql - -networks: - artemis: - driver: "bridge" diff --git a/src/main/docker/gitlab-gitlabci.yml b/src/main/docker/gitlab-gitlabci.yml deleted file mode 100644 index 5e7696d242ef..000000000000 --- a/src/main/docker/gitlab-gitlabci.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: "3.6" -services: - gitlab: - build: gitlab - container_name: gitlab - platform: linux/amd64 - volumes: - - artemis-gitlab-data:/var/opt/gitlab - - artemis-gitlab-logs:/var/log/gitlab - - artemis-gitlab-config:/etc/gitlab - environment: - GITLAB_OMNIBUS_CONFIG: | - external_url "${GIT_SERVER_NAME}" - prometheus_monitoring['enable'] = false - gitlab_rails['gitlab_shell_ssh_port'] = 2222 - gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'] - letsencrypt['enable'] = ${SSL_ENABLED} - letsencrypt['auto_renew_hour'] = "12" - letsencrypt['auto_renew_minute'] = "30" - letsencrypt['auto_renew_day_of_month'] = "*/7" - ports: - - '2222:22' - - '80:80' - - '443:443' - shm_size: '256m' - networks: - gitlab: - ipv4_address: 172.20.0.2 - gitlab-runner: - image: gitlab/gitlab-runner:latest - container_name: gitlab-runner - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /usr/local/bin/docker:/usr/bin/docker - - artemis-gitlabci-runner-config:/etc/gitlab-runner - hostname: 'gitlab-runner' - networks: - gitlab: - ipv4_address: 172.20.0.3 - -networks: - gitlab: - driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.20.0.0/24 - -volumes: - artemis-gitlab-data: - artemis-gitlab-logs: - artemis-gitlab-config: - artemis-gitlabci-runner-config: diff --git a/src/main/docker/gitlab-jenkins-mysql.yml b/src/main/docker/gitlab-jenkins-mysql.yml deleted file mode 100644 index aae1dcae0938..000000000000 --- a/src/main/docker/gitlab-jenkins-mysql.yml +++ /dev/null @@ -1,64 +0,0 @@ -version: "3" -services: - gitlab: - build: gitlab - volumes: - - artemis-gitlab-data:/var/opt/gitlab - - artemis-gitlab-logs:/var/log/gitlab - - artemis-gitlab-config:/etc/gitlab - - ./gitlab/gitlab-local-setup.sh:/gitlab-local-setup.sh - environment: - - GITLAB_OMNIBUS_CONFIG=prometheus_monitoring['enable'] = false; gitlab_rails['gitlab_shell_ssh_port'] = 2222; gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'] - - GITLAB_ROOT_PASSWORD - ports: - - "2222:22" - - "8081:80" - hostname: gitlab - networks: - artemis-gitlab: - ipv4_address: 172.33.0.2 - jenkins: - build: jenkins - user: root - volumes: - - artemis-jenkins-data:/var/jenkins_home - - ./jenkins/jenkins-disable-csrf.groovy:/var/jenkins_home/init.groovy # Disable CSRF token - - ./jenkins/master-key-only-for-testing.key:/var/jenkins_home/master.key # Preset master key to use pre-generated secrets - - ./jenkins/jenkins-casc-config.yml:/usr/share/jenkins/ref/jenkins-casc-config.yml:ro - - /var/run/docker.sock:/var/run/docker.sock - - /usr/bin/docker:/usr/bin/docker:ro - ports: - - "8082:8080" - hostname: jenkins - environment: - - CASC_JENKINS_CONFIG=/usr/share/jenkins/ref/jenkins-casc-config.yml - - JAVA_OPTS - networks: - artemis-gitlab: - ipv4_address: 172.33.0.3 - mysql: - command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp - environment: - - MYSQL_ALLOW_EMPTY_PASSWORD=yes - - MYSQL_DATABASE=Artemis - image: mysql:8.0.32 - ports: - - 3306:3306 - volumes: - - artemis-mysql-data:/var/lib/mysql - networks: - artemis-gitlab: - ipv4_address: 172.33.0.4 -networks: - artemis-gitlab: - driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.33.0.0/24 -volumes: - artemis-gitlab-data: - artemis-gitlab-logs: - artemis-gitlab-config: - artemis-jenkins-data: - artemis-mysql-data: diff --git a/src/main/docker/gitlab-jenkins.yml b/src/main/docker/gitlab-jenkins.yml deleted file mode 100644 index 367481e540fd..000000000000 --- a/src/main/docker/gitlab-jenkins.yml +++ /dev/null @@ -1,42 +0,0 @@ -version: "2" -services: - gitlab: - image: gitlab/gitlab-ce:latest - volumes: - - artemis-gitlab-data:/var/opt/gitlab - - artemis-gitlab-logs:/var/log/gitlab - - artemis-gitlab-config:/etc/gitlab - - ./gitlab/gitlab-setup.sh:/gitlab-setup.sh - ports: - - "2222:22" - - "8082:80" - mem_limit: 3000m - hostname: gitlab - networks: - artemis: - ipv4_address: 172.19.0.2 - jenkins: - build: jenkins - volumes: - - artemis-jenkins-data:/var/jenkins_home - - /var/run/docker.sock:/var/run/docker.sock - ports: - - "8083:8080" - hostname: jenkins - networks: - artemis: - ipv4_address: 172.19.0.3 - -networks: - artemis: - driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.19.0.0/24 - -volumes: - artemis-gitlab-data: - artemis-gitlab-logs: - artemis-gitlab-config: - artemis-jenkins-data: diff --git a/src/main/docker/jenkins/swift/Dockerfile b/src/main/docker/jenkins/swift/Dockerfile deleted file mode 100644 index 4df9dc7d2703..000000000000 --- a/src/main/docker/jenkins/swift/Dockerfile +++ /dev/null @@ -1,83 +0,0 @@ -FROM jenkins/jenkins:lts - -LABEL description="Jenkins with maven, python3.6, gcc and swift libraries pre-installed for Artemis" - -USER root - -RUN apt update - -# Install Java and Maven dependencies -RUN apt-get install -y maven -RUN cd /usr/lib/jvm && \ - wget https://github.com/AdoptOpenJDK/openjdk16-binaries/releases/download/jdk-16%2B36/OpenJDK16-jdk_x64_linux_hotspot_16_36.tar.gz && \ - tar -zxf OpenJDK16-jdk_x64_linux_hotspot_16_36.tar.gz \ - && mv jdk-16+36 java-16-openjdk-amd64 \ - && rm OpenJDK16-jdk_x64_linux_hotspot_16_36.tar.gz -RUN chown -R root:root /usr/lib/jvm/java-16-openjdk-amd64 -RUN JAVA_HOME="/usr/lib/jvm/java-16-openjdk-amd64" && export JAVA_HOME -ENV JAVA_HOME /usr/lib/jvm/java-16-openjdk-amd64 - -# Install C dependencies -RUN apt install -y gcc gdb make libubsan0 liblsan0 libtsan0 - -# Some packages need to be installed to avoid some known problems for python3.6, see: https://github.com/pyenv/pyenv/wiki/Common-build-problems -RUN apt install -y make build-essential libssl-dev zlib1g-dev libbz2-dev \ - libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev \ - xz-utils tk-dev libffi-dev liblzma-dev - -# Install Python3.8 -RUN wget https://www.python.org/ftp/python/3.8.6/Python-3.8.6.tgz && \ - tar xvf Python-3.8.6.tgz \ - && cd Python-3.8.6 \ - && ./configure --enable-shared \ - && make -j8 \ - && make altinstall -RUN apt install -y python3 python3-pip -RUN cd .. -RUN rm -r -f Python3.8.6/ && rm -f Python-3.8.6.tgz - -# Install pytest for python exercises -RUN pip3 install -U pytest - -# Install Swift and SwiftLint (adapted from norionomura/swift and norionomura/swiftlint) -ENV SWIFT_BRANCH swift-5.3.1-release -ENV SWIFT_PLATFORM ubuntu18.04 -ENV SWIFT_VERSION 5.3.1-RELEASE -RUN apt-get install -y --no-install-recommends \ - gnupg2 \ - libcurl4-openssl-dev \ - libxml2-dev \ - && rm -r /var/lib/apt/lists/* -# Install Swift keys -RUN curl https://swift.org/keys/all-keys.asc | gpg2 --import - -# Install Swift toolchain -# -> https://swift.org/builds/swift-5.3.1-release/ubuntu1804/swift-5.3.1-RELEASE/swift-5.3.1-RELEASE-ubuntu18.04.tar.gz -RUN SWIFT_ARCHIVE_NAME=swift-$SWIFT_VERSION-$SWIFT_PLATFORM && \ - SWIFT_URL=https://swift.org/builds/$SWIFT_BRANCH/$(echo "$SWIFT_PLATFORM" | tr -d .)/swift-$SWIFT_VERSION/$SWIFT_ARCHIVE_NAME.tar.gz && \ - curl -O $SWIFT_URL && \ - curl -O $SWIFT_URL.sig && \ - gpg2 --verify $SWIFT_ARCHIVE_NAME.tar.gz.sig && \ - tar -xvzf $SWIFT_ARCHIVE_NAME.tar.gz --directory / --strip-components=1 && \ - rm -rf $SWIFT_ARCHIVE_NAME* /tmp/* /var/tmp/* && \ - chmod -R o+r /usr/lib/swift -# Install SwiftLint -RUN git clone --branch master https://github.com/realm/SwiftLint.git && \ - cd SwiftLint && \ - swift build --configuration release -Xswiftc -static-stdlib && \ - mv $(swift build --configuration release -Xswiftc -static-stdlib --show-bin-path)/swiftlint /usr/bin && \ - cd .. && \ - rm -rf SwiftLint - -# Install third-party plugins required by Artemis -COPY ../plugins.yml /usr/share/jenkins/ref/plugins.yml -RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.yml - -# Install docker client (if you want a local build agent) -# (Uncomment this line if you want to use a local docker build agent e.g for development purposes) -#RUN curl https://download.docker.com/linux/static/stable/x86_64/docker-19.03.8.tgz | tar xvz --directory /tmp && mv -v /tmp/docker/docker /usr/local/bin/docker && chmod +x /usr/local/bin/docker && rm -rf /tmp/docker - -# Disables the first-time setup wizard of Jenkins -# (Uncomment this line if you're using jenknis-casc-config.yml for auto-configuration) -#ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false - -USER jenkins diff --git a/src/main/docker/jhipster-registry.yml b/src/main/docker/jhipster-registry.yml deleted file mode 100644 index b38977d8aa1c..000000000000 --- a/src/main/docker/jhipster-registry.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: '2' -services: - jhipster-registry: - image: jhipster/jhipster-registry:v6.1.2 - volumes: - - ./central-server-config:/central-config - # When run with the "dev" Spring profile, the JHipster Registry will - # read the config from the local filesystem (central-server-config directory) - # When run with the "prod" Spring profile, it will read the configuration from a Git repository - # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config - environment: - - _JAVA_OPTIONS=-Xmx512m -Xms256m - - SPRING_PROFILES_ACTIVE=dev,openapi - - SPRING_SECURITY_USER_PASSWORD=admin - - JHIPSTER_REGISTRY_PASSWORD=admin - - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native - - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/ - # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git - # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/ - # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config - ports: - - 8761:8761 diff --git a/src/main/docker/kafka.yml b/src/main/docker/kafka.yml deleted file mode 100644 index 6dbfa59b3ebe..000000000000 --- a/src/main/docker/kafka.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3.8' -services: - zookeeper: - image: confluentinc/cp-zookeeper:5.5.3 - environment: - ZOOKEEPER_CLIENT_PORT: 2181 - ZOOKEEPER_TICK_TIME: 2000 - kafka: - image: confluentinc/cp-kafka:5.5.3 - ports: - - 9092:9092 - environment: - KAFKA_BROKER_ID: 1 - KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT - KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT - KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 diff --git a/src/main/docker/monitoring.yml b/src/main/docker/monitoring.yml deleted file mode 100644 index a0d414f327e0..000000000000 --- a/src/main/docker/monitoring.yml +++ /dev/null @@ -1,31 +0,0 @@ -# This configuration is intended for development purpose, it's **your** responsibility to harden it for production -version: '3.8' -services: - artemis-prometheus: - image: prom/prometheus:v2.31.1 - volumes: - - ./prometheus/:/etc/prometheus/ - command: - - '--config.file=/etc/prometheus/prometheus.yml' - # If you want to expose these ports outside your dev PC, - # remove the "127.0.0.1:" prefix - ports: - - 127.0.0.1:9090:9090 - # On macOS, remove next line and replace localhost by host.docker.internal in prometheus/prometheus.yml and - # grafana/provisioning/datasources/datasource.yml - network_mode: 'host' # to test locally running service - artemis-grafana: - image: grafana/grafana:8.2.4 - volumes: - - ./grafana/provisioning/:/etc/grafana/provisioning/ - environment: - - GF_SECURITY_ADMIN_PASSWORD=admin - - GF_USERS_ALLOW_SIGN_UP=false - - GF_INSTALL_PLUGINS=grafana-piechart-panel - # If you want to expose these ports outside your dev PC, - # remove the "127.0.0.1:" prefix - ports: - - 127.0.0.1:3000:3000 - # On macOS, remove next line and replace localhost by host.docker.internal in prometheus/prometheus.yml and - # grafana/provisioning/datasources/datasource.yml - network_mode: 'host' # to test locally running service diff --git a/src/main/docker/mysql.yml b/src/main/docker/mysql.yml deleted file mode 100644 index 4a9305d976f0..000000000000 --- a/src/main/docker/mysql.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: '2.4' -services: - artemis-mysql: - image: mysql:8.0.32 - # volumes: - # - ~/volumes/jhipster/Artemis/mysql/:/var/lib/mysql/ - environment: - - MYSQL_ALLOW_EMPTY_PASSWORD=yes - - MYSQL_ROOT_PASSWORD= - - MYSQL_DATABASE=Artemis - ports: - - 3306:3306 - command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp - networks: - - artemis - -networks: - artemis: - driver: "bridge" diff --git a/src/main/java/de/tum/in/www1/artemis/service/connectors/bamboo/BambooBuildPlanService.java b/src/main/java/de/tum/in/www1/artemis/service/connectors/bamboo/BambooBuildPlanService.java index a1db8ce7b603..fc4d2c19b198 100644 --- a/src/main/java/de/tum/in/www1/artemis/service/connectors/bamboo/BambooBuildPlanService.java +++ b/src/main/java/de/tum/in/www1/artemis/service/connectors/bamboo/BambooBuildPlanService.java @@ -13,7 +13,6 @@ import org.apache.commons.io.IOUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Profile; -import org.springframework.core.env.Environment; import org.springframework.core.io.Resource; import org.springframework.stereotype.Service; @@ -58,7 +57,6 @@ import de.tum.in.www1.artemis.service.ResourceLoaderService; import de.tum.in.www1.artemis.service.connectors.ci.ContinuousIntegrationService.RepositoryCheckoutPath; import de.tum.in.www1.artemis.service.connectors.vcs.VersionControlService; -import tech.jhipster.config.JHipsterConstants; @Service @Profile("bamboo") @@ -82,15 +80,12 @@ public class BambooBuildPlanService { private final BambooServer bambooServer; - private final Environment env; - private final Optional versionControlService; - public BambooBuildPlanService(ResourceLoaderService resourceLoaderService, BambooServer bambooServer, Environment env, Optional versionControlService, + public BambooBuildPlanService(ResourceLoaderService resourceLoaderService, BambooServer bambooServer, Optional versionControlService, ProgrammingLanguageConfiguration programmingLanguageConfiguration) { this.resourceLoaderService = resourceLoaderService; this.bambooServer = bambooServer; - this.env = env; this.versionControlService = versionControlService; this.programmingLanguageConfiguration = programmingLanguageConfiguration; } @@ -167,14 +162,8 @@ private Stage createBuildStage(ProgrammingLanguage programmingLanguage, ProjectT Stage defaultStage = new Stage("Default Stage"); Job defaultJob = new Job("Default Job", new BambooKey("JOB1")).cleanWorkingDirectory(true); - /* - * We need the profiles to not run the jobs within Docker containers in the dev-setup as the Bamboo server itself runs in a Docker container when developing. - */ - Collection activeProfiles = Arrays.asList(env.getActiveProfiles()); - - // Do not run the builds in extra docker containers if the dev-profile is active // Xcode has no dockerfile, it only runs on agents (e.g. sb2-agent-0050562fddde) - if (!activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && !ProjectType.XCODE.equals(projectType)) { + if (!ProjectType.XCODE.equals(projectType)) { defaultJob.dockerConfiguration(dockerConfigurationFor(programmingLanguage, Optional.ofNullable(projectType))); } switch (programmingLanguage) { diff --git a/src/main/resources/config/application-docker.yml b/src/main/resources/config/application-docker.yml new file mode 100644 index 000000000000..e68c38737b5e --- /dev/null +++ b/src/main/resources/config/application-docker.yml @@ -0,0 +1,15 @@ +# Artemis configuration profile with the default variables for the docker setups +artemis: + course-archives-path: /opt/artemis/data/course-archives + repo-clone-path: /opt/artemis/data/repos + repo-download-clone-path: /opt/artemis/data/repos-download + file-upload-path: /opt/artemis/data/uploads + submission-export-path: /opt/artemis/data/exports + +spring: + datasource: + url: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC + +server: + # see application.yml for further comments + url: http://artemis-app:8080 diff --git a/webpack/environment.js b/webpack/environment.js index b5302843305a..d91663eaab5c 100644 --- a/webpack/environment.js +++ b/webpack/environment.js @@ -8,7 +8,7 @@ module.exports = { }; /* - * Needed for client compilations with docker-compose, where the 'APP_VERSION' property isn't injected by gradle. + * Needed for client compilations with docker compose, where the 'APP_VERSION' property isn't injected by gradle. * * Returns the inferred APP_VERSION from 'build.gradle', or 'DEV' if this couldn't be retrieved */