From d4e1c94f191cb04af89747c21bc7bd3dda424f7d Mon Sep 17 00:00:00 2001 From: Benedikt Fein Date: Sat, 22 Oct 2022 20:07:24 +0200 Subject: [PATCH 001/174] update Jenkins job permissions to updated plugin https://github.com/jenkinsci/matrix-auth-plugin/releases/tag/matrix-auth-3.0 --- .../jobs/JenkinsJobPermissionsUtils.java | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java index 41ef2fb4938b..cca0ed47ed20 100644 --- a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java +++ b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java @@ -6,6 +6,16 @@ public class JenkinsJobPermissionsUtils { + /** + * Modern versions (>= 3.0) of the Matrix Authorization Strategy Plugin in + * Jenkins use a prefix to discern between permissions affecting individual + * users or groups. + */ + private static final String USER_PERMISSIONS_PREFIX = "USER:"; + + private JenkinsJobPermissionsUtils() { + } + public static void removePermissionsFromFolder(Document jobConfig, Set permissionsToRemove, Set userLogins) throws DOMException { var folderAuthorizationMatrix = "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty"; removePermissionsFromElement(folderAuthorizationMatrix, jobConfig, permissionsToRemove, userLogins); @@ -35,7 +45,9 @@ private static void removePermissionsFromElement(String elementTagName, Document permissionsToRemove.forEach(jenkinsJobPermission -> userLogins.forEach(userLogin -> { // The permission in the xml node has the format: com.jenkins.job.permission:user-login String permission = jenkinsJobPermission.getName() + ":" + userLogin; + // old jobs might still use the permission without the prefix removePermission(authorizationMatrixElement, permission); + removePermission(authorizationMatrixElement, USER_PERMISSIONS_PREFIX + permission); })); } @@ -109,9 +121,9 @@ private static Element getOrCreateAuthorizationMatrixPropertyElement(String auth * {@code * * ...existing permissions - * hudson.model.the.jenkins.permission1:userLogin + * USER:hudson.model.the.jenkins.permission1:userLogin * ... - * hudson.model.the.jenkins.permissionn:userLogin + * USER:hudson.model.the.jenkins.permission:userLogin * * } * @@ -124,12 +136,12 @@ private static void addPermissionsToAuthorizationMatrix(Document document, Eleme NodeList existingPermissionElements = authorizationMatrixElement.getElementsByTagName("permission"); jenkinsJobPermissions.forEach(jenkinsJobPermission -> { // The permission in the xml node has the format: com.jenkins.job.permission:user-login - String permission = jenkinsJobPermission.getName() + ":" + userLogin; + String permission = USER_PERMISSIONS_PREFIX + jenkinsJobPermission.getName() + ":" + userLogin; // Add the permission if it doesn't exist. boolean permissionExists = permissionExistInPermissionList(existingPermissionElements, permission); if (!permissionExists) { - // Permission element has format com.jenkins.job.permission:user-login + // Permission element has format USER:com.jenkins.job.permission:user-login Element permissionElement = document.createElement("permission"); permissionElement.setTextContent(permission); authorizationMatrixElement.appendChild(permissionElement); From 592d261f4fe9f5484e890d99dcf58b48fcbbc18e Mon Sep 17 00:00:00 2001 From: Benedikt Fein Date: Sat, 22 Oct 2022 21:19:06 +0200 Subject: [PATCH 002/174] add proper tests --- .../jobs/JenkinsJobPermissionsUtilsTest.java | 109 ++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java diff --git a/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java b/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java new file mode 100644 index 000000000000..178b7b810c28 --- /dev/null +++ b/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java @@ -0,0 +1,109 @@ +package de.tum.in.www1.artemis.service.connectors.jenkins.jobs; + +import static org.assertj.core.api.Assertions.assertThat; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +import java.util.stream.Collectors; + +import javax.xml.transform.TransformerException; + +import org.junit.jupiter.api.Test; +import org.w3c.dom.Document; +import org.w3c.dom.NodeList; + +import de.tum.in.www1.artemis.service.util.XmlFileUtils; + +class JenkinsJobPermissionsUtilsTest { + + @Test + void testRemovePermissionsFromFolder() { + final Document folderConfig = XmlFileUtils.readFromString(""" + + + + + + + + hudson.model.Item.Build:instructor1 + hudson.model.Item.Cancel:instructor1 + hudson.model.Item.Configure:instructor1 + hudson.model.Item.Create:instructor1 + hudson.model.Item.Delete:instructor1 + hudson.model.Item.Read:instructor1 + hudson.model.Item.Workspace:instructor1 + hudson.model.Run.Delete:instructor1 + hudson.model.Run.Replay:instructor1 + hudson.model.Run.Update:instructor1 + hudson.scm.SCM.Tag:instructor1 + USER:hudson.model.Item.Build:instructor1 + USER:hudson.model.Item.Cancel:instructor1 + USER:hudson.model.Item.Configure:instructor1 + USER:hudson.model.Item.Create:instructor1 + USER:hudson.model.Item.Delete:instructor1 + USER:hudson.model.Item.Read:instructor1 + USER:hudson.model.Item.Workspace:instructor1 + USER:hudson.model.Run.Delete:instructor1 + USER:hudson.model.Run.Replay:instructor1 + USER:hudson.model.Run.Update:instructor1 + USER:hudson.scm.SCM.Tag:instructor1 + + + + """); + final Set allPermissions = Arrays.stream(JenkinsJobPermission.values()).collect(Collectors.toUnmodifiableSet()); + + JenkinsJobPermissionsUtils.removePermissionsFromFolder(folderConfig, allPermissions, Set.of("instructor1")); + + final var updatedPermissions = folderConfig.getElementsByTagName("permission"); + assertThat(updatedPermissions.getLength()).withFailMessage(() -> { + try { + return "Expected document to contain no permissions:\n" + XmlFileUtils.writeToString(folderConfig); + } + catch (TransformerException e) { + throw new RuntimeException(e); + } + }).isEqualTo(0); + } + + @Test + void testAddPermissionsToFolder() { + final Document folderConfig = XmlFileUtils.readFromString(""" + + + + + + + + """); + final Set permissions = Set.of(JenkinsJobPermission.JOB_CREATE, JenkinsJobPermission.RUN_DELETE); + + JenkinsJobPermissionsUtils.addPermissionsToFolder(folderConfig, permissions, Set.of("instructor1")); + + final var createdPermissions = folderConfig.getElementsByTagName("permission"); + assertThat(createdPermissions.getLength()).isEqualTo(2); + + final var actualPermissions = getPermissions(folderConfig); + final var expectedPermissions = Set.of(getPermission(JenkinsJobPermission.JOB_CREATE, "instructor1"), getPermission(JenkinsJobPermission.RUN_DELETE, "instructor1")); + assertThat(actualPermissions).hasSameElementsAs(expectedPermissions); + } + + private static String getPermission(JenkinsJobPermission permission, String username) { + return String.format("USER:%s:%s", permission.getName(), username); + } + + private static Set getPermissions(final Document document) { + final Set permissionValues = new HashSet<>(); + final NodeList permissions = document.getElementsByTagName("permission"); + + for (int i = 0; i < permissions.getLength(); ++i) { + final String permissionValue = permissions.item(i).getTextContent(); + permissionValues.add(permissionValue); + } + + return permissionValues; + } +} From 71b7c3c6888e26ab1394f0eadc82996279a19a98 Mon Sep 17 00:00:00 2001 From: Benedikt Fein Date: Mon, 31 Oct 2022 13:58:23 +0100 Subject: [PATCH 003/174] move permission removal --- src/main/docker/jenkins-agent/Dockerfile | 9 ++++++++ src/main/docker/jenkins/startup.sh | 4 ++++ .../jobs/JenkinsJobPermissionsUtils.java | 21 ++++++++++++------- 3 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 src/main/docker/jenkins-agent/Dockerfile create mode 100644 src/main/docker/jenkins/startup.sh diff --git a/src/main/docker/jenkins-agent/Dockerfile b/src/main/docker/jenkins-agent/Dockerfile new file mode 100644 index 000000000000..d0a8d2db417e --- /dev/null +++ b/src/main/docker/jenkins-agent/Dockerfile @@ -0,0 +1,9 @@ +FROM jenkins/inbound-agent + +USER root + +RUN apt-get update && apt-get -y install curl + +RUN curl https://download.docker.com/linux/static/stable/x86_64/docker-20.10.11.tgz | tar xvz --directory /tmp && mv -v /tmp/docker/docker /usr/local/bin/docker && chmod +x /usr/local/bin/docker && rm -rf /tmp/docker + +USER jenkins diff --git a/src/main/docker/jenkins/startup.sh b/src/main/docker/jenkins/startup.sh new file mode 100644 index 000000000000..403f9140e358 --- /dev/null +++ b/src/main/docker/jenkins/startup.sh @@ -0,0 +1,4 @@ +#! /usr/bin/env bash + +chgrp docker /var/run/docker.sock +/sbin/tini -s -- /usr/local/bin/jenkins.sh diff --git a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java index cca0ed47ed20..f346d8168be4 100644 --- a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java +++ b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java @@ -1,5 +1,7 @@ package de.tum.in.www1.artemis.service.connectors.jenkins.jobs; +import java.util.ArrayList; +import java.util.List; import java.util.Set; import org.w3c.dom.*; @@ -45,9 +47,7 @@ private static void removePermissionsFromElement(String elementTagName, Document permissionsToRemove.forEach(jenkinsJobPermission -> userLogins.forEach(userLogin -> { // The permission in the xml node has the format: com.jenkins.job.permission:user-login String permission = jenkinsJobPermission.getName() + ":" + userLogin; - // old jobs might still use the permission without the prefix removePermission(authorizationMatrixElement, permission); - removePermission(authorizationMatrixElement, USER_PERMISSIONS_PREFIX + permission); })); } @@ -58,15 +58,20 @@ private static void removePermissionsFromElement(String elementTagName, Document * @param permission the permission to remove */ private static void removePermission(Node authorizationMatrix, String permission) throws DOMException { - NodeList permissionNodes = authorizationMatrix.getChildNodes(); - int nodeCount = permissionNodes.getLength(); + final NodeList permissionNodes = authorizationMatrix.getChildNodes(); + final int nodeCount = permissionNodes.getLength(); + + final List toRemove = new ArrayList<>(); + for (int i = 0; i < nodeCount; i++) { - Node permissionNode = permissionNodes.item(i); - if (permissionNode.getTextContent().equals(permission)) { - authorizationMatrix.removeChild(permissionNode); - return; + final Node permissionNode = permissionNodes.item(i); + final String existingPermission = permissionNode.getTextContent(); + if (existingPermission.equals(permission) || existingPermission.equals(USER_PERMISSIONS_PREFIX + permission)) { + toRemove.add(permissionNode); } } + + toRemove.forEach(authorizationMatrix::removeChild); } public static void addPermissionsToFolder(Document folderConfig, Set jenkinsJobPermissions, Set userLogins) throws DOMException { From 847b3db1228fd5c7d48562df72abf38e6ffc3e77 Mon Sep 17 00:00:00 2001 From: Benedikt Fein Date: Mon, 31 Oct 2022 13:59:34 +0100 Subject: [PATCH 004/174] simplify failure message creation --- .../jenkins/jobs/JenkinsJobPermissionsUtilsTest.java | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java b/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java index 178b7b810c28..11f3f4ca302d 100644 --- a/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java +++ b/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java @@ -18,7 +18,7 @@ class JenkinsJobPermissionsUtilsTest { @Test - void testRemovePermissionsFromFolder() { + void testRemovePermissionsFromFolder() throws TransformerException { final Document folderConfig = XmlFileUtils.readFromString(""" @@ -58,14 +58,7 @@ void testRemovePermissionsFromFolder() { JenkinsJobPermissionsUtils.removePermissionsFromFolder(folderConfig, allPermissions, Set.of("instructor1")); final var updatedPermissions = folderConfig.getElementsByTagName("permission"); - assertThat(updatedPermissions.getLength()).withFailMessage(() -> { - try { - return "Expected document to contain no permissions:\n" + XmlFileUtils.writeToString(folderConfig); - } - catch (TransformerException e) { - throw new RuntimeException(e); - } - }).isEqualTo(0); + assertThat(updatedPermissions.getLength()).as("Document should contain no permissions:\n" + XmlFileUtils.writeToString(folderConfig)).isEqualTo(0); } @Test From 6ec4f7d6f4735dc5c7172c914dfdba4d1dd35aec Mon Sep 17 00:00:00 2001 From: Benedikt Fein Date: Mon, 31 Oct 2022 14:02:01 +0100 Subject: [PATCH 005/174] remove files that were accidentally added --- src/main/docker/jenkins-agent/Dockerfile | 9 --------- src/main/docker/jenkins/startup.sh | 4 ---- 2 files changed, 13 deletions(-) delete mode 100644 src/main/docker/jenkins-agent/Dockerfile delete mode 100644 src/main/docker/jenkins/startup.sh diff --git a/src/main/docker/jenkins-agent/Dockerfile b/src/main/docker/jenkins-agent/Dockerfile deleted file mode 100644 index d0a8d2db417e..000000000000 --- a/src/main/docker/jenkins-agent/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM jenkins/inbound-agent - -USER root - -RUN apt-get update && apt-get -y install curl - -RUN curl https://download.docker.com/linux/static/stable/x86_64/docker-20.10.11.tgz | tar xvz --directory /tmp && mv -v /tmp/docker/docker /usr/local/bin/docker && chmod +x /usr/local/bin/docker && rm -rf /tmp/docker - -USER jenkins diff --git a/src/main/docker/jenkins/startup.sh b/src/main/docker/jenkins/startup.sh deleted file mode 100644 index 403f9140e358..000000000000 --- a/src/main/docker/jenkins/startup.sh +++ /dev/null @@ -1,4 +0,0 @@ -#! /usr/bin/env bash - -chgrp docker /var/run/docker.sock -/sbin/tini -s -- /usr/local/bin/jenkins.sh From 4786252e459fda48acf38e6ac2740fc1eb9eeb1a Mon Sep 17 00:00:00 2001 From: Benedikt Fein Date: Tue, 8 Nov 2022 09:58:14 +0100 Subject: [PATCH 006/174] Update src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Dominik Fuchß --- .../connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java index f346d8168be4..b996e009dc71 100644 --- a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java +++ b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java @@ -16,6 +16,7 @@ public class JenkinsJobPermissionsUtils { private static final String USER_PERMISSIONS_PREFIX = "USER:"; private JenkinsJobPermissionsUtils() { + throw new IllegalAccessError("Utility Class"); } public static void removePermissionsFromFolder(Document jobConfig, Set permissionsToRemove, Set userLogins) throws DOMException { From 03bde7f793113aca76b573c000c988b59482e1c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Lei=C3=9F?= <5084100+sleiss@users.noreply.github.com> Date: Mon, 14 Nov 2022 17:40:35 +0100 Subject: [PATCH 007/174] Development: Update docker-based monitoring setup (#5598) --- src/main/docker/monitoring.yml | 20 +- .../artemis/artemis_statistics.json | 395 ++++++++++++++++++ .../provisioning/dashboards/dashboard.yml | 11 + .../provisioning/datasources/datasource.yml | 12 + .../prometheus/prometheus.yml | 0 5 files changed, 428 insertions(+), 10 deletions(-) create mode 100644 src/main/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json create mode 100644 src/main/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml create mode 100644 src/main/docker/monitoring/grafana/provisioning/datasources/datasource.yml rename src/main/docker/{ => monitoring}/prometheus/prometheus.yml (100%) diff --git a/src/main/docker/monitoring.yml b/src/main/docker/monitoring.yml index a0d414f327e0..d50efbb395f2 100644 --- a/src/main/docker/monitoring.yml +++ b/src/main/docker/monitoring.yml @@ -1,12 +1,11 @@ # This configuration is intended for development purpose, it's **your** responsibility to harden it for production -version: '3.8' services: - artemis-prometheus: - image: prom/prometheus:v2.31.1 - volumes: - - ./prometheus/:/etc/prometheus/ - command: - - '--config.file=/etc/prometheus/prometheus.yml' + prometheus: + container_name: prometheus + image: prom/prometheus:v2.34.0 + # If you want to run this in production, you should persist the /etc/prometheus-directory + #volumes: + # - ./monitoring/prometheus/:/etc/prometheus/ # If you want to expose these ports outside your dev PC, # remove the "127.0.0.1:" prefix ports: @@ -14,10 +13,11 @@ services: # On macOS, remove next line and replace localhost by host.docker.internal in prometheus/prometheus.yml and # grafana/provisioning/datasources/datasource.yml network_mode: 'host' # to test locally running service - artemis-grafana: - image: grafana/grafana:8.2.4 + grafana: + container_name: grafana + image: grafana/grafana:9.0.2 volumes: - - ./grafana/provisioning/:/etc/grafana/provisioning/ + - ./monitoring/grafana/provisioning/:/etc/grafana/provisioning/ environment: - GF_SECURITY_ADMIN_PASSWORD=admin - GF_USERS_ALLOW_SIGN_UP=false diff --git a/src/main/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json b/src/main/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json new file mode 100644 index 000000000000..0b9000232294 --- /dev/null +++ b/src/main/docker/monitoring/grafana/provisioning/dashboards/artemis/artemis_statistics.json @@ -0,0 +1,395 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(artemis_instance_websocket_users)", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis User - Sum", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:147", + "format": "short", + "logBase": 1, + "min": "0", + "show": true + }, + { + "$$hashKey": "object:148", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "artemis_instance_websocket_users", + "instant": false, + "interval": "", + "legendFormat": "{{instance_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis User", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:147", + "format": "short", + "logBase": 1, + "min": "0", + "show": true + }, + { + "$$hashKey": "object:148", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (instance_name) (artemis_health)", + "interval": "", + "legendFormat": "{{instance_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis Health - external systems", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:521", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:522", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (healthindicator) (artemis_health)", + "interval": "", + "legendFormat": "{{healthindicator}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Artemis-Health per External System", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:227", + "format": "short", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:228", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + } + ], + "refresh": "30s", + "schemaVersion": 34, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Artemis Statistics", + "uid": "d9vRDInMz", + "version": 1, + "weekStart": "" +} diff --git a/src/main/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml b/src/main/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml new file mode 100644 index 000000000000..4c237cf2d90c --- /dev/null +++ b/src/main/docker/monitoring/grafana/provisioning/dashboards/dashboard.yml @@ -0,0 +1,11 @@ +apiVersion: 1 + +providers: + - name: 'Artemis' + orgId: 1 + folder: 'Artemis' + type: file + disableDeletion: false + editable: true + options: + path: /etc/grafana/provisioning/dashboards/artemis diff --git a/src/main/docker/monitoring/grafana/provisioning/datasources/datasource.yml b/src/main/docker/monitoring/grafana/provisioning/datasources/datasource.yml new file mode 100644 index 000000000000..17f90a28df11 --- /dev/null +++ b/src/main/docker/monitoring/grafana/provisioning/datasources/datasource.yml @@ -0,0 +1,12 @@ +apiVersion: 1 + +datasources: + - name: Prometheus + uid: prometheus_default + type: prometheus + access: proxy + orgId: 1 + url: http://localhost:9090 + basicAuth: false + isDefault: true + editable: true diff --git a/src/main/docker/prometheus/prometheus.yml b/src/main/docker/monitoring/prometheus/prometheus.yml similarity index 100% rename from src/main/docker/prometheus/prometheus.yml rename to src/main/docker/monitoring/prometheus/prometheus.yml From e5b9b3e0487c5d138809588427453ce34923e28c Mon Sep 17 00:00:00 2001 From: Ludwig Pusl <33753999+4ludwig4@users.noreply.github.com> Date: Fri, 18 Nov 2022 21:20:10 +0100 Subject: [PATCH 008/174] Development: Unify docker compose settings (#5809) --- .dockerignore | 38 + .gitignore | 5 +- .../Remote_Java_Debugging_for_Docker.xml | 15 + build.gradle | 4 - docker-compose.yml | 69 +- docs/Dockerfile | 15 + docs/dev/cypress.rst | 4 +- docs/dev/setup.rst | 179 +++- docs/dev/setup/bamboo-bitbucket-jira.rst.txt | 8 +- docs/dev/setup/jenkins-gitlab.rst.txt | 24 +- docs/dev/setup/kubernetes.rst.txt | 2 +- src/main/docker/.dockerignore | 14 - src/main/docker/Dockerfile | 55 -- src/main/docker/README.md | 14 +- src/main/docker/TODO.md | 7 + src/main/docker/activemq.yml | 6 +- src/main/docker/app.yml | 26 - .../artemis-dev-mysql-gitlab-jenkins.yml | 53 ++ src/main/docker/artemis-dev-mysql.yml | 37 + .../docker/artemis-server-client-mysql.yml | 60 ++ src/main/docker/artemis/Dockerfile | 69 ++ src/main/docker/artemis/artemis.yml | 40 + .../main/docker/artemis/run_artemis.sh | 18 +- src/main/docker/atlassian.yml | 48 +- .../docker/{ => atlassian}/atlassian-setup.sh | 0 .../{ => atlassian}/atlassian.c.override.yml | 1 - .../atlassian.swift.override.yml | 1 - .../docker/central-server-config/README.md | 4 +- src/main/docker/cypress/docker-compose.yml | 14 +- src/main/docker/docker-compose.yml | 32 - src/main/docker/gitlab-gitlabci.yml | 32 +- src/main/docker/gitlab-jenkins-mysql.yml | 73 +- src/main/docker/gitlab-jenkins.yml | 45 +- src/main/docker/gitlab/README.md | 9 +- .../env.example.gitlab-gitlabci.txt | 0 src/main/docker/gitlab/gitlab-setup.sh | 4 +- src/main/docker/gitlab/gitlab.yml | 33 + src/main/docker/jenkins/jenkins.yml | 31 + src/main/docker/jhipster-registry.yml | 2 +- src/main/docker/kafka.yml | 3 +- src/main/docker/mailhog/mailhog.yml | 26 + src/main/docker/monitoring.yml | 8 +- src/main/docker/mysql.yml | 19 +- .../docker/saml-test/application-saml2.yml | 25 + src/main/docker/saml-test/config.php | 851 ++++++++++++++++++ src/main/docker/saml-test/saml-test.yml | 23 + .../docker/saml-test/saml20-sp-remote.php | 14 + src/main/docker/scripts/wait-for.md | 16 + src/main/docker/scripts/wait-for.sh | 191 ++++ ...artemis-dev-mysql-gitlab-jenkins-local.yml | 28 + .../resources/config/application-docker.yml | 12 + webpack/environment.js | 2 +- 52 files changed, 1912 insertions(+), 397 deletions(-) create mode 100644 .dockerignore create mode 100644 .idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml create mode 100644 docs/Dockerfile delete mode 100644 src/main/docker/.dockerignore delete mode 100644 src/main/docker/Dockerfile create mode 100644 src/main/docker/TODO.md delete mode 100644 src/main/docker/app.yml create mode 100644 src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml create mode 100644 src/main/docker/artemis-dev-mysql.yml create mode 100644 src/main/docker/artemis-server-client-mysql.yml create mode 100644 src/main/docker/artemis/Dockerfile create mode 100644 src/main/docker/artemis/artemis.yml rename bootstrap.sh => src/main/docker/artemis/run_artemis.sh (66%) rename src/main/docker/{ => atlassian}/atlassian-setup.sh (100%) rename src/main/docker/{ => atlassian}/atlassian.c.override.yml (85%) rename src/main/docker/{ => atlassian}/atlassian.swift.override.yml (86%) delete mode 100644 src/main/docker/docker-compose.yml rename src/main/docker/{ => gitlab}/env.example.gitlab-gitlabci.txt (100%) create mode 100644 src/main/docker/gitlab/gitlab.yml create mode 100644 src/main/docker/jenkins/jenkins.yml create mode 100644 src/main/docker/mailhog/mailhog.yml create mode 100644 src/main/docker/saml-test/application-saml2.yml create mode 100644 src/main/docker/saml-test/config.php create mode 100644 src/main/docker/saml-test/saml-test.yml create mode 100644 src/main/docker/saml-test/saml20-sp-remote.php create mode 100644 src/main/docker/scripts/wait-for.md create mode 100755 src/main/docker/scripts/wait-for.sh create mode 100644 src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml create mode 100644 src/main/resources/config/application-docker.yml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000000..e366cd339c25 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,38 @@ +# https://docs.docker.com/engine/reference/builder/#dockerignore-file +classes/ +generated-sources/ +generated-test-sources/ +h2db/ +maven-archiver/ +maven-status/ +reports/ +surefire-reports/ +test-classes/ +test-results/ +www/ +!*.jar +!*.war + +# exclude hidden directories like .idea, .gradle, .cache, .github +.* +# do not exclude .git as it's necessary to insert the commit id into the build +!.git +# do not exclude .eslint files as they are required in the build process +!.eslintignore +!.eslintrc +# do not exclude .npmrc as it's required in the build process for setting the correct node options +!.npmrc +# exclude node_modules if installed locally +node_modules +# exclude build binaries +build/* +# except files for docker +!build/docker + +# files inside of the root directory not needed +CITATION.cff +CODE_OF_CONDUCT.md +gradlew.bat +LICENSE +README.md +SECURITY.md diff --git a/.gitignore b/.gitignore index 070706b6b3b5..4e71e66622c6 100644 --- a/.gitignore +++ b/.gitignore @@ -59,8 +59,9 @@ local.properties ###################### # Intellij ###################### -.idea/ -!.idea/runConfigurations/* +.idea/* +!.idea/runConfigurations/ +!.idea/icon.svg *.iml *.iws *.ipr diff --git a/.idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml b/.idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml new file mode 100644 index 000000000000..0f6a9fb531c3 --- /dev/null +++ b/.idea/runConfigurations/Remote_Java_Debugging_for_Docker.xml @@ -0,0 +1,15 @@ + + + + \ No newline at end of file diff --git a/build.gradle b/build.gradle index f6d0fc4d0b9a..d8b3f92df462 100644 --- a/build.gradle +++ b/build.gradle @@ -373,10 +373,6 @@ task executeCheckstyle (type: Exec) { commandLine "./gradlew", "checkstyleMain", "-x", "npm", "-x", "webapp" } -task buildJarForDocker (type: Exec) { - commandLine "./gradlew", "build", "-x", "webapp", "-x", "test", "-x", "jacocoTestCoverageVerification" -} - def isNonStable = { String version -> def stableKeyword = ["RELEASE", "FINAL", "GA"].any { it -> version.toUpperCase().contains(it) } def regex = /^[0-9,.v-]+(-r)?$/ diff --git a/docker-compose.yml b/docker-compose.yml index 5d7708a75920..63b3f11bc3c6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,53 +1,26 @@ -version: '3' +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Dev-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- -# NOTE: this docker compose file starts the artemis-server (as jar file) and the artemis-client in separate containers. This setup is aimed for development. -# If you want to start the whole Artemis application (server and client) in the same container, you need to specify a different service and -# you have to execute the command './gradlew -Pprod -Pwar clean bootWar && java -jar build/libs/*.war --spring.profiles.active=dev,artemis,bamboo,bitbucket,jira' +# this links to /src/main/docker/artemis-dev-mysql.yml which is the default artemis development docker compose setup +# just using a symlink doesn't work because of the relative paths ;) services: - artemis-server: - command: sh -c "(apt update && apt install -y fontconfig fonts-dejavu graphviz || true) && ./gradlew buildJarForDocker && java -jar --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED build/libs/Artemis-*.jar" - depends_on: - - artemis-mysql - image: eclipse-temurin:17-jdk - environment: - - SPRING_DATASOURCE_URL=jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - - SPRING_PROFILES_ACTIVE=dev,bamboo,bitbucket,jira,artemis,scheduling - networks: - - artemis - ports: - - 8080:8080 - volumes: - - ./:/server/ - working_dir: /server - - artemis-client: - command: sh -c "npm install && npm run start-docker" - depends_on: - - artemis-server - image: node:14.17.6-alpine - networks: - - artemis - ports: - - 9000:9000 - volumes: - - ./:/client/ - working_dir: /client - - artemis-mysql: - command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp - environment: - - MYSQL_ALLOW_EMPTY_PASSWORD=yes - - MYSQL_ROOT_PASSWORD= - - MYSQL_DATABASE=Artemis - image: mysql:8.0.31 - networks: - - artemis - ports: - - 3306:3306 - volumes: - - ./data/.db:/var/lib/mysql + artemis-app: + extends: + file: ./src/main/docker/artemis-dev-mysql.yml + service: artemis-app + mysql: + extends: + file: ./src/main/docker/artemis-dev-mysql.yml + service: mysql networks: - artemis: - driver: bridge + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data + artemis-data: + name: artemis-data diff --git a/docs/Dockerfile b/docs/Dockerfile new file mode 100644 index 000000000000..f228943864be --- /dev/null +++ b/docs/Dockerfile @@ -0,0 +1,15 @@ +FROM sphinxdoc/sphinx + +WORKDIR /docs +# create non-root user to be able to edit the generated files without root access later +RUN groupadd -g 1000 sphinx-user \ + && useradd -ms /bin/bash -u 1000 -g 1000 sphinx-user \ + && chown 1000:1000 /docs +ADD requirements.txt /docs +RUN pip3 install -r requirements.txt + +USER sphinx-user +EXPOSE 8000 +# use the autobuild as default command +ENV SPHINXOPTS="--port 8000 --host 0.0.0.0" +CMD exec make livehtml diff --git a/docs/dev/cypress.rst b/docs/dev/cypress.rst index 86fb0af4578e..f80a21d6e2ab 100644 --- a/docs/dev/cypress.rst +++ b/docs/dev/cypress.rst @@ -14,7 +14,7 @@ Therefore, the current setup only dynamically deploys the Artemis server and con Artemis Deployment on Bamboo Build Agent ---------------------------------------- Every execution of the Cypress test suite requires its own deployment of Artemis. The easiest way to accomplish this is to deploy Artemis locally on the build agent, which executes the Cypress tests. -Using docker-compose we can start a MySQL database and the Artemis server locally on the build agent and connect it to the prelive system in the university data center. +Using ``docker compose`` we can start a MySQL database and the Artemis server locally on the build agent and connect it to the prelive system in the university data center. .. figure:: cypress/cypress_bamboo_deployment_diagram.svg :align: center @@ -76,7 +76,7 @@ This build plan is automatically executed every 8 hours and verifies that test s Artemis Deployment on test environment for Cypress The difference of this setup is that the Artemis server is deployed on a separate environment which already contains the necessary configuration files for the Artemis server to connect to the prelive system. -The Docker image for the Cypress container should be exactly the same as the Cypress image used in the docker-compose file for the deployment on a Bamboo build agent. +The Docker image for the Cypress container should be exactly the same as the Cypress image used in the *docker compose* file for the deployment on a Bamboo build agent. Maintenance ----------- diff --git a/docs/dev/setup.rst b/docs/dev/setup.rst index dfdbd343c0af..2c74e578b3c2 100644 --- a/docs/dev/setup.rst +++ b/docs/dev/setup.rst @@ -59,7 +59,7 @@ The required Artemis schema will be created / updated automatically at startup t server application. As an alternative to a native MySQL setup, you can run the MySQL Database Server inside a Docker container -using e.g. ``docker-compose -f src/main/docker/mysql.yml up``. +using e.g. ``docker compose -f src/main/docker/mysql.yml up``. If you run your own MySQL server, make sure to specify the default ``character-set`` as ``utf8mb4`` and the default ``collation`` as ``utf8mb4_unicode_ci``. @@ -283,11 +283,25 @@ Run the server via Docker Dockerfile """""""""" -You can find the latest Artemis Dockerfile at ``src/main/docker/Dockerfile``. +You can find the latest Artemis Dockerfile at ``src/main/docker/artemis/Dockerfile``. -* The Dockerfile defines three Docker volumes +* The Dockerfile has multiple stages: A `build stage`, building the ``.war`` file, and a `runtime stage` with minimal + dependencies just for running artemis. - * ``/opt/artemis/config``: This will be used to store the configuration of Artemis in YAML files. If this directory is empty, the default configuration of Artemis will be copied upon container start. +.. TODO: add defaults and recheck config volume to docker compose base service and Dockerfile + also recheck if the envs are still necessary + +* The Dockerfile defines three Docker volumes (at the specified paths inside the container): + + * **/opt/artemis/config:** + + This will be used to store additional configuration of Artemis in YAML files. + ``src/main/resources/application-local.yml`` for instance is such an additional configuration file. + It should contain all custom configurations. + The other configurations like ``src/main/resources/application.yml``, ... are built into the ``.war`` file and + therefore are not needed in this directory. + + .. TODO: add better description here when this problem is solved how we handle configs .. tip:: Instead of mounting this config directory, you can also use environment variables for the configuration as defined by the `Spring relaxed binding `__. @@ -296,17 +310,20 @@ You can find the latest Artemis Dockerfile at ``src/main/docker/Dockerfile``. To ease the transition of an existing set of YAML configuration files into the environment variable style, a `helper script `__ can be used. - * ``/opt/artemis/data``: This directory should be used for any data (e.g., local clone of repositories). - Therefore, configure Artemis to store this files into this directory. In order to do that, you have to change - some properties in configuration files (i.e., ``artemis.repo-clone-path``, ``artemis.repo-download-clone-path``, + * **/opt/artemis/data:** + + This directory should be used for any data (e.g., local clone of repositories). + This is preconfigured in the ``docker`` Java Spring profile (which sets the following values: + ``artemis.repo-clone-path``, ``artemis.repo-download-clone-path``, ``artemis.course-archives-path``, ``artemis.submission-export-path``, and ``artemis.file-upload-path``). - Otherwise you'll get permission failures. - * ``/opt/artemis/public/content``: This directory will be used for branding. - You can specify a favicon, ``imprint.html``, and ``privacy_statement.html`` here. -* The Dockerfile sets the correct permissions to the folders that are mounted to the volumes on startup (not recursive). + * **/opt/artemis/public/content:** + + This directory will be used for branding. + You can specify a favicon, ``imprint.html``, and ``privacy_statement.html`` here. -* The startup script is located `here `__. +* The startup script is located at ``src/main/docker/artemis/run_artemis.sh`` and is as a wrapper to start + the artemis Java application. * The Dockerfile assumes that the mounted volumes are located on a file system with the following locale settings (see `#4439 `__ for more details): @@ -315,6 +332,35 @@ You can find the latest Artemis Dockerfile at ``src/main/docker/Dockerfile``. * LANG ``en_US.UTF-8`` * LANGUAGE ``en_US.UTF-8`` +.. _Docker Debugging: + +Debugging with Docker +""""""""""""""""""""" + +| The Docker containers have the possibility to enable Java Remote Debugging via environment variables. +| Via Java Remote Debugging you can use your preferred debugger on port 5005. + For IntelliJ you can use the `Remote Java Debugging for Docker` being shipped in the git repository. + +With the following environment variables you can configure the Remote Java Debugging inside the docker container: + +.. list-table:: + :header-rows: 1 + + * - environment variable + - description + - possibles values + * - | JAVA_REMOTE_DEBUG + - | enables or disables the Java Remote Debugging + | in the Docker container + - | ``true`` to enable + | ``false`` to disable + * - | JAVA_REMOTE_DEBUG_SUSPEND + - | changes the start behaviour of the Java application, + | making it possible to suspend it until the debugger started + - | ``y`` to suspend the startup of the Java application + | ``n`` (default) to start the application right away + + Run the server via a run configuration in IntelliJ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -593,38 +639,109 @@ HTTP. We need to extend the configuration in the file Alternative: Docker-Compose Setup --------------------------------- -A full functioning development environment can also be set up using -docker-compose: +The easiest way to configure a local deployment via Docker is a deployment with a *docker compose* file. +In the directory ``src/main/docker/`` you can find the following *docker compose* files for different setups: + +* ``artemis-dev-mysql.yml``: **Artemis-Dev-MySQL** Setup containing the development build of Artemis and a MySQL DB +* ``artemis-dev-mysql-gitlab-jenkins.yml``: **Artemis-Dev-MySQL-GitLab-Jenkins** + Setup containing the development build of Artemis, a MySQL DB, a GitLab and Jenkins instance +* ``artemis-server-client-mysql.yml``: **Artemis-Server-Client-MySQL** Setup containing a separate client and server + container which mount the code as volumes and are therefore just suited for development purposes. + As Npm is used with its live reload mode to build and run the client, any change in the client’s codebase will trigger + a rebuild automatically. In case of changes in the codebase of the server one has to restart the ``artemis-server`` + container. +* ``atlassian.yml``: **Atlassian** Setup containing a Jira, Bitbucket and Bamboo instance +* ``gitlab-gitlabci.yml``: **GitLab-GitLabCI** Setup containing a GitLab and GitLabCI instance +* ``gitlab-jenkins.yml``: **GitLab-Jenkins** Setup containing a GitLab and Jenkins instance +* ``gitlab-jenkins-mysql.yml``: **GitLab-Jenkins-MySQL** Setup containing a GitLab, Jenkins and MySQL DB instance + +.. TODO: fix the implementation: currently you still have to create the file /src/main/resources/application-local.yaml + +.. tip:: + There is also a single ``docker-compose.yml`` in the project root which mirrors the setup of ``artemis-dev-mysql.yml``. + This should provide a quick way, without manual changes necessary, for new contributors to startup an Artemis instance. + +For each service being used in these *docker compose* files a **base service** (containing similar settings) +is defined in the following files: -1. Install `docker `__ and `docker-compose `__ -2. Configure the credentials in ``application-artemis.yml`` in the folder ``src/main/resources/config`` as described above -3. Run ``docker-compose up`` -4. Go to http://localhost:9000 +* ``artemis/artemis.yml``: **Artemis Service** +* ``mysql.yaml``: **MySQL DB Service** +* ``gitlab/gitlab.yaml``: **GitLab Service** +* ``jenkins/jenkins.yaml``: **Jenkins Service** -The client and the server will run in different containers. As Npm is -used with its live reload mode to build and run the client, any change -in the client’s codebase will trigger a rebuild automatically. In case -of changes in the codebase of the server one has to restart the -``artemis-server`` container via -``docker-compose restart artemis-server``. +For testing mails or SAML logins you can append the following services to any setup with an artemis container: -(Native) Running and Debugging from IDEs is currently not supported. +* ``mailhog/mailhog.yml``: **Mailhog Service** (email testing tool) +* ``saml-test/saml-test.yaml``: **Saml-Test Service** (SAML Test Identity Provider for testing SAML features) + +An example command to run such an extended setup: + +.. code:: bash + + docker compose -f src/main/docker/artemis-dev-mysql.yml -f src/main/docker/mailhog/mailhog.yml up + +.. warning:: + If you want to run multiple *docker compose* setups in parallel on one host you might have to modify + volume, container and network names! + +Getting Started with Docker-Compose Setups +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To get started with one of the mentioned Docker-Compose Setups do the following: + +.. TODO: modify config part accordingly to config decision + +1. Install `docker `__ (``docker compose`` is shipped as part of docker and is used in + this project instead of the Python implementation ``docker-compose``) +2. ( Depending on the chosen setup it's necessary to configure the Artemis configs like ``application-local.yml`` + in the folder ``src/main/resources/config`` as described in the section `Dockerfile <#dockerfile>`__. + The default setup ``docker-compose.yml`` should run without the default configurations, so no changes are required.) +3. Run ``docker compose up`` or ``docker compose -f src/main/docker/.yml up`` +4. For Artemis instances go to http://localhost:8080 (http://localhost:9000 for the seperated server and client setup) + +Debugging with Docker +^^^^^^^^^^^^^^^^^^^^^ + +See the `Debugging with Docker <#docker-debugging>`__ section for detailed information. +In all development *docker compose* setups like ``artemis-dev-mysql.yml`` Java Remote Debugging is enabled by default. + +Service, Container and Volume names +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Service names for the usage within *docker compose* are kept short, like ``mysql``, to make it easier +to use them in a CLI. + +Container and volume names are prepended with ``artemis-`` in order to not interfere with other container or volume +names on your system. Get a shell into the containers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. tip:: + To keep the documentation short, we will use the standard form of ``docker compose COMMAND`` from this point on. + You can use the following commands also with the ``-f src/main/docker/.yml`` argument pointing + to a specific setup. + - app container: - ``docker exec -it $(docker-compose ps -q artemis-app) sh`` + ``docker compose exec artemis-app bash`` - mysql container: - ``docker exec -it $(docker-compose ps -q artemis-mysql) mysql`` + ``docker compose exec mysql bash`` or directly into mysql ``docker compose exec mysql mysql`` + +Analog for other services. Other useful commands ^^^^^^^^^^^^^^^^^^^^^ -- Stop the server: ``docker-compose stop artemis-server`` (restart via - ``docker-compose start artemis-server``) -- Stop the client: ``docker-compose stop artemis-client`` (restart via - ``docker-compose start artemis-client``) +- Start a setup in the background: ``docker compose up -d`` +- Stop and remove containers of a setup: ``docker compose down`` +- Stop, remove containers and volumes: ``docker compose down -v`` +- Remove artemis related volumes/state: ``docker volume rm artemis-data artemis-mysql-data`` + + This is helpful in setups where you just want to delete the state of artemis + but not of Jenkins and GitLab for instance. +- Stop a service: ``docker compose stop `` (restart via + ``docker compose start ``) +- Restart a service: ``docker compose restart `` ------------------------------------------------------------------------------------------------------------------------ diff --git a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt index 826d8b79b33b..10b6df5df211 100644 --- a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt +++ b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt @@ -32,15 +32,15 @@ setup is present. Docker-Compose ^^^^^^^^^^^^^^ -Before you start the docker-compose, check if the bamboo version in the +Before you start the *docker compose*, check if the bamboo version in the ``build.gradle`` (search for ``com.atlassian.bamboo:bamboo-specs``) is equal to the bamboo version number in the docker compose in ``src/main/docker/atlassian.yml`` If the version number is not equal, adjust the version number. -Further details about the docker-compose setup can be found in ``src/main/docker`` +Further details about the *docker compose* setup can be found in ``src/main/docker`` -Execute the docker-compose file e.g. with -``docker-compose -f src/main/docker/atlassian.yml up -d``. +Execute the *docker compose* file e.g. with +``docker compose -f src/main/docker/atlassian.yml up -d``. Error Handling: It can happen that there is an overload with other docker networks diff --git a/docs/dev/setup/jenkins-gitlab.rst.txt b/docs/dev/setup/jenkins-gitlab.rst.txt index 859d9232efd5..5e60df408c88 100644 --- a/docs/dev/setup/jenkins-gitlab.rst.txt +++ b/docs/dev/setup/jenkins-gitlab.rst.txt @@ -151,9 +151,9 @@ tokens instead of the predefined ones. :: - GITLAB_ROOT_PASSWORD=artemis_admin docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d gitlab + GITLAB_ROOT_PASSWORD=artemis_admin docker compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d gitlab - If you want to generate a random password for the ``root`` user, remove the part before ``docker-compose`` from + If you want to generate a random password for the ``root`` user, remove the part before ``docker compose`` from the command. The file uses the ``GITLAB_OMNIBUS_CONFIG`` environment variable to configure the Gitlab instance after the container @@ -170,7 +170,7 @@ tokens instead of the predefined ones. .. code:: bash - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab cat /etc/gitlab/initial_root_password + docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab cat /etc/gitlab/initial_root_password 3. Insert the GitLab root user password in the file ``application-local.yml`` (in src/main/resources) and insert the GitLab admin account. @@ -189,7 +189,7 @@ tokens instead of the predefined ones. :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_user, :read_api, :read_repository, :write_repository, :sudo], name: 'Artemis Admin Token'); token.set_token('artemis-gitlab-token'); token.save!" + docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_user, :read_api, :read_repository, :write_repository, :sudo], name: 'Artemis Admin Token'); token.set_token('artemis-gitlab-token'); token.save!" | You can also manually create in by navigating to ``http://localhost:8081/-/profile/personal_access_tokens`` and generate a token with all scopes. @@ -201,7 +201,7 @@ tokens instead of the predefined ones. :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab /bin/sh -c "sh /gitlab-local-setup.sh" + docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab /bin/sh -c "sh /gitlab-local-setup.sh" This script can also generate random access tokens, which should be used in a production setup. Change the variable ``$GENERATE_ACCESS_TOKENS`` to ``true`` to generate the random tokens and insert them into the Artemis @@ -466,7 +466,7 @@ do either do it manually or using the following command: :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_repository], name: 'Jenkins'); token.set_token('jenkins-gitlab-token'); token.save!" + docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_repository], name: 'Jenkins'); token.set_token('jenkins-gitlab-token'); token.save!" @@ -475,7 +475,7 @@ do either do it manually or using the following command: :: - JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d + JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d Jenkins is then reachable under ``http://localhost:8082/`` and you can login using the credentials specified in ``jenkins-casc-config.yml`` (defaults to ``artemis_admin`` as both username and password). @@ -932,7 +932,7 @@ the following steps: 12. In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden. This is done be executing the following command: - ``docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < src/main/docker/jenkins/jenkins-disable-csrf.groovy`` + ``docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < src/main/docker/jenkins/jenkins-disable-csrf.groovy`` The last step is to disable the ``use-crumb`` option in ``application-local.yml``: @@ -955,11 +955,11 @@ and the corresponding Docker image can be found on For example, if you want to upgrade Jenkins to version ``2.289.2``, you will need to use the ``jenkins/jenkins:2.289.2-lts`` image. -2. If you're using docker-compose, you can simply use the following command and skip the next steps. +2. If you're using ``docker compose``, you can simply use the following command and skip the next steps. :: - docker-compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d + docker compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d 3. Build the new Docker image: @@ -1391,7 +1391,7 @@ Artemis 2. In ``src/main/resources/config/application-dev.yml`` at ``server:`` use ``port: 8080`` for Artemis. -3. Run ``docker-compose up``. +3. Run ``docker compose up``. 4. After the container has been deployed run ``docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' artemis_artemis-server`` @@ -1401,4 +1401,4 @@ Artemis at ``url:`` paste the copied IP with the port number, e.g. ``url: http://172.33.0.1:8080``. 6. Stop the Artemis docker container with Control-C and re-run - ``docker-compose up``. + ``docker compose up``. diff --git a/docs/dev/setup/kubernetes.rst.txt b/docs/dev/setup/kubernetes.rst.txt index 46b5adddb225..32df4ea153db 100644 --- a/docs/dev/setup/kubernetes.rst.txt +++ b/docs/dev/setup/kubernetes.rst.txt @@ -311,7 +311,7 @@ Run Docker build and prepare the Artemis image to be pushed in DockerHub using t :: - docker build -t /artemis -f src/main/docker/Dockerfile . + docker build -t /artemis -f src/main/docker/artemis/Dockerfile . This will create the Docker image by copying the war file which was generated by the previous command. diff --git a/src/main/docker/.dockerignore b/src/main/docker/.dockerignore deleted file mode 100644 index b03bdc71eeee..000000000000 --- a/src/main/docker/.dockerignore +++ /dev/null @@ -1,14 +0,0 @@ -# https://docs.docker.com/engine/reference/builder/#dockerignore-file -classes/ -generated-sources/ -generated-test-sources/ -h2db/ -maven-archiver/ -maven-status/ -reports/ -surefire-reports/ -test-classes/ -test-results/ -www/ -!*.jar -!*.war diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile deleted file mode 100644 index 1bee2f12380c..000000000000 --- a/src/main/docker/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -FROM eclipse-temurin:17-jre - -ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ - JHIPSTER_SLEEP=0 \ - JAVA_OPTS="" - -# Specify profiles for Spring Boot -ENV spring.profiles.active "" - -RUN echo "Installing needed dependencies" \ - && apt-get update && apt-get install -y --no-install-recommends locales graphviz wget \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# See https://github.com/ls1intum/Artemis/issues/4439 -RUN echo "Fixing locales" \ - && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ - && locale-gen - -ENV LC_ALL en_US.UTF-8 -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US.UTF-8 - -ARG GOSU_VERSION=1.12 - -RUN echo "Installing gosu (needed for bootstrap.sh)" \ - && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \ - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \ - && chmod +x /usr/local/bin/gosu \ - && gosu nobody true - -# Copy default configuration to container -WORKDIR /defaults/artemis -COPY src/main/resources/config/application*.yml ./ - -# Copy Artemis.war to execution location -WORKDIR /opt/artemis -ARG WAR_PATH=build/libs -COPY $WAR_PATH/*.war Artemis.war - -COPY bootstrap.sh /bootstrap.sh - -RUN chmod +x /bootstrap.sh \ - && useradd -ms /bin/bash artemis - -# Create directories for volumes -RUN mkdir -p /opt/artemis/config /opt/artemis/data /opt/artemis/public/content - -VOLUME ["/opt/artemis/config"] -VOLUME ["/opt/artemis/data"] -VOLUME ["/opt/artemis/public/content"] - -EXPOSE 8080 - -ENTRYPOINT ["/bin/bash", "/bootstrap.sh"] diff --git a/src/main/docker/README.md b/src/main/docker/README.md index 4b019a116d77..465c64d6c3cc 100644 --- a/src/main/docker/README.md +++ b/src/main/docker/README.md @@ -1,23 +1,25 @@ -# Docker Configurations +# Docker-Compose Configurations +An overview of all possible setups can be found in the docs at `docs/dev/setup.rst` in the section +`Alternative: Docker-Compose Setup`. -## Atlassian Setup +## Atlassian Setup -You can start a local Atlassian stack (Jira, Bitbucket, Bamboo) using the `atlassian.yml` docker-compose file. We build the docker images in [this repository](https://github.com/ls1intum/Artemis-Local-Setup-Docker) +You can start a local Atlassian stack (Jira, Bitbucket, Bamboo) using the `atlassian.yml` docker compose file. We build the docker images in [this repository](https://github.com/ls1intum/Artemis-Local-Setup-Docker) Start vanilla atlassian stack: ``` -docker-compose -f atlassian.yml up -d +docker compose -f atlassian.yml up -d ``` Start atlassian stack which can execute `C` builds: ``` -docker-compose -f atlassian.yml -f atlassian.c.override.yml up -d +docker compose -f atlassian.yml -f atlassian/atlassian.c.override.yml up -d ``` Start atlassian stack which can execute `swift` builds: ``` -docker-compose -f atlassian.yml -f atlassian.swift.override.yml up -d +docker compose -f atlassian.yml -f atlassian/atlassian.swift.override.yml up -d ``` diff --git a/src/main/docker/TODO.md b/src/main/docker/TODO.md new file mode 100644 index 000000000000..a40648650f0d --- /dev/null +++ b/src/main/docker/TODO.md @@ -0,0 +1,7 @@ +# Docker Todos: + +General Docker Todos for this subdirectory: + +* unify folder structure (all base services in folders?, where should we put setups?, ...) +* document folder structure +* SPRING_PROFILES_ACTIVE: atlassian stack really as default? it also runs without it? diff --git a/src/main/docker/activemq.yml b/src/main/docker/activemq.yml index 4b088cb7cd81..7afed6f2f17e 100644 --- a/src/main/docker/activemq.yml +++ b/src/main/docker/activemq.yml @@ -1,9 +1,9 @@ -version: '2' services: activemq-broker: + container_name: artemis-activemq-broker image: vromero/activemq-artemis:latest environment: - - ARTEMIS_USERNAME=guest - - ARTEMIS_PASSWORD=guest + ARTEMIS_USERNAME: guest + ARTEMIS_PASSWORD: guest ports: - 61613:61613 diff --git a/src/main/docker/app.yml b/src/main/docker/app.yml deleted file mode 100644 index 426f2b23c52b..000000000000 --- a/src/main/docker/app.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: '2.4' -services: - artemis-app: - image: artemis - environment: - - _JAVA_OPTIONS=-Xmx512m -Xms256m - - SPRING_PROFILES_ACTIVE=prod,openapi - - MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true - - SPRING_DATASOURCE_URL=jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - - EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://admin:$${jhipster.registry.password}@jhipster-registry:8761/eureka - - SPRING_CLOUD_CONFIG_URI=http://admin:$${jhipster.registry.password}@jhipster-registry:8761/config - - JHIPSTER_SLEEP=30 # gives time for other services to boot before the application - ports: - - 8080:8080 - networks: - - artemis - depends_on: - - artemis-mysql - artemis-mysql: - extends: - file: mysql.yml - service: artemis-mysql - -networks: - artemis: - driver: "bridge" diff --git a/src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml b/src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml new file mode 100644 index 000000000000..0e9dff1a22d8 --- /dev/null +++ b/src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml @@ -0,0 +1,53 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Dev-MySQL-GitLab-Jenkins Setup +# ---------------------------------------------------------------------------------------------------------------------- + +services: + artemis-app: + extends: + file: ./artemis/artemis.yml + service: artemis-app + ports: + - 5005:5005 # Java Remote Debugging port declared in the java cmd options + command: > + /bin/sh -c + '/usr/local/bin/wait-for -t 0 artemis-mysql:3306 + && /usr/local/bin/wait-for -t 0 http://gitlab/-/readiness + && /usr/local/bin/wait-for -t 0 http://jenkins:8080/login + && /run_artemis.sh' + volumes: + - ./specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml:/opt/artemis/config/application-local.yml:ro + - ./scripts/wait-for.sh:/usr/local/bin/wait-for:ro + environment: + SPRING_PROFILES_ACTIVE: dev,jenkins,gitlab,artemis,scheduling,athene,docker,local + JAVA_REMOTE_DEBUG: true + mysql: + extends: + file: mysql.yml + service: mysql + gitlab: + extends: + file: ./gitlab/gitlab.yml + service: gitlab + jenkins: + extends: + file: ./jenkins/jenkins.yml + service: jenkins + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-gitlab-data: + name: artemis-gitlab-data + artemis-gitlab-logs: + name: artemis-gitlab-logs + artemis-gitlab-config: + name: artemis-gitlab-config + artemis-jenkins-data: + name: artemis-jenkins-data + artemis-mysql-data: + name: artemis-mysql-data + artemis-data: + name: artemis-data diff --git a/src/main/docker/artemis-dev-mysql.yml b/src/main/docker/artemis-dev-mysql.yml new file mode 100644 index 000000000000..3cca46f34055 --- /dev/null +++ b/src/main/docker/artemis-dev-mysql.yml @@ -0,0 +1,37 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Dev-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- + +# this is the default artemis development setup also linked to in the docker-compose.yml in the project root + +services: + artemis-app: + extends: + file: ./artemis/artemis.yml + service: artemis-app + ports: + - 5005:5005 # Java Remote Debugging port declared in the java cmd options + command: > + /bin/sh -c + '/usr/local/bin/wait-for -t 0 artemis-mysql:3306 + && /run_artemis.sh' + environment: + JAVA_REMOTE_DEBUG: true + volumes: + - ./scripts/wait-for.sh:/usr/local/bin/wait-for:ro + depends_on: + - mysql + mysql: + extends: + file: mysql.yml + service: mysql + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data + artemis-data: + name: artemis-data diff --git a/src/main/docker/artemis-server-client-mysql.yml b/src/main/docker/artemis-server-client-mysql.yml new file mode 100644 index 000000000000..5e51ebc5649f --- /dev/null +++ b/src/main/docker/artemis-server-client-mysql.yml @@ -0,0 +1,60 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Server-Client-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- + +# NOTE: this docker compose file starts the artemis-server (as jar file) and the artemis-client in separate containers. +# This setup is aimed for development. +# If you want to start the whole Artemis application (server and client) in the same container, you need to use +# the Artemis-Dev-MySQL Setup contained in artemis-dev-mysql.yml + +# TODO: unify more into depth for separate JS and Java container (maybe even sperated Dockerfiles?) for development? +# TODO: or remove this setup completely + +services: + artemis-server: + # TODO: the command is outdated: either see the ansible script or the docs at + # https://artemis-platform.readthedocs.io/en/latest/dev/setup/#run-the-server-via-a-service-configuration + command: > + sh -c "(apt update && apt install -y fontconfig ttf-dejavu graphviz || true) + && ./gradlew build -x webapp -x test -x jacocoTestCoverageVerification -x spotlessCheck -x checkstyleMain -x checkstyleTest + && java -jar --add-exports java.naming/com.sun.jndi.ldap=ALL-UNNAMED build/libs/Artemis-*.jar" + depends_on: + - mysql + image: ghcr.io/ls1intum/docker-jdk-node-yarn + environment: + SPRING_DATASOURCE_URL: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC + SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling + networks: + - artemis + ports: + - 8080:8080 + volumes: + - ./../../..:/server/ + working_dir: /server + + artemis-client: + # TODO: look if webpack is still being used otherwise delete it and put something more up to date here + # this is currently failing to build + command: sh -c "npm install && npm run start-docker" + depends_on: + - artemis-server + image: ghcr.io/ls1intum/docker-jdk-node-yarn + networks: + - artemis + ports: + - 9000:9000 + volumes: + - ./../../..:/client/ + working_dir: /client + + mysql: + extends: + file: mysql.yml + service: mysql + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: diff --git a/src/main/docker/artemis/Dockerfile b/src/main/docker/artemis/Dockerfile new file mode 100644 index 000000000000..fcbd1064d36c --- /dev/null +++ b/src/main/docker/artemis/Dockerfile @@ -0,0 +1,69 @@ +#TODO: cache beforehand of the gradle dependencies which don't change often ... + +#----------------------------------------------------------------------------------------------------------------------- +# build stage +#----------------------------------------------------------------------------------------------------------------------- +# TODO: just use eclipse-temurin as gradle installs node, used image below to match bamboo build pipeline for prod +FROM ghcr.io/ls1intum/docker-jdk-node-yarn as builder + +WORKDIR /opt/artemis +# TODO: make this more secure/performant and don't copy everything? or let this be handled just by the .dockerignore? +# maybe build dependencies before that could be more performant than copying everything at once +# COPY src gradle gradlew . +COPY . . +# TODO: would be obsolete after integration of PR5622 +ENV NODE_OPTIONS "--max_old_space_size=6144" +RUN ./gradlew -i --stacktrace --no-daemon -Pprod -Pwar clean bootWar + +#----------------------------------------------------------------------------------------------------------------------- +# runtime stage +#----------------------------------------------------------------------------------------------------------------------- +FROM eclipse-temurin:17-jre + +# TODO: do we need all of these? If so why? Or should we maybe declare them somewhere else? +ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ + JHIPSTER_SLEEP=0 \ + JAVA_OPTS="" + +# Specify profiles for Spring Boot +ENV spring.profiles.active "" + +# Docker Compose: wget and netcat (service checks) +# Artemis: wget(?), graphviz, locales +RUN echo "Installing needed dependencies" \ + && apt-get update && apt-get install -y --no-install-recommends locales graphviz wget netcat-openbsd\ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# See https://github.com/ls1intum/Artemis/issues/4439 +RUN echo "Fixing locales" \ + && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ + && locale-gen +ENV LC_ALL en_US.UTF-8 +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US.UTF-8 + +# Create directories for volumes, create artemis user and set right owners +# also create an empty application-local.yml file as placeholder to be overwritten with a bind volume mount +RUN mkdir -p /opt/artemis/config /opt/artemis/data /opt/artemis/public/content \ + && useradd -Ums /bin/bash artemis \ + && chown -R artemis:artemis /opt/artemis +USER artemis:artemis + +# Prepare Entrypoint boostrap.sh +COPY --chown=artemis:artemis src/main/docker/artemis/run_artemis.sh /run_artemis.sh +RUN chmod 774 /run_artemis.sh + +# Copy Artemis.war to execution location +WORKDIR /opt/artemis +ARG WAR_PATH=build/libs + +COPY --chown=artemis:artemis --from=builder /opt/artemis/$WAR_PATH/*.war Artemis.war + +VOLUME ["/opt/artemis/config"] +VOLUME ["/opt/artemis/data"] +VOLUME ["/opt/artemis/public/content"] + +EXPOSE 8080 + +CMD ["/bin/bash", "/run_artemis.sh"] diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml new file mode 100644 index 000000000000..470c757b2aa4 --- /dev/null +++ b/src/main/docker/artemis/artemis.yml @@ -0,0 +1,40 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + artemis-app: + container_name: artemis-app + # TODO: add support for armv8 + platform: linux/x86_64 + # TODO: change this to develop before merging to develop branch + # TODO: setup build pipeline for develop-deployment-wg + image: ghcr.io/ls1intum/artemis:develop-deployment-wg + build: + context: ../../../.. + dockerfile: src/main/docker/artemis/Dockerfile + # maps application-local.yml to the container as this is the override file for all other configs + # (the default configs are packaged in the war file and don't need to be mapped here) + # TODO: check how the non-existent application-local.yml problem can be solved + volumes: + - artemis-data:/opt/artemis/data + - ../../resources/config/application-local.yml:/opt/artemis/config/application-local.yml:ro + # environments can also be used for custom overrides (alternative to application-local.yml volume) + # the following environments are necessary for docker images orchestrated by docker compose + environment: + _JAVA_OPTIONS: -Xmx5120m -Xms2560m + SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling,athene,docker,local + # TODO: add a restart at a certain stage for prod systems for sure, not sure about dev systems?, discuss + # restart: unless-stopped + ports: + - 8080:8080 + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-data: + name: artemis-data diff --git a/bootstrap.sh b/src/main/docker/artemis/run_artemis.sh similarity index 66% rename from bootstrap.sh rename to src/main/docker/artemis/run_artemis.sh index ea86e1aabf51..5c9c68557eee 100644 --- a/bootstrap.sh +++ b/src/main/docker/artemis/run_artemis.sh @@ -2,20 +2,16 @@ # Entrypoint file for Docker Images of Artemis. The deployment of the application is set to /opt/artemis -cd /opt/artemis || exit 1 - -if [ -z "$(ls -A config)" ]; then - echo "Config is Empty .. copying default ones .." - cp -n -a /defaults/artemis/. config/ +if [[ "$JAVA_REMOTE_DEBUG" == "true" ]]; then + # set JAVA_REMOTE_DEBUG_SUSPEND to y if Artemis should wait until you connect your remote debugger + RemoteDebuggingOption="-agentlib:jdwp=transport=dt_socket,server=y,suspend=${JAVA_REMOTE_DEBUG_SUSPEND:-n},address=*:5005" else - echo "Config is not empty .. not copying default configs .." + RemoteDebuggingOption="" fi -# Ensure at least the directories are owned by artemis. "-R" takes too long -chown artemis:artemis config data - echo "Starting application..." -exec gosu artemis java \ +exec java \ + ${RemoteDebuggingOption} \ -Djdk.tls.ephemeralDHKeySize=2048 \ -DLC_CTYPE=UTF-8 \ -Dfile.encoding=UTF-8 \ @@ -30,4 +26,4 @@ exec gosu artemis java \ --add-opens java.base/sun.nio.ch=ALL-UNNAMED \ --add-opens java.management/sun.management=ALL-UNNAMED \ --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED \ - -jar Artemis.war + -jar /opt/artemis/Artemis.war diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index 63aa6929d714..531382eb4039 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -1,52 +1,48 @@ -version: "2" +# ---------------------------------------------------------------------------------------------------------------------- +# Atlassian Setup +# ---------------------------------------------------------------------------------------------------------------------- + services: jira: - container_name: artemis_jira + container_name: artemis-jira image: ghcr.io/ls1intum/artemis-jira:8.20.11 volumes: - - artemis-jira:/var/atlassian/application-data/jira + - artemis-jira-data:/var/atlassian/application-data/jira ports: - "8081:8080" - hostname: jira networks: - artemis: - ipv4_address: 172.20.0.2 + - artemis bitbucket: - container_name: artemis_bitbucket + container_name: artemis-bitbucket image: ghcr.io/ls1intum/artemis-bitbucket:7.21.4 volumes: - - artemis-bitbucket:/var/atlassian/application-data/bitbucket + - artemis-bitbucket-data:/var/atlassian/application-data/bitbucket environment: - SPRING_APPLICATION_JSON={"plugin":{"ssh":{"baseurl":"ssh://bitbucket:7999"}}} ports: - "7990:7990" - "7999:7999" - hostname: bitbucket networks: - artemis: - ipv4_address: 172.20.0.3 + - artemis bamboo: - container_name: artemis_bamboo + container_name: artemis-bamboo image: ghcr.io/ls1intum/artemis-bamboo:8.2.5 volumes: - - artemis-bamboo:/var/atlassian/application-data/bamboo + - artemis-bamboo-data:/var/atlassian/application-data/bamboo ports: - "54663:54663" - "8085:8085" - hostname: bamboo networks: - artemis: - ipv4_address: 172.20.0.4 + - artemis networks: - artemis: - driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.20.0.0/24 - + artemis: + driver: "bridge" + name: artemis volumes: - artemis-jira: - artemis-bitbucket: - artemis-bamboo: + artemis-jira-data: + name: artemis-jira-data + artemis-bitbucket-data: + name: artemis-bitbucket-data + artemis-bamboo-data: + name: artemis-bamboo-data diff --git a/src/main/docker/atlassian-setup.sh b/src/main/docker/atlassian/atlassian-setup.sh similarity index 100% rename from src/main/docker/atlassian-setup.sh rename to src/main/docker/atlassian/atlassian-setup.sh diff --git a/src/main/docker/atlassian.c.override.yml b/src/main/docker/atlassian/atlassian.c.override.yml similarity index 85% rename from src/main/docker/atlassian.c.override.yml rename to src/main/docker/atlassian/atlassian.c.override.yml index cd56f31e4b70..2a0cdf37a75f 100644 --- a/src/main/docker/atlassian.c.override.yml +++ b/src/main/docker/atlassian/atlassian.c.override.yml @@ -1,4 +1,3 @@ -version: "2" services: bamboo: image: ghcr.io/ls1intum/artemis-bamboo:8.1.3-c diff --git a/src/main/docker/atlassian.swift.override.yml b/src/main/docker/atlassian/atlassian.swift.override.yml similarity index 86% rename from src/main/docker/atlassian.swift.override.yml rename to src/main/docker/atlassian/atlassian.swift.override.yml index 881d471b5b4f..7e8970e73424 100644 --- a/src/main/docker/atlassian.swift.override.yml +++ b/src/main/docker/atlassian/atlassian.swift.override.yml @@ -1,4 +1,3 @@ -version: "2" services: bamboo: image: ghcr.io/ls1intum/artemis-bamboo:8.1.3-swift diff --git a/src/main/docker/central-server-config/README.md b/src/main/docker/central-server-config/README.md index 8330d4810e6d..86c0b2686ef4 100644 --- a/src/main/docker/central-server-config/README.md +++ b/src/main/docker/central-server-config/README.md @@ -2,7 +2,7 @@ The JHipster-Registry will use the following directories as its configuration source : -- localhost-config : when running the registry in docker with the jhipster-registry.yml docker-compose file -- docker-config : when running the registry and the app both in docker with the app.yml docker-compose file +- localhost-config : when running the registry in docker with the jhipster-registry.yml docker compose file +- docker-config : when running the registry and the app both in docker with the app.yml docker compose file For more info, refer to https://www.jhipster.tech/jhipster-registry/#spring-cloud-config diff --git a/src/main/docker/cypress/docker-compose.yml b/src/main/docker/cypress/docker-compose.yml index 36d70d26af20..d48571b31008 100644 --- a/src/main/docker/cypress/docker-compose.yml +++ b/src/main/docker/cypress/docker-compose.yml @@ -1,9 +1,9 @@ -version: '2.4' services: - artemis-mysql: + mysql: + # TODO: fix this extends: file: ../mysql.yml - service: artemis-mysql + service: mysql healthcheck: test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"] interval: 1s @@ -11,10 +11,11 @@ services: retries: 30 artemis-app: + # TODO: check bamboo E2E pipeline and how we can integrate this here build: # This is required to copy the Artemis war file properly into the container context: ../../../.. - dockerfile: src/main/docker/Dockerfile + dockerfile: ../artemis/Dockerfile volumes: - ../../resources/config/application-prod.yml:/opt/artemis/config/application-prod.yml:ro - ./application.yml:/opt/artemis/config/application.yml:ro @@ -45,7 +46,7 @@ services: networks: - artemis depends_on: - artemis-mysql: + mysql: condition: service_healthy artemis-cypress: @@ -75,3 +76,6 @@ services: networks: artemis: driver: "bridge" + +volumes: + artemis-mysql-data: diff --git a/src/main/docker/docker-compose.yml b/src/main/docker/docker-compose.yml deleted file mode 100644 index 91f7fef70149..000000000000 --- a/src/main/docker/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: '2.4' -services: - artemis-app: - platform: linux/x86_64 - image: ghcr.io/ls1intum/artemis - build: - context: ../../.. - dockerfile: src/main/docker/Dockerfile - volumes: - - ../resources/config/application-dev.yml:/opt/artemis/application-dev.yml:ro - - ../resources/config/application-artemis.yml:/opt/artemis/application-artemis.yml:ro - environment: - _JAVA_OPTIONS: -Xmx5120m -Xms2560m - SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling,athene,local - SPRING_DATASOURCE_URL: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - SPRING_DATASOURCE_USERNAME: root - SPRING_DATASOURCE_PASSWORD: - JHIPSTER_SLEEP: 30 # gives time for other services to boot before the application - ports: - - 8080:8080 - networks: - - artemis - depends_on: - - artemis-mysql - artemis-mysql: - extends: - file: mysql.yml - service: artemis-mysql - -networks: - artemis: - driver: "bridge" diff --git a/src/main/docker/gitlab-gitlabci.yml b/src/main/docker/gitlab-gitlabci.yml index 31291c4c0390..5df87c05f73a 100644 --- a/src/main/docker/gitlab-gitlabci.yml +++ b/src/main/docker/gitlab-gitlabci.yml @@ -1,8 +1,13 @@ -version: "3.6" +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab-GitLabCI Setup +# ---------------------------------------------------------------------------------------------------------------------- + services: gitlab: - build: gitlab - container_name: gitlab + # TODO: check if the other settings can also be integrated into gitlab.yml + extends: + file: ./gitlab/gitlab.yml + service: gitlab volumes: - artemis-gitlab-data:/var/opt/gitlab - artemis-gitlab-logs:/var/log/gitlab @@ -22,31 +27,28 @@ services: - '80:80' - '443:443' shm_size: '256m' - networks: - gitlab: - ipv4_address: 172.20.0.2 gitlab-runner: image: gitlab/gitlab-runner:latest - container_name: gitlab-runner + container_name: artemis-gitlab-runner volumes: - /var/run/docker.sock:/var/run/docker.sock - /usr/local/bin/docker:/usr/bin/docker - artemis-gitlabci-runner-config:/etc/gitlab-runner hostname: 'gitlab-runner' networks: - gitlab: - ipv4_address: 172.20.0.3 + - artemis networks: - gitlab: - driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.20.0.0/24 + artemis: + driver: "bridge" + name: artemis volumes: artemis-gitlab-data: + name: artemis-gitlab-data artemis-gitlab-logs: + name: artemis-gitlab-logs artemis-gitlab-config: + name: artemis-gitlab-config artemis-gitlabci-runner-config: + name: artemis-gitlabci-runner-config diff --git a/src/main/docker/gitlab-jenkins-mysql.yml b/src/main/docker/gitlab-jenkins-mysql.yml index 507e86118ad8..69f764b2a33e 100644 --- a/src/main/docker/gitlab-jenkins-mysql.yml +++ b/src/main/docker/gitlab-jenkins-mysql.yml @@ -1,64 +1,33 @@ -version: "3" +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab-Jenkins-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- + services: gitlab: - build: gitlab - volumes: - - artemis-gitlab-data:/var/opt/gitlab - - artemis-gitlab-logs:/var/log/gitlab - - artemis-gitlab-config:/etc/gitlab - - ./gitlab/gitlab-local-setup.sh:/gitlab-local-setup.sh - environment: - - GITLAB_OMNIBUS_CONFIG=prometheus_monitoring['enable'] = false; gitlab_rails['gitlab_shell_ssh_port'] = 2222; gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'] - - GITLAB_ROOT_PASSWORD - ports: - - "2222:22" - - "8081:80" - hostname: gitlab - networks: - artemis-gitlab: - ipv4_address: 172.33.0.2 + extends: + file: ./gitlab/gitlab.yml + service: gitlab jenkins: - build: jenkins - user: root - volumes: - - artemis-jenkins-data:/var/jenkins_home - - ./jenkins/jenkins-disable-csrf.groovy:/var/jenkins_home/init.groovy # Disable CSRF token - - ./jenkins/master-key-only-for-testing.key:/var/jenkins_home/master.key # Preset master key to use pre-generated secrets - - ./jenkins/jenkins-casc-config.yml:/usr/share/jenkins/ref/jenkins-casc-config.yml:ro - - /var/run/docker.sock:/var/run/docker.sock - - /usr/bin/docker:/usr/bin/docker:ro - ports: - - "8082:8080" - hostname: jenkins - environment: - - CASC_JENKINS_CONFIG=/usr/share/jenkins/ref/jenkins-casc-config.yml - - JAVA_OPTS - networks: - artemis-gitlab: - ipv4_address: 172.33.0.3 + extends: + file: ./jenkins/jenkins.yml + service: jenkins mysql: - command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp - environment: - - MYSQL_ALLOW_EMPTY_PASSWORD=yes - - MYSQL_DATABASE=Artemis - image: mysql:8.0.31 - ports: - - 3306:3306 - volumes: - - artemis-mysql-data:/var/lib/mysql - networks: - artemis-gitlab: - ipv4_address: 172.33.0.4 + extends: + file: mysql.yml + service: mysql + networks: - artemis-gitlab: + artemis: driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.33.0.0/24 + name: artemis volumes: artemis-gitlab-data: + name: artemis-gitlab-data artemis-gitlab-logs: + name: artemis-gitlab-logs artemis-gitlab-config: + name: artemis-gitlab-config artemis-jenkins-data: + name: artemis-jenkins-data artemis-mysql-data: + name: artemis-mysql-data diff --git a/src/main/docker/gitlab-jenkins.yml b/src/main/docker/gitlab-jenkins.yml index 367481e540fd..e8b97c7c055c 100644 --- a/src/main/docker/gitlab-jenkins.yml +++ b/src/main/docker/gitlab-jenkins.yml @@ -1,42 +1,27 @@ -version: "2" +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab-Jenkins Setup +# ---------------------------------------------------------------------------------------------------------------------- + services: gitlab: - image: gitlab/gitlab-ce:latest - volumes: - - artemis-gitlab-data:/var/opt/gitlab - - artemis-gitlab-logs:/var/log/gitlab - - artemis-gitlab-config:/etc/gitlab - - ./gitlab/gitlab-setup.sh:/gitlab-setup.sh - ports: - - "2222:22" - - "8082:80" - mem_limit: 3000m - hostname: gitlab - networks: - artemis: - ipv4_address: 172.19.0.2 + extends: + file: ./gitlab/gitlab.yml + service: gitlab jenkins: - build: jenkins - volumes: - - artemis-jenkins-data:/var/jenkins_home - - /var/run/docker.sock:/var/run/docker.sock - ports: - - "8083:8080" - hostname: jenkins - networks: - artemis: - ipv4_address: 172.19.0.3 + extends: + file: ./jenkins/jenkins.yml + service: jenkins networks: artemis: driver: "bridge" - ipam: - driver: default - config: - - subnet: 172.19.0.0/24 - + name: artemis volumes: artemis-gitlab-data: + name: artemis-gitlab-data artemis-gitlab-logs: + name: artemis-gitlab-logs artemis-gitlab-config: + name: artemis-gitlab-config artemis-jenkins-data: + name: artemis-jenkins-data diff --git a/src/main/docker/gitlab/README.md b/src/main/docker/gitlab/README.md index f87881a66ad6..5185660c1342 100644 --- a/src/main/docker/gitlab/README.md +++ b/src/main/docker/gitlab/README.md @@ -2,13 +2,16 @@ First, configure the environment parameters: ```bash -cp src/main/docker/env.example.gitlab-gitlabci.txt src/main/docker/.env -vi src/main/docker/.env +cp src/main/docker/gitlab/env.example.gitlab-gitlabci.txt src/main/docker/gitlab/gitlab-gitlabci.env +vi src/main/docker/gitlab/gitlab-gitlabci.env ``` Run the following command to start GitLab and a GitLab Runner in a Docker container: + ```bash -docker-compose -f src/main/docker/gitlab-gitlabci.yml --env-file src/main/docker/.env up --build -d +docker compose -f src/main/docker/gitlab-gitlabci.yml --env-file src/main/docker/gitlab/gitlab-gitlabci.env up --build -d ``` Then log on to http://localhost/ with the password (`sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password`) and go to http://localhost/admin/runners. diff --git a/src/main/docker/env.example.gitlab-gitlabci.txt b/src/main/docker/gitlab/env.example.gitlab-gitlabci.txt similarity index 100% rename from src/main/docker/env.example.gitlab-gitlabci.txt rename to src/main/docker/gitlab/env.example.gitlab-gitlabci.txt diff --git a/src/main/docker/gitlab/gitlab-setup.sh b/src/main/docker/gitlab/gitlab-setup.sh index 19b3dc896bf2..31659f5fa9d6 100755 --- a/src/main/docker/gitlab/gitlab-setup.sh +++ b/src/main/docker/gitlab/gitlab-setup.sh @@ -3,7 +3,7 @@ # Gitlab setup script # # If you have any questions, ask Simon Leiß # # This script can be run by using the command # -# docker-compose -f src/main/docker/gitlab-jenkins.yml exec artemis-gitlab /./gitlab-setup.sh # +# docker compose -f src/main/docker/gitlab-jenkins.yml exec artemis-gitlab /./gitlab-setup.sh # ################################################################################################### @@ -48,7 +48,7 @@ SSH_CHANGED=$REPLY if [[ $SSH_CHANGED =~ ^[Yy]$ ]] then echo - echo "Alright, we will setup the new SSH port now. Make sure to use the same port in the docker-compose file." + echo "Alright, we will setup the new SSH port now. Make sure to use the same port in the docker compose file." read -p "What alternative SSH port should be used? [e.g. \"2222\"]. Do not include any quotation marks.`echo $'\n> '`" -r echo SSH_PORT=$REPLY diff --git a/src/main/docker/gitlab/gitlab.yml b/src/main/docker/gitlab/gitlab.yml new file mode 100644 index 000000000000..54b6ed5f2992 --- /dev/null +++ b/src/main/docker/gitlab/gitlab.yml @@ -0,0 +1,33 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# GitLab base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + gitlab: + container_name: artemis-gitlab + build: . + volumes: + - artemis-gitlab-data:/var/opt/gitlab + - artemis-gitlab-logs:/var/log/gitlab + - artemis-gitlab-config:/etc/gitlab + - ./gitlab-local-setup.sh:/gitlab-local-setup.sh + environment: + - GITLAB_OMNIBUS_CONFIG=prometheus_monitoring['enable'] = false; gitlab_rails['gitlab_shell_ssh_port'] = 2222; gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0'] + - GITLAB_ROOT_PASSWORD + ports: + - "2222:22" + - "8081:80" + networks: + - artemis + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-gitlab-data: + name: artemis-gitlab-data + artemis-gitlab-logs: + name: artemis-gitlab-logs + artemis-gitlab-config: + name: artemis-gitlab-config diff --git a/src/main/docker/jenkins/jenkins.yml b/src/main/docker/jenkins/jenkins.yml new file mode 100644 index 000000000000..040aa7c3a5b5 --- /dev/null +++ b/src/main/docker/jenkins/jenkins.yml @@ -0,0 +1,31 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Jenkins base service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + jenkins: + container_name: artemis-jenkins + build: . + user: root + volumes: + - artemis-jenkins-data:/var/jenkins_home + - ./jenkins-disable-csrf.groovy:/var/jenkins_home/init.groovy # Disable CSRF token + - ./master-key-only-for-testing.key:/var/jenkins_home/master.key # Preset master key to use pre-generated secrets + - ./jenkins-casc-config.yml:/usr/share/jenkins/ref/jenkins-casc-config.yml:ro + - /var/run/docker.sock:/var/run/docker.sock + - /usr/bin/docker:/usr/bin/docker:ro + ports: + - "8082:8080" + networks: + - artemis + environment: + - CASC_JENKINS_CONFIG=/usr/share/jenkins/ref/jenkins-casc-config.yml + - JAVA_OPTS + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-jenkins-data: + name: artemis-jenkins-data diff --git a/src/main/docker/jhipster-registry.yml b/src/main/docker/jhipster-registry.yml index b38977d8aa1c..21b01253dcfc 100644 --- a/src/main/docker/jhipster-registry.yml +++ b/src/main/docker/jhipster-registry.yml @@ -1,6 +1,6 @@ -version: '2' services: jhipster-registry: + container_name: artemis-jhipster-registry image: jhipster/jhipster-registry:v6.1.2 volumes: - ./central-server-config:/central-config diff --git a/src/main/docker/kafka.yml b/src/main/docker/kafka.yml index 6dbfa59b3ebe..2922caefea36 100644 --- a/src/main/docker/kafka.yml +++ b/src/main/docker/kafka.yml @@ -1,11 +1,12 @@ -version: '3.8' services: zookeeper: + container_name: artemis-zookeeper image: confluentinc/cp-zookeeper:5.5.3 environment: ZOOKEEPER_CLIENT_PORT: 2181 ZOOKEEPER_TICK_TIME: 2000 kafka: + container_name: artemis-kafka image: confluentinc/cp-kafka:5.5.3 ports: - 9092:9092 diff --git a/src/main/docker/mailhog/mailhog.yml b/src/main/docker/mailhog/mailhog.yml new file mode 100644 index 000000000000..b999d5253b15 --- /dev/null +++ b/src/main/docker/mailhog/mailhog.yml @@ -0,0 +1,26 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Mailhog service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + mailhog: + container_name: artemis-mailhog + image: mailhog/mailhog + ports: + - 1025:1025 + - 8025:8025 + networks: + - artemis + +# TODO: add mailconfigs or yml file here for artemis? +#spring: +# mail: +# host: mailhog +# port: 1025 +# username: +# password: + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/src/main/docker/monitoring.yml b/src/main/docker/monitoring.yml index d50efbb395f2..aacba18f7453 100644 --- a/src/main/docker/monitoring.yml +++ b/src/main/docker/monitoring.yml @@ -1,7 +1,8 @@ # This configuration is intended for development purpose, it's **your** responsibility to harden it for production + services: prometheus: - container_name: prometheus + container_name: artemis-prometheus image: prom/prometheus:v2.34.0 # If you want to run this in production, you should persist the /etc/prometheus-directory #volumes: @@ -14,8 +15,9 @@ services: # grafana/provisioning/datasources/datasource.yml network_mode: 'host' # to test locally running service grafana: - container_name: grafana + container_name: artemis-grafana image: grafana/grafana:9.0.2 + # TODO: docker named volume maybe instead of this? otherwise .gitignore the used bind src mount volumes: - ./monitoring/grafana/provisioning/:/etc/grafana/provisioning/ environment: @@ -28,4 +30,6 @@ services: - 127.0.0.1:3000:3000 # On macOS, remove next line and replace localhost by host.docker.internal in prometheus/prometheus.yml and # grafana/provisioning/datasources/datasource.yml + # TODO: check if just host.docker.internal now works also for linux systems. already saw that there was progress. + # TODO: also check that it works when running Artemis locally and inside of our docker container network_mode: 'host' # to test locally running service diff --git a/src/main/docker/mysql.yml b/src/main/docker/mysql.yml index 4f034df16b36..18883d3a6d32 100644 --- a/src/main/docker/mysql.yml +++ b/src/main/docker/mysql.yml @@ -1,9 +1,13 @@ -version: '2.4' +# ---------------------------------------------------------------------------------------------------------------------- +# MySQL base service +# ---------------------------------------------------------------------------------------------------------------------- + services: - artemis-mysql: + mysql: + container_name: artemis-mysql image: mysql:8.0.31 - # volumes: - # - ~/volumes/jhipster/Artemis/mysql/:/var/lib/mysql/ + volumes: + - artemis-mysql-data:/var/lib/mysql environment: - MYSQL_ALLOW_EMPTY_PASSWORD=yes - MYSQL_ROOT_PASSWORD= @@ -11,9 +15,16 @@ services: ports: - 3306:3306 command: mysqld --lower_case_table_names=1 --skip-ssl --character_set_server=utf8mb4 --collation-server=utf8mb4_unicode_ci --explicit_defaults_for_timestamp + # mbind: Operation not permitted workaround for docker compose (see https://github.com/docker-library/mysql/issues/303) + cap_add: + - SYS_NICE # CAP_SYS_NICE networks: - artemis networks: artemis: driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data diff --git a/src/main/docker/saml-test/application-saml2.yml b/src/main/docker/saml-test/application-saml2.yml new file mode 100644 index 000000000000..93c6b9ab8da0 --- /dev/null +++ b/src/main/docker/saml-test/application-saml2.yml @@ -0,0 +1,25 @@ +saml2: + username-pattern: 'saml2-{first_name}_{last_name}' + first-name-pattern: '{first_name}' + last-name-pattern: '{last_name}' + email-pattern: '{email}' + registration-number-pattern: '{uid}' + identity-providers: + - metadata: http://saml-test:8080/simplesaml/saml2/idp/metadata.php + registration-id: testidp + entity-id: artemis + cert-file: # data/saml/cert (optional) Set this path to the Certificate for encryption/signing or leave it blank + key-file: # data/saml/key path-to-key (optional) Set this path to the Key for encryption/ssigning or leave it blank + +info.saml2: + # The name of the SAML2 identity provider shown on the login page (optional) + identity-provider-name: + # The label for the SAML2 login button (e.g., 'Shibboleth Login') + button-label: 'SAML2 Login' + # Disables the password-based login user interface, but leaves the API enabled. + # Use the URL query parameter '?showLoginForm' to display the login form nevertheless. + password-login-disabled: false + # Sends an e-mail to the new user with a link to set the Artemis password. This password allows login to Artemis and its + # services such as GitLab and Jenkins. This allows the users to use password-based Git workflows. + # Enables the password reset function in Artemis. + enable-password: true diff --git a/src/main/docker/saml-test/config.php b/src/main/docker/saml-test/config.php new file mode 100644 index 000000000000..b3b3fad36ef8 --- /dev/null +++ b/src/main/docker/saml-test/config.php @@ -0,0 +1,851 @@ + 'http://localhost:9980/simplesaml/', + 'certdir' => 'cert/', + 'loggingdir' => 'log/', + 'datadir' => 'data/', + + /* + * A directory where SimpleSAMLphp can save temporary files. + * + * SimpleSAMLphp will attempt to create this directory if it doesn't exist. + */ + 'tempdir' => '/tmp/simplesaml', + + + /* + * If you enable this option, SimpleSAMLphp will log all sent and received messages + * to the log file. + * + * This option also enables logging of the messages that are encrypted and decrypted. + * + * Note: The messages are logged with the DEBUG log level, so you also need to set + * the 'logging.level' option to LOG_DEBUG. + */ + 'debug' => true, + + /* + * When showerrors is enabled, all error messages and stack traces will be output + * to the browser. + * + * When errorreporting is enabled, a form will be presented for the user to report + * the error to technicalcontact_email. + */ + 'showerrors' => true, + 'errorreporting' => true, + + /** + * Custom error show function called from SimpleSAML_Error_Error::show. + * See docs/simplesamlphp-errorhandling.txt for function code example. + * + * Example: + * 'errors.show_function' => array('sspmod_example_Error_Show', 'show'), + */ + + /** + * This option allows you to enable validation of XML data against its + * schemas. A warning will be written to the log if validation fails. + */ + 'debug.validatexml' => false, + + /** + * This password must be kept secret, and modified from the default value 123. + * This password will give access to the installation page of SimpleSAMLphp with + * metadata listing and diagnostics pages. + * You can also put a hash here; run "bin/pwgen.php" to generate one. + */ + 'auth.adminpassword' => ((getenv('SIMPLESAMLPHP_ADMIN_PASSWORD') != '') ? getenv('SIMPLESAMLPHP_ADMIN_PASSWORD') : 'secret'), + 'admin.protectindexpage' => false, + 'admin.protectmetadata' => false, + + /** + * This is a secret salt used by SimpleSAMLphp when it needs to generate a secure hash + * of a value. It must be changed from its default value to a secret value. The value of + * 'secretsalt' can be any valid string of any length. + * + * A possible way to generate a random salt is by running the following command from a unix shell: + * tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo + */ + 'secretsalt' => ((getenv('SIMPLESAMLPHP_SECRET_SALT') != '') ? getenv('SIMPLESAMLPHP_SECRET_SALT') : 'defaultsecretsalt'), + + /* + * Some information about the technical persons running this installation. + * The email address will be used as the recipient address for error reports, and + * also as the technical contact in generated metadata. + */ + 'technicalcontact_name' => 'Administrator', + 'technicalcontact_email' => 'na@example.org', + + /* + * The timezone of the server. This option should be set to the timezone you want + * SimpleSAMLphp to report the time in. The default is to guess the timezone based + * on your system timezone. + * + * See this page for a list of valid timezones: http://php.net/manual/en/timezones.php + */ + 'timezone' => null, + + /* + * Logging. + * + * define the minimum log level to log + * SimpleSAML_Logger::ERR No statistics, only errors + * SimpleSAML_Logger::WARNING No statistics, only warnings/errors + * SimpleSAML_Logger::NOTICE Statistics and errors + * SimpleSAML_Logger::INFO Verbose logs + * SimpleSAML_Logger::DEBUG Full debug logs - not recommended for production + * + * Choose logging handler. + * + * Options: [syslog,file,errorlog] + * + */ + 'logging.level' => SimpleSAML_Logger::DEBUG, + 'logging.handler' => 'errorlog', + + /* + * Specify the format of the logs. Its use varies depending on the log handler used (for instance, you cannot + * control here how dates are displayed when using the syslog or errorlog handlers), but in general the options + * are: + * + * - %date{}: the date and time, with its format specified inside the brackets. See the PHP documentation + * of the strftime() function for more information on the format. If the brackets are omitted, the standard + * format is applied. This can be useful if you just want to control the placement of the date, but don't care + * about the format. + * + * - %process: the name of the SimpleSAMLphp process. Remember you can configure this in the 'logging.processname' + * option below. + * + * - %level: the log level (name or number depending on the handler used). + * + * - %stat: if the log entry is intended for statistical purposes, it will print the string 'STAT ' (bear in mind + * the trailing space). + * + * - %trackid: the track ID, an identifier that allows you to track a single session. + * + * - %srcip: the IP address of the client. If you are behind a proxy, make sure to modify the + * $_SERVER['REMOTE_ADDR'] variable on your code accordingly to the X-Forwarded-For header. + * + * - %msg: the message to be logged. + * + */ + //'logging.format' => '%date{%b %d %H:%M:%S} %process %level %stat[%trackid] %msg', + + /* + * Choose which facility should be used when logging with syslog. + * + * These can be used for filtering the syslog output from SimpleSAMLphp into its + * own file by configuring the syslog daemon. + * + * See the documentation for openlog (http://php.net/manual/en/function.openlog.php) for available + * facilities. Note that only LOG_USER is valid on windows. + * + * The default is to use LOG_LOCAL5 if available, and fall back to LOG_USER if not. + */ + 'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER, + + /* + * The process name that should be used when logging to syslog. + * The value is also written out by the other logging handlers. + */ + 'logging.processname' => 'simplesamlphp', + + /* Logging: file - Logfilename in the loggingdir from above. + */ + 'logging.logfile' => 'simplesamlphp.log', + + /* (New) statistics output configuration. + * + * This is an array of outputs. Each output has at least a 'class' option, which + * selects the output. + */ + 'statistics.out' => array(// Log statistics to the normal log. + /* + array( + 'class' => 'core:Log', + 'level' => 'notice', + ), + */ + // Log statistics to files in a directory. One file per day. + /* + array( + 'class' => 'core:File', + 'directory' => '/var/log/stats', + ), + */ + ), + + + + /* + * Database + * + * This database configuration is optional. If you are not using + * core functionality or modules that require a database, you can + * skip this configuration. + */ + + /* + * Database connection string. + * Ensure that you have the required PDO database driver installed + * for your connection string. + */ + 'database.dsn' => 'mysql:host=localhost;dbname=saml', + + /* + * SQL database credentials + */ + 'database.username' => 'simplesamlphp', + 'database.password' => 'secret', + + /* + * (Optional) Table prefix + */ + 'database.prefix' => '', + + /* + * True or false if you would like a persistent database connection + */ + 'database.persistent' => false, + + /* + * Database slave configuration is optional as well. If you are only + * running a single database server, leave this blank. If you have + * a master/slave configuration, you can define as many slave servers + * as you want here. Slaves will be picked at random to be queried from. + * + * Configuration options in the slave array are exactly the same as the + * options for the master (shown above) with the exception of the table + * prefix. + */ + 'database.slaves' => array( + /* + array( + 'dsn' => 'mysql:host=myslave;dbname=saml', + 'username' => 'simplesamlphp', + 'password' => 'secret', + 'persistent' => false, + ), + */ + ), + + + + /* + * Enable + * + * Which functionality in SimpleSAMLphp do you want to enable. Normally you would enable only + * one of the functionalities below, but in some cases you could run multiple functionalities. + * In example when you are setting up a federation bridge. + */ + 'enable.saml20-idp' => true, + 'enable.shib13-idp' => true, + 'enable.adfs-idp' => false, + 'enable.wsfed-sp' => false, + 'enable.authmemcookie' => false, + + + /* + * Module enable configuration + * + * Configuration to override module enabling/disabling. + * + * Example: + * + * 'module.enable' => array( + * // Setting to TRUE enables. + * 'exampleauth' => TRUE, + * // Setting to FALSE disables. + * 'saml' => FALSE, + * // Unset or NULL uses default. + * 'core' => NULL, + * ), + * + */ + + + /* + * This value is the duration of the session in seconds. Make sure that the time duration of + * cookies both at the SP and the IdP exceeds this duration. + */ + 'session.duration' => 8 * (60 * 60), // 8 hours. + + /* + * Sets the duration, in seconds, data should be stored in the datastore. As the datastore is used for + * login and logout requests, thid option will control the maximum time these operations can take. + * The default is 4 hours (4*60*60) seconds, which should be more than enough for these operations. + */ + 'session.datastore.timeout' => (4 * 60 * 60), // 4 hours + + /* + * Sets the duration, in seconds, auth state should be stored. + */ + 'session.state.timeout' => (60 * 60), // 1 hour + + /* + * Option to override the default settings for the session cookie name + */ + 'session.cookie.name' => 'SimpleSAMLSessionIDIdp', + + /* + * Expiration time for the session cookie, in seconds. + * + * Defaults to 0, which means that the cookie expires when the browser is closed. + * + * Example: + * 'session.cookie.lifetime' => 30*60, + */ + 'session.cookie.lifetime' => 0, + + /* + * Limit the path of the cookies. + * + * Can be used to limit the path of the cookies to a specific subdirectory. + * + * Example: + * 'session.cookie.path' => '/simplesaml/', + */ + 'session.cookie.path' => '/', + + /* + * Cookie domain. + * + * Can be used to make the session cookie available to several domains. + * + * Example: + * 'session.cookie.domain' => '.example.org', + */ + 'session.cookie.domain' => null, + + /* + * Set the secure flag in the cookie. + * + * Set this to TRUE if the user only accesses your service + * through https. If the user can access the service through + * both http and https, this must be set to FALSE. + */ + 'session.cookie.secure' => false, + + /* + * Enable secure POST from HTTPS to HTTP. + * + * If you have some SP's on HTTP and IdP is normally on HTTPS, this option + * enables secure POSTing to HTTP endpoint without warning from browser. + * + * For this to work, module.php/core/postredirect.php must be accessible + * also via HTTP on IdP, e.g. if your IdP is on + * https://idp.example.org/ssp/, then + * http://idp.example.org/ssp/module.php/core/postredirect.php must be accessible. + */ + 'enable.http_post' => true, + + /* + * Options to override the default settings for php sessions. + */ + 'session.phpsession.cookiename' => 'PHPSESSIDIDP', + 'session.phpsession.savepath' => null, + 'session.phpsession.httponly' => true, + + /* + * Option to override the default settings for the auth token cookie + */ + 'session.authtoken.cookiename' => 'SimpleSAMLAuthTokenIdp', + + /* + * Options for remember me feature for IdP sessions. Remember me feature + * has to be also implemented in authentication source used. + * + * Option 'session.cookie.lifetime' should be set to zero (0), i.e. cookie + * expires on browser session if remember me is not checked. + * + * Session duration ('session.duration' option) should be set according to + * 'session.rememberme.lifetime' option. + * + * It's advised to use remember me feature with session checking function + * defined with 'session.check_function' option. + */ + 'session.rememberme.enable' => false, + 'session.rememberme.checked' => false, + 'session.rememberme.lifetime' => (14 * 86400), + + /** + * Custom function for session checking called on session init and loading. + * See docs/simplesamlphp-advancedfeatures.txt for function code example. + * + * Example: + * 'session.check_function' => array('sspmod_example_Util', 'checkSession'), + */ + + /* + * Languages available, RTL languages, and what language is default + */ + 'language.available' => array( + 'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', + 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', + 'he', 'id', 'sr', 'lv', 'ro', 'eu' + ), + 'language.rtl' => array('ar', 'dv', 'fa', 'ur', 'he'), + 'language.default' => 'en', + + /* + * Options to override the default settings for the language parameter + */ + 'language.parameter.name' => 'language', + 'language.parameter.setcookie' => true, + + /* + * Options to override the default settings for the language cookie + */ + 'language.cookie.name' => 'language', + 'language.cookie.domain' => null, + 'language.cookie.path' => '/', + 'language.cookie.lifetime' => (60 * 60 * 24 * 900), + + /** + * Custom getLanguage function called from SimpleSAML_XHTML_Template::getLanguage(). + * Function should return language code of one of the available languages or NULL. + * See SimpleSAML_XHTML_Template::getLanguage() source code for more info. + * + * This option can be used to implement a custom function for determining + * the default language for the user. + * + * Example: + * 'language.get_language_function' => array('sspmod_example_Template', 'getLanguage'), + */ + + /* + * Extra dictionary for attribute names. + * This can be used to define local attributes. + * + * The format of the parameter is a string with :. + * + * Specifying this option will cause us to look for modules//dictionaries/.definition.json + * The dictionary should look something like: + * + * { + * "firstattribute": { + * "en": "English name", + * "no": "Norwegian name" + * }, + * "secondattribute": { + * "en": "English name", + * "no": "Norwegian name" + * } + * } + * + * Note that all attribute names in the dictionary must in lowercase. + * + * Example: 'attributes.extradictionary' => 'ourmodule:ourattributes', + */ + 'attributes.extradictionary' => null, + + /* + * Which theme directory should be used? + */ + 'theme.use' => 'default', + + + /* + * Default IdP for WS-Fed. + */ + 'default-wsfed-idp' => 'urn:federation:pingfederate:localhost', + + /* + * Whether the discovery service should allow the user to save his choice of IdP. + */ + 'idpdisco.enableremember' => true, + 'idpdisco.rememberchecked' => true, + + // Disco service only accepts entities it knows. + 'idpdisco.validate' => true, + + 'idpdisco.extDiscoveryStorage' => null, + + /* + * IdP Discovery service look configuration. + * Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box + * gives the best use experience. + * + * When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown. + * This makes it easier for the user to choose the IdP + * + * Options: [links,dropdown] + * + */ + 'idpdisco.layout' => 'dropdown', + + /* + * Whether SimpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication + * responses. + * + * The default is to sign the assertion element, but that can be overridden by setting this + * option to TRUE. It can also be overridden on a pr. SP basis by adding an option with the + * same name to the metadata of the SP. + */ + 'shib13.signresponse' => true, + + + /* + * Authentication processing filters that will be executed for all IdPs + * Both Shibboleth and SAML 2.0 + */ + 'authproc.idp' => array( + /* Enable the authproc filter below to add URN Prefixces to all attributes + 10 => array( + 'class' => 'core:AttributeMap', 'addurnprefix' + ), */ + /* Enable the authproc filter below to automatically generated eduPersonTargetedID. + 20 => 'core:TargetedID', + */ + + // Adopts language from attribute to use in UI + 30 => 'core:LanguageAdaptor', + + /* Add a realm attribute from edupersonprincipalname + 40 => 'core:AttributeRealm', + */ + 45 => array( + 'class' => 'core:StatisticsWithAttribute', + 'attributename' => 'realm', + 'type' => 'saml20-idp-SSO', + ), + + /* When called without parameters, it will fallback to filter attributes ‹the old way› + * by checking the 'attributes' parameter in metadata on IdP hosted and SP remote. + */ + 50 => 'core:AttributeLimit', + + /* + * Search attribute "distinguishedName" for pattern and replaces if found + + 60 => array( + 'class' => 'core:AttributeAlter', + 'pattern' => '/OU=studerende/', + 'replacement' => 'Student', + 'subject' => 'distinguishedName', + '%replace', + ), + */ + + /* + * Consent module is enabled (with no permanent storage, using cookies). + + 90 => array( + 'class' => 'consent:Consent', + 'store' => 'consent:Cookie', + 'focus' => 'yes', + 'checked' => TRUE + ), + */ + // If language is set in Consent module it will be added as an attribute. + 99 => 'core:LanguageAdaptor', + ), + /* + * Authentication processing filters that will be executed for all SPs + * Both Shibboleth and SAML 2.0 + */ + 'authproc.sp' => array( + /* + 10 => array( + 'class' => 'core:AttributeMap', 'removeurnprefix' + ), + */ + + /* + * Generate the 'group' attribute populated from other variables, including eduPersonAffiliation. + 60 => array( + 'class' => 'core:GenerateGroups', 'eduPersonAffiliation' + ), + */ + /* + * All users will be members of 'users' and 'members' + 61 => array( + 'class' => 'core:AttributeAdd', 'groups' => array('users', 'members') + ), + */ + + // Adopts language from attribute to use in UI + 90 => 'core:LanguageAdaptor', + + ), + + + /* + * This option configures the metadata sources. The metadata sources is given as an array with + * different metadata sources. When searching for metadata, simpleSAMPphp will search through + * the array from start to end. + * + * Each element in the array is an associative array which configures the metadata source. + * The type of the metadata source is given by the 'type' element. For each type we have + * different configuration options. + * + * Flat file metadata handler: + * - 'type': This is always 'flatfile'. + * - 'directory': The directory we will load the metadata files from. The default value for + * this option is the value of the 'metadatadir' configuration option, or + * 'metadata/' if that option is unset. + * + * XML metadata handler: + * This metadata handler parses an XML file with either an EntityDescriptor element or an + * EntitiesDescriptor element. The XML file may be stored locally, or (for debugging) on a remote + * web server. + * The XML hetadata handler defines the following options: + * - 'type': This is always 'xml'. + * - 'file': Path to the XML file with the metadata. + * - 'url': The URL to fetch metadata from. THIS IS ONLY FOR DEBUGGING - THERE IS NO CACHING OF THE RESPONSE. + * + * MDX metadata handler: + * This metadata handler looks up for the metadata of an entity at the given MDX server. + * The MDX metadata handler defines the following options: + * - 'type': This is always 'mdx'. + * - 'server': URL of the MDX server (url:port). Mandatory. + * - 'validateFingerprint': The fingerprint of the certificate used to sign the metadata. + * You don't need this option if you don't want to validate the signature on the metadata. Optional. + * - 'cachedir': Directory where metadata can be cached. Optional. + * - 'cachelength': Maximum time metadata cah be cached, in seconds. Default to 24 + * hours (86400 seconds). Optional. + * + * PDO metadata handler: + * This metadata handler looks up metadata of an entity stored in a database. + * + * Note: If you are using the PDO metadata handler, you must configure the database + * options in this configuration file. + * + * The PDO metadata handler defines the following options: + * - 'type': This is always 'pdo'. + * + * + * Examples: + * + * This example defines two flatfile sources. One is the default metadata directory, the other + * is a metadata directory with autogenerated metadata files. + * + * 'metadata.sources' => array( + * array('type' => 'flatfile'), + * array('type' => 'flatfile', 'directory' => 'metadata-generated'), + * ), + * + * This example defines a flatfile source and an XML source. + * 'metadata.sources' => array( + * array('type' => 'flatfile'), + * array('type' => 'xml', 'file' => 'idp.example.org-idpMeta.xml'), + * ), + * + * This example defines an mdx source. + * 'metadata.sources' => array( + * array('type' => 'mdx', server => 'http://mdx.server.com:8080', 'cachedir' => '/var/simplesamlphp/mdx-cache', 'cachelength' => 86400) + * ), + * + * This example defines an pdo source. + * 'metadata.sources' => array( + * array('type' => 'pdo') + * ), + * + * Default: + * 'metadata.sources' => array( + * array('type' => 'flatfile') + * ), + */ + 'metadata.sources' => array( + array('type' => 'flatfile'), + ), + + + /* + * Configure the datastore for SimpleSAMLphp. + * + * - 'phpsession': Limited datastore, which uses the PHP session. + * - 'memcache': Key-value datastore, based on memcache. + * - 'sql': SQL datastore, using PDO. + * + * The default datastore is 'phpsession'. + * + * (This option replaces the old 'session.handler'-option.) + */ + 'store.type' => 'phpsession', + + + /* + * The DSN the sql datastore should connect to. + * + * See http://www.php.net/manual/en/pdo.drivers.php for the various + * syntaxes. + */ + 'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3', + + /* + * The username and password to use when connecting to the database. + */ + 'store.sql.username' => null, + 'store.sql.password' => null, + + /* + * The prefix we should use on our tables. + */ + 'store.sql.prefix' => 'SimpleSAMLphp', + + + /* + * Configuration for the 'memcache' session store. This allows you to store + * multiple redundant copies of sessions on different memcache servers. + * + * 'memcache_store.servers' is an array of server groups. Every data + * item will be mirrored in every server group. + * + * Each server group is an array of servers. The data items will be + * load-balanced between all servers in each server group. + * + * Each server is an array of parameters for the server. The following + * options are available: + * - 'hostname': This is the hostname or ip address where the + * memcache server runs. This is the only required option. + * - 'port': This is the port number of the memcache server. If this + * option isn't set, then we will use the 'memcache.default_port' + * ini setting. This is 11211 by default. + * - 'weight': This sets the weight of this server in this server + * group. http://php.net/manual/en/function.Memcache-addServer.php + * contains more information about the weight option. + * - 'timeout': The timeout for this server. By default, the timeout + * is 3 seconds. + * + * Example of redundant configuration with load balancing: + * This configuration makes it possible to lose both servers in the + * a-group or both servers in the b-group without losing any sessions. + * Note that sessions will be lost if one server is lost from both the + * a-group and the b-group. + * + * 'memcache_store.servers' => array( + * array( + * array('hostname' => 'mc_a1'), + * array('hostname' => 'mc_a2'), + * ), + * array( + * array('hostname' => 'mc_b1'), + * array('hostname' => 'mc_b2'), + * ), + * ), + * + * Example of simple configuration with only one memcache server, + * running on the same computer as the web server: + * Note that all sessions will be lost if the memcache server crashes. + * + * 'memcache_store.servers' => array( + * array( + * array('hostname' => 'localhost'), + * ), + * ), + * + */ + 'memcache_store.servers' => array( + array( + array('hostname' => 'localhost'), + ), + ), + + + /* + * This value allows you to set a prefix for memcache-keys. The default + * for this value is 'SimpleSAMLphp', which is fine in most cases. + * + * When running multiple instances of SSP on the same host, and more + * than one instance is using memcache, you probably want to assign + * a unique value per instance to this setting to avoid data collision. + */ + 'memcache_store.prefix' => null, + + + /* + * This value is the duration data should be stored in memcache. Data + * will be dropped from the memcache servers when this time expires. + * The time will be reset every time the data is written to the + * memcache servers. + * + * This value should always be larger than the 'session.duration' + * option. Not doing this may result in the session being deleted from + * the memcache servers while it is still in use. + * + * Set this value to 0 if you don't want data to expire. + * + * Note: The oldest data will always be deleted if the memcache server + * runs out of storage space. + */ + 'memcache_store.expires' => 36 * (60 * 60), // 36 hours. + + + /* + * Should signing of generated metadata be enabled by default. + * + * Metadata signing can also be enabled for a individual SP or IdP by setting the + * same option in the metadata for the SP or IdP. + */ + 'metadata.sign.enable' => false, + + /* + * The default key & certificate which should be used to sign generated metadata. These + * are files stored in the cert dir. + * These values can be overridden by the options with the same names in the SP or + * IdP metadata. + * + * If these aren't specified here or in the metadata for the SP or IdP, then + * the 'certificate' and 'privatekey' option in the metadata will be used. + * if those aren't set, signing of metadata will fail. + */ + 'metadata.sign.privatekey' => null, + 'metadata.sign.privatekey_pass' => null, + 'metadata.sign.certificate' => null, + + + /* + * Proxy to use for retrieving URLs. + * + * Example: + * 'proxy' => 'tcp://proxy.example.com:5100' + */ + 'proxy' => null, + + /* + * Array of domains that are allowed when generating links or redirections + * to URLs. SimpleSAMLphp will use this option to determine whether to + * to consider a given URL valid or not, but you should always validate + * URLs obtained from the input on your own (i.e. ReturnTo or RelayState + * parameters obtained from the $_REQUEST array). + * + * SimpleSAMLphp will automatically add your own domain (either by checking + * it dynamically, or by using the domain defined in the 'baseurlpath' + * directive, the latter having precedence) to the list of trusted domains, + * in case this option is NOT set to NULL. In that case, you are explicitly + * telling SimpleSAMLphp to verify URLs. + * + * Set to an empty array to disallow ALL redirections or links pointing to + * an external URL other than your own domain. This is the default behaviour. + * + * Set to NULL to disable checking of URLs. DO NOT DO THIS UNLESS YOU KNOW + * WHAT YOU ARE DOING! + * + * Example: + * 'trusted.url.domains' => array('sp.example.com', 'app.example.com'), + */ + 'trusted.url.domains' => array(), + +); diff --git a/src/main/docker/saml-test/saml-test.yml b/src/main/docker/saml-test/saml-test.yml new file mode 100644 index 000000000000..8261b42b77a3 --- /dev/null +++ b/src/main/docker/saml-test/saml-test.yml @@ -0,0 +1,23 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# SAML Testing service +# ---------------------------------------------------------------------------------------------------------------------- + +services: + saml-test: + container_name: artemis-saml-test + image: jamedjo/test-saml-idp + ports: + - 9980:8080 + volumes: + - ./saml20-sp-remote.php:/var/www/simplesamlphp/metadata/saml20-sp-remote.php + - ./config.php:/var/www/simplesamlphp/config/config.php + networks: + - artemis + +#TODO: possible to add artemis yml here to artemis? +# artemis volume: - ./saml-test/application-saml2.yml:/opt/artemis/config/application-saml2.yml:ro + +networks: + artemis: + driver: "bridge" + name: artemis diff --git a/src/main/docker/saml-test/saml20-sp-remote.php b/src/main/docker/saml-test/saml20-sp-remote.php new file mode 100644 index 000000000000..5a11e0bdf5dd --- /dev/null +++ b/src/main/docker/saml-test/saml20-sp-remote.php @@ -0,0 +1,14 @@ + 'http://localhost:8080/login/saml2/sso/testidp', + 'SingleLogoutService' => getenv('SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE'), + 'simplesaml.nameidattribute' => 'uid', + 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent', +); diff --git a/src/main/docker/scripts/wait-for.md b/src/main/docker/scripts/wait-for.md new file mode 100644 index 000000000000..643f6888858e --- /dev/null +++ b/src/main/docker/scripts/wait-for.md @@ -0,0 +1,16 @@ +# wait-for.sh + +We are using wait-for.sh to poll other containers used in our docker compose setups as docker compose doesn't +provide a functionality to check the readiness of other containers out of the box. + +*Source:* +https://github.com/Eficode/wait-for + +*used version/release:* +v2.2.3 + + + diff --git a/src/main/docker/scripts/wait-for.sh b/src/main/docker/scripts/wait-for.sh new file mode 100755 index 000000000000..3c382ef7b7e1 --- /dev/null +++ b/src/main/docker/scripts/wait-for.sh @@ -0,0 +1,191 @@ +#!/bin/sh + +# The MIT License (MIT) +# +# Copyright (c) 2017 Eficode Oy +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +VERSION="2.2.3" + +set -- "$@" -- "$TIMEOUT" "$QUIET" "$PROTOCOL" "$HOST" "$PORT" "$result" +TIMEOUT=15 +QUIET=0 +# The protocol to make the request with, either "tcp" or "http" +PROTOCOL="tcp" + +echoerr() { + if [ "$QUIET" -ne 1 ]; then printf "%s\n" "$*" 1>&2; fi +} + +usage() { + exitcode="$1" + cat << USAGE >&2 +Usage: + $0 host:port|url [-t timeout] [-- command args] + -q | --quiet Do not output any status messages + -t TIMEOUT | --timeout=timeout Timeout in seconds, zero for no timeout + -v | --version Show the version of this tool + -- COMMAND ARGS Execute command with args after the test finishes +USAGE + exit "$exitcode" +} + +wait_for() { + case "$PROTOCOL" in + tcp) + if ! command -v nc >/dev/null; then + echoerr 'nc command is missing!' + exit 1 + fi + ;; + http) + if ! command -v wget >/dev/null; then + echoerr 'wget command is missing!' + exit 1 + fi + ;; + esac + + TIMEOUT_END=$(($(date +%s) + TIMEOUT)) + + while :; do + case "$PROTOCOL" in + tcp) + nc -w 1 -z "$HOST" "$PORT" > /dev/null 2>&1 + ;; + http) + wget --timeout=1 -q "$HOST" -O /dev/null > /dev/null 2>&1 + ;; + *) + echoerr "Unknown protocol '$PROTOCOL'" + exit 1 + ;; + esac + + result=$? + + if [ $result -eq 0 ] ; then + if [ $# -gt 7 ] ; then + for result in $(seq $(($# - 7))); do + result=$1 + shift + set -- "$@" "$result" + done + + TIMEOUT=$2 QUIET=$3 PROTOCOL=$4 HOST=$5 PORT=$6 result=$7 + shift 7 + exec "$@" + fi + exit 0 + fi + + if [ $TIMEOUT -ne 0 -a $(date +%s) -ge $TIMEOUT_END ]; then + echo "Operation timed out" >&2 + exit 1 + fi + + sleep 1 + done +} + +while :; do + case "$1" in + http://*|https://*) + HOST="$1" + PROTOCOL="http" + shift 1 + ;; + *:* ) + HOST=$(printf "%s\n" "$1"| cut -d : -f 1) + PORT=$(printf "%s\n" "$1"| cut -d : -f 2) + shift 1 + ;; + -v | --version) + echo $VERSION + exit + ;; + -q | --quiet) + QUIET=1 + shift 1 + ;; + -q-*) + QUIET=0 + echoerr "Unknown option: $1" + usage 1 + ;; + -q*) + QUIET=1 + result=$1 + shift 1 + set -- -"${result#-q}" "$@" + ;; + -t | --timeout) + TIMEOUT="$2" + shift 2 + ;; + -t*) + TIMEOUT="${1#-t}" + shift 1 + ;; + --timeout=*) + TIMEOUT="${1#*=}" + shift 1 + ;; + --) + shift + break + ;; + --help) + usage 0 + ;; + -*) + QUIET=0 + echoerr "Unknown option: $1" + usage 1 + ;; + *) + QUIET=0 + echoerr "Unknown argument: $1" + usage 1 + ;; + esac +done + +if ! [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then + echoerr "Error: invalid timeout '$TIMEOUT'" + usage 3 +fi + +case "$PROTOCOL" in + tcp) + if [ "$HOST" = "" ] || [ "$PORT" = "" ]; then + echoerr "Error: you need to provide a host and port to test." + usage 2 + fi + ;; + http) + if [ "$HOST" = "" ]; then + echoerr "Error: you need to provide a host to test." + usage 2 + fi + ;; +esac + +wait_for "$@" diff --git a/src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml b/src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml new file mode 100644 index 000000000000..431179c2b406 --- /dev/null +++ b/src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml @@ -0,0 +1,28 @@ +# TODO: not happy about using local profile at all ... +# maybe sth here helps: https://docs.spring.io/spring-boot/docs/current/reference/html/features.html#features.external-config.files.optional-prefix + +artemis: + user-management: + use-external: false + version-control: + url: http://gitlab + user: root + password: artemis_admin # created in Gitlab Server Quickstart step 2 + token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 + ci-token: jenkins-secret-token # generated in Jenkins Server Quickstart step 8 + continuous-integration: + user: artemis_admin + password: artemis_admin + url: http://jenkins:8080 + secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # generated in Automated Jenkins Server step 3 + vcs-credentials: artemis_gitlab_admin_credentials + artemis-authentication-token-key: artemis_notification_plugin_token + artemis-authentication-token-value: artemis_admin +jenkins: + internal-urls: + ci-url: http://jenkins:8080 + vcs-url: http://gitlab + use-crumb: false +server: + port: 8080 + url: http://localhost:8080 diff --git a/src/main/resources/config/application-docker.yml b/src/main/resources/config/application-docker.yml new file mode 100644 index 000000000000..0f4bfb79e9f4 --- /dev/null +++ b/src/main/resources/config/application-docker.yml @@ -0,0 +1,12 @@ +# this profile contains the default variables for the docker compose setups +# TODO: check if this can be solved different without having to load the docker profile +spring: + datasource: + url: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC + +artemis: + course-archives-path: /opt/artemis/data/courses + repo-clone-path: /opt/artemis/data/repos + repo-download-clone-path: /opt/artemis/data/repos-download + file-upload-path: /opt/artemis/data/uploads + submission-export-path: /opt/artemis/data/exports diff --git a/webpack/environment.js b/webpack/environment.js index b5302843305a..d91663eaab5c 100644 --- a/webpack/environment.js +++ b/webpack/environment.js @@ -8,7 +8,7 @@ module.exports = { }; /* - * Needed for client compilations with docker-compose, where the 'APP_VERSION' property isn't injected by gradle. + * Needed for client compilations with docker compose, where the 'APP_VERSION' property isn't injected by gradle. * * Returns the inferred APP_VERSION from 'build.gradle', or 'DEV' if this couldn't be retrieved */ From 478bf1f97145416944f2acb7981acfabfae02b16 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Mon, 5 Dec 2022 19:58:17 +0100 Subject: [PATCH 009/174] jenkins-gitlab: typo in docs --- docs/dev/setup/jenkins-gitlab.rst.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/dev/setup/jenkins-gitlab.rst.txt b/docs/dev/setup/jenkins-gitlab.rst.txt index 870b3680e535..d150a3befd46 100644 --- a/docs/dev/setup/jenkins-gitlab.rst.txt +++ b/docs/dev/setup/jenkins-gitlab.rst.txt @@ -500,7 +500,7 @@ do either do it manually or using the following command: use-external: false internal-admin: username: artemis_admin - password: artemis-admin + password: artemis_admin version-control: url: http://localhost:8081 user: artemis_admin From 128335e4a86750b99617f16e62a71fbc3380103b Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Mon, 5 Dec 2022 20:02:40 +0100 Subject: [PATCH 010/174] artemis: set default image to artemis:develop --- src/main/docker/artemis/artemis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index 470c757b2aa4..842b0e91a26d 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -7,9 +7,8 @@ services: container_name: artemis-app # TODO: add support for armv8 platform: linux/x86_64 - # TODO: change this to develop before merging to develop branch - # TODO: setup build pipeline for develop-deployment-wg - image: ghcr.io/ls1intum/artemis:develop-deployment-wg + # TODO: setup build pipeline + image: ghcr.io/ls1intum/artemis:develop build: context: ../../../.. dockerfile: src/main/docker/artemis/Dockerfile From 88aceb7c0bc4aa98b4f89224c665a81a3d6aaf52 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Tue, 6 Dec 2022 12:34:09 +0100 Subject: [PATCH 011/174] kafka not used anymore --- src/main/docker/kafka.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 src/main/docker/kafka.yml diff --git a/src/main/docker/kafka.yml b/src/main/docker/kafka.yml deleted file mode 100644 index 2922caefea36..000000000000 --- a/src/main/docker/kafka.yml +++ /dev/null @@ -1,19 +0,0 @@ -services: - zookeeper: - container_name: artemis-zookeeper - image: confluentinc/cp-zookeeper:5.5.3 - environment: - ZOOKEEPER_CLIENT_PORT: 2181 - ZOOKEEPER_TICK_TIME: 2000 - kafka: - container_name: artemis-kafka - image: confluentinc/cp-kafka:5.5.3 - ports: - - 9092:9092 - environment: - KAFKA_BROKER_ID: 1 - KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT - KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT - KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 From e02e2c65a8f539175b2e33aa10663c37eb07f706 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Tue, 6 Dec 2022 22:13:59 +0100 Subject: [PATCH 012/174] build multi arch docker image --- .github/workflows/build-deploy.yml | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 03dece47edb1..489391db32f6 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -40,6 +40,7 @@ env: jobs: build: + name: Build .war artifact runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -75,18 +76,10 @@ jobs: asset_content_type: application/x-webarchive docker: + name: Build and Push Docker Image if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'ls1intum/Artemis' }} - needs: build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Download Artifact - uses: actions/download-artifact@v3 - with: - name: Artemis.war - - name: Build Docker Image - run: docker build --build-arg WAR_PATH=. -t artemis -f src/main/docker/Dockerfile . - - name: Compute Tag uses: actions/github-script@v6 id: compute-tag @@ -108,22 +101,29 @@ jobs: } } return "FALSE"; - - # Push to GitHub Container Registry + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + # Build and Push to GitHub Container Registry - name: Login to GitHub Container Registry uses: docker/login-action@v2 + if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and Push to GitHub Container Registry + uses: docker/build-push-action@v3 if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} - - name: Push to GitHub Container Registry - env: - TAG: ${{ steps.compute-tag.outputs.result }} - run: | - docker tag artemis ghcr.io/ls1intum/artemis:$TAG - docker push ghcr.io/ls1intum/artemis:$TAG - if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} + with: + # arm64 for Mac M1 and new DevBoards, arm/v7 for older DevBoards + platforms: linux/amd64,linux/arm64,linux/arm/v7 + file: ./src/main/docker/artemis/Dockerfile + context: . + tags: ghcr.io/ls1intum/artemis:${{ steps.compute-tag.outputs.result }} + push: true # TODO: Push to Docker Hub (develop + tag) From 1b2198d4ed12c550d7c6e7e1c0db770d44842c3a Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Tue, 6 Dec 2022 22:20:17 +0100 Subject: [PATCH 013/174] removed arm/v7 for now --- .github/workflows/build-deploy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 489391db32f6..212d026c7b3a 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -118,8 +118,9 @@ jobs: uses: docker/build-push-action@v3 if: ${{ steps.compute-tag.outputs.result != 'FALSE' }} with: - # arm64 for Mac M1 and new DevBoards, arm/v7 for older DevBoards - platforms: linux/amd64,linux/arm64,linux/arm/v7 + # TODO: maybe even add arm/v7 for older DevBoards but first add it also in docker-jdk-node-yarn + # arm64 for Mac M1 and new DevBoards + platforms: linux/amd64,linux/arm64 file: ./src/main/docker/artemis/Dockerfile context: . tags: ghcr.io/ls1intum/artemis:${{ steps.compute-tag.outputs.result }} From 660f3f198db9b4324d360874728cbe6eb70f7910 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 09:55:47 +0100 Subject: [PATCH 014/174] removed arm64 for now --- .github/workflows/build-deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 212d026c7b3a..40b8e05bdb32 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -120,7 +120,8 @@ jobs: with: # TODO: maybe even add arm/v7 for older DevBoards but first add it also in docker-jdk-node-yarn # arm64 for Mac M1 and new DevBoards - platforms: linux/amd64,linux/arm64 + # TODO: add arm64 support by first building the .war file in a amd64 step then creating the runtime env + platforms: linux/amd64 file: ./src/main/docker/artemis/Dockerfile context: . tags: ghcr.io/ls1intum/artemis:${{ steps.compute-tag.outputs.result }} From 34e75fe6077fd4538df89ae5700f9c7cc65230c8 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 10:30:59 +0100 Subject: [PATCH 015/174] rm todo --- src/main/docker/artemis/artemis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index 842b0e91a26d..d250f398ea60 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -7,7 +7,6 @@ services: container_name: artemis-app # TODO: add support for armv8 platform: linux/x86_64 - # TODO: setup build pipeline image: ghcr.io/ls1intum/artemis:develop build: context: ../../../.. From 727981dac4baf110093c9e9d07f494ca0b2863f1 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 10:32:51 +0100 Subject: [PATCH 016/174] docs todo --- src/main/docker/artemis/artemis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index d250f398ea60..bc0b1d6662d2 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -7,6 +7,7 @@ services: container_name: artemis-app # TODO: add support for armv8 platform: linux/x86_64 + # TODO: add hint in documentation or here: build vs pre-built image from registry image: ghcr.io/ls1intum/artemis:develop build: context: ../../../.. From 7c96a8d5459c07b6351376e9bcac1affa110d1e6 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 11:34:30 +0100 Subject: [PATCH 017/174] docker pull behaviour definition and startup docs improvements --- docs/dev/setup.rst | 8 +++++++- src/main/docker/activemq.yml | 1 + src/main/docker/artemis-server-client-mysql.yml | 2 ++ src/main/docker/artemis/artemis.yml | 5 ++++- src/main/docker/atlassian.yml | 3 +++ src/main/docker/cypress/docker-compose.yml | 1 + src/main/docker/gitlab-gitlabci.yml | 1 + src/main/docker/jhipster-registry.yml | 1 + src/main/docker/mailhog/mailhog.yml | 1 + src/main/docker/monitoring.yml | 2 ++ src/main/docker/mysql.yml | 1 + src/main/docker/saml-test/saml-test.yml | 1 + 12 files changed, 25 insertions(+), 2 deletions(-) diff --git a/docs/dev/setup.rst b/docs/dev/setup.rst index 4818ff4866be..7546375677dc 100644 --- a/docs/dev/setup.rst +++ b/docs/dev/setup.rst @@ -703,9 +703,15 @@ To get started with one of the mentioned Docker-Compose Setups do the following: 2. ( Depending on the chosen setup it's necessary to configure the Artemis configs like ``application-local.yml`` in the folder ``src/main/resources/config`` as described in the section `Dockerfile <#dockerfile>`__. The default setup ``docker-compose.yml`` should run without the default configurations, so no changes are required.) -3. Run ``docker compose up`` or ``docker compose -f src/main/docker/.yml up`` +3. Run ``docker compose pull && docker compose up`` or + ``docker compose -f src/main/docker/.yml pull && + docker compose -f src/main/docker/.yml up`` 4. For Artemis instances go to http://localhost:8080 (http://localhost:9000 for the seperated server and client setup) +.. tip:: + The first ``docker compose pull`` command is just necessary the first time as extra step, as otherwise Artemis will be + built from source as you don't already have an Artemis Image locally. + Debugging with Docker ^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/main/docker/activemq.yml b/src/main/docker/activemq.yml index 7afed6f2f17e..dacf1eb32311 100644 --- a/src/main/docker/activemq.yml +++ b/src/main/docker/activemq.yml @@ -2,6 +2,7 @@ services: activemq-broker: container_name: artemis-activemq-broker image: vromero/activemq-artemis:latest + pull: always environment: ARTEMIS_USERNAME: guest ARTEMIS_PASSWORD: guest diff --git a/src/main/docker/artemis-server-client-mysql.yml b/src/main/docker/artemis-server-client-mysql.yml index 5e51ebc5649f..988b6b0117b0 100644 --- a/src/main/docker/artemis-server-client-mysql.yml +++ b/src/main/docker/artemis-server-client-mysql.yml @@ -21,6 +21,7 @@ services: depends_on: - mysql image: ghcr.io/ls1intum/docker-jdk-node-yarn + pull: always environment: SPRING_DATASOURCE_URL: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling @@ -39,6 +40,7 @@ services: depends_on: - artemis-server image: ghcr.io/ls1intum/docker-jdk-node-yarn + pull: always networks: - artemis ports: diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index bc0b1d6662d2..f59d19f2df99 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -8,10 +8,13 @@ services: # TODO: add support for armv8 platform: linux/x86_64 # TODO: add hint in documentation or here: build vs pre-built image from registry - image: ghcr.io/ls1intum/artemis:develop + image: ghcr.io/ls1intum/artemis:pr-5915 build: context: ../../../.. dockerfile: src/main/docker/artemis/Dockerfile + pull: true + # TODO: add pull always also for other images + pull: always # maps application-local.yml to the container as this is the override file for all other configs # (the default configs are packaged in the war file and don't need to be mapped here) # TODO: check how the non-existent application-local.yml problem can be solved diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index 531382eb4039..0bf4664495d0 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -6,6 +6,7 @@ services: jira: container_name: artemis-jira image: ghcr.io/ls1intum/artemis-jira:8.20.11 + pull: always volumes: - artemis-jira-data:/var/atlassian/application-data/jira ports: @@ -15,6 +16,7 @@ services: bitbucket: container_name: artemis-bitbucket image: ghcr.io/ls1intum/artemis-bitbucket:7.21.4 + pull: always volumes: - artemis-bitbucket-data:/var/atlassian/application-data/bitbucket environment: @@ -27,6 +29,7 @@ services: bamboo: container_name: artemis-bamboo image: ghcr.io/ls1intum/artemis-bamboo:8.2.5 + pull: always volumes: - artemis-bamboo-data:/var/atlassian/application-data/bamboo ports: diff --git a/src/main/docker/cypress/docker-compose.yml b/src/main/docker/cypress/docker-compose.yml index ddada22a7457..cbe1703151bf 100644 --- a/src/main/docker/cypress/docker-compose.yml +++ b/src/main/docker/cypress/docker-compose.yml @@ -52,6 +52,7 @@ services: artemis-cypress: # Cypress image with node and chrome browser installed (Cypress installation needs to be done separately because we require additional dependencies) image: cypress/browsers:node18.6.0-chrome105-ff104 + pull: always depends_on: - artemis-app - artemis-mysql diff --git a/src/main/docker/gitlab-gitlabci.yml b/src/main/docker/gitlab-gitlabci.yml index 5df87c05f73a..dcd2bc4d23a4 100644 --- a/src/main/docker/gitlab-gitlabci.yml +++ b/src/main/docker/gitlab-gitlabci.yml @@ -29,6 +29,7 @@ services: shm_size: '256m' gitlab-runner: image: gitlab/gitlab-runner:latest + pull: always container_name: artemis-gitlab-runner volumes: - /var/run/docker.sock:/var/run/docker.sock diff --git a/src/main/docker/jhipster-registry.yml b/src/main/docker/jhipster-registry.yml index 21b01253dcfc..a9b1fa1518e7 100644 --- a/src/main/docker/jhipster-registry.yml +++ b/src/main/docker/jhipster-registry.yml @@ -2,6 +2,7 @@ services: jhipster-registry: container_name: artemis-jhipster-registry image: jhipster/jhipster-registry:v6.1.2 + pull: always volumes: - ./central-server-config:/central-config # When run with the "dev" Spring profile, the JHipster Registry will diff --git a/src/main/docker/mailhog/mailhog.yml b/src/main/docker/mailhog/mailhog.yml index b999d5253b15..0daa0f03ceca 100644 --- a/src/main/docker/mailhog/mailhog.yml +++ b/src/main/docker/mailhog/mailhog.yml @@ -6,6 +6,7 @@ services: mailhog: container_name: artemis-mailhog image: mailhog/mailhog + pull: always ports: - 1025:1025 - 8025:8025 diff --git a/src/main/docker/monitoring.yml b/src/main/docker/monitoring.yml index aacba18f7453..490bc680949e 100644 --- a/src/main/docker/monitoring.yml +++ b/src/main/docker/monitoring.yml @@ -4,6 +4,7 @@ services: prometheus: container_name: artemis-prometheus image: prom/prometheus:v2.34.0 + pull: always # If you want to run this in production, you should persist the /etc/prometheus-directory #volumes: # - ./monitoring/prometheus/:/etc/prometheus/ @@ -17,6 +18,7 @@ services: grafana: container_name: artemis-grafana image: grafana/grafana:9.0.2 + pull: always # TODO: docker named volume maybe instead of this? otherwise .gitignore the used bind src mount volumes: - ./monitoring/grafana/provisioning/:/etc/grafana/provisioning/ diff --git a/src/main/docker/mysql.yml b/src/main/docker/mysql.yml index 18883d3a6d32..dd91a3e99e79 100644 --- a/src/main/docker/mysql.yml +++ b/src/main/docker/mysql.yml @@ -6,6 +6,7 @@ services: mysql: container_name: artemis-mysql image: mysql:8.0.31 + pull: always volumes: - artemis-mysql-data:/var/lib/mysql environment: diff --git a/src/main/docker/saml-test/saml-test.yml b/src/main/docker/saml-test/saml-test.yml index 8261b42b77a3..f89e4ca80152 100644 --- a/src/main/docker/saml-test/saml-test.yml +++ b/src/main/docker/saml-test/saml-test.yml @@ -6,6 +6,7 @@ services: saml-test: container_name: artemis-saml-test image: jamedjo/test-saml-idp + pull: always ports: - 9980:8080 volumes: From c81c197361d551e1e2694c748bf36fbfac388012 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 11:44:26 +0100 Subject: [PATCH 018/174] jenkins-gitlab: added more generic docker compose command --- docs/dev/setup/jenkins-gitlab.rst.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/dev/setup/jenkins-gitlab.rst.txt b/docs/dev/setup/jenkins-gitlab.rst.txt index d150a3befd46..7cab76965a3d 100644 --- a/docs/dev/setup/jenkins-gitlab.rst.txt +++ b/docs/dev/setup/jenkins-gitlab.rst.txt @@ -151,7 +151,7 @@ tokens instead of the predefined ones. :: - GITLAB_ROOT_PASSWORD=artemis_admin docker compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d gitlab + GITLAB_ROOT_PASSWORD=artemis_admin docker compose -f src/main/docker/.yml up --build -d gitlab If you want to generate a random password for the ``root`` user, remove the part before ``docker compose`` from the command. @@ -170,7 +170,7 @@ tokens instead of the predefined ones. .. code:: bash - docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab cat /etc/gitlab/initial_root_password + docker compose -f src/main/docker/.yml exec gitlab cat /etc/gitlab/initial_root_password 3. Insert the GitLab root user password in the file ``application-local.yml`` (in src/main/resources) and insert the GitLab admin account. @@ -189,7 +189,7 @@ tokens instead of the predefined ones. :: - docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_user, :read_api, :read_repository, :write_repository, :sudo], name: 'Artemis Admin Token'); token.set_token('artemis-gitlab-token'); token.save!" + docker compose -f src/main/docker/.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_user, :read_api, :read_repository, :write_repository, :sudo], name: 'Artemis Admin Token'); token.set_token('artemis-gitlab-token'); token.save!" | You can also manually create in by navigating to ``http://localhost:8081/-/profile/personal_access_tokens`` and generate a token with all scopes. @@ -201,7 +201,7 @@ tokens instead of the predefined ones. :: - docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab /bin/sh -c "sh /gitlab-local-setup.sh" + docker compose -f src/main/docker/.yml exec gitlab /bin/sh -c "sh /gitlab-local-setup.sh" This script can also generate random access tokens, which should be used in a production setup. Change the variable ``$GENERATE_ACCESS_TOKENS`` to ``true`` to generate the random tokens and insert them into the Artemis @@ -470,7 +470,7 @@ do either do it manually or using the following command: :: - docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_repository], name: 'Jenkins'); token.set_token('jenkins-gitlab-token'); token.save!" + docker compose -f src/main/docker/.yml exec gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:api, :read_repository], name: 'Jenkins'); token.set_token('jenkins-gitlab-token'); token.save!" @@ -479,7 +479,7 @@ do either do it manually or using the following command: :: - JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d + JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f src/main/docker/.yml up --build -d Jenkins is then reachable under ``http://localhost:8082/`` and you can login using the credentials specified in ``jenkins-casc-config.yml`` (defaults to ``artemis_admin`` as both username and password). @@ -937,7 +937,7 @@ the following steps: 12. In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden. This is done be executing the following command: - ``docker compose -f src/main/docker/gitlab-jenkins-mysql.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < src/main/docker/jenkins/jenkins-disable-csrf.groovy`` + ``docker compose -f src/main/docker/.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < src/main/docker/jenkins/jenkins-disable-csrf.groovy`` The last step is to disable the ``use-crumb`` option in ``application-local.yml``: @@ -965,7 +965,7 @@ and the corresponding Docker image can be found on :: - docker compose -f src/main/docker/gitlab-jenkins-mysql.yml up --build -d + docker compose -f src/main/docker/.yml up --build -d 3. Build the new Docker image: From 355ed0434151501896920d0cff95569bb3f0ee11 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 13:58:12 +0100 Subject: [PATCH 019/174] jenkins-gitlab: docs improvements --- docs/dev/setup/jenkins-gitlab.rst.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/dev/setup/jenkins-gitlab.rst.txt b/docs/dev/setup/jenkins-gitlab.rst.txt index 7cab76965a3d..b430721b2397 100644 --- a/docs/dev/setup/jenkins-gitlab.rst.txt +++ b/docs/dev/setup/jenkins-gitlab.rst.txt @@ -58,13 +58,13 @@ the `Gitlab Server Quickstart <#gitlab-server-quickstart>`__ guide. user: root password: artemis_admin # created in Gitlab Server Quickstart step 2 token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 - ci-token: jenkins-secret-token # generated in Jenkins Server Quickstart step 8 + ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 continuous-integration: user: artemis_admin password: artemis_admin url: http://localhost:8082 empty-commit-necessary: true - secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # generated in Automated Jenkins Server step 3 + secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 vcs-credentials: artemis_gitlab_admin_credentials artemis-authentication-token-key: artemis_notification_plugin_token artemis-authentication-token-value: artemis_admin @@ -474,12 +474,12 @@ do either do it manually or using the following command: -2. You can now deploy Jenkins. A ``src/main/docker/gitlab-jenkins-mysql.yml`` file is provided which deploys the - Jenkins, GitLab, and Mysql containers bound to static ip addresses. You can deploy them by running: +2. You can now first build and deploy Jenkins, then you can also start the other services which weren't started yet: :: - JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f src/main/docker/.yml up --build -d + JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f src/main/docker/.yml up --build -d jenkins + docker compose -f src/main/docker/.yml up -d Jenkins is then reachable under ``http://localhost:8082/`` and you can login using the credentials specified in ``jenkins-casc-config.yml`` (defaults to ``artemis_admin`` as both username and password). @@ -505,15 +505,15 @@ do either do it manually or using the following command: url: http://localhost:8081 user: artemis_admin password: artemis_admin - ci-token: # generated in step 9 + ci-token: # pre-generated or replaced in Automated Jenkins Server step 3 continuous-integration: - url: http://localhost:8082 user: artemis_admin password: artemis_admin + url: http://localhost:8082 + secret-push-token: # pre-generated or replaced in Automated Jenkins Server step 3 vcs-credentials: artemis_gitlab_admin_credentials artemis-authentication-token-key: artemis_notification_plugin_token artemis-authentication-token-value: artemis_admin - secret-push-token: # generated in step 3 5. Open the ``src/main/resources/config/application-jenkins.yml`` and change the following: Again, if you are using a development setup, the template in the beginning of this page already contains the From 4725c7c8e0ea098bd6fe9587177dee2f1e0a07d6 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 18:27:06 +0100 Subject: [PATCH 020/174] broker-registry merge and pull_policy fix --- src/main/docker/activemq.yml | 10 ------ .../docker/artemis-server-client-mysql.yml | 4 +-- src/main/docker/artemis/artemis.yml | 3 +- src/main/docker/atlassian.yml | 6 ++-- .../docker/atlassian/atlassian.c.override.yml | 3 -- .../atlassian/atlassian.swift.override.yml | 3 -- src/main/docker/broker-registry.yml | 33 +++++++++++++++++++ src/main/docker/cypress/docker-compose.yml | 2 +- src/main/docker/gitlab-gitlabci.yml | 2 +- src/main/docker/jhipster-registry.yml | 23 ------------- src/main/docker/mailhog/mailhog.yml | 2 +- src/main/docker/monitoring.yml | 4 +-- src/main/docker/mysql.yml | 2 +- src/main/docker/saml-test/saml-test.yml | 2 +- 14 files changed, 46 insertions(+), 53 deletions(-) delete mode 100644 src/main/docker/activemq.yml delete mode 100644 src/main/docker/atlassian/atlassian.c.override.yml delete mode 100644 src/main/docker/atlassian/atlassian.swift.override.yml create mode 100644 src/main/docker/broker-registry.yml delete mode 100644 src/main/docker/jhipster-registry.yml diff --git a/src/main/docker/activemq.yml b/src/main/docker/activemq.yml deleted file mode 100644 index dacf1eb32311..000000000000 --- a/src/main/docker/activemq.yml +++ /dev/null @@ -1,10 +0,0 @@ -services: - activemq-broker: - container_name: artemis-activemq-broker - image: vromero/activemq-artemis:latest - pull: always - environment: - ARTEMIS_USERNAME: guest - ARTEMIS_PASSWORD: guest - ports: - - 61613:61613 diff --git a/src/main/docker/artemis-server-client-mysql.yml b/src/main/docker/artemis-server-client-mysql.yml index 988b6b0117b0..b77f34eb4b81 100644 --- a/src/main/docker/artemis-server-client-mysql.yml +++ b/src/main/docker/artemis-server-client-mysql.yml @@ -21,7 +21,7 @@ services: depends_on: - mysql image: ghcr.io/ls1intum/docker-jdk-node-yarn - pull: always + pull_policy: always environment: SPRING_DATASOURCE_URL: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling @@ -40,7 +40,7 @@ services: depends_on: - artemis-server image: ghcr.io/ls1intum/docker-jdk-node-yarn - pull: always + pull_policy: always networks: - artemis ports: diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index f59d19f2df99..2e6a02abf047 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -13,8 +13,7 @@ services: context: ../../../.. dockerfile: src/main/docker/artemis/Dockerfile pull: true - # TODO: add pull always also for other images - pull: always + pull_policy: always # maps application-local.yml to the container as this is the override file for all other configs # (the default configs are packaged in the war file and don't need to be mapped here) # TODO: check how the non-existent application-local.yml problem can be solved diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index 0bf4664495d0..e14bbcb3971d 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -6,7 +6,7 @@ services: jira: container_name: artemis-jira image: ghcr.io/ls1intum/artemis-jira:8.20.11 - pull: always + pull_policy: always volumes: - artemis-jira-data:/var/atlassian/application-data/jira ports: @@ -16,7 +16,7 @@ services: bitbucket: container_name: artemis-bitbucket image: ghcr.io/ls1intum/artemis-bitbucket:7.21.4 - pull: always + pull_policy: always volumes: - artemis-bitbucket-data:/var/atlassian/application-data/bitbucket environment: @@ -29,7 +29,7 @@ services: bamboo: container_name: artemis-bamboo image: ghcr.io/ls1intum/artemis-bamboo:8.2.5 - pull: always + pull_policy: always volumes: - artemis-bamboo-data:/var/atlassian/application-data/bamboo ports: diff --git a/src/main/docker/atlassian/atlassian.c.override.yml b/src/main/docker/atlassian/atlassian.c.override.yml deleted file mode 100644 index 2a0cdf37a75f..000000000000 --- a/src/main/docker/atlassian/atlassian.c.override.yml +++ /dev/null @@ -1,3 +0,0 @@ -services: - bamboo: - image: ghcr.io/ls1intum/artemis-bamboo:8.1.3-c diff --git a/src/main/docker/atlassian/atlassian.swift.override.yml b/src/main/docker/atlassian/atlassian.swift.override.yml deleted file mode 100644 index 7e8970e73424..000000000000 --- a/src/main/docker/atlassian/atlassian.swift.override.yml +++ /dev/null @@ -1,3 +0,0 @@ -services: - bamboo: - image: ghcr.io/ls1intum/artemis-bamboo:8.1.3-swift diff --git a/src/main/docker/broker-registry.yml b/src/main/docker/broker-registry.yml new file mode 100644 index 000000000000..579ae1a9106c --- /dev/null +++ b/src/main/docker/broker-registry.yml @@ -0,0 +1,33 @@ +services: + jhipster-registry: + container_name: artemis-jhipster-registry + image: jhipster/jhipster-registry:v6.1.2 + pull_policy: always + volumes: + - ./central-server-config:/central-config + # When run with the "dev" Spring profile, the JHipster Registry will + # read the config from the local filesystem (central-server-config directory) + # When run with the "prod" Spring profile, it will read the configuration from a Git repository + # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config + environment: + - _JAVA_OPTIONS=-Xmx512m -Xms256m + - SPRING_PROFILES_ACTIVE=dev,openapi + - SPRING_SECURITY_USER_PASSWORD=admin + - JHIPSTER_REGISTRY_PASSWORD=admin + - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native + - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/ + # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git + # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/ + # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config + ports: + - 8761:8761 + + activemq-broker: + container_name: artemis-activemq-broker + image: vromero/activemq-artemis:latest + pull_policy: always + environment: + ARTEMIS_USERNAME: guest + ARTEMIS_PASSWORD: guest + ports: + - 61613:61613 diff --git a/src/main/docker/cypress/docker-compose.yml b/src/main/docker/cypress/docker-compose.yml index cbe1703151bf..e8e542ed05af 100644 --- a/src/main/docker/cypress/docker-compose.yml +++ b/src/main/docker/cypress/docker-compose.yml @@ -52,7 +52,7 @@ services: artemis-cypress: # Cypress image with node and chrome browser installed (Cypress installation needs to be done separately because we require additional dependencies) image: cypress/browsers:node18.6.0-chrome105-ff104 - pull: always + pull_policy: always depends_on: - artemis-app - artemis-mysql diff --git a/src/main/docker/gitlab-gitlabci.yml b/src/main/docker/gitlab-gitlabci.yml index dcd2bc4d23a4..8e1430a547b0 100644 --- a/src/main/docker/gitlab-gitlabci.yml +++ b/src/main/docker/gitlab-gitlabci.yml @@ -29,7 +29,7 @@ services: shm_size: '256m' gitlab-runner: image: gitlab/gitlab-runner:latest - pull: always + pull_policy: always container_name: artemis-gitlab-runner volumes: - /var/run/docker.sock:/var/run/docker.sock diff --git a/src/main/docker/jhipster-registry.yml b/src/main/docker/jhipster-registry.yml deleted file mode 100644 index a9b1fa1518e7..000000000000 --- a/src/main/docker/jhipster-registry.yml +++ /dev/null @@ -1,23 +0,0 @@ -services: - jhipster-registry: - container_name: artemis-jhipster-registry - image: jhipster/jhipster-registry:v6.1.2 - pull: always - volumes: - - ./central-server-config:/central-config - # When run with the "dev" Spring profile, the JHipster Registry will - # read the config from the local filesystem (central-server-config directory) - # When run with the "prod" Spring profile, it will read the configuration from a Git repository - # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config - environment: - - _JAVA_OPTIONS=-Xmx512m -Xms256m - - SPRING_PROFILES_ACTIVE=dev,openapi - - SPRING_SECURITY_USER_PASSWORD=admin - - JHIPSTER_REGISTRY_PASSWORD=admin - - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native - - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/ - # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git - # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/ - # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config - ports: - - 8761:8761 diff --git a/src/main/docker/mailhog/mailhog.yml b/src/main/docker/mailhog/mailhog.yml index 0daa0f03ceca..3b66f8959755 100644 --- a/src/main/docker/mailhog/mailhog.yml +++ b/src/main/docker/mailhog/mailhog.yml @@ -6,7 +6,7 @@ services: mailhog: container_name: artemis-mailhog image: mailhog/mailhog - pull: always + pull_policy: always ports: - 1025:1025 - 8025:8025 diff --git a/src/main/docker/monitoring.yml b/src/main/docker/monitoring.yml index 490bc680949e..906d7b7ef957 100644 --- a/src/main/docker/monitoring.yml +++ b/src/main/docker/monitoring.yml @@ -4,7 +4,7 @@ services: prometheus: container_name: artemis-prometheus image: prom/prometheus:v2.34.0 - pull: always + pull_policy: always # If you want to run this in production, you should persist the /etc/prometheus-directory #volumes: # - ./monitoring/prometheus/:/etc/prometheus/ @@ -18,7 +18,7 @@ services: grafana: container_name: artemis-grafana image: grafana/grafana:9.0.2 - pull: always + pull_policy: always # TODO: docker named volume maybe instead of this? otherwise .gitignore the used bind src mount volumes: - ./monitoring/grafana/provisioning/:/etc/grafana/provisioning/ diff --git a/src/main/docker/mysql.yml b/src/main/docker/mysql.yml index dd91a3e99e79..150c967b9596 100644 --- a/src/main/docker/mysql.yml +++ b/src/main/docker/mysql.yml @@ -6,7 +6,7 @@ services: mysql: container_name: artemis-mysql image: mysql:8.0.31 - pull: always + pull_policy: always volumes: - artemis-mysql-data:/var/lib/mysql environment: diff --git a/src/main/docker/saml-test/saml-test.yml b/src/main/docker/saml-test/saml-test.yml index f89e4ca80152..7c38fe2c8d58 100644 --- a/src/main/docker/saml-test/saml-test.yml +++ b/src/main/docker/saml-test/saml-test.yml @@ -6,7 +6,7 @@ services: saml-test: container_name: artemis-saml-test image: jamedjo/test-saml-idp - pull: always + pull_policy: always ports: - 9980:8080 volumes: From 67318250232dd56902a5f4c4450e1d3223c062a4 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 19:17:51 +0100 Subject: [PATCH 021/174] add bamboo build agent --- src/main/docker/atlassian.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index e14bbcb3971d..d415070971bd 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -38,6 +38,18 @@ services: networks: - artemis + bamboo-build-agent: + container_name: artemis-bamboo-build-agent + image: ghcr.io/ls1intum/artemis-bamboo-build-agent:8.2.5 + volumes: + - artemis-bamboo-build-agent:/var/atlassian/application-data/bamboo + - /var/run/docker.sock:/var/run/docker.sock + hostname: bamboo-build-agent + environment: + - BAMBOO_SERVER=http://artemis-bamboo:8085 + networks: + - artemis + networks: artemis: driver: "bridge" @@ -49,3 +61,5 @@ volumes: name: artemis-bitbucket-data artemis-bamboo-data: name: artemis-bamboo-data + artemis-bamboo-build-agent: + name: artemis-bamboo-build-agent From b999216e5d9d58040370b20cf32282f78cbd9565 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 19:27:29 +0100 Subject: [PATCH 022/174] fixed dockerfile comment --- src/main/docker/artemis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/docker/artemis/Dockerfile b/src/main/docker/artemis/Dockerfile index fcbd1064d36c..001a8dae7bfb 100644 --- a/src/main/docker/artemis/Dockerfile +++ b/src/main/docker/artemis/Dockerfile @@ -50,7 +50,7 @@ RUN mkdir -p /opt/artemis/config /opt/artemis/data /opt/artemis/public/content \ && chown -R artemis:artemis /opt/artemis USER artemis:artemis -# Prepare Entrypoint boostrap.sh +# Insert run_artemis.sh which sets Java options COPY --chown=artemis:artemis src/main/docker/artemis/run_artemis.sh /run_artemis.sh RUN chmod 774 /run_artemis.sh From d2c1c108a5dbcbdd88ad49ea00ed515b2d1bbc44 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 19:29:19 +0100 Subject: [PATCH 023/174] bamboo name --- src/main/docker/atlassian.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index d415070971bd..d1c35d230ef3 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -44,7 +44,6 @@ services: volumes: - artemis-bamboo-build-agent:/var/atlassian/application-data/bamboo - /var/run/docker.sock:/var/run/docker.sock - hostname: bamboo-build-agent environment: - BAMBOO_SERVER=http://artemis-bamboo:8085 networks: From a80a9ffb07ad7a48084ba7c1cf86e52ae16f188e Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 22:53:15 +0100 Subject: [PATCH 024/174] the big config merge and seperation --- gradle/profile_dev.gradle | 9 +- gradle/profile_prod.gradle | 6 +- .../resources/config/application-apollon.yml | 3 + .../config/application-artemis.secrets.yml | 6 + .../resources/config/application-artemis.yml | 109 +++++++----------- .../config/application-athene.secrets.yml | 3 + .../resources/config/application-athene.yml | 4 + .../config/application-bamboo.secrets.yml | 9 ++ .../resources/config/application-bamboo.yml | 5 + .../config/application-bitbucket.secrets.yml | 6 + .../config/application-bitbucket.yml | 6 + src/main/resources/config/application-dev.yml | 53 +-------- .../config/application-gitlab.secrets.yml | 13 +++ .../resources/config/application-gitlab.yml | 8 ++ .../config/application-jenkins.secrets.yml | 24 ++++ .../resources/config/application-jenkins.yml | 12 ++ .../config/application-jira.secrets.yml | 5 + .../resources/config/application-jira.yml | 11 ++ .../config/application-ldap.secrets.yml | 4 + .../resources/config/application-ldap.yml | 7 ++ .../resources/config/application-prod.yml | 75 +----------- src/main/resources/config/application-tls.yml | 19 --- .../resources/config/application.secrets.yml | 24 ++++ src/main/resources/config/application.yml | 102 ++++++++-------- src/main/resources/config/tls/keystore.p12 | Bin 2607 -> 0 bytes 25 files changed, 255 insertions(+), 268 deletions(-) create mode 100644 src/main/resources/config/application-apollon.yml create mode 100644 src/main/resources/config/application-artemis.secrets.yml create mode 100644 src/main/resources/config/application-athene.secrets.yml create mode 100644 src/main/resources/config/application-athene.yml create mode 100644 src/main/resources/config/application-bamboo.secrets.yml create mode 100644 src/main/resources/config/application-bamboo.yml create mode 100644 src/main/resources/config/application-bitbucket.secrets.yml create mode 100644 src/main/resources/config/application-bitbucket.yml create mode 100644 src/main/resources/config/application-gitlab.secrets.yml create mode 100644 src/main/resources/config/application-jenkins.secrets.yml create mode 100644 src/main/resources/config/application-jira.secrets.yml create mode 100644 src/main/resources/config/application-jira.yml create mode 100644 src/main/resources/config/application-ldap.secrets.yml create mode 100644 src/main/resources/config/application-ldap.yml delete mode 100644 src/main/resources/config/application-tls.yml create mode 100644 src/main/resources/config/application.secrets.yml delete mode 100644 src/main/resources/config/tls/keystore.p12 diff --git a/gradle/profile_dev.gradle b/gradle/profile_dev.gradle index f329934307af..896db58989f0 100644 --- a/gradle/profile_dev.gradle +++ b/gradle/profile_dev.gradle @@ -13,9 +13,6 @@ def profiles = 'dev' if (project.hasProperty('no-liquibase')) { profiles += ',no-liquibase' } -if (project.hasProperty('tls')) { - profiles += ',tls' -} springBoot { buildInfo { @@ -63,10 +60,12 @@ processResources { inputs.property('springProfiles', profiles) filesMatching("**/application.yml") { filter { - it.replace("#project.version#", version) + it.replace("#spring.profiles.active#", profiles) } + } + filesMatching("**/application-artemis.yml") { filter { - it.replace("#spring.profiles.active#", profiles) + it.replace("#project.version#", version) } } } diff --git a/gradle/profile_prod.gradle b/gradle/profile_prod.gradle index 2afffc251835..13fe5ccb6b1a 100644 --- a/gradle/profile_prod.gradle +++ b/gradle/profile_prod.gradle @@ -25,10 +25,12 @@ processResources { inputs.property('springProfiles', profiles) filesMatching('**/application.yml') { filter { - it.replace('#project.version#', version) + it.replace('#spring.profiles.active#', profiles) } + } + filesMatching('**/application-artemis.yml') { filter { - it.replace('#spring.profiles.active#', profiles) + it.replace('#project.version#', version) } } } diff --git a/src/main/resources/config/application-apollon.yml b/src/main/resources/config/application-apollon.yml new file mode 100644 index 000000000000..e6e01fd7bd82 --- /dev/null +++ b/src/main/resources/config/application-apollon.yml @@ -0,0 +1,3 @@ +artemis: + apollon: + conversion-service-url: http://localhost:8080 diff --git a/src/main/resources/config/application-artemis.secrets.yml b/src/main/resources/config/application-artemis.secrets.yml new file mode 100644 index 000000000000..6713cd0c2d75 --- /dev/null +++ b/src/main/resources/config/application-artemis.secrets.yml @@ -0,0 +1,6 @@ +artemis: + encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values + user-management: + internal-admin: + username: artemis_admin + password: artemis_admin diff --git a/src/main/resources/config/application-artemis.yml b/src/main/resources/config/application-artemis.yml index ab165e82d989..4e2628bfffb7 100644 --- a/src/main/resources/config/application-artemis.yml +++ b/src/main/resources/config/application-artemis.yml @@ -3,33 +3,19 @@ # =================================================================== artemis: + version: #project.version# course-archives-path: ./exports/courses # a folder in which archived courses and exams are stored. repo-clone-path: ./repos # a folder in which git repos for the online code editor are stored. In a multi node setup, this folder should be in a shared file system area (e.g. based on NFS), so that user can access the same files over multiple nodes repo-download-clone-path: ./repos-download # a temporary folder, in which git repos are downloaded that are immediately deleted afterwards (e.g. exports, plagiarism checks), should NOT be in a shared file system area - encryption-password: # LEGACY: arbitrary password for encrypting database values + file-upload-path: uploads + submission-export-path: exports bcrypt-salt-rounds: 11 # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark + external-system-request: + batch-size: 50 # wait the time below after 50 requests + batch-waiting-time: 30000 # in ms = 30s user-management: - use-external: true - password-reset: - credential-provider: # The credential provider which users can log in though (e.g. TUMonline) - links: # The password reset links for different languages - en: '' - de: '' - external: - url: https://jira.ase.in.tum.de - user: # e.g. ga12abc - password: - admin-group-name: tumuser - ldap: # the whole section is optional: whether user details (such as the registration number) can be obtained from a LDAP service - url: - user-dn: - password: - base: - allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde - internal-admin: - username: artemis_admin - password: artemis_admin + use-external: false registration: # the whole section is optional: whether user can register in Artemis enabled: false allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(tum\.de|in\.tum\.de|mytum\.de)' @@ -41,55 +27,44 @@ artemis: login: account-name: TUM # optional: customization for the welcome page "please sign in with your account" version-control: - url: https://bitbucket.ase.in.tum.de - user: # e.g. ga12abc - password: - # token: # VCS API token giving Artemis full Admin access. - ci-token: # Token generated by the CI (e.g. Jenkins) for webhooks from the VCS to the CI. Not needed for Bamboo+Bitbucket - ssh-template-clone-url: ssh://git@bitbucket.ase.in.tum.de:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' - ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' -# ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server -# ssh-private-key-password: # the password for the private ssh key - default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS + # TODO: can this be deleted here or should this be moved to application-bitbucket.yml? version-control-access-token: false # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP continuous-integration: - user: # e.g. ga12abc - password: - token: # Enter a valid token generated in Bamboo giving Artemis full Admin access - url: https://bamboo.ase.in.tum.de - vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) - empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo - # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control - # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications - # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan - # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then - # triggering the plan. - # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in - # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the - # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! - # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. - secret-push-token: - # Key of the saved credentials for the VCS service - # Bamboo: not needed - # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and - # password for the VCS are stored - vcs-credentials: - # Key of the credentials for the Artemis notification token - # Bamboo: not needed - # Jenkins: You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored - artemis-authentication-token-key: - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # Bamboo: The token value you use for the Server Notification Plugin - # Jenkins: The token value you use for the Server Notification Plugin and is stored under the notification-token credential above - artemis-authentication-token-value: + # TODO: build-timeout just needed for jenkins? build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck + # Defines the used docker images for certain programming languages. + # For each language at least the `default` image has to be defined. + # This `default` option will be overridden by more specific project type + # definitions. + build: + images: + java: + # possible overrides: maven, gradle + default: "ls1tum/artemis-maven-template:java17-11" + kotlin: + # possible overrides: maven, gradle + default: "ls1tum/artemis-maven-template:java17-11" + empty: + default: "ls1tum/artemis-maven-template:java17-11" + python: + default: "ls1tum/artemis-python-docker:latest" + c: + # possible overrides: gcc, fact + default: "ls1tum/artemis-c-docker:latest" + fact: "sharingcodeability/fact:latest" + haskell: + default: "ghcr.io/b-fein/artemis-haskell:v19.30.0" + vhdl: + default: "tizianleonhardt/era-artemis-vhdl:latest" + assembler: + default: "tizianleonhardt/era-artemis-assembler:latest" + swift: + # possible overrides: xcode + default: "norionomura/swiftlint:latest" + ocaml: + default: "ls1tum/artemis-ocaml-docker:v1" git: name: Artemis email: artemis.in@tum.de - athene: - url: http://localhost - base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= - token-validity-in-seconds: 10800 - apollon: - conversion-service-url: http://localhost:8080 + + # TODO: lti missing on purpose? diff --git a/src/main/resources/config/application-athene.secrets.yml b/src/main/resources/config/application-athene.secrets.yml new file mode 100644 index 000000000000..608cc8f650b3 --- /dev/null +++ b/src/main/resources/config/application-athene.secrets.yml @@ -0,0 +1,3 @@ +artemis: + athene: + base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= diff --git a/src/main/resources/config/application-athene.yml b/src/main/resources/config/application-athene.yml new file mode 100644 index 000000000000..e436a693611a --- /dev/null +++ b/src/main/resources/config/application-athene.yml @@ -0,0 +1,4 @@ +artemis: + athene: + url: http://localhost + token-validity-in-seconds: 10800 diff --git a/src/main/resources/config/application-bamboo.secrets.yml b/src/main/resources/config/application-bamboo.secrets.yml new file mode 100644 index 000000000000..4b7027ed01b2 --- /dev/null +++ b/src/main/resources/config/application-bamboo.secrets.yml @@ -0,0 +1,9 @@ +artemis: + continuous-integration: + user: # e.g. ga12abc + password: + token: # Enter a valid token generated in Bamboo giving Artemis full Admin access + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin + artemis-authentication-token-value: diff --git a/src/main/resources/config/application-bamboo.yml b/src/main/resources/config/application-bamboo.yml new file mode 100644 index 000000000000..56674df0a85f --- /dev/null +++ b/src/main/resources/config/application-bamboo.yml @@ -0,0 +1,5 @@ +artemis: + continuous-integration: + url: https://bamboo.ase.in.tum.de + vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) + empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo diff --git a/src/main/resources/config/application-bitbucket.secrets.yml b/src/main/resources/config/application-bitbucket.secrets.yml new file mode 100644 index 000000000000..3d0564d02f99 --- /dev/null +++ b/src/main/resources/config/application-bitbucket.secrets.yml @@ -0,0 +1,6 @@ +artemis: + version-control: + user: # e.g. ga12abc + password: + token: # VCS API token giving Artemis full Admin access. + ssh-private-key-password: # the password for the private ssh key diff --git a/src/main/resources/config/application-bitbucket.yml b/src/main/resources/config/application-bitbucket.yml new file mode 100644 index 000000000000..0cf465cd43e9 --- /dev/null +++ b/src/main/resources/config/application-bitbucket.yml @@ -0,0 +1,6 @@ +artemis: + version-control: + url: https://bitbucket.ase.in.tum.de + ssh-template-clone-url: ssh://git@bitbucket.ase.in.tum.de:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' + ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' + ssh-private-key-folder-path: /opt/keys # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server diff --git a/src/main/resources/config/application-dev.yml b/src/main/resources/config/application-dev.yml index 165c5e97bff9..491f7f4a559d 100644 --- a/src/main/resources/config/application-dev.yml +++ b/src/main/resources/config/application-dev.yml @@ -24,35 +24,13 @@ spring: devtools: restart: enabled: true - livereload: - enabled: false # we use Webpack dev server + BrowserSync for livereload jackson: serialization: indent-output: true datasource: - type: com.zaxxer.hikari.HikariDataSource url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - username: root - password: - hikari: - poolName: Hikari - auto-commit: false - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 250 - prepStmtCacheSqlLimit: 2048 - useServerPrepStmts: true - jpa: - database-platform: org.hibernate.dialect.MySQL8Dialect - database: MYSQL - show-sql: false liquibase: contexts: dev - mail: - host: localhost - port: 25 - username: - password: messages: cache-duration: PT1S # 1 second, see the ISO 8601 standard thymeleaf: @@ -61,7 +39,6 @@ spring: localInstances: true server: - port: 8080 url: https://artemislocal.ase.in.tum.de # =================================================================== @@ -79,26 +56,11 @@ jhipster: exposed-headers: "Authorization,Link,X-Total-Count" allow-credentials: true max-age: 1800 - security: - authentication: - jwt: - # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - # Token is valid 24 hours - token-validity-in-seconds: 86400 - token-validity-in-seconds-for-remember-me: 2592000 mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost base-url: http://127.0.0.1:8080 logging: use-json-format: false # By default, logs are not in Json format - logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration - enabled: false - host: localhost - port: 5000 - queue-size: 512 - audit-events: - retention-period: 120 # Number of days before audit events are deleted. # Properties to be exposed on the /info management endpoint info: @@ -107,24 +69,11 @@ info: course-group-students: 'artemis-artemistutorial-students' courseShortName: 'artemistutorial' tours: - - cancel_tour: '' + # TODO: should these be named test or also tutorial like in prod? - code_editor_tour: 'test' - - course_overview_tour: '' - course_exercise_overview_tour: 'test' - - modeling_tour: 'UML Class Diagram' - programming_exercise_fail_tour: 'test' - programming_exercise_success_tour: 'test' - - tutor_assessment_tour: 'Patterns in Software Engineering' - contact: artemis.in@tum.de #default value, can be overridden if needed # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to true for development environment text-assessment-analytics-enabled: true - -# Eureka configuration -eureka: - instance: - prefer-ip-address: true - client: - enabled: false # By default, the JHipster Registry is not used in the "dev" profile - service-url: - defaultZone: http://admin:${jhipster.registry.password}@localhost:8761/eureka/ diff --git a/src/main/resources/config/application-gitlab.secrets.yml b/src/main/resources/config/application-gitlab.secrets.yml new file mode 100644 index 000000000000..57225d7f8384 --- /dev/null +++ b/src/main/resources/config/application-gitlab.secrets.yml @@ -0,0 +1,13 @@ +# =================================================================== +# GitLab specific properties: this file will only be loaded during startup if the profile gitlab is active +# +# This configuration overrides the application.yml file. +# =================================================================== +artemis: + version-control: + user: root + password: artemis_admin # created in Gitlab Server Quickstart step 2 + token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 + ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 + health-api-token: + ssh-private-key-password: diff --git a/src/main/resources/config/application-gitlab.yml b/src/main/resources/config/application-gitlab.yml index 8efda4f9fb80..eafe6f412411 100644 --- a/src/main/resources/config/application-gitlab.yml +++ b/src/main/resources/config/application-gitlab.yml @@ -3,6 +3,14 @@ # # This configuration overrides the application.yml file. # =================================================================== +artemis: + version-control: + url: http://localhost:8081 + ssh-template-clone-url: + ssh-keys-url-path: /-/profile/keys + ssh-private-key-folder-path: /opt/keys + default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS + versionControlAccessToken: true gitlab: # The following (optional) parameter allows to enable the use of pseudonyms. diff --git a/src/main/resources/config/application-jenkins.secrets.yml b/src/main/resources/config/application-jenkins.secrets.yml new file mode 100644 index 000000000000..04b2c1dda6f4 --- /dev/null +++ b/src/main/resources/config/application-jenkins.secrets.yml @@ -0,0 +1,24 @@ +# =================================================================== +# Jenkins specific properties: this file will only be loaded during startup if the profile jenkins is active +# +# This configuration overrides the application.yml file. +# =================================================================== + +artemis: + continuous-integration: + user: artemis_admin + password: artemis_admin + # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control + # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications + # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan + # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then + # triggering the plan. + # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in + # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the + # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! + # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. + secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above + artemis-authentication-token-value: artemis_admin diff --git a/src/main/resources/config/application-jenkins.yml b/src/main/resources/config/application-jenkins.yml index 2e56f2a360bf..d334c5350a10 100644 --- a/src/main/resources/config/application-jenkins.yml +++ b/src/main/resources/config/application-jenkins.yml @@ -4,6 +4,18 @@ # This configuration overrides the application.yml file. # =================================================================== +artemis: + continuous-integration: + url: http://localhost:8082 + # Key of the saved credentials for the VCS service + # You have to specify the key from the credentials page in Jenkins under which the user and + # password for the VCS are stored + vcs-credentials: artemis_gitlab_admin_credentials + # Key of the credentials for the Artemis notification token + # You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored + artemis-authentication-token-key: artemis_notification_plugin_token + empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + jenkins: # The following (optional) parameter allows to customize if Jenkins CSRF protection should be used (activated) within Artemis: # see https://wiki.jenkins.io/display/JENKINS/Remote+access+API --> CSRF Protection diff --git a/src/main/resources/config/application-jira.secrets.yml b/src/main/resources/config/application-jira.secrets.yml new file mode 100644 index 000000000000..fad22ca12942 --- /dev/null +++ b/src/main/resources/config/application-jira.secrets.yml @@ -0,0 +1,5 @@ +artemis: + user-management: + external: + user: # e.g. ga12abc + password: diff --git a/src/main/resources/config/application-jira.yml b/src/main/resources/config/application-jira.yml new file mode 100644 index 000000000000..a38c3201cc19 --- /dev/null +++ b/src/main/resources/config/application-jira.yml @@ -0,0 +1,11 @@ +artemis: + user-management: + use-external: true + external: + url: https://jira.ase.in.tum.de + admin-group-name: tumuser + password-reset: + credential-provider: TUMonline + links: + en: "https://campus.tum.de/tumonline/ee/ui/ca2/app/desktop/#/pl/ui/$ctx/co_loc_password_reset.main?$ctx=design=ca2;header=max;lang=en" + de: "https://campus.tum.de/tumonline/ee/ui/ca2/app/desktop/#/pl/ui/$ctx/co_loc_password_reset.main?$ctx=design=ca2;header=max;lang=de" diff --git a/src/main/resources/config/application-ldap.secrets.yml b/src/main/resources/config/application-ldap.secrets.yml new file mode 100644 index 000000000000..77e088e00089 --- /dev/null +++ b/src/main/resources/config/application-ldap.secrets.yml @@ -0,0 +1,4 @@ +artemis: + user-management: + ldap: + password: diff --git a/src/main/resources/config/application-ldap.yml b/src/main/resources/config/application-ldap.yml new file mode 100644 index 000000000000..29700f3240c4 --- /dev/null +++ b/src/main/resources/config/application-ldap.yml @@ -0,0 +1,7 @@ +artemis: + user-management: + ldap: + url: "ldaps://iauth.tum.de:636" + user-dn: "cn=TUINI01-Artemis,ou=bindDNs,ou=iauth,dc=tum,dc=de" + base: "ou=users,ou=data,ou=prod,ou=iauth,dc=tum,dc=de" + allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde diff --git a/src/main/resources/config/application-prod.yml b/src/main/resources/config/application-prod.yml index 140077340bff..ed7ef7465024 100644 --- a/src/main/resources/config/application-prod.yml +++ b/src/main/resources/config/application-prod.yml @@ -13,6 +13,7 @@ # http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html # =================================================================== +# TODO: different setting in ansible prod? which one here? management: metrics: export: @@ -23,56 +24,14 @@ spring: devtools: restart: enabled: false - livereload: - enabled: false datasource: - type: com.zaxxer.hikari.HikariDataSource url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - username: root - password: - hikari: - poolName: Hikari - auto-commit: false - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 250 - prepStmtCacheSqlLimit: 2048 - useServerPrepStmts: true - jpa: - database-platform: org.hibernate.dialect.MySQL8Dialect - database: MYSQL - show-sql: false liquibase: - contexts: prod - mail: - host: localhost - port: 25 - username: - password: + contexts: prodzs thymeleaf: cache: true -# =================================================================== -# To enable TLS in production, generate a certificate using: -# keytool -genkey -alias artemis -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 -# -# You can also use Let's Encrypt: -# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm -# -# Then, modify the server.ssl properties so your "server" configuration looks like: -# -# server: -# port: 443 -# ssl: -# key-store: classpath:config/tls/keystore.p12 -# key-store-password: password -# key-store-type: PKCS12 -# key-alias: Artemis -# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/) -# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA -# =================================================================== server: - port: 8080 compression: enabled: true mime-types: text/html,text/xml,text/plain,text/css,application/javascript,application/json,image/svg+xml @@ -85,48 +44,18 @@ server: # =================================================================== jhipster: - http: - cache: # Used by the CachingHttpHeadersFilter - timeToLiveInDays: 1461 - security: - authentication: - jwt: - # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) - # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: - # - In the JHipster Registry (which includes a Spring Cloud Config server) - # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file - # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - # Token is valid 24 hours - token-validity-in-seconds: 86400 - token-validity-in-seconds-for-remember-me: 2592000 mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost base-url: http://my-server-url-to-change # Modify according to your server's URL - logging: - logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration - enabled: false - host: localhost - port: 5000 - queue-size: 512 - audit-events: - retention-period: 120 # Number of days before audit events are deleted. # Properties to be exposed on the /info management endpoint info: guided-tour: - courseShortName: 'artemistutorial' - course-group-students: 'artemis-artemistutorial-students' tours: - - cancel_tour: '' - code_editor_tour: 'tutorial' - - course_overview_tour: '' - course_exercise_overview_tour: 'tutorial' - - modeling_tour: 'UML Class Diagram' - programming_exercise_fail_tour: 'tutorial' - programming_exercise_success_tour: 'tutorial' - - tutor_assessment_tour: 'Patterns in Software Engineering' - contact: artemis.in@tum.de #default value, can be overridden on the server test-server: false # false --> production, true --> test server, --> empty == local # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to false in production diff --git a/src/main/resources/config/application-tls.yml b/src/main/resources/config/application-tls.yml deleted file mode 100644 index 1e7cef3a229c..000000000000 --- a/src/main/resources/config/application-tls.yml +++ /dev/null @@ -1,19 +0,0 @@ -# =================================================================== -# Activate this profile to enable TLS and HTTP/2. -# -# JHipster has generated a self-signed certificate, which will be used to encrypt traffic. -# As your browser will not understand this certificate, you will need to import it. -# -# Another (easiest) solution with Chrome is to enable the "allow-insecure-localhost" flag -# at chrome://flags/#allow-insecure-localhost -# =================================================================== -server: - ssl: - key-store: classpath:config/tls/keystore.p12 - key-store-password: password - key-store-type: PKCS12 - key-alias: selfsigned - ciphers: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - enabled-protocols: TLSv1.2 - http2: - enabled: true diff --git a/src/main/resources/config/application.secrets.yml b/src/main/resources/config/application.secrets.yml new file mode 100644 index 000000000000..8b10f4cb3656 --- /dev/null +++ b/src/main/resources/config/application.secrets.yml @@ -0,0 +1,24 @@ +spring: + datasource: + username: root + password: + mail: + username: + password: + websocket: + broker: + username: guest + password: guest + +jhipster: + security: + authentication: + jwt: + # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) + # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: + # - In the JHipster Registry (which includes a Spring Cloud Config server) + # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file + # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable + base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= + registry: + password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index df0d80085cb3..a0ef8d03cb9a 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -14,6 +14,8 @@ # http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html # =================================================================== +# TODO: recheck application-prod deletions vs ansible prod as this could lead to problems on production!!! + logging: level: ROOT: INFO @@ -26,47 +28,6 @@ logging: max-history: 90 total-size-cap: "10GB" -artemis: - version: #project.version# - file-upload-path: uploads - submission-export-path: exports - bcrypt-salt-rounds: 11 #default value, see application-artemis.yml for more information how to override and customize this value - external-system-request: - batch-size: 50 # wait the time below after 50 requests - batch-waiting-time: 30000 # in ms = 30s - continuous-integration: - # Defines the used docker images for certain programming languages. - # For each language at least the `default` image has to be defined. - # This `default` option will be overridden by more specific project type - # definitions. - build: - images: - java: - # possible overrides: maven, gradle - default: "ls1tum/artemis-maven-template:java17-11" - kotlin: - # possible overrides: maven, gradle - default: "ls1tum/artemis-maven-template:java17-11" - empty: - default: "ls1tum/artemis-maven-template:java17-11" - python: - default: "ls1tum/artemis-python-docker:latest" - c: - # possible overrides: gcc, fact - default: "ls1tum/artemis-c-docker:latest" - fact: "sharingcodeability/fact:latest" - haskell: - default: "ghcr.io/b-fein/artemis-haskell:v19.30.0" - vhdl: - default: "tizianleonhardt/era-artemis-vhdl:latest" - assembler: - default: "tizianleonhardt/era-artemis-assembler:latest" - swift: - # possible overrides: xcode - default: "norionomura/swiftlint:latest" - ocaml: - default: "ls1tum/artemis-ocaml-docker:v1" - management: endpoints: web: @@ -123,6 +84,20 @@ management: spring: application: name: Artemis + devtools: + livereload: + enabled: false # we use Webpack dev server + BrowserSync for livereload + datasource: + type: com.zaxxer.hikari.HikariDataSource + # TODO: maximumPoolSize: 100 just in ansible? + hikari: + poolName: Hikari + auto-commit: false + data-source-properties: + cachePrepStmts: true + prepStmtCacheSize: 250 + prepStmtCacheSqlLimit: 2048 + useServerPrepStmts: true jmx: enabled: false cloud: @@ -134,6 +109,8 @@ spring: repositories: bootstrap-mode: deferred jpa: + database-platform: org.hibernate.dialect.MySQL8Dialect + database: MYSQL open-in-view: false show-sql: false hibernate: @@ -178,6 +155,10 @@ spring: thread-name-prefix: artemis-scheduling- pool: size: 2 + # TODO: different from ansible + mail: + host: localhost + port: 25 thymeleaf: mode: HTML output: @@ -191,8 +172,6 @@ spring: timeout-per-shutdown-phase: 10 websocket: broker: - username: guest - password: guest addresses: "" # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") hazelcast: interface: "127.0.0.1" # The interface to bind to, if non is set, all interfaces will be bound @@ -223,7 +202,9 @@ springdoc: path: /api.html operationsSorter: method +# TODO: different values in ansible not sure if needed here server: + port: 8080 servlet: session: cookie: @@ -241,16 +222,28 @@ sentry: # Properties to be exposed on the /info management endpoint info: + guided-tour: + courseShortName: 'artemistutorial' + # TODO: missing on purpose for ansible? + # Names of the tutorial groups that will be automatically added to newly created users + course-group-students: 'artemis-artemistutorial-students' + tours: + - cancel_tour: '' + - course_overview_tour: '' + - modeling_tour: 'UML Class Diagram' + - programming_exercise_success_tour: 'tutorial' + # TODO: missing on purpose for ansible? + - tutor_assessment_tour: 'Patterns in Software Engineering' + contact: artemis.in@tum.de #default value, can be overridden if needed # Comma separated list of profiles that will trigger the ribbon to show display-ribbon-on-profiles: "dev" + # TODO: do we really want sentry here? sentry: dsn: https://8c6b41ec2d4245e8bd3ec9541d53f625@sentry.io/1440029 # Leave empty to disable Sentry, must be a valid URI # Allowed Orion version range. Should only be changed on major version releases allowed-minimum-orion-version: 1.0.0 - # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled - # default value set to false - text-assessment-analytics-enabled: false student-exam-store-session-data: true + # TODO: imprint only in ansible? # =================================================================== # JHipster specific properties @@ -261,6 +254,11 @@ info: jhipster: clientApp: name: 'artemisApp' + security: + authentication: + jwt: + token-validity-in-seconds: 86400 # Token is valid 24 hours + token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days # By default CORS is disabled. Uncomment to enable. #cors: #allowed-origin-patterns: "*" @@ -269,10 +267,14 @@ jhipster: #exposed-headers: "Authorization,Link,X-Total-Count" #allow-credentials: true #max-age: 1800 - mail: - from: artemis@localhost - registry: - password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) + logging: + logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration + enabled: false + host: localhost + port: 5000 + queue-size: 512 + audit-events: + retention-period: 120 # Number of days before audit events are deleted. http: cache: # Used by the CachingHttpHeadersFilter timeToLiveInDays: 1461 diff --git a/src/main/resources/config/tls/keystore.p12 b/src/main/resources/config/tls/keystore.p12 deleted file mode 100644 index 3a9e4ca20b30e99210f9cb4a3de65463d3a6a24b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2607 zcmY+EXEYp&7KNu7j2>f@L6l(h(c45BSIrfj5H%4cK@v4uFhm!fXwh4YG6+$km#ERA zK7uIGqIcqXZ@qW#x+HSH`T3!7Fn$majK+~JLrM8U)I&}vfW*LT9O*X*j&$V4 z9z^4aUj8E@dIZ4{S=`vBH)8}P``;Bg3<%1`K`ziZ$O)Pk3j4o(^Bf6*^R<6wd>6qJ zcj49fwxXR-S`*pn1p)&)bRam$7r!{bnYIHSIOFMIg$>Y}eC!^dMpGA{ig5bw?ES?` zZuOvbzQiix8S95Rf+GM^ASMy0nS^R^#9&f2X$aX<1R2^s1FoP+$&{%$%4b2#N7f|; zgA;v;RD(f$8KW@R*W(CT$6(#6DH4|il&6`g-$>0)(;&l@wY>XVTk_@U1c?mYN&$7} zwZ%?nJx)JkRMpC2dE5#mhjny@oi+|o>^<%6?&qI^)nM*FYC9RToiGr_enTF1@>3_O zgq=JTJ!E>+oo^*bEJi|@wJq6oReHYpL$JfW-lD0cOVcZI(WGIP4(brK&?l0T@}RxdJqtL#r>Zv1mM4i`O4XU@u@-MvmX33`pEEp|m%}N(6(pE{tc6$Fq@8592n`Yo zDxayuy@;-B7U*-2OlY)6esEvd9-H+Vc#&L2D=x;>y+06=rjU@NC;u4ZzzZ3#SQ*b> z{(U=5W+)F{7qjZW+q3eTC(mqq6)-DgNzub4p_jIWFfR@}K6bSFlWy}%9|2u6t6jY9 zYqZKvj=7jK4s&o%7orlK_6>$kBc0$Kj1_PZBB7+=p9V2K)w zMBJx=2*b2}L{rnI4t_qo5aN|TTP&@I z@y`O`An~knEWolm4V=Yay`7l_T47FKbrfv1OR-Y1Y}oaDuGS55*(iYw@(}H4a_DqA z<7wwIs{NeZyRr*xWwE5?LvRILyb9}zdLE03DWAt(-HG+bD_S)FW27iHU&LcRh!Rh8XE zTh^`n4kEuX-i&E1=0wa3e`=#RSqJBz4tAzIP74j1DI4Jczm_;rr}^1O0L zrv9l3(js#cSiK!z)nff#o5^s10??%3;x5bt*5TH7Efkks`=tcB>Y~HMKEGULF((@q zAmIveBu!tdHBC#-1}9dA`=iD{3=i^B(_w9`=Y~{O;PB9#NA*m4&KvDpYe#QmSAOtM z>~~$2PuR?OU0v(akD5(ZVq?BRt(J}?W|Gv4DVWG6II;#$j!;zBez zWMfax=}P!xcXgY6UR^q+lwLDLmzyOC*+*nE=AmB!1|4xAaAT9Jiq)mzrE0rLTc+!zhDJ3GtxttdzN%(;8u(Qn?Nzf-w56totyjjKxMZX*C=Nb2a zwK}kZeNmSBt;8Rd`_lGE-L84m>6pk$-v|??k&5@v<6{kPyP-w~3vktg5nRqN-veh+ z`i@)@hPw1e8gjt)$AzXdZ)`&YS;VG+QXdl)>bv~%nqEd(2#yzM28#DHg+AUQkbN7O> z3)_}l7zmBzOQ)r&M;*70`YwZ$Wpb`ReI%@-uR#D*h=0evZ&{Qzc|l;7&4EW6RJkG> z^+5p~$rN6fxW3|~D}F!eW_DpNGUhJ zLXJsY^paQ6&FiBIH&<&<|LJ_{uzL%e3i9&s>Mr@iv7708O&a1DD~&;& zmbl zvlQJ-?Av0*O=LNUYjY+gBe%~kDUI8`pT#7oer`+sz8Ur#@Kt|o_qM;{LJUq&^@QNn zaZ2)wtZ!vwY)YL3Rg!%5OMXA6obrHKzJG&87S$vDz$@JE&GZv)mDR$@`k2QAqjr7J zdCK8e+u({|4*&EuS-EdL+pt6^em8~a+K_#k#~j~IoF=B`-M-yq>&xL#HF?A>Xn$U| zgDN^0%x`0dr0@2&JocD*L6KhmpRpH#l#>Q+to!koS++jx zLh^5^Q2DDnJxi8qTM=Dmp|p%#cX*$hBdS6Kuc1lb<)LHwmIpOJmh_l$26|j8kaSuXsdOi4f!oyjKrlhmexBV}i)S!W?Kf2Poo^2B zYV26~1*J!Zs+IIzC*@1}y>&qxWV#h@&8uHMFCkaJ(8-NgcAuONnc&?Tt=rcIgLn(neb8S$E4Qgt&a|t4|8PBCQWe zY>cv;7CiGL={Td8tZh$^-x&xlG_n5dkKi97dtLWQNB3#CfY5JU>yWuN*$L?$xv~2k zZ(ce%>=#LU`Mg>>{~5i*pl1EUsAb~&!0j2uwcaThg}*KN3|bz|jwXc?@l%39Ohf<( z+{F{}Cbwz3j>hE*3omx45nRh8g}^bWPVV8vz+^brU4x9yd0yYe++YwG7?S;Or{&Cz From f87f8ff7554c74542f400f0e51e464cb26045ea2 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Wed, 7 Dec 2022 23:05:39 +0100 Subject: [PATCH 025/174] Revert "Merge remote-tracking branch 'origin/bugfix/jenkins/user-vs-group-permissions' into develop-deployment-wg" This reverts commit 69caa832ccd76e9d966424093eee0d3f3cb2c8be, reversing changes made to 355ed0434151501896920d0cff95569bb3f0ee11. --- .../jobs/JenkinsJobPermissionsUtils.java | 38 ++----- .../jobs/JenkinsJobPermissionsUtilsTest.java | 102 ------------------ 2 files changed, 10 insertions(+), 130 deletions(-) delete mode 100644 src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java diff --git a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java index b996e009dc71..41ef2fb4938b 100644 --- a/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java +++ b/src/main/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtils.java @@ -1,24 +1,11 @@ package de.tum.in.www1.artemis.service.connectors.jenkins.jobs; -import java.util.ArrayList; -import java.util.List; import java.util.Set; import org.w3c.dom.*; public class JenkinsJobPermissionsUtils { - /** - * Modern versions (>= 3.0) of the Matrix Authorization Strategy Plugin in - * Jenkins use a prefix to discern between permissions affecting individual - * users or groups. - */ - private static final String USER_PERMISSIONS_PREFIX = "USER:"; - - private JenkinsJobPermissionsUtils() { - throw new IllegalAccessError("Utility Class"); - } - public static void removePermissionsFromFolder(Document jobConfig, Set permissionsToRemove, Set userLogins) throws DOMException { var folderAuthorizationMatrix = "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty"; removePermissionsFromElement(folderAuthorizationMatrix, jobConfig, permissionsToRemove, userLogins); @@ -59,20 +46,15 @@ private static void removePermissionsFromElement(String elementTagName, Document * @param permission the permission to remove */ private static void removePermission(Node authorizationMatrix, String permission) throws DOMException { - final NodeList permissionNodes = authorizationMatrix.getChildNodes(); - final int nodeCount = permissionNodes.getLength(); - - final List toRemove = new ArrayList<>(); - + NodeList permissionNodes = authorizationMatrix.getChildNodes(); + int nodeCount = permissionNodes.getLength(); for (int i = 0; i < nodeCount; i++) { - final Node permissionNode = permissionNodes.item(i); - final String existingPermission = permissionNode.getTextContent(); - if (existingPermission.equals(permission) || existingPermission.equals(USER_PERMISSIONS_PREFIX + permission)) { - toRemove.add(permissionNode); + Node permissionNode = permissionNodes.item(i); + if (permissionNode.getTextContent().equals(permission)) { + authorizationMatrix.removeChild(permissionNode); + return; } } - - toRemove.forEach(authorizationMatrix::removeChild); } public static void addPermissionsToFolder(Document folderConfig, Set jenkinsJobPermissions, Set userLogins) throws DOMException { @@ -127,9 +109,9 @@ private static Element getOrCreateAuthorizationMatrixPropertyElement(String auth * {@code * * ...existing permissions - * USER:hudson.model.the.jenkins.permission1:userLogin + * hudson.model.the.jenkins.permission1:userLogin * ... - * USER:hudson.model.the.jenkins.permission:userLogin + * hudson.model.the.jenkins.permissionn:userLogin * * } * @@ -142,12 +124,12 @@ private static void addPermissionsToAuthorizationMatrix(Document document, Eleme NodeList existingPermissionElements = authorizationMatrixElement.getElementsByTagName("permission"); jenkinsJobPermissions.forEach(jenkinsJobPermission -> { // The permission in the xml node has the format: com.jenkins.job.permission:user-login - String permission = USER_PERMISSIONS_PREFIX + jenkinsJobPermission.getName() + ":" + userLogin; + String permission = jenkinsJobPermission.getName() + ":" + userLogin; // Add the permission if it doesn't exist. boolean permissionExists = permissionExistInPermissionList(existingPermissionElements, permission); if (!permissionExists) { - // Permission element has format USER:com.jenkins.job.permission:user-login + // Permission element has format com.jenkins.job.permission:user-login Element permissionElement = document.createElement("permission"); permissionElement.setTextContent(permission); authorizationMatrixElement.appendChild(permissionElement); diff --git a/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java b/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java deleted file mode 100644 index 11f3f4ca302d..000000000000 --- a/src/test/java/de/tum/in/www1/artemis/service/connectors/jenkins/jobs/JenkinsJobPermissionsUtilsTest.java +++ /dev/null @@ -1,102 +0,0 @@ -package de.tum.in.www1.artemis.service.connectors.jenkins.jobs; - -import static org.assertj.core.api.Assertions.assertThat; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; -import java.util.stream.Collectors; - -import javax.xml.transform.TransformerException; - -import org.junit.jupiter.api.Test; -import org.w3c.dom.Document; -import org.w3c.dom.NodeList; - -import de.tum.in.www1.artemis.service.util.XmlFileUtils; - -class JenkinsJobPermissionsUtilsTest { - - @Test - void testRemovePermissionsFromFolder() throws TransformerException { - final Document folderConfig = XmlFileUtils.readFromString(""" - - - - - - - - hudson.model.Item.Build:instructor1 - hudson.model.Item.Cancel:instructor1 - hudson.model.Item.Configure:instructor1 - hudson.model.Item.Create:instructor1 - hudson.model.Item.Delete:instructor1 - hudson.model.Item.Read:instructor1 - hudson.model.Item.Workspace:instructor1 - hudson.model.Run.Delete:instructor1 - hudson.model.Run.Replay:instructor1 - hudson.model.Run.Update:instructor1 - hudson.scm.SCM.Tag:instructor1 - USER:hudson.model.Item.Build:instructor1 - USER:hudson.model.Item.Cancel:instructor1 - USER:hudson.model.Item.Configure:instructor1 - USER:hudson.model.Item.Create:instructor1 - USER:hudson.model.Item.Delete:instructor1 - USER:hudson.model.Item.Read:instructor1 - USER:hudson.model.Item.Workspace:instructor1 - USER:hudson.model.Run.Delete:instructor1 - USER:hudson.model.Run.Replay:instructor1 - USER:hudson.model.Run.Update:instructor1 - USER:hudson.scm.SCM.Tag:instructor1 - - - - """); - final Set allPermissions = Arrays.stream(JenkinsJobPermission.values()).collect(Collectors.toUnmodifiableSet()); - - JenkinsJobPermissionsUtils.removePermissionsFromFolder(folderConfig, allPermissions, Set.of("instructor1")); - - final var updatedPermissions = folderConfig.getElementsByTagName("permission"); - assertThat(updatedPermissions.getLength()).as("Document should contain no permissions:\n" + XmlFileUtils.writeToString(folderConfig)).isEqualTo(0); - } - - @Test - void testAddPermissionsToFolder() { - final Document folderConfig = XmlFileUtils.readFromString(""" - - - - - - - - """); - final Set permissions = Set.of(JenkinsJobPermission.JOB_CREATE, JenkinsJobPermission.RUN_DELETE); - - JenkinsJobPermissionsUtils.addPermissionsToFolder(folderConfig, permissions, Set.of("instructor1")); - - final var createdPermissions = folderConfig.getElementsByTagName("permission"); - assertThat(createdPermissions.getLength()).isEqualTo(2); - - final var actualPermissions = getPermissions(folderConfig); - final var expectedPermissions = Set.of(getPermission(JenkinsJobPermission.JOB_CREATE, "instructor1"), getPermission(JenkinsJobPermission.RUN_DELETE, "instructor1")); - assertThat(actualPermissions).hasSameElementsAs(expectedPermissions); - } - - private static String getPermission(JenkinsJobPermission permission, String username) { - return String.format("USER:%s:%s", permission.getName(), username); - } - - private static Set getPermissions(final Document document) { - final Set permissionValues = new HashSet<>(); - final NodeList permissions = document.getElementsByTagName("permission"); - - for (int i = 0; i < permissions.getLength(); ++i) { - final String permissionValue = permissions.item(i).getTextContent(); - permissionValues.add(permissionValue); - } - - return permissionValues; - } -} From 2ecef470ece075f6b50ff0612acd19784cf139da Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 09:27:42 +0100 Subject: [PATCH 026/174] add artemis prod docker --- docker-compose.yml | 6 ++--- src/main/docker/artemis-dev-mysql.yml | 2 -- src/main/docker/artemis-prod-mysql.yml | 33 ++++++++++++++++++++++++++ src/main/docker/artemis/artemis.yml | 3 ++- 4 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 src/main/docker/artemis-prod-mysql.yml diff --git a/docker-compose.yml b/docker-compose.yml index 63b3f11bc3c6..e052e2104397 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,17 +2,17 @@ # Artemis-Dev-MySQL Setup # ---------------------------------------------------------------------------------------------------------------------- -# this links to /src/main/docker/artemis-dev-mysql.yml which is the default artemis development docker compose setup +# this links to /src/main/docker/artemis-prod-mysql.yml which is the default artemis development docker compose setup # just using a symlink doesn't work because of the relative paths ;) services: artemis-app: extends: - file: ./src/main/docker/artemis-dev-mysql.yml + file: ./src/main/docker/artemis-prod-mysql.yml service: artemis-app mysql: extends: - file: ./src/main/docker/artemis-dev-mysql.yml + file: ./src/main/docker/artemis-prod-mysql.yml service: mysql networks: diff --git a/src/main/docker/artemis-dev-mysql.yml b/src/main/docker/artemis-dev-mysql.yml index 3cca46f34055..1981d260c910 100644 --- a/src/main/docker/artemis-dev-mysql.yml +++ b/src/main/docker/artemis-dev-mysql.yml @@ -2,8 +2,6 @@ # Artemis-Dev-MySQL Setup # ---------------------------------------------------------------------------------------------------------------------- -# this is the default artemis development setup also linked to in the docker-compose.yml in the project root - services: artemis-app: extends: diff --git a/src/main/docker/artemis-prod-mysql.yml b/src/main/docker/artemis-prod-mysql.yml new file mode 100644 index 000000000000..91e8665e3834 --- /dev/null +++ b/src/main/docker/artemis-prod-mysql.yml @@ -0,0 +1,33 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Artemis-Prod-MySQL Setup +# ---------------------------------------------------------------------------------------------------------------------- + +# this is the default artemis development setup also linked to in the docker-compose.yml in the project root + +services: + artemis-app: + extends: + file: ./artemis/artemis.yml + service: artemis-app + command: > + /bin/sh -c + '/usr/local/bin/wait-for -t 0 artemis-mysql:3306 + && /run_artemis.sh' + volumes: + - ./scripts/wait-for.sh:/usr/local/bin/wait-for:ro + depends_on: + - mysql + mysql: + extends: + file: mysql.yml + service: mysql + +networks: + artemis: + driver: "bridge" + name: artemis +volumes: + artemis-mysql-data: + name: artemis-mysql-data + artemis-data: + name: artemis-data diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index 2e6a02abf047..5810e6a96f1f 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -8,6 +8,7 @@ services: # TODO: add support for armv8 platform: linux/x86_64 # TODO: add hint in documentation or here: build vs pre-built image from registry + # TODO: change to develop again before merging image: ghcr.io/ls1intum/artemis:pr-5915 build: context: ../../../.. @@ -24,7 +25,7 @@ services: # the following environments are necessary for docker images orchestrated by docker compose environment: _JAVA_OPTIONS: -Xmx5120m -Xms2560m - SPRING_PROFILES_ACTIVE: dev,bamboo,bitbucket,jira,artemis,scheduling,athene,docker,local + SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,docker,prod,local # TODO: add a restart at a certain stage for prod systems for sure, not sure about dev systems?, discuss # restart: unless-stopped ports: From 0216de8bba1407b80ce213ce08a246810d045b0d Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 11:25:50 +0100 Subject: [PATCH 027/174] solution for secret default configurations --- src/main/docker/artemis/artemis.yml | 2 +- .../config/application-artemis.secrets.yml | 6 -- .../resources/config/application-artemis.yml | 5 ++ .../config/application-athene.secrets.yml | 3 - .../resources/config/application-athene.yml | 1 + .../config/application-bamboo.secrets.yml | 9 --- .../resources/config/application-bamboo.yml | 9 +++ .../config/application-bitbucket.secrets.yml | 6 -- .../config/application-bitbucket.yml | 7 ++ .../config/application-gitlab.secrets.yml | 13 ---- .../resources/config/application-gitlab.yml | 6 ++ .../config/application-jenkins.secrets.yml | 24 ------ .../resources/config/application-jenkins.yml | 18 ++++- .../config/application-jira.secrets.yml | 5 -- .../resources/config/application-jira.yml | 3 + .../config/application-ldap.secrets.yml | 4 - .../resources/config/application-ldap.yml | 1 + .../application-local-secrets.yml.sample | 74 +++++++++++++++++++ .../resources/config/application.secrets.yml | 24 ------ src/main/resources/config/application.yml | 14 ++++ 20 files changed, 138 insertions(+), 96 deletions(-) delete mode 100644 src/main/resources/config/application-artemis.secrets.yml delete mode 100644 src/main/resources/config/application-athene.secrets.yml delete mode 100644 src/main/resources/config/application-bamboo.secrets.yml delete mode 100644 src/main/resources/config/application-bitbucket.secrets.yml delete mode 100644 src/main/resources/config/application-gitlab.secrets.yml delete mode 100644 src/main/resources/config/application-jenkins.secrets.yml delete mode 100644 src/main/resources/config/application-jira.secrets.yml delete mode 100644 src/main/resources/config/application-ldap.secrets.yml create mode 100644 src/main/resources/config/application-local-secrets.yml.sample delete mode 100644 src/main/resources/config/application.secrets.yml diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index 5810e6a96f1f..d79a3e5565fe 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -25,7 +25,7 @@ services: # the following environments are necessary for docker images orchestrated by docker compose environment: _JAVA_OPTIONS: -Xmx5120m -Xms2560m - SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,docker,prod,local + SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,docker,prod,local-secrets,local # TODO: add a restart at a certain stage for prod systems for sure, not sure about dev systems?, discuss # restart: unless-stopped ports: diff --git a/src/main/resources/config/application-artemis.secrets.yml b/src/main/resources/config/application-artemis.secrets.yml deleted file mode 100644 index 6713cd0c2d75..000000000000 --- a/src/main/resources/config/application-artemis.secrets.yml +++ /dev/null @@ -1,6 +0,0 @@ -artemis: - encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values - user-management: - internal-admin: - username: artemis_admin - password: artemis_admin diff --git a/src/main/resources/config/application-artemis.yml b/src/main/resources/config/application-artemis.yml index 4e2628bfffb7..5d67956e5029 100644 --- a/src/main/resources/config/application-artemis.yml +++ b/src/main/resources/config/application-artemis.yml @@ -9,6 +9,8 @@ artemis: repo-download-clone-path: ./repos-download # a temporary folder, in which git repos are downloaded that are immediately deleted afterwards (e.g. exports, plagiarism checks), should NOT be in a shared file system area file-upload-path: uploads submission-export-path: exports + # LEGACY: arbitrary password for encrypting database values + # encryption-password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml bcrypt-salt-rounds: 11 # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark external-system-request: @@ -16,6 +18,9 @@ artemis: batch-waiting-time: 30000 # in ms = 30s user-management: use-external: false + internal-admin: + # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml registration: # the whole section is optional: whether user can register in Artemis enabled: false allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(tum\.de|in\.tum\.de|mytum\.de)' diff --git a/src/main/resources/config/application-athene.secrets.yml b/src/main/resources/config/application-athene.secrets.yml deleted file mode 100644 index 608cc8f650b3..000000000000 --- a/src/main/resources/config/application-athene.secrets.yml +++ /dev/null @@ -1,3 +0,0 @@ -artemis: - athene: - base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= diff --git a/src/main/resources/config/application-athene.yml b/src/main/resources/config/application-athene.yml index e436a693611a..9549d36003c6 100644 --- a/src/main/resources/config/application-athene.yml +++ b/src/main/resources/config/application-athene.yml @@ -1,4 +1,5 @@ artemis: athene: url: http://localhost + # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml token-validity-in-seconds: 10800 diff --git a/src/main/resources/config/application-bamboo.secrets.yml b/src/main/resources/config/application-bamboo.secrets.yml deleted file mode 100644 index 4b7027ed01b2..000000000000 --- a/src/main/resources/config/application-bamboo.secrets.yml +++ /dev/null @@ -1,9 +0,0 @@ -artemis: - continuous-integration: - user: # e.g. ga12abc - password: - token: # Enter a valid token generated in Bamboo giving Artemis full Admin access - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # The token value you use for the Server Notification Plugin - artemis-authentication-token-value: diff --git a/src/main/resources/config/application-bamboo.yml b/src/main/resources/config/application-bamboo.yml index 56674df0a85f..02f470c882b6 100644 --- a/src/main/resources/config/application-bamboo.yml +++ b/src/main/resources/config/application-bamboo.yml @@ -1,5 +1,14 @@ artemis: continuous-integration: url: https://bamboo.ase.in.tum.de + # e.g. ga12abc + # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # Enter a valid token generated in Bamboo giving Artemis full Admin access + # token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin + # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml diff --git a/src/main/resources/config/application-bitbucket.secrets.yml b/src/main/resources/config/application-bitbucket.secrets.yml deleted file mode 100644 index 3d0564d02f99..000000000000 --- a/src/main/resources/config/application-bitbucket.secrets.yml +++ /dev/null @@ -1,6 +0,0 @@ -artemis: - version-control: - user: # e.g. ga12abc - password: - token: # VCS API token giving Artemis full Admin access. - ssh-private-key-password: # the password for the private ssh key diff --git a/src/main/resources/config/application-bitbucket.yml b/src/main/resources/config/application-bitbucket.yml index 0cf465cd43e9..b21475f6614c 100644 --- a/src/main/resources/config/application-bitbucket.yml +++ b/src/main/resources/config/application-bitbucket.yml @@ -1,6 +1,13 @@ artemis: version-control: url: https://bitbucket.ase.in.tum.de + # e.g. ga12abc + # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # VCS API token giving Artemis full Admin access. + # token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml ssh-template-clone-url: ssh://git@bitbucket.ase.in.tum.de:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' ssh-private-key-folder-path: /opt/keys # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server + # the password for the private ssh key + # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml diff --git a/src/main/resources/config/application-gitlab.secrets.yml b/src/main/resources/config/application-gitlab.secrets.yml deleted file mode 100644 index 57225d7f8384..000000000000 --- a/src/main/resources/config/application-gitlab.secrets.yml +++ /dev/null @@ -1,13 +0,0 @@ -# =================================================================== -# GitLab specific properties: this file will only be loaded during startup if the profile gitlab is active -# -# This configuration overrides the application.yml file. -# =================================================================== -artemis: - version-control: - user: root - password: artemis_admin # created in Gitlab Server Quickstart step 2 - token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 - ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 - health-api-token: - ssh-private-key-password: diff --git a/src/main/resources/config/application-gitlab.yml b/src/main/resources/config/application-gitlab.yml index eafe6f412411..fb13b39ec61b 100644 --- a/src/main/resources/config/application-gitlab.yml +++ b/src/main/resources/config/application-gitlab.yml @@ -6,9 +6,15 @@ artemis: version-control: url: http://localhost:8081 + # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # ci-token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # health-api-token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml ssh-template-clone-url: ssh-keys-url-path: /-/profile/keys ssh-private-key-folder-path: /opt/keys + # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS versionControlAccessToken: true diff --git a/src/main/resources/config/application-jenkins.secrets.yml b/src/main/resources/config/application-jenkins.secrets.yml deleted file mode 100644 index 04b2c1dda6f4..000000000000 --- a/src/main/resources/config/application-jenkins.secrets.yml +++ /dev/null @@ -1,24 +0,0 @@ -# =================================================================== -# Jenkins specific properties: this file will only be loaded during startup if the profile jenkins is active -# -# This configuration overrides the application.yml file. -# =================================================================== - -artemis: - continuous-integration: - user: artemis_admin - password: artemis_admin - # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control - # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications - # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan - # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then - # triggering the plan. - # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in - # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the - # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! - # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. - secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above - artemis-authentication-token-value: artemis_admin diff --git a/src/main/resources/config/application-jenkins.yml b/src/main/resources/config/application-jenkins.yml index d334c5350a10..5d3093443ebf 100644 --- a/src/main/resources/config/application-jenkins.yml +++ b/src/main/resources/config/application-jenkins.yml @@ -7,6 +7,19 @@ artemis: continuous-integration: url: http://localhost:8082 + # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control + # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications + # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan + # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then + # triggering the plan. + # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in + # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the + # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! + # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. + # secret-push-token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml # Key of the saved credentials for the VCS service # You have to specify the key from the credentials page in Jenkins under which the user and # password for the VCS are stored @@ -14,7 +27,10 @@ artemis: # Key of the credentials for the Artemis notification token # You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored artemis-authentication-token-key: artemis_notification_plugin_token - empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above + # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml jenkins: # The following (optional) parameter allows to customize if Jenkins CSRF protection should be used (activated) within Artemis: diff --git a/src/main/resources/config/application-jira.secrets.yml b/src/main/resources/config/application-jira.secrets.yml deleted file mode 100644 index fad22ca12942..000000000000 --- a/src/main/resources/config/application-jira.secrets.yml +++ /dev/null @@ -1,5 +0,0 @@ -artemis: - user-management: - external: - user: # e.g. ga12abc - password: diff --git a/src/main/resources/config/application-jira.yml b/src/main/resources/config/application-jira.yml index a38c3201cc19..12397bbdc7a0 100644 --- a/src/main/resources/config/application-jira.yml +++ b/src/main/resources/config/application-jira.yml @@ -3,6 +3,9 @@ artemis: use-external: true external: url: https://jira.ase.in.tum.de + # e.g. ga12abc + # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml admin-group-name: tumuser password-reset: credential-provider: TUMonline diff --git a/src/main/resources/config/application-ldap.secrets.yml b/src/main/resources/config/application-ldap.secrets.yml deleted file mode 100644 index 77e088e00089..000000000000 --- a/src/main/resources/config/application-ldap.secrets.yml +++ /dev/null @@ -1,4 +0,0 @@ -artemis: - user-management: - ldap: - password: diff --git a/src/main/resources/config/application-ldap.yml b/src/main/resources/config/application-ldap.yml index 29700f3240c4..1b743472444a 100644 --- a/src/main/resources/config/application-ldap.yml +++ b/src/main/resources/config/application-ldap.yml @@ -4,4 +4,5 @@ artemis: url: "ldaps://iauth.tum.de:636" user-dn: "cn=TUINI01-Artemis,ou=bindDNs,ou=iauth,dc=tum,dc=de" base: "ou=users,ou=data,ou=prod,ou=iauth,dc=tum,dc=de" + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde diff --git a/src/main/resources/config/application-local-secrets.yml.sample b/src/main/resources/config/application-local-secrets.yml.sample new file mode 100644 index 000000000000..d730874e3389 --- /dev/null +++ b/src/main/resources/config/application-local-secrets.yml.sample @@ -0,0 +1,74 @@ +#TODO: change this in dev setups and intellij profiles +#TODO: describe process in docs + +artemis: + encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values +# TODO: idea: comment to delete non needed profiles in application-local-secrets.yml +# bitbucket start + version-control: + user: # e.g. ga12abc + password: + token: + ssh-private-key-password: +# bitbucket end +# bamboo start + continuous-integration: + user: # e.g. ga12abc + password: + token: # Enter a valid token generated in Bamboo giving Artemis full Admin access + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin + artemis-authentication-token-value: +# bamboo end +# gitlab start + version-control: + user: root + password: artemis_admin # created in Gitlab Server Quickstart step 2 + token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 + ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 + health-api-token: + ssh-private-key-password: +# gitlab end +# jenkins start + continuous-integration: + user: artemis_admin + password: artemis_admin + secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 + artemis-authentication-token-value: artemis_admin +# jenkins end + user-management: + internal-admin: + username: artemis_admin + password: artemis_admin +# jira start + external: + user: # e.g. ga12abc + password: +# jira end +# ldap start + ldap: + password: +# ldap end + athene: + base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= + +spring: + datasource: + username: root + password: + mail: + username: + password: + websocket: + broker: + username: guest + password: guest + +jhipster: + security: + authentication: + jwt: + base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= + registry: + password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) diff --git a/src/main/resources/config/application.secrets.yml b/src/main/resources/config/application.secrets.yml deleted file mode 100644 index 8b10f4cb3656..000000000000 --- a/src/main/resources/config/application.secrets.yml +++ /dev/null @@ -1,24 +0,0 @@ -spring: - datasource: - username: root - password: - mail: - username: - password: - websocket: - broker: - username: guest - password: guest - -jhipster: - security: - authentication: - jwt: - # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) - # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: - # - In the JHipster Registry (which includes a Spring Cloud Config server) - # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file - # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - registry: - password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index a0ef8d03cb9a..af5e89b154f7 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -89,6 +89,8 @@ spring: enabled: false # we use Webpack dev server + BrowserSync for livereload datasource: type: com.zaxxer.hikari.HikariDataSource + # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml # TODO: maximumPoolSize: 100 just in ansible? hikari: poolName: Hikari @@ -158,6 +160,8 @@ spring: # TODO: different from ansible mail: host: localhost + # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml port: 25 thymeleaf: mode: HTML @@ -172,6 +176,8 @@ spring: timeout-per-shutdown-phase: 10 websocket: broker: + # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml addresses: "" # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") hazelcast: interface: "127.0.0.1" # The interface to bind to, if non is set, all interfaces will be bound @@ -257,6 +263,12 @@ jhipster: security: authentication: jwt: + # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) + # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: + # - In the JHipster Registry (which includes a Spring Cloud Config server) + # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file + # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable + # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml token-validity-in-seconds: 86400 # Token is valid 24 hours token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days # By default CORS is disabled. Uncomment to enable. @@ -267,6 +279,8 @@ jhipster: #exposed-headers: "Authorization,Link,X-Total-Count" #allow-credentials: true #max-age: 1800 + registry: + # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml logging: logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration enabled: false From fdcb18ffe3e660e62d966d7b8ae80ad867316ea1 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 11:32:15 +0100 Subject: [PATCH 028/174] readded fix for mapped volumes --- src/main/docker/artemis/run_artemis.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/docker/artemis/run_artemis.sh b/src/main/docker/artemis/run_artemis.sh index 5c9c68557eee..b775e34fc0a1 100644 --- a/src/main/docker/artemis/run_artemis.sh +++ b/src/main/docker/artemis/run_artemis.sh @@ -9,6 +9,10 @@ else RemoteDebuggingOption="" fi +# Fix for mapped volumes with different UID/GID which might block the process +# Ensure at least the directories are owned by artemis. "-R" takes too long +chown artemis:artemis config data + echo "Starting application..." exec java \ ${RemoteDebuggingOption} \ From ec46b3f5d07e74d0d73eb3a34b67ee1d11c0d6a5 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 12:07:54 +0100 Subject: [PATCH 029/174] fix docker profile and profile order --- src/main/docker/artemis/artemis.yml | 3 ++- src/main/resources/config/application-docker.yml | 11 +++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/docker/artemis/artemis.yml b/src/main/docker/artemis/artemis.yml index d79a3e5565fe..ed4c5ff429fa 100644 --- a/src/main/docker/artemis/artemis.yml +++ b/src/main/docker/artemis/artemis.yml @@ -21,11 +21,12 @@ services: volumes: - artemis-data:/opt/artemis/data - ../../resources/config/application-local.yml:/opt/artemis/config/application-local.yml:ro + - ../../resources/config/application-local-secrets.yml:/opt/artemis/config/application-local-secrets.yml:ro # environments can also be used for custom overrides (alternative to application-local.yml volume) # the following environments are necessary for docker images orchestrated by docker compose environment: _JAVA_OPTIONS: -Xmx5120m -Xms2560m - SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,docker,prod,local-secrets,local + SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,prod,docker,local-secrets,local # TODO: add a restart at a certain stage for prod systems for sure, not sure about dev systems?, discuss # restart: unless-stopped ports: diff --git a/src/main/resources/config/application-docker.yml b/src/main/resources/config/application-docker.yml index 0f4bfb79e9f4..3d2c44f349b1 100644 --- a/src/main/resources/config/application-docker.yml +++ b/src/main/resources/config/application-docker.yml @@ -1,12 +1,15 @@ # this profile contains the default variables for the docker compose setups # TODO: check if this can be solved different without having to load the docker profile -spring: - datasource: - url: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - artemis: course-archives-path: /opt/artemis/data/courses repo-clone-path: /opt/artemis/data/repos repo-download-clone-path: /opt/artemis/data/repos-download file-upload-path: /opt/artemis/data/uploads submission-export-path: /opt/artemis/data/exports + +spring: + datasource: + url: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC + +server: + url: http://artemis-app From 17cd23cd41af3228ad999e7e880d165f5e340cc2 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 12:11:12 +0100 Subject: [PATCH 030/174] fix codacy problem --- src/main/docker/artemis/run_artemis.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/docker/artemis/run_artemis.sh b/src/main/docker/artemis/run_artemis.sh index b775e34fc0a1..6fa7b479d129 100644 --- a/src/main/docker/artemis/run_artemis.sh +++ b/src/main/docker/artemis/run_artemis.sh @@ -15,7 +15,7 @@ chown artemis:artemis config data echo "Starting application..." exec java \ - ${RemoteDebuggingOption} \ + "${RemoteDebuggingOption}" \ -Djdk.tls.ephemeralDHKeySize=2048 \ -DLC_CTYPE=UTF-8 \ -Dfile.encoding=UTF-8 \ From 69b6bc391337362d8f9f14fc11a7e7072f27850f Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 14:37:15 +0100 Subject: [PATCH 031/174] removed not wanted docker compose setups and minor docker profile fix --- .../artemis-dev-mysql-gitlab-jenkins.yml | 53 ------------------- src/main/docker/artemis-dev-mysql.yml | 1 + src/main/docker/gitlab-jenkins-mysql.yml | 33 ------------ ...artemis-dev-mysql-gitlab-jenkins-local.yml | 28 ---------- 4 files changed, 1 insertion(+), 114 deletions(-) delete mode 100644 src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml delete mode 100644 src/main/docker/gitlab-jenkins-mysql.yml delete mode 100644 src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml diff --git a/src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml b/src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml deleted file mode 100644 index 0e9dff1a22d8..000000000000 --- a/src/main/docker/artemis-dev-mysql-gitlab-jenkins.yml +++ /dev/null @@ -1,53 +0,0 @@ -# ---------------------------------------------------------------------------------------------------------------------- -# Artemis-Dev-MySQL-GitLab-Jenkins Setup -# ---------------------------------------------------------------------------------------------------------------------- - -services: - artemis-app: - extends: - file: ./artemis/artemis.yml - service: artemis-app - ports: - - 5005:5005 # Java Remote Debugging port declared in the java cmd options - command: > - /bin/sh -c - '/usr/local/bin/wait-for -t 0 artemis-mysql:3306 - && /usr/local/bin/wait-for -t 0 http://gitlab/-/readiness - && /usr/local/bin/wait-for -t 0 http://jenkins:8080/login - && /run_artemis.sh' - volumes: - - ./specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml:/opt/artemis/config/application-local.yml:ro - - ./scripts/wait-for.sh:/usr/local/bin/wait-for:ro - environment: - SPRING_PROFILES_ACTIVE: dev,jenkins,gitlab,artemis,scheduling,athene,docker,local - JAVA_REMOTE_DEBUG: true - mysql: - extends: - file: mysql.yml - service: mysql - gitlab: - extends: - file: ./gitlab/gitlab.yml - service: gitlab - jenkins: - extends: - file: ./jenkins/jenkins.yml - service: jenkins - -networks: - artemis: - driver: "bridge" - name: artemis -volumes: - artemis-gitlab-data: - name: artemis-gitlab-data - artemis-gitlab-logs: - name: artemis-gitlab-logs - artemis-gitlab-config: - name: artemis-gitlab-config - artemis-jenkins-data: - name: artemis-jenkins-data - artemis-mysql-data: - name: artemis-mysql-data - artemis-data: - name: artemis-data diff --git a/src/main/docker/artemis-dev-mysql.yml b/src/main/docker/artemis-dev-mysql.yml index 1981d260c910..56c82ae56eb5 100644 --- a/src/main/docker/artemis-dev-mysql.yml +++ b/src/main/docker/artemis-dev-mysql.yml @@ -15,6 +15,7 @@ services: && /run_artemis.sh' environment: JAVA_REMOTE_DEBUG: true + SPRING_PROFILES_ACTIVE: artemis,scheduling,athene,dev,docker,local-secrets,local volumes: - ./scripts/wait-for.sh:/usr/local/bin/wait-for:ro depends_on: diff --git a/src/main/docker/gitlab-jenkins-mysql.yml b/src/main/docker/gitlab-jenkins-mysql.yml deleted file mode 100644 index 69f764b2a33e..000000000000 --- a/src/main/docker/gitlab-jenkins-mysql.yml +++ /dev/null @@ -1,33 +0,0 @@ -# ---------------------------------------------------------------------------------------------------------------------- -# GitLab-Jenkins-MySQL Setup -# ---------------------------------------------------------------------------------------------------------------------- - -services: - gitlab: - extends: - file: ./gitlab/gitlab.yml - service: gitlab - jenkins: - extends: - file: ./jenkins/jenkins.yml - service: jenkins - mysql: - extends: - file: mysql.yml - service: mysql - -networks: - artemis: - driver: "bridge" - name: artemis -volumes: - artemis-gitlab-data: - name: artemis-gitlab-data - artemis-gitlab-logs: - name: artemis-gitlab-logs - artemis-gitlab-config: - name: artemis-gitlab-config - artemis-jenkins-data: - name: artemis-jenkins-data - artemis-mysql-data: - name: artemis-mysql-data diff --git a/src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml b/src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml deleted file mode 100644 index 431179c2b406..000000000000 --- a/src/main/docker/specialized-local-configs/artemis-dev-mysql-gitlab-jenkins-local.yml +++ /dev/null @@ -1,28 +0,0 @@ -# TODO: not happy about using local profile at all ... -# maybe sth here helps: https://docs.spring.io/spring-boot/docs/current/reference/html/features.html#features.external-config.files.optional-prefix - -artemis: - user-management: - use-external: false - version-control: - url: http://gitlab - user: root - password: artemis_admin # created in Gitlab Server Quickstart step 2 - token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 - ci-token: jenkins-secret-token # generated in Jenkins Server Quickstart step 8 - continuous-integration: - user: artemis_admin - password: artemis_admin - url: http://jenkins:8080 - secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # generated in Automated Jenkins Server step 3 - vcs-credentials: artemis_gitlab_admin_credentials - artemis-authentication-token-key: artemis_notification_plugin_token - artemis-authentication-token-value: artemis_admin -jenkins: - internal-urls: - ci-url: http://jenkins:8080 - vcs-url: http://gitlab - use-crumb: false -server: - port: 8080 - url: http://localhost:8080 From 73c583fec6df23bcb84441dfe37d87e2c78da8be Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 14:37:36 +0100 Subject: [PATCH 032/174] fix most codacy problems --- src/main/docker/artemis/Dockerfile | 6 ++++-- src/main/docker/scripts/wait-for.md | 1 - src/main/docker/scripts/wait-for.sh | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/main/docker/artemis/Dockerfile b/src/main/docker/artemis/Dockerfile index 001a8dae7bfb..66ecae17fdde 100644 --- a/src/main/docker/artemis/Dockerfile +++ b/src/main/docker/artemis/Dockerfile @@ -4,7 +4,7 @@ # build stage #----------------------------------------------------------------------------------------------------------------------- # TODO: just use eclipse-temurin as gradle installs node, used image below to match bamboo build pipeline for prod -FROM ghcr.io/ls1intum/docker-jdk-node-yarn as builder +FROM ghcr.io/ls1intum/docker-jdk-node-yarn:java17node16-3 as builder WORKDIR /opt/artemis # TODO: make this more secure/performant and don't copy everything? or let this be handled just by the .dockerignore? @@ -30,8 +30,10 @@ ENV spring.profiles.active "" # Docker Compose: wget and netcat (service checks) # Artemis: wget(?), graphviz, locales +# versions just pinned for reproducibility RUN echo "Installing needed dependencies" \ - && apt-get update && apt-get install -y --no-install-recommends locales graphviz wget netcat-openbsd\ + && apt-get update && apt-get install -y --no-install-recommends locales=2.35-0ubuntu3.1 \ + && graphviz=2.42.2-6 wget=1.21.2-2ubuntu1 netcat-openbsd=1.218-4ubuntu1 \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* diff --git a/src/main/docker/scripts/wait-for.md b/src/main/docker/scripts/wait-for.md index 643f6888858e..a500846d3eae 100644 --- a/src/main/docker/scripts/wait-for.md +++ b/src/main/docker/scripts/wait-for.md @@ -13,4 +13,3 @@ v2.2.3 TODO: Rethink this approach and maybe use an approach like KIT which are using a combination of healthchecks and the depends_on settings --> - diff --git a/src/main/docker/scripts/wait-for.sh b/src/main/docker/scripts/wait-for.sh index 3c382ef7b7e1..e50fb1356d5e 100755 --- a/src/main/docker/scripts/wait-for.sh +++ b/src/main/docker/scripts/wait-for.sh @@ -96,7 +96,7 @@ wait_for() { exit 0 fi - if [ $TIMEOUT -ne 0 -a $(date +%s) -ge $TIMEOUT_END ]; then + if [ "$TIMEOUT" -ne 0 -a $(date +%s) -ge $TIMEOUT_END ]; then echo "Operation timed out" >&2 exit 1 fi From fa1b0a08807c7e4e714b299a015a89cc4aafdd43 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 14:41:33 +0100 Subject: [PATCH 033/174] Revert "readded fix for mapped volumes" This reverts commit fdcb18ffe3e660e62d966d7b8ae80ad867316ea1. --- src/main/docker/artemis/run_artemis.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/main/docker/artemis/run_artemis.sh b/src/main/docker/artemis/run_artemis.sh index 6fa7b479d129..e1b0a9e1929b 100644 --- a/src/main/docker/artemis/run_artemis.sh +++ b/src/main/docker/artemis/run_artemis.sh @@ -9,10 +9,6 @@ else RemoteDebuggingOption="" fi -# Fix for mapped volumes with different UID/GID which might block the process -# Ensure at least the directories are owned by artemis. "-R" takes too long -chown artemis:artemis config data - echo "Starting application..." exec java \ "${RemoteDebuggingOption}" \ From 96f09568bdf12dd7e4ed864370e92c74b9f4ff37 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 16:29:06 +0100 Subject: [PATCH 034/174] codacy suggestion broke build and other solutions not really readable --- src/main/docker/artemis/run_artemis.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/docker/artemis/run_artemis.sh b/src/main/docker/artemis/run_artemis.sh index e1b0a9e1929b..5c9c68557eee 100644 --- a/src/main/docker/artemis/run_artemis.sh +++ b/src/main/docker/artemis/run_artemis.sh @@ -11,7 +11,7 @@ fi echo "Starting application..." exec java \ - "${RemoteDebuggingOption}" \ + ${RemoteDebuggingOption} \ -Djdk.tls.ephemeralDHKeySize=2048 \ -DLC_CTYPE=UTF-8 \ -Dfile.encoding=UTF-8 \ From e91d44fa1752d226b9278f405f35c39df49243b7 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 17:49:51 +0100 Subject: [PATCH 035/174] fix atlassian docs --- docs/dev/setup/bamboo-bitbucket-jira.rst.txt | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt index 8761fe89b231..73815b8b2328 100644 --- a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt +++ b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt @@ -71,9 +71,10 @@ under ``localhost:7990``. #. Provide the just created license key during the setup and create an admin user with the same credentials in all 3 applications. - For the Bamboo database you can choose H2. - Also, you can select the evaluation/internal/test/dev setups if you are asked. - Follow the additional steps for Jira and Bitbucket. + - Bamboo: + + - Choose the H2 database + - Select the evaluation/internal/test/dev setups if you are asked - Jira: @@ -129,32 +130,32 @@ under ``localhost:7990``. - **Jira:** * - .. figure:: setup/bamboo-bitbucket-jira/bamboo_bitbucket_applicationLink.png :align: center - :target: ../_images/bamboo_bitbucket_applicationLink.png + :target: ../../_images/bamboo_bitbucket_applicationLink.png Bamboo → Bitbucket - .. figure:: setup/bamboo-bitbucket-jira/bitbucket_bamboo_applicationLink.png :align: center - :target: ../_images/bitbucket_bamboo_applicationLink.png + :target: ../../_images/bitbucket_bamboo_applicationLink.png Bitbucket → Bamboo - .. figure:: setup/bamboo-bitbucket-jira/jira_bamboo_applicationLink.png :align: center - :target: ../_images/jira_bamboo_applicationLink.png + :target: ../../_images/jira_bamboo_applicationLink.png Jira → Bamboo * - .. figure:: setup/bamboo-bitbucket-jira/bamboo_jira_applicationLink.png :align: center - :target: ../_images/bamboo_jira_applicationLink.png + :target: ../../_images/bamboo_jira_applicationLink.png Bamboo → Jira - .. figure:: setup/bamboo-bitbucket-jira/bitbucket_jira_applicationLink.png :align: center - :target: ../_images/bitbucket_jira_applicationLink.png + :target: ../../_images/bitbucket_jira_applicationLink.png Bitbucket → Jira - .. figure:: setup/bamboo-bitbucket-jira/jira_bitbucket_applicationLink.png :align: center - :target: ../_images/jira_bitbucket_applicationLink.png + :target: ../../_images/jira_bitbucket_applicationLink.png Jira → Bitbucket From 04390fd3cff9cce07cc65a071e9541de8da8f5e4 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Thu, 8 Dec 2022 23:56:09 +0100 Subject: [PATCH 036/174] bamboo build agent --- docs/dev/setup/bamboo-bitbucket-jira.rst.txt | 7 +++++-- src/main/docker/atlassian.yml | 9 +++++++-- .../config/application-local-secrets.yml.sample | 1 + 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt index 73815b8b2328..53ea10b8923c 100644 --- a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt +++ b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt @@ -212,6 +212,9 @@ under ``localhost:7990``. and add it to bamboo. Go to Bamboo → Manage apps → Upload app → select the downloaded .jar file → Upload + .. + TODO: remove this section if agent works and edit agent part, warum capabilities rausloeschen? + #. Add Maven and JDK: - Go to Bamboo → Server capabilities → Add capabilities menu → @@ -228,7 +231,7 @@ under ``localhost:7990``. While username and password can still be used as a fallback, this option is already marked as deprecated and will be removed in the future. - #. Personal access token for Bamboo. + #. Personal access token for Bamboo: - Log in as the admin user and go to Bamboo -> Profile (top right corner) -> Personal access tokens -> Create token @@ -246,7 +249,7 @@ under ``localhost:7990``. password: token: #insert the token here - # Personal access token for Bitbucket. + #. Personal access token for Bitbucket: - Log in as the admin user and go to Bitbucket -> View Profile (top right corner) -> Manage account -> Personal access tokens -> Create token diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index d1c35d230ef3..686087970f2f 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -5,6 +5,7 @@ services: jira: container_name: artemis-jira + hostname: jira image: ghcr.io/ls1intum/artemis-jira:8.20.11 pull_policy: always volumes: @@ -15,6 +16,7 @@ services: - artemis bitbucket: container_name: artemis-bitbucket + hostname: bitbucket image: ghcr.io/ls1intum/artemis-bitbucket:7.21.4 pull_policy: always volumes: @@ -28,6 +30,7 @@ services: - artemis bamboo: container_name: artemis-bamboo + hostname: bamboo image: ghcr.io/ls1intum/artemis-bamboo:8.2.5 pull_policy: always volumes: @@ -38,14 +41,16 @@ services: networks: - artemis +# TODO: either add ip addresses or use wildcard for agent to survive restarts and write this in docs bamboo-build-agent: container_name: artemis-bamboo-build-agent + hostname: bamboo-build-agent image: ghcr.io/ls1intum/artemis-bamboo-build-agent:8.2.5 volumes: - - artemis-bamboo-build-agent:/var/atlassian/application-data/bamboo + - artemis-bamboo-build-agent:/var/atlassian/application-data/bamboo-agent - /var/run/docker.sock:/var/run/docker.sock environment: - - BAMBOO_SERVER=http://artemis-bamboo:8085 + - BAMBOO_SERVER=http://bamboo:8085 networks: - artemis diff --git a/src/main/resources/config/application-local-secrets.yml.sample b/src/main/resources/config/application-local-secrets.yml.sample index d730874e3389..62da3f9e01a1 100644 --- a/src/main/resources/config/application-local-secrets.yml.sample +++ b/src/main/resources/config/application-local-secrets.yml.sample @@ -4,6 +4,7 @@ artemis: encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values # TODO: idea: comment to delete non needed profiles in application-local-secrets.yml +# TODO: other idea: use .properties file maybe even application.properties with cases? but same sample concept # bitbucket start version-control: user: # e.g. ga12abc From 9d68b77abb08fdd123d9170b16988c5a39e28dc5 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 00:07:50 +0100 Subject: [PATCH 037/174] fix Dockerfile typo --- src/main/docker/artemis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/docker/artemis/Dockerfile b/src/main/docker/artemis/Dockerfile index 66ecae17fdde..329c5caa6c31 100644 --- a/src/main/docker/artemis/Dockerfile +++ b/src/main/docker/artemis/Dockerfile @@ -33,7 +33,7 @@ ENV spring.profiles.active "" # versions just pinned for reproducibility RUN echo "Installing needed dependencies" \ && apt-get update && apt-get install -y --no-install-recommends locales=2.35-0ubuntu3.1 \ - && graphviz=2.42.2-6 wget=1.21.2-2ubuntu1 netcat-openbsd=1.218-4ubuntu1 \ + graphviz=2.42.2-6 wget=1.21.2-2ubuntu1 netcat-openbsd=1.218-4ubuntu1 \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* From a24856dcbcf288723e4decf7b3f0a23997314d52 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 11:17:43 +0100 Subject: [PATCH 038/174] debug github workflow --- .github/workflows/build-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 27fe81f8d377..cff0820faf64 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -44,6 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - run: git rev-parse HEAD && git rev-parse --abbrev-ref HEAD - name: Setup Node.js uses: actions/setup-node@v3 with: From 25bc0fb94493e3c41421688f943c7d794cf20d91 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 11:29:49 +0100 Subject: [PATCH 039/174] Revert "debug github workflow" This reverts commit a24856dcbcf288723e4decf7b3f0a23997314d52. --- .github/workflows/build-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index cff0820faf64..27fe81f8d377 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -44,7 +44,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - run: git rev-parse HEAD && git rev-parse --abbrev-ref HEAD - name: Setup Node.js uses: actions/setup-node@v3 with: From 1c32bd98bbc6347c856b9c0aec4946a42ae0870c Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 17:29:17 +0100 Subject: [PATCH 040/174] fixes after config review with matthias --- .../de/tum/in/www1/artemis/ArtemisApp.java | 1 + .../resources/config/application-artemis.yml | 13 +-- .../resources/config/application-athene.yml | 2 +- .../resources/config/application-bamboo.yml | 10 +- .../config/application-bitbucket.yml | 14 +-- src/main/resources/config/application-dev.yml | 8 +- .../resources/config/application-docker.yml | 5 +- .../resources/config/application-gitlab.yml | 16 ++-- .../resources/config/application-jenkins.yml | 9 +- .../resources/config/application-jira.yml | 8 +- .../resources/config/application-ldap.yml | 2 +- .../application-local-secrets.yml.sample | 75 --------------- .../config/application-local.yml.sample | 92 +++++++++++++++++++ .../resources/config/application-prod.yml | 14 +-- src/main/resources/config/application.yml | 27 ++---- 15 files changed, 152 insertions(+), 144 deletions(-) delete mode 100644 src/main/resources/config/application-local-secrets.yml.sample create mode 100644 src/main/resources/config/application-local.yml.sample diff --git a/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java b/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java index 8310ff9b763b..4e4933293edd 100644 --- a/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java +++ b/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java @@ -72,6 +72,7 @@ private static void logApplicationStartup(Environment env, BuildProperties build if (env.getProperty("server.ssl.key-store") != null) { protocol = "https"; } + // TODO: recheck if the line can be deleted (port config value is never used anywhere else) String serverPort = env.getProperty("server.port"); String version = buildProperties.getVersion(); String gitCommitId = gitProperties.getShortCommitId(); diff --git a/src/main/resources/config/application-artemis.yml b/src/main/resources/config/application-artemis.yml index 5d67956e5029..d8793938c027 100644 --- a/src/main/resources/config/application-artemis.yml +++ b/src/main/resources/config/application-artemis.yml @@ -10,7 +10,7 @@ artemis: file-upload-path: uploads submission-export-path: exports # LEGACY: arbitrary password for encrypting database values - # encryption-password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # encryption-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV bcrypt-salt-rounds: 11 # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark external-system-request: @@ -19,8 +19,8 @@ artemis: user-management: use-external: false internal-admin: - # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV registration: # the whole section is optional: whether user can register in Artemis enabled: false allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(tum\.de|in\.tum\.de|mytum\.de)' @@ -31,12 +31,7 @@ artemis: allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde login: account-name: TUM # optional: customization for the welcome page "please sign in with your account" - version-control: - # TODO: can this be deleted here or should this be moved to application-bitbucket.yml? - version-control-access-token: false # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP continuous-integration: - # TODO: build-timeout just needed for jenkins? - build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck # Defines the used docker images for certain programming languages. # For each language at least the `default` image has to be defined. # This `default` option will be overridden by more specific project type @@ -72,4 +67,4 @@ artemis: name: Artemis email: artemis.in@tum.de - # TODO: lti missing on purpose? + # TODO: lti settings missing here on purpose compared to the ansible prod template? diff --git a/src/main/resources/config/application-athene.yml b/src/main/resources/config/application-athene.yml index 9549d36003c6..e8cb5b182d56 100644 --- a/src/main/resources/config/application-athene.yml +++ b/src/main/resources/config/application-athene.yml @@ -1,5 +1,5 @@ artemis: athene: url: http://localhost - # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV token-validity-in-seconds: 10800 diff --git a/src/main/resources/config/application-bamboo.yml b/src/main/resources/config/application-bamboo.yml index 02f470c882b6..0a0fd6d74ba3 100644 --- a/src/main/resources/config/application-bamboo.yml +++ b/src/main/resources/config/application-bamboo.yml @@ -1,14 +1,14 @@ artemis: continuous-integration: - url: https://bamboo.ase.in.tum.de + url: http://localhost:8085 # e.g. ga12abc - # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # Enter a valid token generated in Bamboo giving Artemis full Admin access - # token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo # The actual value of the notification token to check against in Artemis. This is the token that gets send with # every request the CI system makes to Artemis containing a new result after a build. # The token value you use for the Server Notification Plugin - # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-bitbucket.yml b/src/main/resources/config/application-bitbucket.yml index b21475f6614c..af21a9703f10 100644 --- a/src/main/resources/config/application-bitbucket.yml +++ b/src/main/resources/config/application-bitbucket.yml @@ -1,13 +1,13 @@ artemis: version-control: - url: https://bitbucket.ase.in.tum.de + url: http://localhost:7990 # e.g. ga12abc - # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # VCS API token giving Artemis full Admin access. - # token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - ssh-template-clone-url: ssh://git@bitbucket.ase.in.tum.de:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' + # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + ssh-template-clone-url: ssh://git@localhost:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' - ssh-private-key-folder-path: /opt/keys # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server + ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server # the password for the private ssh key - # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-dev.yml b/src/main/resources/config/application-dev.yml index 491f7f4a559d..8d9606ef8e53 100644 --- a/src/main/resources/config/application-dev.yml +++ b/src/main/resources/config/application-dev.yml @@ -39,7 +39,12 @@ spring: localInstances: true server: - url: https://artemislocal.ase.in.tum.de + # this address is passed to the CI systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + # other possible values: + # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 + # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 + url: http://localhost:8080 # Artemis and CI are running locally # =================================================================== # JHipster specific properties @@ -69,7 +74,6 @@ info: course-group-students: 'artemis-artemistutorial-students' courseShortName: 'artemistutorial' tours: - # TODO: should these be named test or also tutorial like in prod? - code_editor_tour: 'test' - course_exercise_overview_tour: 'test' - programming_exercise_fail_tour: 'test' diff --git a/src/main/resources/config/application-docker.yml b/src/main/resources/config/application-docker.yml index 3d2c44f349b1..cdbe2b80062f 100644 --- a/src/main/resources/config/application-docker.yml +++ b/src/main/resources/config/application-docker.yml @@ -12,4 +12,7 @@ spring: url: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC server: - url: http://artemis-app + # this address is passed to the CI/VCS systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + # localhost:8080 for Artemis in container and CI/VCS outside of containers + url: http://artemis-app:8080 # Artemis and CI/VCS are running in docker containers in the same docker network diff --git a/src/main/resources/config/application-gitlab.yml b/src/main/resources/config/application-gitlab.yml index fb13b39ec61b..25ffc35df981 100644 --- a/src/main/resources/config/application-gitlab.yml +++ b/src/main/resources/config/application-gitlab.yml @@ -6,17 +6,17 @@ artemis: version-control: url: http://localhost:8081 - # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # ci-token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # health-api-token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # ci-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # health-api-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV ssh-template-clone-url: ssh-keys-url-path: /-/profile/keys - ssh-private-key-folder-path: /opt/keys - # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + ssh-private-key-folder-path: + # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS - versionControlAccessToken: true + versionControlAccessToken: true # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP gitlab: # The following (optional) parameter allows to enable the use of pseudonyms. diff --git a/src/main/resources/config/application-jenkins.yml b/src/main/resources/config/application-jenkins.yml index 5d3093443ebf..47171f8e7d4e 100644 --- a/src/main/resources/config/application-jenkins.yml +++ b/src/main/resources/config/application-jenkins.yml @@ -7,8 +7,8 @@ artemis: continuous-integration: url: http://localhost:8082 - # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications @@ -19,7 +19,7 @@ artemis: # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. - # secret-push-token: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # secret-push-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # Key of the saved credentials for the VCS service # You have to specify the key from the credentials page in Jenkins under which the user and # password for the VCS are stored @@ -30,7 +30,8 @@ artemis: # The actual value of the notification token to check against in Artemis. This is the token that gets send with # every request the CI system makes to Artemis containing a new result after a build. # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above - # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck jenkins: # The following (optional) parameter allows to customize if Jenkins CSRF protection should be used (activated) within Artemis: diff --git a/src/main/resources/config/application-jira.yml b/src/main/resources/config/application-jira.yml index 12397bbdc7a0..644032f5d67b 100644 --- a/src/main/resources/config/application-jira.yml +++ b/src/main/resources/config/application-jira.yml @@ -2,11 +2,11 @@ artemis: user-management: use-external: true external: - url: https://jira.ase.in.tum.de + url: http://localhost:8085 # e.g. ga12abc - # user: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - admin-group-name: tumuser + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + admin-group-name: instructors password-reset: credential-provider: TUMonline links: diff --git a/src/main/resources/config/application-ldap.yml b/src/main/resources/config/application-ldap.yml index 1b743472444a..661f20b054f9 100644 --- a/src/main/resources/config/application-ldap.yml +++ b/src/main/resources/config/application-ldap.yml @@ -4,5 +4,5 @@ artemis: url: "ldaps://iauth.tum.de:636" user-dn: "cn=TUINI01-Artemis,ou=bindDNs,ou=iauth,dc=tum,dc=de" base: "ou=users,ou=data,ou=prod,ou=iauth,dc=tum,dc=de" - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde diff --git a/src/main/resources/config/application-local-secrets.yml.sample b/src/main/resources/config/application-local-secrets.yml.sample deleted file mode 100644 index 62da3f9e01a1..000000000000 --- a/src/main/resources/config/application-local-secrets.yml.sample +++ /dev/null @@ -1,75 +0,0 @@ -#TODO: change this in dev setups and intellij profiles -#TODO: describe process in docs - -artemis: - encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values -# TODO: idea: comment to delete non needed profiles in application-local-secrets.yml -# TODO: other idea: use .properties file maybe even application.properties with cases? but same sample concept -# bitbucket start - version-control: - user: # e.g. ga12abc - password: - token: - ssh-private-key-password: -# bitbucket end -# bamboo start - continuous-integration: - user: # e.g. ga12abc - password: - token: # Enter a valid token generated in Bamboo giving Artemis full Admin access - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # The token value you use for the Server Notification Plugin - artemis-authentication-token-value: -# bamboo end -# gitlab start - version-control: - user: root - password: artemis_admin # created in Gitlab Server Quickstart step 2 - token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 - ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 - health-api-token: - ssh-private-key-password: -# gitlab end -# jenkins start - continuous-integration: - user: artemis_admin - password: artemis_admin - secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 - artemis-authentication-token-value: artemis_admin -# jenkins end - user-management: - internal-admin: - username: artemis_admin - password: artemis_admin -# jira start - external: - user: # e.g. ga12abc - password: -# jira end -# ldap start - ldap: - password: -# ldap end - athene: - base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= - -spring: - datasource: - username: root - password: - mail: - username: - password: - websocket: - broker: - username: guest - password: guest - -jhipster: - security: - authentication: - jwt: - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - registry: - password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) diff --git a/src/main/resources/config/application-local.yml.sample b/src/main/resources/config/application-local.yml.sample new file mode 100644 index 000000000000..c1eefedf3fb7 --- /dev/null +++ b/src/main/resources/config/application-local.yml.sample @@ -0,0 +1,92 @@ +#TODO: describe process in docs and inline also that you can have multiple application-local-SETUP.yml files and then just copy to the real one for switching ;) +# =================================================================== +# Configuration template for application-local.yml +# +# This template file contains and overwrites all configuration secrets. +# This template file also contains the bare minimum of REALLY necessary configurations where it's hard to use +# a default value for most development environments! +# +# The goal of this template file is to make it easier for new developers to get up and running. +# +# Usage: +# - copy this file to application-local.yml +# - uncomment the "Atlassian Stack" or "Gitlab / Jenkins Stack" IF you use these as CI/VCS +# +# =================================================================== + +artemis: + encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values + athene: + base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= + user-management: + internal-admin: + username: artemis_admin + password: artemis_admin +# =================================================================== +# Atlassian Stack START +# =================================================================== +# external: +# user: # e.g. ga12abc +# password: +# version-control: +# user: # e.g. ga12abc +# password: +# token: +# ssh-private-key-password: +# continuous-integration: +# user: # e.g. ga12abc +# password: +# token: # Enter a valid token generated in Bamboo giving Artemis full Admin access +# # The actual value of the notification token to check against in Artemis. This is the token that gets send with +# # every request the CI system makes to Artemis containing a new result after a build. +# # The token value you use for the Server Notification Plugin +# artemis-authentication-token-value: +# =================================================================== +# Atlassian Stack END +# =================================================================== + +# =================================================================== +# Gitlab / Jenkins Stack START +# =================================================================== +# version-control: +# user: root +# password: artemis_admin # created in Gitlab Server Quickstart step 2 +# token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 +# ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 +# health-api-token: +# ssh-private-key-password: +# continuous-integration: +# user: artemis_admin +# password: artemis_admin +# secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 +# artemis-authentication-token-value: artemis_admin +# =================================================================== +# Gitlab / Jenkins Stack END +# =================================================================== + +spring: + datasource: + username: root + password: + mail: + username: + password: + websocket: + broker: + username: guest + password: guest + +jhipster: + security: + authentication: + jwt: + base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= + registry: + password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) + +server: + # this address is passed to the CI systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + # other possible values: + # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 + # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 diff --git a/src/main/resources/config/application-prod.yml b/src/main/resources/config/application-prod.yml index ed7ef7465024..8e5a1a04af6a 100644 --- a/src/main/resources/config/application-prod.yml +++ b/src/main/resources/config/application-prod.yml @@ -13,12 +13,6 @@ # http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html # =================================================================== -# TODO: different setting in ansible prod? which one here? -management: - metrics: - export: - prometheus: - enabled: false spring: devtools: @@ -26,12 +20,11 @@ spring: enabled: false datasource: url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - liquibase: - contexts: prodzs - thymeleaf: - cache: true server: + # this address is passed to the CI systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + url: http://localhost compression: enabled: true mime-types: text/html,text/xml,text/plain,text/css,application/javascript,application/json,image/svg+xml @@ -60,3 +53,4 @@ info: # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to false in production text-assessment-analytics-enabled: false + imprint: https://your-imprint-url diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index af5e89b154f7..5cb641b8d8e1 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -14,8 +14,6 @@ # http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html # =================================================================== -# TODO: recheck application-prod deletions vs ansible prod as this could lead to problems on production!!! - logging: level: ROOT: INFO @@ -89,9 +87,8 @@ spring: enabled: false # we use Webpack dev server + BrowserSync for livereload datasource: type: com.zaxxer.hikari.HikariDataSource - # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # TODO: maximumPoolSize: 100 just in ansible? + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV hikari: poolName: Hikari auto-commit: false @@ -157,11 +154,10 @@ spring: thread-name-prefix: artemis-scheduling- pool: size: 2 - # TODO: different from ansible mail: host: localhost - # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV port: 25 thymeleaf: mode: HTML @@ -176,8 +172,8 @@ spring: timeout-per-shutdown-phase: 10 websocket: broker: - # username: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV addresses: "" # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") hazelcast: interface: "127.0.0.1" # The interface to bind to, if non is set, all interfaces will be bound @@ -208,7 +204,6 @@ springdoc: path: /api.html operationsSorter: method -# TODO: different values in ansible not sure if needed here server: port: 8080 servlet: @@ -230,7 +225,7 @@ sentry: info: guided-tour: courseShortName: 'artemistutorial' - # TODO: missing on purpose for ansible? + # TODO: following value missing on purpose in ansible? saw this when I moved the value here # Names of the tutorial groups that will be automatically added to newly created users course-group-students: 'artemis-artemistutorial-students' tours: @@ -238,18 +233,16 @@ info: - course_overview_tour: '' - modeling_tour: 'UML Class Diagram' - programming_exercise_success_tour: 'tutorial' - # TODO: missing on purpose for ansible? + # TODO: following value missing on purpose in ansible? saw this when I moved the value here - tutor_assessment_tour: 'Patterns in Software Engineering' contact: artemis.in@tum.de #default value, can be overridden if needed # Comma separated list of profiles that will trigger the ribbon to show display-ribbon-on-profiles: "dev" - # TODO: do we really want sentry here? sentry: dsn: https://8c6b41ec2d4245e8bd3ec9541d53f625@sentry.io/1440029 # Leave empty to disable Sentry, must be a valid URI # Allowed Orion version range. Should only be changed on major version releases allowed-minimum-orion-version: 1.0.0 student-exam-store-session-data: true - # TODO: imprint only in ansible? # =================================================================== # JHipster specific properties @@ -268,7 +261,7 @@ jhipster: # - In the JHipster Registry (which includes a Spring Cloud Config server) # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable - # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV token-validity-in-seconds: 86400 # Token is valid 24 hours token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days # By default CORS is disabled. Uncomment to enable. @@ -280,7 +273,7 @@ jhipster: #allow-credentials: true #max-age: 1800 registry: - # password: PLEASE CHANGE THIS SECRET IN YOUR ENV OR application-local-secrets.yml + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV logging: logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration enabled: false From 50d81ae41cb94a7f3dcc87e1caac03c3e748134f Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 17:31:08 +0100 Subject: [PATCH 041/174] prepare containers for host.docker.internal usage --- src/main/docker/atlassian.yml | 8 ++++++++ src/main/docker/gitlab-gitlabci.yml | 4 +++- src/main/docker/gitlab/gitlab.yml | 2 ++ src/main/docker/jenkins/jenkins.yml | 2 ++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index 686087970f2f..cfb5d62ea6b5 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -6,6 +6,8 @@ services: jira: container_name: artemis-jira hostname: jira + extra_hosts: + - "host.docker.internal:host-gateway" image: ghcr.io/ls1intum/artemis-jira:8.20.11 pull_policy: always volumes: @@ -17,6 +19,8 @@ services: bitbucket: container_name: artemis-bitbucket hostname: bitbucket + extra_hosts: + - "host.docker.internal:host-gateway" image: ghcr.io/ls1intum/artemis-bitbucket:7.21.4 pull_policy: always volumes: @@ -31,6 +35,8 @@ services: bamboo: container_name: artemis-bamboo hostname: bamboo + extra_hosts: + - "host.docker.internal:host-gateway" image: ghcr.io/ls1intum/artemis-bamboo:8.2.5 pull_policy: always volumes: @@ -45,6 +51,8 @@ services: bamboo-build-agent: container_name: artemis-bamboo-build-agent hostname: bamboo-build-agent + extra_hosts: + - "host.docker.internal:host-gateway" image: ghcr.io/ls1intum/artemis-bamboo-build-agent:8.2.5 volumes: - artemis-bamboo-build-agent:/var/atlassian/application-data/bamboo-agent diff --git a/src/main/docker/gitlab-gitlabci.yml b/src/main/docker/gitlab-gitlabci.yml index 8e1430a547b0..e5acbc0b4376 100644 --- a/src/main/docker/gitlab-gitlabci.yml +++ b/src/main/docker/gitlab-gitlabci.yml @@ -4,7 +4,7 @@ services: gitlab: - # TODO: check if the other settings can also be integrated into gitlab.yml + # TODO: check if more settings can also be integrated into gitlab.yml extends: file: ./gitlab/gitlab.yml service: gitlab @@ -36,6 +36,8 @@ services: - /usr/local/bin/docker:/usr/bin/docker - artemis-gitlabci-runner-config:/etc/gitlab-runner hostname: 'gitlab-runner' + extra_hosts: + - "host.docker.internal:host-gateway" networks: - artemis diff --git a/src/main/docker/gitlab/gitlab.yml b/src/main/docker/gitlab/gitlab.yml index 54b6ed5f2992..a8e4b529e5c5 100644 --- a/src/main/docker/gitlab/gitlab.yml +++ b/src/main/docker/gitlab/gitlab.yml @@ -5,6 +5,8 @@ services: gitlab: container_name: artemis-gitlab + extra_hosts: + - "host.docker.internal:host-gateway" build: . volumes: - artemis-gitlab-data:/var/opt/gitlab diff --git a/src/main/docker/jenkins/jenkins.yml b/src/main/docker/jenkins/jenkins.yml index 040aa7c3a5b5..c8128d0da304 100644 --- a/src/main/docker/jenkins/jenkins.yml +++ b/src/main/docker/jenkins/jenkins.yml @@ -5,6 +5,8 @@ services: jenkins: container_name: artemis-jenkins + extra_hosts: + - "host.docker.internal:host-gateway" build: . user: root volumes: From b36b4f5459c2c6962d6a94bcdf5154418c2558f8 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 17:53:55 +0100 Subject: [PATCH 042/174] configuration refactoring --- .../de/tum/in/www1/artemis/ArtemisApp.java | 1 + .../resources/config/application-apollon.yml | 3 + .../resources/config/application-artemis.yml | 113 +++++++----------- .../resources/config/application-athene.yml | 5 + .../resources/config/application-bamboo.yml | 14 +++ .../config/application-bitbucket.yml | 13 ++ src/main/resources/config/application-dev.yml | 59 +-------- .../resources/config/application-gitlab.yml | 14 +++ .../resources/config/application-jenkins.yml | 29 +++++ .../resources/config/application-jira.yml | 14 +++ .../resources/config/application-ldap.yml | 8 ++ .../config/application-local.yml.sample | 92 ++++++++++++++ .../resources/config/application-prod.yml | 85 +------------ src/main/resources/config/application-tls.yml | 19 --- src/main/resources/config/application.yml | 107 +++++++++-------- 15 files changed, 305 insertions(+), 271 deletions(-) create mode 100644 src/main/resources/config/application-apollon.yml create mode 100644 src/main/resources/config/application-athene.yml create mode 100644 src/main/resources/config/application-bamboo.yml create mode 100644 src/main/resources/config/application-bitbucket.yml create mode 100644 src/main/resources/config/application-jira.yml create mode 100644 src/main/resources/config/application-ldap.yml create mode 100644 src/main/resources/config/application-local.yml.sample delete mode 100644 src/main/resources/config/application-tls.yml diff --git a/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java b/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java index 8310ff9b763b..4e4933293edd 100644 --- a/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java +++ b/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java @@ -72,6 +72,7 @@ private static void logApplicationStartup(Environment env, BuildProperties build if (env.getProperty("server.ssl.key-store") != null) { protocol = "https"; } + // TODO: recheck if the line can be deleted (port config value is never used anywhere else) String serverPort = env.getProperty("server.port"); String version = buildProperties.getVersion(); String gitCommitId = gitProperties.getShortCommitId(); diff --git a/src/main/resources/config/application-apollon.yml b/src/main/resources/config/application-apollon.yml new file mode 100644 index 000000000000..e6e01fd7bd82 --- /dev/null +++ b/src/main/resources/config/application-apollon.yml @@ -0,0 +1,3 @@ +artemis: + apollon: + conversion-service-url: http://localhost:8080 diff --git a/src/main/resources/config/application-artemis.yml b/src/main/resources/config/application-artemis.yml index ab165e82d989..d8793938c027 100644 --- a/src/main/resources/config/application-artemis.yml +++ b/src/main/resources/config/application-artemis.yml @@ -3,33 +3,24 @@ # =================================================================== artemis: + version: #project.version# course-archives-path: ./exports/courses # a folder in which archived courses and exams are stored. repo-clone-path: ./repos # a folder in which git repos for the online code editor are stored. In a multi node setup, this folder should be in a shared file system area (e.g. based on NFS), so that user can access the same files over multiple nodes repo-download-clone-path: ./repos-download # a temporary folder, in which git repos are downloaded that are immediately deleted afterwards (e.g. exports, plagiarism checks), should NOT be in a shared file system area - encryption-password: # LEGACY: arbitrary password for encrypting database values + file-upload-path: uploads + submission-export-path: exports + # LEGACY: arbitrary password for encrypting database values + # encryption-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV bcrypt-salt-rounds: 11 # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark + external-system-request: + batch-size: 50 # wait the time below after 50 requests + batch-waiting-time: 30000 # in ms = 30s user-management: - use-external: true - password-reset: - credential-provider: # The credential provider which users can log in though (e.g. TUMonline) - links: # The password reset links for different languages - en: '' - de: '' - external: - url: https://jira.ase.in.tum.de - user: # e.g. ga12abc - password: - admin-group-name: tumuser - ldap: # the whole section is optional: whether user details (such as the registration number) can be obtained from a LDAP service - url: - user-dn: - password: - base: - allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde + use-external: false internal-admin: - username: artemis_admin - password: artemis_admin + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV registration: # the whole section is optional: whether user can register in Artemis enabled: false allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(tum\.de|in\.tum\.de|mytum\.de)' @@ -40,56 +31,40 @@ artemis: allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde login: account-name: TUM # optional: customization for the welcome page "please sign in with your account" - version-control: - url: https://bitbucket.ase.in.tum.de - user: # e.g. ga12abc - password: - # token: # VCS API token giving Artemis full Admin access. - ci-token: # Token generated by the CI (e.g. Jenkins) for webhooks from the VCS to the CI. Not needed for Bamboo+Bitbucket - ssh-template-clone-url: ssh://git@bitbucket.ase.in.tum.de:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' - ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' -# ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server -# ssh-private-key-password: # the password for the private ssh key - default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS - version-control-access-token: false # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP continuous-integration: - user: # e.g. ga12abc - password: - token: # Enter a valid token generated in Bamboo giving Artemis full Admin access - url: https://bamboo.ase.in.tum.de - vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) - empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo - # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control - # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications - # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan - # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then - # triggering the plan. - # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in - # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the - # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! - # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. - secret-push-token: - # Key of the saved credentials for the VCS service - # Bamboo: not needed - # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and - # password for the VCS are stored - vcs-credentials: - # Key of the credentials for the Artemis notification token - # Bamboo: not needed - # Jenkins: You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored - artemis-authentication-token-key: - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # Bamboo: The token value you use for the Server Notification Plugin - # Jenkins: The token value you use for the Server Notification Plugin and is stored under the notification-token credential above - artemis-authentication-token-value: - build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck + # Defines the used docker images for certain programming languages. + # For each language at least the `default` image has to be defined. + # This `default` option will be overridden by more specific project type + # definitions. + build: + images: + java: + # possible overrides: maven, gradle + default: "ls1tum/artemis-maven-template:java17-11" + kotlin: + # possible overrides: maven, gradle + default: "ls1tum/artemis-maven-template:java17-11" + empty: + default: "ls1tum/artemis-maven-template:java17-11" + python: + default: "ls1tum/artemis-python-docker:latest" + c: + # possible overrides: gcc, fact + default: "ls1tum/artemis-c-docker:latest" + fact: "sharingcodeability/fact:latest" + haskell: + default: "ghcr.io/b-fein/artemis-haskell:v19.30.0" + vhdl: + default: "tizianleonhardt/era-artemis-vhdl:latest" + assembler: + default: "tizianleonhardt/era-artemis-assembler:latest" + swift: + # possible overrides: xcode + default: "norionomura/swiftlint:latest" + ocaml: + default: "ls1tum/artemis-ocaml-docker:v1" git: name: Artemis email: artemis.in@tum.de - athene: - url: http://localhost - base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= - token-validity-in-seconds: 10800 - apollon: - conversion-service-url: http://localhost:8080 + + # TODO: lti settings missing here on purpose compared to the ansible prod template? diff --git a/src/main/resources/config/application-athene.yml b/src/main/resources/config/application-athene.yml new file mode 100644 index 000000000000..e8cb5b182d56 --- /dev/null +++ b/src/main/resources/config/application-athene.yml @@ -0,0 +1,5 @@ +artemis: + athene: + url: http://localhost + # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + token-validity-in-seconds: 10800 diff --git a/src/main/resources/config/application-bamboo.yml b/src/main/resources/config/application-bamboo.yml new file mode 100644 index 000000000000..0a0fd6d74ba3 --- /dev/null +++ b/src/main/resources/config/application-bamboo.yml @@ -0,0 +1,14 @@ +artemis: + continuous-integration: + url: http://localhost:8085 + # e.g. ga12abc + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # Enter a valid token generated in Bamboo giving Artemis full Admin access + # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) + empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin + # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-bitbucket.yml b/src/main/resources/config/application-bitbucket.yml new file mode 100644 index 000000000000..af21a9703f10 --- /dev/null +++ b/src/main/resources/config/application-bitbucket.yml @@ -0,0 +1,13 @@ +artemis: + version-control: + url: http://localhost:7990 + # e.g. ga12abc + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # VCS API token giving Artemis full Admin access. + # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + ssh-template-clone-url: ssh://git@localhost:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' + ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' + ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server + # the password for the private ssh key + # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-dev.yml b/src/main/resources/config/application-dev.yml index 165c5e97bff9..8d9606ef8e53 100644 --- a/src/main/resources/config/application-dev.yml +++ b/src/main/resources/config/application-dev.yml @@ -24,35 +24,13 @@ spring: devtools: restart: enabled: true - livereload: - enabled: false # we use Webpack dev server + BrowserSync for livereload jackson: serialization: indent-output: true datasource: - type: com.zaxxer.hikari.HikariDataSource url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - username: root - password: - hikari: - poolName: Hikari - auto-commit: false - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 250 - prepStmtCacheSqlLimit: 2048 - useServerPrepStmts: true - jpa: - database-platform: org.hibernate.dialect.MySQL8Dialect - database: MYSQL - show-sql: false liquibase: contexts: dev - mail: - host: localhost - port: 25 - username: - password: messages: cache-duration: PT1S # 1 second, see the ISO 8601 standard thymeleaf: @@ -61,8 +39,12 @@ spring: localInstances: true server: - port: 8080 - url: https://artemislocal.ase.in.tum.de + # this address is passed to the CI systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + # other possible values: + # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 + # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 + url: http://localhost:8080 # Artemis and CI are running locally # =================================================================== # JHipster specific properties @@ -79,26 +61,11 @@ jhipster: exposed-headers: "Authorization,Link,X-Total-Count" allow-credentials: true max-age: 1800 - security: - authentication: - jwt: - # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - # Token is valid 24 hours - token-validity-in-seconds: 86400 - token-validity-in-seconds-for-remember-me: 2592000 mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost base-url: http://127.0.0.1:8080 logging: use-json-format: false # By default, logs are not in Json format - logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration - enabled: false - host: localhost - port: 5000 - queue-size: 512 - audit-events: - retention-period: 120 # Number of days before audit events are deleted. # Properties to be exposed on the /info management endpoint info: @@ -107,24 +74,10 @@ info: course-group-students: 'artemis-artemistutorial-students' courseShortName: 'artemistutorial' tours: - - cancel_tour: '' - code_editor_tour: 'test' - - course_overview_tour: '' - course_exercise_overview_tour: 'test' - - modeling_tour: 'UML Class Diagram' - programming_exercise_fail_tour: 'test' - programming_exercise_success_tour: 'test' - - tutor_assessment_tour: 'Patterns in Software Engineering' - contact: artemis.in@tum.de #default value, can be overridden if needed # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to true for development environment text-assessment-analytics-enabled: true - -# Eureka configuration -eureka: - instance: - prefer-ip-address: true - client: - enabled: false # By default, the JHipster Registry is not used in the "dev" profile - service-url: - defaultZone: http://admin:${jhipster.registry.password}@localhost:8761/eureka/ diff --git a/src/main/resources/config/application-gitlab.yml b/src/main/resources/config/application-gitlab.yml index 8efda4f9fb80..25ffc35df981 100644 --- a/src/main/resources/config/application-gitlab.yml +++ b/src/main/resources/config/application-gitlab.yml @@ -3,6 +3,20 @@ # # This configuration overrides the application.yml file. # =================================================================== +artemis: + version-control: + url: http://localhost:8081 + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # ci-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # health-api-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + ssh-template-clone-url: + ssh-keys-url-path: /-/profile/keys + ssh-private-key-folder-path: + # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS + versionControlAccessToken: true # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP gitlab: # The following (optional) parameter allows to enable the use of pseudonyms. diff --git a/src/main/resources/config/application-jenkins.yml b/src/main/resources/config/application-jenkins.yml index 2e56f2a360bf..47171f8e7d4e 100644 --- a/src/main/resources/config/application-jenkins.yml +++ b/src/main/resources/config/application-jenkins.yml @@ -4,6 +4,35 @@ # This configuration overrides the application.yml file. # =================================================================== +artemis: + continuous-integration: + url: http://localhost:8082 + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control + # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications + # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan + # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then + # triggering the plan. + # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in + # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the + # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! + # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. + # secret-push-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # Key of the saved credentials for the VCS service + # You have to specify the key from the credentials page in Jenkins under which the user and + # password for the VCS are stored + vcs-credentials: artemis_gitlab_admin_credentials + # Key of the credentials for the Artemis notification token + # You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored + artemis-authentication-token-key: artemis_notification_plugin_token + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above + # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck + jenkins: # The following (optional) parameter allows to customize if Jenkins CSRF protection should be used (activated) within Artemis: # see https://wiki.jenkins.io/display/JENKINS/Remote+access+API --> CSRF Protection diff --git a/src/main/resources/config/application-jira.yml b/src/main/resources/config/application-jira.yml new file mode 100644 index 000000000000..644032f5d67b --- /dev/null +++ b/src/main/resources/config/application-jira.yml @@ -0,0 +1,14 @@ +artemis: + user-management: + use-external: true + external: + url: http://localhost:8085 + # e.g. ga12abc + # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + admin-group-name: instructors + password-reset: + credential-provider: TUMonline + links: + en: "https://campus.tum.de/tumonline/ee/ui/ca2/app/desktop/#/pl/ui/$ctx/co_loc_password_reset.main?$ctx=design=ca2;header=max;lang=en" + de: "https://campus.tum.de/tumonline/ee/ui/ca2/app/desktop/#/pl/ui/$ctx/co_loc_password_reset.main?$ctx=design=ca2;header=max;lang=de" diff --git a/src/main/resources/config/application-ldap.yml b/src/main/resources/config/application-ldap.yml new file mode 100644 index 000000000000..661f20b054f9 --- /dev/null +++ b/src/main/resources/config/application-ldap.yml @@ -0,0 +1,8 @@ +artemis: + user-management: + ldap: + url: "ldaps://iauth.tum.de:636" + user-dn: "cn=TUINI01-Artemis,ou=bindDNs,ou=iauth,dc=tum,dc=de" + base: "ou=users,ou=data,ou=prod,ou=iauth,dc=tum,dc=de" + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde diff --git a/src/main/resources/config/application-local.yml.sample b/src/main/resources/config/application-local.yml.sample new file mode 100644 index 000000000000..c1eefedf3fb7 --- /dev/null +++ b/src/main/resources/config/application-local.yml.sample @@ -0,0 +1,92 @@ +#TODO: describe process in docs and inline also that you can have multiple application-local-SETUP.yml files and then just copy to the real one for switching ;) +# =================================================================== +# Configuration template for application-local.yml +# +# This template file contains and overwrites all configuration secrets. +# This template file also contains the bare minimum of REALLY necessary configurations where it's hard to use +# a default value for most development environments! +# +# The goal of this template file is to make it easier for new developers to get up and running. +# +# Usage: +# - copy this file to application-local.yml +# - uncomment the "Atlassian Stack" or "Gitlab / Jenkins Stack" IF you use these as CI/VCS +# +# =================================================================== + +artemis: + encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values + athene: + base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= + user-management: + internal-admin: + username: artemis_admin + password: artemis_admin +# =================================================================== +# Atlassian Stack START +# =================================================================== +# external: +# user: # e.g. ga12abc +# password: +# version-control: +# user: # e.g. ga12abc +# password: +# token: +# ssh-private-key-password: +# continuous-integration: +# user: # e.g. ga12abc +# password: +# token: # Enter a valid token generated in Bamboo giving Artemis full Admin access +# # The actual value of the notification token to check against in Artemis. This is the token that gets send with +# # every request the CI system makes to Artemis containing a new result after a build. +# # The token value you use for the Server Notification Plugin +# artemis-authentication-token-value: +# =================================================================== +# Atlassian Stack END +# =================================================================== + +# =================================================================== +# Gitlab / Jenkins Stack START +# =================================================================== +# version-control: +# user: root +# password: artemis_admin # created in Gitlab Server Quickstart step 2 +# token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 +# ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 +# health-api-token: +# ssh-private-key-password: +# continuous-integration: +# user: artemis_admin +# password: artemis_admin +# secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 +# artemis-authentication-token-value: artemis_admin +# =================================================================== +# Gitlab / Jenkins Stack END +# =================================================================== + +spring: + datasource: + username: root + password: + mail: + username: + password: + websocket: + broker: + username: guest + password: guest + +jhipster: + security: + authentication: + jwt: + base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= + registry: + password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) + +server: + # this address is passed to the CI systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + # other possible values: + # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 + # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 diff --git a/src/main/resources/config/application-prod.yml b/src/main/resources/config/application-prod.yml index 140077340bff..8e5a1a04af6a 100644 --- a/src/main/resources/config/application-prod.yml +++ b/src/main/resources/config/application-prod.yml @@ -13,66 +13,18 @@ # http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html # =================================================================== -management: - metrics: - export: - prometheus: - enabled: false spring: devtools: restart: enabled: false - livereload: - enabled: false datasource: - type: com.zaxxer.hikari.HikariDataSource url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC - username: root - password: - hikari: - poolName: Hikari - auto-commit: false - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 250 - prepStmtCacheSqlLimit: 2048 - useServerPrepStmts: true - jpa: - database-platform: org.hibernate.dialect.MySQL8Dialect - database: MYSQL - show-sql: false - liquibase: - contexts: prod - mail: - host: localhost - port: 25 - username: - password: - thymeleaf: - cache: true -# =================================================================== -# To enable TLS in production, generate a certificate using: -# keytool -genkey -alias artemis -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 -# -# You can also use Let's Encrypt: -# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm -# -# Then, modify the server.ssl properties so your "server" configuration looks like: -# -# server: -# port: 443 -# ssl: -# key-store: classpath:config/tls/keystore.p12 -# key-store-password: password -# key-store-type: PKCS12 -# key-alias: Artemis -# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/) -# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA -# =================================================================== server: - port: 8080 + # this address is passed to the CI systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url here + url: http://localhost compression: enabled: true mime-types: text/html,text/xml,text/plain,text/css,application/javascript,application/json,image/svg+xml @@ -85,49 +37,20 @@ server: # =================================================================== jhipster: - http: - cache: # Used by the CachingHttpHeadersFilter - timeToLiveInDays: 1461 - security: - authentication: - jwt: - # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) - # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: - # - In the JHipster Registry (which includes a Spring Cloud Config server) - # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file - # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - # Token is valid 24 hours - token-validity-in-seconds: 86400 - token-validity-in-seconds-for-remember-me: 2592000 mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost base-url: http://my-server-url-to-change # Modify according to your server's URL - logging: - logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration - enabled: false - host: localhost - port: 5000 - queue-size: 512 - audit-events: - retention-period: 120 # Number of days before audit events are deleted. # Properties to be exposed on the /info management endpoint info: guided-tour: - courseShortName: 'artemistutorial' - course-group-students: 'artemis-artemistutorial-students' tours: - - cancel_tour: '' - code_editor_tour: 'tutorial' - - course_overview_tour: '' - course_exercise_overview_tour: 'tutorial' - - modeling_tour: 'UML Class Diagram' - programming_exercise_fail_tour: 'tutorial' - programming_exercise_success_tour: 'tutorial' - - tutor_assessment_tour: 'Patterns in Software Engineering' - contact: artemis.in@tum.de #default value, can be overridden on the server test-server: false # false --> production, true --> test server, --> empty == local # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to false in production text-assessment-analytics-enabled: false + imprint: https://your-imprint-url diff --git a/src/main/resources/config/application-tls.yml b/src/main/resources/config/application-tls.yml deleted file mode 100644 index 1e7cef3a229c..000000000000 --- a/src/main/resources/config/application-tls.yml +++ /dev/null @@ -1,19 +0,0 @@ -# =================================================================== -# Activate this profile to enable TLS and HTTP/2. -# -# JHipster has generated a self-signed certificate, which will be used to encrypt traffic. -# As your browser will not understand this certificate, you will need to import it. -# -# Another (easiest) solution with Chrome is to enable the "allow-insecure-localhost" flag -# at chrome://flags/#allow-insecure-localhost -# =================================================================== -server: - ssl: - key-store: classpath:config/tls/keystore.p12 - key-store-password: password - key-store-type: PKCS12 - key-alias: selfsigned - ciphers: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - enabled-protocols: TLSv1.2 - http2: - enabled: true diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index df0d80085cb3..5cb641b8d8e1 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -26,47 +26,6 @@ logging: max-history: 90 total-size-cap: "10GB" -artemis: - version: #project.version# - file-upload-path: uploads - submission-export-path: exports - bcrypt-salt-rounds: 11 #default value, see application-artemis.yml for more information how to override and customize this value - external-system-request: - batch-size: 50 # wait the time below after 50 requests - batch-waiting-time: 30000 # in ms = 30s - continuous-integration: - # Defines the used docker images for certain programming languages. - # For each language at least the `default` image has to be defined. - # This `default` option will be overridden by more specific project type - # definitions. - build: - images: - java: - # possible overrides: maven, gradle - default: "ls1tum/artemis-maven-template:java17-11" - kotlin: - # possible overrides: maven, gradle - default: "ls1tum/artemis-maven-template:java17-11" - empty: - default: "ls1tum/artemis-maven-template:java17-11" - python: - default: "ls1tum/artemis-python-docker:latest" - c: - # possible overrides: gcc, fact - default: "ls1tum/artemis-c-docker:latest" - fact: "sharingcodeability/fact:latest" - haskell: - default: "ghcr.io/b-fein/artemis-haskell:v19.30.0" - vhdl: - default: "tizianleonhardt/era-artemis-vhdl:latest" - assembler: - default: "tizianleonhardt/era-artemis-assembler:latest" - swift: - # possible overrides: xcode - default: "norionomura/swiftlint:latest" - ocaml: - default: "ls1tum/artemis-ocaml-docker:v1" - management: endpoints: web: @@ -123,6 +82,21 @@ management: spring: application: name: Artemis + devtools: + livereload: + enabled: false # we use Webpack dev server + BrowserSync for livereload + datasource: + type: com.zaxxer.hikari.HikariDataSource + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + hikari: + poolName: Hikari + auto-commit: false + data-source-properties: + cachePrepStmts: true + prepStmtCacheSize: 250 + prepStmtCacheSqlLimit: 2048 + useServerPrepStmts: true jmx: enabled: false cloud: @@ -134,6 +108,8 @@ spring: repositories: bootstrap-mode: deferred jpa: + database-platform: org.hibernate.dialect.MySQL8Dialect + database: MYSQL open-in-view: false show-sql: false hibernate: @@ -178,6 +154,11 @@ spring: thread-name-prefix: artemis-scheduling- pool: size: 2 + mail: + host: localhost + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + port: 25 thymeleaf: mode: HTML output: @@ -191,8 +172,8 @@ spring: timeout-per-shutdown-phase: 10 websocket: broker: - username: guest - password: guest + # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV addresses: "" # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") hazelcast: interface: "127.0.0.1" # The interface to bind to, if non is set, all interfaces will be bound @@ -224,6 +205,7 @@ springdoc: operationsSorter: method server: + port: 8080 servlet: session: cookie: @@ -241,15 +223,25 @@ sentry: # Properties to be exposed on the /info management endpoint info: + guided-tour: + courseShortName: 'artemistutorial' + # TODO: following value missing on purpose in ansible? saw this when I moved the value here + # Names of the tutorial groups that will be automatically added to newly created users + course-group-students: 'artemis-artemistutorial-students' + tours: + - cancel_tour: '' + - course_overview_tour: '' + - modeling_tour: 'UML Class Diagram' + - programming_exercise_success_tour: 'tutorial' + # TODO: following value missing on purpose in ansible? saw this when I moved the value here + - tutor_assessment_tour: 'Patterns in Software Engineering' + contact: artemis.in@tum.de #default value, can be overridden if needed # Comma separated list of profiles that will trigger the ribbon to show display-ribbon-on-profiles: "dev" sentry: dsn: https://8c6b41ec2d4245e8bd3ec9541d53f625@sentry.io/1440029 # Leave empty to disable Sentry, must be a valid URI # Allowed Orion version range. Should only be changed on major version releases allowed-minimum-orion-version: 1.0.0 - # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled - # default value set to false - text-assessment-analytics-enabled: false student-exam-store-session-data: true # =================================================================== @@ -261,6 +253,17 @@ info: jhipster: clientApp: name: 'artemisApp' + security: + authentication: + jwt: + # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) + # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: + # - In the JHipster Registry (which includes a Spring Cloud Config server) + # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file + # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable + # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + token-validity-in-seconds: 86400 # Token is valid 24 hours + token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days # By default CORS is disabled. Uncomment to enable. #cors: #allowed-origin-patterns: "*" @@ -269,10 +272,16 @@ jhipster: #exposed-headers: "Authorization,Link,X-Total-Count" #allow-credentials: true #max-age: 1800 - mail: - from: artemis@localhost registry: - password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) + # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + logging: + logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration + enabled: false + host: localhost + port: 5000 + queue-size: 512 + audit-events: + retention-period: 120 # Number of days before audit events are deleted. http: cache: # Used by the CachingHttpHeadersFilter timeToLiveInDays: 1461 From 229cc05654f62da9f95d2161d9b6a7fa8248f77f Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 18:06:31 +0100 Subject: [PATCH 043/174] config refactoring 2 --- gradle/profile_dev.gradle | 9 ++++----- gradle/profile_prod.gradle | 6 ++++-- src/main/resources/config/tls/keystore.p12 | Bin 2607 -> 0 bytes 3 files changed, 8 insertions(+), 7 deletions(-) delete mode 100644 src/main/resources/config/tls/keystore.p12 diff --git a/gradle/profile_dev.gradle b/gradle/profile_dev.gradle index f329934307af..896db58989f0 100644 --- a/gradle/profile_dev.gradle +++ b/gradle/profile_dev.gradle @@ -13,9 +13,6 @@ def profiles = 'dev' if (project.hasProperty('no-liquibase')) { profiles += ',no-liquibase' } -if (project.hasProperty('tls')) { - profiles += ',tls' -} springBoot { buildInfo { @@ -63,10 +60,12 @@ processResources { inputs.property('springProfiles', profiles) filesMatching("**/application.yml") { filter { - it.replace("#project.version#", version) + it.replace("#spring.profiles.active#", profiles) } + } + filesMatching("**/application-artemis.yml") { filter { - it.replace("#spring.profiles.active#", profiles) + it.replace("#project.version#", version) } } } diff --git a/gradle/profile_prod.gradle b/gradle/profile_prod.gradle index 2afffc251835..13fe5ccb6b1a 100644 --- a/gradle/profile_prod.gradle +++ b/gradle/profile_prod.gradle @@ -25,10 +25,12 @@ processResources { inputs.property('springProfiles', profiles) filesMatching('**/application.yml') { filter { - it.replace('#project.version#', version) + it.replace('#spring.profiles.active#', profiles) } + } + filesMatching('**/application-artemis.yml') { filter { - it.replace('#spring.profiles.active#', profiles) + it.replace('#project.version#', version) } } } diff --git a/src/main/resources/config/tls/keystore.p12 b/src/main/resources/config/tls/keystore.p12 deleted file mode 100644 index 3a9e4ca20b30e99210f9cb4a3de65463d3a6a24b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2607 zcmY+EXEYp&7KNu7j2>f@L6l(h(c45BSIrfj5H%4cK@v4uFhm!fXwh4YG6+$km#ERA zK7uIGqIcqXZ@qW#x+HSH`T3!7Fn$majK+~JLrM8U)I&}vfW*LT9O*X*j&$V4 z9z^4aUj8E@dIZ4{S=`vBH)8}P``;Bg3<%1`K`ziZ$O)Pk3j4o(^Bf6*^R<6wd>6qJ zcj49fwxXR-S`*pn1p)&)bRam$7r!{bnYIHSIOFMIg$>Y}eC!^dMpGA{ig5bw?ES?` zZuOvbzQiix8S95Rf+GM^ASMy0nS^R^#9&f2X$aX<1R2^s1FoP+$&{%$%4b2#N7f|; zgA;v;RD(f$8KW@R*W(CT$6(#6DH4|il&6`g-$>0)(;&l@wY>XVTk_@U1c?mYN&$7} zwZ%?nJx)JkRMpC2dE5#mhjny@oi+|o>^<%6?&qI^)nM*FYC9RToiGr_enTF1@>3_O zgq=JTJ!E>+oo^*bEJi|@wJq6oReHYpL$JfW-lD0cOVcZI(WGIP4(brK&?l0T@}RxdJqtL#r>Zv1mM4i`O4XU@u@-MvmX33`pEEp|m%}N(6(pE{tc6$Fq@8592n`Yo zDxayuy@;-B7U*-2OlY)6esEvd9-H+Vc#&L2D=x;>y+06=rjU@NC;u4ZzzZ3#SQ*b> z{(U=5W+)F{7qjZW+q3eTC(mqq6)-DgNzub4p_jIWFfR@}K6bSFlWy}%9|2u6t6jY9 zYqZKvj=7jK4s&o%7orlK_6>$kBc0$Kj1_PZBB7+=p9V2K)w zMBJx=2*b2}L{rnI4t_qo5aN|TTP&@I z@y`O`An~knEWolm4V=Yay`7l_T47FKbrfv1OR-Y1Y}oaDuGS55*(iYw@(}H4a_DqA z<7wwIs{NeZyRr*xWwE5?LvRILyb9}zdLE03DWAt(-HG+bD_S)FW27iHU&LcRh!Rh8XE zTh^`n4kEuX-i&E1=0wa3e`=#RSqJBz4tAzIP74j1DI4Jczm_;rr}^1O0L zrv9l3(js#cSiK!z)nff#o5^s10??%3;x5bt*5TH7Efkks`=tcB>Y~HMKEGULF((@q zAmIveBu!tdHBC#-1}9dA`=iD{3=i^B(_w9`=Y~{O;PB9#NA*m4&KvDpYe#QmSAOtM z>~~$2PuR?OU0v(akD5(ZVq?BRt(J}?W|Gv4DVWG6II;#$j!;zBez zWMfax=}P!xcXgY6UR^q+lwLDLmzyOC*+*nE=AmB!1|4xAaAT9Jiq)mzrE0rLTc+!zhDJ3GtxttdzN%(;8u(Qn?Nzf-w56totyjjKxMZX*C=Nb2a zwK}kZeNmSBt;8Rd`_lGE-L84m>6pk$-v|??k&5@v<6{kPyP-w~3vktg5nRqN-veh+ z`i@)@hPw1e8gjt)$AzXdZ)`&YS;VG+QXdl)>bv~%nqEd(2#yzM28#DHg+AUQkbN7O> z3)_}l7zmBzOQ)r&M;*70`YwZ$Wpb`ReI%@-uR#D*h=0evZ&{Qzc|l;7&4EW6RJkG> z^+5p~$rN6fxW3|~D}F!eW_DpNGUhJ zLXJsY^paQ6&FiBIH&<&<|LJ_{uzL%e3i9&s>Mr@iv7708O&a1DD~&;& zmbl zvlQJ-?Av0*O=LNUYjY+gBe%~kDUI8`pT#7oer`+sz8Ur#@Kt|o_qM;{LJUq&^@QNn zaZ2)wtZ!vwY)YL3Rg!%5OMXA6obrHKzJG&87S$vDz$@JE&GZv)mDR$@`k2QAqjr7J zdCK8e+u({|4*&EuS-EdL+pt6^em8~a+K_#k#~j~IoF=B`-M-yq>&xL#HF?A>Xn$U| zgDN^0%x`0dr0@2&JocD*L6KhmpRpH#l#>Q+to!koS++jx zLh^5^Q2DDnJxi8qTM=Dmp|p%#cX*$hBdS6Kuc1lb<)LHwmIpOJmh_l$26|j8kaSuXsdOi4f!oyjKrlhmexBV}i)S!W?Kf2Poo^2B zYV26~1*J!Zs+IIzC*@1}y>&qxWV#h@&8uHMFCkaJ(8-NgcAuONnc&?Tt=rcIgLn(neb8S$E4Qgt&a|t4|8PBCQWe zY>cv;7CiGL={Td8tZh$^-x&xlG_n5dkKi97dtLWQNB3#CfY5JU>yWuN*$L?$xv~2k zZ(ce%>=#LU`Mg>>{~5i*pl1EUsAb~&!0j2uwcaThg}*KN3|bz|jwXc?@l%39Ohf<( z+{F{}Cbwz3j>hE*3omx45nRh8g}^bWPVV8vz+^brU4x9yd0yYe++YwG7?S;Or{&Cz From 091025ccbfbac296e328406a5effea37d9d20212 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Fri, 9 Dec 2022 18:12:11 +0100 Subject: [PATCH 044/174] reverted all configuration changes as they were moved to separate branch --- gradle/profile_dev.gradle | 9 +- gradle/profile_prod.gradle | 6 +- .../de/tum/in/www1/artemis/ArtemisApp.java | 1 - .../resources/config/application-apollon.yml | 3 - .../resources/config/application-artemis.yml | 113 +++++++++++------- .../resources/config/application-athene.yml | 5 - .../resources/config/application-bamboo.yml | 14 --- .../config/application-bitbucket.yml | 13 -- src/main/resources/config/application-dev.yml | 59 ++++++++- .../resources/config/application-gitlab.yml | 14 --- .../resources/config/application-jenkins.yml | 29 ----- .../resources/config/application-jira.yml | 14 --- .../resources/config/application-ldap.yml | 8 -- .../config/application-local.yml.sample | 92 -------------- .../resources/config/application-prod.yml | 85 ++++++++++++- src/main/resources/config/application-tls.yml | 19 +++ src/main/resources/config/application.yml | 107 ++++++++--------- src/main/resources/config/tls/keystore.p12 | Bin 0 -> 2607 bytes 18 files changed, 278 insertions(+), 313 deletions(-) delete mode 100644 src/main/resources/config/application-apollon.yml delete mode 100644 src/main/resources/config/application-athene.yml delete mode 100644 src/main/resources/config/application-bamboo.yml delete mode 100644 src/main/resources/config/application-bitbucket.yml delete mode 100644 src/main/resources/config/application-jira.yml delete mode 100644 src/main/resources/config/application-ldap.yml delete mode 100644 src/main/resources/config/application-local.yml.sample create mode 100644 src/main/resources/config/application-tls.yml create mode 100644 src/main/resources/config/tls/keystore.p12 diff --git a/gradle/profile_dev.gradle b/gradle/profile_dev.gradle index 896db58989f0..f329934307af 100644 --- a/gradle/profile_dev.gradle +++ b/gradle/profile_dev.gradle @@ -13,6 +13,9 @@ def profiles = 'dev' if (project.hasProperty('no-liquibase')) { profiles += ',no-liquibase' } +if (project.hasProperty('tls')) { + profiles += ',tls' +} springBoot { buildInfo { @@ -60,12 +63,10 @@ processResources { inputs.property('springProfiles', profiles) filesMatching("**/application.yml") { filter { - it.replace("#spring.profiles.active#", profiles) + it.replace("#project.version#", version) } - } - filesMatching("**/application-artemis.yml") { filter { - it.replace("#project.version#", version) + it.replace("#spring.profiles.active#", profiles) } } } diff --git a/gradle/profile_prod.gradle b/gradle/profile_prod.gradle index 13fe5ccb6b1a..2afffc251835 100644 --- a/gradle/profile_prod.gradle +++ b/gradle/profile_prod.gradle @@ -25,12 +25,10 @@ processResources { inputs.property('springProfiles', profiles) filesMatching('**/application.yml') { filter { - it.replace('#spring.profiles.active#', profiles) + it.replace('#project.version#', version) } - } - filesMatching('**/application-artemis.yml') { filter { - it.replace('#project.version#', version) + it.replace('#spring.profiles.active#', profiles) } } } diff --git a/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java b/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java index 4e4933293edd..8310ff9b763b 100644 --- a/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java +++ b/src/main/java/de/tum/in/www1/artemis/ArtemisApp.java @@ -72,7 +72,6 @@ private static void logApplicationStartup(Environment env, BuildProperties build if (env.getProperty("server.ssl.key-store") != null) { protocol = "https"; } - // TODO: recheck if the line can be deleted (port config value is never used anywhere else) String serverPort = env.getProperty("server.port"); String version = buildProperties.getVersion(); String gitCommitId = gitProperties.getShortCommitId(); diff --git a/src/main/resources/config/application-apollon.yml b/src/main/resources/config/application-apollon.yml deleted file mode 100644 index e6e01fd7bd82..000000000000 --- a/src/main/resources/config/application-apollon.yml +++ /dev/null @@ -1,3 +0,0 @@ -artemis: - apollon: - conversion-service-url: http://localhost:8080 diff --git a/src/main/resources/config/application-artemis.yml b/src/main/resources/config/application-artemis.yml index d8793938c027..ab165e82d989 100644 --- a/src/main/resources/config/application-artemis.yml +++ b/src/main/resources/config/application-artemis.yml @@ -3,24 +3,33 @@ # =================================================================== artemis: - version: #project.version# course-archives-path: ./exports/courses # a folder in which archived courses and exams are stored. repo-clone-path: ./repos # a folder in which git repos for the online code editor are stored. In a multi node setup, this folder should be in a shared file system area (e.g. based on NFS), so that user can access the same files over multiple nodes repo-download-clone-path: ./repos-download # a temporary folder, in which git repos are downloaded that are immediately deleted afterwards (e.g. exports, plagiarism checks), should NOT be in a shared file system area - file-upload-path: uploads - submission-export-path: exports - # LEGACY: arbitrary password for encrypting database values - # encryption-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + encryption-password: # LEGACY: arbitrary password for encrypting database values bcrypt-salt-rounds: 11 # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark - external-system-request: - batch-size: 50 # wait the time below after 50 requests - batch-waiting-time: 30000 # in ms = 30s user-management: - use-external: false + use-external: true + password-reset: + credential-provider: # The credential provider which users can log in though (e.g. TUMonline) + links: # The password reset links for different languages + en: '' + de: '' + external: + url: https://jira.ase.in.tum.de + user: # e.g. ga12abc + password: + admin-group-name: tumuser + ldap: # the whole section is optional: whether user details (such as the registration number) can be obtained from a LDAP service + url: + user-dn: + password: + base: + allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde internal-admin: - # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + username: artemis_admin + password: artemis_admin registration: # the whole section is optional: whether user can register in Artemis enabled: false allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(tum\.de|in\.tum\.de|mytum\.de)' @@ -31,40 +40,56 @@ artemis: allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde login: account-name: TUM # optional: customization for the welcome page "please sign in with your account" + version-control: + url: https://bitbucket.ase.in.tum.de + user: # e.g. ga12abc + password: + # token: # VCS API token giving Artemis full Admin access. + ci-token: # Token generated by the CI (e.g. Jenkins) for webhooks from the VCS to the CI. Not needed for Bamboo+Bitbucket + ssh-template-clone-url: ssh://git@bitbucket.ase.in.tum.de:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' + ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' +# ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server +# ssh-private-key-password: # the password for the private ssh key + default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS + version-control-access-token: false # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP continuous-integration: - # Defines the used docker images for certain programming languages. - # For each language at least the `default` image has to be defined. - # This `default` option will be overridden by more specific project type - # definitions. - build: - images: - java: - # possible overrides: maven, gradle - default: "ls1tum/artemis-maven-template:java17-11" - kotlin: - # possible overrides: maven, gradle - default: "ls1tum/artemis-maven-template:java17-11" - empty: - default: "ls1tum/artemis-maven-template:java17-11" - python: - default: "ls1tum/artemis-python-docker:latest" - c: - # possible overrides: gcc, fact - default: "ls1tum/artemis-c-docker:latest" - fact: "sharingcodeability/fact:latest" - haskell: - default: "ghcr.io/b-fein/artemis-haskell:v19.30.0" - vhdl: - default: "tizianleonhardt/era-artemis-vhdl:latest" - assembler: - default: "tizianleonhardt/era-artemis-assembler:latest" - swift: - # possible overrides: xcode - default: "norionomura/swiftlint:latest" - ocaml: - default: "ls1tum/artemis-ocaml-docker:v1" + user: # e.g. ga12abc + password: + token: # Enter a valid token generated in Bamboo giving Artemis full Admin access + url: https://bamboo.ase.in.tum.de + vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) + empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control + # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications + # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan + # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then + # triggering the plan. + # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in + # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the + # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! + # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. + secret-push-token: + # Key of the saved credentials for the VCS service + # Bamboo: not needed + # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and + # password for the VCS are stored + vcs-credentials: + # Key of the credentials for the Artemis notification token + # Bamboo: not needed + # Jenkins: You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored + artemis-authentication-token-key: + # The actual value of the notification token to check against in Artemis. This is the token that gets send with + # every request the CI system makes to Artemis containing a new result after a build. + # Bamboo: The token value you use for the Server Notification Plugin + # Jenkins: The token value you use for the Server Notification Plugin and is stored under the notification-token credential above + artemis-authentication-token-value: + build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck git: name: Artemis email: artemis.in@tum.de - - # TODO: lti settings missing here on purpose compared to the ansible prod template? + athene: + url: http://localhost + base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= + token-validity-in-seconds: 10800 + apollon: + conversion-service-url: http://localhost:8080 diff --git a/src/main/resources/config/application-athene.yml b/src/main/resources/config/application-athene.yml deleted file mode 100644 index e8cb5b182d56..000000000000 --- a/src/main/resources/config/application-athene.yml +++ /dev/null @@ -1,5 +0,0 @@ -artemis: - athene: - url: http://localhost - # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - token-validity-in-seconds: 10800 diff --git a/src/main/resources/config/application-bamboo.yml b/src/main/resources/config/application-bamboo.yml deleted file mode 100644 index 0a0fd6d74ba3..000000000000 --- a/src/main/resources/config/application-bamboo.yml +++ /dev/null @@ -1,14 +0,0 @@ -artemis: - continuous-integration: - url: http://localhost:8085 - # e.g. ga12abc - # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # Enter a valid token generated in Bamboo giving Artemis full Admin access - # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) - empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # The token value you use for the Server Notification Plugin - # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-bitbucket.yml b/src/main/resources/config/application-bitbucket.yml deleted file mode 100644 index af21a9703f10..000000000000 --- a/src/main/resources/config/application-bitbucket.yml +++ /dev/null @@ -1,13 +0,0 @@ -artemis: - version-control: - url: http://localhost:7990 - # e.g. ga12abc - # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # VCS API token giving Artemis full Admin access. - # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - ssh-template-clone-url: ssh://git@localhost:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' - ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' - ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server - # the password for the private ssh key - # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-dev.yml b/src/main/resources/config/application-dev.yml index 8d9606ef8e53..165c5e97bff9 100644 --- a/src/main/resources/config/application-dev.yml +++ b/src/main/resources/config/application-dev.yml @@ -24,13 +24,35 @@ spring: devtools: restart: enabled: true + livereload: + enabled: false # we use Webpack dev server + BrowserSync for livereload jackson: serialization: indent-output: true datasource: + type: com.zaxxer.hikari.HikariDataSource url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC + username: root + password: + hikari: + poolName: Hikari + auto-commit: false + data-source-properties: + cachePrepStmts: true + prepStmtCacheSize: 250 + prepStmtCacheSqlLimit: 2048 + useServerPrepStmts: true + jpa: + database-platform: org.hibernate.dialect.MySQL8Dialect + database: MYSQL + show-sql: false liquibase: contexts: dev + mail: + host: localhost + port: 25 + username: + password: messages: cache-duration: PT1S # 1 second, see the ISO 8601 standard thymeleaf: @@ -39,12 +61,8 @@ spring: localInstances: true server: - # this address is passed to the CI systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here - # other possible values: - # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 - # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 - url: http://localhost:8080 # Artemis and CI are running locally + port: 8080 + url: https://artemislocal.ase.in.tum.de # =================================================================== # JHipster specific properties @@ -61,11 +79,26 @@ jhipster: exposed-headers: "Authorization,Link,X-Total-Count" allow-credentials: true max-age: 1800 + security: + authentication: + jwt: + # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) + base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= + # Token is valid 24 hours + token-validity-in-seconds: 86400 + token-validity-in-seconds-for-remember-me: 2592000 mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost base-url: http://127.0.0.1:8080 logging: use-json-format: false # By default, logs are not in Json format + logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration + enabled: false + host: localhost + port: 5000 + queue-size: 512 + audit-events: + retention-period: 120 # Number of days before audit events are deleted. # Properties to be exposed on the /info management endpoint info: @@ -74,10 +107,24 @@ info: course-group-students: 'artemis-artemistutorial-students' courseShortName: 'artemistutorial' tours: + - cancel_tour: '' - code_editor_tour: 'test' + - course_overview_tour: '' - course_exercise_overview_tour: 'test' + - modeling_tour: 'UML Class Diagram' - programming_exercise_fail_tour: 'test' - programming_exercise_success_tour: 'test' + - tutor_assessment_tour: 'Patterns in Software Engineering' + contact: artemis.in@tum.de #default value, can be overridden if needed # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to true for development environment text-assessment-analytics-enabled: true + +# Eureka configuration +eureka: + instance: + prefer-ip-address: true + client: + enabled: false # By default, the JHipster Registry is not used in the "dev" profile + service-url: + defaultZone: http://admin:${jhipster.registry.password}@localhost:8761/eureka/ diff --git a/src/main/resources/config/application-gitlab.yml b/src/main/resources/config/application-gitlab.yml index 25ffc35df981..8efda4f9fb80 100644 --- a/src/main/resources/config/application-gitlab.yml +++ b/src/main/resources/config/application-gitlab.yml @@ -3,20 +3,6 @@ # # This configuration overrides the application.yml file. # =================================================================== -artemis: - version-control: - url: http://localhost:8081 - # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # ci-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # health-api-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - ssh-template-clone-url: - ssh-keys-url-path: /-/profile/keys - ssh-private-key-folder-path: - # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS - versionControlAccessToken: true # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP gitlab: # The following (optional) parameter allows to enable the use of pseudonyms. diff --git a/src/main/resources/config/application-jenkins.yml b/src/main/resources/config/application-jenkins.yml index 47171f8e7d4e..2e56f2a360bf 100644 --- a/src/main/resources/config/application-jenkins.yml +++ b/src/main/resources/config/application-jenkins.yml @@ -4,35 +4,6 @@ # This configuration overrides the application.yml file. # =================================================================== -artemis: - continuous-integration: - url: http://localhost:8082 - # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo - # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control - # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications - # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan - # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then - # triggering the plan. - # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in - # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the - # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! - # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. - # secret-push-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # Key of the saved credentials for the VCS service - # You have to specify the key from the credentials page in Jenkins under which the user and - # password for the VCS are stored - vcs-credentials: artemis_gitlab_admin_credentials - # Key of the credentials for the Artemis notification token - # You have to specify the key from the credentials page in Jenkins under which the authentication-token is stored - artemis-authentication-token-key: artemis_notification_plugin_token - # The actual value of the notification token to check against in Artemis. This is the token that gets send with - # every request the CI system makes to Artemis containing a new result after a build. - # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above - # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck - jenkins: # The following (optional) parameter allows to customize if Jenkins CSRF protection should be used (activated) within Artemis: # see https://wiki.jenkins.io/display/JENKINS/Remote+access+API --> CSRF Protection diff --git a/src/main/resources/config/application-jira.yml b/src/main/resources/config/application-jira.yml deleted file mode 100644 index 644032f5d67b..000000000000 --- a/src/main/resources/config/application-jira.yml +++ /dev/null @@ -1,14 +0,0 @@ -artemis: - user-management: - use-external: true - external: - url: http://localhost:8085 - # e.g. ga12abc - # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - admin-group-name: instructors - password-reset: - credential-provider: TUMonline - links: - en: "https://campus.tum.de/tumonline/ee/ui/ca2/app/desktop/#/pl/ui/$ctx/co_loc_password_reset.main?$ctx=design=ca2;header=max;lang=en" - de: "https://campus.tum.de/tumonline/ee/ui/ca2/app/desktop/#/pl/ui/$ctx/co_loc_password_reset.main?$ctx=design=ca2;header=max;lang=de" diff --git a/src/main/resources/config/application-ldap.yml b/src/main/resources/config/application-ldap.yml deleted file mode 100644 index 661f20b054f9..000000000000 --- a/src/main/resources/config/application-ldap.yml +++ /dev/null @@ -1,8 +0,0 @@ -artemis: - user-management: - ldap: - url: "ldaps://iauth.tum.de:636" - user-dn: "cn=TUINI01-Artemis,ou=bindDNs,ou=iauth,dc=tum,dc=de" - base: "ou=users,ou=data,ou=prod,ou=iauth,dc=tum,dc=de" - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde diff --git a/src/main/resources/config/application-local.yml.sample b/src/main/resources/config/application-local.yml.sample deleted file mode 100644 index c1eefedf3fb7..000000000000 --- a/src/main/resources/config/application-local.yml.sample +++ /dev/null @@ -1,92 +0,0 @@ -#TODO: describe process in docs and inline also that you can have multiple application-local-SETUP.yml files and then just copy to the real one for switching ;) -# =================================================================== -# Configuration template for application-local.yml -# -# This template file contains and overwrites all configuration secrets. -# This template file also contains the bare minimum of REALLY necessary configurations where it's hard to use -# a default value for most development environments! -# -# The goal of this template file is to make it easier for new developers to get up and running. -# -# Usage: -# - copy this file to application-local.yml -# - uncomment the "Atlassian Stack" or "Gitlab / Jenkins Stack" IF you use these as CI/VCS -# -# =================================================================== - -artemis: - encryption-password: artemis_admin # LEGACY: arbitrary password for encrypting database values - athene: - base64-secret: YWVuaXF1YWRpNWNlaXJpNmFlbTZkb283dXphaVF1b29oM3J1MWNoYWlyNHRoZWUzb2huZ2FpM211bGVlM0VpcAo= - user-management: - internal-admin: - username: artemis_admin - password: artemis_admin -# =================================================================== -# Atlassian Stack START -# =================================================================== -# external: -# user: # e.g. ga12abc -# password: -# version-control: -# user: # e.g. ga12abc -# password: -# token: -# ssh-private-key-password: -# continuous-integration: -# user: # e.g. ga12abc -# password: -# token: # Enter a valid token generated in Bamboo giving Artemis full Admin access -# # The actual value of the notification token to check against in Artemis. This is the token that gets send with -# # every request the CI system makes to Artemis containing a new result after a build. -# # The token value you use for the Server Notification Plugin -# artemis-authentication-token-value: -# =================================================================== -# Atlassian Stack END -# =================================================================== - -# =================================================================== -# Gitlab / Jenkins Stack START -# =================================================================== -# version-control: -# user: root -# password: artemis_admin # created in Gitlab Server Quickstart step 2 -# token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 -# ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 -# health-api-token: -# ssh-private-key-password: -# continuous-integration: -# user: artemis_admin -# password: artemis_admin -# secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 -# artemis-authentication-token-value: artemis_admin -# =================================================================== -# Gitlab / Jenkins Stack END -# =================================================================== - -spring: - datasource: - username: root - password: - mail: - username: - password: - websocket: - broker: - username: guest - password: guest - -jhipster: - security: - authentication: - jwt: - base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= - registry: - password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) - -server: - # this address is passed to the CI systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here - # other possible values: - # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 - # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 diff --git a/src/main/resources/config/application-prod.yml b/src/main/resources/config/application-prod.yml index 8e5a1a04af6a..140077340bff 100644 --- a/src/main/resources/config/application-prod.yml +++ b/src/main/resources/config/application-prod.yml @@ -13,18 +13,66 @@ # http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html # =================================================================== +management: + metrics: + export: + prometheus: + enabled: false spring: devtools: restart: enabled: false + livereload: + enabled: false datasource: + type: com.zaxxer.hikari.HikariDataSource url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC + username: root + password: + hikari: + poolName: Hikari + auto-commit: false + data-source-properties: + cachePrepStmts: true + prepStmtCacheSize: 250 + prepStmtCacheSqlLimit: 2048 + useServerPrepStmts: true + jpa: + database-platform: org.hibernate.dialect.MySQL8Dialect + database: MYSQL + show-sql: false + liquibase: + contexts: prod + mail: + host: localhost + port: 25 + username: + password: + thymeleaf: + cache: true +# =================================================================== +# To enable TLS in production, generate a certificate using: +# keytool -genkey -alias artemis -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 +# +# You can also use Let's Encrypt: +# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm +# +# Then, modify the server.ssl properties so your "server" configuration looks like: +# +# server: +# port: 443 +# ssl: +# key-store: classpath:config/tls/keystore.p12 +# key-store-password: password +# key-store-type: PKCS12 +# key-alias: Artemis +# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/) +# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA +# =================================================================== server: - # this address is passed to the CI systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here - url: http://localhost + port: 8080 compression: enabled: true mime-types: text/html,text/xml,text/plain,text/css,application/javascript,application/json,image/svg+xml @@ -37,20 +85,49 @@ server: # =================================================================== jhipster: + http: + cache: # Used by the CachingHttpHeadersFilter + timeToLiveInDays: 1461 + security: + authentication: + jwt: + # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) + # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: + # - In the JHipster Registry (which includes a Spring Cloud Config server) + # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file + # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable + base64-secret: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo= + # Token is valid 24 hours + token-validity-in-seconds: 86400 + token-validity-in-seconds-for-remember-me: 2592000 mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost base-url: http://my-server-url-to-change # Modify according to your server's URL + logging: + logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration + enabled: false + host: localhost + port: 5000 + queue-size: 512 + audit-events: + retention-period: 120 # Number of days before audit events are deleted. # Properties to be exposed on the /info management endpoint info: guided-tour: + courseShortName: 'artemistutorial' + course-group-students: 'artemis-artemistutorial-students' tours: + - cancel_tour: '' - code_editor_tour: 'tutorial' + - course_overview_tour: '' - course_exercise_overview_tour: 'tutorial' + - modeling_tour: 'UML Class Diagram' - programming_exercise_fail_tour: 'tutorial' - programming_exercise_success_tour: 'tutorial' + - tutor_assessment_tour: 'Patterns in Software Engineering' + contact: artemis.in@tum.de #default value, can be overridden on the server test-server: false # false --> production, true --> test server, --> empty == local # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to false in production text-assessment-analytics-enabled: false - imprint: https://your-imprint-url diff --git a/src/main/resources/config/application-tls.yml b/src/main/resources/config/application-tls.yml new file mode 100644 index 000000000000..1e7cef3a229c --- /dev/null +++ b/src/main/resources/config/application-tls.yml @@ -0,0 +1,19 @@ +# =================================================================== +# Activate this profile to enable TLS and HTTP/2. +# +# JHipster has generated a self-signed certificate, which will be used to encrypt traffic. +# As your browser will not understand this certificate, you will need to import it. +# +# Another (easiest) solution with Chrome is to enable the "allow-insecure-localhost" flag +# at chrome://flags/#allow-insecure-localhost +# =================================================================== +server: + ssl: + key-store: classpath:config/tls/keystore.p12 + key-store-password: password + key-store-type: PKCS12 + key-alias: selfsigned + ciphers: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + enabled-protocols: TLSv1.2 + http2: + enabled: true diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index 5cb641b8d8e1..df0d80085cb3 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -26,6 +26,47 @@ logging: max-history: 90 total-size-cap: "10GB" +artemis: + version: #project.version# + file-upload-path: uploads + submission-export-path: exports + bcrypt-salt-rounds: 11 #default value, see application-artemis.yml for more information how to override and customize this value + external-system-request: + batch-size: 50 # wait the time below after 50 requests + batch-waiting-time: 30000 # in ms = 30s + continuous-integration: + # Defines the used docker images for certain programming languages. + # For each language at least the `default` image has to be defined. + # This `default` option will be overridden by more specific project type + # definitions. + build: + images: + java: + # possible overrides: maven, gradle + default: "ls1tum/artemis-maven-template:java17-11" + kotlin: + # possible overrides: maven, gradle + default: "ls1tum/artemis-maven-template:java17-11" + empty: + default: "ls1tum/artemis-maven-template:java17-11" + python: + default: "ls1tum/artemis-python-docker:latest" + c: + # possible overrides: gcc, fact + default: "ls1tum/artemis-c-docker:latest" + fact: "sharingcodeability/fact:latest" + haskell: + default: "ghcr.io/b-fein/artemis-haskell:v19.30.0" + vhdl: + default: "tizianleonhardt/era-artemis-vhdl:latest" + assembler: + default: "tizianleonhardt/era-artemis-assembler:latest" + swift: + # possible overrides: xcode + default: "norionomura/swiftlint:latest" + ocaml: + default: "ls1tum/artemis-ocaml-docker:v1" + management: endpoints: web: @@ -82,21 +123,6 @@ management: spring: application: name: Artemis - devtools: - livereload: - enabled: false # we use Webpack dev server + BrowserSync for livereload - datasource: - type: com.zaxxer.hikari.HikariDataSource - # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - hikari: - poolName: Hikari - auto-commit: false - data-source-properties: - cachePrepStmts: true - prepStmtCacheSize: 250 - prepStmtCacheSqlLimit: 2048 - useServerPrepStmts: true jmx: enabled: false cloud: @@ -108,8 +134,6 @@ spring: repositories: bootstrap-mode: deferred jpa: - database-platform: org.hibernate.dialect.MySQL8Dialect - database: MYSQL open-in-view: false show-sql: false hibernate: @@ -154,11 +178,6 @@ spring: thread-name-prefix: artemis-scheduling- pool: size: 2 - mail: - host: localhost - # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - port: 25 thymeleaf: mode: HTML output: @@ -172,8 +191,8 @@ spring: timeout-per-shutdown-phase: 10 websocket: broker: - # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + username: guest + password: guest addresses: "" # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") hazelcast: interface: "127.0.0.1" # The interface to bind to, if non is set, all interfaces will be bound @@ -205,7 +224,6 @@ springdoc: operationsSorter: method server: - port: 8080 servlet: session: cookie: @@ -223,25 +241,15 @@ sentry: # Properties to be exposed on the /info management endpoint info: - guided-tour: - courseShortName: 'artemistutorial' - # TODO: following value missing on purpose in ansible? saw this when I moved the value here - # Names of the tutorial groups that will be automatically added to newly created users - course-group-students: 'artemis-artemistutorial-students' - tours: - - cancel_tour: '' - - course_overview_tour: '' - - modeling_tour: 'UML Class Diagram' - - programming_exercise_success_tour: 'tutorial' - # TODO: following value missing on purpose in ansible? saw this when I moved the value here - - tutor_assessment_tour: 'Patterns in Software Engineering' - contact: artemis.in@tum.de #default value, can be overridden if needed # Comma separated list of profiles that will trigger the ribbon to show display-ribbon-on-profiles: "dev" sentry: dsn: https://8c6b41ec2d4245e8bd3ec9541d53f625@sentry.io/1440029 # Leave empty to disable Sentry, must be a valid URI # Allowed Orion version range. Should only be changed on major version releases allowed-minimum-orion-version: 1.0.0 + # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled + # default value set to false + text-assessment-analytics-enabled: false student-exam-store-session-data: true # =================================================================== @@ -253,17 +261,6 @@ info: jhipster: clientApp: name: 'artemisApp' - security: - authentication: - jwt: - # This token must be encoded using Base64 (you can type `echo 'secret-key'|base64` on your command line) - # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely: - # - In the JHipster Registry (which includes a Spring Cloud Config server) - # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file - # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable - # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - token-validity-in-seconds: 86400 # Token is valid 24 hours - token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days # By default CORS is disabled. Uncomment to enable. #cors: #allowed-origin-patterns: "*" @@ -272,16 +269,10 @@ jhipster: #exposed-headers: "Authorization,Link,X-Total-Count" #allow-credentials: true #max-age: 1800 + mail: + from: artemis@localhost registry: - # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - logging: - logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration - enabled: false - host: localhost - port: 5000 - queue-size: 512 - audit-events: - retention-period: 120 # Number of days before audit events are deleted. + password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) http: cache: # Used by the CachingHttpHeadersFilter timeToLiveInDays: 1461 diff --git a/src/main/resources/config/tls/keystore.p12 b/src/main/resources/config/tls/keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..3a9e4ca20b30e99210f9cb4a3de65463d3a6a24b GIT binary patch literal 2607 zcmY+EXEYp&7KNu7j2>f@L6l(h(c45BSIrfj5H%4cK@v4uFhm!fXwh4YG6+$km#ERA zK7uIGqIcqXZ@qW#x+HSH`T3!7Fn$majK+~JLrM8U)I&}vfW*LT9O*X*j&$V4 z9z^4aUj8E@dIZ4{S=`vBH)8}P``;Bg3<%1`K`ziZ$O)Pk3j4o(^Bf6*^R<6wd>6qJ zcj49fwxXR-S`*pn1p)&)bRam$7r!{bnYIHSIOFMIg$>Y}eC!^dMpGA{ig5bw?ES?` zZuOvbzQiix8S95Rf+GM^ASMy0nS^R^#9&f2X$aX<1R2^s1FoP+$&{%$%4b2#N7f|; zgA;v;RD(f$8KW@R*W(CT$6(#6DH4|il&6`g-$>0)(;&l@wY>XVTk_@U1c?mYN&$7} zwZ%?nJx)JkRMpC2dE5#mhjny@oi+|o>^<%6?&qI^)nM*FYC9RToiGr_enTF1@>3_O zgq=JTJ!E>+oo^*bEJi|@wJq6oReHYpL$JfW-lD0cOVcZI(WGIP4(brK&?l0T@}RxdJqtL#r>Zv1mM4i`O4XU@u@-MvmX33`pEEp|m%}N(6(pE{tc6$Fq@8592n`Yo zDxayuy@;-B7U*-2OlY)6esEvd9-H+Vc#&L2D=x;>y+06=rjU@NC;u4ZzzZ3#SQ*b> z{(U=5W+)F{7qjZW+q3eTC(mqq6)-DgNzub4p_jIWFfR@}K6bSFlWy}%9|2u6t6jY9 zYqZKvj=7jK4s&o%7orlK_6>$kBc0$Kj1_PZBB7+=p9V2K)w zMBJx=2*b2}L{rnI4t_qo5aN|TTP&@I z@y`O`An~knEWolm4V=Yay`7l_T47FKbrfv1OR-Y1Y}oaDuGS55*(iYw@(}H4a_DqA z<7wwIs{NeZyRr*xWwE5?LvRILyb9}zdLE03DWAt(-HG+bD_S)FW27iHU&LcRh!Rh8XE zTh^`n4kEuX-i&E1=0wa3e`=#RSqJBz4tAzIP74j1DI4Jczm_;rr}^1O0L zrv9l3(js#cSiK!z)nff#o5^s10??%3;x5bt*5TH7Efkks`=tcB>Y~HMKEGULF((@q zAmIveBu!tdHBC#-1}9dA`=iD{3=i^B(_w9`=Y~{O;PB9#NA*m4&KvDpYe#QmSAOtM z>~~$2PuR?OU0v(akD5(ZVq?BRt(J}?W|Gv4DVWG6II;#$j!;zBez zWMfax=}P!xcXgY6UR^q+lwLDLmzyOC*+*nE=AmB!1|4xAaAT9Jiq)mzrE0rLTc+!zhDJ3GtxttdzN%(;8u(Qn?Nzf-w56totyjjKxMZX*C=Nb2a zwK}kZeNmSBt;8Rd`_lGE-L84m>6pk$-v|??k&5@v<6{kPyP-w~3vktg5nRqN-veh+ z`i@)@hPw1e8gjt)$AzXdZ)`&YS;VG+QXdl)>bv~%nqEd(2#yzM28#DHg+AUQkbN7O> z3)_}l7zmBzOQ)r&M;*70`YwZ$Wpb`ReI%@-uR#D*h=0evZ&{Qzc|l;7&4EW6RJkG> z^+5p~$rN6fxW3|~D}F!eW_DpNGUhJ zLXJsY^paQ6&FiBIH&<&<|LJ_{uzL%e3i9&s>Mr@iv7708O&a1DD~&;& zmbl zvlQJ-?Av0*O=LNUYjY+gBe%~kDUI8`pT#7oer`+sz8Ur#@Kt|o_qM;{LJUq&^@QNn zaZ2)wtZ!vwY)YL3Rg!%5OMXA6obrHKzJG&87S$vDz$@JE&GZv)mDR$@`k2QAqjr7J zdCK8e+u({|4*&EuS-EdL+pt6^em8~a+K_#k#~j~IoF=B`-M-yq>&xL#HF?A>Xn$U| zgDN^0%x`0dr0@2&JocD*L6KhmpRpH#l#>Q+to!koS++jx zLh^5^Q2DDnJxi8qTM=Dmp|p%#cX*$hBdS6Kuc1lb<)LHwmIpOJmh_l$26|j8kaSuXsdOi4f!oyjKrlhmexBV}i)S!W?Kf2Poo^2B zYV26~1*J!Zs+IIzC*@1}y>&qxWV#h@&8uHMFCkaJ(8-NgcAuONnc&?Tt=rcIgLn(neb8S$E4Qgt&a|t4|8PBCQWe zY>cv;7CiGL={Td8tZh$^-x&xlG_n5dkKi97dtLWQNB3#CfY5JU>yWuN*$L?$xv~2k zZ(ce%>=#LU`Mg>>{~5i*pl1EUsAb~&!0j2uwcaThg}*KN3|bz|jwXc?@l%39Ohf<( z+{F{}Cbwz3j>hE*3omx45nRh8g}^bWPVV8vz+^brU4x9yd0yYe++YwG7?S;Or{&Cz literal 0 HcmV?d00001 From eeef66a00178a90776be48655f96eb03d133ad60 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Sat, 10 Dec 2022 13:02:58 +0100 Subject: [PATCH 045/174] fix atlassian documentation after atlassian testing --- docs/dev/setup/bamboo-bitbucket-jira.rst.txt | 11 ++++++++++- docs/dev/setup/jenkins-gitlab.rst.txt | 2 +- src/main/docker/atlassian.yml | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt index 53ea10b8923c..0f336cfd1e91 100644 --- a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt +++ b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt @@ -269,6 +269,11 @@ under ``localhost:7990``. #. Add a SSH key for the admin user + .. + TODO: Doesn't seem so optional as it throws errors and closed Artemis when it wasn't set... + Same problem on Gitlab/Jenkins? + + Artemis can clone/push the repositories during setup and for the online code editor using SSH. If the SSH key is not present, the username + token will be used as fallback (and all git operations will use HTTP(S) instead of SSH). @@ -282,6 +287,10 @@ under ``localhost:7990``. It is recommended to use a password to secure the private key, but it is not mandatory. + .. + TODO: add example ssh-keygen command? + ssh-keygen -t rsa -b 4096 -C "artemis_admin@artemis.example" -f /id_rsa + Please note that the private key file **must** be named ``id_rsa``, ``id_dsa``, ``id_ecdsa`` or ``id_ed25519``, depending on the ciphers used. @@ -292,7 +301,7 @@ under ``localhost:7990``. Navigate to ``BITBUCKET-URL/plugins/servlet/ssh/account/keys`` and add the SSH key by pasting the content of the public key. - ```` is the path to the folder containing the ``id_rsa`` file (but without the filename). + ```` is the path to the folder containing the ``id_rsa`` file (but without the filename). It will be used in the configuration of Artemis to specify where Artemis should look for the key and store the ``known_hosts`` file. diff --git a/docs/dev/setup/jenkins-gitlab.rst.txt b/docs/dev/setup/jenkins-gitlab.rst.txt index b430721b2397..6d0c3831f228 100644 --- a/docs/dev/setup/jenkins-gitlab.rst.txt +++ b/docs/dev/setup/jenkins-gitlab.rst.txt @@ -416,7 +416,7 @@ GitLab Access Token Navigate to ``GITLAB-URL/-/profile/keys`` and add the SSH key by pasting the content of the public key. - ```` is the path to the folder containing the ``id_rsa`` file (but without the filename). It will + ```` is the path to the folder containing the ``id_rsa`` file (but without the filename). It will be used in the configuration of Artemis to specify where Artemis should look for the key and store the ``known_hosts`` file. diff --git a/src/main/docker/atlassian.yml b/src/main/docker/atlassian.yml index cfb5d62ea6b5..a2048581c0af 100644 --- a/src/main/docker/atlassian.yml +++ b/src/main/docker/atlassian.yml @@ -54,6 +54,7 @@ services: extra_hosts: - "host.docker.internal:host-gateway" image: ghcr.io/ls1intum/artemis-bamboo-build-agent:8.2.5 + pull_policy: always volumes: - artemis-bamboo-build-agent:/var/atlassian/application-data/bamboo-agent - /var/run/docker.sock:/var/run/docker.sock From 47fc89b21fbe80a16a98de67aece3abb80945df4 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Sat, 10 Dec 2022 18:48:28 +0100 Subject: [PATCH 046/174] removed TODO as the fault was in the configs --- docs/dev/setup/bamboo-bitbucket-jira.rst.txt | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt index 0f336cfd1e91..8c69b279b16c 100644 --- a/docs/dev/setup/bamboo-bitbucket-jira.rst.txt +++ b/docs/dev/setup/bamboo-bitbucket-jira.rst.txt @@ -269,11 +269,6 @@ under ``localhost:7990``. #. Add a SSH key for the admin user - .. - TODO: Doesn't seem so optional as it throws errors and closed Artemis when it wasn't set... - Same problem on Gitlab/Jenkins? - - Artemis can clone/push the repositories during setup and for the online code editor using SSH. If the SSH key is not present, the username + token will be used as fallback (and all git operations will use HTTP(S) instead of SSH). From 2cead33fa41328537211dbbd9b620bd1e308f3ad Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Sat, 10 Dec 2022 18:56:09 +0100 Subject: [PATCH 047/174] VCS and CI config fixes and formatting --- .../Artemis__Server___Client_.xml | 19 ++++-- .../resources/config/application-artemis.yml | 34 ++++++---- .../resources/config/application-bamboo.yml | 8 ++- .../config/application-bitbucket.yml | 18 +++-- src/main/resources/config/application-dev.yml | 14 ++-- .../resources/config/application-gitlab.yml | 26 ++++++-- .../resources/config/application-jenkins.yml | 18 +++-- .../resources/config/application-jira.yml | 2 +- .../resources/config/application-ldap.yml | 4 +- .../config/application-local.yml.sample | 29 ++++---- .../resources/config/application-prod.yml | 8 +-- src/main/resources/config/application.yml | 66 +++++++++++++------ 12 files changed, 167 insertions(+), 79 deletions(-) diff --git a/.idea/runConfigurations/Artemis__Server___Client_.xml b/.idea/runConfigurations/Artemis__Server___Client_.xml index 9fc2e412c740..ec21b22941d3 100644 --- a/.idea/runConfigurations/Artemis__Server___Client_.xml +++ b/.idea/runConfigurations/Artemis__Server___Client_.xml @@ -1,14 +1,23 @@ + - + \ No newline at end of file diff --git a/src/main/resources/config/application-artemis.yml b/src/main/resources/config/application-artemis.yml index d8793938c027..a4a11ba687b7 100644 --- a/src/main/resources/config/application-artemis.yml +++ b/src/main/resources/config/application-artemis.yml @@ -11,26 +11,34 @@ artemis: submission-export-path: exports # LEGACY: arbitrary password for encrypting database values # encryption-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - bcrypt-salt-rounds: 11 # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. - # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark + + # The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa. + # Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmark + bcrypt-salt-rounds: 11 external-system-request: - batch-size: 50 # wait the time below after 50 requests - batch-waiting-time: 30000 # in ms = 30s + batch-size: 50 # wait the time below after 50 requests + batch-waiting-time: 30000 # in ms = 30s user-management: use-external: false - internal-admin: + # internal-admin: # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - registration: # the whole section is optional: whether user can register in Artemis + + # the whole section is optional: whether user can register in Artemis + registration: enabled: false - allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(tum\.de|in\.tum\.de|mytum\.de)' - allowed-email-pattern-readable: '@tum.de, @in.tum.de, @mytum.de' - cleanup-time-minutes: 60 # The amount of time until non-activated accounts are deleted automatically - accept-terms: false # whether users have to accept terms before they can log in, from a privacy point of view this is not needed during education, therefore the default value is false - course-registration: # the whole section is optional: whether there is a restriction for the self-registration of students in courses - allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde + allowed-email-pattern: '[a-zA-Z0-9_\-\.\+]+@(artemis\.local|artemis\.example)' + allowed-email-pattern-readable: '@artemis.local, @artemis.example' + # The amount of time until non-activated accounts are deleted automatically + cleanup-time-minutes: 60 + # whether users have to accept terms before they can log in, from a privacy point of view this is not needed during education, therefore the default value is false + accept-terms: false + # the whole section is optional: whether there is a restriction for the self-registration of students in courses + course-registration: + allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde login: - account-name: TUM # optional: customization for the welcome page "please sign in with your account" + # optional: customization for the welcome page "please sign in with your account" e.g. TUM + account-name: ARTEMIS continuous-integration: # Defines the used docker images for certain programming languages. # For each language at least the `default` image has to be defined. diff --git a/src/main/resources/config/application-bamboo.yml b/src/main/resources/config/application-bamboo.yml index 0a0fd6d74ba3..fcb1c9425c64 100644 --- a/src/main/resources/config/application-bamboo.yml +++ b/src/main/resources/config/application-bamboo.yml @@ -4,10 +4,14 @@ artemis: # e.g. ga12abc # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # Enter a valid token generated in Bamboo giving Artemis full Admin access # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - vcs-application-link-name: LS1 Bitbucket Server # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) - empty-commit-necessary: true # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + + # If the VCS and CI are directly linked (normally only for Bitbucket + Bamboo) + vcs-application-link-name: LS1 Bitbucket Server + # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + empty-commit-necessary: true # The actual value of the notification token to check against in Artemis. This is the token that gets send with # every request the CI system makes to Artemis containing a new result after a build. # The token value you use for the Server Notification Plugin diff --git a/src/main/resources/config/application-bitbucket.yml b/src/main/resources/config/application-bitbucket.yml index af21a9703f10..50cc5d6ecd34 100644 --- a/src/main/resources/config/application-bitbucket.yml +++ b/src/main/resources/config/application-bitbucket.yml @@ -4,10 +4,20 @@ artemis: # e.g. ga12abc # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # VCS API token giving Artemis full Admin access. # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - ssh-template-clone-url: ssh://git@localhost:7999/ # Url Stem for cloning via ssh, for gitlab use 'ssh://git@artemistest2gitlab.ase.in.tum.de:2222/' - ssh-keys-url-path: /plugins/servlet/ssh/account/keys # Url Path to access a users ssh keys, for gitlab this is '/-/profile/keys' - ssh-private-key-folder-path: # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored that can be used to clone git repos on the version control server + + # SSH for Git + # SSH can be activated by setting + + # Url Stem for cloning via ssh + ssh-template-clone-url: ssh://git@localhost:7999/ + # Url Path to access a users ssh keys + ssh-keys-url-path: /plugins/servlet/ssh/account/keys + # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored + # that can be used to clone git repos on the version control server + # ssh-private-key-folder-path: IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV + # the password for the private ssh key - # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # ssh-private-key-password: IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-dev.yml b/src/main/resources/config/application-dev.yml index 8d9606ef8e53..8f539a70bc5f 100644 --- a/src/main/resources/config/application-dev.yml +++ b/src/main/resources/config/application-dev.yml @@ -32,19 +32,16 @@ spring: liquibase: contexts: dev messages: - cache-duration: PT1S # 1 second, see the ISO 8601 standard + # 1 second, see the ISO 8601 standard + cache-duration: PT1S thymeleaf: cache: false hazelcast: localInstances: true server: - # this address is passed to the CI systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here - # other possible values: - # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 - # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 - url: http://localhost:8080 # Artemis and CI are running locally + # see application.yml for further comments + url: http://localhost:8080 # =================================================================== # JHipster specific properties @@ -65,7 +62,8 @@ jhipster: from: artemis@localhost base-url: http://127.0.0.1:8080 logging: - use-json-format: false # By default, logs are not in Json format + # By default, logs are not in Json format + use-json-format: false # Properties to be exposed on the /info management endpoint info: diff --git a/src/main/resources/config/application-gitlab.yml b/src/main/resources/config/application-gitlab.yml index 25ffc35df981..eafd4f64e0fa 100644 --- a/src/main/resources/config/application-gitlab.yml +++ b/src/main/resources/config/application-gitlab.yml @@ -10,13 +10,29 @@ artemis: # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # ci-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # TODO: this is only in the ansible template also not used in the code? delete it? # health-api-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - ssh-template-clone-url: + + # SSH for Git + # SSH can be activated by setting + + # Url Stem for cloning via ssh + ssh-template-clone-url: ssh://git@localhost:2222/ + # Url Path to access a users ssh keys ssh-keys-url-path: /-/profile/keys - ssh-private-key-folder-path: - # ssh-private-key-password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - default-branch: main # The branch that should be used as default branch for all newly created repositories. This does NOT have to be equal to the default branch of the VCS - versionControlAccessToken: true # only for Gitlab setups: a Gitlab-API token can be generated for each user and used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP + # the path to the folder in which the private ssh key file (e.g. id_rsa) is stored + # that can be used to clone git repos on the version control server + # ssh-private-key-folder-path: IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV + + # the password for the private ssh key + # ssh-private-key-password: IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV + + # The branch that should be used as default branch for all newly created repositories. + # This does NOT have to be equal to the default branch of the VCS + default-branch: main + # only for Gitlab setups: a Gitlab-API token can be generated for each user and + # used as part of the Git clone URL shown to students to allow for password-less Git operations via HTTP + versionControlAccessToken: true gitlab: # The following (optional) parameter allows to enable the use of pseudonyms. diff --git a/src/main/resources/config/application-jenkins.yml b/src/main/resources/config/application-jenkins.yml index 47171f8e7d4e..c931eb61cf22 100644 --- a/src/main/resources/config/application-jenkins.yml +++ b/src/main/resources/config/application-jenkins.yml @@ -9,7 +9,9 @@ artemis: url: http://localhost:8082 # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - empty-commit-necessary: false # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + + # Do we need an empty commit for new exercises/repositories in order for the CI to register the repo + empty-commit-necessary: false # Hash/key of the ci-token, equivalent e.g. to the ci-token in version-control # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan @@ -20,6 +22,7 @@ artemis: # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself! # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice. # secret-push-token: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + # Key of the saved credentials for the VCS service # You have to specify the key from the credentials page in Jenkins under which the user and # password for the VCS are stored @@ -31,7 +34,9 @@ artemis: # every request the CI system makes to Artemis containing a new result after a build. # The token value you use for the Server Notification Plugin and is stored under the notification-token credential above # artemis-authentication-token-value: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - build-timeout: 30 # Does cancel jenkins builds after 30 minutes to remove build that get stuck + + # Does cancel jenkins builds after 30 minutes to remove build that get stuck + build-timeout: 30 jenkins: # The following (optional) parameter allows to customize if Jenkins CSRF protection should be used (activated) within Artemis: @@ -50,8 +55,11 @@ jenkins: # different to how clients should access those services. # The client-facing URLs (e.g. for the repository clone URL, link to the build plans) # will still be constructed from the ones defined in application-artemis.yml. - internal-urls: + # internal-urls: # Override the ci url used e.g. in Gitlab as the webhook url. - ci-url: # http://jenkins:8080 + # http://jenkins:8080 + # ci-url: IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV + # Overrides the vcs url used e.g. as the Gitlab checkout url in Jenkins build plans - vcs-url: # http://gitlab:80 + # http://gitlab:80 + # vcs-url: IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-jira.yml b/src/main/resources/config/application-jira.yml index 644032f5d67b..e19845105d05 100644 --- a/src/main/resources/config/application-jira.yml +++ b/src/main/resources/config/application-jira.yml @@ -2,7 +2,7 @@ artemis: user-management: use-external: true external: - url: http://localhost:8085 + url: http://localhost:8081 # e.g. ga12abc # user: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV diff --git a/src/main/resources/config/application-ldap.yml b/src/main/resources/config/application-ldap.yml index 661f20b054f9..b35601a33949 100644 --- a/src/main/resources/config/application-ldap.yml +++ b/src/main/resources/config/application-ldap.yml @@ -5,4 +5,6 @@ artemis: user-dn: "cn=TUINI01-Artemis,ou=bindDNs,ou=iauth,dc=tum,dc=de" base: "ou=users,ou=data,ou=prod,ou=iauth,dc=tum,dc=de" # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' # example for a TUM identifier, e.g. ab12cde + + # example for a TUM identifier, e.g. ab12cde + allowed-username-pattern: '^([a-z]{2}\d{2}[a-z]{3})$' diff --git a/src/main/resources/config/application-local.yml.sample b/src/main/resources/config/application-local.yml.sample index c1eefedf3fb7..e0d903953144 100644 --- a/src/main/resources/config/application-local.yml.sample +++ b/src/main/resources/config/application-local.yml.sample @@ -11,6 +11,7 @@ # Usage: # - copy this file to application-local.yml # - uncomment the "Atlassian Stack" or "Gitlab / Jenkins Stack" IF you use these as CI/VCS +# - uncomment the "Server Config" if you use a VCS inside Docker containers # # =================================================================== @@ -32,14 +33,10 @@ artemis: # user: # e.g. ga12abc # password: # token: -# ssh-private-key-password: # continuous-integration: # user: # e.g. ga12abc # password: -# token: # Enter a valid token generated in Bamboo giving Artemis full Admin access -# # The actual value of the notification token to check against in Artemis. This is the token that gets send with -# # every request the CI system makes to Artemis containing a new result after a build. -# # The token value you use for the Server Notification Plugin +# token: # artemis-authentication-token-value: # =================================================================== # Atlassian Stack END @@ -54,12 +51,17 @@ artemis: # token: artemis-gitlab-token # generated in Gitlab Server Quickstart steps 4 and 5 # ci-token: jenkins-secret-token # pre-generated or replaced in Automated Jenkins Server step 3 # health-api-token: -# ssh-private-key-password: # continuous-integration: # user: artemis_admin # password: artemis_admin # secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3 # artemis-authentication-token-value: artemis_admin +#jenkins: +# internal-urls: +# ci-url: http://jenkins:8080 +# vcs-url: http://gitlab:80 +# TODO: is this necessary for local setups? seems so from what can be extracted from the docs +# use-crumb: false # =================================================================== # Gitlab / Jenkins Stack END # =================================================================== @@ -84,9 +86,12 @@ jhipster: registry: password: AN-ADMIN-PASSWORD-THAT-MUST-BE-CHANGED (FROM REGISTRY CONFIG) -server: - # this address is passed to the CI systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here - # other possible values: - # Artemis locally and CI inside Docker Containers: host.docker.internal:8080 - # Artemis locally and CI hosted on a Server on your network: LAN_IP_ADDRESS:8080 +# =================================================================== +# Server Config START +# =================================================================== +#server: +# # see application.yml for further comments +# url: http://host.docker.internal:8080 +# =================================================================== +# Server Config END +# =================================================================== diff --git a/src/main/resources/config/application-prod.yml b/src/main/resources/config/application-prod.yml index 8e5a1a04af6a..435a283948bc 100644 --- a/src/main/resources/config/application-prod.yml +++ b/src/main/resources/config/application-prod.yml @@ -22,8 +22,7 @@ spring: url: jdbc:mysql://localhost:3306/Artemis?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC server: - # this address is passed to the CI systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here + # see application.yml for further comments url: http://localhost compression: enabled: true @@ -39,7 +38,8 @@ server: jhipster: mail: # specific JHipster mail property, for standard properties see MailProperties from: artemis@localhost - base-url: http://my-server-url-to-change # Modify according to your server's URL + # Modify according to your server's URL + base-url: http://my-server-url-to-change # Properties to be exposed on the /info management endpoint info: @@ -49,7 +49,7 @@ info: - course_exercise_overview_tour: 'tutorial' - programming_exercise_fail_tour: 'tutorial' - programming_exercise_success_tour: 'tutorial' - test-server: false # false --> production, true --> test server, --> empty == local + test-server: false # false --> production, true --> test server, --> empty == local # Specifies whether text assessment analytics service (TextAssessmentEventResource) is enabled/disabled # default value set to false in production text-assessment-analytics-enabled: false diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index 5cb641b8d8e1..aa1a555422b3 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -49,11 +49,15 @@ management: enabled: true health: mail: - enabled: false # When using the MailService, configure an SMTP server and set this to true + # When using the MailService, configure an SMTP server and set this to true + enabled: false ldap: - enabled: false # Disabled to prevent periodic health checks that lead to null pointer exceptions if the ldap is not configured or not active + # Disabled to prevent periodic health checks that lead to null pointer exceptions + # if the ldap is not configured or not active + enabled: false config: - enabled: false # Disabled because we do not use a Spring Cloud Config Server + # Disabled because we do not use a Spring Cloud Config Server + enabled: false metrics: export: # Prometheus is the default metrics server @@ -84,7 +88,8 @@ spring: name: Artemis devtools: livereload: - enabled: false # we use Webpack dev server + BrowserSync for livereload + # we use Webpack dev server + BrowserSync for livereload + enabled: false datasource: type: com.zaxxer.hikari.HikariDataSource # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV @@ -128,7 +133,6 @@ spring: hibernate.jdbc.batch_size: 25 hibernate.order_inserts: true hibernate.order_updates: true -# hibernate.query.fail_on_pagination_over_collection_fetch: true # not appropriate in our case: https://vladmihalcea.com/hibernate-query-fail-on-pagination-over-collection-fetch/ hibernate.query.in_clause_parameter_padding: true hibernate.cache.region.factory_class: com.hazelcast.hibernate.HazelcastLocalCacheRegionFactory hibernate.cache.use_minimal_puts: true @@ -139,10 +143,12 @@ spring: main: allow-bean-definition-overriding: true lazy-initialization: false - allow-circular-references: true # TODO: we should deactivate this in the future, however currently securityConfiguration has a circular dependency to itself + # TODO: we should deactivate this in the future, however currently securityConfiguration has a circular dependency to itself + allow-circular-references: true mvc: pathmatch: - matching-strategy: ant_path_matcher # TODO: we should update all paths to support PathPatternParser, in particular ClientForwardResource + # TODO: we should update all paths to support PathPatternParser, in particular ClientForwardResource + matching-strategy: ant_path_matcher task: execution: thread-name-prefix: artemis-task- @@ -166,7 +172,8 @@ spring: enabled: always servlet: multipart: - max-file-size: 20MB # this should match the value in /webapp/app/shared/constants/input.constants.ts MAX_FILE_SIZE + # this should match the value in /webapp/app/shared/constants/input.constants.ts MAX_FILE_SIZE + max-file-size: 20MB max-request-size: 20MB lifecycle: timeout-per-shutdown-phase: 10 @@ -174,11 +181,16 @@ spring: broker: # username: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - addresses: "" # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") + + # Comma separated list of hosts and ports of the brokers (e.g. "localhost:61613,localhost:61614") + addresses: "" hazelcast: - interface: "127.0.0.1" # The interface to bind to, if non is set, all interfaces will be bound - port: 5701 # The hazelcast port that this instance runs on and where other instances are expected - localInstances: false # Whether the other instances are expected locally (in dev mode) or external + # The interface to bind to, if non is set, all interfaces will be bound + interface: "127.0.0.1" + # The hazelcast port that this instance runs on and where other instances are expected + port: 5701 + # Whether the other instances are expected locally (in dev mode) or external + localInstances: false phone: home: enabled: false @@ -205,6 +217,15 @@ springdoc: operationsSorter: method server: + # this address is passed to the CI/VCS systems for sending back notifications to Artemis + # therefore depending on where these systems are hosted you have to change the url + # possible values: + # Artemis locally and CI/VCS inside Docker containers: http://host.docker.internal:8080 + # Artemis locally and CI/VCS hosted on a Server on your network: http://LAN_IP_ADDRESS:8080 + # Artemis and CI/VCS are running locally: http://localhost:8080 + # Artemis and CI/VCS are running inside Docker containers inside the same docker network: http://artemis-app:8080 + # IF NECESSARY CHANGE THIS VALUE IN YOUR application-local.yml or ENV + # url: defaults defined in prod, dev and docker profile port: 8080 servlet: session: @@ -235,11 +256,12 @@ info: - programming_exercise_success_tour: 'tutorial' # TODO: following value missing on purpose in ansible? saw this when I moved the value here - tutor_assessment_tour: 'Patterns in Software Engineering' - contact: artemis.in@tum.de #default value, can be overridden if needed + contact: artemis@artemis.example # Comma separated list of profiles that will trigger the ribbon to show display-ribbon-on-profiles: "dev" sentry: - dsn: https://8c6b41ec2d4245e8bd3ec9541d53f625@sentry.io/1440029 # Leave empty to disable Sentry, must be a valid URI + # Leave empty to disable Sentry, must be a valid URI + dsn: https://8c6b41ec2d4245e8bd3ec9541d53f625@sentry.io/1440029 # Allowed Orion version range. Should only be changed on major version releases allowed-minimum-orion-version: 1.0.0 student-exam-store-session-data: true @@ -262,8 +284,11 @@ jhipster: # - In a separate `application-prod.yml` file, in the same folder as your executable WAR file # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable # base64-secret: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV - token-validity-in-seconds: 86400 # Token is valid 24 hours - token-validity-in-seconds-for-remember-me: 2592000 # Token is valid 30 days + + # Token is valid 24 hours + token-validity-in-seconds: 86400 + # Token is valid 30 days + token-validity-in-seconds-for-remember-me: 2592000 # By default CORS is disabled. Uncomment to enable. #cors: #allowed-origin-patterns: "*" @@ -272,8 +297,9 @@ jhipster: #exposed-headers: "Authorization,Link,X-Total-Count" #allow-credentials: true #max-age: 1800 - registry: + # registry: # password: PLEASE CHANGE THIS SECRET IN YOUR application-local.yml or ENV + logging: logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration enabled: false @@ -281,7 +307,8 @@ jhipster: port: 5000 queue-size: 512 audit-events: - retention-period: 120 # Number of days before audit events are deleted. + # Number of days before audit events are deleted. + retention-period: 120 http: cache: # Used by the CachingHttpHeadersFilter timeToLiveInDays: 1461 @@ -311,7 +338,8 @@ eureka: status-page-url-path: ${management.endpoints.web.base-path}/info health-check-url-path: ${management.endpoints.web.base-path}/health metadata-map: - zone: primary # This is needed for the load balancer + # This is needed for the load balancer + zone: primary profile: ${spring.profiles.active} version: #project.version# git-version: ${git.commit.id.describe:} From 81526ae7e1fb286b4840832022728bd7f3087108 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Sat, 10 Dec 2022 19:04:33 +0100 Subject: [PATCH 048/174] streamlined to other branch --- src/main/resources/config/application-docker.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/main/resources/config/application-docker.yml b/src/main/resources/config/application-docker.yml index cdbe2b80062f..c5e6cd30322e 100644 --- a/src/main/resources/config/application-docker.yml +++ b/src/main/resources/config/application-docker.yml @@ -12,7 +12,5 @@ spring: url: jdbc:mysql://artemis-mysql:3306/Artemis?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC server: - # this address is passed to the CI/VCS systems for sending back notifications to Artemis - # therefore depending on where these systems are hosted you have to change the url here - # localhost:8080 for Artemis in container and CI/VCS outside of containers - url: http://artemis-app:8080 # Artemis and CI/VCS are running in docker containers in the same docker network + # see application.yml for further comments + url: http://artemis-app:8080 From b520610e3d20838855c0138ee4a0a2851a3f0f03 Mon Sep 17 00:00:00 2001 From: Ludwig Pusl Date: Sat, 10 Dec 2022 20:31:50 +0100 Subject: [PATCH 049/174] changed order of profiles, envs at the end as more specific than feature profiles --- .idea/runConfigurations/Artemis__Server_.xml | 2 +- .../Artemis__Server__Athene_.xml | 2 +- .../Artemis__Server__Jenkins___Gitlab_.xml | 2 +- README.md | 2 +- docker-compose.yml | 4 ++-- docs/dev/setup.rst | 18 +++++++++--------- docs/dev/setup/bamboo-bitbucket-jira.rst.txt | 2 +- docs/dev/setup/jenkins-gitlab.rst.txt | 4 ++-- src/main/docker/app.yml | 2 +- src/main/docker/cypress/docker-compose.yml | 2 +- src/main/docker/docker-compose.yml | 2 +- .../artemis/configmaps/artemis-configmap.yml | 2 +- 12 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.idea/runConfigurations/Artemis__Server_.xml b/.idea/runConfigurations/Artemis__Server_.xml index 548f3cc95380..448cdc881322 100644 --- a/.idea/runConfigurations/Artemis__Server_.xml +++ b/.idea/runConfigurations/Artemis__Server_.xml @@ -2,7 +2,7 @@