From f38338b0b0465275204b2b30f85ea2194abbc484 Mon Sep 17 00:00:00 2001 From: Julien Hagestedt Date: Thu, 29 Apr 2021 13:18:39 +0200 Subject: [PATCH] feat(#11): improvements --- .github/workflows/ci-main.yml | 90 ++++++++------ .github/workflows/ci-pull-request.yml | 60 +++++----- .github/workflows/ci-release-notes.yml | 31 +++-- .github/workflows/ci-release.yml | 61 ++++++++++ .github/workflows/ci-sonar-check.yml | 45 ------- .github/workflows/ci-sonar.yml | 39 +++++++ Dockerfile | 4 + .../docker-compose.yml => docker-compose.yml | 8 +- pom.xml | 110 ++++++------------ settings.xml | 17 +++ src/main/docker/Dockerfile | 17 --- src/main/resources/application.yml | 8 +- src/main/resources/logback.xml | 52 --------- src/test/resources/application.yml | 47 +------- 14 files changed, 272 insertions(+), 317 deletions(-) create mode 100644 .github/workflows/ci-release.yml delete mode 100644 .github/workflows/ci-sonar-check.yml create mode 100644 .github/workflows/ci-sonar.yml create mode 100644 Dockerfile rename src/main/docker/docker-compose.yml => docker-compose.yml (88%) create mode 100644 settings.xml delete mode 100644 src/main/docker/Dockerfile delete mode 100644 src/main/resources/logback.xml diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index d9f770b..98e2ca1 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -1,42 +1,60 @@ -name: CI Main Branch +name: ci-main on: push: branches: - - main + - main jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: actions/setup-java@v2 - with: - java-version: '11' - distribution: 'adopt' - - uses: s4u/maven-settings-action@v2.4.0 - with: - githubServer: false - servers: | - [ - { - "id": "dgc-github", - "username": "${{ secrets.GPR_USER }}", - "password": "${{ secrets.GPR_PAT }}" - }, - { - "id": "ehd-github", - "username": "${{ secrets.GPR_USER }}", - "password": "${{ secrets.GPR_PAT }}" - } - ] - - name: Build - run: mvn install - - name: Build for Docker Image - run: mvn clean install -P docker - - name: Log into registry - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin - - name: Build Docker Image - run: docker build target/docker --file target/docker/Dockerfile --tag docker.pkg.github.com/${{ github.repository }}/backend:latest - - name: Push Docker Image - run: docker push docker.pkg.github.com/${{ github.repository }}/backend:latest + - uses: actions/setup-java@v2 + with: + java-version: 11 + distribution: adopt + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + - name: version + run: >- + APP_SHA=$(git rev-parse --short ${GITHUB_SHA}); + APP_REV=$(git rev-list --tags --max-count=1); + APP_TAG=$(git describe --tags ${APP_REV} 2> /dev/null || echo 0.0.0); + APP_VERSION=${APP_TAG}-${APP_SHA}; + echo "APP_SHA=${APP_SHA}" >> ${GITHUB_ENV}; + echo "APP_TAG=${APP_TAG}" >> ${GITHUB_ENV}; + echo "APP_VERSION=${APP_VERSION}" >> ${GITHUB_ENV}; + - name: mvn + run: >- + mvn versions:set + --batch-mode + --file ./pom.xml + --settings ./settings.xml + --define newVersion="${APP_VERSION}"; + mvn clean verify + --batch-mode + --file ./pom.xml + --settings ./settings.xml + --define app.packages.username="${APP_PACKAGES_USERNAME}" + --define app.packages.password="${APP_PACKAGES_PASSWORD}"; + env: + APP_PACKAGES_USERNAME: ${{ github.actor }} + APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + - name: docker + run: >- + echo "${APP_PACKAGES_PASSWORD}" | + docker login "${APP_PACKAGES_URL}" + --username "${APP_PACKAGES_USERNAME}" + --password-stdin; + docker build . + --file ./Dockerfile + --tag "${APP_PACKAGES_URL}:${APP_VERSION}"; + docker push "${APP_PACKAGES_URL}:${APP_VERSION}"; + env: + APP_PACKAGES_URL: docker.pkg.github.com/${{ github.repository }}/container + APP_PACKAGES_USERNAME: ${{ github.actor }} + APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml index 9b887ef..7016d78 100644 --- a/.github/workflows/ci-pull-request.yml +++ b/.github/workflows/ci-pull-request.yml @@ -2,35 +2,37 @@ name: ci-pull-request on: pull_request: types: - - opened - - synchronize - - reopened + - opened + - synchronize + - reopened jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: actions/setup-java@v2 - with: - java-version: '11' - distribution: 'adopt' - - uses: s4u/maven-settings-action@v2 - with: - githubServer: false - servers: | - [ - { - "id": "dgc-github", - "username": "${{ secrets.GPR_USER }}", - "password": "${{ secrets.GPR_PAT }}" - }, - { - "id": "ehd-github", - "username": "${{ secrets.GPR_USER }}", - "password": "${{ secrets.GPR_PAT }}" - } - ] - - name: Build package - run: mvn --batch-mode package + - uses: actions/setup-java@v2 + with: + java-version: 11 + distribution: adopt + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + - name: mvn + run: >- + mvn clean package + --batch-mode + --file ./pom.xml + --settings ./settings.xml + --define app.packages.username="${APP_PACKAGES_USERNAME}" + --define app.packages.password="${APP_PACKAGES_PASSWORD}"; + env: + APP_PACKAGES_USERNAME: ${{ github.actor }} + APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + - name: docker + run: >- + docker build . + --file ./Dockerfile; diff --git a/.github/workflows/ci-release-notes.yml b/.github/workflows/ci-release-notes.yml index 2c6aa5c..b155d77 100644 --- a/.github/workflows/ci-release-notes.yml +++ b/.github/workflows/ci-release-notes.yml @@ -2,17 +2,24 @@ name: ci-release-notes on: release: types: - - created + - created jobs: - build: - runs-on: ubuntu-latest + release-notes: + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - - name: release notes - run: | - TAG=${GITHUB_REF/refs\/tags\/} - npx github-release-notes release --override --tags ${TAG} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GREN_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: version + run: >- + APP_SHA=$(git rev-parse --short ${GITHUB_SHA}); + APP_TAG=${GITHUB_REF/refs\/tags\/} + APP_VERSION=${APP_TAG}; + echo "APP_SHA=${APP_SHA}" >> ${GITHUB_ENV}; + echo "APP_TAG=${APP_TAG}" >> ${GITHUB_ENV}; + echo "APP_VERSION=${APP_VERSION}" >> ${GITHUB_ENV}; + - name: release-notes + run: npx github-release-notes release --override --tags ${APP_TAG} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GREN_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml new file mode 100644 index 0000000..d3205d0 --- /dev/null +++ b/.github/workflows/ci-release.yml @@ -0,0 +1,61 @@ +name: ci-release +on: + release: + types: + - created +jobs: + release: + runs-on: ubuntu-20.04 + steps: + - uses: actions/setup-java@v2 + with: + java-version: 11 + distribution: adopt + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + - name: version + run: >- + APP_SHA=$(git rev-parse --short ${GITHUB_SHA}); + APP_TAG=${GITHUB_REF/refs\/tags\/} + APP_VERSION=${APP_TAG}; + echo "APP_SHA=${APP_SHA}" >> ${GITHUB_ENV}; + echo "APP_TAG=${APP_TAG}" >> ${GITHUB_ENV}; + echo "APP_VERSION=${APP_VERSION}" >> ${GITHUB_ENV}; + - name: mvn + run: >- + mvn versions:set + --batch-mode + --file ./pom.xml + --settings ./settings.xml + --define newVersion="${APP_VERSION}"; + mvn clean deploy + --batch-mode + --file ./pom.xml + --settings ./settings.xml + --define app.packages.username="${APP_PACKAGES_USERNAME}" + --define app.packages.password="${APP_PACKAGES_PASSWORD}"; + env: + APP_PACKAGES_USERNAME: ${{ github.actor }} + APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + - name: docker + run: >- + echo "${APP_PACKAGES_PASSWORD}" | + docker login "${APP_PACKAGES_URL}" + --username "${APP_PACKAGES_USERNAME}" + --password-stdin; + docker build . + --file ./Dockerfile + --tag "${APP_PACKAGES_URL}:latest" + --tag "${APP_PACKAGES_URL}:${APP_VERSION}"; + docker push "${APP_PACKAGES_URL}:latest"; + docker push "${APP_PACKAGES_URL}:${APP_VERSION}"; + env: + APP_PACKAGES_URL: docker.pkg.github.com/${{ github.repository }}/container + APP_PACKAGES_USERNAME: ${{ github.actor }} + APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-sonar-check.yml b/.github/workflows/ci-sonar-check.yml deleted file mode 100644 index 49be839..0000000 --- a/.github/workflows/ci-sonar-check.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Sonar Cloud Check -on: - workflow_dispatch: - push: - branches: - - main - pull_request: - types: - - opened - - synchronize - - reopened -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout Git - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Setup Java - uses: actions/setup-java@v2 - with: - java-version: '11' - distribution: 'adopt' - - uses: s4u/maven-settings-action@v2 - with: - githubServer: false - servers: | - [ - { - "id": "dgc-github", - "username": "${{ secrets.GPR_USER }}", - "password": "${{ secrets.GPR_PAT }}" - }, - { - "id": "ehd-github", - "username": "${{ secrets.GPR_USER }}", - "password": "${{ secrets.GPR_PAT }}" - } - ] - - name: Sonar Check - run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/ci-sonar.yml b/.github/workflows/ci-sonar.yml new file mode 100644 index 0000000..b7f2f3a --- /dev/null +++ b/.github/workflows/ci-sonar.yml @@ -0,0 +1,39 @@ +name: ci-sonar +on: + push: + branches: + - main + pull_request: + types: + - opened + - synchronize + - reopened +jobs: + sonar: + runs-on: ubuntu-20.04 + steps: + - uses: actions/setup-java@v2 + with: + java-version: 11 + distribution: adopt + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/cache@v2 + with: + path: | + ~/.m2/repository + key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + - name: mvn + run: >- + mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + --batch-mode + --file ./pom.xml + --settings ./settings.xml + --define app.packages.username="${APP_PACKAGES_USERNAME}" + --define app.packages.password="${APP_PACKAGES_PASSWORD}"; + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + APP_PACKAGES_USERNAME: ${{ github.actor }} + APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..03de66b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM adoptopenjdk:11-jre-hotspot +COPY ./target/*.jar /app/app.jar +WORKDIR /app +ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar ./app.jar" ] diff --git a/src/main/docker/docker-compose.yml b/docker-compose.yml similarity index 88% rename from src/main/docker/docker-compose.yml rename to docker-compose.yml index 0755b6f..f2103ed 100644 --- a/src/main/docker/docker-compose.yml +++ b/docker-compose.yml @@ -17,7 +17,7 @@ services: backend: build: . image: eu-digital-green-certificates/dgc-issuance-service - container_name: dgc-gateway-backend + container_name: dgc-issuance-service volumes: - ./certs:/ec/prod/app/san/dgc ports: @@ -25,16 +25,16 @@ services: environment: - SERVER_PORT=8080 - SPRING_PROFILES_ACTIVE=mysql - - SPRING_DATASOURCE_URL=jdbc:mysql://dgc-issuance-service-mysql:3306/fg + - SPRING_DATASOURCE_URL=jdbc:mysql://dgc-issuance-service-mysql:3306/dgc - SPRING_DATASOURCE_USERNAME=dgc_adm - SPRING_DATASOURCE_PASSWORD=admin - - efgs_dbencryption_password=aaaaaaaaaaaaaaaa depends_on: - mysql networks: backend: persistence: + restart: unless-stopped networks: - persistence: backend: + persistence: diff --git a/pom.xml b/pom.xml index 582da87..043b476 100644 --- a/pom.xml +++ b/pom.xml @@ -6,8 +6,8 @@ eu.europa.ec.dgc dgca-issuance-service - 1.0.0-SNAPSHOT - ${packaging.format} + latest + jar dgca-issuance-service European Digital Green Certificate Issuance Service project. @@ -15,19 +15,7 @@ T-Systems International GmbH - - - dgc-github - https://maven.pkg.github.com/${github.organization}/* - - - ehd-github - https://maven.pkg.github.com/ehn-digital-green-development/* - - - - jar 11 11 @@ -91,53 +79,23 @@ https://github.com/eu-digital-green-certificates/dgca-issuance-service - - - docker - - docker - jar - - - - - org.springframework.boot - spring-boot-maven-plugin - - ${project.build.directory}/docker - exec - - - - org.apache.maven.plugins - maven-resources-plugin - - - copy-dockerfile - validate - - copy-resources - - - ${project.build.directory}/docker - - - ${project.basedir}/src/main/docker - true - - - - ${*} - @ - - - - - - - - - + + + dgc-github + https://maven.pkg.github.com/${github.organization}/* + + + ehd-github + https://maven.pkg.github.com/ehn-digital-green-development/* + + + + + + github + https://maven.pkg.github.com/${github.organization}/${github.project} + + @@ -178,18 +136,11 @@ - - - github - https://maven.pkg.github.com/${github.organization}/${github.project} - - - eu.europa.ec.dgc dgc-lib - ${project.version} + 1.0.0-SNAPSHOT mysql @@ -303,10 +254,22 @@ + + org.springframework.boot + spring-boot-maven-plugin + ${spring.boot.version} + org.apache.maven.plugins maven-checkstyle-plugin ${plugin.checkstyle.version} + + + com.puppycrawl.tools + checkstyle + 8.41.1 + + org.sonarsource.scanner.maven @@ -352,7 +315,7 @@ - validate + check validate check @@ -367,7 +330,6 @@ org.springframework.boot spring-boot-maven-plugin - ${spring.boot.version} @@ -381,8 +343,8 @@ org.apache.maven.plugins maven-checkstyle-plugin - codestyle/checkstyle.xml - target/**/* + ./codestyle/checkstyle.xml + ./target/**/* UTF-8 true true @@ -449,8 +411,6 @@ true - - diff --git a/settings.xml b/settings.xml new file mode 100644 index 0000000..e7f2156 --- /dev/null +++ b/settings.xml @@ -0,0 +1,17 @@ + + + false + + + dgc-github + ${app.packages.username} + ${app.packages.password} + + + ehd-github + ${app.packages.username} + ${app.packages.password} + + + diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile deleted file mode 100644 index a796dc1..0000000 --- a/src/main/docker/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM adoptopenjdk:11-jre-hotspot - -# Metadata -LABEL module.name="${project.artifactId}" \ - module.version="${project.version}" - -COPY [ "${project.artifactId}-${project.version}-exec.jar", "/app.jar" ] - -RUN sh -c 'touch /app.jar' - -VOLUME [ "/tmp" ] - -ENV JAVA_OPTS="$JAVA_OPTS -Xms256M -Xmx1G" - -EXPOSE 8080 - -ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /app.jar" ] diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ab3d782..f1e631b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,9 +1,9 @@ server: - port: 8090 + port: 8080 spring: profiles: group: - "dev": "h2" + dev: h2 application: name: eu-digital-green-certificates-issuence datasource: @@ -19,11 +19,11 @@ management: endpoints: web: exposure: - exclude: "*" + exclude: '*' server: port: -1 issuance: - dgciPrefix: "dgci:V1:DE" + dgciPrefix: dgci:V1:DE dgc: trustAnchor: keyStorePath: /ec/prod/app/san/dgc/dgc-ta.jks diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml deleted file mode 100644 index 0ce18a5..0000000 --- a/src/main/resources/logback.xml +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - - DEBUG - - - - timestamp="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}", level="%level", hostname="${HOSTNAME}", - pid="${PID:-}", thread="%thread", class="%logger{40}", message="%replace(%replace(%m){'[\r\n]+', ', - '}){'"', '\''}", trace="%X{traceId}", span="%X{spanId}", %X%n - - utf8 - - - - - ${catalina.base:-.}/logs/dgcg.log - - ${catalina.base:-.}/logs/dgcg-%d{yyyy-MM-dd}.log - 90 - - true - true - - - timestamp="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}", level="%level", hostname="${HOSTNAME}", - pid="${PID:-}", thread="%thread", class="%logger{40}", message="%replace(%replace(%m){'[\r\n]+', ', - '}){'"', '\''}", exception="%replace(%ex){'[\r\n]+', ', '}", trace="%X{traceId}", span="%X{spanId}", - %X%n%nopex - - utf8 - - - - - - - - - - - - - - - - diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index f545d40..0aa41a3 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -1,13 +1,13 @@ server: - port: ${SERVER_PORT:8090} + port: ${SERVER_PORT:8080} spring: profiles: active: - - test + - test include: - - dev + - dev application: - name: eu-interop-federation-gateway + name: eu-digital-green-certificates-issuence liquibase: enabled: true change-log: classpath:db/changelog.xml @@ -18,42 +18,3 @@ springdoc: path: /api/docs swagger-ui: path: /swagger -efgs: - dbencryption: - initVector: Ho^RDYDuGt0Ki`\x - password: G&B3zSk|fNE!.Pa9+Xv2kUYRx2zp|@=| - trustAnchor: - keyStorePath: keystore/efgs-ta.jks - keyStorePass: 3fgs-p4ssw0rd - certificateAlias: efgs_trust_anchor - callback: - locklimit: 1800000 - keyStorePath: keystore/efgs-cb-client.jks - keyStorePass: 3fgs-p4ssw0rd - keyStorePrivateKeyAlias: efgs_callback_key - keyStoreCertificateAlias: efgs_callback_cert - execute-interval: 300000 - task-lock-timeout: 300 - proxy-host: ${https.proxyHost:} - proxy-port: ${https.proxyPort:-1} - proxy-user: ${https.proxyUser:} - proxy-password: ${https.proxyPassword:} - timeout: 10000 - core-thread-pool-size: 0 - max-retries: 5 - retry-wait: 300 - content-negotiation: - protobuf-version: 1.0 - json-version: 1.0 - upload-settings: - maximum-upload-batch-size: 5000 - download-settings: - locklimit: 1800000 - max-age-in-days: 14 - cert-auth: - header-fields: - thumbprint: X-SSL-Client-SHA256 - distinguished-name: X-SSL-Client-DN - batching: - timeinterval: 300000 - doclimit: 5000