diff --git a/.github/workflows/maven.yml b/.github/workflows/build.yml
similarity index 98%
rename from .github/workflows/maven.yml
rename to .github/workflows/build.yml
index 32cd4a4..c32758d 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/build.yml
@@ -1,8 +1,7 @@
# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
-name: CI Github
-
+name: Build
on:
push:
branches: [ main ]
@@ -11,9 +10,7 @@ on:
jobs:
build:
-
runs-on: ubuntu-latest
-
steps:
- uses: actions/checkout@v3
- name: Set up JDK 1.8
@@ -41,9 +38,7 @@ jobs:
uses: codecov/codecov-action@v1.3.1
client:
-
runs-on: ubuntu-latest
-
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..dca1219
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,156 @@
+# yamllint disable rule:line-length
+---
+name: Release
+
+on:
+ push:
+ tags:
+ - "*"
+ workflow_dispatch:
+
+jobs:
+ build:
+ permissions:
+ packages: write
+ contents: write
+ runs-on: ubuntu-latest
+ outputs:
+ version: ${{ steps.versioncheck.outputs.version }}
+
+ steps:
+ - name: Check out code
+ uses: actions/checkout@v4
+
+ - name: Set up JDK 1.8
+ uses: actions/setup-java@v4
+ with:
+ java-version: 8
+ distribution: "temurin"
+
+ - name: Determine the version
+ run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
+ id: versioncheck
+
+ - name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name
+ run: |
+ echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch"
+ exit 1
+ if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))
+
+ - name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml
+ run: |
+ echo echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}"
+ exit 1
+ if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name
+
+ - name: Set up JDK 1.8 for snapshots
+ uses: actions/setup-java@v4
+ with:
+ java-version: 8
+ distribution: "temurin"
+ cache: "maven"
+ server-id: openconext-snapshots
+ server-username: MAVEN_USERNAME
+ server-password: MAVEN_PASSWORD
+ if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))
+
+ - name: Set up JDK 1.8
+ uses: actions/setup-java@v4
+ with:
+ java-version: 8
+ distribution: "temurin"
+ cache: "maven"
+ server-id: openconext-releases
+ server-username: MAVEN_USERNAME
+ server-password: MAVEN_PASSWORD
+ if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }}
+
+ - name: install node
+ uses: dcodeIO/setup-node-nvm@master
+ with:
+ node-version: 14
+
+ - name: Deploy with Maven
+ run: mvn --batch-mode deploy -DskipTests
+ env:
+ MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }}
+ MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }}
+
+ - name: Upload the produced artefacts
+ uses: actions/upload-artifact@v4
+ with:
+ name: brokerbuilds
+ path: |
+ client/public/
+ server/target/*.jar
+ retention-days: 1
+
+ - name: Codecov
+ uses: codecov/codecov-action@v3.1.1
+
+ - name: Create release
+ uses: actions/create-release@v1
+ id: create_release
+ with:
+ draft: false
+ prerelease: true
+ release_name: Release ${{ github.ref_name }}
+ tag_name: ${{ github.ref_name }}
+ body: |
+ ${{ steps.changelog.outputs.changelog }}
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
+ if: github.event_name != 'workflow_dispatch'
+
+ dockerbuild:
+ permissions: write-all
+ runs-on: ubuntu-latest
+ needs: build
+ strategy:
+ matrix:
+ include:
+ - image: ghcr.io/SURFnet/student-mobility-broker/brokerclient
+ app: client
+ - image: ghcr.io/SURFnet/student-mobility-broker/brokerserver
+ app: server
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Download the previous produced artefacts
+ uses: actions/download-artifact@v4
+ with:
+ name: brokerbuilds
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@v3
+ with:
+ registry: ghcr.io
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Set docker labels and tags
+ id: meta
+ uses: docker/metadata-action@v5
+ with:
+ images: ${{ matrix.image }}
+ flavor: |
+ latest=false
+ tags: |
+ type=ref,event=tag
+ type=raw,event=tag,value=latest
+ type=raw,event=workflow_dispatch,value=snapshot
+ type=semver,pattern={{version}},value=${{ needs.build.outputs.version }}
+ type=sha
+
+ - name: Build and push the ${{ matrix.app }} image
+ uses: docker/build-push-action@v5
+ with:
+ context: ${{ matrix.app }}
+ file: ${{ matrix.app }}/docker/Dockerfile
+ platforms: linux/amd64
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
diff --git a/README.md b/README.md
index bfa764f..eb8f7f9 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
# student-mobility-broker
-[](https://github.com/SURFnet/student-mobility-broker/actions/workflows/maven.yml/badge.svg)
+[](https://github.com/SURFnet/student-mobility-broker/actions/workflows/build.yml)
[](https://codecov.io/gh/SURFnet/student-mobility-broker)
Broker for educational cross-institution registrations.
diff --git a/client/docker/Dockerfile b/client/docker/Dockerfile
new file mode 100644
index 0000000..7905a24
--- /dev/null
+++ b/client/docker/Dockerfile
@@ -0,0 +1,4 @@
+FROM ghcr.io/openconext/openconext-basecontainers/apache2:latest
+ADD ./public/ /var/www/
+RUN rm -rf /etc/apache2/sites-enabled/*.conf
+COPY ./docker/appconf.conf /etc/apache2/sites-enabled/
diff --git a/client/docker/appconf.conf b/client/docker/appconf.conf
new file mode 100644
index 0000000..22ce62a
--- /dev/null
+++ b/client/docker/appconf.conf
@@ -0,0 +1,60 @@
+ServerName client
+RewriteEngine On
+RewriteCond %{REQUEST_URI} !\.(js|css)(\.map)?$
+RewriteCond %{REQUEST_URI} !\.svg$
+RewriteCond %{REQUEST_URI} !\.png$
+RewriteCond %{REQUEST_URI} !\.ico$
+RewriteCond %{REQUEST_URI} !\.woff$
+RewriteCond %{REQUEST_URI} !\.woff2$
+RewriteCond %{REQUEST_URI} !\.ttf$
+RewriteCond %{REQUEST_URI} !\.wav$
+RewriteCond %{REQUEST_URI} !\.eot$
+RewriteCond %{REQUEST_URI} !^/(asset-)?manifest.json$
+RewriteCond %{REQUEST_URI} !^/api/
+RewriteCond %{REQUEST_URI} !^/login/
+RewriteCond %{REQUEST_URI} !^/oauth2/
+RewriteCond %{REQUEST_URI} !^/ui/
+RewriteCond %{REQUEST_URI} !^/internal/
+RewriteCond %{REQUEST_URI} !^/deprovision/
+RewriteCond %{REQUEST_URI} !^/fonts/
+RewriteRule (.*) /index.html [L]
+ProxyPass /api http://brokerserver:8080/api retry=0
+ProxyPassReverse /api http://brokerserver:8080/api
+ProxyPassMatch ^/oauth2(.*)$ http://brokerserver:8080
+ProxyPassReverse /oauth2 http://brokerserver:8080/oauth2
+ProxyPassMatch ^/internal(.*)$ http://brokerserver:8080
+ProxyPassReverse /internal http://brokerserver:8080/internal
+ProxyPassMatch ^/login(.*)$ http://brokerserver:8080
+ProxyPassReverse /login http://brokerserver:8080/login
+ProxyPassMatch ^/ui(.*)$ http://brokerserver:8080
+ProxyPassReverse /ui http://brokerserver:8080/ui
+ProxyPass /deprovision http://brokerserver:8080/api
+ProxyPassReverse /deprovision http://brokerserver:8080/api
+
+DocumentRoot /var/www/
+
+
+ ProxyPreserveHost On
+
+
+ ProxyPreserveHost On
+
+
+ ProxyPreserveHost On
+
+
+ ProxyPreserveHost On
+
+
+ Require all granted
+ Options -Indexes
+
+
+
+Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
+Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT"
+
+
+Header always set X-Frame-Options "DENY"
+Header always set Referrer-Policy "strict-origin-when-cross-origin"
+Header always set X-Content-Type-Options "nosniff"
diff --git a/client/pom.xml b/client/pom.xml
index 096b743..6274b93 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -5,7 +5,7 @@
org.surfnet
student-mobility-broker
- 0.2.11
+ 0.2.12
../pom.xml
diff --git a/client/yarn.lock b/client/yarn.lock
index d12ac8e..97eff10 100644
--- a/client/yarn.lock
+++ b/client/yarn.lock
@@ -2204,9 +2204,9 @@ camelcase@^5.0.0, camelcase@^5.3.1:
integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
caniuse-lite@^1.0.30001400:
- version "1.0.30001436"
- resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001436.tgz#22d7cbdbbbb60cdc4ca1030ccd6dea9f5de4848b"
- integrity sha512-ZmWkKsnC2ifEPoWUvSAIGyOYwT+keAaaWPHiQ9DfMqS1t6tfuyFYoWR78TeZtznkEQ64+vGXH9cZrElwR2Mrxg==
+ version "1.0.30001599"
+ resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001599.tgz"
+ integrity sha512-LRAQHZ4yT1+f9LemSMeqdMpMxZcc4RMWdj4tiFe3G8tNkWK+E58g+/tzotb5cU6TbcVJLr4fySiAW7XmxQvZQA==
capture-exit@^2.0.0:
version "2.0.0"
diff --git a/pom.xml b/pom.xml
index 1602f6a..1e2c57a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.surfnet
student-mobility-broker
- 0.2.11
+ 0.2.12
student-mobility-broker
student-mobility-broker-app
pom
diff --git a/server/docker/Dockerfile b/server/docker/Dockerfile
new file mode 100644
index 0000000..dbc8a5b
--- /dev/null
+++ b/server/docker/Dockerfile
@@ -0,0 +1,3 @@
+FROM eclipse-temurin:8-jdk-alpine
+COPY target/*.jar app.jar
+ENTRYPOINT ["java","-jar","/app.jar"]
diff --git a/server/docker/application.yml b/server/docker/application.yml
new file mode 100644
index 0000000..9439c7c
--- /dev/null
+++ b/server/docker/application.yml
@@ -0,0 +1,100 @@
+logging:
+ level:
+ root: WARN
+ broker: DEBUG
+ org.springframework: WARN
+ org.springframework.security: WARN
+
+server:
+ port: 8091
+ error:
+ path: "/error"
+ include-message: always
+ servlet:
+ session:
+ cookie:
+ secure: false
+ timeout: 3d
+
+spring:
+ main:
+ banner-mode: off
+ jackson:
+ default-property-inclusion: non_null
+ session:
+ jdbc:
+ initialize-schema: always
+ store-type: jdbc
+
+# If enabled there must be a database according to the datasource properties below
+database-session-enabled: true
+
+datasource:
+ driver-class-name: com.mysql.cj.jdbc.Driver
+ url: jdbc:mysql://localhost/student_mobility
+ username: student_mobility
+ password: secret
+
+config:
+ # Endpoint called by catalog. For testing purposes the client can call it as well
+ start_broker_endpoint: http://localhost:8091/api/broker
+ # Set to False in every non-local environment
+ local: True
+ # Do we allow to mock the different scenario's - only allow on test
+ allow_playground: True
+ # Default home institution if playground is enabled
+ play_home_institution_schacHome: "utrecht.nl"
+ # Default guest institution if playground is enabled
+ play_guest_institution_schacHome: "wageningen.nl"
+ # Default offeringId if playground is enabled
+ play_offering_id: "6259518E-EF2A-4203-83C2-757E4FEACEDD"
+ # The basic authn to mimic the SIS that reports back results - only configure with values on test
+ sis_user: sis
+ sis_password: secret
+ sis_results_endpoint: http://localhost:8092/api/play-results
+ broker_client_url: http://localhost:3003
+ catalog_url: http://educhange.nl/
+ connection_timeout_millis: 20_000
+ oauth2:
+ token_endpoint: http://localhost:8081/oidc/token
+ client_id: student.mobility.broker.local
+ secret: secret
+ edu_hub:
+ gateway_url: http://localhost:8081
+ user: eduhub
+ password: secret
+ queueit:
+ url: "https://edubrokersurf.queue-it.net"
+ customer_id: "edubrokersurf"
+ redirect_uri: "http://localhost:8091/api/queue/redirect"
+
+
+service_registry:
+ path: classpath:/service-registry.yml
+
+management:
+ endpoints:
+ enabled-by-default: false
+ web:
+ exposure:
+ include:
+ - health
+ - info
+ base-path: "/internal"
+ endpoint:
+ health:
+ enabled: true
+ show-details: when_authorized
+ info:
+ enabled: true
+ info:
+ git:
+ mode: full
+ defaults:
+ enabled: true
+
+# used by the git plugin
+info:
+ build:
+ artifact: "@project.artifactId@"
+ version: "@project.version@"
diff --git a/server/pom.xml b/server/pom.xml
index e1e90b2..97ea08e 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -6,7 +6,7 @@
org.surfnet
student-mobility-broker
- 0.2.11
+ 0.2.12
../pom.xml