Skip to content

Commit

Permalink
Add workflow to build and publish a Docker container
Browse files Browse the repository at this point in the history
  • Loading branch information
phavekes committed Mar 21, 2024
1 parent 41e3527 commit c591420
Show file tree
Hide file tree
Showing 11 changed files with 332 additions and 13 deletions.
7 changes: 1 addition & 6 deletions .github/workflows/maven.yml → .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: CI Github

name: Build
on:
push:
branches: [ main ]
Expand All @@ -11,9 +10,7 @@ on:

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: Set up JDK 1.8
Expand Down Expand Up @@ -41,9 +38,7 @@ jobs:
uses: codecov/[email protected]

client:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
Expand Down
156 changes: 156 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
# yamllint disable rule:line-length
---
name: Release

on:
push:
tags:
- "*"
workflow_dispatch:

jobs:
build:
permissions:
packages: write
contents: write
runs-on: ubuntu-latest
outputs:
version: ${{ steps.versioncheck.outputs.version }}

steps:
- name: Check out code
uses: actions/checkout@v4

- name: Set up JDK 1.8
uses: actions/setup-java@v4
with:
java-version: 8
distribution: "temurin"

- name: Determine the version
run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
id: versioncheck

- name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name
run: |
echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch"
exit 1
if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))

- name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml
run: |
echo echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}"
exit 1
if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name

- name: Set up JDK 1.8 for snapshots
uses: actions/setup-java@v4
with:
java-version: 8
distribution: "temurin"
cache: "maven"
server-id: openconext-snapshots
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))

- name: Set up JDK 1.8
uses: actions/setup-java@v4
with:
java-version: 8
distribution: "temurin"
cache: "maven"
server-id: openconext-releases
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }}

- name: install node
uses: dcodeIO/setup-node-nvm@master
with:
node-version: 14

- name: Deploy with Maven
run: mvn --batch-mode deploy -DskipTests
env:
MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }}

- name: Upload the produced artefacts
uses: actions/upload-artifact@v4
with:
name: brokerbuilds
path: |
client/build/
server/target/*.jar
retention-days: 1

- name: Codecov
uses: codecov/[email protected]

- name: Create release
uses: actions/create-release@v1
id: create_release
with:
draft: false
prerelease: true
release_name: Release ${{ github.ref_name }}
tag_name: ${{ github.ref_name }}
body: |
${{ steps.changelog.outputs.changelog }}
env:
GITHUB_TOKEN: ${{ github.token }}
if: github.event_name != 'workflow_dispatch'

dockerbuild:
permissions: write-all
runs-on: ubuntu-latest
needs: build
strategy:
matrix:
include:
- image: ghcr.io/SURFnet/student-mobility-broker/brokerclient
app: client
- image: ghcr.io/SURFnet/student-mobility-broker/brokerserver
app: server
steps:
- uses: actions/checkout@v4

- name: Download the previous produced artefacts
uses: actions/download-artifact@v4
with:
name: brokerbuilds

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set docker labels and tags
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ matrix.image }}
flavor: |
latest=false
tags: |
type=ref,event=tag
type=raw,event=tag,value=latest
type=raw,event=workflow_dispatch,value=snapshot
type=semver,pattern={{version}},value=${{ needs.build.outputs.version }}
type=sha
- name: Build and push the ${{ matrix.app }} image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.app }}
file: ${{ matrix.app }}/docker/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# student-mobility-broker
[![Build Status](https://github.com/SURFnet/student-mobility-broker/actions/workflows/maven.yml/badge.svg)](https://github.com/SURFnet/student-mobility-broker/actions/workflows/maven.yml/badge.svg)
[![Build](https://github.com/SURFnet/student-mobility-broker/actions/workflows/build.yml/badge.svg)](https://github.com/SURFnet/student-mobility-broker/actions/workflows/build.yml)
[![codecov](https://codecov.io/gh/SURFnet/student-mobility-broker/branch/master/graph/badge.svg)](https://codecov.io/gh/SURFnet/student-mobility-broker)

Broker for educational cross-institution registrations.
Expand Down
5 changes: 5 additions & 0 deletions client/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
FROM ghcr.io/openconext/openconext-basecontainers/apache2:latest
ADD ./build/ /var/www/
RUN rm -rf /etc/apache2/sites-enabled/*.conf
COPY ./docker/appconf.conf /etc/apache2/sites-enabled/

60 changes: 60 additions & 0 deletions client/docker/appconf.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
ServerName client
RewriteEngine On
RewriteCond %{REQUEST_URI} !\.(js|css)(\.map)?$
RewriteCond %{REQUEST_URI} !\.svg$
RewriteCond %{REQUEST_URI} !\.png$
RewriteCond %{REQUEST_URI} !\.ico$
RewriteCond %{REQUEST_URI} !\.woff$
RewriteCond %{REQUEST_URI} !\.woff2$
RewriteCond %{REQUEST_URI} !\.ttf$
RewriteCond %{REQUEST_URI} !\.wav$
RewriteCond %{REQUEST_URI} !\.eot$
RewriteCond %{REQUEST_URI} !^/(asset-)?manifest.json$
RewriteCond %{REQUEST_URI} !^/api/
RewriteCond %{REQUEST_URI} !^/login/
RewriteCond %{REQUEST_URI} !^/oauth2/
RewriteCond %{REQUEST_URI} !^/ui/
RewriteCond %{REQUEST_URI} !^/internal/
RewriteCond %{REQUEST_URI} !^/deprovision/
RewriteCond %{REQUEST_URI} !^/fonts/
RewriteRule (.*) /index.html [L]
ProxyPass /api http://brokerserver:8080/api retry=0
ProxyPassReverse /api http://brokerserver:8080/api
ProxyPassMatch ^/oauth2(.*)$ http://brokerserver:8080
ProxyPassReverse /oauth2 http://brokerserver:8080/oauth2
ProxyPassMatch ^/internal(.*)$ http://brokerserver:8080
ProxyPassReverse /internal http://brokerserver:8080/internal
ProxyPassMatch ^/login(.*)$ http://brokerserver:8080
ProxyPassReverse /login http://brokerserver:8080/login
ProxyPassMatch ^/ui(.*)$ http://brokerserver:8080
ProxyPassReverse /ui http://brokerserver:8080/ui
ProxyPass /deprovision http://brokerserver:8080/api
ProxyPassReverse /deprovision http://brokerserver:8080/api

DocumentRoot /var/www/

<Location "/api">
ProxyPreserveHost On
</Location>
<Location "/oauth2">
ProxyPreserveHost On
</Location>
<Location "/internal">
ProxyPreserveHost On
</Location>
<Location "/login">
ProxyPreserveHost On
</Location>
<Directory /var/www>
Require all granted
Options -Indexes
</Directory>

<FilesMatch "\.html$">
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT"
</FilesMatch>

Header always set X-Frame-Options "DENY"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Content-Type-Options "nosniff"
2 changes: 1 addition & 1 deletion client/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.surfnet</groupId>
<artifactId>student-mobility-broker</artifactId>
<version>0.2.11</version>
<version>0.2.12</version>
<relativePath>../pom.xml</relativePath>
</parent>

Expand Down
6 changes: 3 additions & 3 deletions client/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2204,9 +2204,9 @@ camelcase@^5.0.0, camelcase@^5.3.1:
integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==

caniuse-lite@^1.0.30001400:
version "1.0.30001436"
resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001436.tgz#22d7cbdbbbb60cdc4ca1030ccd6dea9f5de4848b"
integrity sha512-ZmWkKsnC2ifEPoWUvSAIGyOYwT+keAaaWPHiQ9DfMqS1t6tfuyFYoWR78TeZtznkEQ64+vGXH9cZrElwR2Mrxg==
version "1.0.30001599"
resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001599.tgz"
integrity sha512-LRAQHZ4yT1+f9LemSMeqdMpMxZcc4RMWdj4tiFe3G8tNkWK+E58g+/tzotb5cU6TbcVJLr4fySiAW7XmxQvZQA==

capture-exit@^2.0.0:
version "2.0.0"
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

<groupId>org.surfnet</groupId>
<artifactId>student-mobility-broker</artifactId>
<version>0.2.11</version>
<version>0.2.12</version>
<name>student-mobility-broker</name>
<description>student-mobility-broker-app</description>
<packaging>pom</packaging>
Expand Down
3 changes: 3 additions & 0 deletions server/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
FROM eclipse-temurin:8-jdk-alpine
COPY target/*.jar app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
100 changes: 100 additions & 0 deletions server/docker/application.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
logging:
level:
root: WARN
broker: DEBUG
org.springframework: WARN
org.springframework.security: WARN

server:
port: 8091
error:
path: "/error"
include-message: always
servlet:
session:
cookie:
secure: false
timeout: 3d

spring:
main:
banner-mode: off
jackson:
default-property-inclusion: non_null
session:
jdbc:
initialize-schema: always
store-type: jdbc

# If enabled there must be a database according to the datasource properties below
database-session-enabled: true

datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost/student_mobility
username: student_mobility
password: secret

config:
# Endpoint called by catalog. For testing purposes the client can call it as well
start_broker_endpoint: http://localhost:8091/api/broker
# Set to False in every non-local environment
local: True
# Do we allow to mock the different scenario's - only allow on test
allow_playground: True
# Default home institution if playground is enabled
play_home_institution_schacHome: "utrecht.nl"
# Default guest institution if playground is enabled
play_guest_institution_schacHome: "wageningen.nl"
# Default offeringId if playground is enabled
play_offering_id: "6259518E-EF2A-4203-83C2-757E4FEACEDD"
# The basic authn to mimic the SIS that reports back results - only configure with values on test
sis_user: sis
sis_password: secret
sis_results_endpoint: http://localhost:8092/api/play-results
broker_client_url: http://localhost:3003
catalog_url: http://educhange.nl/
connection_timeout_millis: 20_000
oauth2:
token_endpoint: http://localhost:8081/oidc/token
client_id: student.mobility.broker.local
secret: secret
edu_hub:
gateway_url: http://localhost:8081
user: eduhub
password: secret
queueit:
url: "https://edubrokersurf.queue-it.net"
customer_id: "edubrokersurf"
redirect_uri: "http://localhost:8091/api/queue/redirect"


service_registry:
path: classpath:/service-registry.yml

management:
endpoints:
enabled-by-default: false
web:
exposure:
include:
- health
- info
base-path: "/internal"
endpoint:
health:
enabled: true
show-details: when_authorized
info:
enabled: true
info:
git:
mode: full
defaults:
enabled: true

# used by the git plugin
info:
build:
artifact: "@project.artifactId@"
version: "@project.version@"
Loading

0 comments on commit c591420

Please sign in to comment.