-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add workflow to build and publish a Docker container
- Loading branch information
Showing
11 changed files
with
332 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,7 @@ | ||
# This workflow will build a Java project with Maven | ||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven | ||
|
||
name: CI Github | ||
|
||
name: Build | ||
on: | ||
push: | ||
branches: [ main ] | ||
|
@@ -11,9 +10,7 @@ on: | |
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Set up JDK 1.8 | ||
|
@@ -41,9 +38,7 @@ jobs: | |
uses: codecov/[email protected] | ||
|
||
client: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/setup-node@v2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
# yamllint disable rule:line-length | ||
--- | ||
name: Release | ||
|
||
on: | ||
push: | ||
tags: | ||
- "*" | ||
workflow_dispatch: | ||
|
||
jobs: | ||
build: | ||
permissions: | ||
packages: write | ||
contents: write | ||
runs-on: ubuntu-latest | ||
outputs: | ||
version: ${{ steps.versioncheck.outputs.version }} | ||
|
||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up JDK 1.8 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: 8 | ||
distribution: "temurin" | ||
|
||
- name: Determine the version | ||
run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT | ||
id: versioncheck | ||
|
||
- name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name | ||
run: | | ||
echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch" | ||
exit 1 | ||
if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) | ||
|
||
- name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml | ||
run: | | ||
echo echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}" | ||
exit 1 | ||
if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name | ||
|
||
- name: Set up JDK 1.8 for snapshots | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: 8 | ||
distribution: "temurin" | ||
cache: "maven" | ||
server-id: openconext-snapshots | ||
server-username: MAVEN_USERNAME | ||
server-password: MAVEN_PASSWORD | ||
if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) | ||
|
||
- name: Set up JDK 1.8 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: 8 | ||
distribution: "temurin" | ||
cache: "maven" | ||
server-id: openconext-releases | ||
server-username: MAVEN_USERNAME | ||
server-password: MAVEN_PASSWORD | ||
if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }} | ||
|
||
- name: install node | ||
uses: dcodeIO/setup-node-nvm@master | ||
with: | ||
node-version: 14 | ||
|
||
- name: Deploy with Maven | ||
run: mvn --batch-mode deploy -DskipTests | ||
env: | ||
MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }} | ||
MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }} | ||
|
||
- name: Upload the produced artefacts | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: brokerbuilds | ||
path: | | ||
client/build/ | ||
server/target/*.jar | ||
retention-days: 1 | ||
|
||
- name: Codecov | ||
uses: codecov/[email protected] | ||
|
||
- name: Create release | ||
uses: actions/create-release@v1 | ||
id: create_release | ||
with: | ||
draft: false | ||
prerelease: true | ||
release_name: Release ${{ github.ref_name }} | ||
tag_name: ${{ github.ref_name }} | ||
body: | | ||
${{ steps.changelog.outputs.changelog }} | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
if: github.event_name != 'workflow_dispatch' | ||
|
||
dockerbuild: | ||
permissions: write-all | ||
runs-on: ubuntu-latest | ||
needs: build | ||
strategy: | ||
matrix: | ||
include: | ||
- image: ghcr.io/SURFnet/student-mobility-broker/brokerclient | ||
app: client | ||
- image: ghcr.io/SURFnet/student-mobility-broker/brokerserver | ||
app: server | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Download the previous produced artefacts | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: brokerbuilds | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Set docker labels and tags | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ matrix.image }} | ||
flavor: | | ||
latest=false | ||
tags: | | ||
type=ref,event=tag | ||
type=raw,event=tag,value=latest | ||
type=raw,event=workflow_dispatch,value=snapshot | ||
type=semver,pattern={{version}},value=${{ needs.build.outputs.version }} | ||
type=sha | ||
- name: Build and push the ${{ matrix.app }} image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: ${{ matrix.app }} | ||
file: ${{ matrix.app }}/docker/Dockerfile | ||
platforms: linux/amd64 | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
FROM ghcr.io/openconext/openconext-basecontainers/apache2:latest | ||
ADD ./build/ /var/www/ | ||
RUN rm -rf /etc/apache2/sites-enabled/*.conf | ||
COPY ./docker/appconf.conf /etc/apache2/sites-enabled/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
ServerName client | ||
RewriteEngine On | ||
RewriteCond %{REQUEST_URI} !\.(js|css)(\.map)?$ | ||
RewriteCond %{REQUEST_URI} !\.svg$ | ||
RewriteCond %{REQUEST_URI} !\.png$ | ||
RewriteCond %{REQUEST_URI} !\.ico$ | ||
RewriteCond %{REQUEST_URI} !\.woff$ | ||
RewriteCond %{REQUEST_URI} !\.woff2$ | ||
RewriteCond %{REQUEST_URI} !\.ttf$ | ||
RewriteCond %{REQUEST_URI} !\.wav$ | ||
RewriteCond %{REQUEST_URI} !\.eot$ | ||
RewriteCond %{REQUEST_URI} !^/(asset-)?manifest.json$ | ||
RewriteCond %{REQUEST_URI} !^/api/ | ||
RewriteCond %{REQUEST_URI} !^/login/ | ||
RewriteCond %{REQUEST_URI} !^/oauth2/ | ||
RewriteCond %{REQUEST_URI} !^/ui/ | ||
RewriteCond %{REQUEST_URI} !^/internal/ | ||
RewriteCond %{REQUEST_URI} !^/deprovision/ | ||
RewriteCond %{REQUEST_URI} !^/fonts/ | ||
RewriteRule (.*) /index.html [L] | ||
ProxyPass /api http://brokerserver:8080/api retry=0 | ||
ProxyPassReverse /api http://brokerserver:8080/api | ||
ProxyPassMatch ^/oauth2(.*)$ http://brokerserver:8080 | ||
ProxyPassReverse /oauth2 http://brokerserver:8080/oauth2 | ||
ProxyPassMatch ^/internal(.*)$ http://brokerserver:8080 | ||
ProxyPassReverse /internal http://brokerserver:8080/internal | ||
ProxyPassMatch ^/login(.*)$ http://brokerserver:8080 | ||
ProxyPassReverse /login http://brokerserver:8080/login | ||
ProxyPassMatch ^/ui(.*)$ http://brokerserver:8080 | ||
ProxyPassReverse /ui http://brokerserver:8080/ui | ||
ProxyPass /deprovision http://brokerserver:8080/api | ||
ProxyPassReverse /deprovision http://brokerserver:8080/api | ||
|
||
DocumentRoot /var/www/ | ||
|
||
<Location "/api"> | ||
ProxyPreserveHost On | ||
</Location> | ||
<Location "/oauth2"> | ||
ProxyPreserveHost On | ||
</Location> | ||
<Location "/internal"> | ||
ProxyPreserveHost On | ||
</Location> | ||
<Location "/login"> | ||
ProxyPreserveHost On | ||
</Location> | ||
<Directory /var/www> | ||
Require all granted | ||
Options -Indexes | ||
</Directory> | ||
|
||
<FilesMatch "\.html$"> | ||
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" | ||
Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT" | ||
</FilesMatch> | ||
|
||
Header always set X-Frame-Options "DENY" | ||
Header always set Referrer-Policy "strict-origin-when-cross-origin" | ||
Header always set X-Content-Type-Options "nosniff" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
FROM eclipse-temurin:8-jdk-alpine | ||
COPY target/*.jar app.jar | ||
ENTRYPOINT ["java","-jar","/app.jar"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
logging: | ||
level: | ||
root: WARN | ||
broker: DEBUG | ||
org.springframework: WARN | ||
org.springframework.security: WARN | ||
|
||
server: | ||
port: 8091 | ||
error: | ||
path: "/error" | ||
include-message: always | ||
servlet: | ||
session: | ||
cookie: | ||
secure: false | ||
timeout: 3d | ||
|
||
spring: | ||
main: | ||
banner-mode: off | ||
jackson: | ||
default-property-inclusion: non_null | ||
session: | ||
jdbc: | ||
initialize-schema: always | ||
store-type: jdbc | ||
|
||
# If enabled there must be a database according to the datasource properties below | ||
database-session-enabled: true | ||
|
||
datasource: | ||
driver-class-name: com.mysql.cj.jdbc.Driver | ||
url: jdbc:mysql://localhost/student_mobility | ||
username: student_mobility | ||
password: secret | ||
|
||
config: | ||
# Endpoint called by catalog. For testing purposes the client can call it as well | ||
start_broker_endpoint: http://localhost:8091/api/broker | ||
# Set to False in every non-local environment | ||
local: True | ||
# Do we allow to mock the different scenario's - only allow on test | ||
allow_playground: True | ||
# Default home institution if playground is enabled | ||
play_home_institution_schacHome: "utrecht.nl" | ||
# Default guest institution if playground is enabled | ||
play_guest_institution_schacHome: "wageningen.nl" | ||
# Default offeringId if playground is enabled | ||
play_offering_id: "6259518E-EF2A-4203-83C2-757E4FEACEDD" | ||
# The basic authn to mimic the SIS that reports back results - only configure with values on test | ||
sis_user: sis | ||
sis_password: secret | ||
sis_results_endpoint: http://localhost:8092/api/play-results | ||
broker_client_url: http://localhost:3003 | ||
catalog_url: http://educhange.nl/ | ||
connection_timeout_millis: 20_000 | ||
oauth2: | ||
token_endpoint: http://localhost:8081/oidc/token | ||
client_id: student.mobility.broker.local | ||
secret: secret | ||
edu_hub: | ||
gateway_url: http://localhost:8081 | ||
user: eduhub | ||
password: secret | ||
queueit: | ||
url: "https://edubrokersurf.queue-it.net" | ||
customer_id: "edubrokersurf" | ||
redirect_uri: "http://localhost:8091/api/queue/redirect" | ||
|
||
|
||
service_registry: | ||
path: classpath:/service-registry.yml | ||
|
||
management: | ||
endpoints: | ||
enabled-by-default: false | ||
web: | ||
exposure: | ||
include: | ||
- health | ||
- info | ||
base-path: "/internal" | ||
endpoint: | ||
health: | ||
enabled: true | ||
show-details: when_authorized | ||
info: | ||
enabled: true | ||
info: | ||
git: | ||
mode: full | ||
defaults: | ||
enabled: true | ||
|
||
# used by the git plugin | ||
info: | ||
build: | ||
artifact: "@project.artifactId@" | ||
version: "@project.version@" |
Oops, something went wrong.