Merge branch 'master' into dependabot/maven/org.webjars-swagger-ui-5.…

…10.3

.github/workflows/build.yml

@@ -41,7 +41,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK ${{ matrix.java }}
-      uses: actions/setup-java@v3.13.0
+      uses: actions/setup-java@v4.0.0
       with:
         distribution: 'zulu'
         java-version: ${{ matrix.java }}
@@ -69,7 +69,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK
-      uses: actions/setup-java@v3.13.0
+      uses: actions/setup-java@v4.0.0
       with:
         distribution: 'zulu'
         java-version: ${{ matrix.java }}
@@ -93,7 +93,7 @@ jobs:
       continue-on-error: true
     - name: Upload Build (JDK 11 only)
       if: matrix.java == 11
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: spinnaker-exe.jar
         path: SpiNNaker-front-end/target/spinnaker-exe.jar
@@ -114,7 +114,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK ${{ matrix.java }}
-      uses: actions/setup-java@v3.13.0
+      uses: actions/setup-java@v4.0.0
       with:
         distribution: 'zulu'
         java-version: ${{ matrix.java }}
@@ -135,7 +135,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK 11
-      uses: actions/setup-java@v3.13.0
+      uses: actions/setup-java@v4.0.0
       with:
         distribution: 'zulu'
         java-version: 11

.github/workflows/codeql-analysis.yml

@@ -45,6 +45,10 @@ env:
 
 jobs:
   analyze:
+    permissions:
+      actions: read
+      contents: write
+      security-events: write
     name: Analyze
     runs-on: ubuntu-latest
     timeout-minutes: 15
@@ -70,7 +74,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -79,7 +83,7 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     # Set up right Java version: https://github.com/github/codeql-action/issues/825
-    - uses: actions/setup-java@v3.13.0
+    - uses: actions/setup-java@v4.0.0
       with:
         java-version: ${{ matrix.version }}
         distribution: zulu
@@ -93,7 +97,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -107,4 +111,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/publish.yml

@@ -29,6 +29,8 @@ env:
 
 jobs:
   build:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     timeout-minutes: 10
     strategy:
@@ -46,7 +48,7 @@ jobs:
           key: ${{ runner.os }}-node-${{ hashFiles('SpiNNaker-allocserv/pom.xml') }}
           restore-keys: ${{ runner.os }}-node-
       - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v3.13.0
+        uses: actions/setup-java@v4.0.0
         with:
           distribution: 'zulu'
           java-version: ${{ matrix.java }}
@@ -70,7 +72,7 @@ jobs:
           touch $SITE_DIR/.nojekyll
 
       - name: Deploy to GitHub Pages
-        uses: JamesIves/github-pages-deploy-action@v4.4.3
+        uses: JamesIves/github-pages-deploy-action@v4.5.0
         with:
           branch: gh-pages
           folder: ${{ env.SITE_DIR }}

SpiNNaker-allocserv/pom.xml

@@ -81,9 +81,9 @@ limitations under the License.
 						<id>make-project-output-directory</id>
 						<phase>initialize</phase>
 						<configuration>
-							<tasks>
+							<target>
 								<mkdir dir="${project.build.directory}/generated-resources"/>
-							</tasks>
+							</target>
 						</configuration>
 						<goals>
 							<goal>run</goal>
@@ -507,6 +507,11 @@ limitations under the License.
 			<artifactId>testcontainers</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<description>A board allocation service for SpiNNaker.</description>

SpiNNaker-allocserv/src/main/java/uk/ac/manchester/spinnaker/alloc/allocator/AllocatorTask.java

@@ -651,6 +651,10 @@ private Allocations allocate(Connection conn) {
 					continue;
 				}
 				var handled = task.allocate(sql);
+				// If we handled it, delete the request
+				if (handled.size() > 0) {
+					sql.delete.call(task.id);
+				}
 				allocations.addAll(task.jobId, handled);
 				log.debug("allocate for {} (job {}): {}", task.id,
 						task.jobId, handled);

SpiNNaker-allocserv/src/main/java/uk/ac/manchester/spinnaker/alloc/security/SecurityConfig.java

@@ -15,7 +15,6 @@
  */
 package uk.ac.manchester.spinnaker.alloc.security;
 
-import static java.nio.charset.StandardCharsets.ISO_8859_1;
 import static org.slf4j.LoggerFactory.getLogger;
 import static org.springframework.beans.factory.config.BeanDefinition.ROLE_APPLICATION;
 import static org.springframework.beans.factory.config.BeanDefinition.ROLE_SUPPORT;
@@ -61,12 +60,7 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
@@ -82,7 +76,6 @@
 
 import uk.ac.manchester.spinnaker.alloc.ServiceConfig.URLPathMaker;
 import uk.ac.manchester.spinnaker.alloc.SpallocProperties.AuthProperties;
-import uk.ac.manchester.spinnaker.alloc.SpallocProperties.OpenIDProperties;
 import uk.ac.manchester.spinnaker.utils.UsedInJavadocOnly;
 
 /**
@@ -256,32 +249,6 @@ private void defineAPILoginRules(HttpSecurity http) throws Exception {
 		}
 	}
 
-	@Bean
-	public ClientRegistrationRepository clientRegistrationRepository() {
-		OpenIDProperties props = properties.getOpenid();
-		List<ClientRegistration> registrations = List.of(
-				ClientRegistration.withRegistrationId(props.getRegistrationId())
-				.clientId(props.getId())
-				.clientSecret(props.getSecret())
-				.authorizationGrantType(props.getAuthGrantType())
-				.authorizationUri(props.getAuth())
-				.tokenUri(props.getToken())
-				.userInfoUri(props.getUserinfo())
-				.jwkSetUri(props.getJwkSet())
-				.issuerUri(props.getIssuer())
-				.scope(props.getScopes())
-				.redirectUri(props.getRedirect())
-				.build());
-		return new InMemoryClientRegistrationRepository(registrations);
-	}
-
-	@Bean
-	public OAuth2AuthorizedClientService authorizedClientService() {
-
-		return new InMemoryOAuth2AuthorizedClientService(
-				clientRegistrationRepository());
-	}
-
 	/**
 	 * How we handle the mechanics of login within the web UI.
 	 *
@@ -302,9 +269,6 @@ private void defineWebUILoginRules(HttpSecurity http) throws Exception {
 			 */
 			http.oauth2Login().loginPage(loginUrl)
 					.loginProcessingUrl(oidcPath("login/code/*"))
-					.clientRegistrationRepository(
-							clientRegistrationRepository())
-					.authorizedClientService(authorizedClientService())
 					.authorizationEndpoint().baseUri(oidcPath("auth")).and()
 					.defaultSuccessUrl(rootPage, true)
 					.failureUrl(loginUrl + "?error=true").userInfoEndpoint()
@@ -408,7 +372,8 @@ private Map<String, Object> userinfo(String token) {
 		}
 	}
 
-	private static final class Formatter implements LogFormatter {
+	private final class Formatter implements LogFormatter {
+
 		@Override
 		public String formatResponse(ClientHttpResponse response)
 				throws IOException {
@@ -420,9 +385,11 @@ public String formatResponse(ClientHttpResponse response)
 		@Override
 		public String formatRequest(HttpRequest request, byte[] body) {
 			return String.format(
-					"%s Request to %s:\n    Headers: %s\n    Body: %s",
+					"%s Request to %s:\n"
+					+ "    Headers: %s\n"
+					+ "    Body: %s",
 					request.getMethod(), request.getURI(), request.getHeaders(),
-					new String(body, ISO_8859_1)); // A "safe" encoding
+					new String(body));
 		}
 	}
 

SpiNNaker-allocserv/src/main/resources/application.yml

@@ -271,18 +271,22 @@ spring:
   config:
     activate:
       on-profile: default
-#  security:
-#    oauth2:
-#      client:
-#        registration:
-#          hbp-ebrains:
-#            client-id: ${spalloc.auth.openid.id}
-#            client-secret: ${spalloc.auth.openid.secret}
-#            # Repeated from spalloc.auth.openid.scopes, but can't share!
-#            scope: [ openid, profile, roles, email, team, group ]
-#            authorization-grant-type: authorization_code
-#            redirect-uri: https://{baseHost}{basePort}{basePath}/system/perform_oidc/{action}/code/{registrationId}
-#        provider:
-#          hbp-ebrains:
-#            issuer-uri: ${spalloc.auth.openid.issuer}
-#            user-name-attribute: preferred_username
+  security:
+    oauth2:
+      client:
+        registration:
+          hbp-ebrains:
+            client-id: ${spalloc.auth.openid.id}
+            client-secret: ${spalloc.auth.openid.secret}
+            # Repeated from spalloc.auth.openid.scopes, but can't share!
+            scope: [ openid, profile, roles, email, team, group ]
+            authorization-grant-type: ${spalloc.auth.openid.auth-grant-type}
+            redirect-uri: ${spalloc.auth.openid.redirect}
+        provider:
+          hbp-ebrains:
+            # issuer-uri: ${spalloc.auth.openid.issuer}
+            authorization-uri: ${spalloc.auth.openid.auth}
+            token-uri: ${spalloc.auth.openid.token}
+            user-info-uri: ${spalloc.auth.openid.userinfo}
+            jwk-set-uri: ${spalloc.auth.openid.jwk-set}
+            user-name-attribute: preferred_username

SpiNNaker-allocserv/src/test/resources/application-unittest.yml

@@ -35,7 +35,7 @@ spalloc:
     performance-log: true
     performance-threshold: 1e2
   datasource:
-    jdbc-url: jdbc:tc:mysql:8:///;databaseName=spalloc?user=root&password=test
+    jdbc-url: jdbc:tc:mysql:8.2.0:///;databaseName=spalloc?user=root&password=test
   historical-data:
     datasource:
-      jdbc-url: jdbc:tc:mysql:8:///;databaseName=spallochistory?user=root&password=test
+      jdbc-url: jdbc:tc:mysql:8.2.0:///;databaseName=spallochistory?user=root&password=test

SpiNNaker-nmpiserv/pom.xml

@@ -95,9 +95,9 @@ limitations under the License.
 						<id>make-project-output-directory</id>
 						<phase>initialize</phase>
 						<configuration>
-							<tasks>
+							<target>
 								<mkdir dir="${project.build.directory}/generated-resources"/>
-							</tasks>
+							</target>
 						</configuration>
 						<goals>
 							<goal>run</goal>