Merge branch 'THR-35-library-management-service' of ssh://github.com/…

…hpi-schul-cloud/schulcloud-server into THR-35-library-management-service
hpi-schul-cloud · Sep 29, 2023 · 1e91490 · 1e91490
2 parents 67cdb42 + b668fbf
commit 1e91490
Show file tree

Hide file tree

Showing 1,314 changed files with 25,529 additions and 60,998 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -6,7 +6,7 @@ on:
     branches-ignore:
       - dependabot/**
   pull_request:
-    types: [ labeled ]
+    types: [labeled]
 
 permissions:
   contents: read
@@ -32,14 +32,6 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - name: Docker meta Service Name
-        id: docker_meta_img
-        uses: crazy-max/ghaction-docker-meta@v4
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: |
-            type=ref,event=branch,enable=false,priority=600
-            type=sha,enable=true,priority=600,prefix=
 
       - name: Login to registry
         uses: docker/login-action@v2
@@ -48,10 +40,17 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Docker meta Service Name
+        id: docker_meta_img
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch,enable=false,priority=600
+            type=sha,enable=true,priority=600,prefix=
+
       - name: test image exists
         run: |
-          mkdir -p ~/.docker 
-          echo '{"experimental": "enabled"}' >> ~/.docker/config.json
           echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx
@@ -69,6 +68,49 @@ jobs:
           tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}
           labels: ${{ steps.docker_meta_img.outputs.labels }}
 
+      - name: Docker meta Service Name (file storage)
+        id: docker_meta_img_file_storage
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch,enable=false,priority=600,prefix=file-storage-
+            type=sha,enable=true,priority=600,prefix=file-storage-
+          labels: |
+            org.opencontainers.image.title=schulcloud-file-storage
+
+      - name: test image exists (file storage)
+        run: |
+          echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:file-storage-${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx (file storage)
+        if: ${{ env.IMAGE_EXISTS == 0 }}
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push ${{ github.repository }} (file storage)
+        if: ${{ env.IMAGE_EXISTS == 0 }}
+        uses: docker/build-push-action@v4
+        with:
+          build-args: |
+            BASE_IMAGE=ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}
+          context: .
+          file: ./Dockerfile.filestorage
+          platforms: linux/amd64
+          push: true
+          tags: ghcr.io/${{ github.repository }}:file-storage-${{ needs.branch_meta.outputs.sha }}
+          labels: |
+            ${{ steps.docker_meta_img_file_storage.outputs.labels }}
+
+      - name: Send Notification to Rocket Chat if docker image build failed
+        if: ${{ failure() && github.ref == 'refs/heads/main' }}
+        uses: RocketChat/[email protected]
+        with:
+          type: ${{ job.status }}
+          job_name: 'docker image build from ${{ github.repository }} triggered from branch ${{ github.ref_name }}:'
+          url: ${{ secrets.RC_MAIN_BROKEN_TOKEN }}
+          channel: '#softwaredevelopment-teams-and-groups'
+          username: Autodeployment Info
+
   branch_meta:
     runs-on: ubuntu-latest
     outputs:
@@ -87,7 +129,6 @@ jobs:
             echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT
           fi
 
-
   deploy:
     needs:
       - build_and_push
@@ -147,12 +188,12 @@ jobs:
     uses: hpi-schul-cloud/e2e-system-tests/.github/workflows/remote-trigger.yml@main
     with:
       ref: ${{ needs.branch_meta.outputs.branch }}
-    secrets: inherit
-
+    secrets:
+      service-account-token: ${{ secrets.CYPRESS_ONEPWD_SERVICE_ACCOUNT_TOKEN }}
+
   test-successful:
     runs-on: ubuntu-latest
     needs:
       - end-to-end-tests
     steps:
       - run: echo "Test was successful"
-
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -46,7 +46,29 @@ jobs:
           platforms: linux/amd64
           push: true
           tags: ${{ steps.docker_meta_img_hub.outputs.tags }}
-          labels: ${{ steps.docker_meta_img.outputs.labels }}
+          labels: ${{ steps.docker_meta_img_hub.outputs.labels }}
+
+      - name: Docker meta Service Name for docker hub (file storage)
+        id: docker_meta_img_hub_file_storage
+        uses: docker/metadata-action@v4
+        with:
+          images: docker.io/schulcloud/schulcloud-server, quay.io/schulcloudverbund/schulcloud-server
+          tags: |
+            type=semver,pattern={{version}},prefix=file-storage-,onlatest=false
+            type=semver,pattern={{major}}.{{minor}},prefix=file-storage-,onlatest=false
+          labels: |
+            org.opencontainers.image.title=schulcloud-file-storage
+      - name: Build and push ${{ github.repository }} (file-storage)
+        uses: docker/build-push-action@v4
+        with:
+          build-args: |
+            BASE_IMAGE=quay.io/schulcloudverbund/schulcloud-server:${{ github.ref_name }}
+          context: .
+          file: ./Dockerfile.filestorage
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.docker_meta_img_hub_file_storage.outputs.tags }}
+          labels: ${{ steps.docker_meta_img_hub_file_storage.outputs.labels }}
 
   create-release:
     needs:

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/node:18 as git
+FROM docker.io/node:18 AS git
 
 RUN mkdir /app && chown -R node:node /app
 WORKDIR /app

diff --git a/Dockerfile.filestorage b/Dockerfile.filestorage
@@ -0,0 +1,4 @@
+ARG BASE_IMAGE
+FROM $BASE_IMAGE
+
+RUN apk add --no-cache imagemagick
diff --git a/ansible/roles/h5p-library-management/meta/main.yml b/ansible/roles/h5p-library-management/meta/main.yml
@@ -0,0 +1,9 @@
+galaxy_info:
+  role_name: h5p-library-management
+  author: Schul-Cloud Verbund
+  description: h5p library role for the management of libraries
+  company: Schul-Cloud Verbund
+  license: license (AGPLv3)
+  min_ansible_version: 2.8
+  galaxy_tags: []
+dependencies: []
diff --git a/ansible/roles/h5p-library-management/tasks/main.yml b/ansible/roles/h5p-library-management/tasks/main.yml
@@ -0,0 +1,6 @@
+  - name: H5pLibraryManagement CronJob
+    when: WITH_H5P_LIBRARY_MANAGEMENT is defined and WITH_H5P_LIBRARY_MANAGEMENT|bool == true
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: api-h5p-library-management-cronjob.yml.j2
diff --git a/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 b/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: api-library-management-cronjob
+  name: api-library-management-cronjob
+spec:
+  itemPath: "vaults/{{ ONEPASSWORD_OPERATOR_VAULT }}/items/h5p-library-manager-ionos-s3"
+spec:
+  schedule: "{{ SERVER_H5P_LIBRARY_MANAGEMENT_CRONJOB|default("0 3 * * 3,6", true) }}"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: {{ SERVER_H5P_LIBRARY_MANAGEMENT_CRONJOB_TIMEOUT|default("39600", true) }}
+      template:
+        spec:
+          containers:
+          - name: api-h5p-library-management-cronjob
+            image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
+            envFrom:
+            - configMapRef:
+                name: api-configmap
+            - secretRef:
+                name: api-secret
+            command: ['/bin/sh', '-c']
+            args: ['npm run nest:start:h5p:library-management']
+            resources:
+              limits:
+                cpu: {{ API_H5P_LIBRARY_MANAGEMENT_CPU_LIMITS|default("2000m", true) }}
+                memory: {{ API_H5P_LIBRARY_MANAGEMENT_MEMORY_LIMITS|default("2Gi", true) }}
+              requests:
+                cpu: {{ API_H5P_LIBRARY_MANAGEMENT_CPU_REQUESTS|default("100m", true) }}
+                memory: {{ API_H5P_LIBRARY_MANAGEMENT_MEMORY_REQUESTS|default("150Mi", true) }}
+          restartPolicy: OnFailure
diff --git a/ansible/roles/library-cron-job/api-library-management-cronjob.yml.j2 b/ansible/roles/library-cron-job/api-library-management-cronjob.yml.j2
diff --git a/ansible/roles/schulcloud-server-core/tasks/main.yml b/ansible/roles/schulcloud-server-core/tasks/main.yml
@@ -71,13 +71,6 @@
       namespace: "{{ NAMESPACE }}"
       template: api-fwu-deployment.yml.j2
     when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool
-
-  - name: H5pEditorDeployment
-    kubernetes.core.k8s:
-      kubeconfig: ~/.kube/config
-      namespace: "{{ NAMESPACE }}"
-      template: api-h5p-deployment.yml.j2
-    when: FEATURE_H5P_EDITOR_ENABLED is defined and FEATURE_H5P_EDITOR_ENABLED|bool
 
   - name: Delete Files CronJob
     kubernetes.core.k8s:

diff --git a/ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2
@@ -29,7 +29,7 @@ spec:
         runAsNonRoot: true
       containers:
       - name: api-files
-        image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
+        image: {{ SCHULCLOUD_SERVER_IMAGE }}:file-storage-{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 4444

diff --git a/ansible/roles/schulcloud-server-core/templates/configmap.yml.j2 b/ansible/roles/schulcloud-server-core/templates/configmap.yml.j2
@@ -11,7 +11,6 @@ data:
   NODE_ENV: "production"
   NODE_OPTIONS: "--max-old-space-size=2048"
   SC_TITLE: "{{ SC_TITLE }}"
-  SC_SHORT_TITLE: "{{ SC_SHORT_TITLE }}"
   SC_THEME: "{{ SC_THEME }}"
   SC_DOMAIN: "{{ DOMAIN }}"
   SHLVL: "1"

diff --git a/ansible/roles/schulcloud-server-h5p/meta/main.yml b/ansible/roles/schulcloud-server-h5p/meta/main.yml
@@ -0,0 +1,9 @@
+galaxy_info:
+  role_name: schulcloud-server-h5p
+  author: Schul-Cloud Verbund
+  description: h5p role for the schulcloud-server
+  company: Schul-Cloud Verbund
+  license: license (AGPLv3)
+  min_ansible_version: 2.8
+  galaxy_tags: []
+dependencies: []
diff --git a/ansible/roles/schulcloud-server-h5p/tasks/main.yml b/ansible/roles/schulcloud-server-h5p/tasks/main.yml
@@ -0,0 +1,14 @@
+  - name: H5pEditorService
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: api-h5p-svc.yml.j2
+    when: WITH_H5P_EDITOR is defined and WITH_H5P_EDITOR|bool
+
+  - name: H5pEditorDeployment
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: api-h5p-deployment.yml.j2
+    when: WITH_H5P_EDITOR is defined and WITH_H5P_EDITOR|bool
+
diff --git a/...-core/templates/api-h5p-deployment.yml.j2 → ...r-h5p/templates/api-h5p-deployment.yml.j2 b/...-core/templates/api-h5p-deployment.yml.j2 → ...r-h5p/templates/api-h5p-deployment.yml.j2
diff --git a/...-server-core/templates/api-h5p-svc.yml.j2 → ...d-server-h5p/templates/api-h5p-svc.yml.j2 b/...-server-core/templates/api-h5p-svc.yml.j2 → ...d-server-h5p/templates/api-h5p-svc.yml.j2
@@ -8,7 +8,7 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - port: {{ PORT_H5P_EDITOR }}
+    - port: 4448
       targetPort: 4448
       protocol: TCP
       name: api-h5p

diff --git a/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2 b/ansible/roles/schulcloud-server-init/templates/configmap_file_init.yml.j2
@@ -253,6 +253,49 @@ data:
 
     # ========== End of the Dev IServ configuration section.
 
+    # ========== Start of the Test BRB Univention LDAP system (also used on the REF BRB) configuration section.
+
+    # This is currently performed for any 'brb-*' namespace ('brb-main' for example).
+
+    if [[ "$NS" =~ ^brb-[^\s]+$ ]]; then
+        UNIVENTION_LDAP_SYSTEM_ID=621beef78ec63ea12a3adae6
+        UNIVENTION_LDAP_FEDERAL_STATE_ID=0000b186816abba584714c53
+
+        # Encrypt LDAP server's search user password.
+        UNIVENTION_LDAP_SEARCH_USER_PASSWORD=$(node scripts/secret.js -s $AES_KEY -e $UNIVENTION_LDAP_SEARCH_USER_PASSWORD)
+
+        # Add (or replace) document with the test BRB Univention LDAP system configuration.
+        mongosh $DATABASE__URL --eval 'db.systems.replaceOne(
+            {
+                "_id": ObjectId("'$UNIVENTION_LDAP_SYSTEM_ID'"),
+            },
+            {
+                "_id": ObjectId("'$UNIVENTION_LDAP_SYSTEM_ID'"),
+                "alias": "TEST BRB UNIVENTION LDAP",
+                "ldapConfig": {
+                    "active": true,
+                    "federalState": ObjectId("'$UNIVENTION_LDAP_FEDERAL_STATE_ID'"),
+                    "url": "'$UNIVENTION_LDAP_URL'",
+                    "rootPath": "'$UNIVENTION_LDAP_ROOT_PATH'",
+                    "searchUser": "'$UNIVENTION_LDAP_SEARCH_USER'",
+                    "searchUserPassword": "'$UNIVENTION_LDAP_SEARCH_USER_PASSWORD'",
+                    "provider": "univention",
+                    "providerOptions": {
+                        "userAttributeNameMapping": {},
+                        "roleAttributeNameMapping": {},
+                        "classAttributeNameMapping": {}
+                    }
+                },
+                "type": "ldap"
+            },
+            {
+                "upsert": true
+            }
+        );'
+    fi
+
+    # ========== End of the Test BRB Univention LDAP system (also used on the REF BRB) configuration section.
+
     # ========== Start of the Bettermarks tool configuration section.
 
     # This is currently performed only for the following 4 namespaces:

diff --git a/apps/server/doc/summary.json b/apps/server/doc/summary.json
@@ -58,6 +58,10 @@
 			{
 				"title": "Code Style",
 				"file": "code-style.md"
+			},
+			{
+				"title": "S3ClientModule",
+				"file": "../src/shared/infra/s3-client/README.md"
 			}
 		]
 	}

diff --git a/apps/server/src/apps/h5p-editor.app.ts b/apps/server/src/apps/h5p-editor.app.ts
@@ -7,8 +7,6 @@ import express from 'express';
 // register source-map-support for debugging
 import { install as sourceMapInstall } from 'source-map-support';
 
-import path from 'node:path';
-
 // application imports
 import { LegacyLogger } from '@src/core/logger';
 import { H5PEditorModule } from '@src/modules/h5p-editor';
@@ -22,13 +20,6 @@ async function bootstrap() {
 
 	const nestExpressAdapter = new ExpressAdapter(nestExpress);
 
-	const oneHourInMs = 1000 * 60 * 60;
-
-	nestExpressAdapter.useStaticAssets(path.join(__dirname, '../static-assets/h5p'), {
-		prefix: '/h5p-editor',
-		maxAge: oneHourInMs,
-	});
-
 	const nestApp = await NestFactory.create(H5PEditorModule, nestExpressAdapter);
 	// WinstonLogger
 	nestApp.useLogger(await nestApp.resolve(LegacyLogger));