diff --git a/.github/workflows/cd.edge.build.yml b/.github/workflows/cd.edge.build.yml new file mode 100644 index 00000000..3f99b30c --- /dev/null +++ b/.github/workflows/cd.edge.build.yml @@ -0,0 +1,81 @@ +name: "CD: Edge Build" + +on: + repository_dispatch: + types: [edge-build] + +env: + REGISTRY: images.opencadc.org + IMAGE: platform/skaha + TAG: edge + +jobs: + edge-build: + if: github.repository == 'opencadc/science-platform' + runs-on: ubuntu-latest + permissions: + attestations: write + id-token: write + steps: + - + name: Client Payload + id: client-payload + run: | + echo "Client Payload: ${{ toJson(github.event.client_payload) }}" + - + name: Checkout + uses: actions/checkout@v3 + - + name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3.7.1 + with: + install: true + - + name: Perform Container Registry Login + uses: docker/login-action@v3.3.0 + with: + registry: images.opencadc.org + username: ${{ secrets.SKAHA_REGISTRY_USERNAME }} + password: ${{ secrets.SKAHA_REGISTRY_TOKEN }} + - + name: Build and Push Docker Image + id: build + uses: docker/build-push-action@v6.9.0 + with: + context: skaha/ + target: production + file: skaha/Dockerfile + platforms: linux/amd64 + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: mode=max + sbom: true + push: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} + labels: | + org.opencontainers.image.title=Science Platform + org.opencontainers.image.licenses=AGPL-3.0 + org.opencontainers.image.url=https://github.com/opencadc/science-platform + - + # See https://github.com/marketplace/actions/attest-build-provenance#container-image + # for more information on the attest-build-provenance action + name: Attest Container Image + id: attest + uses: actions/attest-build-provenance@v1.4.4 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }} + subject-digest: ${{ steps.build.outputs.digest }} + # push-to-registry: true + show-summary: true + - + name: Install Cosign + id: install-cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + - + name: Cosign Container Image + id: cosign + run: | + cosign version + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml new file mode 100644 index 00000000..f626157a --- /dev/null +++ b/.github/workflows/cd.release.build.yml @@ -0,0 +1,89 @@ +name: "CD: Release Build" + +on: + repository_dispatch: + types: [release-build] + +env: + REGISTRY: images.opencadc.org + IMAGE: platform/skaha + TAG: latest + TAG_RELEASE: ${{ github.event.client_payload.tag_name }} + +jobs: + release-build: + if: github.repository == 'opencadc/science-platform' + runs-on: ubuntu-latest + permissions: + attestations: write + id-token: write + steps: + - + name: Client Payload + id: client-payload + run: | + echo "Client Payload: ${{ toJson(github.event.client_payload) }}" + - + name: Checkout + uses: actions/checkout@v3 + - + name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3.7.1 + with: + install: true + - + name: Perform Container Registry Login + uses: docker/login-action@v3.3.0 + with: + registry: images.opencadc.org + username: ${{ secrets.SKAHA_REGISTRY_USERNAME }} + password: ${{ secrets.SKAHA_REGISTRY_TOKEN }} + - + name: Build and Push Docker Image + id: build + uses: docker/build-push-action@v6.9.0 + with: + context: skaha/ + target: production + file: skaha/Dockerfile + platforms: linux/amd64 + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: mode=max + sbom: true + push: true + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} + ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} + labels: | + org.opencontainers.image.title=skaha + org.opencontainers.image.version=${{ env.TAG_RELEASE }} + org.opencontainers.image.description="Science Platform Backend" + org.opencontainers.image.licenses=AGPL-3.0 + org.opencontainers.image.url=https://github.com/opencadc/science-platform + - + # See https://github.com/marketplace/actions/attest-build-provenance#container-image + # for more information on the attest-build-provenance action + name: Attest Container Image + id: attest + uses: actions/attest-build-provenance@v1.4.4 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE }} + subject-digest: ${{ steps.build.outputs.digest }} + # Currently not pushing attestations to Harbor Registry + # push-to-registry: true + show-summary: true + - + name: Install Cosign + id: install-cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + - + name: Cosign Container Image + id: cosign + run: | + cosign version + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} --upload + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml new file mode 100644 index 00000000..b4505cf6 --- /dev/null +++ b/.github/workflows/cd.release.yml @@ -0,0 +1,56 @@ +# Release Please Actions +name: "CD: Release Please" + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + release-please: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + if: github.repository == 'opencadc/science-platform' + steps: + - + name: Create release + id: release-please + uses: googleapis/release-please-action@v4.1.3 + with: + config-file: release-please-config.json + manifest-file: .release-please-manifest.json + - + name: Dispatch Edge Build + # Run this step only if the release-please completes successfully + if: steps.release-please.outcome == 'success' + uses: peter-evans/repository-dispatch@v3.0.0 + with: + repository: opencadc/science-platform + event-type: edge-build + token: ${{ secrets.GITHUB_TOKEN }} + client-payload: |- + { + "releases_created": "${{ steps.release-please.outputs.releases_created }}", + "tag_name": "${{ steps.release-please.outputs.tag_name }}", + "sha": "${{ steps.release-please.outputs.sha }}" + } + - + name: Dispatch Release Build + # Run this step only if the release-please completes successfully + if: ${{ steps.release-please.outputs.release_created }} + uses: peter-evans/repository-dispatch@v3.0.0 + with: + repository: opencadc/science-platform + event-type: release-build + token: ${{ secrets.GITHUB_TOKEN }} + client-payload: |- + { + "releases_created": "${{ steps.release-please.outputs.releases_created }}", + "tag_name": "${{ steps.release-please.outputs.tag_name }}", + "sha": "${{ steps.release-please.outputs.sha }}" + } diff --git a/.github/workflows/ci.linting.yml b/.github/workflows/ci.linting.yml index 4ec839bc..8f771ef4 100644 --- a/.github/workflows/ci.linting.yml +++ b/.github/workflows/ci.linting.yml @@ -27,4 +27,3 @@ jobs: run: | cd skaha ./gradlew clean spotlessCheck - diff --git a/.github/workflows/ci.testing.yml b/.github/workflows/ci.testing.yml index 0d224a16..e10e0ec7 100644 --- a/.github/workflows/ci.testing.yml +++ b/.github/workflows/ci.testing.yml @@ -34,14 +34,14 @@ jobs: if-no-files-found: error retention-days: 1 overwrite: true - + codecov: runs-on: ubuntu-latest needs: tests permissions: id-token: write steps: - - + - name: Download coverage artifacts uses: actions/download-artifact@v4.1.8 with: @@ -60,4 +60,4 @@ jobs: flags: skaha-unittests-coverage name: skaha-unittests-coverage fail_ci_if_error: true - verbose: true \ No newline at end of file + verbose: true diff --git a/.gitignore b/.gitignore index b66175fc..0c32b3c9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ /**/dependencies /**/.idea -/**/.gradle +/**/.gradle /**/build /**/bin .vscode @@ -10,4 +10,4 @@ *_key *.crt deployment/helm/skaha/token-tool-secret/skaha-private.pem -deployment/helm/skaha/token-tool-secret/skaha-public.pem \ No newline at end of file +deployment/helm/skaha/token-tool-secret/skaha-public.pem diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 00000000..5e367e6d --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + "skaha": "0.23.1" +} \ No newline at end of file diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 00000000..500b495f --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,25 @@ +{ + "packages": { + "skaha": { + "path": "skaha", + "package-name": "skaha", + "changelog-path": "CHANGELOG.md", + "release-type": "simple", + "bump-minor-pre-major": false, + "bump-patch-for-minor-pre-major": false, + "draft": false, + "prerelease": false, + "extra-files": [ + { + "type": "generic", + "path": "gradle.properties" + }, + { + "type": "generic", + "path": "version.yaml" + } + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} diff --git a/skaha/Dockerfile b/skaha/Dockerfile index fa9c987f..540474fa 100644 --- a/skaha/Dockerfile +++ b/skaha/Dockerfile @@ -1,12 +1,23 @@ -FROM images.opencadc.org/library/cadc-tomcat:1 +FROM eclipse-temurin:11-alpine AS base -RUN dnf -y install dnf-plugins-core \ - && dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo \ - && dnf -y install acl attr containerd.io docker-ce docker-ce-cli kubernetes-client which \ - && dnf -y clean all +FROM base AS builder +COPY . /skaha +WORKDIR /skaha +RUN ./gradlew clean spotlessCheck build --no-daemon -RUN kubectl version --client +FROM images.opencadc.org/library/cadc-tomcat:1.3 AS production -COPY build/libs/skaha.war /usr/share/tomcat/webapps/ +RUN set -eux \ + && dnf install --nodocs --assumeyes --setopt=install_weak_deps=False dnf-plugins-core-4.9.0-1.fc40 \ + && dnf -y config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo \ + && dnf -y install --nodocs --assumeyes --setopt=install_weak_deps=False \ + acl-2.3.2-1.fc40 attr-2.5.2-3.fc40 \ + containerd.io-1.7.22-3.1.fc40 \ + docker-ce-3:27.3.1-1.fc40 \ + docker-ce-cli-1:27.3.1-1.fc40 \ + kubernetes-client-1.29.9-2.fc40 \ + # Clean up dnf cache and other unneeded files to reduce image size + && dnf clean all -COPY src/scripts/* /usr/local/bin/ \ No newline at end of file +COPY --from=builder /skaha/build/libs/skaha.war /usr/share/tomcat/webapps/ +COPY --from=builder /skaha/src/scripts/* /usr/local/bin/ \ No newline at end of file diff --git a/skaha/build.gradle b/skaha/build.gradle index 917ab422..e7004934 100644 --- a/skaha/build.gradle +++ b/skaha/build.gradle @@ -4,6 +4,7 @@ plugins { id 'com.diffplug.spotless' version '6.25.0' id 'java' id 'jacoco' + id 'org.jetbrains.dokka' version '1.6.0' } repositories { @@ -54,6 +55,7 @@ dependencies { testImplementation 'junit:junit:[4.13,)' testImplementation 'org.json:json:20231013' testImplementation 'org.mockito:mockito-core:5.12.0' + } spotless { @@ -77,12 +79,43 @@ spotless { endWithNewline() } } +check.dependsOn spotlessCheck +// Create Java Code Coverage Reports jacocoTestReport { reports { xml.enabled true html.enabled true } } - check.dependsOn jacocoTestReport + +// Create JavaDoc +javadoc { + destinationDir = file("${buildDir}/docs/javadoc") +} + +// Create Java Documentation using Dokka for Github Markdown and HTML +tasks.dokkaGfm.configure { + outputDirectory.set(file("${buildDir}/docs/dokka/gfm")) + dokkaSourceSets { + register("main") { + sourceRoots.from(file("src/main/java")) + } + } +} +tasks.dokkaHtml.configure { + outputDirectory.set(file("${buildDir}/docs/dokka/html")) + dokkaSourceSets { + register("main") { + sourceRoots.from(file("src/main/java")) + } + configureEach { + jdkVersion.set(11) + sourceLink { + localDirectory.set(file("src/main/java")) + remoteUrl.set("https://github.com/opencadc/science-platform/tree/main/skaha/src/main/java") + } + } + } +} diff --git a/skaha/gradle.properties b/skaha/gradle.properties new file mode 100644 index 00000000..7305b6f8 --- /dev/null +++ b/skaha/gradle.properties @@ -0,0 +1,17 @@ +# Gradle properties +org.gradle.parallel=true +org.gradle.caching=true +org.gradle.jvmargs=-Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 +org.gradle.daemon=true +org.gradle.configureondemand=true + +# Project properties +# x-release-please-start-major +majorVersion = 0 +# x-release-please-end +# x-release-please-start-minor +minorVersion = 23 +# x-release-please-end +# x-release-please-start-patch +patchVersion = 1 +# x-release-please-end \ No newline at end of file