From 48a59e50d94655d594be9565d9745fa07f5423cf Mon Sep 17 00:00:00 2001 From: Daniel McCoy Stephenson Date: Fri, 10 Nov 2023 10:17:49 -0700 Subject: [PATCH 01/11] Added image documentation to `docs/dockerhub.md` --- docs/dockerhub.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 docs/dockerhub.md diff --git a/docs/dockerhub.md b/docs/dockerhub.md new file mode 100644 index 0000000..08000c5 --- /dev/null +++ b/docs/dockerhub.md @@ -0,0 +1,54 @@ +# jpo-security-svcs + +## GitHub Repository Link +https://github.com/usdot-jpo-ode/jpo-security-svcs + +## Purpose +The purpose of the jpo-security-svcs program is to provide a REST endpoint for signing TIMs. + +## How to pull the latest image +The latest image can be pulled using the following command: +> docker pull usdotjpoode/jpo-security-svcs:latest + +## Required environment variables +- SEC_USE_CERTIFICATES + +## Expected files/directories +The following should get mounted when running the container: +- creds/ +- cert.jks +- logback.xml + +## Direct Dependencies +None + +## Indirect Dependencies +The SEC will not receive messages to process if the ODE is not running. + +## Example docker-compose.yml with direct dependencies: +``` +version: '3' +services: + sec: + image: usdotjpoode/jpo-security-svcs:release_q3 + ports: + - "8090:8090" + environment: + SEC_CRYPTO_SERVICE_BASE_URI: ${SEC_CRYPTO_SERVICE_BASE_URI} + SEC_CRYPTO_SERVICE_ENDPOINT_SIGN_PATH: ${SEC_CRYPTO_SERVICE_ENDPOINT_SIGN_PATH} + SEC_USE_CERTFICATES: ${SEC_USE_CERTFICATES} + SEC_KEY_STORE_PASSWORD: ${SEC_KEY_STORE_PASSWORD} + volumes: + - ./creds:/usr/local/share/ca-certificates + - ./cert.jks:/home/cert.jks + - ./logback.xml:/home/logback.xml + command: sh -c "update-ca-certificates && java -Dlogback.configurationFile=/home/logback.xml -jar /home/jpo-security-svcs.jar" + logging: + options: + max-size: "10m" + max-file: "5" +``` + +## Expected startup output +The latest line in the logs should look like this: +> jpo-security-svcs-sec-1 | 2023-11-09 18:09:35 [main] INFO Application - Started Application in 2.569 seconds (JVM running for 3.274) From c8e063cc11c3a22422683112f43cfff0985654b3 Mon Sep 17 00:00:00 2001 From: Marc Wodahl Date: Wed, 3 Jan 2024 10:19:15 -0700 Subject: [PATCH 02/11] Update Dockerfile, pom.xml --- Dockerfile | 4 ++-- pom.xml | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4218f9f..42a7dd9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM maven:3.5.4-jdk-8-alpine as builder +FROM maven:3.8-eclipse-temurin-21-alpine as builder WORKDIR /home COPY ./pom.xml . @@ -6,7 +6,7 @@ COPY ./src ./src RUN mvn clean package -FROM eclipse-temurin:11-jre-alpine +FROM eclipse-temurin:21-jre-alpine RUN apk update RUN apk add ca-certificates diff --git a/pom.xml b/pom.xml index c150201..2df27b3 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ org.springframework.boot spring-boot-starter-parent - 1.4.1.RELEASE + 3.1.3 @@ -49,6 +49,7 @@ org.json json + 20231013 org.springframework.boot @@ -61,14 +62,14 @@ 4.5.3 - javax.xml.bind - jaxb-api - 2.3.1 + jakarta.xml.bind + jakarta.xml.bind-api + 4.0.0 - 1.8 + 21 From 129736131108078fb99912f27e065ec05879a499 Mon Sep 17 00:00:00 2001 From: Daniel McCoy Stephenson Date: Thu, 25 Jan 2024 13:46:23 -0700 Subject: [PATCH 03/11] Removed an unnecessary comment from docker-compose.yml --- docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ccc8db4..e64d62f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -# DOCKER_SHARED_VOLUME_WINDOWS should be defined for Windows host machine as C: and not defined for Linux hosts - version: '3' services: sec: From 86df869044329143a45b50f49ef672500e7fd0e4 Mon Sep 17 00:00:00 2001 From: Daniel McCoy Stephenson Date: Fri, 26 Jan 2024 13:34:47 -0700 Subject: [PATCH 04/11] Modified java version in `ci.yml` --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 08c3248..38c99af 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ jobs: jpo-security-svcs: runs-on: ubuntu-latest container: - image: openjdk:17-jdk-slim-buster + image: maven:3.8-eclipse-temurin-21-alpine options: --user root steps: - name: Checkout ${{ github.event.repository.name }} @@ -18,7 +18,7 @@ jobs: maven-version: 3.8.2 - uses: actions/setup-java@v3 with: - java-version: '11' + java-version: '21' distribution: 'temurin' - name: Build run: | From 223c1d7190ad0662c78c04152850a95c048a3709 Mon Sep 17 00:00:00 2001 From: dan Date: Tue, 30 Jan 2024 20:30:41 -0500 Subject: [PATCH 05/11] update java v --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 38c99af..fa40f74 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,12 +11,12 @@ jobs: options: --user root steps: - name: Checkout ${{ github.event.repository.name }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Maven uses: stCarolas/setup-maven@v4.5 with: maven-version: 3.8.2 - - uses: actions/setup-java@v3 + - uses: actions/setup-java@v4 with: java-version: '21' distribution: 'temurin' From fb2370232acb0b97c87a95157e269afe1b2ac30b Mon Sep 17 00:00:00 2001 From: dan Date: Tue, 30 Jan 2024 20:40:55 -0500 Subject: [PATCH 06/11] update java v --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa40f74..c0cf467 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ jobs: jpo-security-svcs: runs-on: ubuntu-latest container: - image: maven:3.8-eclipse-temurin-21-alpine + image: openjdk:21-jdk-slim-buster options: --user root steps: - name: Checkout ${{ github.event.repository.name }} From 14eaa98214293dcf86fcca06c391aa1edebcf088 Mon Sep 17 00:00:00 2001 From: dan Date: Tue, 30 Jan 2024 23:03:46 -0500 Subject: [PATCH 07/11] update ci --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c0cf467..d9111e5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -74,7 +74,7 @@ jobs: sonar.java.binaries=home/runner/work/jpo-security-svcs/jpo-security-svcs/target sonar.projectBaseDir=$GITHUB_WORKSPACE sonar.projectKey=usdot-jpo-ode_jpo-security-svcs - sonar.organization=usdot-jpo-ode-1 + sonar.organization=usdot-jpo-ode jpo-security-svcs.sonar.projectBaseDir = home/runner/work/jpo-security-svcs/jpo-security-svcs jpo-security-svcs.sonar.sources = src tmca-tester.sonar.projectBaseDir=$GITHUB_WORKSPACE /tmca-tester From 9f68cffece241edf8ad6d7b13ac04c5a8ff673e5 Mon Sep 17 00:00:00 2001 From: dan Date: Tue, 30 Jan 2024 23:08:12 -0500 Subject: [PATCH 08/11] update ci --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d9111e5..f8cf0e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,7 +63,7 @@ jobs: run: | find "$GITHUB_WORKSPACE" -name "jacoco.xml" - name: Setup SonarScanner - uses: warchant/setup-sonar-scanner@v4 + uses: warchant/setup-sonar-scanner@v7 with: version: 4.8.0.2856 - name: Generate sonar properties file From 0b469bfd701bb23adf8d1373caa9cbd29c8a1a01 Mon Sep 17 00:00:00 2001 From: dan Date: Wed, 31 Jan 2024 09:35:57 -0500 Subject: [PATCH 09/11] update ci --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8cf0e2..25bdf01 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -65,7 +65,7 @@ jobs: - name: Setup SonarScanner uses: warchant/setup-sonar-scanner@v7 with: - version: 4.8.0.2856 + version: 5.0.1.3006 - name: Generate sonar properties file run: | cat < /tmp/sonar-scanner.properties From aa0580f6c266181b72027c366e6dfb2062ca6549 Mon Sep 17 00:00:00 2001 From: dan Date: Wed, 31 Jan 2024 10:27:27 -0500 Subject: [PATCH 10/11] update action workflow --- .github/workflows/ci.yml | 4 +++- .github/workflows/docker.yml | 6 +----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 25bdf01..fa9d2e8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,9 @@ name: CI -on: +on: pull_request: + types: [opened, reopened, synchronize] push: + branches: [develop, master] jobs: jpo-security-svcs: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6eb81d8..38cb830 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,12 +1,8 @@ name: Docker build on: - push: - branches-ignore: - - "develop" - - "master" - - "release/*" pull_request: + types: [opened, synchronize, reopened] jobs: jpo-security-svcs: From a54662f5e2f95b15f480dec050a22ce2a7cc10e0 Mon Sep 17 00:00:00 2001 From: dan Date: Wed, 31 Jan 2024 11:58:20 -0500 Subject: [PATCH 11/11] attempt to fix java v --- .github/workflows/ci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa9d2e8..d864bf6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,11 +17,7 @@ jobs: - name: Set up Maven uses: stCarolas/setup-maven@v4.5 with: - maven-version: 3.8.2 - - uses: actions/setup-java@v4 - with: - java-version: '21' - distribution: 'temurin' + maven-version: 3.8.2 - name: Build run: | cd $GITHUB_WORKSPACE