diff --git a/.github/workflows/demo-deploy-action.yml b/.github/workflows/demo-deploy-action.yml new file mode 100644 index 0000000000..4aac7cbc75 --- /dev/null +++ b/.github/workflows/demo-deploy-action.yml @@ -0,0 +1,242 @@ +name: 'Demo-Deploy' + +on: + pull_request: + types: + - closed + branches: [ main ] + +jobs: + update-version: + if: github.event.pull_request.merged == true + runs-on: ubuntu-22.04 + outputs: + okr-docker-image: ${{ vars.NEW_VALUE_URL }}:${{ steps.store-version.outputs.version}}-DEMO + steps: + - uses: actions/checkout@v4 + with: + token: ${{secrets.VERSION_TOKEN}} + + - name: Generate and Set New Version + run: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.nextIncrementalVersion} -DgenerateBackupPoms=false + + - name: Extract Maven project version + run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT + id: store-version + + - name: Set New Snapshot Version + run: mvn build-helper:parse-version versions:set -DnewVersion=${{ steps.store-version.outputs.version}}-SNAPSHOT -DgenerateBackupPoms=false + + - name: Commit and Push Changes + shell: bash + env: + COMMITPREFIX: '[VU]' + run: | + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + git add . || { + echo "No files were changed, so we did not commit anything" + exit 1 + } + git commit -m "$COMMITPREFIX Automated version update" || { + echo "No changes to commit, skipping push" + exit 0 + } + git push -f origin main + + build-docker-image: + needs: update-version + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'adopt' + + - name: Set up node 18 + uses: actions/setup-node@v4 + with: + node-version: 18.17.1 + + - name: Install Dependencies + run: cd ./frontend && npm ci + + - name: Build frontend with Angular + run: cd ./frontend && npm run build + + - name: Build backend with Maven + run: mvn -B clean package --file pom.xml -P build-for-docker + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build the docker image + uses: docker/build-push-action@v5 + with: + context: . + file: docker/Dockerfile + tags: ${{ needs.update-version.outputs.okr-docker-image}} + load: true + push: false + outputs: type=docker,dest=/tmp/okr-docker-image.tar + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: okr-image + path: /tmp/okr-docker-image.tar + + - name: print imagetags + run: echo ${{ needs.update-version.outputs.okr-docker-image}} + + e2e-docker: + runs-on: ubuntu-22.04 + needs: [build-docker-image,update-version] + steps: + - uses: actions/checkout@v4 + + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: okr-image + path: /tmp + + - name: Load image + run: docker load --input /tmp/okr-docker-image.tar + + - name: show images + run: docker image ls -a + + - name: Run docker image + run: | + docker run --network=host \ + -p 8080:8080 \ + -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER-URI=http://localhost:8544/realms/pitc \ + -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK-SET-URI=http://localhost:8544/realms/pitc/protocol/openid-connect/certs \ + -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT-ID=pitc_okr_demo \ + -e SPRING_PROFILES_ACTIVE-ID=integration-test \ + -e SPRING_DATASOURCE_URL="jdbc:h2:mem:db;DB_CLOSE_DELAY=-1" \ + -e SPRING_DATASOURCE_USERNAME=user \ + -e SPRING_DATASOURCE_PASSWORD=sa \ + -e SPRING_FLYWAY_LOCATIONS="classpath:db/h2-db/database-h2-schema,classpath:db/h2-db/data-test-h2" \ + ${{ needs.update-version.outputs.okr-docker-image}} & + + - name: run keycloak docker + run: | + docker run \ + -e KEYCLOAK_ADMIN=admin \ + -e KEYCLOAK_ADMIN_PASSWORD=keycloak \ + -v ./docker/config/realm-export.json:/opt/keycloak/data/import/realm.json \ + -p 8544:8080 \ + quay.io/keycloak/keycloak:23.0.1 \ + start-dev --import-realm & + + - uses: abhi1693/setup-browser@v0.3.5 + with: + browser: chrome + version: latest + + - name: Cypress run e2e tests + uses: cypress-io/github-action@v6 + with: + build: npm i -D cypress + install: false + wait-on: 'http://localhost:8080/config, http://localhost:8544' + wait-on-timeout: 120 + browser: chrome + headed: true + working-directory: frontend + config: baseUrl=http://localhost:8080 + + upload-to-quay: + runs-on: ubuntu-latest + needs: [e2e-docker, update-version] + steps: + - uses: actions/checkout@v4 + + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: okr-image + path: /tmp + + - name: Load image + run: docker load --input /tmp/okr-docker-image.tar + + - name: show images + run: docker image ls -a + + - name: Log in to Quay registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.QUAY_REGISTRY }} + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Push + run: docker push ${{ needs.update-version.outputs.okr-docker-image}} + + - name: Install yq + shell: bash + env: + VERSION: v4.25.2 + BINARY: yq_linux_amd64 + run: | + wget -q https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ + tar xz && mv ${BINARY} /usr/local/bin/yq + + - name: Update YAML file + shell: bash + env: + COMMITPREFIX: '[CTS]' + run: | + curl -s --header "PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}?ref=${{vars.TARGET_GITLAB_REFERENCE}}" -H "Accept: application/json" -H "Content-Type: application/json" | jq -r '.content' | base64 --decode > response.yaml + yq -i "${{vars.YAML_PATH}} = \"${{needs.update-version.outputs.okr-docker-image}}\"" response.yaml + UPDATED_CONTENT=$(cat response.yaml) + curl --request PUT --header 'PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}' -F "branch=${{vars.TARGET_GITLAB_REFERENCE}}" -F "author_email=actions@gitlab.com" -F "author_name=GitLab Actions" -F "content=${UPDATED_CONTENT}" -F "commit_message=$COMMITPREFIX Automated changes to ${{vars.FILEPATH_COMMIT}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}" + + generate-and-push-sbom: + runs-on: ubuntu-latest + needs: [upload-to-quay] + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Install cdxgen + working-directory: frontend + run: npm install -g @cyclonedx/cdxgen@8.6.0 + + - name: 'Generate SBOM for maven dependencies' + working-directory: backend + run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom + + - name: 'Generate SBOM for npm dependencies' + working-directory: frontend + run: cdxgen -o ../sbom-npm.xml -t npm . + + - name: 'Merge frontend and backend SBOMs' + run: | + docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/backend/target/bom.xml data/sbom-npm.xml --output-file data/sbom.xml + + - name: 'Push merged SBOM to dependency track' + env: + PROJECT_NAME: okr-demo + run: | + curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \ + --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \ + --header "Content-Type: multipart/form-data" \ + --form "autoCreate=true" \ + --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \ + --form "projectVersion=latest" \ + --form "bom=@sbom.xml" + + clean-up: + needs: [generate-and-push-sbom] + runs-on: ubuntu-latest + + steps: + - name: remove dockers + run: docker ps -aq | xargs -r docker rm -f \ No newline at end of file diff --git a/backend/src/main/resources/application-demo.properties b/backend/src/main/resources/application-demo.properties new file mode 100644 index 0000000000..3b6b6174e3 --- /dev/null +++ b/backend/src/main/resources/application-demo.properties @@ -0,0 +1,7 @@ +# logging level for staging +logging.level.org.springframework=debug + +spring.security.oauth2.resourceserver.opaquetoken.client-id=pitc_okr_demo + +okr.user.champion.usernames=jbrantschen +okr.clientcustomization.customstyles.okr-topbar-background-color=#fa8072 \ No newline at end of file