diff --git a/.github/pr-title-checker-config.json b/.github/pr-title-checker-config.json new file mode 100644 index 0000000..bfcc715 --- /dev/null +++ b/.github/pr-title-checker-config.json @@ -0,0 +1,14 @@ +{ + "LABEL": { + "name": "title needs correct naming convention", + "color": "EEEEEE" + }, + "CHECKS": { + "regexp": "[A-Z]{2,5}-[0-9]{1,5}" + }, + "MESSAGES": { + "success": "All OK", + "failure": "Failing PR test", + "notice": "Check the naming convention rules to naming PRs" + } +} \ No newline at end of file diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ab83a3c..2823040 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -94,45 +94,45 @@ jobs: # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # SCANS - scans: - needs: [ 'prepare', 'full-build' ] - runs-on: ubuntu-latest - if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }} - strategy: - max-parallel: 5 - fail-fast: false - matrix: - mtx-step: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}} - - steps: - #~ CHECKOUT - - name: "CHECKOUT" - run: | - ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} - ~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR" - #~ SCAN - - name: "Run the matrix step ${{ matrix.mtx-step }}" - run: | - MTX_STEP="${{ matrix.mtx-step }}" - - ~/ppl-run generic GENERATE-REQUIREMENT-SPEC "MTX_REQUIREMENT" "$MTX_STEP" >> $GITHUB_ENV - for spec in (("${{ env.MTX_REQUIREMENT }}")); do - case "${{ env.MTX_REQUIREMENT }}" in - ENTANDO-REQ-GITHUB-SPECIAL) - export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" - ;; - ENTANDO-REQ-SNYK) - export SNYK_TOKEN="${{ secrets.SNYK_TOKEN }}" - ;; - ENTANDO-REQ-POST-DEP) - export ENTANDO_OPT_OKD_LOGIN_TOKEN="${{ secrets.ENTANDO_OPT_OKD_LOGIN_TOKEN }}" - export ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS="${{ secrets.ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS }}" - export ENTANDO_OPT_DOCKER_USERNAME="${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}" - export ENTANDO_OPT_DOCKER_PASSWORD="${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}" - export ENTANDO_OPT_TEST_TLS_CRT="${{ secrets.ENTANDO_OPT_TEST_TLS_CRT }}" - export ENTANDO_OPT_TEST_TLS_KEY="${{ secrets.ENTANDO_OPT_TEST_TLS_KEY }}" - ;; - esac - done - - ~/ppl-run generic "$MTX_STEP" --id "$MTX_STEP" --lcd "$LOCAL_CLONE_DIR" \ No newline at end of file +# scans: +# needs: [ 'prepare', 'full-build' ] +# runs-on: ubuntu-latest +# if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }} +# strategy: +# max-parallel: 5 +# fail-fast: false +# matrix: +# mtx-step: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}} +# +# steps: +# #~ CHECKOUT +# - name: "CHECKOUT" +# run: | +# ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} +# ~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR" +# #~ SCAN +# - name: "Run the matrix step ${{ matrix.mtx-step }}" +# run: | +# MTX_STEP="${{ matrix.mtx-step }}" +# +# ~/ppl-run generic GENERATE-REQUIREMENT-SPEC "MTX_REQUIREMENT" "$MTX_STEP" >> $GITHUB_ENV +# for spec in (("${{ env.MTX_REQUIREMENT }}")); do +# case "${{ env.MTX_REQUIREMENT }}" in +# ENTANDO-REQ-GITHUB-SPECIAL) +# export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" +# ;; +# ENTANDO-REQ-SNYK) +# export SNYK_TOKEN="${{ secrets.SNYK_TOKEN }}" +# ;; +# ENTANDO-REQ-POST-DEP) +# export ENTANDO_OPT_OKD_LOGIN_TOKEN="${{ secrets.ENTANDO_OPT_OKD_LOGIN_TOKEN }}" +# export ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS="${{ secrets.ENTANDO_OPT_IMAGE_REGISTRY_CREDENTIALS }}" +# export ENTANDO_OPT_DOCKER_USERNAME="${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}" +# export ENTANDO_OPT_DOCKER_PASSWORD="${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}" +# export ENTANDO_OPT_TEST_TLS_CRT="${{ secrets.ENTANDO_OPT_TEST_TLS_CRT }}" +# export ENTANDO_OPT_TEST_TLS_KEY="${{ secrets.ENTANDO_OPT_TEST_TLS_KEY }}" +# ;; +# esac +# done +# +# ~/ppl-run generic "$MTX_STEP" --id "$MTX_STEP" --lcd "$LOCAL_CLONE_DIR" \ No newline at end of file diff --git a/.github/workflows/publication.yml b/.github/workflows/publication.yml index 7b5097e..da99bfb 100644 --- a/.github/workflows/publication.yml +++ b/.github/workflows/publication.yml @@ -1,84 +1,113 @@ -name: Internal Snapshot Publication +name: PUB on: push: tags: - - 'v*' + - "v*" env: - ENTANDO_OPT_USE_PPL_TAG: "v1.4.1" - ENTANDO_OPT_DATA_REPO: "${{ secrets.ENTANDO_OPT_DATA_REPO }}" - ENTANDO_OPT_DATA_REPO_TOKEN: "${{ secrets.ENTANDO_OPT_DATA_REPO_TOKEN }}" - ENTANDO_OPT_ENVIRONMENT_NAMES: "${{ secrets.ENTANDO_OPT_ENVIRONMENT_NAMES }}" - ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" - ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}" - ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" - ENTANDO_OPT_CUSTOM_ENV: "${{ secrets.ENTANDO_OPT_CUSTOM_ENV }}" - ENTANDO_RHT_DOCKER_USERNAME: "${{ secrets.ENTANDO_RHT_DOCKER_USERNAME }}" - ENTANDO_RHT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_RHT_DOCKER_PASSWORD }}" - ENTANDO_RHT_DOCKER_REGISTRY: "${{ secrets.ENTANDO_RHT_DOCKER_REGISTRY }}" - PPL_CONTEXT: ${{ toJson(github) }} - LOCAL_CLONE_DIR: "local-checkout" + PPL_TEMPLATE_VERSION: "v2.0.0" + ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }} + PR_CHECKER_PATH: ".github/pr-title-checker-config.json" + DOCKER_KEYCLOAK_IMAGE_BASE_NAME: entando/entando-keycloak + DOCKER_SSO_IMAGE_BASE_NAME: entando/entando-redhat-sso + DOCKER_KEYCLOAK_IMAGE_ARCHITECTURE: linux/amd64,linux/arm64 + DOCKER_SSO_IMAGE_ARCHITECTURE: linux/amd64 + DOCKER_IMAGE_CONTEXT: . + DOCKER_KEYCLOAK_IMAGE_FILE: Dockerfile.keycloak + DOCKER_SSO_IMAGE_FILE: Dockerfile.redhat-sso + DOCKER_IMAGE_PUSH: true jobs: - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # PUBLICATION + + check-pr: + runs-on: ubuntu-latest + steps: + - uses: thehanimo/pr-title-checker@v1.3.7 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + pass_on_octokit_error: false + configuration_path: ${{ env.PR_CHECKER_PATH }} publication: - outputs: - POST_PUB_DOCKER_SCAN: ${{ steps.START.outputs.POST_PUB_DOCKER_SCAN }} - POST_DEP_TESTS: ${{ steps.START.outputs.POST_DEP_TESTS }} - env: - ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }} runs-on: ubuntu-latest steps: - - name: "PR PIPELINE START" - id: START - run: | - ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} - ~/ppl-run status-report - #~ CHECKOUT - - name: "CHECKOUT" - id: CHECKOUT - run: | - ~/ppl-run \ - .. checkout-branch --id "CHECKOUT FOR PUBLICATION" \ - --lcd "$LOCAL_CLONE_DIR" \ - --token "$ENTANDO_BOT_TOKEN" \ - .. pr-preflight-checks --only flags --lcd "$LOCAL_CLONE_DIR" \ - ; - ~/ppl-run generic GENERATE-BUILD-CACHE-KEY "BUILD_CACHE_KEY" --lcd "$LOCAL_CLONE_DIR" >> $GITHUB_ENV - ~/ppl-run generic GENERATE-BUILD-TARGET-DIR "BUILD_TARGET_DIR" --lcd "$LOCAL_CLONE_DIR" >> $GITHUB_ENV - #~ BUILD CACHE - #- name: "Cache Build Dir" - #id: build-cache - #uses: actions/cache@v2 - #with: - #path: "${{ env.LOCAL_CLONE_DIR}}/${{ env.BUILD_TARGET_DIR }}/" - #key: "${{ runner.os }}-enp-build-${{ env.BUILD_CACHE_KEY }}" - #~ PUBLISH THE ARTIFACT - - name: "Publish package" - run: | - ~/ppl-run generic PUBLISH \ - --id "PUBLICATION" \ - --lcd "$LOCAL_CLONE_DIR" - env: - NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} - NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} - #~ PUBLISH TO DOCKER - - name: "Publish image" - env: - ENTANDO_OPT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}" - ENTANDO_OPT_DOCKER_ALT_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_ALT_PASSWORD }}" - run: | - ~/ppl-run generic PUBLISH-IMAGE --lcd "$LOCAL_CLONE_DIR" - #~ POST SCAN - - name: "Post-scan container" - env: - SNYK_ORG: "${{ secrets.SNYK_ORG }}" - SNYK_TOKEN: "${{ secrets.SNYK_TOKEN }}" - run: | - ~/ppl-run generic SCAN-IMAGE --lcd "$LOCAL_CLONE_DIR" \ No newline at end of file + - name: Checkout + uses: actions/checkout@v3 + + - name: Docker meta-keycloak + id: meta-keycloak + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.DOCKER_KEYCLOAK_IMAGE_BASE_NAME }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr,value={{base_ref}} + type=ref,event=tag + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + type=raw,event=pr,value={{base_ref}} + + - name: Docker meta-sso + id: meta-sso + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.DOCKER_SSO_IMAGE_BASE_NAME }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=ref,event=tag + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + type=raw,event=pr,value={{branch}} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + platforms: ${{ env.DOCKER_KEYCLOAK_IMAGE_ARCHITECTURE }} + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }} + password: ${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }} + + - name: Login to RHT + uses: docker/login-action@v2 + with: + registry: ${{ secrets.ENTANDO_RHT_DOCKER_REGISTRY }} + username: ${{ secrets.ENTANDO_RHT_DOCKER_USERNAME }} + password: ${{ secrets.ENTANDO_RHT_DOCKER_PASSWORD }} + + - name: Build keycloak + uses: docker/build-push-action@v4 + with: + context: ${{ env.DOCKER_IMAGE_CONTEXT }} + file: ${{ env.DOCKER_KEYCLOAK_IMAGE_FILE }} + push: ${{ env.DOCKER_IMAGE_PUSH }} + tags: ${{ steps.meta-keycloak.outputs.tags }} + labels: ${{ steps.meta-keycloak.outputs.labels }} + platforms: ${{ env.DOCKER_KEYCLOAK_IMAGE_ARCHITECTURE }} + + - name: Build sso + uses: docker/build-push-action@v4 + with: + context: ${{ env.DOCKER_IMAGE_CONTEXT }} + file: ${{ env.DOCKER_SSO_IMAGE_FILE }} + push: ${{ env.DOCKER_IMAGE_PUSH }} + tags: ${{ steps.meta-sso.outputs.tags }} + labels: ${{ steps.meta-sso.outputs.labels }} + platforms: ${{ env.DOCKER_SSO_IMAGE_ARCHITECTURE }} \ No newline at end of file diff --git a/Dockerfile.keycloak b/Dockerfile.keycloak index a9f1c2c..2c67919 100644 --- a/Dockerfile.keycloak +++ b/Dockerfile.keycloak @@ -10,7 +10,9 @@ LABEL name="Entando Keycloak" \ COPY LICENSE /licences/entando-lgpl.txt COPY themes /opt/jboss/keycloak/themes -COPY cli /opt/jboss/keycloak/tools/cli +COPY --chown=jboss:root cli /opt/jboss/tools/cli/ +COPY --chown=jboss:root jboss-tools/standalone-configuration.cli /opt/jboss/tools/cli/standalone-configuration.cli +COPY --chown=jboss:root jboss-tools/standalone-ha-configuration.cli /opt/jboss/tools/cli/standalone-ha-configuration.cli ARG ORACLE_JDBC_DRIVER_VERSION=21.4.0.0.1 RUN export KEYCLOAK_HTTP_PORT=8080 && \ diff --git a/jboss-tools/standalone-configuration.cli b/jboss-tools/standalone-configuration.cli new file mode 100644 index 0000000..97735b5 --- /dev/null +++ b/jboss-tools/standalone-configuration.cli @@ -0,0 +1,7 @@ +embed-server --server-config=standalone.xml --std-out=echo +run-batch --file=/opt/jboss/tools/cli/databases/oracle/change-database.cli +run-batch --file=/opt/jboss/tools/cli/loglevel.cli +run-batch --file=/opt/jboss/tools/cli/proxy.cli +run-batch --file=/opt/jboss/tools/cli/hostname.cli +run-batch --file=/opt/jboss/tools/cli/theme.cli +stop-embedded-server \ No newline at end of file diff --git a/jboss-tools/standalone-ha-configuration.cli b/jboss-tools/standalone-ha-configuration.cli new file mode 100644 index 0000000..c53ca4f --- /dev/null +++ b/jboss-tools/standalone-ha-configuration.cli @@ -0,0 +1,7 @@ +embed-server --server-config=standalone-ha.xml --std-out=echo +run-batch --file=/opt/jboss/tools/cli/databases/oracle/change-database.cli +run-batch --file=/opt/jboss/tools/cli/loglevel.cli +run-batch --file=/opt/jboss/tools/cli/proxy.cli +run-batch --file=/opt/jboss/tools/cli/hostname.cli +run-batch --file=/opt/jboss/tools/cli/theme.cli +stop-embedded-server \ No newline at end of file