From 8d99d2351c527b97012f2d615e509633cf64c12c Mon Sep 17 00:00:00 2001 From: Thomas Richner Date: Thu, 8 Feb 2024 17:57:11 +0100 Subject: [PATCH] ARC-1239: Dockerize 'ehealthid-rp' for deployment (#18) * ARC-1239: Setup Dockerfile & Release Flow * ARC-1239: Use GHCR * ARC-1239: Check off task :) --- .github/dependabot.yml | 21 +++++++++++++ .github/workflows/release.yml | 54 ++++++++++++++++++++++++++++++++ .github/workflows/spotless.yml | 12 ++----- .github/workflows/unit-tests.yml | 12 ++----- Dockerfile | 29 +++++++++++++++++ Makefile | 32 +++++++++++++++++++ README.md | 2 +- 7 files changed, 143 insertions(+), 19 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/release.yml create mode 100644 Dockerfile create mode 100644 Makefile diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..228d23a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +version: 2 +updates: + - package-ecosystem: maven + registries: "*" + directory: "/" + schedule: + interval: weekly + commit-message: + prefix: "NA:" + groups: + maven-non-breaking-changes: + update-types: + - 'minor' + - 'patch' + - package-ecosystem: docker + registries: "*" + directory: "/" + schedule: + interval: weekly + commit-message: + prefix: "NA:" \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..50c51df --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,54 @@ +name: Build and Publish Application Image + +on: + push: + tags: + - 'ehealthid-relying-party/v[0-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+' + +env: + REGISTRY: ghcr.io + +jobs: + deploy: + env: + DOCKER_REPO: 'europe-docker.pkg.dev/oviva-pkg/ovi/' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: 21 + distribution: 'temurin' + cache: 'maven' + - name: Get version + id: version + run: | + echo "parsing version from ref '$GITHUB_REF'" + VERSION=$(echo "$GITHUB_REF" | sed -e 's|.*/ehealthid-relying-party/v\(.*\)|\1|g') + echo "version=$VERSION" >> $GITHUB_OUTPUT + - name: Update Version + env: + VERSION: ${{ steps.version.outputs.version }} + run: | + echo "updating version to '$VERSION'" + make update-version "VERSION=$VERSION" + - name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - id: buildx + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push Image + env: + VERSION: ${{ steps.version.outputs.version }} + run: | + make dist RELEASE_TAG=v$VERSION + permissions: + contents: read + packages: write \ No newline at end of file diff --git a/.github/workflows/spotless.yml b/.github/workflows/spotless.yml index e59d6f0..cf49635 100644 --- a/.github/workflows/spotless.yml +++ b/.github/workflows/spotless.yml @@ -6,24 +6,18 @@ on: jobs: lint: runs-on: ubuntu-latest - env: - MAVEN_USERNAME: continuousintegration-oviva - MAVEN_PASSWORD: ${{ secrets.MAVEN_REPO_TOKEN }} permissions: contents: read packages: read checks: write steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - server-id: github - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD cache: 'maven' - name: run spotless id: spotless diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index dfb213d..0d79f58 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -11,22 +11,16 @@ on: jobs: test: - env: - MAVEN_USERNAME: continuousintegration-oviva - MAVEN_PASSWORD: ${{ secrets.MAVEN_REPO_TOKEN }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: - java-version: 17 + java-version: 21 distribution: 'temurin' - server-id: github - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD cache: 'maven' - name: Cache SonarCloud packages uses: actions/cache@v3 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..88bdf31 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 + +LABEL org.opencontainers.image.source="https://github.com/oviva-ag/ehealthid-relying-party" + +ARG JAVA_PACKAGE=java-21-openjdk-headless +ARG RUN_JAVA_VERSION=1.3.8 + +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' + +# Install java and the run-java script +# Also set up permissions for user `1001` +RUN microdnf -y install ca-certificates ${JAVA_PACKAGE} \ + && microdnf -y update \ + && microdnf clean all \ + && mkdir /deployments \ + && chown 1001 /deployments \ + && chmod "g+rwX" /deployments \ + && chown 1001:root /deployments \ + && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \ + && chown 1001 /deployments/run-java.sh \ + && chmod 540 /deployments/run-java.sh \ + && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security \ + && echo "securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN,DRBG:SUN" >> /etc/alternatives/jre/conf/security/java.security + +COPY --chown=1001 ehealthid-rp/target/ehealthid-rp-jar-with-dependencies.jar /deployments/ + +USER 1001 + +ENTRYPOINT [ "/deployments/run-java.sh" ] \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..796fdbf --- /dev/null +++ b/Makefile @@ -0,0 +1,32 @@ + +MVN=./mvnw + +VERSION?=$(shell $(MVN) -q -Dexec.executable=echo -Dexec.args='$${project.version}' --non-recursive exec:exec) + +DOCKER_REPO=ghcr.io/oviva-ag/ +IMAGE_NAME=ehealthid-relying-party + +GIT_COMMIT=`git rev-parse HEAD` + +.PHONY: update-version test unit-test integration-test setup dist build clean install docker + +build: + @$(MVN) -T 8 $(MAVEN_CLI_OPTS) -am package + +clean: + @$(MVN) -T 8 $(MAVEN_CLI_OPTS) -am clean + +test: + @$(MVN) -B verify + +update-version: + @$(MVN) -B versions:set "-DnewVersion=$(VERSION)" + +docker: build + @docker build -t $(IMAGE_NAME):v$(VERSION) . + +dist: build +ifndef RELEASE_TAG + $(error RELEASE_TAG is not set) +endif + docker buildx build --push --platform linux/amd64,linux/arm64 --label git-commit=$(GIT_COMMIT) --tag "$(DOCKER_REPO)$(IMAGE_NAME):$(RELEASE_TAG)" . diff --git a/README.md b/README.md index e194dea..8b03c29 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ # TODO In order of priority: - [ ] Health endpoint - sanity check whether Jakarta ws is up should be enough. I.e. `/health` -- [ ] Dockerfile + CI/CD +- [ ] Continuous Deployment - [ ] Helm chart (externally) - [ ] Internationalization (ResourceBundles) for templates (en & de) - see [Mustache Library](https://github.com/spullara/mustache.java/blob/main/compiler/src/main/java/com/github/mustachejava/functions/BundleFunctions.java)