Merge remote-tracking branch 'origin/develop' into dev2 IQSS#7129

tcoupin · Apr 10, 2023 · f6bc314 · f6bc314
2 parents 7938721 + 82e0d94
commit f6bc314
Show file tree

Hide file tree

Showing 588 changed files with 29,939 additions and 8,559 deletions.
diff --git a/.env b/.env
@@ -0,0 +1,4 @@
+APP_IMAGE=gdcc/dataverse:unstable
+POSTGRES_VERSION=13
+DATAVERSE_DB_USER=dataverse
+SOLR_VERSION=8.11.1
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,11 +1,13 @@
 ---
 name: Bug report
-about: Did you encounter something unexpected or incorrect in the Dataverse software? We'd like to hear about it!
+about: Did you encounter something unexpected or incorrect in the Dataverse software?
+  We'd like to hear about it!
 title: ''
 labels: ''
 assignees: ''
 
 ---
+
 <!--
 Thank you for contributing to the Dataverse Project through the creation of a bug report!
 

diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -6,6 +6,7 @@ labels: ''
 assignees: ''
 
 ---
+
 <!--
 Thank you for contributing to the Dataverse Project through the creation of a feature request!
 
@@ -32,4 +33,4 @@ Start below this comment section.
 **Any brand new behavior do you want to add to Dataverse?**
 
 
-**Any related open or closed issues to this feature request?**
+**Any open or closed issues related to this feature request?**
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,7 @@
+# Security
+
+To report a security vulnerability please email security@dataverse.org as explained at https://guides.dataverse.org/en/latest/installation/config.html#reporting-security-issues
+
+Advice on securing your installation can be found at https://guides.dataverse.org/en/latest/installation/config.html#securing-your-installation
+
+Security practices and procedures used by the Dataverse team are described at https://guides.dataverse.org/en/latest/developers/security.html
diff --git a/.github/workflows/container_base_push.yml b/.github/workflows/container_base_push.yml
@@ -0,0 +1,85 @@
+---
+name: Container Base Module
+
+on:
+    push:
+        branches:
+            - 'develop'
+            - 'master'
+        paths:
+            - 'modules/container-base/**'
+            - 'modules/dataverse-parent/pom.xml'
+            - '.github/workflows/container_base_push.yml'
+    pull_request:
+        branches:
+            - 'develop'
+            - 'master'
+        paths:
+            - 'modules/container-base/**'
+            - 'modules/dataverse-parent/pom.xml'
+            - '.github/workflows/container_base_push.yml'
+
+env:
+    IMAGE_TAG: unstable
+
+jobs:
+    build:
+        name: Build image
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: read
+        strategy:
+            matrix:
+                jdk: [ '11' ]
+        # Only run in upstream repo - avoid unnecessary runs in forks
+        if: ${{ github.repository_owner == 'IQSS' }}
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v3
+
+            - name: Set up JDK ${{ matrix.jdk }}
+              uses: actions/setup-java@v3
+              with:
+                  java-version: ${{ matrix.jdk }}
+                  distribution: 'adopt'
+            - name: Cache Maven packages
+              uses: actions/cache@v3
+              with:
+                  path: ~/.m2
+                  key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+                  restore-keys: ${{ runner.os }}-m2
+
+            - name: Build base container image with local architecture
+              run: mvn -f modules/container-base -Pct package
+
+            # Run anything below only if this is not a pull request.
+            # Accessing, pushing tags etc. to DockerHub will only succeed in upstream because secrets.
+
+            - if: ${{ github.event_name == 'push' && github.ref_name == 'develop' }}
+              name: Push description to DockerHub
+              uses: peter-evans/dockerhub-description@v3
+              with:
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_TOKEN }}
+                  repository: gdcc/base
+                  short-description: "Dataverse Base Container image providing Payara application server and optimized configuration"
+                  readme-filepath: ./modules/container-base/README.md
+
+            - if: ${{ github.event_name != 'pull_request' }}
+              name: Log in to the Container registry
+              uses: docker/login-action@v2
+              with:
+                  registry: ${{ env.REGISTRY }}
+                  username: ${{ secrets.DOCKERHUB_USERNAME }}
+                  password: ${{ secrets.DOCKERHUB_TOKEN }}
+            - if: ${{ github.event_name != 'pull_request' }}
+              name: Set up QEMU for multi-arch builds
+              uses: docker/setup-qemu-action@v2
+            - name: Re-set image tag based on branch
+              if: ${{ github.ref_name == 'master' }}
+              run: echo "IMAGE_TAG=stable"
+            - if: ${{ github.event_name != 'pull_request' }}
+              name: Deploy multi-arch base container image to Docker Hub
+              run: mvn -f modules/container-base -Pct deploy -Dbase.image.tag=${{ env.IMAGE_TAG }}
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
@@ -0,0 +1,24 @@
+name: "Shellcheck"
+on:
+    push:
+        paths:
+            - conf/solr/**
+            - modules/container-base/**
+    pull_request:
+        paths:
+            - conf/solr/**
+            - modules/container-base/**
+jobs:
+    shellcheck:
+        name: Shellcheck
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+            - name: shellcheck
+              uses: reviewdog/action-shellcheck@v1
+              with:
+                  github_token: ${{ secrets.github_token }}
+                  reporter: github-pr-review # Change reporter.
+                  fail_on_error: true
+                  # Container base image uses dumb-init shebang, so nail to using bash
+                  shellcheck_flags: "--shell=bash --external-sources"
diff --git a/.github/workflows/shellspec.yml b/.github/workflows/shellspec.yml
@@ -13,18 +13,6 @@ on:
 env:
     SHELLSPEC_VERSION: 0.28.1
 jobs:
-    shellcheck:
-        name: Shellcheck
-        runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@v2
-            - name: shellcheck
-              uses: reviewdog/action-shellcheck@v1
-              with:
-                  github_token: ${{ secrets.github_token }}
-                  reporter: github-pr-review # Change reporter.
-                  fail_on_error: true
-                  exclude: "./tests/shell/*"
     shellspec-ubuntu:
         name: "Ubuntu"
         runs-on: ubuntu-latest

diff --git a/.gitignore b/.gitignore
@@ -73,3 +73,6 @@ src/main/webapp/resources/images/dataverseproject.png.thumb140
 
 # apache-maven is downloaded by docker-aio
 apache-maven*
+
+# Docker development volumes
+/docker-dev-volumes
diff --git a/conf/docker-aio/0prep_deps.sh b/conf/docker-aio/0prep_deps.sh
@@ -4,9 +4,9 @@ if [ ! -d dv/deps ]; then
 fi
 wdir=`pwd`
 
-if [ ! -e dv/deps/payara-5.2021.6.zip ]; then
+if [ ! -e dv/deps/payara-5.2022.3.zip ]; then
 	echo "payara dependency prep"
-	wget https://s3-eu-west-1.amazonaws.com/payara.fish/Payara+Downloads/5.2021.6/payara-5.2021.6.zip  -O dv/deps/payara-5.2021.6.zip
+	wget https://s3-eu-west-1.amazonaws.com/payara.fish/Payara+Downloads/5.2022.3/payara-5.2022.3.zip  -O dv/deps/payara-5.2022.3.zip
 fi
 
 if [ ! -e dv/deps/solr-8.11.1dv.tgz ]; then

diff --git a/conf/docker-aio/c8.dockerfile b/conf/docker-aio/c8.dockerfile
@@ -24,7 +24,7 @@ COPY disableipv6.conf /etc/sysctl.d/
 RUN rm /etc/httpd/conf/*
 COPY httpd.conf /etc/httpd/conf 
 RUN cd /opt ; tar zxf /tmp/dv/deps/solr-8.11.1dv.tgz
-RUN cd /opt ; unzip /tmp/dv/deps/payara-5.2021.6.zip ; ln -s /opt/payara5 /opt/glassfish4
+RUN cd /opt ; unzip /tmp/dv/deps/payara-5.2022.3.zip ; ln -s /opt/payara5 /opt/glassfish4
 
 # this copy of domain.xml is the result of running `asadmin set server.monitoring-service.module-monitoring-levels.jvm=LOW` on a default glassfish installation (aka - enable the glassfish REST monitir endpoint for the jvm`
 # this dies under Java 11, do we keep it?

diff --git a/conf/docker-aio/readme.md b/conf/docker-aio/readme.md
@@ -1,5 +1,9 @@
 # Docker All-In-One
 
+> :information_source:  **NOTE: Sunsetting of this module is imminent.** There is no schedule yet, but expect it to go away.
+> Please let the [Dataverse Containerization Working Group](https://dc.wgs.gdcc.io) know if you are a user and
+> what should be preserved.
+
 First pass docker all-in-one image, intended for running integration tests against.
 Also usable for normal development and system evaluation; not intended for production.
 

diff --git a/conf/keycloak/docker-compose.yml b/conf/keycloak/docker-compose.yml
@@ -0,0 +1,15 @@
+version: "3.9"
+
+services:
+
+  keycloak:
+    image: 'jboss/keycloak:16.1.1'
+    environment:
+      - KEYCLOAK_USER=kcadmin
+      - KEYCLOAK_PASSWORD=kcpassword
+      - KEYCLOAK_IMPORT=/tmp/oidc-realm.json
+      - KEYCLOAK_LOGLEVEL=DEBUG
+    ports:
+      - "8090:8080"
+    volumes:
+      - './oidc-realm.json:/tmp/oidc-realm.json'
diff --git a/conf/keycloak/oidc-keycloak-auth-provider.json b/conf/keycloak/oidc-keycloak-auth-provider.json
@@ -0,0 +1,8 @@
+{
+  "id": "oidc-keycloak",
+  "factoryAlias": "oidc",
+  "title": "OIDC-Keycloak",
+  "subtitle": "OIDC-Keycloak",
+  "factoryData": "type: oidc | issuer: http://localhost:8090/auth/realms/oidc-realm | clientId: oidc-client | clientSecret: ss6gE8mODCDfqesQaSG3gwUwZqZt547E",
+  "enabled": true
+}