Release 1.10.0

CZERTAINLY · Sep 5, 2024 · 37737e0 · 37737e0
2 parents 6be4e97 + 89d8396
commit 37737e0
Show file tree

Hide file tree

Showing 18 changed files with 458 additions and 178 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,14 +16,11 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Set up JDK 17
+      - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
-          server-id: github # value of repository/id field of the pom.xml
-          server-username: GITHUB_USER_REF
-          server-password: GITHUB_TOKEN_REF
       - name: Cache Maven packages
         uses: actions/cache@v4
         with:
@@ -33,8 +30,6 @@ jobs:
       - name: Build and analyze
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          GITHUB_USER_REF: ${{ secrets.GH_PACKAGE_REPO_USERNAME }}
-          GITHUB_TOKEN_REF: ${{ secrets.GH_PACKAGE_REPO_PASSWORD }}
         run: mvn -B -U verify
   build:
     if: github.event_name != 'pull_request'
@@ -44,10 +39,10 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Set up JDK 17
+      - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
           server-id: github # value of repository/id field of the pom.xml
           server-username: GITHUB_USER_REF
@@ -67,8 +62,4 @@ jobs:
       - name: Build and analyze
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-          GITHUB_USER_REF: ${{ secrets.GH_PACKAGE_REPO_USERNAME }}
-          GITHUB_TOKEN_REF: ${{ secrets.GH_PACKAGE_REPO_PASSWORD }}
-        run: mvn -B -U verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+        run: mvn -B verify
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -72,10 +72,10 @@ jobs:
     #     echo "Run, Build Application using script"
     #     ./location_of_script_within_repo/buildscript.sh
 
-    - name: Set up JDK 17
+    - name: Set up JDK 21
       uses: actions/setup-java@v4
       with:
-        java-version: 17
+        java-version: 21
         distribution: 'temurin'
         server-id: github # value of repository/id field of the pom.xml
         server-username: GITHUB_USER_REF

diff --git a/.github/workflows/publish_docker_3key.yaml b/.github/workflows/publish_docker_3key.yaml
@@ -0,0 +1,75 @@
+name: Publish 3Key Docker image
+
+on:
+  push:
+    branches: [develop]
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  push_to_registry:
+    name: Push Docker images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.5.0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to 3Key Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_3KEY_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_3KEY_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            3keycompany/czertainly-ejbca-ng-connector
+          tags: |
+            type=ref,event=tag
+            type=raw,value=develop-latest
+            type=sha,prefix=develop-,format=long
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        id: build-and-push
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Sign images with a key
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+
+      - name: Push README to 3Key Docker Hub
+        uses: christian-korneck/update-container-description-action@v1
+        env:
+          DOCKER_USER: ${{ secrets.DOCKER_HUB_3KEY_USERNAME }}
+          DOCKER_PASS: ${{ secrets.DOCKER_HUB_3KEY_PASSWORD }}
+        with:
+          destination_container_repo: 3keycompany/czertainly-ejbca-ng-connector
+          provider: dockerhub
diff --git a/.github/workflows/publish_docker_czertainly.yaml b/.github/workflows/publish_docker_czertainly.yaml
@@ -0,0 +1,75 @@
+name: Publish CZERTAINLY Docker image
+
+on:
+  push:
+    branches: [develop]
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  push_to_registry:
+    name: Push Docker images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.5.0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to CZERTAINLY Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_CZERTAINLY_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_CZERTAINLY_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            czertainly/czertainly-ejbca-ng-connector
+          tags: |
+            type=ref,event=tag
+            type=raw,value=develop-latest
+            type=sha,prefix=develop-,format=long
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        id: build-and-push
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Sign images with a key
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+
+      - name: Push README to CZERTAINLY Docker Hub
+        uses: christian-korneck/update-container-description-action@v1
+        env:
+          DOCKER_USER: ${{ secrets.DOCKER_HUB_CZERTAINLY_USERNAME }}
+          DOCKER_PASS: ${{ secrets.DOCKER_HUB_CZERTAINLY_PASSWORD }}
+        with:
+          destination_container_repo: czertainly/czertainly-ejbca-ng-connector
+          provider: dockerhub
diff --git a/.github/workflows/publish_harbor_3key.yaml b/.github/workflows/publish_harbor_3key.yaml
@@ -0,0 +1,76 @@
+name: Publish 3Key Harbor image
+
+on:
+  push:
+    branches: [develop]
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  push_to_registry:
+    name: Push Docker images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.5.0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to 3Key Harbor
+        uses: docker/login-action@v3
+        with:
+          registry: harbor.3key.company
+          username: ${{ secrets.HARBOR_3KEY_USERNAME }}
+          password: ${{ secrets.HARBOR_3KEY_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            harbor.3key.company/czertainly/czertainly-ejbca-ng-connector
+          tags: |
+            type=ref,event=tag
+            type=raw,value=develop-latest
+            type=sha,prefix=develop-,format=long
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        id: build-and-push
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Sign images with a key
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+
+      - name: Push README to 3Key Harbor
+        uses: christian-korneck/update-container-description-action@v1
+        env:
+          DOCKER_USER: ${{ secrets.HARBOR_3KEY_USERNAME }}
+          DOCKER_PASS: ${{ secrets.HARBOR_3KEY_PASSWORD }}
+        with:
+          destination_container_repo: harbor.3key.company/czertainly/czertainly-ejbca-ng-connector
+          provider: harbor2
diff --git a/.github/workflows/test_docker_image.yaml b/.github/workflows/test_docker_image.yaml
@@ -0,0 +1,43 @@
+name: Test Docker image
+
+on:
+  pull_request:
+    branches: [ develop ]
+  workflow_dispatch:
+
+jobs:
+  push_to_registry:
+    name: Build Docker images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            czertainly/czertainly-ejbca-ng-connector
+            3keycompany/czertainly-ejbca-ng-connector
+            harbor.3key.company/czertainly/czertainly-ejbca-ng-connector
+          tags: |
+            type=ref,event=tag
+            type=raw,value=develop-latest
+            type=sha,prefix=develop-,format=long
+
+      - name: Test build Docker image
+        uses: docker/build-push-action@v6
+        id: build-and-push
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: ./Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}