Merge pull request #462 from RADAR-base/release-2.4.2

Release 2.4.2

.github/workflows/main.yml

@@ -1,8 +1,9 @@
 # Continuous integration, including test and integration test
 name: CI
 
-# Run in master and dev branches and in all pull requests to those branches
+# Run in master and dev branches and in all pull requests to those branches, as well as on workflow dispatch for downstream testing
 on:
+ workflow_dispatch:
  push:
  branches: [ master, dev ]
  pull_request:
@@ -33,13 +34,15 @@ jobs:
  - name: Compile code
  run: ./gradlew assemble
 
+ # Use 'docker compose' instead of 'docker-compose' to use v2
  - name: Setup docker services
  run: |
  sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
  sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
- docker-compose -f src/integrationTest/resources/docker/docker-compose.yml up -d postgres managementportal
+ docker compose -f src/integrationTest/resources/docker/non_appserver/docker-compose.yml up -d
  # Wait for services to start up.
  sleep 50
+
  - name: Install gpg secret key
  run: |
  cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
@@ -60,10 +63,52 @@ jobs:
  if-no-files-found: ignore
  retention-days: 5
 
+ # Build and test the code against the :dev docker image of parent repositories
+ test-downstream:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+ # only run this on 'ready for review' PRs or when triggered by an upstream job
+ if: github.event.pull_request.draft == false || github.event_name == 'workflow_dispatch'
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - uses: actions/checkout@v3
+
+ - uses: actions/setup-java@v3
+ with:
+ java-version: 17
+ distribution: temurin
+
+ # Use 'docker compose' instead of 'docker-compose' to use v2
+ - name: Setup docker services (:dev)
+ run: |
+ sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
+ sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
+ # call docker compose without args to include the override file
+ cd src/integrationTest/resources/docker/appserver_downstream
+ docker compose up -d
+ # Wait for services to start up.
+ sleep 50
+
+ - name: Install gpg secret key
+ run: |
+ cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
+ gpg --list-secret-keys --keyid-format LONG
+
+ - name: Decrypt google application credentials
+ run: |
+ gpg --pinentry-mode loopback --local-user "Yatharth Ranjan" --batch --yes --passphrase "${{ secrets.GPG_SECRET_KEY_PASSPHRASE }}" --output src/integrationTest/resources/google-credentials.json --decrypt src/integrationTest/resources/google-credentials.enc.gpg
+
+ # Gradle check
+ - name: Check
+ run: GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/src/integrationTest/resources/google-credentials.json ./gradlew check
+
  # Check that the docker image builds correctly
  docker:
  # The type of runner that the job will run on
  runs-on: ubuntu-latest
+ if: github.event_name != 'workflow_dispatch'
 
  # Steps represent a sequence of tasks that will be executed as part of the job
  steps:

build.gradle

@@ -14,7 +14,7 @@ apply plugin: 'io.spring.dependency-management'
 apply plugin: 'scala'
 
 group = 'org.radarbase'
-version = '2.4.1'
+version = '2.4.2'
 
 java {
  toolchain {
@@ -24,7 +24,6 @@ java {
 
 repositories {
  mavenCentral()
- mavenLocal()
  maven { url = "https://oss.sonatype.org/content/repositories/snapshots" }
 }
 
@@ -39,9 +38,10 @@ ext {
  springDocVersion = '2.2.0'
  lombokVersion = '1.18.26'
  junit5Version = '5.9.2'
- radarSpringAuthVersion = '1.2.0'
+ radarSpringAuthVersion = '1.2.1'
  springSecurityVersion = '6.0.2'
  hibernateValidatorVersion = '8.0.0.Final'
+ minioVersion = '8.5.10'
 }
 
 sourceSets {
@@ -61,10 +61,12 @@ dependencies {
  implementation('org.springframework.boot:spring-boot-starter-quartz')
  implementation('org.springframework.boot:spring-boot-starter-security')
  implementation('org.springframework.boot:spring-boot-starter-actuator')
+ implementation('org.springframework.boot:spring-boot-starter-mail')
  implementation group: "org.springframework.security", name: "spring-security-config", version: springSecurityVersion
  implementation('org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:' + springBootVersion)
  implementation('org.springframework.security.oauth:spring-security-oauth2:' + springOauth2Version)
  runtimeOnly("org.hibernate.validator:hibernate-validator:$hibernateValidatorVersion")
+ implementation("io.minio:minio:$minioVersion")
 
  // Open API spec
  implementation(group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: springDocVersion)
@@ -207,3 +209,7 @@ tasks.named("dependencyUpdates").configure {
  isNonStable(it.candidate.version)
  }
 }
+
+pmd {
+ sourceSets = [sourceSets.main]
+}

settings.gradle

@@ -1 +1 @@
-rootProject.name = 'appserver'
+rootProject.name = 'appserver'

src/integrationTest/java/org/radarbase/appserver/auth/NotificationEndpointAuthTest.java

@@ -50,6 +50,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.ResourceAccessException;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@@ -158,20 +159,23 @@ public void unauthorisedCreateNotificationsForUser() {
  HttpEntity<FcmNotificationDto> notificationDtoHttpEntity =
  new HttpEntity<>(fcmNotificationDto, HEADERS);
 
- ResponseEntity<FcmNotificationDto> notificationDtoResponseEntity =
- restTemplate.exchange(
- createURLWithPort(
- port,
- ProjectEndpointAuthTest.PROJECT_PATH
- + UserEndpointAuthTest.DEFAULT_PROJECT
- + UserEndpointAuthTest.USER_PATH
- + DEFAULT_USER
- + NOTIFICATION_PATH),
- HttpMethod.POST,
- notificationDtoHttpEntity,
- FcmNotificationDto.class);
-
- assertEquals(HttpStatus.UNAUTHORIZED, notificationDtoResponseEntity.getStatusCode());
+ ResponseEntity<FcmNotificationDto> notificationDtoResponseEntity = null;
+ try {
+ notificationDtoResponseEntity =
+ restTemplate.exchange(
+ createURLWithPort(
+ port,
+ ProjectEndpointAuthTest.PROJECT_PATH
+ + UserEndpointAuthTest.DEFAULT_PROJECT
+ + UserEndpointAuthTest.USER_PATH
+ + DEFAULT_USER
+ + NOTIFICATION_PATH),
+ HttpMethod.POST,
+ notificationDtoHttpEntity,
+ FcmNotificationDto.class);
+ } catch (ResourceAccessException e) {
+ assertEquals(notificationDtoResponseEntity, null);
+ }
  }
 
  @Test
@@ -295,4 +299,4 @@ public void forbiddenViewNotificationsForOtherProject() {
 
  assertEquals(HttpStatus.UNAUTHORIZED, notificationDtoResponseEntity.getStatusCode());
  }
-}
+}

src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java

@@ -41,10 +41,12 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.ResourceAccessException;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @TestMethodOrder(OrderAnnotation.class)
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class ProjectEndpointAuthTest {
 
  public static final String PROJECT_PATH = "/projects";
@@ -70,13 +72,17 @@ public void unauthorisedCreateProject() {
  ProjectDto projectDto = new ProjectDto().setProjectId("radar");
  HttpEntity<ProjectDto> projectEntity = new HttpEntity<>(projectDto, HEADERS);
 
- ResponseEntity<ProjectDto> responseEntity =
- restTemplate.exchange(
- createURLWithPort(port, PROJECT_PATH),
- HttpMethod.POST,
- projectEntity,
- ProjectDto.class);
- assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+ ResponseEntity<ProjectDto> responseEntity = null;
+ try {
+ responseEntity =
+ restTemplate.exchange(
+ createURLWithPort(port, PROJECT_PATH),
+ HttpMethod.POST,
+ projectEntity,
+ ProjectDto.class);
+ } catch (ResourceAccessException e) {
+ assertEquals(responseEntity, null);
+ } 
  }
 
  @Test
@@ -167,4 +173,4 @@ public void getForbiddenProjectWithAuth() {
  // Access denied as the user has only access to the project that it is part of.
  assertEquals(HttpStatus.FORBIDDEN, responseEntity.getStatusCode());
  }
-}
+}

src/integrationTest/java/org/radarbase/appserver/auth/UserEndpointAuthTest.java

@@ -46,6 +46,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.ResourceAccessException;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@@ -109,15 +110,18 @@ public void unauthorisedViewSingleUser() {
  public void unauthorisedCreateUser() {
  HttpEntity<FcmUserDto> userDtoHttpEntity = new HttpEntity<>(userDto, HEADERS);
 
- ResponseEntity<FcmUserDto> responseEntity =
- restTemplate.exchange(
- createURLWithPort(
- port, ProjectEndpointAuthTest.PROJECT_PATH + DEFAULT_PROJECT + USER_PATH),
- HttpMethod.POST,
- userDtoHttpEntity,
- FcmUserDto.class);
-
- assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+ ResponseEntity<FcmUserDto> responseEntity = null;
+ try {
+ responseEntity =
+ restTemplate.exchange(
+ createURLWithPort(
+ port, ProjectEndpointAuthTest.PROJECT_PATH + DEFAULT_PROJECT + USER_PATH),
+ HttpMethod.POST,
+ userDtoHttpEntity,
+ FcmUserDto.class);
+ } catch (ResourceAccessException e) {
+ assertEquals(responseEntity, null);
+ }
  }
 
  @Test
@@ -202,4 +206,4 @@ public void viewAllUsers() {
  // This should return a filtered list of users for which the token has access.
  assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
  }
-}
+}

src/integrationTest/resources/application.properties

@@ -25,7 +25,7 @@ spring.jpa.hibernate.ddl-auto=none
 spring.datasource.username=postgres
 spring.datasource.password=radar
 spring.datasource.url=jdbc:postgresql://localhost:5432/radar
-#jdbc:hsqldb:hsql://localhost:9001/appserver for running hsql separately in dev or testing
+# jdbc:hsqldb:hsql://localhost:9001/appserver for running hsql separately in dev or testing
 spring.jpa.properties.hibernate.jdbc.time_zone=UTC
 spring.jpa.properties.hibernate.generate_statistics=false
 spring.jpa.properties.hibernate.jdbc.batch_size=20
@@ -87,7 +87,7 @@ spring.datasource.hikari.leakDetectionThreshold=120000
 # OAuth2 Resource Server Security
 security.oauth2.resource.id=res_AppServer
 security.radar.managementportal.enabled=true
-security.radar.managementportal.url=http://localhost:8081
+security.radar.managementportal.url=http://localhost:8081/managementportal
 # OAuth2 Client Security
 #security.oauth2.client.clientId=
 #security.oauth2.client.clientSecret=

src/integrationTest/resources/docker/appserver.yml

@@ -0,0 +1,22 @@
+version: "3.8"
+
+services:
+ appserver:
+ image: radarbase/radar-appserver
+ build: ../../../..
+ restart: always
+ ports:
+ - "8080:8080"
+ volumes:
+ - ../radar-is.yml:/resources/radar-is.yml
+ - ../../../../logs/:/var/log/radar/appserver/
+ environment:
+ JDK_JAVA_OPTIONS: -Xmx4G -Djava.security.egd=file:/dev/./urandom
+ FCMSERVER_SENDERID: "1043784930865"
+ FCMSERVER_SERVERKEY: "AAAA8wZuFjE:APA91bGpJQ3Sft0mZAaVMjDJGNLjFsdDLTo-37ZN69r4lKlHiRN78t4bCfkNKcXG5c9cJg-eGtWB7FqceQUDVtf7B1Zvw_2ycynqwKe2YqXFeyaq83Gf0R3AS1EKSWFS60GCr8eUEliz"
+ RADAR_ADMIN_USER: "radar"
+ RADAR_ADMIN_PASSWORD: "radar"
+ SPRING_APPLICATION_JSON: '{"spring":{"boot":{"admin":{"client":{"url":"http://spring-boot-admin:1111","username":"radar","password":"appserver"}}}}}'
+ RADAR_IS_CONFIG_LOCATION: "/resources/radar-is.yml"
+ SPRING_BOOT_ADMIN_CLIENT_INSTANCE_NAME: radar-appserver
+ SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/radar

src/integrationTest/resources/docker/appserver_dockerhub/docker-compose.yml

@@ -0,0 +1,15 @@
+# start the dockerstack using a prebuilt image pulled from dockerhub. This stack does not work without adding GOOGLE_APPLICATION_CREDENTIALS
+version: "3.8"
+
+include:
+ - "../non_appserver/docker-compose.yml"
+
+services:
+ appserver:
+ extends:
+ file: ../appserver.yml
+ service: appserver
+ networks:
+ - db
+ - default
+ - admin

src/integrationTest/resources/docker/appserver_downstream/docker-compose.override.yml

@@ -0,0 +1,8 @@
+version: "3.8"
+
+services:
+ managementportal:
+ extends:
+ file: ../managementportal.yml
+ service: managementportal
+ image: radarbase/management-portal:dev

src/integrationTest/resources/docker/appserver_downstream/docker-compose.yml

@@ -0,0 +1,8 @@
+# start the supporting dockerstack using the :dev image of the managementportal dependency.
+version: "3.8"
+
+include:
+ - "../non_appserver/docker-compose.yml"
+
+# This file should be called in conjunction with the accompanying docker-compose.override.yml file
+# This can be done by navigating to the directory with both files and calling 'docker compose up -d'

src/integrationTest/resources/docker/appserver_local/docker-compose.yml

@@ -0,0 +1,16 @@
+# start the dockerstack using a locally built docker image of the appserver. This stack does not work without adding GOOGLE_APPLICATION_CREDENTIALS
+version: "3.8"
+
+include:
+ - "../non_appserver/docker-compose.yml"
+
+services:
+ appserver:
+ extends:
+ file: ../appserver.yml
+ service: appserver
+ image: appserver
+ networks:
+ - db
+ - default
+ - admin