Release 2.4.2

.github/workflows/main.yml

@@ -1,8 +1,9 @@
 # Continuous integration, including test and integration test
 name: CI
 
-# Run in master and dev branches and in all pull requests to those branches
+# Run in master and dev branches and in all pull requests to those branches, as well as on workflow dispatch for downstream testing
 on:
+  workflow_dispatch:
   push:
     branches: [ master, dev ]
   pull_request:
@@ -33,13 +34,15 @@ jobs:
       - name: Compile code
         run: ./gradlew assemble
 
+      # Use 'docker compose' instead of 'docker-compose' to use v2
       - name: Setup docker services
         run: |
             sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
             sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
-            docker-compose -f src/integrationTest/resources/docker/docker-compose.yml up -d postgres managementportal
+            docker compose -f src/integrationTest/resources/docker/non_appserver/docker-compose.yml up -d
             # Wait for services to start up.
             sleep 50
+
       - name: Install gpg secret key
         run: |
           cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
@@ -60,10 +63,52 @@ jobs:
           if-no-files-found: ignore
           retention-days: 5
 
+  # Build and test the code against the :dev docker image of parent repositories
+  test-downstream:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    # only run this on 'ready for review' PRs or when triggered by an upstream job
+    if: github.event.pull_request.draft == false || github.event_name == 'workflow_dispatch'
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: temurin
+
+        # Use 'docker compose' instead of 'docker-compose' to use v2
+      - name: Setup docker services (:dev)
+        run: |
+          sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
+          sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
+          # call docker compose without args to include the override file
+          cd src/integrationTest/resources/docker/appserver_downstream
+          docker compose up -d
+          # Wait for services to start up.
+          sleep 50
+
+      - name: Install gpg secret key
+        run: |
+          cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
+          gpg --list-secret-keys --keyid-format LONG
+
+      - name: Decrypt google application credentials
+        run: |
+          gpg --pinentry-mode loopback --local-user "Yatharth Ranjan" --batch --yes --passphrase "${{ secrets.GPG_SECRET_KEY_PASSPHRASE }}" --output src/integrationTest/resources/google-credentials.json --decrypt src/integrationTest/resources/google-credentials.enc.gpg
+
+      # Gradle check
+      - name: Check
+        run: GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/src/integrationTest/resources/google-credentials.json ./gradlew check
+
   # Check that the docker image builds correctly
   docker:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    if: github.event_name != 'workflow_dispatch'
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:

build.gradle

@@ -14,7 +14,7 @@ apply plugin: 'io.spring.dependency-management'
 apply plugin: 'scala'
 
 group = 'org.radarbase'
-version = '2.4.1'
+version = '2.4.2'
 
 java {
     toolchain {
@@ -24,7 +24,6 @@ java {
 
 repositories {
     mavenCentral()
-    mavenLocal()
     maven { url = "https://oss.sonatype.org/content/repositories/snapshots" }
 }
 
@@ -39,9 +38,10 @@ ext {
     springDocVersion = '2.2.0'
     lombokVersion = '1.18.26'
     junit5Version = '5.9.2'
-    radarSpringAuthVersion = '1.2.0'
+    radarSpringAuthVersion = '1.2.1'
     springSecurityVersion = '6.0.2'
     hibernateValidatorVersion = '8.0.0.Final'
+    minioVersion = '8.5.10'
 }
 
 sourceSets {
@@ -61,10 +61,12 @@ dependencies {
     implementation('org.springframework.boot:spring-boot-starter-quartz')
     implementation('org.springframework.boot:spring-boot-starter-security')
     implementation('org.springframework.boot:spring-boot-starter-actuator')
+    implementation('org.springframework.boot:spring-boot-starter-mail')
     implementation group: "org.springframework.security", name: "spring-security-config", version: springSecurityVersion
     implementation('org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:' + springBootVersion)
     implementation('org.springframework.security.oauth:spring-security-oauth2:' + springOauth2Version)
     runtimeOnly("org.hibernate.validator:hibernate-validator:$hibernateValidatorVersion")
+    implementation("io.minio:minio:$minioVersion")
 
     // Open API spec
     implementation(group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: springDocVersion)
@@ -207,3 +209,7 @@ tasks.named("dependencyUpdates").configure {
         isNonStable(it.candidate.version)
     }
 }
+
+pmd {
+    sourceSets = [sourceSets.main]
+}

settings.gradle

@@ -1 +1 @@
-rootProject.name = 'appserver'
+rootProject.name = 'appserver'

src/integrationTest/java/org/radarbase/appserver/auth/NotificationEndpointAuthTest.java

@@ -50,6 +50,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.ResourceAccessException;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@@ -158,20 +159,23 @@ public void unauthorisedCreateNotificationsForUser() {
     HttpEntity<FcmNotificationDto> notificationDtoHttpEntity =
         new HttpEntity<>(fcmNotificationDto, HEADERS);
 
-    ResponseEntity<FcmNotificationDto> notificationDtoResponseEntity =
-        restTemplate.exchange(
-            createURLWithPort(
-                port,
-                ProjectEndpointAuthTest.PROJECT_PATH
-                    + UserEndpointAuthTest.DEFAULT_PROJECT
-                    + UserEndpointAuthTest.USER_PATH
-                    + DEFAULT_USER
-                    + NOTIFICATION_PATH),
-            HttpMethod.POST,
-            notificationDtoHttpEntity,
-            FcmNotificationDto.class);
-
-    assertEquals(HttpStatus.UNAUTHORIZED, notificationDtoResponseEntity.getStatusCode());
+    ResponseEntity<FcmNotificationDto> notificationDtoResponseEntity = null;
+    try {
+      notificationDtoResponseEntity =
+          restTemplate.exchange(
+              createURLWithPort(
+                  port,
+                  ProjectEndpointAuthTest.PROJECT_PATH
+                      + UserEndpointAuthTest.DEFAULT_PROJECT
+                      + UserEndpointAuthTest.USER_PATH
+                      + DEFAULT_USER
+                      + NOTIFICATION_PATH),
+              HttpMethod.POST,
+              notificationDtoHttpEntity,
+              FcmNotificationDto.class);
+    } catch (ResourceAccessException e) {
+      assertEquals(notificationDtoResponseEntity, null);
+    }
   }
 
   @Test
@@ -295,4 +299,4 @@ public void forbiddenViewNotificationsForOtherProject() {
 
     assertEquals(HttpStatus.UNAUTHORIZED, notificationDtoResponseEntity.getStatusCode());
   }
-}
+}

src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java

@@ -41,10 +41,12 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.ResourceAccessException;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @TestMethodOrder(OrderAnnotation.class)
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class ProjectEndpointAuthTest {
 
   public static final String PROJECT_PATH = "/projects";
@@ -70,13 +72,17 @@ public void unauthorisedCreateProject() {
     ProjectDto projectDto = new ProjectDto().setProjectId("radar");
     HttpEntity<ProjectDto> projectEntity = new HttpEntity<>(projectDto, HEADERS);
 
-    ResponseEntity<ProjectDto> responseEntity =
-        restTemplate.exchange(
-            createURLWithPort(port, PROJECT_PATH),
-            HttpMethod.POST,
-            projectEntity,
-            ProjectDto.class);
-    assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+    ResponseEntity<ProjectDto> responseEntity = null;
+    try {
+      responseEntity =
+          restTemplate.exchange(
+              createURLWithPort(port, PROJECT_PATH),
+              HttpMethod.POST,
+              projectEntity,
+              ProjectDto.class);
+    } catch (ResourceAccessException e) {
+      assertEquals(responseEntity, null);
+    }  
   }
 
   @Test
@@ -167,4 +173,4 @@ public void getForbiddenProjectWithAuth() {
     // Access denied as the user has only access to the project that it is part of.
     assertEquals(HttpStatus.FORBIDDEN, responseEntity.getStatusCode());
   }
-}
+}

src/integrationTest/java/org/radarbase/appserver/auth/UserEndpointAuthTest.java

@@ -46,6 +46,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.web.client.ResourceAccessException;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@@ -109,15 +110,18 @@ public void unauthorisedViewSingleUser() {
   public void unauthorisedCreateUser() {
     HttpEntity<FcmUserDto> userDtoHttpEntity = new HttpEntity<>(userDto, HEADERS);
 
-    ResponseEntity<FcmUserDto> responseEntity =
-        restTemplate.exchange(
-            createURLWithPort(
-                port, ProjectEndpointAuthTest.PROJECT_PATH + DEFAULT_PROJECT + USER_PATH),
-            HttpMethod.POST,
-            userDtoHttpEntity,
-            FcmUserDto.class);
-
-    assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+    ResponseEntity<FcmUserDto> responseEntity = null;
+    try {
+      responseEntity =
+          restTemplate.exchange(
+              createURLWithPort(
+                  port, ProjectEndpointAuthTest.PROJECT_PATH + DEFAULT_PROJECT + USER_PATH),
+              HttpMethod.POST,
+              userDtoHttpEntity,
+              FcmUserDto.class);
+    } catch (ResourceAccessException e) {
+      assertEquals(responseEntity, null);
+    }
   }
 
   @Test
@@ -202,4 +206,4 @@ public void viewAllUsers() {
     // This should return a filtered list of users for which the token has access.
     assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
   }
-}
+}

src/integrationTest/resources/application.properties

@@ -25,7 +25,7 @@ spring.jpa.hibernate.ddl-auto=none
 spring.datasource.username=postgres
 spring.datasource.password=radar
 spring.datasource.url=jdbc:postgresql://localhost:5432/radar
-#jdbc:hsqldb:hsql://localhost:9001/appserver for running hsql separately in dev or testing
+# jdbc:hsqldb:hsql://localhost:9001/appserver for running hsql separately in dev or testing
 spring.jpa.properties.hibernate.jdbc.time_zone=UTC
 spring.jpa.properties.hibernate.generate_statistics=false
 spring.jpa.properties.hibernate.jdbc.batch_size=20
@@ -87,7 +87,7 @@ spring.datasource.hikari.leakDetectionThreshold=120000
 # OAuth2 Resource Server Security
 security.oauth2.resource.id=res_AppServer
 security.radar.managementportal.enabled=true
-security.radar.managementportal.url=http://localhost:8081
+security.radar.managementportal.url=http://localhost:8081/managementportal
 # OAuth2 Client Security
 #security.oauth2.client.clientId=
 #security.oauth2.client.clientSecret=

src/integrationTest/resources/docker/appserver.yml

@@ -0,0 +1,22 @@
+version: "3.8"
+
+services:
+  appserver:
+    image: radarbase/radar-appserver
+    build: ../../../..
+    restart: always
+    ports:
+      - "8080:8080"
+    volumes:
+      - ../radar-is.yml:/resources/radar-is.yml
+      - ../../../../logs/:/var/log/radar/appserver/
+    environment:
+      JDK_JAVA_OPTIONS: -Xmx4G -Djava.security.egd=file:/dev/./urandom
+      FCMSERVER_SENDERID: "1043784930865"
+      FCMSERVER_SERVERKEY: "AAAA8wZuFjE:APA91bGpJQ3Sft0mZAaVMjDJGNLjFsdDLTo-37ZN69r4lKlHiRN78t4bCfkNKcXG5c9cJg-eGtWB7FqceQUDVtf7B1Zvw_2ycynqwKe2YqXFeyaq83Gf0R3AS1EKSWFS60GCr8eUEliz"
+      RADAR_ADMIN_USER: "radar"
+      RADAR_ADMIN_PASSWORD: "radar"
+      SPRING_APPLICATION_JSON: '{"spring":{"boot":{"admin":{"client":{"url":"http://spring-boot-admin:1111","username":"radar","password":"appserver"}}}}}'
+      RADAR_IS_CONFIG_LOCATION: "/resources/radar-is.yml"
+      SPRING_BOOT_ADMIN_CLIENT_INSTANCE_NAME: radar-appserver
+      SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/radar

src/integrationTest/resources/docker/appserver_dockerhub/docker-compose.yml

@@ -0,0 +1,15 @@
+# start the dockerstack using a prebuilt image pulled from dockerhub. This stack does not work without adding GOOGLE_APPLICATION_CREDENTIALS
+version: "3.8"
+
+include:
+  - "../non_appserver/docker-compose.yml"
+
+services:
+  appserver:
+    extends:
+      file: ../appserver.yml
+      service: appserver
+    networks:
+      - db
+      - default
+      - admin

src/integrationTest/resources/docker/appserver_downstream/docker-compose.override.yml

@@ -0,0 +1,8 @@
+version: "3.8"
+
+services:
+  managementportal:
+    extends:
+      file: ../managementportal.yml
+      service: managementportal
+    image: radarbase/management-portal:dev

src/integrationTest/resources/docker/appserver_downstream/docker-compose.yml

@@ -0,0 +1,8 @@
+# start the supporting dockerstack using the :dev image of the managementportal dependency.
+version: "3.8"
+
+include:
+  - "../non_appserver/docker-compose.yml"
+
+# This file should be called in conjunction with the accompanying docker-compose.override.yml file
+# This can be done by navigating to the directory with both files and calling 'docker compose up -d'

src/integrationTest/resources/docker/appserver_local/docker-compose.yml

@@ -0,0 +1,16 @@
+# start the dockerstack using a locally built docker image of the appserver. This stack does not work without adding GOOGLE_APPLICATION_CREDENTIALS
+version: "3.8"
+
+include:
+  - "../non_appserver/docker-compose.yml"
+
+services:
+  appserver:
+    extends:
+      file: ../appserver.yml
+      service: appserver
+    image: appserver
+    networks:
+      - db
+      - default
+      - admin