From 3d7080f9658b62ba30d77f592702e1ecc06d98a8 Mon Sep 17 00:00:00 2001 From: Ugur Cenar Date: Tue, 5 Sep 2023 17:34:17 +0200 Subject: [PATCH 1/3] Oppdater github workflow og fiks swagger annotering --- .github/.m2/maven-settings.xml | 14 +++ .github/workflows/deploy_feature.yaml | 96 +++++++++++++++++++ .github/workflows/pr.yaml | 94 +++++++++++++++--- .github/workflows/release.yaml | 86 +++++++++-------- .github/workflows/rollback_prod.yaml | 60 ++++++++++++ .gitignore | 1 + README.md | 20 +++- docker-compose.yaml | 17 ++++ initEnv.sh | 2 + pom.xml | 9 +- .../no/nav/bidrag/grunnlag/BidragGrunnlag.kt | 4 +- src/main/resources/application.yaml | 35 +++---- .../grunnlag/BidragGrunnlagLokalNais.kt | 23 +++++ .../resources/application-lokal-nais.yaml | 16 ++++ 14 files changed, 401 insertions(+), 76 deletions(-) create mode 100644 .github/.m2/maven-settings.xml create mode 100644 .github/workflows/deploy_feature.yaml create mode 100644 .github/workflows/rollback_prod.yaml create mode 100644 docker-compose.yaml create mode 100755 initEnv.sh create mode 100644 src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt create mode 100644 src/test/resources/application-lokal-nais.yaml diff --git a/.github/.m2/maven-settings.xml b/.github/.m2/maven-settings.xml new file mode 100644 index 00000000..8d27d889 --- /dev/null +++ b/.github/.m2/maven-settings.xml @@ -0,0 +1,14 @@ + + + + + github + ${env.GITHUB_USERNAME} + ${env.GITHUB_TOKEN} + + + + diff --git a/.github/workflows/deploy_feature.yaml b/.github/workflows/deploy_feature.yaml new file mode 100644 index 00000000..a2c19d01 --- /dev/null +++ b/.github/workflows/deploy_feature.yaml @@ -0,0 +1,96 @@ +name: Deploy feature +on: + push: + branches: + - '**' + - '!main' + +env: + GITHUB_USERNAME: x-access-token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + build: + permissions: + contents: "read" + id-token: "write" + name: Build with maven and docker + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + - uses: actions/cache@v3 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - run: mvn -Dmaven.test.skip=true -B -e --settings .github/.m2/maven-settings.xml clean install + - uses: nais/docker-build-push@v0 + id: docker-push + with: + team: bidrag + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + outputs: + image: ${{ steps.docker-push.outputs.image }} + tag: ${{ steps.docker-push.outputs.tag }} + + run-tests: + runs-on: ubuntu-latest + name: Run tests + needs: build + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + - uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - run: mvn -B -e --settings .github/.m2/maven-settings.xml clean install + + deploy-feature: + runs-on: ubuntu-latest + name: Deploy feature + needs: build + + steps: + - uses: actions/checkout@v3 + with: + path: deploy + - name: Deploy to dev-gcp for feature.yaml + uses: nais/deploy/actions/deploy@v1 + env: + APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} + CLUSTER: dev-gcp + RESOURCE: deploy/.nais/nais.yaml + VARS: deploy/.nais/feature.yaml + IMAGE: ${{ needs.build.outputs.image }} + + run_cucumber_tests: + runs-on: ubuntu-latest + name: Run cucumber tests + needs: deploy-feature + + env: + INGRESS_CUCUMBER: https://bidrag-cucumber-cloud-feature.ekstern.dev.nav.no + INGRESS_GRUNNLAG: https://bidrag-grunnlag-feature.intern.dev.nav.no + + steps: + - run: | + curl -H "Content-Type: application/json" -i \ + -H "Authorization: Basic ${{ secrets.BIDRAG_CUCUMBER_CLOUD_AUTH }}" \ + --request POST \ + --data '{"noContextPathForApps":["bidrag-grunnlag"],"ingressesForApps":[ + "${{ env.INGRESS_GRUNNLAG }}@tag:bidrag-grunnlag" + ]}' \ + ${{ env.INGRESS_CUCUMBER }}/bidrag-cucumber-cloud/run | tee .cucumber-result + cat .cucumber-result | grep HTTP/2 | grep -c 200 > /dev/null # fails if count is 0 (http status is not ok, aka http status code is not 200) \ No newline at end of file diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 613a3763..1960b53b 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,28 +1,94 @@ -name: test build on pull request -on: [pull_request] +name: Deploy to dev +on: + pull_request: + types: [ ready_for_review, opened, synchronize ] + +env: + GITHUB_USERNAME: x-access-token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: - build-pull-request: - name: Test pull-request + build: + if: github.event.pull_request.draft == false + permissions: + contents: "read" + id-token: "write" + name: Build with maven and docker runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 with: - ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-java@v1 + java-version: '17' + distribution: 'temurin' + - uses: actions/cache@v3 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - run: mvn -Dmaven.test.skip=true -B -e --settings .github/.m2/maven-settings.xml clean install + - uses: nais/docker-build-push@v0 + id: docker-push + with: + team: bidrag + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + outputs: + image: ${{ steps.docker-push.outputs.image }} + tag: ${{ steps.docker-push.outputs.tag }} + + run-tests: + runs-on: ubuntu-latest + name: Run tests + needs: build + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 with: java-version: '17' - - run: env - - uses: actions/cache@v1 + distribution: 'temurin' + - uses: actions/cache@v3 with: path: ~/.m2 key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - uses: navikt/bidrag-maven/setup@v4 + - run: mvn -B -e --settings .github/.m2/maven-settings.xml clean install + + deploy-main: + runs-on: ubuntu-latest + name: Deploy main + needs: build + steps: + - uses: actions/checkout@v3 with: - repositories: maven-central=https://repo.maven.apache.org/maven2,github-packages=https://maven.pkg.github.com/navikt/maven-release + path: deploy + - name: Deploy main branch to dev-gcp + uses: nais/deploy/actions/deploy@v1 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - run: mvn -B install -e + APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} + CLUSTER: dev-gcp + RESOURCE: deploy/.nais/nais.yaml + VARS: deploy/.nais/main.yaml + IMAGE: ${{ needs.build.outputs.image }} + + run_cucumber_tests: + runs-on: ubuntu-latest + name: Run cucumber tests + needs: deploy-main + + env: + INGRESS_CUCUMBER: https://bidrag-cucumber-cloud.ekstern.dev.nav.no + INGRESS_GRUNNLAG: https://bidrag-grunnlag.intern.dev.nav.no + + steps: + - run: | + curl -H "Content-Type: application/json" -i \ + -H "Authorization: Basic ${{ secrets.BIDRAG_CUCUMBER_CLOUD_AUTH }}" \ + --request POST \ + --data '{"noContextPathForApps":["bidrag-grunnlag"],"ingressesForApps":[ + "${{ env.INGRESS_GRUNNLAG }}@tag:bidrag-grunnlag" + ]}' \ + ${{ env.INGRESS_CUCUMBER }}/bidrag-cucumber-cloud/run | tee .cucumber-result + cat .cucumber-result | grep HTTP/2 | grep -c 200 > /dev/null # fails if count is 0 (http status is not ok, aka http status code is not 200) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8adf8569..4497520f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,63 +1,49 @@ -name: release bidrag-grunnlag +name: Deploy to prod on: push: branches: - - release - + - 'main' env: - IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }} + GITHUB_USERNAME: x-access-token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: - verify: - name: Verify that release commit is present in main branch - runs-on: ubuntu-latest - - steps: - - run: git clone --bare https://$GITHUB_ACTOR:$GITHUB_TOKEN@github.com/${{ github.repository }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: check if commit to build exists in main branch - run: | - cd $( echo ${{ github.repository }} | sed 's;navikt/;;' ).git - git log | grep -c ${{ github.sha }} - build: - name: Build release with maven and docker + permissions: + contents: "read" + id-token: "write" + name: Build with maven and docker runs-on: ubuntu-latest - needs: verify - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-java@v1 + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 with: java-version: '17' - - uses: actions/cache@v1 + distribution: 'temurin' + - uses: actions/cache@v3 with: - path: ~/.m2 + path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - uses: navikt/bidrag-maven/setup@v7 + - run: mvn -Dmaven.test.skip=true -B -e --settings .github/.m2/maven-settings.xml clean install + - uses: nais/docker-build-push@v0 + id: docker-push with: - repositories: maven-central=https://repo.maven.apache.org/maven2,github-packages=https://maven.pkg.github.com/navikt/maven-release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - run: mvn install -B -e -DskipTests - - name: Build and publish Docker image - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - docker image build --tag ${IMAGE} . - echo ${GITHUB_TOKEN} | docker login ghcr.io --username ${GITHUB_REPOSITORY} --password-stdin - docker image push ${IMAGE} + team: bidrag + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + outputs: + image: ${{ steps.docker-push.outputs.image }} + tag: ${{ steps.docker-push.outputs.tag }} deploy: runs-on: ubuntu-latest - name: Deploy docker image to prod + name: Deploy to prod needs: build steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: deploy - uses: nais/deploy/actions/deploy@v1 @@ -66,12 +52,28 @@ jobs: CLUSTER: prod-gcp RESOURCE: deploy/.nais/nais.yaml VARS: deploy/.nais/prod.yaml + IMAGE: ${{ needs.build.outputs.image }} + outputs: + image: ${{ needs.build.outputs.image }} + tag: ${{ needs.build.outputs.tag }} tag: runs-on: ubuntu-latest - name: Tag latest deploy to prod + name: Tag release + permissions: + contents: write needs: deploy - steps: - - uses: actions/checkout@v2 - - uses: navikt/bidrag-git/tag@v1-tag + - uses: actions/checkout@v3 + - name: Push latest image tag as github tag + id: tag_version + uses: mathieudutour/github-tag-action@v6.1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + custom_tag: ${{ needs.deploy.outputs.tag }} + - name: Create a GitHub release + uses: ncipollo/release-action@v1 + with: + tag: ${{ steps.tag_version.outputs.new_tag }} + name: Release ${{ steps.tag_version.outputs.new_tag }} + body: ${{ steps.tag_version.outputs.changelog }} \ No newline at end of file diff --git a/.github/workflows/rollback_prod.yaml b/.github/workflows/rollback_prod.yaml new file mode 100644 index 00000000..2f71f4ca --- /dev/null +++ b/.github/workflows/rollback_prod.yaml @@ -0,0 +1,60 @@ +name: Rollback prod to previous version +on: + workflow_dispatch: + inputs: + deploy_tag: + description: 'Deploy tag. As default the previous tag will be deployed' + required: false + +env: + GITHUB_USERNAME: x-access-token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + prepare_deploy: + permissions: + contents: "read" + id-token: "write" + runs-on: ubuntu-latest + name: Find tag to deploy + + steps: + - uses: actions/checkout@v3 + - name: NAIS login + uses: nais/login@v0 + id: login + with: + team: bidrag + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + - id: deploy_version + name: Find deploy version + run: | + git fetch --all --tags + echo ${GITHUB_EVENT_NAME} + REPO_NAME=${GITHUB_REPOSITORY/$GITHUB_REPOSITORY_OWNER\//} + DEPLOY_TAG=${{ github.event.inputs.deploy_tag }} + if [ -z "$INPUT_TAG" ]; then + echo "NULL"; + DEPLOY_TAG=$(git tag -l | sort -V | tail -2 | head -1) + fi + echo "IMAGE=${{ steps.login.outputs.registry }}/$REPO_NAME:$DEPLOY_TAG" >> $GITHUB_OUTPUT + echo "DEPLOY_TAG=$DEPLOY_TAG" >> $GITHUB_OUTPUT + outputs: + image: ${{ steps.deploy_version.outputs.IMAGE }} + version: ${{ steps.deploy_version.outputs.DEPLOY_TAG }} + + deploy: + runs-on: ubuntu-latest + name: Deploy docker image to prod + needs: prepare_deploy + + steps: + - uses: actions/checkout@v3 + - uses: nais/deploy/actions/deploy@v1 + env: + APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} + CLUSTER: prod-gcp + RESOURCE: deploy/.nais/nais.yaml + VARS: deploy/.nais/prod.yaml + IMAGE: ${{ needs.prepare_deploy.outputs.image }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index f99f0b77..9228d29f 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ .settings/ .vscode/ .DS_Store +*nais-secrets* \ No newline at end of file diff --git a/README.md b/README.md index 3439b72a..9b8b03ae 100644 --- a/README.md +++ b/README.md @@ -72,4 +72,22 @@ Kan vurdere å sette opp wiremocks for de eksterne tjenestene for å kunne kjør Applikasjonen testes enklest i Swagger (for generering av gyldig token, se over): ``` https://bidrag-grunnlag.dev.intern.nav.no/bidrag-grunnlag/swagger-ui/index.html?configUrl=/bidrag-grunnlag/v3/api-docs/swagger-config#/grunnlagspakke-controller -``` \ No newline at end of file +``` + +### Kjøre lokalt mot nais med lokal database +##### Start opp database +Start opp lokal postgres database med følgende kommando på rotmappen +``` +docker-compose up -d +``` +##### Initialiser miljøvariabler +Kjør ```initLocalEnv.sh``` skriptet for å sette opp miljøvariabler for lokal kjøring. +
+Dette vil hente Azure hemmeligheter og diverse miljøvariabler fra POD kjørende i dev + +Hvis du ikke får `permission denied` når du prøver å kjøre skriptet så må du gi deg selv tilgang til å kjøre shell skript med følgende kommand: +```bash +Kjør chmod +x ./initLocalEnv.sh +``` + +Du kan da starte opp applikasjonen ved å kjøre [BidragGrunnlagLokalNais.kt](src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt) \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 00000000..64f7556e --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,17 @@ +version: "3.9" +services: + database: + image: postgres:latest + ports: + - "5455:5432" + environment: + POSTGRES_USER: cloudsqliamuser + POSTGRES_PASSWORD: admin + POSTGRES_DB: bidrag-grunnlag + volumes: + - db:/var/lib/postgresql/data +volumes: + db: + driver: local + storage: + driver: local \ No newline at end of file diff --git a/initEnv.sh b/initEnv.sh new file mode 100755 index 00000000..0d2c66a3 --- /dev/null +++ b/initEnv.sh @@ -0,0 +1,2 @@ +kubectl config use dev-gcp +kubectl exec -n=bidrag --tty deployment/bidrag-grunnlag printenv | grep -E 'AZURE_|_URL|SCOPE' > src/test/resources/application-lokal-nais-secrets.properties diff --git a/pom.xml b/pom.xml index 0db96874..290ec5fd 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 3.0.6 + 3.1.2 @@ -43,7 +43,12 @@ org.yaml snakeyaml - 2.0 + 2.2 + + + io.swagger.core.v3 + swagger-annotations + 2.2.15 diff --git a/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt b/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt index 4bdd0fbb..e74055f8 100644 --- a/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt +++ b/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt @@ -4,10 +4,12 @@ import no.nav.security.token.support.spring.api.EnableJwtTokenValidation import org.slf4j.Logger import org.slf4j.LoggerFactory import org.springframework.boot.SpringApplication +import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration import org.springframework.boot.autoconfigure.SpringBootApplication +import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration @EnableJwtTokenValidation(ignore = ["org.springdoc", "org.springframework"]) -@SpringBootApplication +@SpringBootApplication(exclude = [SecurityAutoConfiguration::class, ManagementWebSecurityAutoConfiguration::class]) class BidragGrunnlag const val ISSUER = "aad" diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index aa74cb84..ea2751e2 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -24,22 +24,7 @@ management: #################################################################### spring: - config.activate.on-profile: live - datasource: - type: com.zaxxer.hikari.HikariDataSource - url: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_DATABASE}?user=${DB_USERNAME}&password=${DB_PASSWORD} - hikari: - idle-timeout: 10001 - max-lifetime: 30001 - connectionTimeout: 1000 - maximum-pool-size: 10 - minimum-idle: 1 - flyway: - enabled: true - locations: classpath:/db/migration - jpa: - hibernate.connection.provider_class: org.hibernate.hikaricp.internal.HikariCPConnectionProvider - database: postgresql + config.activate.on-profile: live,lokal-nais security: oauth2: resourceserver: @@ -114,3 +99,21 @@ no.nav.security.jwt: discoveryurl: ${AZURE_APP_WELL_KNOWN_URL} accepted_audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID} +--- +spring: + config.activate.on-profile: live + datasource: + type: com.zaxxer.hikari.HikariDataSource + url: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_DATABASE}?user=${DB_USERNAME}&password=${DB_PASSWORD} + hikari: + idle-timeout: 10001 + max-lifetime: 30001 + connectionTimeout: 1000 + maximum-pool-size: 10 + minimum-idle: 1 + flyway: + enabled: true + locations: classpath:/db/migration + jpa: + hibernate.connection.provider_class: org.hibernate.hikaricp.internal.HikariCPConnectionProvider + database: postgresql \ No newline at end of file diff --git a/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt b/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt new file mode 100644 index 00000000..8b5212ff --- /dev/null +++ b/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt @@ -0,0 +1,23 @@ +package no.nav.bidrag.grunnlag + +import no.nav.security.token.support.spring.api.EnableJwtTokenValidation +import no.nav.security.token.support.spring.test.EnableMockOAuth2Server +import org.springframework.boot.SpringApplication +import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration +import org.springframework.boot.autoconfigure.SpringBootApplication +import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration +import org.springframework.context.annotation.ComponentScan +import org.springframework.context.annotation.FilterType +import org.springframework.context.annotation.Profile + +@SpringBootApplication(exclude = [SecurityAutoConfiguration::class, ManagementWebSecurityAutoConfiguration::class]) +@EnableJwtTokenValidation(ignore = ["org.springdoc", "org.springframework"]) +@ComponentScan(excludeFilters = [ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value = [BidragGrunnlag::class])]) +@Profile("lokal-nais") +class BidragGrunnlagLokalNais + +fun main(args: Array) { + val app = SpringApplication(BidragGrunnlagLokalNais::class.java) + app.setAdditionalProfiles("lokal-nais", "lokal-nais-secrets") + app.run(*args) +} diff --git a/src/test/resources/application-lokal-nais.yaml b/src/test/resources/application-lokal-nais.yaml new file mode 100644 index 00000000..4cf2387c --- /dev/null +++ b/src/test/resources/application-lokal-nais.yaml @@ -0,0 +1,16 @@ +server.port: 8086 +spring: + flyway: + enabled: true + locations: classpath:/db/migration + datasource: + url: jdbc:postgresql://localhost:${DB_PORT:5455}/${DB_DATABASE:bidrag-grunnlag}?user=${DB_USERNAME:cloudsqliamuser}&password=${DB_PASSWORD:admin} + type: com.zaxxer.hikari.HikariDataSource + kafka: + bootstrap-servers: ${KAFKA_BROKERS} + properties: + security.protocol: PLAINTEXT + consumer: + enableAutoCommit: false + listener: + ackMode: RECORD \ No newline at end of file From 07be4b888016bf1ad8afc82fb7b3c39d06ebce82 Mon Sep 17 00:00:00 2001 From: Ugur Cenar Date: Tue, 5 Sep 2023 17:36:06 +0200 Subject: [PATCH 2/3] Oppdater github workflow og fiks swagger annotering --- .github/workflows/deploy_feature.yaml | 1 + .github/workflows/pr.yaml | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/deploy_feature.yaml b/.github/workflows/deploy_feature.yaml index a414a137..e97d026a 100644 --- a/.github/workflows/deploy_feature.yaml +++ b/.github/workflows/deploy_feature.yaml @@ -3,6 +3,7 @@ on: push: branches: - '**' + - '!main' env: GITHUB_USERNAME: x-access-token diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 4270a207..0ae4663c 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -2,9 +2,6 @@ name: Deploy to dev on: pull_request: types: [ ready_for_review, opened, synchronize ] - push: - branches: - - 'main' env: GITHUB_USERNAME: x-access-token From 41a03eae40c75292bea20f7ab32b190e8e7a6d21 Mon Sep 17 00:00:00 2001 From: Ugur Cenar Date: Tue, 5 Sep 2023 20:00:01 +0200 Subject: [PATCH 3/3] Oppdater docs --- .github/workflows/deploy_feature.yaml | 4 ++-- .github/workflows/pr.yaml | 4 ++-- .github/workflows/release.yaml | 2 +- .m2/maven-settings.xml | 14 -------------- README.md | 11 +++++++++-- .../no/nav/bidrag/grunnlag/BidragGrunnlag.kt | 2 +- .../grunnlag/security/SecurityConfiguration.kt | 17 +++++++---------- .../bidrag/grunnlag/BidragGrunnlagLokalNais.kt | 2 +- 8 files changed, 23 insertions(+), 33 deletions(-) delete mode 100644 .m2/maven-settings.xml diff --git a/.github/workflows/deploy_feature.yaml b/.github/workflows/deploy_feature.yaml index e97d026a..d65dbe92 100644 --- a/.github/workflows/deploy_feature.yaml +++ b/.github/workflows/deploy_feature.yaml @@ -28,7 +28,7 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - run: mvn -Dmaven.test.skip=true -B -e --settings .m2/maven-settings.xml clean install + - run: mvn -Dmaven.test.skip=true -B -e --settings .github/.m2/maven-settings.xml clean install - uses: nais/docker-build-push@v0 id: docker-push with: @@ -55,7 +55,7 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - run: mvn -B -e --settings .m2/maven-settings.xml clean install + - run: mvn -B -e --settings .github/.m2/maven-settings.xml clean install deploy-feature: runs-on: ubuntu-latest diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 0ae4663c..daf7d2f7 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -26,7 +26,7 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - run: mvn -Dmaven.test.skip=true -B -e --settings .m2/maven-settings.xml clean install + - run: mvn -Dmaven.test.skip=true -B -e --settings .github/.m2/maven-settings.xml clean install - uses: nais/docker-build-push@v0 id: docker-push with: @@ -53,7 +53,7 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - run: mvn -B -e --settings .m2/maven-settings.xml clean install + - run: mvn -B -e --settings .github/.m2/maven-settings.xml clean install deploy-main: runs-on: ubuntu-latest diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a0ae95e5..4497520f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,7 +26,7 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - run: mvn -Dmaven.test.skip=true -B -e --settings .m2/maven-settings.xml clean install + - run: mvn -Dmaven.test.skip=true -B -e --settings .github/.m2/maven-settings.xml clean install - uses: nais/docker-build-push@v0 id: docker-push with: diff --git a/.m2/maven-settings.xml b/.m2/maven-settings.xml deleted file mode 100644 index 8d27d889..00000000 --- a/.m2/maven-settings.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - github - ${env.GITHUB_USERNAME} - ${env.GITHUB_TOKEN} - - - - diff --git a/README.md b/README.md index 9b8b03ae..e67aab21 100644 --- a/README.md +++ b/README.md @@ -76,10 +76,15 @@ https://bidrag-grunnlag.dev.intern.nav.no/bidrag-grunnlag/swagger-ui/index.html? ### Kjøre lokalt mot nais med lokal database ##### Start opp database -Start opp lokal postgres database med følgende kommando på rotmappen +Start opp lokal postgres database med følgende kommando på rotmappen. ``` docker-compose up -d ``` +Dette vil starte en tom postgres database. +Ved oppstart av appen vil flyway skriptene initialiseree alle tabeller som er nødvendig for lokal kjøring. + +Databasen er persistent. Det vil si at all data vil bli lagret lokalt og være tilgjengelig selv ved restart av PC eller docker. + ##### Initialiser miljøvariabler Kjør ```initLocalEnv.sh``` skriptet for å sette opp miljøvariabler for lokal kjøring.
@@ -90,4 +95,6 @@ Hvis du ikke får `permission denied` når du prøver å kjøre skriptet så må Kjør chmod +x ./initLocalEnv.sh ``` -Du kan da starte opp applikasjonen ved å kjøre [BidragGrunnlagLokalNais.kt](src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt) \ No newline at end of file +Du kan da starte opp applikasjonen ved å kjøre [BidragGrunnlagLokalNais.kt](src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt) + +Gå til http://localhost:8086 for å åpne swagger-ui \ No newline at end of file diff --git a/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt b/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt index e74055f8..eebc9ba3 100644 --- a/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt +++ b/src/main/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlag.kt @@ -9,7 +9,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration @EnableJwtTokenValidation(ignore = ["org.springdoc", "org.springframework"]) -@SpringBootApplication(exclude = [SecurityAutoConfiguration::class, ManagementWebSecurityAutoConfiguration::class]) +@SpringBootApplication class BidragGrunnlag const val ISSUER = "aad" diff --git a/src/main/kotlin/no/nav/bidrag/grunnlag/security/SecurityConfiguration.kt b/src/main/kotlin/no/nav/bidrag/grunnlag/security/SecurityConfiguration.kt index 22b4b321..49a33116 100644 --- a/src/main/kotlin/no/nav/bidrag/grunnlag/security/SecurityConfiguration.kt +++ b/src/main/kotlin/no/nav/bidrag/grunnlag/security/SecurityConfiguration.kt @@ -5,22 +5,19 @@ import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.http.SessionCreationPolicy import org.springframework.security.web.SecurityFilterChain +import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint @Configuration class SecurityConfiguration { @Bean fun filterChain(http: HttpSecurity): SecurityFilterChain { - http.sessionManagement() - .sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() - .csrf() - .disable() - .authorizeHttpRequests() - .requestMatchers("/**") - .permitAll() - .anyRequest() - .fullyAuthenticated() + + http + .authorizeHttpRequests { auth -> + auth.anyRequest().permitAll() + } + .csrf { it.disable() } return http.build() } } diff --git a/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt b/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt index 8b5212ff..f2f59786 100644 --- a/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt +++ b/src/test/kotlin/no/nav/bidrag/grunnlag/BidragGrunnlagLokalNais.kt @@ -10,7 +10,7 @@ import org.springframework.context.annotation.ComponentScan import org.springframework.context.annotation.FilterType import org.springframework.context.annotation.Profile -@SpringBootApplication(exclude = [SecurityAutoConfiguration::class, ManagementWebSecurityAutoConfiguration::class]) +@SpringBootApplication @EnableJwtTokenValidation(ignore = ["org.springdoc", "org.springframework"]) @ComponentScan(excludeFilters = [ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value = [BidragGrunnlag::class])]) @Profile("lokal-nais")