Merge pull request #29 from usdot-jpo-ode/candidate_r1

Merge candidate_r1 into master
usdot-jpo-ode · Feb 26, 2024 · 7c78ca8 · 7c78ca8
2 parents 1d056ea + 6ead47c
commit 7c78ca8
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 55 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,25 +1,23 @@
 name: CI
-on: 
+on:   
   pull_request:
+    types: [opened, reopened, synchronize]
   push:
+    branches: [develop, master]
 
 jobs:
   jpo-security-svcs:
    runs-on: ubuntu-latest
    container:
-     image: openjdk:17-jdk-slim-buster
+     image: openjdk:21-jdk-slim-buster
      options: --user root
    steps:
      - name: Checkout ${{ github.event.repository.name }}
-       uses: actions/checkout@v3    
+       uses: actions/checkout@v4    
      - name: Set up Maven
        uses: stCarolas/setup-maven@v4.5
        with:
-        maven-version: 3.8.2          
-     - uses: actions/setup-java@v3
-       with:
-         java-version: '11'
-         distribution: 'temurin'               
+        maven-version: 3.8.2              
      - name: Build
        run: |
          cd $GITHUB_WORKSPACE
@@ -63,9 +61,9 @@ jobs:
         run: |
           find "$GITHUB_WORKSPACE" -name "jacoco.xml"                
       - name: Setup SonarScanner
-        uses: warchant/setup-sonar-scanner@v4
+        uses: warchant/setup-sonar-scanner@v7
         with:
-          version: 4.8.0.2856
+          version: 5.0.1.3006
       - name: Generate sonar properties file
         run: |
           cat <<EOF > /tmp/sonar-scanner.properties
@@ -74,7 +72,7 @@ jobs:
           sonar.java.binaries=home/runner/work/jpo-security-svcs/jpo-security-svcs/target
           sonar.projectBaseDir=$GITHUB_WORKSPACE
           sonar.projectKey=usdot-jpo-ode_jpo-security-svcs
-          sonar.organization=usdot-jpo-ode-1
+          sonar.organization=usdot-jpo-ode
           jpo-security-svcs.sonar.projectBaseDir  = home/runner/work/jpo-security-svcs/jpo-security-svcs
           jpo-security-svcs.sonar.sources         = src
           tmca-tester.sonar.projectBaseDir=$GITHUB_WORKSPACE /tmca-tester

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -1,12 +1,8 @@
 name: Docker build
 
 on:
-  push:
-    branches-ignore:
-      - "develop"
-      - "master"
-      - "release/*"
   pull_request:
+    types: [opened, synchronize, reopened]
 
 jobs:
   jpo-security-svcs:

diff --git a/Dockerfile b/Dockerfile
@@ -1,12 +1,12 @@
-FROM maven:3.5.4-jdk-8-alpine as builder
+FROM maven:3.8-eclipse-temurin-21-alpine as builder
 
 WORKDIR /home
 COPY ./pom.xml .
 COPY ./src ./src
 
 RUN mvn clean package
 
-FROM eclipse-temurin:11-jre-alpine
+FROM eclipse-temurin:21-jre-alpine
 
 RUN apk update
 RUN apk add ca-certificates

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,5 +1,3 @@
-# DOCKER_SHARED_VOLUME_WINDOWS should be defined for Windows host machine as C: and not defined for Linux hosts
-
 version: '3'
 services:
   sec:

diff --git a/docs/dockerhub.md b/docs/dockerhub.md
@@ -0,0 +1,54 @@
+# jpo-security-svcs
+
+## GitHub Repository Link
+https://github.com/usdot-jpo-ode/jpo-security-svcs
+
+## Purpose
+The purpose of the jpo-security-svcs program is to provide a REST endpoint for signing TIMs.
+
+## How to pull the latest image
+The latest image can be pulled using the following command:
+> docker pull usdotjpoode/jpo-security-svcs:latest
+
+## Required environment variables
+- SEC_USE_CERTIFICATES
+
+## Expected files/directories
+The following should get mounted when running the container:
+- creds/
+- cert.jks
+- logback.xml
+
+## Direct Dependencies
+None
+
+## Indirect Dependencies
+The SEC will not receive messages to process if the ODE is not running.
+
+## Example docker-compose.yml with direct dependencies:
+```
+version: '3'
+services:
+  sec:
+    image: usdotjpoode/jpo-security-svcs:release_q3
+    ports:
+     - "8090:8090"
+    environment:
+      SEC_CRYPTO_SERVICE_BASE_URI: ${SEC_CRYPTO_SERVICE_BASE_URI}
+      SEC_CRYPTO_SERVICE_ENDPOINT_SIGN_PATH: ${SEC_CRYPTO_SERVICE_ENDPOINT_SIGN_PATH}
+      SEC_USE_CERTFICATES: ${SEC_USE_CERTFICATES}
+      SEC_KEY_STORE_PASSWORD: ${SEC_KEY_STORE_PASSWORD}
+    volumes: 
+      - ./creds:/usr/local/share/ca-certificates
+      - ./cert.jks:/home/cert.jks
+      - ./logback.xml:/home/logback.xml
+    command: sh -c "update-ca-certificates && java -Dlogback.configurationFile=/home/logback.xml -jar /home/jpo-security-svcs.jar"
+    logging:
+      options:
+        max-size: "10m"  
+        max-file: "5"
+```
+
+## Expected startup output
+The latest line in the logs should look like this:
+> jpo-security-svcs-sec-1  | 2023-11-09 18:09:35 [main] INFO  Application - Started Application in 2.569 seconds (JVM running for 3.274)
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.4.1.RELEASE</version>
+		<version>3.1.3</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -17,7 +17,7 @@
 	<name>jpo-security-svcs</name>
 	<description>JPO ODE Cryptography Module</description>
 	<properties>
-		    <java.version>1.8</java.version>
+		    <java.version>21</java.version>
 		    <jmockit.version>1.49</jmockit.version>
 		    <argLine>-javaagent:${user.home}/.m2/repository/org/jmockit/jmockit/${jmockit.version}/jmockit-${jmockit.version}.jar</argLine>
 		    <sonar.organization>usdot-jpo-ode-1</sonar.organization>
@@ -40,27 +40,27 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
-
 		<dependency>
 			<groupId>org.jmockit</groupId>
 			<artifactId>jmockit</artifactId>
-			<version>1.31</version>
+			<version>${jmockit.version}</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
+			<version>4.13.2</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.json</groupId>
 			<artifactId>json</artifactId>
+			<version>20231013</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -73,36 +73,19 @@
             <version>4.5.13</version>
         </dependency>
 		<dependency>
-			<groupId>javax.xml.bind</groupId>
-			<artifactId>jaxb-api</artifactId>
-			<version>2.3.1</version>
-      </dependency>
-      <dependency>
-         <groupId>org.jmockit</groupId>
-         <artifactId>jmockit</artifactId>
-         <version>${jmockit.version}</version>
-         <scope>test</scope>
-      </dependency>
-      <dependency>
-         <groupId>junit</groupId>
-         <artifactId>junit</artifactId>
-         <version>4.13.2</version>
-         <scope>test</scope>
-      </dependency>
-      <dependency>
-         <groupId>org.apache.kafka</groupId>
-         <artifactId>kafka_2.11</artifactId>
-         <version>2.4.1</version>
-      </dependency>
-      <dependency>
-         <groupId>org.springframework.boot</groupId>
-         <artifactId>spring-boot-starter-mail</artifactId>
-      </dependency>
-      <dependency>
-         <groupId>org.projectreactor</groupId>
-         <artifactId>reactor-spring</artifactId>
-         <version>1.0.1.RELEASE</version>
-      </dependency>
+			<groupId>org.apache.kafka</groupId>
+			<artifactId>kafka_2.11</artifactId>
+			<version>2.4.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-mail</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.projectreactor</groupId>
+			<artifactId>reactor-spring</artifactId>
+			<version>1.0.1.RELEASE</version>
+		</dependency>
 	</dependencies>
 
 	<build>