Commit ab9fb8ed authored by femiadeyemi's avatar femiadeyemi
Browse files

use maven assembly plugin for packaging and restructure the CI/CD

Motivation:

The maven assembly is now use for packaging of the helmholtz-
marketplace-server. Hence, the ci/cd needs to be adjusted to
pick up the new structure.

Modification:

- add helmholtz-marketplace-webapp as a dependency to the project
- add maven assembly plugin with the instruction of how to package
    the distribution inside the distribution.xml. Inside this file
    the helmholtz-marketplace-webapp.jar file will be upacked and
    the output will be put inside the webapp directory
- create a shell script that can be use to start the server
- in the application.yml file, add a custom location for the static
    files, which is webapp directory
- adjust the dockerfile to reflect the new package structure
- adjust the matcher in the security configuration to allow access
    to the static files
- in the ci, add a build stage and rename test_sonar to
    code_quality_analysis
- move the sonar test job into the ci.yml file
- delete static-code-analysis.yml since it is no longer needed
- rename the profile name for the sonar test in the pom file
    from static-code-analysis to sonar
- run sonar test provided the ci/cd is not trigger by upstream
    repository, that is, helmholtz-marketplace-webapp

Result:

1. Create distribution package for the project. The tar file created
will have a structure like this:

| | |____hm-server
| | | |____bin
| | | | |____start.sh
| | | |____classes/
| | | |____webapp
| | | | |____index.html
| | | | |____images/
| | | | |____styles/
| | | |____lib
| | | | |____helmholtz-marketplace-server-0.0.1-SNAPSHOT.jar

2. A stable ci/cd that get trigger by push, merge-request and
pipeline. The following stages are now in the ci:
- build: check if the code compile
- test: both unit and integration test
- sonar: mainly for code quality analysis
- package: when trigger by pipiline it will use the newly available
    snapshot of helmholtz-marketplace-webapp
- deploy: push the artifact into the docker container that will
    be push into the docker hub

Target: master
parent 63afad43
stages:
- build
- test
- test_sonar
- pre_package
- code_quality_analysis
- package
- deploy
......@@ -17,5 +16,4 @@ cache:
- ".m2/repository"
include:
- local: .gitlab/ci/create-docker-image-ci.yml
- local: .gitlab/ci/static-code-analysis.yml
- local: .gitlab/ci/ci.yml
maven_build:
build:
only:
- master
- tags
- merge_requests
stage: pre_package
# dependencies:
# - ci_build
stage: build
image: maven:3-jdk-11
script: "mvn install"
script: mvn compile
test:
only:
- master
- merge_requests
stage: test
image: maven:3-jdk-11
script: mvn test
sonar:
only:
variables:
- $CI_PIPELINE_SOURCE != "pipeline"
stage: code_quality_analysis
image: maven:3-jdk-11
script: "mvn -P sonar clean verify sonar:sonar"
package:
only:
- master
- merge_requests
stage: package
image: maven:3-jdk-11
script:
- >
if [[ $WEBAPP_VERSION == *"-SNAPSHOT"* ]]; then
mvn -DskipTests -Dversion.helmholtz-marketplace-webapp=$WEBAPP_VERSION clean install
else
mvn -DskipTests clean install
fi
artifacts:
paths:
- "target/*.jar"
- "target/*.tar"
expire_in: 600 seconds
tags:
- "docker"
......@@ -18,7 +45,7 @@ maven_build:
docker_push:
only:
- master
stage: package
stage: deploy
image: docker:19.03.11
services:
- name: docker:19.03.11-dind
......@@ -28,12 +55,8 @@ docker_push:
script:
- docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
- docker build -t $DOCKER_IMAGE_LATEST .
# - docker build -t $DOCKER_IMAGE_TAGGED .
# - docker push $DOCKER_IMAGE_TAGGED
# - docker tag $DOCKER_IMAGE_TAGGED $DOCKER_IMAGE_LATEST
- docker push $DOCKER_IMAGE_LATEST
dependencies:
- maven_build
- package
tags:
- "docker"
run_sonar_test:
stage: test_sonar
image: maven:3-jdk-11
script: "mvn -P static-code-analysis clean verify sonar:sonar"
FROM adoptopenjdk:11-jre-hotspot
COPY target/helmholtz-marketplace-server-*.jar app.jar
COPY target/hm-server-package.tar hms.tar
EXPOSE 8080
CMD java -jar -Dsecret=$UNITY_CLIENT_SECRET app.jar
CMD tar -xvf hms.tar -C ./ && cd ./hm-server/bin && ./start.sh -s $UNITY_CLIENT_SECRET
......@@ -19,15 +19,24 @@
<version.spring-webmvc>5.2.6.RELEASE</version.spring-webmvc>
<dependency-check-maven.version>5.3.2</dependency-check-maven.version>
<dependency-check-maven.cvss-threshold>8</dependency-check-maven.cvss-threshold>
<version.helmholtz-marketplace-webapp>0.0.1</version.helmholtz-marketplace-webapp>
<!--suppress UnresolvedMavenProperty -->
<sonar.token>${env.SONAR_AUTH_TOKEN}</sonar.token>
</properties>
<repositories>
<repository>
<id>de.helmholtz.marketplace</id>
<url>https://download.dcache.org/nexus/content/groups/public</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
......@@ -44,11 +53,18 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${version.spring-webmvc}</version>
</dependency>
<dependency>
<groupId>de.helmholtz.marketplace</groupId>
<artifactId>helmholtz-marketplace-webapp</artifactId>
<version>${version.helmholtz-marketplace-webapp}</version>
</dependency>
</dependencies>
<build>
......@@ -73,6 +89,25 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.3.0</version>
<configuration>
<descriptors>
src/main/resources/distribution/distribution.xml
</descriptors>
<finalName>hm-server</finalName>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<pluginManagement>
<plugins>
......@@ -91,7 +126,7 @@
</build>
<profiles>
<profile>
<id>static-code-analysis</id>
<id>sonar</id>
<properties>
<sonar.login>${sonar.token}</sonar.login>
<sonar.host.url>https://sonar.desy.de</sonar.host.url>
......
......@@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableWebSecurity
......@@ -20,7 +19,7 @@ public class HelmholtzMarketplaceServerSecurityConfig extends WebSecurityConfigu
// @formatter:off
http
.authorizeRequests(requests -> requests
.antMatchers("/", "/error").permitAll()
.antMatchers("/**", "/error").permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(error -> error
......
......@@ -10,6 +10,8 @@ server:
forward-headers-strategy: NATIVE
spring:
resources:
static-locations: file:../webapp/
security:
oauth2:
client:
......
while getopts s: flag
do
case "${flag}" in
s) secret=${OPTARG};;
esac
done
java -Xms256m -Xmx512m -server -jar -Dsceret=$secret ../lib/helmholtz-marketplace-server-0.0.1-SNAPSHOT.jar
\ No newline at end of file
<assembly>
<id>package</id>
<formats>
<format>tar</format>
</formats>
<dependencySets>
<dependencySet>
<unpack>false</unpack>
<scope>runtime</scope>
<outputDirectory>classes</outputDirectory>
<excludes>
<exclude>de.helmholtz.marketplace:helmholtz-marketplace-webapp:jar:*</exclude>
</excludes>
</dependencySet>
<dependencySet>
<unpack>true</unpack>
<includes>
<include>de.helmholtz.marketplace:helmholtz-marketplace-webapp:jar:*</include>
</includes>
<outputDirectory>webapp</outputDirectory>
</dependencySet>
</dependencySets>
<fileSets>
<fileSet>
<directory>src/main/resources/bin</directory>
<outputDirectory>bin</outputDirectory>
<includes>
<include>start.sh</include>
</includes>
<fileMode>0755</fileMode>
</fileSet>
<fileSet>
<directory>target</directory>
<outputDirectory>lib</outputDirectory>
<includes>
<include>*.jar</include>
</includes>
</fileSet>
</fileSets>
</assembly>
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment