1. 24 Sep, 2020 1 commit
    • femiadeyemi's avatar
      use maven assembly plugin for packaging and restructure the CI/CD · ab9fb8ed
      femiadeyemi authored
      The maven assembly is now use for packaging of the helmholtz-
      marketplace-server. Hence, the ci/cd needs to be adjusted to
      pick up the new structure.
      - add helmholtz-marketplace-webapp as a dependency to the project
      - add maven assembly plugin with the instruction of how to package
          the distribution inside the distribution.xml. Inside this file
          the helmholtz-marketplace-webapp.jar file will be upacked and
          the output will be put inside the webapp directory
      - create a shell script that can be use to start the server
      - in the application.yml file, add a custom location for the static
          files, which is webapp directory
      - adjust the dockerfile to reflect the new package structure
      - adjust the matcher in the security configuration to allow access
          to the static files
      - in the ci, add a build stage and rename test_sonar to
      - move the sonar test job into the ci.yml file
      - delete static-code-analysis.yml since it is no longer needed
      - rename the profile name for the sonar test in the pom file
          from static-code-analysis to sonar
      - run sonar test provided the ci/cd is not trigger by upstream
          repository, that is, helmholtz-marketplace-webapp
      1. Create distribution package for the project. The tar file created
      will have a structure like this:
      | | |____hm-server
      | | | |____bin
      | | | | |____start.sh
      | | | |____classes/
      | | | |____webapp
      | | | | |____index.html
      | | | | |____images/
      | | | | |____styles/
      | | | |____lib
      | | | | |____helmholtz-marketplace-server-0.0.1-SNAPSHOT.jar
      2. A stable ci/cd that get trigger by push, merge-request and
      pipeline. The following stages are now in the ci:
      - build: check if the code compile
      - test: both unit and integration test
      - sonar: mainly for code quality analysis
      - package: when trigger by pipiline it will use the newly available
          snapshot of helmholtz-marketplace-webapp
      - deploy: push the artifact into the docker container that will
          be push into the docker hub
      Target: master
  2. 16 Sep, 2020 1 commit
    • femiadeyemi's avatar
      enable access to aai refresh token · 63afad43
      femiadeyemi authored
      Each time a aai access token is needed, we need to authenticate
      again to obtain a new access token. However, this is not necessary
      since we can use the refresh token, provided one is available
      to obtain a new access_token.
      - initialise OAuth2AuthorizedClientService by using constructor
          instead of autowiring
      - add a GET controller and a link that can be use to get the
          refresh token
      - add to the list of scope `offline_access` to request for the
          refresh token from the auth server (that is Helmholtz AAI server).
      Refresh token can now be obtain
      Target: master
      Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-marketplace-server/-/merge_requests/12
  3. 05 Aug, 2020 1 commit
    • Carsten Heidmann's avatar
      Introduce vulnerability scan · 2d3bce58
      Carsten Heidmann authored
      Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.
      Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build.
      The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)
      Target: master
      Acked-by: @femiadeyemi
      Pull-request: !9
  4. 29 Jul, 2020 1 commit
  5. 22 Jul, 2020 2 commits
  6. 20 Jul, 2020 2 commits
    • Carsten Heidmann's avatar
      Fix CI build · 9e480943
      Carsten Heidmann authored
    • Carsten Heidmann's avatar
      Rename display name of the project · 6dc6c033
      Carsten Heidmann authored
      The display name should be the human readable name for the project which can be different from the artifactId
      * change property `name` of the project
      The project is now shown as "Helmholtz Marketplace Server"
      Target: master
      Pull-request: !4
  7. 06 Jul, 2020 1 commit
    • Carsten Heidmann's avatar
      Add static code analysis as part of the build · f2533448
      Carsten Heidmann authored
      There was no continuous static code analysis until now. This is an important part of the quality assurance and should be covered in all builds
      * add configuration for static code analysis as part of the Maven build
      * add the neccessary GitLab configuration
      Static code analysis can be executed from the command line and the execution as part of the CI is prepared and only needs to be aenabled
      Target: master
      Acked-by: @femiadeyemi
      Pull-request: !3
  8. 26 Jun, 2020 2 commits
  9. 25 Jun, 2020 6 commits
  10. 22 Jun, 2020 1 commit
  11. 18 Jun, 2020 2 commits
  12. 16 Jun, 2020 2 commits
  13. 08 Jun, 2020 1 commit
    • femiadeyemi's avatar
      authentication: add Helmholtz AAI service · 78fad52e
      femiadeyemi authored
      The Helmholtz AAI service is a Identity and Authorisation
      Management (IAM) system which arbitrates authenticated
      access to registered services in the context of the Helmholtz
      Assosiation. Integrating Helmholtz AAI service into the
      Helmholtz Marketplace is in alignment with the goal of this
      - authenticate -> able to get token
      - logout
      - enable csrf support
      User can now be authenticate using Unity IDM.
  14. 20 May, 2020 1 commit
    • femiadeyemi's avatar
      helmholtz-marketplace-server: first commit · 8dc41ddb
      femiadeyemi authored
      A web server for helmholtz marketplace. This will be use to serve
      the static files in `helmholtz-marketplace-webapp` repository.
      Add boilerplate code generated by Spring Initializr.
      A spring boot application that will be use to serve web related
      static files and oauth2 client.