1. 16 Oct, 2020 1 commit
    • femiadeyemi's avatar
      use the correct variable the dockerfile and start.sh · e71f7d6d
      femiadeyemi authored
      Motivation:
      
      Inside the dockerfile the variable name for the client
      secret was mistyped. Also start shell file wasn't able
      to pass the secret to the jar file.
      
      Modification:
      
      - fix the mistyped in the dockerfile
      - set the value of the client-secret by using the
          spring variable
      
      Result:
      
      User can now be authenticated.
      
      Target: master
      e71f7d6d
  2. 24 Sep, 2020 2 commits
    • femiadeyemi's avatar
      delete the utility controller · 6c87ea78
      femiadeyemi authored
      Motivation:
      
      At the moment the utility controller is for obtaining
      access and refresh token. These are no longer needed
      at this time. Since the helmholtz-marketplace-webapp
      will is now a dependency of this project, there is no
      need for the index.html page.
      
      Modification:
      
      - delete the controller and index.html page
      
      Result:
      
      The server now render the helmholtz-marketplace-webapp
      static files.
      
      Target: master
      6c87ea78
    • femiadeyemi's avatar
      use maven assembly plugin for packaging and restructure the CI/CD · ab9fb8ed
      femiadeyemi authored
      Motivation:
      
      The maven assembly is now use for packaging of the helmholtz-
      marketplace-server. Hence, the ci/cd needs to be adjusted to
      pick up the new structure.
      
      Modification:
      
      - add helmholtz-marketplace-webapp as a dependency to the project
      - add maven assembly plugin with the instruction of how to package
          the distribution inside the distribution.xml. Inside this file
          the helmholtz-marketplace-webapp.jar file will be upacked and
          the output will be put inside the webapp directory
      - create a shell script that can be use to start the server
      - in the application.yml file, add a custom location for the static
          files, which is webapp directory
      - adjust the dockerfile to reflect the new package structure
      - adjust the matcher in the security configuration to allow access
          to the static files
      - in the ci, add a build stage and rename test_sonar to
          code_quality_analysis
      - move the sonar test job into the ci.yml file
      - delete static-code-analysis.yml since it is no longer needed
      - rename the profile name for the sonar test in the pom file
          from static-code-analysis to sonar
      - run sonar test provided the ci/cd is not trigger by upstream
          repository, that is, helmholtz-marketplace-webapp
      
      Result:
      
      1. Create distribution package for the project. The tar file created
      will have a structure like this:
      
      | | |____hm-server
      | | | |____bin
      | | | | |____start.sh
      | | | |____classes/
      | | | |____webapp
      | | | | |____index.html
      | | | | |____images/
      | | | | |____styles/
      | | | |____lib
      | | | | |____helmholtz-marketplace-server-0.0.1-SNAPSHOT.jar
      
      2. A stable ci/cd that get trigger by push, merge-request and
      pipeline. The following stages are now in the ci:
      - build: check if the code compile
      - test: both unit and integration test
      - sonar: mainly for code quality analysis
      - package: when trigger by pipiline it will use the newly available
          snapshot of helmholtz-marketplace-webapp
      - deploy: push the artifact into the docker container that will
          be push into the docker hub
      
      Target: master
      ab9fb8ed
  3. 16 Sep, 2020 1 commit
    • femiadeyemi's avatar
      enable access to aai refresh token · 63afad43
      femiadeyemi authored
      Motivation:
      
      Each time a aai access token is needed, we need to authenticate
      again to obtain a new access token. However, this is not necessary
      since we can use the refresh token, provided one is available
      to obtain a new access_token.
      
      Modification:
      
      - initialise OAuth2AuthorizedClientService by using constructor
          instead of autowiring
      - add a GET controller and a link that can be use to get the
          refresh token
      - add to the list of scope `offline_access` to request for the
          refresh token from the auth server (that is Helmholtz AAI server).
      
      Result:
      
      Refresh token can now be obtain
      
      Target: master
      Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-marketplace-server/-/merge_requests/12
      63afad43
  4. 05 Aug, 2020 1 commit
    • Carsten Heidmann's avatar
      Introduce vulnerability scan · 2d3bce58
      Carsten Heidmann authored
      Motivation:
      
      Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.
      
      Modifications:
      
      Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build.
      
      Result:
      
      The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)
      
      Target: master
      
      Request:
      
      Acked-by: @femiadeyemi
      
      Pull-request: !9
      2d3bce58
  5. 29 Jul, 2020 1 commit
  6. 22 Jul, 2020 2 commits
  7. 20 Jul, 2020 2 commits
    • Carsten Heidmann's avatar
      Fix CI build · 9e480943
      Carsten Heidmann authored
      9e480943
    • Carsten Heidmann's avatar
      Rename display name of the project · 6dc6c033
      Carsten Heidmann authored
      Motivation:
      
      The display name should be the human readable name for the project which can be different from the artifactId
      
      Modifications:
      
      * change property `name` of the project
      
      Result
      
      The project is now shown as "Helmholtz Marketplace Server"
      
      Target: master
      
      Request:
      
      Acked-by:
      
      Pull-request: !4
      6dc6c033
  8. 06 Jul, 2020 1 commit
    • Carsten Heidmann's avatar
      Add static code analysis as part of the build · f2533448
      Carsten Heidmann authored
      Motivation:
      
      There was no continuous static code analysis until now. This is an important part of the quality assurance and should be covered in all builds
      
      Modifications:
      
      * add configuration for static code analysis as part of the Maven build
      * add the neccessary GitLab configuration
      
      Result
      
      Static code analysis can be executed from the command line and the execution as part of the CI is prepared and only needs to be aenabled
      
      Target: master
      
      Request:
      
      Acked-by: @femiadeyemi
      
      Pull-request: !3
      f2533448
  9. 26 Jun, 2020 2 commits
  10. 25 Jun, 2020 6 commits
  11. 22 Jun, 2020 1 commit
  12. 18 Jun, 2020 2 commits
  13. 16 Jun, 2020 2 commits
  14. 08 Jun, 2020 1 commit
    • femiadeyemi's avatar
      authentication: add Helmholtz AAI service · 78fad52e
      femiadeyemi authored
      Motivation:
      
      The Helmholtz AAI service is a Identity and Authorisation
      Management (IAM) system which arbitrates authenticated
      access to registered services in the context of the Helmholtz
      Assosiation. Integrating Helmholtz AAI service into the
      Helmholtz Marketplace is in alignment with the goal of this
      project.
      
      Modification:
      
      - authenticate -> able to get token
      - logout
      - enable csrf support
      
      Result:
      
      User can now be authenticate using Unity IDM.
      78fad52e
  15. 20 May, 2020 1 commit
    • femiadeyemi's avatar
      helmholtz-marketplace-server: first commit · 8dc41ddb
      femiadeyemi authored
      Motivation:
      
      A web server for helmholtz marketplace. This will be use to serve
      the static files in `helmholtz-marketplace-webapp` repository.
      
      Modification:Ã
      
      Add boilerplate code generated by Spring Initializr.
      
      Result:
      
      A spring boot application that will be use to serve web related
      static files and oauth2 client.
      8dc41ddb