Merge pull request #276 from reportportal/rc/5.10.0

Release 5.10.0

.github/workflows/dockerhub-release.yaml

@@ -0,0 +1,71 @@
+name: Retag RC Docker image
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+env:
+  AWS_REGION: ${{ vars.AWS_REGION }}               # set this to your preferred AWS region, e.g. us-west-1
+  ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}       # set this to your Amazon ECR repository name
+  TARGET_REGISTRY: ${{ vars.TARGET_REGISTRY }}     # set to target regestry (DockerHub, GitHub & etc)
+  TARGET_REPOSITORY: ${{ vars.TARGET_REPOSITORY }} # set to target repository
+  PLATFORMS: ${{ vars.BUILD_PLATFORMS }}           # set target build platforms. By default linux/amd64
+  RELEASE_MODE: ${{ vars.RELEASE_MODE }}
+
+jobs:
+  retag-image:
+    name: Retag and push image 
+    runs-on: ubuntu-latest
+    environment: rc
+    if: github.event.pull_request.base.ref == 'master' || github.event.pull_request.base.ref == 'main'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          # role-to-assume: arn:aws:iam::123456789012:role/my-github-actions-role
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.REGESTRY_USERNAME }}
+          password: ${{ secrets.REGESTRY_PASSWORD }}
+
+      - name: Create variables
+        id: vars
+        run: |
+          echo "tag=$(echo '${{ github.event.pull_request.title }}' | sed -nE 's/.*([0-9]+\.[0-9]+\.[0-9]+).*/\1/p')" >> $GITHUB_OUTPUT
+      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Retag and Push Docker Image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ steps.vars.outputs.tag }}
+        run: |
+          docker buildx imagetools create $ECR_REGISTRY/$ECR_REPOSITORY:latest --tag $TARGET_REGISTRY/$TARGET_REPOSITORY:$IMAGE_TAG --tag $TARGET_REGISTRY/$TARGET_REPOSITORY:latest
+      
+      - name: Summarize
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ steps.vars.outputs.tag }}
+        run: |
+          echo "## General information about the build:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- :whale: Docker image: $TARGET_REGISTRY/$TARGET_REPOSITORY:$IMAGE_TAG" >> $GITHUB_STEP_SUMMARY
+          echo "- :octocat: The commit SHA from which the build was performed: [$GITHUB_SHA](https://github.com/$GITHUB_REPOSITORY/commit/$GITHUB_SHA)" >> $GITHUB_STEP_SUMMARY

.github/workflows/manually-release.yml

@@ -18,8 +18,6 @@ on:
 
 env:
   GH_USER_NAME: github.actor
-  SCRIPTS_VERSION: ${{ github.event.inputs.scripts_version }}
-  BOM_VERSION: ${{ github.event.inputs.bom_version }}
   RELEASE_VERSION: ${{ github.event.inputs.version }}
   REPOSITORY_URL: 'https://maven.pkg.github.com/'
 
@@ -49,7 +47,6 @@ jobs:
       - name: Release with Gradle
         id: release
         run: |
-          ./gradlew release -PreleaseMode -Pscripts.version=${{env.SCRIPTS_VERSION}} -Pbom.version=${{env.BOM_VERSION}} \
-          -PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
+          ./gradlew release -PreleaseMode -PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
           -PgpgPassphrase=${{secrets.GPG_PASSPHRASE}} -PgpgPrivateKey="${{secrets.GPG_PRIVATE_KEY}}" \
           -Prelease.releaseVersion=${{env.RELEASE_VERSION}}

.github/workflows/rc.yaml

@@ -0,0 +1,93 @@
+name: Build RC Docker image
+
+on:
+  push:
+    branches:
+      - "rc/*"
+      - "hotfix/*"
+
+env:
+  AWS_REGION: ${{ vars.AWS_REGION }}         # set this to your preferred AWS region, e.g. us-west-1
+  ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }} # set this to your Amazon ECR repository name
+  PLATFORMS: ${{ vars.BUILD_PLATFORMS }}     # set target build platforms. By default linux/amd64
+  RELEASE_MODE: ${{ vars.RELEASE_MODE }}
+
+jobs:
+  build-and-export:
+    name: Build and export to AWS ECR
+    runs-on: ubuntu-latest
+    environment: rc
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          # role-to-assume: arn:aws:iam::123456789012:role/my-github-actions-role
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+
+      - name: Create variables
+        id: vars
+        run: |
+          echo "tag=$(echo ${{ github.ref_name }} | tr '/' '-')" >> $GITHUB_OUTPUT
+          echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+          echo "version=$(echo '${{ github.ref_name }}' | sed -nE 's/.*([0-9]+\.[0-9]+\.[0-9]+).*/\1/p')" >> $GITHUB_OUTPUT
+      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build
+        uses: docker/build-push-action@v4
+        env:
+          VERSION: ${{ steps.vars.outputs.version }}
+          DATE: ${{ steps.vars.outputs.date }}
+          IMAGE_TAG: ${{ steps.vars.outputs.tag }}
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        with:
+          context: .
+          push: true
+          build-args: |
+            APP_VERSION=${{ env.VERSION }}
+            BUILD_DATE=${{ env.DATE }}
+            GITHUB_USER=${{ secrets.GH_USER }}
+            GITHUB_TOKEN=${{ secrets.GH_TOKEN }}
+            RELEASE_MODE=${{ env.RELEASE_MODE }}
+          platforms: ${{ env.PLATFORMS }}
+          tags: |
+            ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
+            ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        env:
+          IMAGE_TAG: ${{ steps.vars.outputs.tag }}
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        with:
+          image-ref: '${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}'
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Summarize
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ steps.vars.outputs.tag }}
+        run: |
+          echo "## General information about the build:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- :gift: Docker image in Amazon ECR: ecr/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_STEP_SUMMARY
+          echo "- :octocat: The commit SHA from which the build was performed: [$GITHUB_SHA](https://github.com/$GITHUB_REPOSITORY/commit/$GITHUB_SHA)" >> $GITHUB_STEP_SUMMARY

.github/workflows/release.yml

@@ -11,9 +11,7 @@ on:
 
 env:
   GH_USER_NAME: github.actor
-  SCRIPTS_VERSION: 5.8.0
-  BOM_VERSION: 5.7.6
-  RELEASE_VERSION: 5.8.1
+  RELEASE_VERSION: 5.10.0
 
 jobs:
   release:
@@ -41,7 +39,6 @@ jobs:
       - name: Release with Gradle
         id: release
         run: |
-          ./gradlew release -PreleaseMode -Pscripts.version=${{env.SCRIPTS_VERSION}} -Pbom.version=${{env.BOM_VERSION}} \
-          -PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
+          ./gradlew release -PreleaseMode -PgithubUserName=${{env.GH_USER_NAME}} -PgithubToken=${{secrets.GITHUB_TOKEN}} \
           -PgpgPassphrase=${{secrets.GPG_PASSPHRASE}} -PgpgPrivateKey="${{secrets.GPG_PRIVATE_KEY}}" \
           -Prelease.releaseVersion=${{env.RELEASE_VERSION}}

Dockerfile

@@ -1,9 +1,26 @@
-FROM alpine:latest
-LABEL version=5.8.2 description="Unified Authorization Trap for all ReportPortal's Services" maintainer="Andrei Varabyeu <andrei_varabyeu@epam.com>, Hleb Kanonik <hleb_kanonik@epam.com>"
-ARG GH_TOKEN
-RUN echo 'exec java ${JAVA_OPTS} -jar service-authorization-5.8.2-exec.jar' > /start.sh && chmod +x /start.sh && \
-	wget --header="Authorization: Bearer ${GH_TOKEN}"  -q https://maven.pkg.github.com/reportportal/service-authorization/com/epam/reportportal/service-authorization/5.8.2/service-authorization-5.8.2-exec.jar
-ENV JAVA_OPTS="-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom"
+FROM gradle:6.8.3-jdk11 AS build
+ARG RELEASE_MODE
+ARG APP_VERSION
+ARG GITHUB_USER
+ARG GITHUB_TOKEN
+WORKDIR /usr/app
+COPY . /usr/app
+RUN if [ "${RELEASE_MODE}" = true ]; then \
+    gradle build --exclude-task test \
+        -PreleaseMode=true \
+        -PgithubUserName=${GITHUB_USER} \
+        -PgithubToken=${GITHUB_TOKEN} \
+        -Dorg.gradle.project.version=${APP_VERSION}; \
+    else gradle build --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi
+
+# For ARM build use flag: `--platform linux/arm64`
+FROM --platform=$BUILDPLATFORM amazoncorretto:11.0.20
+LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu <andrei_varabyeu@epam.com>, Hleb Kanonik <hleb_kanonik@epam.com>"
+ARG APP_VERSION=${APP_VERSION}
+ENV APP_DIR=/usr/app
+ENV JAVA_OPTS="-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom"
+WORKDIR $APP_DIR
+COPY --from=build $APP_DIR/build/libs/service-authorization-*exec.jar .
 VOLUME ["/tmp"]
 EXPOSE 8080
-ENTRYPOINT ./start.sh
+ENTRYPOINT exec java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar

build.gradle

@@ -43,7 +43,7 @@ ext['log4j2.version'] = '2.17.1'
 
 dependencyManagement {
     imports {
-        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + getProperty('bom.version') : 'com.github.reportportal:commons-bom:f0b6bb6b')
+        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.10.0' : 'com.github.reportportal:commons-bom:f0b6bb6b')
     }
 }
 
@@ -53,9 +53,9 @@ dependencies {
         compile 'com.epam.reportportal:commons-rules'
         compile 'com.epam.reportportal:commons-model'
     } else {
-        compile 'com.github.reportportal:commons-dao:c0d3d19'
-        compile 'com.github.reportportal:commons-rules:331c402'
-        compile 'com.github.reportportal:commons-model:d61b714'
+        compile 'com.github.reportportal:commons-dao:ee00dee8'
+        compile 'com.github.reportportal:commons-rules:933ff17d'
+        compile 'com.github.reportportal:commons-model:232e69a5'
     }
 
     //Fix CVE-2021-41079, CVE-2022-23181, CVE-2021-33037, CVE-2021-30640, CVE-2022-42252
@@ -76,6 +76,7 @@ dependencies {
     compile 'org.springframework.boot:spring-boot-starter-web'
     compile 'org.springframework.boot:spring-boot-starter-actuator'
     compile 'org.springframework.boot:spring-boot-starter-security'
+    compile 'org.springframework.boot:spring-boot-starter-amqp'
 
     ///// Security
     //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408
@@ -102,6 +103,7 @@ dependencies {
     compile 'org.yaml:snakeyaml:1.32'
     compile 'org.hibernate:hibernate-core:5.4.24.Final'
     compile 'org.springframework:spring-core:5.3.20'
+    compile "com.rabbitmq:http-client:2.1.0.RELEASE"
 }
 
 processResources {
@@ -117,8 +119,7 @@ bootJar {
 jar.enabled(true)
 jar.archiveClassifier.set('')
 
-addDockerfileToGit.dependsOn createDockerfile
-beforeReleaseBuild.dependsOn addDockerfileToGit
+
 publish.dependsOn build
 publish.mustRunAfter build
 

gradle.properties

@@ -1,6 +1,6 @@
-version=5.8.3
+version=5.10.0
 description=Unified Authorization Trap for all ReportPortal's Services
 dockerPrepareEnvironment=
 dockerJavaOpts=-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom
 dockerJavaOptsDev=-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djava.security.egd=file:/dev/./urandom
-dockerServerUrl=unix:///var/run/docker.sock
+dockerServerUrl=unix:///var/run/docker.sock

jitpack.yml

@@ -0,0 +1,2 @@
+jdk:
+  - openjdk11

project-properties.gradle

@@ -7,7 +7,7 @@ project.ext {
     publishRepo = "https://maven.pkg.github.com/reportportal/service-authorization"
     dependencyRepos = ["commons-dao", "commons-rules", "commons-model", "commons-bom"]
     releaseMode = project.hasProperty("releaseMode")
-    scriptsUrl = commonScriptsUrl + (releaseMode ? getProperty('scripts.version') : 'master')
+    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.10.0' : 'master')
     isDebugMode = System.getProperty("DEBUG", "false") == "true"
 }
 

src/main/java/com/epam/reportportal/auth/config/rabbit/RabbitMqConfig.java

@@ -0,0 +1,45 @@
+package com.epam.reportportal.auth.config.rabbit;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.net.URI;
+import org.springframework.amqp.rabbit.annotation.EnableRabbit;
+import org.springframework.amqp.rabbit.connection.CachingConnectionFactory;
+import org.springframework.amqp.rabbit.connection.ConnectionFactory;
+import org.springframework.amqp.rabbit.core.RabbitTemplate;
+import org.springframework.amqp.support.converter.Jackson2JsonMessageConverter;
+import org.springframework.amqp.support.converter.MessageConverter;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@EnableRabbit
+@Configuration
+public class RabbitMqConfig {
+
+  private final ObjectMapper objectMapper;
+
+  public RabbitMqConfig(ObjectMapper objectMapper) {
+    this.objectMapper = objectMapper;
+  }
+
+  @Bean
+  public MessageConverter jsonMessageConverter() {
+    return new Jackson2JsonMessageConverter(objectMapper);
+  }
+
+  @Bean
+  public ConnectionFactory connectionFactory(@Value("${rp.amqp.addresses}") URI addresses,
+      @Value("${rp.amqp.base-vhost}") String virtualHost) {
+    final CachingConnectionFactory cachingConnectionFactory = new CachingConnectionFactory(addresses);
+    cachingConnectionFactory.setVirtualHost(virtualHost);
+    return cachingConnectionFactory;
+  }
+
+  @Bean
+  public RabbitTemplate rabbitTemplate(ConnectionFactory connectionFactory) {
+    RabbitTemplate rabbitTemplate = new RabbitTemplate(connectionFactory);
+    rabbitTemplate.setMessageConverter(jsonMessageConverter());
+    return rabbitTemplate;
+  }
+
+}

src/main/java/com/epam/reportportal/auth/event/ActivityEventHandler.java

@@ -0,0 +1,41 @@
+package com.epam.reportportal.auth.event;
+
+import com.epam.reportportal.auth.event.activity.ActivityEvent;
+import com.epam.ta.reportportal.entity.activity.Activity;
+import org.springframework.amqp.rabbit.core.RabbitTemplate;
+import org.springframework.context.event.EventListener;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.event.TransactionalEventListener;
+
+/**
+ * Activity Event Handler catch events after commit, transforms to Activity and send to queue.
+ *
+ * @author Ryhor_Kukharenka
+ */
+@Component
+public class ActivityEventHandler {
+
+  private static final String EXCHANGE_ACTIVITY = "activity";
+  private final RabbitTemplate rabbitTemplate;
+
+  public ActivityEventHandler(RabbitTemplate rabbitTemplate) {
+    this.rabbitTemplate = rabbitTemplate;
+  }
+
+  @EventListener
+  @TransactionalEventListener
+  public void onApplicationEvent(ActivityEvent event) {
+    Activity activity = event.toActivity();
+    String key = generateKey(activity);
+
+    rabbitTemplate.convertAndSend(EXCHANGE_ACTIVITY, key, activity);
+  }
+
+  private String generateKey(Activity activity) {
+    return String.format("activity.%d.%s.%s",
+        activity.getProjectId(),
+        activity.getObjectType(),
+        activity.getEventName());
+  }
+
+}