Merge pull request #104 from wultra/develop

Merge develop to master

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/codeql.yml

@@ -0,0 +1,22 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ 'develop', 'master', 'releases/**' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'develop', 'master', 'releases/**' ]
+  schedule:
+    - cron: '17 14 * * 2'
+
+jobs:
+  codeql-analysis:
+    uses: wultra/wultra-infrastructure/.github/workflows/codeql-analysis.yml@develop
+    secrets: inherit
+    with:
+      languages: "['java']"
+      # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+      # Use only 'java' to analyze code written in Java, Kotlin or both
+      # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+      # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

.github/workflows/coverity-scan.yml

@@ -0,0 +1,16 @@
+name: Run Coverity scan and upload results
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 10 1 * *'    # monthly
+
+
+jobs:
+  coverity-scan:
+    uses: wultra/wultra-infrastructure/.github/workflows/coverity-scan.yml@develop
+    secrets: inherit
+    with:
+      project-name: ${{ github.event.repository.name }}
+      version: ${{ github.sha }}
+      description: ${{ github.ref }}

.github/workflows/maven-test.yml

@@ -0,0 +1,18 @@
+name: Test with Maven
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+      - 'releases/**'
+  pull_request:
+    branches:
+      - 'develop'
+      - 'master'
+      - 'releases/**'
+
+jobs:
+  maven-tests:
+    uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
+    secrets: inherit

.github/workflows/publish-docker-image.yml

@@ -0,0 +1,65 @@
+---
+name: Build and deploy docker image
+
+on:
+  workflow_dispatch:
+    branches:
+      - 'develop'
+      - 'master'
+      - 'releases/*'
+  pull_request:
+    branches:
+      - 'develop'
+      - 'master'
+      - 'releases/*'
+
+jobs:
+  build:
+    runs-on: 'ubuntu-latest'
+    environment: docker-publish
+    env:
+      # these are global secrets - for readonly access to artifactory
+      INTERNAL_USERNAME: ${{ secrets.JFROG_USERNAME }}
+      INTERNAL_PASSWORD: ${{ secrets.JFROG_PASSWORD }}
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        server-id: jfrog-central
+        server-username: INTERNAL_USERNAME
+        server-password: INTERNAL_PASSWORD
+    - name: Set Timestamp for docker image for development branch
+      if: github.ref == 'refs/heads/develop'
+      run: echo "TIMESTAMP=-$(date +%Y.%m.%d)" >> $GITHUB_ENV
+    - name: Get Mobile Utility Server version
+      run: |
+        REVISION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
+        echo "REVISION=$REVISION" >> $GITHUB_ENV
+    - name: Prepare wars and libs
+      run: |
+        mvn clean package
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+      with:
+        install: true
+
+    - name: Log in to Azure registry
+      if: ${{ github.event_name == 'workflow_dispatch' }}
+      uses: docker/login-action@v2
+      with:
+        registry: https://powerauth.azurecr.io/
+        username: ${{ secrets.ACR_USERNAME }}
+        password: ${{ secrets.ACR_PASSWORD }}
+    - name: Build and push container image to Azure registry
+      uses: docker/build-push-action@v3
+      with:
+        push: ${{ github.event_name == 'workflow_dispatch' }}
+        platforms: linux/amd64
+        tags: powerauth.azurecr.io/mobile-utility-server:${{ env.REVISION }}${{ env.TIMESTAMP }}-${{ github.sha }}
+        file: ./deploy/dockerfile/runtime/Dockerfile
+        context: .
+

.gitignore

@@ -6,6 +6,9 @@ target/
 !**/src/main/**/target/
 !**/src/test/**/target/
 
+# Docker image support files
+**/deploy/images/*.war
+
 ### STS ###
 .apt_generated
 .classpath

.run/MobileUtilityServerApplication.run.xml

@@ -0,0 +1,11 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="MobileUtilityServerApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot" nameIsGenerated="true">
+    <option name="DEBUG_MODE" value="true" />
+    <module name="mobile-utility-server" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.mobileutilityserver.MobileUtilityServerApplication" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+      <option name="Maven.BeforeRunTask" enabled="true" file="$PROJECT_DIR$/pom.xml" goal="process-resources" />
+    </method>
+  </configuration>
+</component>

deploy/conf/application.properties

@@ -0,0 +1,36 @@
+#
+# Wultra Mobile Utility Server
+# Copyright (C) 2020  Wultra s.r.o.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+# Allow externalization of properties using application-ext.properties
+spring.profiles.active=ext
+
+# Database Configuration - PostgreSQL
+spring.datasource.url=${MOBILE_UTILITY_SERVER_DATASOURCE_URL:jdbc:postgresql://host.docker.internal:5432/powerauth}
+spring.datasource.username=${MOBILE_UTILITY_SERVER_DATASOURCE_USERNAME:powerauth}
+spring.datasource.password=${MOBILE_UTILITY_SERVER_DATASOURCE_PASSWORD:}
+spring.datasource.driverClassName=${MOBILE_UTILITY_SERVER_DATASOURCE_DRIVER:org.postgresql.Driver}
+spring.jpa.properties.hibernate.connection.CharSet=${MOBILE_UTILITY_SERVER_JPA_CHARSET:}
+spring.jpa.properties.hibernate.connection.characterEncoding=${MOBILE_UTILITY_SERVER_JPA_CHARACTER_ENCODING:utf8}
+spring.jpa.properties.hibernate.connection.useUnicode=${MOBILE_UTILITY_SERVER_JPA_USE_UNICODE:true}
+spring.jpa.database-platform=${MOBILE_UTILITY_SERVER_JPA_DATABASE_PLATFORM:org.hibernate.dialect.PostgreSQLDialect}
+spring.datasource.jndi-name=${MOBILE_UTILITY_SERVER_DATASOURCE_JNDI_NAME:false}
+
+# Hibernate Configuration
+spring.jpa.hibernate.ddl-auto=${MOBILE_UTILITY_SERVER_JPA_DDL_AUTO:none}
+
+logging.config=${MOBILE_UTILITY_SERVER_LOGGING:}

deploy/conf/logback/mus-logback.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder class="net.logstash.logback.encoder.LogstashEncoder">
+            <includeMdc>true</includeMdc>
+            <customFields>{"appname":"mobile-utility-server"}</customFields>
+        </encoder>
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="CONSOLE"/>
+    </root>
+</configuration>

deploy/dockerfile/builder/Dockerfile

@@ -0,0 +1,9 @@
+# Docker Image for Build
+FROM maven:3.9.0-ibm-semeru-17-focal
+WORKDIR /workspace
+
+COPY pom.xml .
+COPY lombok.config .
+COPY src src
+
+RUN --mount=type=cache,target=/root/.m2 mvn clean package -DskipTests

deploy/dockerfile/database/Dockerfile

@@ -0,0 +1,45 @@
+# Docker Image for Runtime
+FROM ibm-semeru-runtimes:open-17.0.8_7-jre
+
+LABEL maintainer="Petr Dvořák <[email protected]>"
+
+# Prepare environment variables
+# LIQUIBASE_ prefix must not be used, because this is only supported in PRO version
+ENV JAVA_HOME=/opt/java/openjdk \
+    LB_HOME=/usr/local/liquibase \
+    LB_VERSION=4.23.2 \
+    TZ=UTC
+
+ENV PATH=$PATH:$LB_HOME
+
+# Upgrade OS and dependencies
+RUN apt-get -y update  \
+    && apt-get -y upgrade \
+    && apt-get -y install bash wget \
+# Install Liquibase, inspired by https://github.com/mobtitude/liquibase/blob/master/Dockerfile
+    && set -x \
+    && wget -q -O /tmp/liquibase.tar.gz "https://github.com/liquibase/liquibase/releases/download/v$LB_VERSION/liquibase-$LB_VERSION.tar.gz" \
+    && [ "fc7d2a9fa97d91203d639b664715d40953c6c9155a5225a0ddc4c8079b9a3641  /tmp/liquibase.tar.gz" = "$(sha256sum /tmp/liquibase.tar.gz)" ] \
+    && mkdir -p "$LB_HOME" \
+    && tar -xzf /tmp/liquibase.tar.gz -C "$LB_HOME" \
+    && rm -rf "$LB_HOME/sdk" "$LB_HOME/examples" \
+# Uninstall packages which are no longer needed and clean apt caches
+    && apt-get -y remove wget gettext-base \
+    && apt-get -y purge --auto-remove \
+    && rm -rf /tmp/* /var/cache/apt/* \
+# Remove default Liquibase data
+    && rm -rf $LB_HOME/data \
+# Add PowerAuth user
+    && groupadd -r powerauth && useradd -r -g powerauth -s /sbin/nologin powerauth
+
+# Copy new Liquibase data
+COPY docs/db/changelog $LB_HOME/db/changelog
+
+# Set non-root PowerAuth user
+USER powerauth
+
+# Define entry point with mandatory commands (liquibase)
+COPY deploy/dockerfile/database/docker-entrypoint.sh /
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+

deploy/dockerfile/database/docker-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+
+liquibase --headless=true --log-level=INFO --changeLogFile=$LB_HOME/db/changelog/db.changelog-master.xml \
+  --username=$MOBILE_UTILITY_SERVER_DATASOURCE_USERNAME \
+  --password=$MOBILE_UTILITY_SERVER_DATASOURCE_PASSWORD \
+  --url=$MOBILE_UTILITY_SERVER_DATASOURCE_URL \
+  update

deploy/dockerfile/runtime/Dockerfile

@@ -0,0 +1,56 @@
+# Docker Image for Runtime
+FROM ibm-semeru-runtimes:open-17.0.8_7-jre
+
+LABEL maintainer="Petr Dvořák <[email protected]>"
+
+# Prepare environment variables
+# LIQUIBASE_ prefix must not be used, because this is only supported in PRO version
+ENV JAVA_HOME=/opt/java/openjdk \
+    LB_HOME=/usr/local/liquibase \
+    LB_VERSION=4.23.2 \
+    LOGBACK_CONF=/opt/logback/conf \
+    TZ=UTC
+
+ENV PATH=$PATH:$LB_HOME
+
+# Upgrade OS and dependencies
+RUN apt-get -y update  \
+    && apt-get -y upgrade \
+    && apt-get -y install bash wget \
+# Install Liquibase, inspired by https://github.com/mobtitude/liquibase/blob/master/Dockerfile
+    && set -x \
+    && wget -q -O /tmp/liquibase.tar.gz "https://github.com/liquibase/liquibase/releases/download/v$LB_VERSION/liquibase-$LB_VERSION.tar.gz" \
+    && [ "fc7d2a9fa97d91203d639b664715d40953c6c9155a5225a0ddc4c8079b9a3641  /tmp/liquibase.tar.gz" = "$(sha256sum /tmp/liquibase.tar.gz)" ] \
+    && mkdir -p "$LB_HOME" \
+    && tar -xzf /tmp/liquibase.tar.gz -C "$LB_HOME" \
+    && rm -rf "$LB_HOME/sdk" "$LB_HOME/examples" \
+# Uninstall packages which are no longer needed and clean apt caches
+    && apt-get -y remove wget gettext-base \
+    && apt-get -y purge --auto-remove \
+    && rm -rf /tmp/* /var/cache/apt/* \
+# Remove default Liquibase data
+    && rm -rf $LB_HOME/data \
+# Add PowerAuth user
+    && groupadd -r powerauth && useradd -r -g powerauth -s /sbin/nologin powerauth
+
+# Copy new Liquibase data
+COPY docs/db/changelog $LB_HOME/db/changelog
+
+# Deploy and run applications
+COPY deploy/conf/application.properties /application.properties
+COPY target/mobile-utility-server.war /mobile-utility-server.war
+
+# Docker configuration
+EXPOSE 8000
+STOPSIGNAL SIGQUIT
+
+# Set non-root PowerAuth user
+USER powerauth
+
+COPY deploy/conf/logback/* $LOGBACK_CONF/
+
+# Define entry point with mandatory commands (liquibase)
+COPY deploy/dockerfile/runtime/docker-entrypoint.sh /
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+

deploy/dockerfile/runtime/docker-entrypoint.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+
+liquibase --headless=true --log-level=INFO --changeLogFile=$LB_HOME/db/changelog/db.changelog-master.xml \
+  --username=$MOBILE_UTILITY_SERVER_DATASOURCE_USERNAME \
+  --password=$MOBILE_UTILITY_SERVER_DATASOURCE_PASSWORD \
+  --url=$MOBILE_UTILITY_SERVER_DATASOURCE_URL \
+  update
+
+java -Dserver.port=8000 -jar /mobile-utility-server.war

deploy/env.list.tmp

@@ -0,0 +1,11 @@
+MOBILE_UTILITY_SERVER_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth
+MOBILE_UTILITY_SERVER_DATASOURCE_USERNAME=powerauth
+MOBILE_UTILITY_SERVER_DATASOURCE_PASSWORD=powerauth
+MOBILE_UTILITY_SERVER_DATASOURCE_DRIVER=org.postgresql.Driver
+MOBILE_UTILITY_SERVER_JPA_DDL_AUTO=none
+MOBILE_UTILITY_SERVER_JPA_CHARSET=
+MOBILE_UTILITY_SERVER_JPA_CHARACTER_ENCODING=utf8
+MOBILE_UTILITY_SERVER_JPA_USE_UNICODE=true
+MOBILE_UTILITY_SERVER_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect
+MOBILE_UTILITY_SERVER_DATASOURCE_JNDI_NAME=false
+MOBILE_UTILITY_SERVER_LOGGING=

docker-build.sh

@@ -0,0 +1,33 @@
+#
+# Wultra Mobile Utility Server
+# Copyright (C) 2023  Wultra s.r.o.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+PLATFORM="${PLATFORM:=linux/arm64}"
+
+# Build the application and copy the files in /target folder
+docker build --platform ${PLATFORM} -f deploy/dockerfile/builder/Dockerfile . -t mobile-utility-server-builder
+
+rm -rf ./target
+containerId=$(docker create mobile-utility-server-builder)
+docker cp "$containerId":/workspace/target/ .
+docker rm "$containerId"
+
+# Build the image that upgrades database schema with Liquibase
+docker build --platform ${PLATFORM} -f deploy/dockerfile/database/Dockerfile . -t mobile-utility-server-database
+
+# Build the actual runtime image that runs the application
+docker build --platform ${PLATFORM} -f deploy/dockerfile/runtime/Dockerfile . -t mobile-utility-server