diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 5fb652f80..fe4e30d56 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -162,4 +162,4 @@ jobs:
path: "**/surefire-reports/**/*.xml"
reporter: java-junit
fail-on-error: true
- only-summary: 'true'
+ only-summary: 'true'
\ No newline at end of file
diff --git a/.github/workflows/deploy-managed-ema-image.yaml b/.github/workflows/deploy-managed-ema-image.yaml
new file mode 100644
index 000000000..cd242bb43
--- /dev/null
+++ b/.github/workflows/deploy-managed-ema-image.yaml
@@ -0,0 +1,112 @@
+name: Deploy Managed EMA
+on:
+ workflow_dispatch:
+ inputs:
+ releaseVersion:
+ description: "The image tag in ECR to push to a new environment."
+ required: true
+ default: "A.B.C"
+ deployEnvironment:
+ description: "Environment to deploy to (development/staging/production)."
+ required: true
+ type: choice
+ options:
+ - development
+ - staging
+ - production
+jobs:
+ deploy:
+ runs-on: ubuntu-latest
+ environment: prod
+
+ steps:
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v2
+ with:
+ aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
+ aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
+ - name: Login to Amazon ECR
+ id: login-ecr
+ uses: aws-actions/amazon-ecr-login@v1.6.0
+ - name: ECR (Dev) - Pull Image
+ run: |
+ ECR_DEV_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main"
+ docker pull $ECR_DEV_IMAGE
+ echo "ECR_DEV_IMAGE=$ECR_DEV_IMAGE" >> $GITHUB_ENV
+ - name: GCR (Dev) - Login
+ if: ${{ github.event.inputs.deployEnvironment == 'development' }}
+ uses: docker/login-action@v3
+ with:
+ registry: gcr.io
+ username: _json_key
+ password: ${{ secrets.DEV_GCP_SERVICE_ACCOUNT }}
+ - name: GCR (Dev) - Tag and Push
+ if: ${{ github.event.inputs.deployEnvironment == 'development' }}
+ run: |
+ GCR_IMAGE_TAGS_TO_PUSH=(
+ "${{ github.event.inputs.releaseVersion }}" "latest"
+ )
+ GCR_DEV_IMAGE_REPO="gcr.io/${{ secrets.DEV_GCP_PROJECT_ID }}/${{ github.event.repository.name }}"
+ for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]}
+ do
+ docker tag $ECR_DEV_IMAGE $GCR_DEV_IMAGE_REPO:$current_tag
+ docker push $GCR_DEV_IMAGE_REPO:$current_tag
+ done2
+ - name: GCR (Staging) - Login
+ if: ${{ github.event.inputs.deployEnvironment == 'staging' }}
+ uses: docker/login-action@v3
+ with:
+ registry: gcr.io
+ username: _json_key
+ password: ${{ secrets.STAGING_GCP_SERVICE_ACCOUNT }}
+ - name: GCR (Staging) - Tag and Push
+ if: ${{ github.event.inputs.deployEnvironment == 'staging' }}
+ run: |
+ GCR_IMAGE_TAGS_TO_PUSH=(
+ "${{ github.event.inputs.releaseVersion }}" "latest"
+ )
+ GCR_STAGING_IMAGE_REPO="gcr.io/${{ secrets.STAGING_GCP_PROJECT_ID }}/${{ github.event.repository.name }}"
+ for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]}
+ do
+ docker tag $ECR_DEV_IMAGE $GCR_STAGING_IMAGE_REPO:$current_tag
+ docker push $GCR_STAGING_IMAGE_REPO:$current_tag
+ done
+ - name: GCR (Production) - Login
+ if: ${{ github.event.inputs.deployEnvironment == 'production' }}
+ uses: docker/login-action@v3
+ with:
+ registry: gcr.io
+ username: _json_key
+ password: ${{ secrets.PROD_GCP_SERVICE_ACCOUNT }}
+ - name: GCR (Prod) - Tag and Push
+ if: ${{ github.event.inputs.deployEnvironment == 'production' }}
+ run: |
+ GCR_IMAGE_TAGS_TO_PUSH=(
+ "${{ github.event.inputs.releaseVersion }}" "latest"
+ )
+ GCR_PROD_IMAGE_REPO="gcr.io/${{ secrets.PROD_GCP_PROJECT_ID }}/${{ github.event.repository.name }}"
+ for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]}
+ do
+ docker tag $ECR_DEV_IMAGE $GCR_PROD_IMAGE_REPO:$current_tag
+ docker push $GCR_PROD_IMAGE_REPO:$current_tag
+ done
+ - name: Log in to Azure China prod docker registry
+ if: ${{ github.event.inputs.deployEnvironment == 'production' }}
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ secrets.AZURE_CHINA_PROD_HOSTNAME }}
+ username: ${{ secrets.AZURE_CHINA_PROD_USERNAME }}
+ password: ${{ secrets.AZURE_CHINA_PROD_PASSWORD }}
+ - name: Azure China (Prod) - Tag and Push
+ if: ${{ github.event.inputs.deployEnvironment == 'production' }}
+ run: |
+ IMAGE_TAGS_TO_PUSH=(
+ "${{ github.event.inputs.releaseVersion }}" "latest"
+ )
+ PROD_IMAGE_REPO="${{ secrets.AZURE_CHINA_PROD_HOSTNAME }}/${{ github.event.repository.name }}"
+ for current_tag in ${IMAGE_TAGS_TO_PUSH[@]}
+ do
+ docker tag $ECR_DEV_IMAGE $PROD_IMAGE_REPO:$current_tag
+ docker push $PROD_IMAGE_REPO:$current_tag
+ done
\ No newline at end of file
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3aaf72832..33a78e654 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -3,11 +3,11 @@ on:
workflow_dispatch:
inputs:
releaseVersion:
- description: "Default version to use when preparing a release."
+ description: "Default version to use when preparing a release (the current version with '-SNAPSHOT' removed)."
required: true
- default: "X.Y.Z"
+ default: "A.B.C"
developmentVersion:
- description: "Default version to use for new local working copy."
+ description: "Default version to use for new local working copy (the next version after version A.B.C)."
required: true
default: "X.Y.Z-SNAPSHOT"
jobs:
@@ -132,4 +132,4 @@ jobs:
export image_tag=${{ github.event.inputs.releaseVersion }}
export chart_version="n/a"
export sha=${{ github.sha }}
- ./.github/workflows/release_scripts/update_release_manifest.sh
+ ./.github/workflows/release_scripts/update_release_manifest.sh
\ No newline at end of file
diff --git a/service/application/docker/Dockerfile b/service/application/docker/Dockerfile
index cfd777073..dfd198860 100644
--- a/service/application/docker/Dockerfile
+++ b/service/application/docker/Dockerfile
@@ -1,9 +1,21 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
+# default user name is "emauser"
+ARG USER=emauser
+ENV HOME /home/$USER
+
VOLUME /tmp
-RUN mkdir -p /opt/ema && chmod 777 /opt/ema && mkdir -p /opt/ema/terraform && chmod 777 /opt/ema/terraform
+# create user and directory setup
+RUN adduser -D $USER && \
+ mkdir -p /opt/ema && \
+ chmod 777 /opt/ema && \
+ mkdir -p /opt/ema/terraform && \
+ chmod 777 /opt/ema/terraform && \
+ chown -R $USER:$USER $HOME && \
+ chown -R $USER:$USER /opt/ema/
+
WORKDIR /opt/ema
ARG PLATFORM=linux_amd64
@@ -11,16 +23,14 @@ ARG PLATFORM=linux_amd64
COPY tofu_1.7.0_amd64.apk /opt/ema/terraform
RUN apk --update add --allow-untrusted /opt/ema/terraform/tofu_1.7.0_amd64.apk
-ARG SOLACE_PROVIDER_VERSION=0.9.2-rc.2
-ADD terraform-provider-solacebroker_${SOLACE_PROVIDER_VERSION}_${PLATFORM}.tar.gz /opt/ema/terraform
-
-COPY .terraformrc /root/.terraformrc
-
+COPY .terraformrc $HOME/.terraformrc
RUN printf '#!/bin/ash\ntofu $*' > /opt/ema/terraform/terraform
RUN chmod +x /opt/ema/terraform/terraform
-
ENV PATH $PATH:/opt/ema/terraform
+ARG SOLACE_PROVIDER_VERSION=0.9.2-rc.2
+ADD terraform-provider-solacebroker_${SOLACE_PROVIDER_VERSION}_${PLATFORM}.tar.gz /opt/ema/terraform
+
ARG GITHASH
ARG GITBRANCH
ARG BUILD_TIMESTAMP
@@ -29,6 +39,9 @@ ENV GITHASH="${GITHASH}" \
GITBRANCH="${GITBRANCH}" \
BUILD_TIMESTAMP="${BUILD_TIMESTAMP}"
+# switch to the created user from root
+USER $USER
+
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
diff --git a/service/application/pom.xml b/service/application/pom.xml
index 3748476f6..ea348d31e 100644
--- a/service/application/pom.xml
+++ b/service/application/pom.xml
@@ -4,11 +4,11 @@
com.solace.maas
maas-event-management-agent-parent
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
..
event-management-agent
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Application
Solace Event Management Agent - Application
@@ -235,32 +235,32 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
com.solace.maas.plugin.kafka
kafka-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
com.solace.maas.plugin.solace
solace-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
com.solace.maas.plugin.localstorage
local-storage-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
com.solace.maas.plugin.confluent-schema-registry
confluent-schema-registry-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
com.solace.maas.plugin.terraform
terraform-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
diff --git a/service/confluent-schema-registry-plugin/pom.xml b/service/confluent-schema-registry-plugin/pom.xml
index 3aded592e..05c666f2c 100644
--- a/service/confluent-schema-registry-plugin/pom.xml
+++ b/service/confluent-schema-registry-plugin/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.solace.maas.plugin.confluent-schema-registry
confluent-schema-registry-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Confluent Schema Registry Plugin
Solace Event Management Agent - Confluent Schema Registry Plugin
@@ -22,7 +22,7 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
org.springframework.boot
diff --git a/service/kafka-plugin/pom.xml b/service/kafka-plugin/pom.xml
index 8b650ff3f..51cce42fd 100644
--- a/service/kafka-plugin/pom.xml
+++ b/service/kafka-plugin/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.solace.maas.plugin.kafka
kafka-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Kafka Plugin
Solace Event Management Agent - Kafka Plugin
@@ -81,7 +81,7 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
org.junit.jupiter
diff --git a/service/local-storage-plugin/pom.xml b/service/local-storage-plugin/pom.xml
index bc3af16e5..60ed2c265 100644
--- a/service/local-storage-plugin/pom.xml
+++ b/service/local-storage-plugin/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.solace.maas.plugin.localstorage
local-storage-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Local Storage Plugin
Solace Event Management Agent - Local Storage Plugin
@@ -115,7 +115,7 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
org.json
diff --git a/service/plugin/pom.xml b/service/plugin/pom.xml
index 45a2efa25..616d21d67 100644
--- a/service/plugin/pom.xml
+++ b/service/plugin/pom.xml
@@ -4,12 +4,12 @@
com.solace.maas
maas-event-management-agent-parent
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
..
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Plugin
Solace Event Management Agent - Plugin
diff --git a/service/pom.xml b/service/pom.xml
index c9ac58370..c48410bf9 100644
--- a/service/pom.xml
+++ b/service/pom.xml
@@ -9,7 +9,7 @@
com.solace.maas
maas-event-management-agent-parent
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
pom
Solace Event Management Agent Maven Parent
Solace Solace Event Management Agent Maven Parent
diff --git a/service/rabbitmq-plugin/pom.xml b/service/rabbitmq-plugin/pom.xml
index e19cdae8b..bd543c72f 100644
--- a/service/rabbitmq-plugin/pom.xml
+++ b/service/rabbitmq-plugin/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.solace.maas.plugin.rabbitmq
rabbitmq-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - RabbitMQ Plugin
Solace Event Management Agent - RabbitMQ Plugin
@@ -27,7 +27,7 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
diff --git a/service/solace-plugin/pom.xml b/service/solace-plugin/pom.xml
index 471a514c3..b10cd5fb6 100644
--- a/service/solace-plugin/pom.xml
+++ b/service/solace-plugin/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.solace.maas.plugin.solace
solace-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Solace Plugin
Solace Event Management Agent - Solace Plugin
@@ -96,7 +96,7 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
org.yaml
diff --git a/service/terraform-plugin/pom.xml b/service/terraform-plugin/pom.xml
index 6e1f7848c..644bcaa98 100644
--- a/service/terraform-plugin/pom.xml
+++ b/service/terraform-plugin/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.solace.maas.plugin.terraform
terraform-plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
jar
Solace Event Management Agent - Terraform Plugin
Solace Event Management Agent - Terraform Plugin
@@ -65,7 +65,7 @@
com.solace.maas
plugin
- 1.6.11-SNAPSHOT
+ 1.6.12-SNAPSHOT
org.yaml