diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5fb652f80..fe4e30d56 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -162,4 +162,4 @@ jobs: path: "**/surefire-reports/**/*.xml" reporter: java-junit fail-on-error: true - only-summary: 'true' + only-summary: 'true' \ No newline at end of file diff --git a/.github/workflows/deploy-managed-ema-image.yaml b/.github/workflows/deploy-managed-ema-image.yaml new file mode 100644 index 000000000..cd242bb43 --- /dev/null +++ b/.github/workflows/deploy-managed-ema-image.yaml @@ -0,0 +1,112 @@ +name: Deploy Managed EMA +on: + workflow_dispatch: + inputs: + releaseVersion: + description: "The image tag in ECR to push to a new environment." + required: true + default: "A.B.C" + deployEnvironment: + description: "Environment to deploy to (development/staging/production)." + required: true + type: choice + options: + - development + - staging + - production +jobs: + deploy: + runs-on: ubuntu-latest + environment: prod + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }} + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1.6.0 + - name: ECR (Dev) - Pull Image + run: | + ECR_DEV_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main" + docker pull $ECR_DEV_IMAGE + echo "ECR_DEV_IMAGE=$ECR_DEV_IMAGE" >> $GITHUB_ENV + - name: GCR (Dev) - Login + if: ${{ github.event.inputs.deployEnvironment == 'development' }} + uses: docker/login-action@v3 + with: + registry: gcr.io + username: _json_key + password: ${{ secrets.DEV_GCP_SERVICE_ACCOUNT }} + - name: GCR (Dev) - Tag and Push + if: ${{ github.event.inputs.deployEnvironment == 'development' }} + run: | + GCR_IMAGE_TAGS_TO_PUSH=( + "${{ github.event.inputs.releaseVersion }}" "latest" + ) + GCR_DEV_IMAGE_REPO="gcr.io/${{ secrets.DEV_GCP_PROJECT_ID }}/${{ github.event.repository.name }}" + for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]} + do + docker tag $ECR_DEV_IMAGE $GCR_DEV_IMAGE_REPO:$current_tag + docker push $GCR_DEV_IMAGE_REPO:$current_tag + done2 + - name: GCR (Staging) - Login + if: ${{ github.event.inputs.deployEnvironment == 'staging' }} + uses: docker/login-action@v3 + with: + registry: gcr.io + username: _json_key + password: ${{ secrets.STAGING_GCP_SERVICE_ACCOUNT }} + - name: GCR (Staging) - Tag and Push + if: ${{ github.event.inputs.deployEnvironment == 'staging' }} + run: | + GCR_IMAGE_TAGS_TO_PUSH=( + "${{ github.event.inputs.releaseVersion }}" "latest" + ) + GCR_STAGING_IMAGE_REPO="gcr.io/${{ secrets.STAGING_GCP_PROJECT_ID }}/${{ github.event.repository.name }}" + for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]} + do + docker tag $ECR_DEV_IMAGE $GCR_STAGING_IMAGE_REPO:$current_tag + docker push $GCR_STAGING_IMAGE_REPO:$current_tag + done + - name: GCR (Production) - Login + if: ${{ github.event.inputs.deployEnvironment == 'production' }} + uses: docker/login-action@v3 + with: + registry: gcr.io + username: _json_key + password: ${{ secrets.PROD_GCP_SERVICE_ACCOUNT }} + - name: GCR (Prod) - Tag and Push + if: ${{ github.event.inputs.deployEnvironment == 'production' }} + run: | + GCR_IMAGE_TAGS_TO_PUSH=( + "${{ github.event.inputs.releaseVersion }}" "latest" + ) + GCR_PROD_IMAGE_REPO="gcr.io/${{ secrets.PROD_GCP_PROJECT_ID }}/${{ github.event.repository.name }}" + for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]} + do + docker tag $ECR_DEV_IMAGE $GCR_PROD_IMAGE_REPO:$current_tag + docker push $GCR_PROD_IMAGE_REPO:$current_tag + done + - name: Log in to Azure China prod docker registry + if: ${{ github.event.inputs.deployEnvironment == 'production' }} + uses: docker/login-action@v3 + with: + registry: ${{ secrets.AZURE_CHINA_PROD_HOSTNAME }} + username: ${{ secrets.AZURE_CHINA_PROD_USERNAME }} + password: ${{ secrets.AZURE_CHINA_PROD_PASSWORD }} + - name: Azure China (Prod) - Tag and Push + if: ${{ github.event.inputs.deployEnvironment == 'production' }} + run: | + IMAGE_TAGS_TO_PUSH=( + "${{ github.event.inputs.releaseVersion }}" "latest" + ) + PROD_IMAGE_REPO="${{ secrets.AZURE_CHINA_PROD_HOSTNAME }}/${{ github.event.repository.name }}" + for current_tag in ${IMAGE_TAGS_TO_PUSH[@]} + do + docker tag $ECR_DEV_IMAGE $PROD_IMAGE_REPO:$current_tag + docker push $PROD_IMAGE_REPO:$current_tag + done \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3aaf72832..33a78e654 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,11 +3,11 @@ on: workflow_dispatch: inputs: releaseVersion: - description: "Default version to use when preparing a release." + description: "Default version to use when preparing a release (the current version with '-SNAPSHOT' removed)." required: true - default: "X.Y.Z" + default: "A.B.C" developmentVersion: - description: "Default version to use for new local working copy." + description: "Default version to use for new local working copy (the next version after version A.B.C)." required: true default: "X.Y.Z-SNAPSHOT" jobs: @@ -132,4 +132,4 @@ jobs: export image_tag=${{ github.event.inputs.releaseVersion }} export chart_version="n/a" export sha=${{ github.sha }} - ./.github/workflows/release_scripts/update_release_manifest.sh + ./.github/workflows/release_scripts/update_release_manifest.sh \ No newline at end of file diff --git a/service/application/docker/Dockerfile b/service/application/docker/Dockerfile index cfd777073..dfd198860 100644 --- a/service/application/docker/Dockerfile +++ b/service/application/docker/Dockerfile @@ -1,9 +1,21 @@ ARG BASE_IMAGE FROM ${BASE_IMAGE} +# default user name is "emauser" +ARG USER=emauser +ENV HOME /home/$USER + VOLUME /tmp -RUN mkdir -p /opt/ema && chmod 777 /opt/ema && mkdir -p /opt/ema/terraform && chmod 777 /opt/ema/terraform +# create user and directory setup +RUN adduser -D $USER && \ + mkdir -p /opt/ema && \ + chmod 777 /opt/ema && \ + mkdir -p /opt/ema/terraform && \ + chmod 777 /opt/ema/terraform && \ + chown -R $USER:$USER $HOME && \ + chown -R $USER:$USER /opt/ema/ + WORKDIR /opt/ema ARG PLATFORM=linux_amd64 @@ -11,16 +23,14 @@ ARG PLATFORM=linux_amd64 COPY tofu_1.7.0_amd64.apk /opt/ema/terraform RUN apk --update add --allow-untrusted /opt/ema/terraform/tofu_1.7.0_amd64.apk -ARG SOLACE_PROVIDER_VERSION=0.9.2-rc.2 -ADD terraform-provider-solacebroker_${SOLACE_PROVIDER_VERSION}_${PLATFORM}.tar.gz /opt/ema/terraform - -COPY .terraformrc /root/.terraformrc - +COPY .terraformrc $HOME/.terraformrc RUN printf '#!/bin/ash\ntofu $*' > /opt/ema/terraform/terraform RUN chmod +x /opt/ema/terraform/terraform - ENV PATH $PATH:/opt/ema/terraform +ARG SOLACE_PROVIDER_VERSION=0.9.2-rc.2 +ADD terraform-provider-solacebroker_${SOLACE_PROVIDER_VERSION}_${PLATFORM}.tar.gz /opt/ema/terraform + ARG GITHASH ARG GITBRANCH ARG BUILD_TIMESTAMP @@ -29,6 +39,9 @@ ENV GITHASH="${GITHASH}" \ GITBRANCH="${GITBRANCH}" \ BUILD_TIMESTAMP="${BUILD_TIMESTAMP}" +# switch to the created user from root +USER $USER + ARG JAR_FILE ADD ${JAR_FILE} app.jar diff --git a/service/application/pom.xml b/service/application/pom.xml index 3748476f6..ea348d31e 100644 --- a/service/application/pom.xml +++ b/service/application/pom.xml @@ -4,11 +4,11 @@ com.solace.maas maas-event-management-agent-parent - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT .. event-management-agent - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Application Solace Event Management Agent - Application @@ -235,32 +235,32 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT com.solace.maas.plugin.kafka kafka-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT com.solace.maas.plugin.solace solace-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT com.solace.maas.plugin.localstorage local-storage-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT com.solace.maas.plugin.confluent-schema-registry confluent-schema-registry-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT com.solace.maas.plugin.terraform terraform-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT diff --git a/service/confluent-schema-registry-plugin/pom.xml b/service/confluent-schema-registry-plugin/pom.xml index 3aded592e..05c666f2c 100644 --- a/service/confluent-schema-registry-plugin/pom.xml +++ b/service/confluent-schema-registry-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.solace.maas.plugin.confluent-schema-registry confluent-schema-registry-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Confluent Schema Registry Plugin Solace Event Management Agent - Confluent Schema Registry Plugin @@ -22,7 +22,7 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT org.springframework.boot diff --git a/service/kafka-plugin/pom.xml b/service/kafka-plugin/pom.xml index 8b650ff3f..51cce42fd 100644 --- a/service/kafka-plugin/pom.xml +++ b/service/kafka-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.solace.maas.plugin.kafka kafka-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Kafka Plugin Solace Event Management Agent - Kafka Plugin @@ -81,7 +81,7 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT org.junit.jupiter diff --git a/service/local-storage-plugin/pom.xml b/service/local-storage-plugin/pom.xml index bc3af16e5..60ed2c265 100644 --- a/service/local-storage-plugin/pom.xml +++ b/service/local-storage-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.solace.maas.plugin.localstorage local-storage-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Local Storage Plugin Solace Event Management Agent - Local Storage Plugin @@ -115,7 +115,7 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT org.json diff --git a/service/plugin/pom.xml b/service/plugin/pom.xml index 45a2efa25..616d21d67 100644 --- a/service/plugin/pom.xml +++ b/service/plugin/pom.xml @@ -4,12 +4,12 @@ com.solace.maas maas-event-management-agent-parent - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT .. com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Plugin Solace Event Management Agent - Plugin diff --git a/service/pom.xml b/service/pom.xml index c9ac58370..c48410bf9 100644 --- a/service/pom.xml +++ b/service/pom.xml @@ -9,7 +9,7 @@ com.solace.maas maas-event-management-agent-parent - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT pom Solace Event Management Agent Maven Parent Solace Solace Event Management Agent Maven Parent diff --git a/service/rabbitmq-plugin/pom.xml b/service/rabbitmq-plugin/pom.xml index e19cdae8b..bd543c72f 100644 --- a/service/rabbitmq-plugin/pom.xml +++ b/service/rabbitmq-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.solace.maas.plugin.rabbitmq rabbitmq-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - RabbitMQ Plugin Solace Event Management Agent - RabbitMQ Plugin @@ -27,7 +27,7 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT diff --git a/service/solace-plugin/pom.xml b/service/solace-plugin/pom.xml index 471a514c3..b10cd5fb6 100644 --- a/service/solace-plugin/pom.xml +++ b/service/solace-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.solace.maas.plugin.solace solace-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Solace Plugin Solace Event Management Agent - Solace Plugin @@ -96,7 +96,7 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT org.yaml diff --git a/service/terraform-plugin/pom.xml b/service/terraform-plugin/pom.xml index 6e1f7848c..644bcaa98 100644 --- a/service/terraform-plugin/pom.xml +++ b/service/terraform-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.solace.maas.plugin.terraform terraform-plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT jar Solace Event Management Agent - Terraform Plugin Solace Event Management Agent - Terraform Plugin @@ -65,7 +65,7 @@ com.solace.maas plugin - 1.6.11-SNAPSHOT + 1.6.12-SNAPSHOT org.yaml