Merge branch 'master' into 675-render-api-docs-from-typespec-model

.github/workflows/build.yml

@@ -66,7 +66,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{secrets.TOWER_CI_AWS_SECRET}}
           DOCKER_USER: ${{ secrets.DOCKER_USER }}
           DOCKER_PAT: ${{ secrets.DOCKER_PAT }}
-          QUAY_USER: ${{ secrets.QUAY_USER }}
+          QUAY_USER: "pditommaso+wave_ci_tests"
           QUAY_PAT: ${{ secrets.QUAY_PAT }}
           AZURECR_USER: ${{ secrets.AZURECR_USER }}
           AZURECR_PAT: ${{ secrets.AZURECR_PAT }}

Makefile

@@ -1,4 +1,4 @@
-config ?= compileClasspath
+config ?= runtimeClasspath
 
 ifdef module
 mm = :${module}:

VERSION

@@ -1 +1 @@
-1.13.8
+1.13.11

build.gradle

@@ -2,10 +2,10 @@ import java.time.OffsetDateTime
 import java.time.format.DateTimeFormatter
 
 plugins {
-    id 'java-library'
+    id 'io.seqera.wave.java-library-conventions'
     id 'io.seqera.wave.groovy-application-conventions'
-    id "com.github.johnrengelman.shadow" version "7.1.1"
-    id "io.micronaut.minimal.application" version "3.7.0"
+    id "com.github.johnrengelman.shadow" version "8.1.1"
+    id "io.micronaut.minimal.application" version "4.1.1"
     id "com.google.cloud.tools.jib" version "3.4.2"
     id 'org.asciidoctor.jvm.convert' version '3.3.2'
     id 'jacoco'
@@ -29,12 +29,13 @@ repositories {
 }
 
 dependencies {
+    annotationProcessor("io.micronaut.validation:micronaut-validation-processor")
     annotationProcessor("io.micronaut:micronaut-http-validation")
     compileOnly("io.micronaut.data:micronaut-data-processor")
     compileOnly("io.micronaut:micronaut-inject-groovy")
     compileOnly("io.micronaut:micronaut-http-validation")
     implementation("jakarta.persistence:jakarta.persistence-api:3.0.0")
-    api 'io.seqera:lib-mail:1.0.0'
+    api 'io.seqera:lib-mail:1.1.0'
     api 'io.seqera:wave-api:0.13.3'
     api 'io.seqera:wave-utils:0.14.1'
     implementation("io.micronaut:micronaut-http-client")
@@ -43,15 +44,16 @@ dependencies {
     implementation("io.micronaut.reactor:micronaut-reactor")
     implementation("io.micronaut.reactor:micronaut-reactor-http-client")
     implementation("jakarta.annotation:jakarta.annotation-api")
-    implementation("io.micronaut:micronaut-validation")
+    implementation("io.micronaut.validation:micronaut-validation")
     implementation 'io.micronaut.security:micronaut-security'
-    implementation "org.codehaus.groovy:groovy-json"
-    implementation "org.codehaus.groovy:groovy-nio"
+    implementation "org.apache.groovy:groovy-json"
+    implementation "org.apache.groovy:groovy-nio"
     implementation 'com.google.guava:guava:32.1.2-jre'
     implementation 'dev.failsafe:failsafe:3.1.0'
-    implementation('io.projectreactor:reactor-core')
+    implementation 'io.micronaut.reactor:micronaut-reactor'
+    implementation 'io.micronaut.reactor:micronaut-reactor-http-client'
     implementation("io.seqera:tower-crypto:22.4.0-watson") { transitive = false }  // to be replaced with 22.4.0 once released
-    implementation 'org.apache.commons:commons-compress:1.24.0'
+    implementation 'org.apache.commons:commons-compress:1.27.1'
     implementation 'org.apache.commons:commons-lang3:3.12.0'
     implementation 'io.kubernetes:client-java:19.0.0'
     implementation 'io.kubernetes:client-java-api-fluent:18.0.1'
@@ -60,16 +62,17 @@ dependencies {
     implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml'
     implementation 'com.squareup.moshi:moshi:1.14.0'
     implementation 'com.squareup.moshi:moshi-adapters:1.14.0'
-    implementation 'redis.clients:jedis:5.0.2'
+    implementation 'redis.clients:jedis:5.1.3'
     implementation "io.github.resilience4j:resilience4j-ratelimiter:0.17.0"
+    implementation("io.micronaut:micronaut-retry")
     // caching deps
     implementation("io.micronaut.cache:micronaut-cache-core")
     implementation("io.micronaut.cache:micronaut-cache-caffeine")
     implementation("io.micronaut.aws:micronaut-aws-parameter-store")
     implementation "software.amazon.awssdk:ecr"
     implementation "software.amazon.awssdk:ecrpublic"
     implementation 'software.amazon.awssdk:ses'
-    implementation 'org.yaml:snakeyaml:2.0'
+    implementation 'org.yaml:snakeyaml:2.2'
     implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
     implementation 'org.luaj:luaj-jse:3.0.1'
     //object storage dependency
@@ -78,24 +81,27 @@ dependencies {
     // this sts dependency is require by micronaut-aws-parameter-store,
     // not directly used by the app, for this reason keeping `runtimeOnly`
     runtimeOnly "software.amazon.awssdk:sts"
-
     runtimeOnly("io.netty:netty-tcnative-boringssl-static:2.0.0.Final")
     runtimeOnly("javax.xml.bind:jaxb-api:2.3.1")
     testImplementation("org.testcontainers:testcontainers")
     testImplementation("org.testcontainers:mysql:1.17.3")
 
     // --
-    implementation("ch.qos.logback:logback-classic:1.4.8")
+    implementation("ch.qos.logback:logback-classic:1.5.12")
 
     // rate limit
-    implementation 'com.github.seqeralabs:spillway:7b72700293'
+    implementation 'com.coveo:spillway:3.0.0'
 
     // monitoring
     implementation "io.micronaut.micrometer:micronaut-micrometer-registry-prometheus"
     // Also required to enable endpoint
     implementation "io.micronaut:micronaut-management"
     //views
     implementation("io.micronaut.views:micronaut-views-handlebars")
+
+    // upgrade indirect dependencies 
+    runtimeOnly 'org.bouncycastle:bcpkix-jdk18on:1.78'
+    runtimeOnly 'org.bitbucket.b_c:jose4j:0.9.4'
 }
 
 application {

buildSrc/src/main/groovy/io.seqera.wave.groovy-application-conventions.gradle

@@ -12,7 +12,7 @@ plugins {
 
 group = 'io.seqera'
 
-tasks.withType(Test) {
+tasks.withType(Test).configureEach {
     // note: "--enable-preview" is required to use virtual thread on Java 19 and 20
-    jvmArgs (["--enable-preview"])
+    jvmArgs(["--enable-preview"])
 }

buildSrc/src/main/groovy/io.seqera.wave.groovy-common-conventions.gradle

@@ -22,9 +22,9 @@ compileJava {
     options.release.set(11)
 }
 
-tasks.withType(GroovyCompile) {
-    sourceCompatibility = '11'
-    targetCompatibility = '11'
+tasks.withType(GroovyCompile).configureEach {
+    sourceCompatibility = '17'
+    targetCompatibility = '17'
 }
 
 group = 'io.seqera'

buildSrc/src/main/groovy/io.seqera.wave.java-library-conventions.gradle

@@ -24,9 +24,9 @@ compileJava {
     options.release.set(11)
 }
 
-tasks.withType(GroovyCompile) {
-    sourceCompatibility = '11'
-    targetCompatibility = '11'
+tasks.withType(GroovyCompile).configureEach {
+    sourceCompatibility = '17'
+    targetCompatibility = '17'
 }
 
 test {
@@ -40,21 +40,21 @@ java {
 }
 
 dependencies {
-    implementation 'org.slf4j:slf4j-api:1.7.36'
+    implementation 'org.slf4j:slf4j-api:2.0.13'
 
-    testImplementation 'ch.qos.logback:logback-core:1.2.11'
-    testImplementation 'ch.qos.logback:logback-classic:1.2.11'
-    testImplementation "org.codehaus.groovy:groovy:3.0.15"
-    testImplementation "org.codehaus.groovy:groovy-nio:3.0.15"
-    testImplementation ("org.codehaus.groovy:groovy-test:3.0.17")
-    testImplementation ("cglib:cglib-nodep:3.3.0")
-    testImplementation ("org.objenesis:objenesis:3.2")
-    testImplementation ("org.spockframework:spock-core:2.3-groovy-3.0") { exclude group: 'org.codehaus.groovy'; exclude group: 'net.bytebuddy' }
-    testImplementation ('org.spockframework:spock-junit4:2.3-groovy-3.0') { exclude group: 'org.codehaus.groovy'; exclude group: 'net.bytebuddy' }
+    testImplementation 'ch.qos.logback:logback-core:1.5.12'
+    testImplementation 'ch.qos.logback:logback-classic:1.5.12'
+    testImplementation 'org.apache.groovy:groovy:4.0.15'
+    testImplementation 'org.apache.groovy:groovy-nio:4.0.15'
+    testImplementation 'org.apache.groovy:groovy-test:4.0.15'
+    testImplementation 'org.objenesis:objenesis:3.4'
+    testImplementation 'net.bytebuddy:byte-buddy:1.14.17'
+    testImplementation 'org.spockframework:spock-core:2.3-groovy-4.0'
+    testImplementation 'org.spockframework:spock-junit4:2.3-groovy-4.0'
 }
 
-tasks.withType(Test) {
-    jvmArgs ([
+tasks.withType(Test).configureEach {
+    jvmArgs([
             '--enable-preview',
             '--add-opens=java.base/java.lang=ALL-UNNAMED',
             '--add-opens=java.base/java.io=ALL-UNNAMED',

changelog.txt

@@ -1,5 +1,21 @@
 # Wave changelog
+1.13.11 - 2 Nov 2024
+- Rename async methods for semantic consistency [38114d75]
+- Save scan record async (#730) [3ad82a3a]
+- Cap number of vulnerabilities reported in scan report to 100 (#728) [2f0d8f9f]
+- Bump org.apache.commons:commons-compress:1.27.1 (#722) [adb75007]
+
+1.13.10 - 29 Oct 2024 
+- Log slow processing stream messages [e8a6b7ee]
+- Prevent scan when mode is not defined [d42bcae1]
+
+1.13.9 - 29 Oct 2024
+- Fix inspect view (#725) [dcf41dea] [e38e2c44]
+
 1.13.8 - 26 Oct 2024
+- Fix update scan status synchronously [e767c367]
+- Bump scan warn colour [705141f0]
+- Improve scan logging [f01e4dba]
 
 1.13.7 - 25 Oct 2024 
 - Add ability to configure trivy environment & DBs (#720) [0f600306]

gradle.properties

@@ -16,5 +16,5 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-micronautVersion=3.10.3
+micronautVersion=4.6.3
 micronautEnvs=dev,h2,mail,aws-ses

src/main/groovy/io/seqera/wave/auth/BasicAuthenticationProvider.groovy

@@ -19,44 +19,40 @@
 package io.seqera.wave.auth
 
 import groovy.util.logging.Slf4j
+import io.micronaut.core.annotation.NonNull
 import io.micronaut.core.annotation.Nullable
 import io.micronaut.http.HttpRequest
-import io.micronaut.security.authentication.AuthenticationProvider
+import io.micronaut.security.authentication.AuthenticationFailureReason
 import io.micronaut.security.authentication.AuthenticationRequest
 import io.micronaut.security.authentication.AuthenticationResponse
+import io.micronaut.security.authentication.provider.HttpRequestAuthenticationProvider
 import io.seqera.wave.service.account.AccountService
 import io.seqera.wave.util.StringUtils
 import jakarta.inject.Inject
 import jakarta.inject.Singleton
-import org.reactivestreams.Publisher
-import reactor.core.publisher.Flux
-import reactor.core.publisher.FluxSink
 /**
  * Basic Authentication provider
  *
  * @author Munish Chouhan <[email protected]>
  */
 @Slf4j
 @Singleton
-class BasicAuthenticationProvider implements AuthenticationProvider {
+class BasicAuthenticationProvider<B> implements HttpRequestAuthenticationProvider<B> {
 
     @Inject
     private AccountService accountService
 
     @Override
-    Publisher<AuthenticationResponse> authenticate(@Nullable HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authRequest) {
-        Flux.create(emitter -> {
-            final user = authRequest.identity?.toString()
-            final pass = authRequest.secret?.toString()
-            if (accountService.isAuthorised(user, pass)) {
-                log.trace "Auth request OK - user '$user'; password: '${StringUtils.redact(pass)}'"
-                emitter.next(AuthenticationResponse.success((String) authRequest.identity))
-                emitter.complete()
-            }
-            else {
-                log.trace "Auth request FAILED - user '$user'; password: '${StringUtils.redact(pass)}'"
-                emitter.error(AuthenticationResponse.exception())
-            }
-        }, FluxSink.OverflowStrategy.ERROR)
+    AuthenticationResponse authenticate(@Nullable HttpRequest<B> httpRequest, @NonNull AuthenticationRequest<String, String> authRequest) {
+        final user = authRequest.identity?.toString()
+        final pass = authRequest.secret?.toString()
+        if (accountService.isAuthorised(user, pass)) {
+            log.trace "Auth request OK - user '$user'; password: '${StringUtils.redact(pass)}'"
+            return AuthenticationResponse.success(authRequest.identity)
+        }
+        else {
+            log.trace "Auth request FAILED - user '$user'; password: '${StringUtils.redact(pass)}'"
+            return AuthenticationResponse.failure(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH)
+        }
     }
 }

src/main/groovy/io/seqera/wave/auth/RegistryConfig.groovy

@@ -47,7 +47,7 @@ class RegistryConfig {
      *      io: [ ... ]
      *  ]
      */
-    private Map<String,Object> registries
+    Map<String,Object> registries
 
     RegistryKeys getRegistryKeys(String registryName) {
         final String defaultRegistry = registries.get('default')?.toString() ?: 'docker.io'

src/main/groovy/io/seqera/wave/configuration/ScanConfig.groovy

@@ -84,14 +84,22 @@ class ScanConfig {
     @Value('${wave.scan.environment}')
     List<String> environment
 
+    @Nullable
+    @Value('${wave.scan.vulnerability.limit:100}')
+    Integer vulnerabilityLimit
+
     String getScanImage() {
         return scanImage
     }
 
     @Memoized
     Path getCacheDirectory() {
         final result = Path.of(buildDirectory).toAbsolutePath().resolve('.trivy-cache')
-        Files.createDirectories(result)
+        try {
+            Files.createDirectories(result)
+        } catch (IOException e) {
+            log.error "Unable to create scan cache directory=${result} - cause: ${e.message}"
+        }
         return result
     }
 
@@ -133,6 +141,6 @@ class ScanConfig {
 
     @PostConstruct
     private void init() {
-        log.info("Scan config: docker image name: ${scanImage}; cache directory: ${cacheDirectory}; timeout=${timeout}; cpus: ${requestsCpu}; mem: ${requestsMemory}; severity: $severity; retry-attempts: $retryAttempts; env=${environment}")
+        log.info("Scan config: docker image name: ${scanImage}; cache directory: ${cacheDirectory}; timeout=${timeout}; cpus: ${requestsCpu}; mem: ${requestsMemory}; severity: $severity; vulnerability-limit: $vulnerabilityLimit; retry-attempts: $retryAttempts; env=${environment}")
     }
 }

src/main/groovy/io/seqera/wave/controller/ContainerController.groovy

@@ -29,6 +29,7 @@ import io.micronaut.context.annotation.Value
 import io.micronaut.core.annotation.Nullable
 import io.micronaut.http.HttpRequest
 import io.micronaut.http.HttpResponse
+import io.micronaut.http.annotation.Body
 import io.micronaut.http.annotation.Controller
 import io.micronaut.http.annotation.Delete
 import io.micronaut.http.annotation.Error
@@ -181,13 +182,13 @@ class ContainerController {
     @Deprecated
     @Post('/container-token')
     @ExecuteOn(TaskExecutors.IO)
-    CompletableFuture<HttpResponse<SubmitContainerTokenResponse>> getToken(HttpRequest httpRequest, SubmitContainerTokenRequest req) {
+    CompletableFuture<HttpResponse<SubmitContainerTokenResponse>> getToken(HttpRequest httpRequest, @Body SubmitContainerTokenRequest req) {
         return getContainerImpl(httpRequest, req, false)
     }
 
     @Post('/v1alpha2/container')
     @ExecuteOn(TaskExecutors.IO)
-    CompletableFuture<HttpResponse<SubmitContainerTokenResponse>> getTokenV2(HttpRequest httpRequest, SubmitContainerTokenRequest req) {
+    CompletableFuture<HttpResponse<SubmitContainerTokenResponse>> getTokenV2(HttpRequest httpRequest, @Body SubmitContainerTokenRequest req) {
         return getContainerImpl(httpRequest, req, true)
     }
 
@@ -284,7 +285,7 @@ class ContainerController {
     protected void storeContainerRequest0(SubmitContainerTokenRequest req, ContainerRequest data, TokenData token, String target, String ip) {
         try {
             final recrd = new WaveContainerRecord(req, data, target, ip, token.expiration)
-            persistenceService.saveContainerRequest(recrd)
+            persistenceService.saveContainerRequestAsync(recrd)
         }
         catch (Throwable e) {
             log.error("Unable to store container request with token: ${token}", e)

src/main/groovy/io/seqera/wave/controller/InspectController.groovy

@@ -25,6 +25,7 @@ import groovy.util.logging.Slf4j
 import io.micronaut.context.annotation.Value
 import io.micronaut.core.annotation.Nullable
 import io.micronaut.http.HttpResponse
+import io.micronaut.http.annotation.Body
 import io.micronaut.http.annotation.Controller
 import io.micronaut.http.annotation.Post
 import io.micronaut.http.annotation.QueryValue
@@ -70,7 +71,7 @@ class InspectController {
     private String serverUrl
 
     @Post("/v1alpha1/inspect")
-    CompletableFuture<HttpResponse<ContainerInspectResponse>> inspect(ContainerInspectRequest req, @Nullable @QueryValue String platform) {
+    CompletableFuture<HttpResponse<ContainerInspectResponse>> inspect(@Body ContainerInspectRequest req, @Nullable @QueryValue String platform) {
 
         if( !req.containerImage )
             throw new BadRequestException("Missing 'containerImage' attribute")

src/main/groovy/io/seqera/wave/controller/ValidateController.groovy

@@ -18,14 +18,14 @@
 
 package io.seqera.wave.controller
 
-import javax.validation.Valid
-
+import io.micronaut.http.annotation.Body
 import io.micronaut.http.annotation.Controller
 import io.micronaut.http.annotation.Post
 import io.micronaut.scheduling.TaskExecutors
 import io.micronaut.scheduling.annotation.ExecuteOn
 import io.seqera.wave.auth.RegistryAuthService
 import jakarta.inject.Inject
+import jakarta.validation.Valid
 import reactor.core.publisher.Mono
 
 @ExecuteOn(TaskExecutors.IO)
@@ -35,7 +35,7 @@ class ValidateController {
     @Inject RegistryAuthService loginService
 
     @Post
-    Mono<Boolean> validateCreds(@Valid ValidateRegistryCredsRequest request){
+    Mono<Boolean> validateCreds(@Valid @Body ValidateRegistryCredsRequest request){
         Mono.just(
             loginService.validateUser(request.registry, request.userName, request.password)
         )