ci: update flex monolith

Signed-off-by: moabu <[email protected]>
GluuFederation · Jul 10, 2024 · 03246a3 · 03246a3
1 parent 627a2e2
commit 03246a3
Show file tree

Hide file tree

Showing 8 changed files with 188 additions and 19 deletions.
diff --git a/docker-flex-monolith/Dockerfile b/docker-flex-monolith/Dockerfile
@@ -66,8 +66,6 @@ ENV CN_HOSTNAME="demoexample.gluu.org" \
     TEST_CLIENT_ID="9876baac-de39-4c23-8a78-674b59df8c09" \
     TEST_CLIENT_SECRET="" \
     TEST_CLIENT_TRUSTED="true" \
-    IS_FQDN_REGISTERED="false" \
-    # Install with local mysql by default
     CN_INSTALL_LDAP="false" \
     CN_INSTALL_MYSQL="false" \
     CN_INSTALL_PGSQL="false" \
@@ -76,10 +74,17 @@ ENV CN_HOSTNAME="demoexample.gluu.org" \
     CN_INSTALL_FIDO2="true" \
     CN_INSTALL_CASA="true" \
     CN_INSTALL_ADMIN_UI="true" \
+    CN_INSTALL_KC_LINK="true" \
+    CN_INSTALL_LINK="true" \
+    CN_INSTALL_LOCK="true" \
+    CN_INSTALL_SAML="true" \
+    CN_INSTALL_OPA="true" \
     RDBMS_DATABASE="gluu" \
     RDBMS_USER="gluu" \
     RDBMS_PASSWORD="" \
-    RDBMS_HOST=""
+    RDBMS_HOST="" \
+    IS_FQDN_REGISTERED="false" \
+    RUN_TESTS="false"
 
 # ==========
 # misc stuff

diff --git a/docker-flex-monolith/Makefile b/docker-flex-monolith/Makefile
@@ -1,18 +1,25 @@
-CN_VERSION?=5.1.3
-IMAGE_NAME=ghcr.io/gluufederation/flex/monolith
-UNSTABLE_VERSION?=dev
+IMAGE_VERSION?=$(shell grep -Po 'org.opencontainers.image.version="\K.*?(?=")' Dockerfile)_dev
+IMAGE_URL=$(shell grep -Po 'org.opencontainers.image.url="\K.*?(?=")' Dockerfile)
+IMAGE?=${IMAGE_URL}:${IMAGE_VERSION}
+
+# pass extra args to the targets, for example:
+#
+# - `make build-dev ARGS="--no-cache"`
+# - `make trivy-scan TRIVY_ARGS="-f json"`
+# - `make grype-scan GRYPE_ARGS="-o json"`
+ARGS?=
 
 .PHONY: test clean all build-dev trivy-scan grype-scan
 .DEFAULT_GOAL := build-dev
 
 build-dev:
-	@echo "[I] Building Docker image ${IMAGE_NAME}:${CN_VERSION}_${UNSTABLE_VERSION}"
-	@docker build --rm --force-rm -t ${IMAGE_NAME}:${CN_VERSION}_${UNSTABLE_VERSION} .
+	@echo "[I] Building OCI image ${IMAGE}"
+	@docker build --rm --force-rm ${ARGS} -t ${IMAGE} .
 
 trivy-scan:
-	@echo "[I] Scanning Docker image ${IMAGE_NAME}:${CN_VERSION}_${UNSTABLE_VERSION} using trivy"
-	@trivy image --security-checks vuln ${IMAGE_NAME}:${CN_VERSION}_${UNSTABLE_VERSION}
+	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
+	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
 
 grype-scan:
-	@echo "[I] Scanning Docker image ${IMAGE_NAME}:${CN_VERSION}_${UNSTABLE_VERSION} using grype"
-	@grype -v ${IMAGE_NAME}:${CN_VERSION}_${UNSTABLE_VERSION}
+	@echo "[I] Scanning OCI image ${IMAGE} using grype"
+	@grype -v ${ARGS} ${IMAGE}
diff --git a/docker-flex-monolith/clean.sh b/docker-flex-monolith/clean.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    echo "The used db was not specified as argument, will use mysql as default"
+    yaml="flex-mysql-compose.yml"
+else
+	case "$1" in
+		mysql|ldap|postgres)
+			yaml="flex-${1}-compose.yml"
+			;;
+		*)
+			yaml="${1}"
+			;;
+	esac
+fi
+
+# Get the directory of the script
+SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
+DOCKER_PROJECT=$(basename "$SCRIPT_DIR")
+
+if [ -z "$INSTALLED_FLEX_NAME" ]; then
+    INSTALLED_FLEX_NAME="after-install-flex"
+fi
+
+if [ -z "$FLEX_VERSION" ]; then
+    FLEX_VERSION="5.1.3_dev"
+fi
+
+if [ -z "$DATABASE_VOLUME_NAME" ]; then
+    DATABASE_VOLUME_NAME="db-data"
+fi
+
+if [ -z "$FLEX_SERVICE_NAME" ]; then
+    FLEX_SERVICE_NAME="flex"
+fi
+
+cd $SCRIPT_DIR
+
+FLEX_IMAGE="${DOCKER_PROJECT}_${INSTALLED_FLEX_NAME}:${FLEX_VERSION}"
+FLEX_CONTAINER="${DOCKER_PROJECT}-${FLEX_SERVICE_NAME}-1"
+
+if ! docker image inspect ${FLEX_IMAGE} &> /dev/null; then
+	if docker exec "${FLEX_CONTAINER}" sh -c '[ -e /flex/deployed ]'; then
+		echo "installation of flex was successful - an after install image will be created (this can take a while)"
+		docker stop ${FLEX_CONTAINER} &> /dev/null;
+		docker commit ${FLEX_CONTAINER} ${FLEX_IMAGE}
+	fi
+fi
+
+if docker inspect -f '{{.State.Running}}' "${FLEX_CONTAINER}" &> /dev/null; then
+	docker compose -f ${yaml} down
+fi
+
+if docker volume inspect ${DOCKER_PROJECT}_${DATABASE_VOLUME_NAME} &> /dev/null; then
+	docker volume rm ${DOCKER_PROJECT}_${DATABASE_VOLUME_NAME} &> /dev/null
+fi
+
+if docker volume inspect ${DOCKER_PROJECT}_${DATABASE_VOLUME_NAME} &> /dev/null; then
+	docker volume rm ${DOCKER_PROJECT}_${DATABASE_VOLUME_NAME}
+fi
+
+if docker image inspect ${FLEX_IMAGE} &> /dev/null; then
+	docker image rm ${FLEX_IMAGE}
+fi
+
+docker image rm "ghcr.io/gluufederation/flex/monolith:${FLEX_VERSION}";
diff --git a/docker-flex-monolith/down.sh b/docker-flex-monolith/down.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    echo "The used db was not specified as argument, will use mysql as default"
+    yaml="flex-mysql-compose.yml"
+else
+	case "$1" in
+		mysql|ldap|postgres)
+			yaml="flex-${1}-compose.yml"
+			;;
+		*)
+			yaml="${1}"
+			;;
+	esac
+fi
+
+# Get the directory of the script
+SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
+DOCKER_PROJECT=$(basename "$SCRIPT_DIR")
+
+if [ -z "$INSTALLED_FLEX_NAME" ]; then
+    INSTALLED_FLEX_NAME="after-install-flex"
+fi
+
+if [ -z "$FLEX_VERSION" ]; then
+    FLEX_VERSION="5.1.3_dev"
+fi
+
+if [ -z "$DATABASE_VOLUME_NAME" ]; then
+    DATABASE_VOLUME_NAME="db-data"
+fi
+
+if [ -z "$FLEX_SERVICE_NAME" ]; then
+    FLEX_SERVICE_NAME="flex"
+fi
+
+cd $SCRIPT_DIR
+
+FLEX_IMAGE="${DOCKER_PROJECT}_${INSTALLED_FLEX_NAME}:${FLEX_VERSION}"
+FLEX_CONTAINER="${DOCKER_PROJECT}-${FLEX_SERVICE_NAME}-1"
+
+if ! docker image inspect ${FLEX_IMAGE} &> /dev/null; then
+	if docker exec "${FLEX_CONTAINER}" sh -c '[ -e /flex/deployed ]'; then
+		echo "installation of flex was sucessfull - an after install image will be created (this can take a while)"
+		docker stop ${FLEX_CONTAINER} &> /dev/null;
+		docker commit ${FLEX_CONTAINER} ${FLEX_IMAGE}
+		#ensure the down will be the same as on up
+		FLEX_IMAGE="ghcr.io/gluufederation/flex/monolith:${FLEX_VERSION}";
+	fi
+fi
+export FLEX_IMAGE
+docker compose -f ${yaml} down
+
+
+
+
+
+
+
diff --git a/docker-flex-monolith/flex-ldap-compose.yml b/docker-flex-monolith/flex-ldap-compose.yml
@@ -9,7 +9,7 @@ services:
     networks:
       - cloud_bridge
     environment:
-      - CN_HOSTNAME=demoexample.gluu.org
+      #- CN_HOSTNAME=demoexample.gluu.org
       - CN_ADMIN_PASS=1t5Fin3#security
       - CN_ORG_NAME=Gluu
       - [email protected]
@@ -23,6 +23,10 @@ services:
       - CN_INSTALL_FIDO2=true
       - CN_INSTALL_CASA=true
       - CN_INSTALL_ADMIN_UI=true
+      - CN_INSTALL_KC_LINK=true
+      - CN_INSTALL_LOCK=true
+      - CN_INSTALL_SAML=true
+      - CN_INSTALL_OPA=true
       - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
       - TEST_CLIENT_TRUSTED=true
       - TEST_CLIENT_SECRET=1t5Fin3#security
@@ -32,6 +36,10 @@ services:
       - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom
       - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom
       - ./jans-casa-custom:/opt/jans/jetty/casa/custom
+      - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs
+      - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs
+      - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs
+      - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log
 volumes:
   db-data:
 networks:

diff --git a/docker-flex-monolith/flex-mysql-compose.yml b/docker-flex-monolith/flex-mysql-compose.yml
@@ -26,7 +26,7 @@ services:
     networks:
       - cloud_bridge
     environment:
-      - CN_HOSTNAME=demoexample.gluu.org
+      #- CN_HOSTNAME=demoexample.gluu.org
       - CN_ADMIN_PASS=1t5Fin3#security
       - CN_ORG_NAME=Gluu
       - [email protected]
@@ -40,6 +40,10 @@ services:
       - CN_INSTALL_FIDO2=true
       - CN_INSTALL_CASA=true
       - CN_INSTALL_ADMIN_UI=true
+      - CN_INSTALL_KC_LINK=true
+      - CN_INSTALL_LOCK=true
+      - CN_INSTALL_SAML=true
+      - CN_INSTALL_OPA=true
       - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
       - TEST_CLIENT_TRUSTED=true
       - TEST_CLIENT_SECRET=1t5Fin3#security
@@ -53,6 +57,10 @@ services:
       - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom
       - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom
       - ./jans-casa-custom:/opt/jans/jetty/casa/custom
+      - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs
+      - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs
+      - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs
+      - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log
 volumes:
   db-data:
 networks:

diff --git a/docker-flex-monolith/flex-postgres-compose.yml b/docker-flex-monolith/flex-postgres-compose.yml
@@ -24,7 +24,7 @@ services:
     networks:
       - cloud_bridge
     environment:
-      - CN_HOSTNAME=demoexample.gluu.org
+      #- CN_HOSTNAME=demoexample.gluu.org
       - CN_ADMIN_PASS=1t5Fin3#security
       - CN_ORG_NAME=Janssen
       - [email protected]
@@ -38,6 +38,10 @@ services:
       - CN_INSTALL_FIDO2=true
       - CN_INSTALL_CASA=true
       - CN_INSTALL_ADMIN_UI=true
+      - CN_INSTALL_KC_LINK=true
+      - CN_INSTALL_LOCK=true
+      - CN_INSTALL_SAML=true
+      - CN_INSTALL_OPA=true
       - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
       - TEST_CLIENT_TRUSTED=true
       - TEST_CLIENT_SECRET=1t5Fin3#security
@@ -51,6 +55,10 @@ services:
       - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom
       - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom
       - ./jans-casa-custom:/opt/jans/jetty/casa/custom
+      - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs
+      - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs
+      - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs
+      - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log
 volumes:
   db-data:
 networks:

diff --git a/docker-flex-monolith/scripts/entrypoint.sh b/docker-flex-monolith/scripts/entrypoint.sh
@@ -41,11 +41,17 @@ install_flex() {
   echo "install_scim_server=""$([[ ${CN_INSTALL_SCIM} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
   echo "installFido2=""$([[ ${CN_INSTALL_FIDO2} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
   echo "install-admin-ui=""$([[ ${CN_INSTALL_ADMIN_UI} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
-  echo "install-casa=""$([[ ${CN_INSTALL_CASA} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
+  echo "install_casa=""$([[ ${CN_INSTALL_CASA} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
+  echo "install_jans_keycloak_link=""$([[ ${CN_INSTALL_KC_LINK} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
+  echo "install_jans_link=""$([[ ${CN_INSTALL_LINK} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
+  echo "install_jans_lock=""$([[ ${CN_INSTALL_LOCK} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
+  echo "install_jans_saml=""$([[ ${CN_INSTALL_SAML} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
   echo "adminui-authentication-mode=casa" | tee -a setup.properties > /dev/null
+  echo "install_opa=""$([[ ${CN_INSTALL_OPA} == true ]] && echo True || echo False)" | tee -a setup.properties > /dev/null
   echo "test_client_id=${TEST_CLIENT_ID}"| tee -a setup.properties > /dev/null
-  echo "test_client_pw=${TEST_CLIENT_SECRET}" | tee -a setup.properties > /dev/null
+  echo "test_client_pw=${TEST_CLIENT_SECRET}" | tee -a setup.properties > /dev/null1
   echo "test_client_trusted=""$([[ ${TEST_CLIENT_TRUSTED} == true ]] && echo True || echo True)" | tee -a setup.properties > /dev/null
+  echo "loadTestData=True" | tee -a setup.properties > /dev/null
   if [[ "${CN_INSTALL_MYSQL}" == "true" ]] || [[ "${CN_INSTALL_PGSQL}" == "true" ]]; then
     echo "Installing with RDBMS"
     echo "rdbm_install=2" | tee -a setup.properties > /dev/null
@@ -95,9 +101,11 @@ start_services() {
   /etc/init.d/apache2 start
   /opt/dist/scripts/jans-auth start
   /opt/dist/scripts/jans-config-api start
-  /opt/dist/scripts/jans-fido2 start
   /opt/dist/scripts/jans-scim start
-  /opt/dist/scripts/casa start ||:  # no-op if script is missing
+  /opt/dist/scripts/jans-fido2 start
+  /opt/dist/scripts/jans-casa start ||:  # no-op if script is missing
+  /opt/dist/scripts/jans-keycloak-link start ||:  # no-op if script is missing
+  /opt/dist/scripts/jans-link start ||:  # no-op if script is missing
 }
 
 check_installed_flex