Merge branch 'develop' into feature/MARP-661-Open-Marketplace-from-wi…

…thin-AxonIvy

.github/workflows/codeql.yml

@@ -0,0 +1,67 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "develop" ]
+  pull_request:
+    branches: [ "master", "develop" ]
+  schedule:
+    - cron: '00 08 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: javascript-typescript
+            build-mode: none
+          - language: java-kotlin
+            build-mode: manual
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+    - name: Set up JDK 17
+      if: matrix.language == 'java-kotlin'
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+
+    - name: Build with maven
+      if: matrix.language == 'java-kotlin'
+      run: mvn clean install --file ./marketplace-service/pom.xml -DskipTests
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/docker-build.yml

@@ -4,14 +4,39 @@ on:
   push:
     branches: [ "develop" ]
   workflow_dispatch:
+    inputs:
+      build_env:
+        description: 'Build environment'
+        required: true
+        default: 'staging'
+
   workflow_call:
+    inputs:
+      build_env:
+        description: 'Build environment'
+        required: true
+        type: string
 
 jobs:
-  build:
+  cleanup:
+    name: Clean up docker container and images
+    runs-on: self-hosted
+
+    steps:
+      - name: Bring down and remove containers and images
+        working-directory: ./marketplace-build
+        run: |
+          docker compose down --rmi all
+
+  build-and-deploy:
+    name: Build and bring up docker containers
     runs-on: self-hosted
+    needs: cleanup
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
       - name: Update environment variables for .env
         env:
           ENV_FILE: './marketplace-build/.env'
@@ -22,19 +47,29 @@ jobs:
           SERVICE_PASSWORD: ${{ secrets.SERVICE_PASSWORD }}
           MONGODB_DATABASE: ${{ secrets.MONGODB_DATABASE }}
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
-          MARKETPLACE_INSTALLATION_URL: ${{ secrets.MARKETPLACE_INSTALLATION_URL }}
+          MARKET_JWT_SECRET_KEY: ${{ secrets.MARKET_JWT_SECRET_KEY }}
         run: |
-            sed -i "s/^MONGODB_INITDB_ROOT_USERNAME=.*$/MONGODB_INITDB_ROOT_USERNAME=$ROOT_USERNAME/" $ENV_FILE
-            sed -i "s/^MONGODB_INITDB_ROOT_PASSWORD=.*$/MONGODB_INITDB_ROOT_PASSWORD=$ROOT_PASSWORD/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_HOST=.*$/SERVICE_MONGODB_HOST=$MONGODB_HOST/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_DATABASE=.*$/SERVICE_MONGODB_DATABASE=$MONGODB_DATABASE/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_USER=.*$/SERVICE_MONGODB_USER=$SERVICE_USERNAME/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_PASSWORD=.*$/SERVICE_MONGODB_PASSWORD=$SERVICE_PASSWORD/" $ENV_FILE
-            sed -i "s/^MARKET_GITHUB_TOKEN=.*$/MARKET_GITHUB_TOKEN=$GH_TOKEN/" $ENV_FILE
-            sed -i "s/^MARKETPLACE_INSTALLATION_URL=.*$/MARKETPLACE_INSTALLATION_URL=$MARKETPLACE_INSTALLATION_URL/" $ENV_FILE
-
-      - name: Refresh Docker images
+          if [ "${{ inputs.build_env }}" == "production" ]; then
+            OAUTH_APP_CLIENT_ID=${{ secrets.OAUTH_APP_CLIENT_ID }}
+            OAUTH_APP_CLIENT_SECRET=${{ secrets.OAUTH_APP_CLIENT_SECRET }}
+          else
+            OAUTH_APP_CLIENT_ID=${{ secrets.OAUTH_APP_CLIENT_ID_STAGING }}
+            OAUTH_APP_CLIENT_SECRET=${{ secrets.OAUTH_APP_CLIENT_SECRET_STAGING }}
+          fi
+
+          sed -i "s/^MONGODB_INITDB_ROOT_USERNAME=.*$/MONGODB_INITDB_ROOT_USERNAME=$ROOT_USERNAME/" $ENV_FILE
+          sed -i "s/^MONGODB_INITDB_ROOT_PASSWORD=.*$/MONGODB_INITDB_ROOT_PASSWORD=$ROOT_PASSWORD/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_HOST=.*$/SERVICE_MONGODB_HOST=$MONGODB_HOST/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_DATABASE=.*$/SERVICE_MONGODB_DATABASE=$MONGODB_DATABASE/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_USER=.*$/SERVICE_MONGODB_USER=$SERVICE_USERNAME/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_PASSWORD=.*$/SERVICE_MONGODB_PASSWORD=$SERVICE_PASSWORD/" $ENV_FILE
+          sed -i "s/^MARKET_GITHUB_TOKEN=.*$/MARKET_GITHUB_TOKEN=$GH_TOKEN/" $ENV_FILE
+          sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_ID=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_ID=$OAUTH_APP_CLIENT_ID/" $ENV_FILE
+          sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=$OAUTH_APP_CLIENT_SECRET/" $ENV_FILE
+          sed -i "s/^MARKET_JWT_SECRET_KEY=.*$/MARKET_JWT_SECRET_KEY=$MARKET_JWT_SECRET_KEY/" $ENV_FILE
+
+      - name: Build and bring up containers without cache
         working-directory: ./marketplace-build
         run: |
-          docker compose down
-          docker compose up -d
+          docker compose build --no-cache --build-arg BUILD_ENV=${{ inputs.build_env }}
+          docker compose up --force-recreate -d

.github/workflows/docker-release.yml

@@ -9,6 +9,10 @@ on:
         description: 'Marketplace Docker image version'
         required: true
         default: 'latest'
+      build_env:
+        description: 'Build environment'
+        required: true
+        default: 'production'
 
 env:
   UI_IMAGE_NAME: marketplace-ui
@@ -17,25 +21,48 @@ env:
 jobs:
 
   build:
+    name: Build Docker images
     uses: ./.github/workflows/docker-build.yml
+    with:
+      build_env: ${{ inputs.build_env }}
 
   release:
+    name: Tag and publish image to GH packages
     needs: build
     runs-on: self-hosted
     permissions:
       packages: write
       contents: read
 
     steps:
+      - name: Wait for containers to be up and running
+        working-directory: ./marketplace-build
+        run: |
+          # Wait for up to 300 seconds for the containers to be up
+          timeout=300
+          start_time=$(date +%s)
+          while [ $(($(date +%s) - start_time)) -lt $timeout ]; do
+            if docker compose ps | grep -q "Up"; then
+              echo "Containers are up and running."
+              exit 0
+            fi
+            echo "Waiting for containers to start..."
+            sleep 5
+          done
+          echo "Containers did not start within the timeout period."
+          exit 1
+
       - name: Log in to registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
       - name: Refine release version
         run: |
           # This strips the git ref prefix from the version.
           VERSION=${{ github.event.inputs.image_version }}
           # This uses the Docker `latest` tag convention.
           [ "$VERSION" == "main" ] && VERSION=latest
           echo "VERSION=$VERSION" >> $GITHUB_ENV
+
       - name: Release Marketplace UI image
         run: |
           UI_IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$UI_IMAGE_NAME

marketplace-build/.env

@@ -5,4 +5,7 @@ SERVICE_MONGODB_USER=
 SERVICE_MONGODB_PASSWORD=
 SERVICE_MONGODB_DATABASE=
 MARKET_GITHUB_TOKEN=
-MARKETPLACE_INSTALLATION_URL=
+MARKETPLACE_INSTALLATION_URL=
+MARKET_GITHUB_OAUTH_APP_CLIENT_ID=
+MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=
+MARKET_JWT_SECRET_KEY=

marketplace-build/config/mongodb/docker-compose.yml

@@ -1,15 +1,14 @@
-# This docker compose to init mongo for setup auth
+# This docker-compose to init MongoDB as free access and create a volume as name + mongodata
+# Then insert the admin user as defined at mogo-init.js
+# Change the name to other if you want to create more volumes. e.g: marketplace-dev
 name: marketplace
 
 services:
   mongodb:
+    image: mongodb/mongodb-community-server:7.0.0-ubi8
     container_name: marketplace-mongodb-non-authen
-    build:
-      context: .
-      dockerfile: Dockerfile
-    restart: always
-    ports:
-      - "27017:27017"
+    expose:
+      - 27017
     volumes:
       - mongodata:/data/db
       - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro

marketplace-build/config/mongodb/mongo-init.js

@@ -1,3 +1,4 @@
+// Change user/pwd to your requirement
 db = db.getSiblingDB('admin');
 db.createUser(
     {

marketplace-build/config/nginx/nginx.conf

@@ -1,12 +1,28 @@
-events{}
+events {}
 
 http {
-    # include the default mime.types to map file extensions to MIME types
     include /etc/nginx/mime.types;
 
     server {
-        root /usr/share/nginx/html;
+        listen 80;
+        server_name marketplace;
 
+        root /usr/share/nginx/html;
         index index.html;
+
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
+
+        location /marketplace-service {
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-NginX-Proxy true;
+            proxy_pass http://service:8080/marketplace-service;
+            proxy_ssl_session_reuse off;
+            proxy_set_header Host $http_host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_redirect off;
+        }
     }
-}
+}

marketplace-build/docker-compose.yml

@@ -2,7 +2,7 @@ name: marketplace
 
 services:
   mongodb:
-    container_name: marketplace-mongodb-7.0.0
+    container_name: marketplace-mongodb
     build:
       context: ./config/mongodb
       dockerfile: Dockerfile
@@ -23,6 +23,8 @@ services:
       additional_contexts:
         assets: ../marketplace-build/
       dockerfile: Dockerfile
+      args:
+        - BUILD_ENV=${BUILD_ENV}
     restart: always
     volumes:
       - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf
@@ -34,13 +36,17 @@ services:
   service:
     container_name: marketplace-service
     restart: always
+    volumes:
+      - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json
     environment:
       - MONGODB_HOST=${SERVICE_MONGODB_HOST}
       - MONGODB_DATABASE=${SERVICE_MONGODB_DATABASE}
       - MONGODB_USERNAME=${SERVICE_MONGODB_USER}
       - MONGODB_PASSWORD=${SERVICE_MONGODB_PASSWORD}
       - MARKET_GITHUB_TOKEN=${MARKET_GITHUB_TOKEN}
-      - MARKETPLACE_INSTALLATION_URL=${MARKETPLACE_INSTALLATION_URL}
+      - MARKET_GITHUB_OAUTH_APP_CLIENT_ID=${MARKET_GITHUB_OAUTH_APP_CLIENT_ID}
+      - MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=${MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET}
+      - MARKET_JWT_SECRET_KEY=${MARKET_JWT_SECRET_KEY}
     build:
       context: ../marketplace-service
       dockerfile: Dockerfile
@@ -50,4 +56,4 @@ services:
       - mongodb
 
 volumes:
-  mongodata:
+  mongodata:

marketplace-build/release/.env

@@ -5,4 +5,7 @@ SERVICE_MONGODB_USER=
 SERVICE_MONGODB_PASSWORD=
 SERVICE_MONGODB_DATABASE=
 MARKET_GITHUB_TOKEN=
-MARKETPLACE_INSTALLATION_URL=
+MARKETPLACE_INSTALLATION_URL=
+MARKET_GITHUB_OAUTH_APP_CLIENT_ID=
+MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=
+MARKET_JWT_SECRET_KEY=

marketplace-build/release/docker-compose.yml

@@ -1,4 +1,4 @@
-name: marketplace
+name: marketplace-release_latest
 
 services:
   mongodb:
@@ -25,13 +25,18 @@ services:
   service:
     image: ghcr.io/axonivy-market/marketplace-service:latest
     restart: always
+    expose:
+      - 8080
+    volumes:
+      - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json
     environment:
       - MONGODB_HOST=${SERVICE_MONGODB_HOST}
       - MONGODB_DATABASE=${SERVICE_MONGODB_DATABASE}
       - MONGODB_USERNAME=${SERVICE_MONGODB_USER}
       - MONGODB_PASSWORD=${SERVICE_MONGODB_PASSWORD}
       - MARKET_GITHUB_TOKEN=${MARKET_GITHUB_TOKEN}
-      - MARKETPLACE_INSTALLATION_URL=${MARKETPLACE_INSTALLATION_URL}
-
+      - MARKET_GITHUB_OAUTH_APP_CLIENT_ID=${MARKET_GITHUB_OAUTH_APP_CLIENT_ID}
+      - MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=${MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET}
+      - MARKET_JWT_SECRET_KEY=${MARKET_JWT_SECRET_KEY}
 volumes:
   mongodata:

marketplace-build/release/sprint-compose.yml

@@ -1,4 +1,4 @@
-name: marketplace
+name: marketplace-release_sprint
 
 services:
   mongodb:
@@ -25,13 +25,19 @@ services:
   service:
     image: ghcr.io/axonivy-market/marketplace-service:sprint
     restart: always
+    expose:
+    - 8080
+    volumes:
+      - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json
     environment:
       - MONGODB_HOST=${SERVICE_MONGODB_HOST}
       - MONGODB_DATABASE=${SERVICE_MONGODB_DATABASE}
       - MONGODB_USERNAME=${SERVICE_MONGODB_USER}
       - MONGODB_PASSWORD=${SERVICE_MONGODB_PASSWORD}
       - MARKET_GITHUB_TOKEN=${MARKET_GITHUB_TOKEN}
-      - MARKETPLACE_INSTALLATION_URL=${MARKETPLACE_INSTALLATION_URL}
+      - MARKET_GITHUB_OAUTH_APP_CLIENT_ID=${MARKET_GITHUB_OAUTH_APP_CLIENT_ID}
+      - MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=${MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET}
+      - MARKET_JWT_SECRET_KEY=${MARKET_JWT_SECRET_KEY}
 volumes:
   mongodata: