Merge branch 'develop' into feature/MARP-700-Authenticate-for-SYNC-pr…

…oducts-api
axonivy-market · Jul 25, 2024 · f4cd801 · f4cd801
2 parents a28cf7f + fd97dfa
commit f4cd801
Show file tree

Hide file tree

Showing 15 changed files with 168 additions and 31 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,67 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "develop" ]
+  pull_request:
+    branches: [ "master", "develop" ]
+  schedule:
+    - cron: '00 08 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: javascript-typescript
+            build-mode: none
+          - language: java-kotlin
+            build-mode: manual
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+    - name: Set up JDK 17
+      if: matrix.language == 'java-kotlin'
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+
+    - name: Build with maven
+      if: matrix.language == 'java-kotlin'
+      run: mvn clean install --file ./marketplace-service/pom.xml -DskipTests
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -4,7 +4,18 @@ on:
   push:
     branches: [ "develop" ]
   workflow_dispatch:
+    inputs:
+      build_env:
+        description: 'Build environment'
+        required: true
+        default: 'staging'
+
   workflow_call:
+    inputs:
+      build_env:
+        description: 'Build environment'
+        required: true
+        type: string
 
 jobs:
   cleanup:
@@ -36,22 +47,29 @@ jobs:
           SERVICE_PASSWORD: ${{ secrets.SERVICE_PASSWORD }}
           MONGODB_DATABASE: ${{ secrets.MONGODB_DATABASE }}
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
-          MARKET_GITHUB_OAUTH_APP_CLIENT_ID: ${{ secrets.MARKET_GITHUB_OAUTH_APP_CLIENT_ID }}
-          MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET: ${{ secrets.MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET }}
           MARKET_JWT_SECRET_KEY: ${{ secrets.MARKET_JWT_SECRET_KEY }}
         run: |
-            sed -i "s/^MONGODB_INITDB_ROOT_USERNAME=.*$/MONGODB_INITDB_ROOT_USERNAME=$ROOT_USERNAME/" $ENV_FILE
-            sed -i "s/^MONGODB_INITDB_ROOT_PASSWORD=.*$/MONGODB_INITDB_ROOT_PASSWORD=$ROOT_PASSWORD/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_HOST=.*$/SERVICE_MONGODB_HOST=$MONGODB_HOST/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_DATABASE=.*$/SERVICE_MONGODB_DATABASE=$MONGODB_DATABASE/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_USER=.*$/SERVICE_MONGODB_USER=$SERVICE_USERNAME/" $ENV_FILE
-            sed -i "s/^SERVICE_MONGODB_PASSWORD=.*$/SERVICE_MONGODB_PASSWORD=$SERVICE_PASSWORD/" $ENV_FILE
-            sed -i "s/^MARKET_GITHUB_TOKEN=.*$/MARKET_GITHUB_TOKEN=$GH_TOKEN/" $ENV_FILE
-            sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_ID=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_ID=$MARKET_GITHUB_OAUTH_APP_CLIENT_ID/" $ENV_FILE
-            sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=$MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET/" $ENV_FILE
-            sed -i "s/^MARKET_JWT_SECRET_KEY=.*$/MARKET_JWT_SECRET_KEY=$MARKET_JWT_SECRET_KEY/" $ENV_FILE
+          if [ "${{ inputs.build_env }}" == "production" ]; then
+            OAUTH_APP_CLIENT_ID=${{ secrets.OAUTH_APP_CLIENT_ID }}
+            OAUTH_APP_CLIENT_SECRET=${{ secrets.OAUTH_APP_CLIENT_SECRET }}
+          else
+            OAUTH_APP_CLIENT_ID=${{ secrets.OAUTH_APP_CLIENT_ID_STAGING }}
+            OAUTH_APP_CLIENT_SECRET=${{ secrets.OAUTH_APP_CLIENT_SECRET_STAGING }}
+          fi
+
+          sed -i "s/^MONGODB_INITDB_ROOT_USERNAME=.*$/MONGODB_INITDB_ROOT_USERNAME=$ROOT_USERNAME/" $ENV_FILE
+          sed -i "s/^MONGODB_INITDB_ROOT_PASSWORD=.*$/MONGODB_INITDB_ROOT_PASSWORD=$ROOT_PASSWORD/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_HOST=.*$/SERVICE_MONGODB_HOST=$MONGODB_HOST/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_DATABASE=.*$/SERVICE_MONGODB_DATABASE=$MONGODB_DATABASE/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_USER=.*$/SERVICE_MONGODB_USER=$SERVICE_USERNAME/" $ENV_FILE
+          sed -i "s/^SERVICE_MONGODB_PASSWORD=.*$/SERVICE_MONGODB_PASSWORD=$SERVICE_PASSWORD/" $ENV_FILE
+          sed -i "s/^MARKET_GITHUB_TOKEN=.*$/MARKET_GITHUB_TOKEN=$GH_TOKEN/" $ENV_FILE
+          sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_ID=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_ID=$OAUTH_APP_CLIENT_ID/" $ENV_FILE
+          sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=$OAUTH_APP_CLIENT_SECRET/" $ENV_FILE
+          sed -i "s/^MARKET_JWT_SECRET_KEY=.*$/MARKET_JWT_SECRET_KEY=$MARKET_JWT_SECRET_KEY/" $ENV_FILE
 
       - name: Build and bring up containers without cache
         working-directory: ./marketplace-build
         run: |
-          docker compose up --build --force-recreate -d
+          docker compose build --no-cache --build-arg BUILD_ENV=${{ inputs.build_env }}
+          docker compose up --force-recreate -d
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -9,6 +9,10 @@ on:
         description: 'Marketplace Docker image version'
         required: true
         default: 'latest'
+      build_env:
+        description: 'Build environment'
+        required: true
+        default: 'production'
 
 env:
   UI_IMAGE_NAME: marketplace-ui
@@ -19,6 +23,8 @@ jobs:
   build:
     name: Build Docker images
     uses: ./.github/workflows/docker-build.yml
+    with:
+      build_env: ${{ inputs.build_env }}
 
   release:
     name: Tag and publish image to GH packages

diff --git a/marketplace-build/config/mongodb/docker-compose.yml b/marketplace-build/config/mongodb/docker-compose.yml
@@ -1,15 +1,14 @@
-# This docker compose to init mongo for setup auth
+# This docker-compose to init MongoDB as free access and create a volume as name + mongodata
+# Then insert the admin user as defined at mogo-init.js
+# Change the name to other if you want to create more volumes. e.g: marketplace-dev
 name: marketplace
 
 services:
   mongodb:
+    image: mongodb/mongodb-community-server:7.0.0-ubi8
     container_name: marketplace-mongodb-non-authen
-    build:
-      context: .
-      dockerfile: Dockerfile
-    restart: always
-    ports:
-      - "27017:27017"
+    expose:
+      - 27017
     volumes:
       - mongodata:/data/db
       - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro

diff --git a/marketplace-build/config/mongodb/mongo-init.js b/marketplace-build/config/mongodb/mongo-init.js
@@ -1,3 +1,4 @@
+// Change user/pwd to your requirement
 db = db.getSiblingDB('admin');
 db.createUser(
     {

diff --git a/marketplace-build/config/nginx/nginx.conf b/marketplace-build/config/nginx/nginx.conf
@@ -4,12 +4,25 @@ http {
     include /etc/nginx/mime.types;
 
     server {
+        listen 80;
+        server_name marketplace;
 
         root /usr/share/nginx/html;
         index index.html;
 
         location / {
             try_files $uri $uri/ /index.html;
         }
+
+        location /marketplace-service {
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-NginX-Proxy true;
+            proxy_pass http://service:8080/marketplace-service;
+            proxy_ssl_session_reuse off;
+            proxy_set_header Host $http_host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_redirect off;
+        }
     }
 }
diff --git a/marketplace-build/docker-compose.yml b/marketplace-build/docker-compose.yml
@@ -2,7 +2,7 @@ name: marketplace
 
 services:
   mongodb:
-    container_name: marketplace-mongodb-7.0.0
+    container_name: marketplace-mongodb
     build:
       context: ./config/mongodb
       dockerfile: Dockerfile
@@ -23,6 +23,8 @@ services:
       additional_contexts:
         assets: ../marketplace-build/
       dockerfile: Dockerfile
+      args:
+        - BUILD_ENV=${BUILD_ENV}
     restart: always
     volumes:
       - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf
@@ -54,4 +56,4 @@ services:
       - mongodb
 
 volumes:
-  mongodata:
+  mongodata:
diff --git a/marketplace-build/release/docker-compose.yml b/marketplace-build/release/docker-compose.yml
@@ -1,4 +1,4 @@
-name: marketplace
+name: marketplace-release_latest
 
 services:
   mongodb:
@@ -25,6 +25,8 @@ services:
   service:
     image: ghcr.io/axonivy-market/marketplace-service:latest
     restart: always
+    expose:
+      - 8080
     volumes:
       - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json
     environment:

diff --git a/marketplace-build/release/sprint-compose.yml b/marketplace-build/release/sprint-compose.yml
@@ -1,4 +1,4 @@
-name: marketplace
+name: marketplace-release_sprint
 
 services:
   mongodb:
@@ -25,6 +25,8 @@ services:
   service:
     image: ghcr.io/axonivy-market/marketplace-service:sprint
     restart: always
+    expose:
+    - 8080
     volumes:
       - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json
     environment:

diff --git a/marketplace-ui/Dockerfile b/marketplace-ui/Dockerfile
@@ -1,11 +1,12 @@
 # Stage 1: Build Angular app
 FROM node:20-alpine AS build-angular
+ARG BUILD_ENV
 WORKDIR /app
 COPY . .
 RUN npm install
-RUN npm run build --prod
+RUN npm run build -- --configuration $BUILD_ENV
 
 # Stage 2: Serve Angular app using Nginx
-FROM nginx:alpine
+FROM nginx
 COPY --from=build-angular /app/dist/browser /usr/share/nginx/html
 COPY --from=assets config/nginx/nginx.conf /etc/nginx/nginx.conf
diff --git a/marketplace-ui/angular.json b/marketplace-ui/angular.json
@@ -60,6 +60,23 @@
               ],
               "outputHashing": "all"
             },
+            "staging": {
+              "optimization": {
+                "scripts": true,
+                "styles": {
+                  "minify": true,
+                  "inlineCritical": false
+                },
+                "fonts": true
+              },
+              "outputHashing": "all",
+              "fileReplacements": [
+                {
+                  "replace": "src/environments/environment.ts",
+                  "with": "src/environments/environment.staging.ts"
+                }
+              ]
+            },
             "development": {
               "optimization": false,
               "extractLicenses": false,
@@ -80,6 +97,9 @@
             "production": {
               "buildTarget": "marketplace-ui:build:production"
             },
+            "staging": {
+              "buildTarget": "marketplace-ui:build:staging"
+            },
             "development": {
               "buildTarget": "marketplace-ui:build:development"
             }

diff --git a/marketplace-ui/src/app/auth/auth.service.ts b/marketplace-ui/src/app/auth/auth.service.ts
@@ -28,7 +28,7 @@ export class AuthService {
   private readonly BASE_URL = environment.apiUrl;
   private readonly TOKEN_KEY = 'token';
   private readonly githubAuthUrl = 'https://github.com/login/oauth/authorize';
-  private readonly githubAuthCallbackPath = environment.githubAuthCallbackPath;
+  private readonly githubAuthCallbackUrl = window.location.origin + environment.githubAuthCallbackPath;
 
   constructor(
     private readonly http: HttpClient,
@@ -38,8 +38,7 @@ export class AuthService {
 
   redirectToGitHub(originalUrl: string): void {
     const state = encodeURIComponent(originalUrl);
-    const githubAuthCallbackUrl = window.location.origin + this.githubAuthCallbackPath;
-    const authUrl = `${this.githubAuthUrl}?client_id=${environment.githubClientId}&redirect_uri=${githubAuthCallbackUrl}&state=${state}`;
+    const authUrl = `${this.githubAuthUrl}?client_id=${environment.githubClientId}&redirect_uri=${this.githubAuthCallbackUrl}&state=${state}`;
     window.location.href = authUrl;
   }
 

diff --git a/marketplace-ui/src/app/core/interceptors/api.interceptor.ts b/marketplace-ui/src/app/core/interceptors/api.interceptor.ts
@@ -24,7 +24,7 @@ export const apiInterceptor: HttpInterceptorFn = (req, next) => {
   }
   let requestURL = req.url;
   const apiURL = environment.apiUrl;
-  if (!requestURL.startsWith(apiURL)) {
+  if (!requestURL.includes(apiURL)) {
     requestURL = `${apiURL}/${req.url}`;
   }
 

diff --git a/marketplace-ui/src/environments/environment.staging.ts b/marketplace-ui/src/environments/environment.staging.ts
@@ -0,0 +1,7 @@
+export const environment = {
+  production: false,
+  apiUrl: '/marketplace-service',
+  githubClientId: 'Ov23li5r26hRBOXZhtLV',
+  githubAuthCallbackPath: '/auth/github/callback',
+  dayInMiliseconds: 86400000
+};
diff --git a/marketplace-ui/src/environments/environment.ts b/marketplace-ui/src/environments/environment.ts
@@ -1,6 +1,6 @@
 export const environment = {
   production: true,
-  apiUrl: 'http://marketplace.server.ivy-cloud.com:8080/marketplace-service',
+  apiUrl: '/marketplace-service',
   githubClientId: 'Ov23liVMliBxBqdQ7FnG',
   githubAuthCallbackPath: '/auth/github/callback',
   dayInMiliseconds: 86400000