diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..be60556f9 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,67 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "master", "develop" ] + pull_request: + branches: [ "master", "develop" ] + schedule: + - cron: '00 08 * * 0' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: 'ubuntu-latest' + timeout-minutes: 360 + permissions: + security-events: write + packages: read + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: javascript-typescript + build-mode: none + - language: java-kotlin + build-mode: manual + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - name: Set up JDK 17 + if: matrix.language == 'java-kotlin' + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + cache: maven + + - name: Build with maven + if: matrix.language == 'java-kotlin' + run: mvn clean install --file ./marketplace-service/pom.xml -DskipTests + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index a4a4b25ea..347360989 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -4,7 +4,18 @@ on: push: branches: [ "develop" ] workflow_dispatch: + inputs: + build_env: + description: 'Build environment' + required: true + default: 'staging' + workflow_call: + inputs: + build_env: + description: 'Build environment' + required: true + type: string jobs: cleanup: @@ -36,22 +47,29 @@ jobs: SERVICE_PASSWORD: ${{ secrets.SERVICE_PASSWORD }} MONGODB_DATABASE: ${{ secrets.MONGODB_DATABASE }} GH_TOKEN: ${{ secrets.GH_TOKEN }} - MARKET_GITHUB_OAUTH_APP_CLIENT_ID: ${{ secrets.MARKET_GITHUB_OAUTH_APP_CLIENT_ID }} - MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET: ${{ secrets.MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET }} MARKET_JWT_SECRET_KEY: ${{ secrets.MARKET_JWT_SECRET_KEY }} run: | - sed -i "s/^MONGODB_INITDB_ROOT_USERNAME=.*$/MONGODB_INITDB_ROOT_USERNAME=$ROOT_USERNAME/" $ENV_FILE - sed -i "s/^MONGODB_INITDB_ROOT_PASSWORD=.*$/MONGODB_INITDB_ROOT_PASSWORD=$ROOT_PASSWORD/" $ENV_FILE - sed -i "s/^SERVICE_MONGODB_HOST=.*$/SERVICE_MONGODB_HOST=$MONGODB_HOST/" $ENV_FILE - sed -i "s/^SERVICE_MONGODB_DATABASE=.*$/SERVICE_MONGODB_DATABASE=$MONGODB_DATABASE/" $ENV_FILE - sed -i "s/^SERVICE_MONGODB_USER=.*$/SERVICE_MONGODB_USER=$SERVICE_USERNAME/" $ENV_FILE - sed -i "s/^SERVICE_MONGODB_PASSWORD=.*$/SERVICE_MONGODB_PASSWORD=$SERVICE_PASSWORD/" $ENV_FILE - sed -i "s/^MARKET_GITHUB_TOKEN=.*$/MARKET_GITHUB_TOKEN=$GH_TOKEN/" $ENV_FILE - sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_ID=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_ID=$MARKET_GITHUB_OAUTH_APP_CLIENT_ID/" $ENV_FILE - sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=$MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET/" $ENV_FILE - sed -i "s/^MARKET_JWT_SECRET_KEY=.*$/MARKET_JWT_SECRET_KEY=$MARKET_JWT_SECRET_KEY/" $ENV_FILE + if [ "${{ inputs.build_env }}" == "production" ]; then + OAUTH_APP_CLIENT_ID=${{ secrets.OAUTH_APP_CLIENT_ID }} + OAUTH_APP_CLIENT_SECRET=${{ secrets.OAUTH_APP_CLIENT_SECRET }} + else + OAUTH_APP_CLIENT_ID=${{ secrets.OAUTH_APP_CLIENT_ID_STAGING }} + OAUTH_APP_CLIENT_SECRET=${{ secrets.OAUTH_APP_CLIENT_SECRET_STAGING }} + fi + + sed -i "s/^MONGODB_INITDB_ROOT_USERNAME=.*$/MONGODB_INITDB_ROOT_USERNAME=$ROOT_USERNAME/" $ENV_FILE + sed -i "s/^MONGODB_INITDB_ROOT_PASSWORD=.*$/MONGODB_INITDB_ROOT_PASSWORD=$ROOT_PASSWORD/" $ENV_FILE + sed -i "s/^SERVICE_MONGODB_HOST=.*$/SERVICE_MONGODB_HOST=$MONGODB_HOST/" $ENV_FILE + sed -i "s/^SERVICE_MONGODB_DATABASE=.*$/SERVICE_MONGODB_DATABASE=$MONGODB_DATABASE/" $ENV_FILE + sed -i "s/^SERVICE_MONGODB_USER=.*$/SERVICE_MONGODB_USER=$SERVICE_USERNAME/" $ENV_FILE + sed -i "s/^SERVICE_MONGODB_PASSWORD=.*$/SERVICE_MONGODB_PASSWORD=$SERVICE_PASSWORD/" $ENV_FILE + sed -i "s/^MARKET_GITHUB_TOKEN=.*$/MARKET_GITHUB_TOKEN=$GH_TOKEN/" $ENV_FILE + sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_ID=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_ID=$OAUTH_APP_CLIENT_ID/" $ENV_FILE + sed -i "s/^MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=.*$/MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=$OAUTH_APP_CLIENT_SECRET/" $ENV_FILE + sed -i "s/^MARKET_JWT_SECRET_KEY=.*$/MARKET_JWT_SECRET_KEY=$MARKET_JWT_SECRET_KEY/" $ENV_FILE - name: Build and bring up containers without cache working-directory: ./marketplace-build run: | - docker compose up --build --force-recreate -d + docker compose build --no-cache --build-arg BUILD_ENV=${{ inputs.build_env }} + docker compose up --force-recreate -d diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 8eeeb1cfb..77549bf99 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -9,6 +9,10 @@ on: description: 'Marketplace Docker image version' required: true default: 'latest' + build_env: + description: 'Build environment' + required: true + default: 'production' env: UI_IMAGE_NAME: marketplace-ui @@ -19,6 +23,8 @@ jobs: build: name: Build Docker images uses: ./.github/workflows/docker-build.yml + with: + build_env: ${{ inputs.build_env }} release: name: Tag and publish image to GH packages diff --git a/marketplace-build/config/mongodb/docker-compose.yml b/marketplace-build/config/mongodb/docker-compose.yml index 606db72df..24b64346d 100644 --- a/marketplace-build/config/mongodb/docker-compose.yml +++ b/marketplace-build/config/mongodb/docker-compose.yml @@ -1,15 +1,14 @@ -# This docker compose to init mongo for setup auth +# This docker-compose to init MongoDB as free access and create a volume as name + mongodata +# Then insert the admin user as defined at mogo-init.js +# Change the name to other if you want to create more volumes. e.g: marketplace-dev name: marketplace services: mongodb: + image: mongodb/mongodb-community-server:7.0.0-ubi8 container_name: marketplace-mongodb-non-authen - build: - context: . - dockerfile: Dockerfile - restart: always - ports: - - "27017:27017" + expose: + - 27017 volumes: - mongodata:/data/db - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro diff --git a/marketplace-build/config/mongodb/mongo-init.js b/marketplace-build/config/mongodb/mongo-init.js index 5cef1331f..1b663dac8 100644 --- a/marketplace-build/config/mongodb/mongo-init.js +++ b/marketplace-build/config/mongodb/mongo-init.js @@ -1,3 +1,4 @@ +// Change user/pwd to your requirement db = db.getSiblingDB('admin'); db.createUser( { diff --git a/marketplace-build/config/nginx/nginx.conf b/marketplace-build/config/nginx/nginx.conf index 3f23ab6df..8eb6752b6 100644 --- a/marketplace-build/config/nginx/nginx.conf +++ b/marketplace-build/config/nginx/nginx.conf @@ -4,6 +4,8 @@ http { include /etc/nginx/mime.types; server { + listen 80; + server_name marketplace; root /usr/share/nginx/html; index index.html; @@ -11,5 +13,16 @@ http { location / { try_files $uri $uri/ /index.html; } + + location /marketplace-service { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-NginX-Proxy true; + proxy_pass http://service:8080/marketplace-service; + proxy_ssl_session_reuse off; + proxy_set_header Host $http_host; + proxy_cache_bypass $http_upgrade; + proxy_redirect off; + } } } \ No newline at end of file diff --git a/marketplace-build/docker-compose.yml b/marketplace-build/docker-compose.yml index 542536546..46023528c 100644 --- a/marketplace-build/docker-compose.yml +++ b/marketplace-build/docker-compose.yml @@ -2,7 +2,7 @@ name: marketplace services: mongodb: - container_name: marketplace-mongodb-7.0.0 + container_name: marketplace-mongodb build: context: ./config/mongodb dockerfile: Dockerfile @@ -23,6 +23,8 @@ services: additional_contexts: assets: ../marketplace-build/ dockerfile: Dockerfile + args: + - BUILD_ENV=${BUILD_ENV} restart: always volumes: - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf @@ -54,4 +56,4 @@ services: - mongodb volumes: - mongodata: \ No newline at end of file + mongodata: diff --git a/marketplace-build/release/docker-compose.yml b/marketplace-build/release/docker-compose.yml index 693662a90..53a422276 100644 --- a/marketplace-build/release/docker-compose.yml +++ b/marketplace-build/release/docker-compose.yml @@ -1,4 +1,4 @@ -name: marketplace +name: marketplace-release_latest services: mongodb: @@ -25,6 +25,8 @@ services: service: image: ghcr.io/axonivy-market/marketplace-service:latest restart: always + expose: + - 8080 volumes: - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json environment: diff --git a/marketplace-build/release/sprint-compose.yml b/marketplace-build/release/sprint-compose.yml index d4d4a15a5..0b3a43ccc 100644 --- a/marketplace-build/release/sprint-compose.yml +++ b/marketplace-build/release/sprint-compose.yml @@ -1,4 +1,4 @@ -name: marketplace +name: marketplace-release_sprint services: mongodb: @@ -25,6 +25,8 @@ services: service: image: ghcr.io/axonivy-market/marketplace-service:sprint restart: always + expose: + - 8080 volumes: - /home/axonivy/marketplace/data/market-installations.json:/home/data/market-installation.json environment: diff --git a/marketplace-ui/Dockerfile b/marketplace-ui/Dockerfile index e02ed0f60..9cd651c74 100644 --- a/marketplace-ui/Dockerfile +++ b/marketplace-ui/Dockerfile @@ -1,11 +1,12 @@ # Stage 1: Build Angular app FROM node:20-alpine AS build-angular +ARG BUILD_ENV WORKDIR /app COPY . . RUN npm install -RUN npm run build --prod +RUN npm run build -- --configuration $BUILD_ENV # Stage 2: Serve Angular app using Nginx -FROM nginx:alpine +FROM nginx COPY --from=build-angular /app/dist/browser /usr/share/nginx/html COPY --from=assets config/nginx/nginx.conf /etc/nginx/nginx.conf diff --git a/marketplace-ui/angular.json b/marketplace-ui/angular.json index 9ce46d2cc..815387bd7 100644 --- a/marketplace-ui/angular.json +++ b/marketplace-ui/angular.json @@ -60,6 +60,23 @@ ], "outputHashing": "all" }, + "staging": { + "optimization": { + "scripts": true, + "styles": { + "minify": true, + "inlineCritical": false + }, + "fonts": true + }, + "outputHashing": "all", + "fileReplacements": [ + { + "replace": "src/environments/environment.ts", + "with": "src/environments/environment.staging.ts" + } + ] + }, "development": { "optimization": false, "extractLicenses": false, @@ -80,6 +97,9 @@ "production": { "buildTarget": "marketplace-ui:build:production" }, + "staging": { + "buildTarget": "marketplace-ui:build:staging" + }, "development": { "buildTarget": "marketplace-ui:build:development" } diff --git a/marketplace-ui/src/app/auth/auth.service.ts b/marketplace-ui/src/app/auth/auth.service.ts index b6b323bf0..6655c0b59 100644 --- a/marketplace-ui/src/app/auth/auth.service.ts +++ b/marketplace-ui/src/app/auth/auth.service.ts @@ -28,7 +28,7 @@ export class AuthService { private readonly BASE_URL = environment.apiUrl; private readonly TOKEN_KEY = 'token'; private readonly githubAuthUrl = 'https://github.com/login/oauth/authorize'; - private readonly githubAuthCallbackPath = environment.githubAuthCallbackPath; + private readonly githubAuthCallbackUrl = window.location.origin + environment.githubAuthCallbackPath; constructor( private readonly http: HttpClient, @@ -38,8 +38,7 @@ export class AuthService { redirectToGitHub(originalUrl: string): void { const state = encodeURIComponent(originalUrl); - const githubAuthCallbackUrl = window.location.origin + this.githubAuthCallbackPath; - const authUrl = `${this.githubAuthUrl}?client_id=${environment.githubClientId}&redirect_uri=${githubAuthCallbackUrl}&state=${state}`; + const authUrl = `${this.githubAuthUrl}?client_id=${environment.githubClientId}&redirect_uri=${this.githubAuthCallbackUrl}&state=${state}`; window.location.href = authUrl; } diff --git a/marketplace-ui/src/app/core/interceptors/api.interceptor.ts b/marketplace-ui/src/app/core/interceptors/api.interceptor.ts index 249a97ec0..e8ec8fa2b 100644 --- a/marketplace-ui/src/app/core/interceptors/api.interceptor.ts +++ b/marketplace-ui/src/app/core/interceptors/api.interceptor.ts @@ -24,7 +24,7 @@ export const apiInterceptor: HttpInterceptorFn = (req, next) => { } let requestURL = req.url; const apiURL = environment.apiUrl; - if (!requestURL.startsWith(apiURL)) { + if (!requestURL.includes(apiURL)) { requestURL = `${apiURL}/${req.url}`; } diff --git a/marketplace-ui/src/environments/environment.staging.ts b/marketplace-ui/src/environments/environment.staging.ts new file mode 100644 index 000000000..deca1f450 --- /dev/null +++ b/marketplace-ui/src/environments/environment.staging.ts @@ -0,0 +1,7 @@ +export const environment = { + production: false, + apiUrl: '/marketplace-service', + githubClientId: 'Ov23li5r26hRBOXZhtLV', + githubAuthCallbackPath: '/auth/github/callback', + dayInMiliseconds: 86400000 +}; diff --git a/marketplace-ui/src/environments/environment.ts b/marketplace-ui/src/environments/environment.ts index ac0668b1f..100500e96 100644 --- a/marketplace-ui/src/environments/environment.ts +++ b/marketplace-ui/src/environments/environment.ts @@ -1,6 +1,6 @@ export const environment = { production: true, - apiUrl: 'http://marketplace.server.ivy-cloud.com:8080/marketplace-service', + apiUrl: '/marketplace-service', githubClientId: 'Ov23liVMliBxBqdQ7FnG', githubAuthCallbackPath: '/auth/github/callback', dayInMiliseconds: 86400000