Prepare release v24.2.1

f-eld-ch · Feb 20, 2024 · a330158 · a330158
2 parents 8c6bc55 + b567ff1
commit a330158
Show file tree

Hide file tree

Showing 1,355 changed files with 77,974 additions and 66 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,2 +1,3 @@
-node_modules
+ui/node_modules
 docs
+!ui/build
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -1,20 +1,28 @@
 name: Automated Tests and Linting
 
-on: [push]
-
+on:
+  push:
+    branches-ignore:
+      - "main"
+      - "develop"
 jobs:
-  Test:
+  build:
     runs-on: ubuntu-latest
+    name: "Test and Build"
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
           node-version-file: ".nvmrc"
           cache: yarn
-          cache-dependency-path: yarn.lock
+          cache-dependency-path: "ui/yarn.lock"
 
       - name: Install packages
         run: yarn install --immutable
+        working-directory: ui
 
       - name: Run tests
         run: yarn test
+        working-directory: ui
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -1,4 +1,4 @@
-name: ci
+name: Build & Test & Push Image
 
 on:
   push:
@@ -12,18 +12,18 @@ on:
       - "main"
       - "develop"
 jobs:
-  docker:
+  build:
     runs-on: ubuntu-latest
+    name: "Test and Build"
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        if: github.event_name != 'pull_request'
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          node-version-file: ".nvmrc"
+          cache: yarn
+          cache-dependency-path: "ui/yarn.lock"
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
@@ -42,6 +42,29 @@ jobs:
             # priority 600
             type=ref,event=branch
             type=ref,event=pr,prefix=pr-,enable=true
+
+      - name: Install packages
+        run: yarn install --immutable
+        working-directory: ui
+
+      - name: Run ui tests
+        run: yarn test
+        working-directory: ui
+
+      - name: Build ui
+        run: yarn build
+        env:
+          VERSION: ${{ steps.meta.outputs.version }}
+          GIT_SHA: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+        working-directory: ui
+
+      - uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
@@ -52,6 +75,7 @@ jobs:
           build-args: |
             VERSION=${{ steps.meta.outputs.version }}
             GIT_SHA=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+
       - name: Docker meta for hasura
         id: meta-hasura
         uses: docker/metadata-action@v5
@@ -67,6 +91,7 @@ jobs:
             type=semver,pattern={{major}}.{{minor}},prefix=v,priority=410
             type=semver,pattern={{major}},prefix=v,priority=400
             type=sha
+
       - name: Build and push
         uses: docker/build-push-action@v5
         with:

diff --git a/.gitignore b/.gitignore
@@ -1,20 +1,23 @@
 # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
 
 # dependencies
-/node_modules
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions
+.idea
+.vscode
+node_modules
+ui/node_modules
+ui/.pnp.*
+ui/.yarn/*
+!ui/.yarn/patches
+!ui/.yarn/plugins
+!ui/.yarn/releases
+!ui/.yarn/sdks
+!ui/.yarn/versions
 
 # testing
-/coverage
+ui/coverage
 
 # production
-/build
+ui/build
 
 # misc
 .DS_Store
@@ -62,24 +65,23 @@ bower_components
 build/Release
 
 # Dependency directories
-node_modules/
-jspm_packages/
+ui/node_modules/
+ui/jspm_packages/
 
 # Typescript v1 declaration files
-typings/
+ui/typings/
 
 # Optional npm cache directory
-.npm
+ui/.npm
 
 # Optional eslint cache
-.eslintcache
+ui/.eslintcache
 
 # Optional REPL history
-.node_repl_history
+ui/.node_repl_history
 
 # Output of 'npm pack'
-*.tgz
+ui/*.tgz
 
 # Yarn Integrity file
-.yarn-integrity
-
+ui/.yarn-integrity
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,21 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+  - repo: https://github.com/dnephin/pre-commit-golang
+    rev: v0.5.1
+    hooks:
+      - id: go-fmt
+      - id: go-imports
+      - id: no-go-testing
+      - id: golangci-lint
+      - id: go-unit-tests
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: "v3.1.0"
+    hooks:
+      - id: prettier
+exclude: "(example|hasura|docs)/.*"
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,3 @@
-FROM docker.io/library/node:20 as build-deps
-WORKDIR /usr/src/app
-COPY yarn.lock package.json .yarnrc.yml ./
-COPY .yarn ./.yarn
-RUN find ./
-RUN yarn install --immutable
-COPY . ./
-ARG GIT_SHA
-ENV GIT_SHA=${GIT_SHA}
-ARG VERSION
-ENV VERSION=${VERSION:-develop}
-RUN yarn build
-
 FROM quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
 ENV OAUTH2_PROXY_PROXY_WEBSOCKETS=true \
     OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true \
@@ -19,5 +6,4 @@ ENV OAUTH2_PROXY_PROXY_WEBSOCKETS=true \
     OAUTH2_PROXY_PROXY_WEBSOCKETS=true \
     OAUTH2_PROXY_PASS_ACCESS_TOKEN=true \
     OAUTH2_PROXY_HTTP_ADDRESS=:4180
-COPY --from=build-deps /usr/src/app/build /static
-
+COPY ui/build /static
diff --git a/Dockerfile.hasura b/Dockerfile.hasura
@@ -1,5 +1,5 @@
-FROM docker.io/hasura/graphql-engine:v2.10.2.cli-migrations-v3
-COPY migrations /hasura-migrations
-COPY metadata /hasura-metadata 
+FROM docker.io/hasura/graphql-engine:v2.37.0-ce.cli-migrations-v3.ubi
+COPY hasura/migrations /hasura-migrations
+COPY hasura/metadata /hasura-metadata
 ENV HASURA_GRAPHQL_EXPERIMENTAL_FEATURES=naming_convention
 ENV HASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION=graphql-default
diff --git a/README.md b/README.md
@@ -1,4 +1,5 @@
 # Sitrep
+
 ![Lage](docs/images/Lage1.png?raw=true "Lage")
 ![Lage2](docs/images/Lage2.png?raw=true "Lage2")
 ![Overview](docs/images/IncidentOverview.png?raw=true "Overview")
@@ -22,14 +23,13 @@ A simple local development environment can be created using docker compose and t
 Oauth2_PROXY clients can be created using Auth0....
 
 ```
-OAUTH2_PROXY_CLIENT_ID=...
-OAUTH2_PROXY_CLIENT_SECRET=...
-OAUTH2_PROXY_OIDC_ISSUER_URL=https://${TENANT.eu.auth0.com/
-HASURA_GRAPHQL_JWT_SECRET='{"type":"RS256","key":"-----BEGIN CERTIFICATE-----\n
-...
-}\n-----END CERTIFICATE-----\n","header":{"type":"Authorization"},"claims_map":{"x-hasura-user-id":{"path":"$.sub"},"x-hasura-email":{"path":"$.email"},"x-hasura-allowed-roles":["user","editor"],"x-hasura-default-role":"user"}}'
+OAUTH2_PROXY_CLIENT_ID=sitrep
+OAUTH2_PROXY_CLIENT_SECRET=ds8LCRW4jhB58nWdMgZHeVISqx3O3e1o3g0LEr9H8tM=   # generate with: openssl rand -base64 32 | tr -- '+/' '-_'
+OAUTH2_PROXY_COOKIE_SECRET=kvicWov5Y_w10r2vmnxJTUTugMUtBp6_R4loxuANMtg= # generate with: openssl rand -base64 32 | tr -- '+/' '-_'
+HASURA_GRAPHQL_ADMIN_SECRET=388HMfQ00gEyg636O63S1jxRODTSoAiu_XHa0fXhtRo=  # generate with: openssl rand -base64 32 | tr -- '+/' '-_'
 POSTGRES_PASSWORD=postgrespassword
-HASURA_GRAPHQL_ADMIN_SECRET: myadminsecretkey
+
+OAUTH2_PROXY_REDIRECT_URL=http://localhost:3000/oauth2/callback # port for yarn dev server%
 ```
 
 3. Run docker compose environment:
@@ -41,7 +41,12 @@ docker compose --env-file .env.local up -d
 4. Run yarn
 
 ```
-yarn start
+cd ui && yarn start
 ```
 
-5. Open [localhost:3000](http://localhost:3000/). This will automatically proxy to the OAUTH2 proxy which will then proxy requests towards the graphql-engine with its /v1/graphql
+5. Open [localhost:3000](http://localhost:3000/). This will automatically proxy to the OAUTH2 proxy which will then proxy requests towards the graphql-engine with its /v1/graphql. Authentication will be handled by the local dex IDP with it's mock provider. Just click on **Log in with Example**.
+
+### Translations
+
+- To correct or add **translations** we invite you to help us out [on Weblate](https://hosted.weblate.org/projects/sitrep).<br>
+  [![Translation status](https://hosted.weblate.org/widgets/sitrep/-/287x66-grey.png)](https://hosted.weblate.org/engage/sitrep/)
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,16 +4,16 @@ services:
     depends_on:
       postgres:
         condition: service_started
+      dex:
+        condition: service_started
     environment:
       HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
       HASURA_GRAPHQL_DEV_MODE: "true"
       HASURA_GRAPHQL_ENABLE_CONSOLE: "false"
       HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup, http-log, webhook-log, websocket-log, query-log
-      HASURA_GRAPHQL_JWT_SECRET: ${HASURA_GRAPHQL_JWT_SECRET}
+      HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256","jwk_url": "http://dex:5556/dex/keys" ,"header":{"type":"Authorization"},"claims_map":{"x-hasura-user-id":{"path":"$.sub"},"x-hasura-email":{"path":"$.email"},"x-hasura-allowed-roles":["viewer","editor"],"x-hasura-default-role":"editor"}}'
       HASURA_GRAPHQL_METADATA_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres
       HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anonymous
-      HASURA_GRAPHQL_EXPERIMENTAL_FEATURES: naming_convention
-      HASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION: graphql-default
       PG_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres
     build:
       dockerfile: Dockerfile.hasura
@@ -29,32 +29,41 @@ services:
     depends_on:
       graphql-engine:
         condition: service_started
+      dex:
+        condition: service_started
     environment:
       OAUTH2_PROXY_CLIENT_ID: ${OAUTH2_PROXY_CLIENT_ID}
       OAUTH2_PROXY_CLIENT_SECRET: ${OAUTH2_PROXY_CLIENT_SECRET}
       OAUTH2_PROXY_CODE_CHALLENGE_METHOD: S256
       OAUTH2_PROXY_COOKIE_SECRET: ${OAUTH2_PROXY_COOKIE_SECRET}
-      OAUTH2_PROXY_DISPLAY_NAME: Auth0
+      OAUTH2_PROXY_COOKIE_CSRF_PER_REQUEST: true
+      OAUTH2_PROXY_COOKIE_CSRF_EXPIRE: 5m
       OAUTH2_PROXY_EMAIL_DOMAINS: "*"
       OAUTH2_PROXY_HTTP_ADDRESS: :4180
-      OAUTH2_PROXY_OIDC_ISSUER_URL: ${OAUTH2_PROXY_OIDC_ISSUER_URL}
+      OAUTH2_PROXY_OIDC_ISSUER_URL: http://dex:5556/dex
+      OAUTH2_PROXY_INSECURE_OIDC_SKIP_ISSUER_VERIFICATION: true
       OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true"
       OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER: "true"
       OAUTH2_PROXY_PROVIDER: oidc
       OAUTH2_PROXY_PROXY_WEBSOCKETS: "true"
-      OAUTH2_PROXY_REDIRECT_URL: http://localhost:3000/oauth2/callback
       OAUTH2_PROXY_UPSTREAMS: http://graphql-engine:8080/v1/graphql
       OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: true
+      OAUTH2_PROXY_REDIRECT_URL: ${OAUTH2_PROXY_REDIRECT_URL}
+      # disable autodiscovery due to token endpoint not properly accessible on localhost for oauth2proxy
+      OAUTH2_PROXY_SKIP_OIDC_DISCOVERY: "true"
+      OAUTH2_PROXY_OIDC_JWKS_URL: http://dex:5556/dex/keys
+      OAUTH2_PROXY_LOGIN_URL: http://localhost:5556/dex/auth
+      OAUTH2_PROXY_REDEEM_URL: http://dex:5556/dex/token
       OAUTH2_PROXY_SKIP_AUTH_ROUTES: ^\/(manifest\.json|favicon\.ico|asset-manifest\.json|service-worker\.js\.map|service-worker\.js|robots\.txt|logo\d+\.png)
     image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
+    restart: always
     networks:
       default: null
     ports:
       - mode: ingress
         target: 4180
         published: "4180"
         protocol: tcp
-    restart: always
   postgres:
     environment:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
@@ -72,9 +81,41 @@ services:
         target: 5432
         published: "5432"
         protocol: tcp
+  dex:
+    image: docker.io/dexidp/dex:v2.38.0
+    restart: always
+    environment:
+      OAUTH2_PROXY_CLIENT_ID: ${OAUTH2_PROXY_CLIENT_ID}
+      OAUTH2_PROXY_CLIENT_SECRET: ${OAUTH2_PROXY_CLIENT_SECRET}
+      DEX_CONNECTORS_ENABLE_MOCK: "true"
+      DEX_CONNECTORS_ENABLE_DEMO_USER: "true"
+      DEX_ISSUER: http://localhost:5556/dex
+    networks:
+      default: null
+    command: dex serve /etc/dex/config-demo.yaml
+    volumes:
+      - type: bind
+        source: ./example/dexidp/config-demo.yaml
+        target: /etc/dex/config-demo.yaml
+        read_only: true
+      - type: volume
+        source: dex_data
+        target: /var/sqlite/dex
+        volume: {}
+    ports:
+      - mode: ingress
+        target: 5556
+        published: "5556"
+        protocol: tcp
+      - mode: ingress
+        target: 5557
+        published: "5557"
+        protocol: tcp
 networks:
   default:
     name: sitrep_default
 volumes:
   db_data:
     name: sitrep_db_data
+  dex_data:
+    name: sitrep_dex_data
diff --git a/example/.env b/example/.env
@@ -0,0 +1,9 @@
+OAUTH2_PROXY_CLIENT_ID=sitrep
+OAUTH2_PROXY_CLIENT_SECRET=ds8LCRW4jhB58nWdMgZHeVISqx3O3e1o3g0LEr9H8tM=   # generate with: openssl rand -base64 32 | tr -- '+/' '-_'
+OAUTH2_PROXY_COOKIE_SECRET=kvicWov5Y_w10r2vmnxJTUTugMUtBp6_R4loxuANMtg= # generate with: openssl rand -base64 32 | tr -- '+/' '-_'
+HASURA_GRAPHQL_ADMIN_SECRET=388HMfQ00gEyg636O63S1jxRODTSoAiu_XHa0fXhtRo=  # generate with: openssl rand -base64 32 | tr -- '+/' '-_'
+POSTGRES_PASSWORD=postgrespassword # set to something secure or generate with: openssl rand -base64 32 | tr -- '+/' '-_'
+
+# the hostname you want to serve sitrep on, should match your caddy config file
+# locally resolvable dns names like sitrep.local work as well if your server is setup accrodingly
+SITREP_HOSTNAME=192.168.1.2