Merge branch 'develop' into bugfix/categories-extra-border

Pull latest changes from develop
ls1intum · Apr 24, 2024 · 28e668b · 28e668b
2 parents 4cbbbea + 1f2f3ba
commit 28e668b
Show file tree

Hide file tree

Showing 114 changed files with 1,984 additions and 772 deletions.
diff --git a/README.md b/README.md
@@ -157,7 +157,7 @@ Refer to [Using JHipster in production](http://www.jhipster.tech/production) for
 The following command can automate the deployment to a server. The example shows the deployment to the main Artemis test server (which runs a virtual machine):
 
 ```shell
-./artemis-server-cli deploy [email protected] -w build/libs/Artemis-7.0.1.war
+./artemis-server-cli deploy [email protected] -w build/libs/Artemis-7.0.2.war
 ```
 
 ## Architecture

diff --git a/build.gradle b/build.gradle
@@ -28,7 +28,7 @@ plugins {
 }
 
 group = "de.tum.in.www1.artemis"
-version = "7.0.1"
+version = "7.0.2"
 description = "Interactive Learning with Individual Feedback"
 
 java {
@@ -253,7 +253,7 @@ dependencies {
     implementation "oauth.signpost:signpost-commonshttp4:2.1.1"
 
     // https://mvnrepository.com/artifact/net.sourceforge.plantuml/plantuml
-    implementation "net.sourceforge.plantuml:plantuml:1.2024.3"
+    implementation "net.sourceforge.plantuml:plantuml:1.2024.4"
     implementation "org.jasypt:jasypt:1.9.3"
     implementation "me.xdrop:fuzzywuzzy:1.4.0"
     implementation("org.yaml:snakeyaml") {
@@ -296,7 +296,7 @@ dependencies {
 
     implementation "tech.jhipster:jhipster-framework:${jhipster_dependencies_version}"
     implementation "org.springframework.boot:spring-boot-starter-cache:${spring_boot_version}"
-    implementation "io.micrometer:micrometer-registry-prometheus:1.12.4"
+    implementation "io.micrometer:micrometer-registry-prometheus:1.12.5"
     implementation "net.logstash.logback:logstash-logback-encoder:7.4"
 
     // Defines low-level streaming API, and includes JSON-specific implementations
@@ -316,7 +316,7 @@ dependencies {
     implementation "javax.cache:cache-api:1.1.1"
     implementation "org.hibernate.orm:hibernate-core:${hibernate_version}"
     implementation "com.zaxxer:HikariCP:5.1.0"
-    implementation "org.apache.commons:commons-text:1.11.0"
+    implementation "org.apache.commons:commons-text:1.12.0"
     implementation "org.apache.commons:commons-math3:3.6.1"
     implementation "javax.transaction:javax.transaction-api:1.3"
     implementation "org.liquibase:liquibase-core:${liquibase_version}"
@@ -337,8 +337,8 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server:${spring_boot_version}"
     implementation "org.springframework.boot:spring-boot-starter-oauth2-client:${spring_boot_version}"
 
-    implementation "org.springframework.ldap:spring-ldap-core:3.2.2"
-    implementation "org.springframework.data:spring-data-ldap:3.2.4"
+    implementation "org.springframework.ldap:spring-ldap-core:3.2.3"
+    implementation "org.springframework.data:spring-data-ldap:3.2.5"
 
     implementation("org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:4.1.1") {
         // NOTE: these modules contain security vulnerabilities and are not needed
@@ -349,9 +349,9 @@ dependencies {
 
     implementation "org.springframework.cloud:spring-cloud-commons:4.1.2"
 
-    implementation "io.netty:netty-all:4.1.108.Final"
-    implementation "io.projectreactor.netty:reactor-netty:1.1.17"
-    implementation "org.springframework:spring-messaging:6.1.5"
+    implementation "io.netty:netty-all:4.1.109.Final"
+    implementation "io.projectreactor.netty:reactor-netty:1.1.18"
+    implementation "org.springframework:spring-messaging:6.1.6"
     implementation "org.springframework.retry:spring-retry:2.0.5"
 
     implementation "org.springframework.security:spring-security-config:${spring_security_version}"
@@ -378,8 +378,8 @@ dependencies {
     runtimeOnly "io.jsonwebtoken:jjwt-impl:${jwt_version}"
     runtimeOnly "io.jsonwebtoken:jjwt-jackson:${jwt_version}"
 
-    implementation "org.bouncycastle:bcpkix-jdk18on:1.77"
-    implementation "org.bouncycastle:bcprov-jdk18on:1.77"
+    implementation "org.bouncycastle:bcpkix-jdk18on:1.78.1"
+    implementation "org.bouncycastle:bcprov-jdk18on:1.78.1"
 
     implementation("io.springfox:springfox-swagger2:3.0.0") {
         exclude module: "mapstruct"
@@ -391,7 +391,7 @@ dependencies {
 
     implementation "org.zalando:problem-spring-web:0.29.1"
     implementation "org.zalando:jackson-datatype-problem:0.27.1"
-    implementation "com.ibm.icu:icu4j:74.2"
+    implementation "com.ibm.icu:icu4j:75.1"
     implementation "com.github.seancfoley:ipaddress:5.5.0"
     implementation "org.apache.maven:maven-model:3.9.6"
     implementation "org.apache.pdfbox:pdfbox:3.0.2"
@@ -441,11 +441,11 @@ dependencies {
     testImplementation "org.gradle:gradle-tooling-api:8.7"
     testImplementation "org.apache.maven.surefire:surefire-report-parser:3.2.5"
     testImplementation "com.opencsv:opencsv:5.9"
-    testImplementation("io.zonky.test:embedded-database-spring-test:2.5.0") {
+    testImplementation("io.zonky.test:embedded-database-spring-test:2.5.1") {
         exclude group: "org.testcontainers", module: "mariadb"
         exclude group: "org.testcontainers", module: "mssqlserver"
     }
-    testImplementation "com.tngtech.archunit:archunit:1.2.1"
+    testImplementation "com.tngtech.archunit:archunit:1.3.0"
     testImplementation("org.skyscreamer:jsonassert:1.5.1") {
         exclude module: "android-json"
     }
@@ -454,7 +454,7 @@ dependencies {
             strictly "1.14.13"
         }
     }
-    testImplementation "io.github.classgraph:classgraph:4.8.165"
+    testImplementation "io.github.classgraph:classgraph:4.8.172"
 
     // Lightweight JSON library needed for the internals of the MockRestServiceServer
     testImplementation "org.json:json:20240303"

diff --git a/docker/aeolus.yml b/docker/aeolus.yml
@@ -5,22 +5,9 @@ services:
         image: ghcr.io/ls1intum/aeolus/api:nightly
         pull_policy: always
         restart: unless-stopped
-        environment:
-            BAMBOO_GENERATOR_API_HOST: "http://aeolus-bamboo-api:8091"
         ports:
             - "8090:80"
         networks:
-            - aeolus
-            - artemis
-    aeolus-bamboo-api:
-        container_name: aeolus-bamboo-api
-        hostname: aeolus-bamboo-api
-        image: ghcr.io/ls1intum/aeolus/bamboo-generator:nightly
-        command: "--api"
-        pull_policy: always
-        restart: unless-stopped
-        networks:
-            - aeolus
             - artemis
 
 networks:

diff --git a/docs/admin/setup/programming-exercises.rst b/docs/admin/setup/programming-exercises.rst
@@ -106,8 +106,149 @@ The ``pipeline.groovy`` file can be customized further by instructors after crea
 Artemis via the ‘Edit Build Plan’ button on the details page of the exercise.
 
 
-Caching example for Maven
-^^^^^^^^^^^^^^^^^^^^^^^^^
+.. _dependecies-sonatype-nexus:
+
+Caching Maven Dependencies with Sonatype Nexus
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+With Sonatype Nexus you can run a caching server in your local network for Maven dependencies.
+An alternative approach for caching is with docker volumes, see :ref:`dependecies-docker-volumes`.
+
+.. note::
+
+    The following steps assume ``artemis.example.com`` is the host ``10.0.73.42`` and is using port ``8443`` for the cache.
+    Adapt the URLs for your actual setup.
+
+Sonatype Nexus Setup
+""""""""""""""""""""
+
+1. Set up Sonatype Nexus to run on ``artemis.example.com:8443`` e.g. in a `Docker container <https://hub.docker.com/r/sonatype/nexus3/>`_ behind a `proxy <https://help.sonatype.com/en/run-behind-a-reverse-proxy.html>`_.
+2. In the initial setup steps: Allow anonymous access.
+3. Set up the Maven proxy repository:
+    a. Create a new repository (**Repository - Repositories - Create repository**) of type ``maven2 (proxy)`` with name ``maven-proxy``.
+    b. The remote URL is https://repo1.maven.org/maven2/.
+4. Optionally create a new cleanup policy under *Repository - Cleanup Policies*
+    a. Format: ``maven2``
+    b. Release type: Releases & Pre-releases/Snapshots
+    c. Cleanup criteria: e.g. ‘Component Usage 14’ will remove all files that have not been downloaded for 14 days.
+    d. You can now add this cleanup policy to the policies in the repository you created earlier.
+
+Adding proxy to a Maven build
+"""""""""""""""""""""""""""""
+
+The following changes have to be made inside the `tests` repository.
+
+Option 1
+========
+
+Configure Maven so that it can find your Maven cache:
+
+.. code-block:: xml
+    :caption: ``pom.xml``
+
+    <repositories>
+        <repository>
+            <id>artemis-cache</id>
+            <url>https://artemis.example.com:8443/repository/maven-proxy/</url>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <pluginRepository>
+            <id>artemis-cache</id>
+            <url>https://artemis.example.com:8443/repository/maven-proxy/</url>
+        </pluginRepository>
+    </pluginRepositories>
+
+Option 2 (more rigorous alternative)
+====================================
+
+This setup forces Maven to exclusively download dependencies from the own proxy.
+
+.. code-block:: xml
+    :caption: ``.mvn/local-settings.xml``
+
+    <settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
+    <mirrors>
+        <mirror>
+        <id>artemis-cache</id>
+        <name>Artemis Cache</name>
+        <url>https://artemis.example.com:8443/repository/maven-proxy/</url>
+        <mirrorOf>*</mirrorOf>
+        <blocked>false</blocked>
+        </mirror>
+    </mirrors>
+    </settings>
+
+
+.. code-block:: shell
+    :caption: ``.mvn/maven.config``
+
+    --settings
+    ./.mvn/local-settings.xml
+
+Adding proxy to a Gradle build
+""""""""""""""""""""""""""""""
+
+The following changes have to be made inside the `tests` repository.
+
+.. code-block:: groovy
+    :caption: ``build.gradle``
+
+    repositories {
+        maven {
+            url "https://artemis.example.com:8443/repository/maven-proxy/"
+        }
+        // …
+    }
+
+
+.. code-block:: kotlin
+    :caption: Gradle ``build.gradle.kts``
+
+    repositories {
+        maven {
+            url = uri("https://artemis.example.com:8443/repository/maven-proxy/")
+        }
+        // …
+    }
+
+Security Considerations
+"""""""""""""""""""""""
+
+When you are using secret tests as part of your exercise, you might want to restrict network traffic leaving the CI run to avoid students leaking information.
+
+Jenkins
+=======
+
+In Jenkins setups, you can restrict the network access by adjusting the ``pipeline.groovy`` script.
+Add some flags to the ``dockerFlags`` variable:
+
+.. code:: groovy
+
+    dockerFlags += '--add-host "artemis.example.com:10.0.73.42" \
+        --network "artemis-restricted"'
+
+Additionally, on the CI runner host you will have to create the `artemis-restricted` Docker network and some iptables firewall rules to restrict traffic:
+
+.. code-block:: sh
+
+   docker network create --opt com.docker.network.bridge.name=artemis-restr artemis-restricted
+   iptables -I DOCKER-USER -i artemis-restr -j DROP
+   iptables -I DOCKER-USER -i artemis-restr -d $IP_OF_ARTEMIS_EXAMPLE_COM_CACHE -p tcp --dport 8443 -j ACCEPT
+
+
+.. _dependecies-docker-volumes:
+
+Caching with Docker Volumes
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+With Docker volumes you can cache Maven dependencies.
+An alternative approach for caching is with Sonatype Nexus, see :ref:`dependecies-sonatype-nexus`.
+
+Example for Maven
+"""""""""""""""""
 
 The container image used to run the maven-tests already contains a set of commonly used dependencies
 (see `artemis-maven-docker <https://github.com/ls1intum/artemis-maven-docker>`__).
@@ -141,14 +282,14 @@ and changing the ``testRunner`` method into
 .. code:: groovy
 
   void testRunner() {
-      setDockerFlags()
+      setup()
 
       docker.image(dockerImage).inside(dockerFlags) { c ->
           runTestSteps()
       }
   }
 
-  private void setDockerFlags() {
+  private void setup() {
       if (isSolutionBuild) {
           dockerFlags += " -v artemis_maven_cache:/maven_cache"
       } else {
@@ -160,17 +301,17 @@ This mounts the cache as writeable only when executing the tests for the solutio
 running the tests for students’ code.
 
 
-Caching example for Gradle
-^^^^^^^^^^^^^^^^^^^^^^^^^^
+Example for Gradle
+""""""""""""""""""
 
 In case of always writeable caches you can set ``-e GRADLE_USER_HOME=/gradle_cache`` as part of the ``dockerFlags``
 instead of the ``MAVEN_OPTS`` like above.
 
-For read-only caches like in the Maven example, define ``setDockerFlags()`` as
+For read-only caches like in the Maven example, define ``setup()`` as
 
 .. code:: groovy
 
-  private void setDockerFlags() {
+  private void setup() {
       if (isSolutionBuild) {
           dockerFlags += ' -e GRADLE_USER_HOME="/gradle_cache"'
           dockerFlags += ' -v artemis_gradle_cache:/gradle_cache'
@@ -180,3 +321,21 @@ For read-only caches like in the Maven example, define ``setDockerFlags()`` as
       }
   }
 
+Security Considerations
+"""""""""""""""""""""""
+
+When you are using secret tests as part of your exercise, you might want to disable network traffic leaving the CI run to avoid students leaking information.
+Thanks to the fact that the cache is prepared while running for the solution, you can disable the network for students submissions.
+Adjust ``dockerFlags`` and ``mavenFlags`` only for student submissions, like this:
+
+.. code:: groovy
+
+  private void setup() {
+      if (isSolutionBuild) {
+          // handle docker flags
+      } else {
+          // handle docker flags
+          // if not solution repo, disallow network access from containers
+          dockerFlags += ' --network none'
+          mavenFlags += ' --offline'
+      }
diff --git a/gradle.properties b/gradle.properties
@@ -6,26 +6,26 @@ node_version=20.10.0
 npm_version=10.2.3
 
 # Dependency versions
-jhipster_dependencies_version=8.2.0
-spring_boot_version=3.2.4
-spring_security_version=6.2.3
+jhipster_dependencies_version=8.3.0
+spring_boot_version=3.2.5
+spring_security_version=6.2.4
 hibernate_version=6.4.4.Final
 # TODO: can we update to 5.x?
-opensaml_version=4.3.1
+opensaml_version=4.3.2
 jwt_version=0.12.5
 jaxb_runtime_version=4.0.5
-hazelcast_version=5.3.7
+hazelcast_version=5.4.0
 junit_version=5.10.2
 mockito_version=5.11.0
 fasterxml_version=2.17.0
 jgit_version=6.9.0.202403050737-r
 checkstyle_version=10.15.0
 jplag_version=5.0.0
-slf4j_version=2.0.12
-sentry_version=7.6.0
+slf4j_version=2.0.13
+sentry_version=7.8.0
 liquibase_version=4.27.0
 docker_java_version=3.3.6
-logback_version=1.5.3
+logback_version=1.5.6
 
 # gradle plugin version
 gradle_node_plugin_version=7.0.2