Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Github actions docker build: Add Teams to the list of apps #352

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions environments/template/group_vars/template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ account_gui_version: "6.0.2"
dashboard_server_version: "12.3.4"
dashboard_gui_version: "12.3.4"


statistics_version: "1.1.7"

databases:
Expand Down Expand Up @@ -267,6 +268,8 @@ teams:
- "nl:surfnet:diensten:teams_super_users"
- "nl:surfnet:diensten:teams_super_admin_users"

teams_allow_spd_api: '.'

engineblock:
idp_url: https://engine.{{ base_domain }}/authentication/idp/single-sign-on
idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadata
Expand Down
2 changes: 2 additions & 0 deletions environments/vm/group_vars/vm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,8 @@ teams:
- "nl:surfnet:diensten:teams_super_users"
- "nl:surfnet:diensten:teams_super_admin_users"

teams_allow_spd_api: '.'

engineblock:
idp_url: https://engine.{{ base_domain }}/authentication/idp/single-sign-on
idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadata
Expand Down
4 changes: 2 additions & 2 deletions environments/vm/secrets/vm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ engine_parameters_secret: secret

profile_secret: secret

teams_authz_client_secret: secret
teams_authz_client_secret: secretsecret
teams_migration_secret_key: secret

engine_api_metadata_push_password: secret
Expand All @@ -46,7 +46,7 @@ myconext_geo2lite_license_key: secret
engine_api_profile_password: secret
engine_api_deprovision_password: secret

voot_oidcng_checkToken_secret: secret
voot_oidcng_checkToken_secret: secretsecret

external_group_provider_secrets:
teams: secret
Expand Down
5 changes: 3 additions & 2 deletions roles/manage-gui/templates/manage.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,11 @@ Listen {{ apache_app_listen_address.manage }}:{{ loadbalancing.manage.port }}
Require all granted
</Location>

<Location ~ "(.*)(eot|svg|ttf|woff2|woff|html|js|js\.map|css|css\.map|png|jpg|ico)$">

<Location ~ "(.*)(eot|svg|ttf|woff2|woff|html|js|css|png|jpg|ico)$">
Require all granted
</Location>

<Location ~ "/(asset-)?manifest.json$">
Require all granted
</Location>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,18 @@
"type": "string",
"info": "Explains why the SP answered no on the subject of the SURFmarket DPA."
},
"coin:privacy:dpa_type": {
"type": "string",
"enum": [
"dpa_not_applicable",
"dpa_in_surf_agreement",
"dpa_model_surf",
"dpa_supplied_by_service",
"other"
],
"default": "dpa_supplied_by_service",
"info": "Determines what DPA this service has to offer"
},
"coin:privacy:privacy_policy": {
"type": "boolean",
"info": "Does the SP publish an applicable privacy policy on a web page?"
Expand Down Expand Up @@ -192,6 +204,11 @@
"type": "string",
"info": "The friendly name of the organization. e.g. University of Harderwijk."
},
"^mdui:PrivacyStatementURL:({{ supported_language_codes | replace(',','|') }})$": {
"type": "string",
"format": "url",
"info": "The URL to the Privacy Statement of the service."
},
"^contacts:([0-3]{1}):surName$": {
"type": "string",
"multiplicity": 4,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -427,6 +427,18 @@
"type": "string",
"info": "Explains why the SP answered no on the subject of the SURFmarket DPA."
},
"coin:privacy:dpa_type": {
"type": "string",
"enum": [
"dpa_not_applicable",
"dpa_in_surf_agreement",
"dpa_model_surf",
"dpa_supplied_by_service",
"other"
],
"default": "dpa_supplied_by_service",
"info": "Determines what DPA this service has to offer"
},
"coin:privacy:privacy_policy": {
"type": "boolean",
"info": "Does the SP publish an applicable privacy policy on a web page?"
Expand Down
2 changes: 2 additions & 0 deletions roles/springboot/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ springboot_server_services:
port: "{{ manage_springapp_tcpport }}"
min_heapsize: "{{ manage_min_heapsize | default('512m') }}"
max_heapsize: "{{ manage_max_heapsize | default('512m') }}"
java_binary: "/usr/lib/jvm/jre-11-openjdk/bin/java"
config:
"{{ manage }}"
- name: oidcng
Expand All @@ -87,6 +88,7 @@ springboot_server_services:
type: server
min_heapsize: "{{ voot_min_heapsize | default('128m') }}"
max_heapsize: "{{ voot_max_heapsize | default('128m') }}"
java_binary: "/usr/lib/jvm/jre-11-openjdk/bin/java"
config:
"{{ voot }}"
- name: teams
Expand Down
2 changes: 1 addition & 1 deletion tests/Dockerfile.centos-7-ga
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ rm -f /lib/systemd/system/anaconda.target.wants/*;

RUN yum clean all && \
yum -y update && \
yum -y install python3
yum -y install python3

VOLUME [ "/sys/fs/cgroup" ]

Expand Down
12 changes: 8 additions & 4 deletions tests/githubactions-build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,9 @@ ANSIBLE_USER=root

# start docker container
docker run --detach \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
-t \
--cgroupns=host \
--privileged \
--publish 443:443 \
--name ansible-test-ga \
Expand Down Expand Up @@ -57,7 +58,6 @@ mkdir -p environments-external
/bin/mv environments-external/github/group_vars/vm.yml environments-external/github/group_vars/github.yml
sed -i 's/192.168.66.98/0.0.0.0/g' environments-external/github/group_vars/github.yml
sed -i 's/192.168.66.99/127.0.0.1/g' environments-external/github/group_vars/github.yml
sed -i 's/oidc_push_enabled: true/oidc_push_enabled: false/g' environments-external/github/group_vars/github.yml
# Change the hostname in the inventory
/bin/cp environments/template/inventory environments-external/github/
sed -i 's/%env%/github/g' environments-external/github/inventory
Expand All @@ -68,7 +68,6 @@ sed -i 's/%target_host%/ansible-test-ga ansible_connection=docker/g' environment

# Remove ipv6 listening address in Haproxy
sed -i '/haproxy_sni_ip\.ipv6/d' roles/haproxy/templates/haproxy_frontend.cfg.j2

echo
echo "================================================================="
echo "================================================================="
Expand All @@ -77,13 +76,18 @@ echo "================================================================="
echo "================================================================="
echo

./provision github $ANSIBLE_USER $ANSIBLE_SECRETS -e springboot_service_to_deploy=manage,mujina-sp,mujina-idp -e @tests/github.yml -t core
./provision github $ANSIBLE_USER $ANSIBLE_SECRETS -e springboot_service_to_deploy=teams,voot,oidcng,manage,mujina-sp,mujina-idp -e @tests/github.yml -t core

# Make the image a bit smaller
docker exec ansible-test-ga systemctl stop mysql mongod
docker exec ansible-test-ga yum -y remove mongodb-org-mongos mongodb-org-tools
docker exec ansible-test-ga rm -rf /var/lib/mongo/journal/*
docker exec ansible-test-ga rm -rf /var/lib/mysql/ib_logfile*

# The latest systemd update breaks mongo on docker (systemd[1]: New main PID 951 does not belong to service, and PID file is not owned by root. Refusing)
# dowgrading it fixes the issue
docker exec ansible-test-ga yum -y downgrade http://vault.centos.org/7.6.1810/updates/x86_64/Packages/systemd-219-62.el7_6.9.x86_64.rpm http://vault.centos.org/7.6.1810/updates/x86_64/Packages/systemd-libs-219-62.el7_6.9.x86_64.rpm http://vault.centos.org/7.6.1810/updates/x86_64/Packages/systemd-sysv-219-62.el7_6.9.x86_64.rpm

docker stop ansible-test-ga ansible-test-ga

exit $status
Loading