From f1c66f62339ddf7f28acd1e9dab159f6c4778da3 Mon Sep 17 00:00:00 2001 From: Paulo Gomes da Cruz Junior Date: Wed, 12 Apr 2023 17:22:58 -0700 Subject: [PATCH] chore: dependency updates (#431) * chore(deps): update caddy docker tag to v2.6.4 * fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.0.5 (#430) Co-authored-by: Renovate Bot * chore(deps): update maven all non-major dependencies (#429) Co-authored-by: Renovate Bot Co-authored-by: Paulo Gomes da Cruz Junior * feat(BE:FSADT1-700): adding report for all and business as (#426) * chore: removing unused code * feat(BE:FSADT1-700): adding report for business as and all * chore: adding temporary folder * chore: adding native parameter to swagger * ci: removing parameter FOREST_API_URL * chore: changing bcreg env to prod * docs: adding readme doc resources * chore: adding bcregistry params to deploy/config * chore: setting poi version and removing log4j deps * chore: testing removal of log4j * fix: fixing missing parameter on deployment * chore: reducing the init memory param * chore: updating deps * chore: removing unwanted constant * feat: changing lib from poi to fastexcel * fix: removing unused parameters and endpoints * fix: fixing parsing and preventing empty results * chore: removing tests for removed code * chore(deps): update eclipse-temurin docker tag to v17.0.6_10-jdk-alpine * chore(deps): update eclipse-temurin:17.0.6_10-jre-alpine docker digest to e39db8b * chore(deps): pin dependencies * chore(deps): update dependency maven to v3.9.1 * fix(deps): update dependency org.springframework.cloud:spring-cloud-dependencies to v2022.0.2 * chore(deps): update registry.access.redhat.com/ubi8/ubi docker tag to v8.7-1112 * chore: removing spring cloud dependency * feat(BE:FSADT1-739): migrating init repo to openssl * chore: adding parameter to initialize * chore: normalizing Caddy file * chore: updating init * fix: adding register for jackson on native * fix: fixing legacy deployment with new init * fix: changing frontend image file * fix: reverting caddy to 2.4.6 --------- Co-authored-by: Renovate Bot Co-authored-by: BCGov-NR Renovate Bot <42219260+bcgov-renovate@users.noreply.github.com> --- backend/.mvn/wrapper/maven-wrapper.properties | 2 +- backend/Dockerfile | 2 +- .../GlobalServiceConfiguration.java | 48 +++- common/Dockerfile | 11 +- common/InstallCert.java | 262 ------------------ common/startup.sh | 32 ++- database/Dockerfile | 2 +- docker-compose.yml | 4 +- frontend/Caddyfile | 18 +- frontend/Dockerfile | 6 +- legacy/.mvn/wrapper/maven-wrapper.properties | 2 +- legacy/openshift.deploy.yml | 39 ++- legacy/pom.xml | 8 - 13 files changed, 130 insertions(+), 306 deletions(-) delete mode 100644 common/InstallCert.java diff --git a/backend/.mvn/wrapper/maven-wrapper.properties b/backend/.mvn/wrapper/maven-wrapper.properties index 08ea486aa5..d8b2495a1e 100644 --- a/backend/.mvn/wrapper/maven-wrapper.properties +++ b/backend/.mvn/wrapper/maven-wrapper.properties @@ -14,5 +14,5 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.0/apache-maven-3.9.0-bin.zip +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.1/apache-maven-3.9.1-bin.zip wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar diff --git a/backend/Dockerfile b/backend/Dockerfile index 932f8108d3..e6472cf770 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -5,7 +5,7 @@ RUN chmod +x ./mvnw RUN ./mvnw clean package -DskipTests -Dtests.skip=true -Dskip.unit.tests=true -q RUN echo -FROM eclipse-temurin:17.0.6_10-jre-alpine@sha256:f59c1acc26975859545eabb2051f4b9a41d5ef278aad9dfe42bdb0aff5611613 +FROM eclipse-temurin:17.0.6_10-jre-alpine@sha256:e39db8ba89a39ccd1224490e4bbfc9e3bdbc4493ac849523f2aa8a52f5b42ad9 LABEL maintainer="Paulo Gomes da Cruz Junior " WORKDIR /usr/share/service/ diff --git a/backend/src/main/java/ca/bc/gov/app/configuration/GlobalServiceConfiguration.java b/backend/src/main/java/ca/bc/gov/app/configuration/GlobalServiceConfiguration.java index 7a753ff9c8..c00212da2f 100644 --- a/backend/src/main/java/ca/bc/gov/app/configuration/GlobalServiceConfiguration.java +++ b/backend/src/main/java/ca/bc/gov/app/configuration/GlobalServiceConfiguration.java @@ -1,7 +1,28 @@ package ca.bc.gov.app.configuration; -import javax.net.ssl.SSLException; +import ca.bc.gov.app.dto.ValidationError; +import ca.bc.gov.app.dto.bcregistry.BcRegistryAddressDto; +import ca.bc.gov.app.dto.bcregistry.BcRegistryBusinessAdressesDto; +import ca.bc.gov.app.dto.bcregistry.BcRegistryBusinessDto; +import ca.bc.gov.app.dto.bcregistry.BcRegistryFacetResponseDto; +import ca.bc.gov.app.dto.bcregistry.BcRegistryFacetSearchResultEntryDto; +import ca.bc.gov.app.dto.bcregistry.BcRegistryFacetSearchResultsDto; +import ca.bc.gov.app.dto.bcregistry.BcRegistryIdentificationDto; +import ca.bc.gov.app.dto.bcregistry.ClientDetailsDto; +import ca.bc.gov.app.dto.client.ClientAddressDto; +import ca.bc.gov.app.dto.client.ClientBusinessInformationDto; +import ca.bc.gov.app.dto.client.ClientBusinessTypeDto; +import ca.bc.gov.app.dto.client.ClientCodeTypeDto; +import ca.bc.gov.app.dto.client.ClientContactDto; +import ca.bc.gov.app.dto.client.ClientDetailsAddressDto; +import ca.bc.gov.app.dto.client.ClientLocationDto; +import ca.bc.gov.app.dto.client.ClientLookUpDto; +import ca.bc.gov.app.dto.client.ClientNameCodeDto; +import ca.bc.gov.app.dto.client.ClientSubmissionDto; +import ca.bc.gov.app.dto.client.ClientSubmitterInformationDto; +import ca.bc.gov.app.dto.client.ClientValueTextDto; import lombok.extern.slf4j.Slf4j; +import org.springframework.aot.hint.annotation.RegisterReflectionForBinding; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.reactive.function.client.WebClient; @@ -13,6 +34,29 @@ */ @Configuration @Slf4j +@RegisterReflectionForBinding({ + ValidationError.class, + ClientAddressDto.class, + ClientBusinessInformationDto.class, + ClientBusinessTypeDto.class, + ClientCodeTypeDto.class, + ClientContactDto.class, + ClientDetailsAddressDto.class, + ClientLocationDto.class, + ClientLookUpDto.class, + ClientNameCodeDto.class, + ClientSubmissionDto.class, + ClientSubmitterInformationDto.class, + ClientValueTextDto.class, + BcRegistryAddressDto.class, + BcRegistryBusinessAdressesDto.class, + BcRegistryBusinessDto.class, + BcRegistryFacetResponseDto.class, + BcRegistryFacetSearchResultEntryDto.class, + BcRegistryFacetSearchResultsDto.class, + BcRegistryIdentificationDto.class, + ClientDetailsDto.class +}) public class GlobalServiceConfiguration { /** @@ -46,7 +90,7 @@ public WebClient openMapsApi(ForestClientConfiguration configuration) { * @return A configured instance of WebClient for accessing the BC Registry API. */ @Bean - public WebClient bcRegistryApi(ForestClientConfiguration configuration) throws SSLException { + public WebClient bcRegistryApi(ForestClientConfiguration configuration) { return WebClient .builder() .baseUrl(configuration.getBcregistry().getUri()) diff --git a/common/Dockerfile b/common/Dockerfile index dbce079a08..a2dcc97dc7 100644 --- a/common/Dockerfile +++ b/common/Dockerfile @@ -1,13 +1,14 @@ -FROM eclipse-temurin:17-jdk-alpine - -WORKDIR /app +FROM eclipse-temurin:17.0.6_10-jdk-alpine@sha256:a765a97826df90554f3d3a98be5586012bbc53593876f669ff4b2e68717be71d ENV LANG en_CA.UTF-8 ENV LANGUAGE en_CA.UTF-8 ENV LC_ALL en_CA.UTF-8 +WORKDIR /app + +RUN apk --no-cache add openssl + COPY startup.sh . -COPY InstallCert.java . RUN chmod g+w /app && \ chmod g+x startup.sh && \ @@ -16,4 +17,4 @@ RUN chmod g+w /app && \ # Non-privileged user USER app -ENTRYPOINT ["sh", "startup.sh"] \ No newline at end of file +ENTRYPOINT ["sh", "startup.sh"] diff --git a/common/InstallCert.java b/common/InstallCert.java deleted file mode 100644 index b38da026cf..0000000000 --- a/common/InstallCert.java +++ /dev/null @@ -1,262 +0,0 @@ -/* - * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * - Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Sun Microsystems nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/** - * Originally from: http://blogs.sun.com/andreas/resource/InstallCert.java Use: java InstallCert - * hostname Example: % java InstallCert ecc.fedora.redhat.com - */ -import java.net.Proxy; -import java.net.Socket; -import java.net.InetSocketAddress; -import javax.net.ssl.*; -import java.io.*; -import java.security.KeyStore; -import java.security.MessageDigest; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -/** Class used to add the server's certificate to the KeyStore with your trusted certificates. */ -public class InstallCert { - - public static void main(String[] args) throws Exception { - - String host = null; - int port = -1; - char[] passphrase = null; - - // proxy - boolean useProxy = false; - String proxyHost = null; - int proxyPort = -1; - InetSocketAddress proxyAddr = null; - Socket underlying = null; - - int numArg = 0; - int nbArgs = args.length; - boolean invalidArgs = false; - boolean isQuiet = false; - while (numArg < nbArgs) { - String arg = args[numArg++]; - if (arg.startsWith("--proxy=")) { - String proxy = arg.substring("--proxy=".length()); - useProxy = true; - String[] c = proxy.split(":"); - proxyHost = c[0]; - proxyPort = Integer.parseInt(c[1]); // proxy port is mandatory (we don't default to 8080) - } else if (arg.startsWith("--quiet")) { - isQuiet = true; - } else if (host == null) { // 1st argument is the "host:port" - String[] c = arg.split(":"); - host = c[0]; - port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); - } else if (passphrase == null) { // 2nd argument is the keystore passphrase - passphrase = arg.toCharArray(); - } else { - invalidArgs = true; // too many args - } - } - - if (host == null) { - invalidArgs = true; - } - - if (invalidArgs) { - System.out.println( - "Usage: java InstallCert [--proxy=proxyHost:proxyPort] host[:port] [passphrase] [--quiet]"); - return; - } - - // default values - if (port == -1) { - port = 443; - } - if (passphrase == null) { - passphrase = "changeit".toCharArray(); - } - - File file = new File("jssecacerts"); - if (file.isFile() == false) { - char SEP = File.separatorChar; - File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); - file = new File(dir, "jssecacerts"); - if (file.isFile() == false) { - file = new File(dir, "cacerts"); - } - } - System.out.println("Loading KeyStore " + file + "..."); - InputStream in = new FileInputStream(file); - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, passphrase); - in.close(); - - if (useProxy) { - proxyAddr = new InetSocketAddress(proxyHost, proxyPort); - underlying = new Socket(new Proxy(Proxy.Type.HTTP, proxyAddr)); - } - - SSLContext context = SSLContext.getInstance("TLS"); - TrustManagerFactory tmf = - TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ks); - - X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; - SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); - context.init(null, new TrustManager[] {tm}, null); - SSLSocketFactory factory = context.getSocketFactory(); - - System.out.println( - "Opening connection to " - + host - + ":" - + port - + (useProxy ? (" via proxy " + proxyHost + ":" + proxyPort) : "") - + " ..."); - SSLSocket socket; - if (useProxy) { - underlying.connect(new InetSocketAddress(host, port)); - socket = (SSLSocket) factory.createSocket(underlying, host, port, true); - } else { - socket = (SSLSocket) factory.createSocket(host, port); - } - socket.setSoTimeout(10000); - try { - System.out.println("Starting SSL handshake..."); - socket.startHandshake(); - socket.close(); - System.out.println(); - System.out.println("No errors, certificate is already trusted"); - } catch (SSLException e) { - System.out.println(); - e.printStackTrace(System.out); - } - - X509Certificate[] chain = tm.chain; - if (chain == null) { - System.out.println("Could not obtain server certificate chain"); - return; - } - - BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); - - System.out.println(); - System.out.println("Server sent " + chain.length + " certificate(s):"); - System.out.println(); - MessageDigest sha1 = MessageDigest.getInstance("SHA1"); - MessageDigest md5 = MessageDigest.getInstance("MD5"); - for (int i = 0; i < chain.length; i++) { - X509Certificate cert = chain[i]; - System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN()); - System.out.println(" Issuer " + cert.getIssuerDN()); - sha1.update(cert.getEncoded()); - System.out.println(" sha1 " + toHexString(sha1.digest())); - md5.update(cert.getEncoded()); - System.out.println(" md5 " + toHexString(md5.digest())); - System.out.println(); - } - - int k = 0; - if (isQuiet) { - System.out.println("Adding first certificate to trusted keystore"); - } else { - System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); - String line = reader.readLine().trim(); - try { - k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; - } catch (NumberFormatException e) { - System.out.println("KeyStore not changed"); - return; - } - } - - if (isQuiet) { - for (int c = 0; c < chain.length; c++){ - X509Certificate cert = chain[c]; - System.out.println(String.valueOf(cert.getSubjectDN())); - String alias = String.valueOf(cert.getSubjectDN()).replace("CN=",""); - ks.setCertificateEntry(alias, cert); - - System.out.println(); - System.out.println(cert); - System.out.println(); - System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'"); - } - }else{ - X509Certificate cert = chain[k]; - String alias = host + "-" + (k + 1); - ks.setCertificateEntry(alias, cert); - } - - OutputStream out = new FileOutputStream("jssecacerts"); - ks.store(out, passphrase); - out.close(); - - } - - private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); - - private static String toHexString(byte[] bytes) { - StringBuilder sb = new StringBuilder(bytes.length * 3); - for (int b : bytes) { - b &= 0xff; - sb.append(HEXDIGITS[b >> 4]); - sb.append(HEXDIGITS[b & 15]); - sb.append(' '); - } - return sb.toString(); - } - - private static class SavingTrustManager implements X509TrustManager { - - private final X509TrustManager tm; - private X509Certificate[] chain; - - SavingTrustManager(X509TrustManager tm) { - this.tm = tm; - } - - public X509Certificate[] getAcceptedIssuers() { - // This change has been done due to the following resolution advised for Java 1.7+ - // http://infposs.blogspot.kr/2013/06/installcert-and-java-7.html - return new X509Certificate[0]; - // throw new UnsupportedOperationException(); - } - - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - throw new UnsupportedOperationException(); - } - - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - this.chain = chain; - tm.checkServerTrusted(chain, authType); - } - } -} \ No newline at end of file diff --git a/common/startup.sh b/common/startup.sh index 45ad4e9e1d..8521a7b5c8 100644 --- a/common/startup.sh +++ b/common/startup.sh @@ -1,10 +1,30 @@ #!/bin/sh -mkdir -p /cert/certs -rm -rf /cert/certs/* +cert_folder="/cert" +cert_file="jssecacerts" -echo "I will try to get the ${ORACLEDB_HOST}-1 cert" -echo "Connecting to ${ORACLEDB_HOST}:${ORACLEDB_PORT}" -java --source 17 InstallCert.java --quiet "${ORACLEDB_HOST}:${ORACLEDB_PORT}" +mkdir -p $cert_folder + +generate_cert() { + + echo "I will try to get the ${ORACLEDB_HOST}-1 cert" + echo "Connecting to ${ORACLEDB_HOST}:${ORACLEDB_PORT}" + + openssl s_client -connect ${ORACLEDB_HOST}:${ORACLEDB_PORT} -showcerts $cert_folder/${ORACLEDB_HOST}.pem + openssl x509 -outform der -in $cert_folder/${ORACLEDB_HOST}.pem -out $cert_folder/${ORACLEDB_HOST}.der + keytool -import -alias ${ORACLEDB_HOST} -keystore $cert_folder/$cert_file -file $cert_folder/${ORACLEDB_HOST}.der -storepass ${ORACLEDB_SECRET} -noprompt + + echo "Generated $cert_file and copied it to $cert_folder." +} + +if [ "$(ls -A $cert_folder)" ]; then + echo "The $cert_folder folder is not empty." + if [ -e "$cert_folder/$cert_file" ]; then + echo "The "$cert_folder/$cert_file" certificate file is present." + else + generate_cert + fi +else + generate_cert +fi -cp jssecacerts /cert/jssecacerts \ No newline at end of file diff --git a/database/Dockerfile b/database/Dockerfile index 92e08bf1b7..856adc7471 100644 --- a/database/Dockerfile +++ b/database/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:13 +FROM postgres:13@sha256:00f455399f30cc3f2fe4185476601438b7a4959c74653665582d7c313a783d51 HEALTHCHECK --interval=35s --timeout=4s CMD pg_isready -d db_prod diff --git a/docker-compose.yml b/docker-compose.yml index 7ce07fbf28..37476ad39a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -70,7 +70,7 @@ services: retries: 3 start_period: 40s hostname: frontend - image: ghcr.io/bcgov/nr-forest-client/frontend:396 + image: ghcr.io/bcgov/nr-forest-client/frontend:396@sha256:62e0f9e3c4b04002f42155e7f76810c2504277d9ccbd9b1cc7ed3bb5561308e4 links: - backend ports: @@ -88,7 +88,7 @@ services: APP_USER: THE ORACLE_RANDOM_PASSWORD: yes hostname: legacydb - image: gvenzl/oracle-xe:21.3.0-slim-faststart + image: gvenzl/oracle-xe:21.3.0-slim-faststart@sha256:0ed000df2f0e3d1b99cec69e5aa596d4ed24be36ea4c8ae03c96b9da1080f396 ports: - 1521:1521 restart: always diff --git a/frontend/Caddyfile b/frontend/Caddyfile index fd118f55eb..d4a78cbc06 100644 --- a/frontend/Caddyfile +++ b/frontend/Caddyfile @@ -1,33 +1,33 @@ { - auto_https off - admin off + auto_https off + admin off } :3000 root * /srv respond /config 200 { - body `{"APP_TITLE":{$VITE_APP_TITLE}}` - close + body `{"APP_TITLE":{$VITE_APP_TITLE}}` + close } file_server @www_host { - host www.{$HOST_ROUTE} + host www.{$HOST_ROUTE} } redir @www_host http://{$HOST_ROUTE}{path} @unspecified_path { - not path_regexp ^\/0.0.0.0 + not path_regexp ^\/0.0.0.0 } handle @unspecified_path { - try_files {path} {path}/ /?_url={uri} + try_files {path} {path}/ /?_url={uri} } encode { - gzip 7 + gzip 7 } log { - output stdout + output stdout } diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 711d5dae14..d7c0348ecd 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,5 +1,5 @@ # RedHat UBI 8 with nodejs 14 -FROM registry.access.redhat.com/ubi8/ubi:8.7-1090@sha256:70fc843d4eb70159799e065d2830726b884c93950f8891e263d6328af6141173 as builder +FROM registry.access.redhat.com/ubi8/ubi:8.7-1112@sha256:e3311058176628ad7f0f288f894ed2afef61be77ad01d53d5b69bca0f6b6cec1 as builder RUN dnf module install -y nodejs:18 # Install packages, build and keep only prod packages @@ -8,10 +8,10 @@ COPY . ./ RUN npm ci --omit=dev && npm run build # Deployment container -FROM caddy:2.4.6-alpine +FROM caddy:2.4.6-alpine@sha256:c8555e2ca66576a4404c2b5f31d843a5378dea6134acb500502901b563efebcf EXPOSE 3000 COPY --from=builder /app/Caddyfile /etc/caddy/Caddyfile COPY --from=builder /app/dist /srv USER 1001 -HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000 \ No newline at end of file +HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3000/ \ No newline at end of file diff --git a/legacy/.mvn/wrapper/maven-wrapper.properties b/legacy/.mvn/wrapper/maven-wrapper.properties index 08ea486aa5..d8b2495a1e 100644 --- a/legacy/.mvn/wrapper/maven-wrapper.properties +++ b/legacy/.mvn/wrapper/maven-wrapper.properties @@ -14,5 +14,5 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.0/apache-maven-3.9.0-bin.zip +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.1/apache-maven-3.9.1-bin.zip wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar diff --git a/legacy/openshift.deploy.yml b/legacy/openshift.deploy.yml index 1f8f0eecfa..4f35af90ce 100644 --- a/legacy/openshift.deploy.yml +++ b/legacy/openshift.deploy.yml @@ -37,6 +37,9 @@ parameters: - name: BCREGISTRY_URI description: Bc Registry API address required: true + - name: CERT_PVC_SIZE + description: The amount of storage the cert PVC should have + value: 25Mi objects: - apiVersion: v1 kind: ImageStream @@ -54,6 +57,19 @@ objects: name: ${REGISTRY}/${PROMOTE} referencePolicy: type: Local + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app: ${NAME}-${ZONE} + name: ${NAME}-${ZONE}-${COMPONENT} + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: ${CERT_PVC_SIZE} + storageClassName: netapp-file-standard - apiVersion: v1 kind: DeploymentConfig metadata: @@ -83,8 +99,9 @@ objects: deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} spec: volumes: - - name: certs - emptyDir: { } + - name: ${NAME}-${ZONE}-certs + persistentVolumeClaim: + claimName: ${NAME}-${ZONE}-${COMPONENT} - name: reports emptyDir: { } initContainers: @@ -97,11 +114,23 @@ objects: secretKeyRef: name: ${NAME}-${ZONE} key: oracle-host + - name: ORACLEDB_SECRET + valueFrom: + secretKeyRef: + name: ${NAME}-${ZONE} + key: oracle-secret - name: ORACLEDB_PORT value: "1543" volumeMounts: - - mountPath: /cert - name: certs + - name: ${NAME}-${ZONE}-certs + mountPath: /cert + resources: + limits: + cpu: ${CPU_LIMIT} + memory: ${MEMORY_LIMIT} + requests: + cpu: ${CPU_REQUEST} + memory: ${MEMORY_REQUEST} containers: - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} imagePullPolicy: Always @@ -189,7 +218,7 @@ objects: timeoutSeconds: 5 volumeMounts: - mountPath: /cert - name: certs + name: ${NAME}-${ZONE}-certs - mountPath: /workspace/temp name: reports - apiVersion: v1 diff --git a/legacy/pom.xml b/legacy/pom.xml index 546cb1dfa4..d3f4a02a77 100644 --- a/legacy/pom.xml +++ b/legacy/pom.xml @@ -65,7 +65,6 @@ 5.9.1 1.9.1 - 2022.0.1 ${project.version} 5.2.3 @@ -177,13 +176,6 @@ - - org.springframework.cloud - spring-cloud-dependencies - ${spring-cloud.version} - pom - import - org.testcontainers testcontainers-bom