-
Notifications
You must be signed in to change notification settings - Fork 494
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9386 from IQSS/develop
v5.13
- Loading branch information
Showing
241 changed files
with
12,287 additions
and
2,639 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Security | ||
|
||
To report a security vulnerability please email [email protected] as explained at https://guides.dataverse.org/en/latest/installation/config.html#reporting-security-issues | ||
|
||
Advice on securing your installation can be found at https://guides.dataverse.org/en/latest/installation/config.html#securing-your-installation | ||
|
||
Security practices and procedures used by the Dataverse team are described at https://guides.dataverse.org/en/latest/developers/security.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
--- | ||
name: Container Base Module | ||
|
||
on: | ||
push: | ||
branches: | ||
- 'develop' | ||
- 'master' | ||
paths: | ||
- 'modules/container-base/**' | ||
- 'modules/dataverse-parent/pom.xml' | ||
- '.github/workflows/container_base_push.yml' | ||
pull_request: | ||
branches: | ||
- 'develop' | ||
- 'master' | ||
paths: | ||
- 'modules/container-base/**' | ||
- 'modules/dataverse-parent/pom.xml' | ||
- '.github/workflows/container_base_push.yml' | ||
|
||
env: | ||
IMAGE_TAG: unstable | ||
|
||
jobs: | ||
build: | ||
name: Build image | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: read | ||
strategy: | ||
matrix: | ||
jdk: [ '11' ] | ||
# Only run in upstream repo - avoid unnecessary runs in forks | ||
if: ${{ github.repository_owner == 'IQSS' }} | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up JDK ${{ matrix.jdk }} | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: ${{ matrix.jdk }} | ||
distribution: 'adopt' | ||
- name: Cache Maven packages | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.m2 | ||
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: ${{ runner.os }}-m2 | ||
|
||
- name: Build base container image with local architecture | ||
run: mvn -f modules/container-base -Pct package | ||
|
||
# Run anything below only if this is not a pull request. | ||
# Accessing, pushing tags etc. to DockerHub will only succeed in upstream because secrets. | ||
|
||
- if: ${{ github.event_name == 'push' && github.ref_name == 'develop' }} | ||
name: Push description to DockerHub | ||
uses: peter-evans/dockerhub-description@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
repository: gdcc/base | ||
short-description: "Dataverse Base Container image providing Payara application server and optimized configuration" | ||
readme-filepath: ./modules/container-base/README.md | ||
|
||
- if: ${{ github.event_name != 'pull_request' }} | ||
name: Log in to the Container registry | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- if: ${{ github.event_name != 'pull_request' }} | ||
name: Set up QEMU for multi-arch builds | ||
uses: docker/setup-qemu-action@v2 | ||
- name: Re-set image tag based on branch | ||
if: ${{ github.ref_name == 'master' }} | ||
run: echo "IMAGE_TAG=stable" | ||
- if: ${{ github.event_name != 'pull_request' }} | ||
name: Deploy multi-arch base container image to Docker Hub | ||
run: mvn -f modules/container-base -Pct deploy -Dbase.image.tag=${{ env.IMAGE_TAG }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: "Shellcheck" | ||
on: | ||
push: | ||
paths: | ||
- conf/solr/** | ||
- modules/container-base/** | ||
pull_request: | ||
paths: | ||
- conf/solr/** | ||
- modules/container-base/** | ||
jobs: | ||
shellcheck: | ||
name: Shellcheck | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: shellcheck | ||
uses: reviewdog/action-shellcheck@v1 | ||
with: | ||
github_token: ${{ secrets.github_token }} | ||
reporter: github-pr-review # Change reporter. | ||
fail_on_error: true | ||
# Container base image uses dumb-init shebang, so nail to using bash | ||
shellcheck_flags: "--shell=bash --external-sources" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
version: "3.9" | ||
|
||
services: | ||
|
||
keycloak: | ||
image: 'jboss/keycloak:16.1.1' | ||
environment: | ||
- KEYCLOAK_USER=kcadmin | ||
- KEYCLOAK_PASSWORD=kcpassword | ||
- KEYCLOAK_IMPORT=/tmp/oidc-realm.json | ||
- KEYCLOAK_LOGLEVEL=DEBUG | ||
ports: | ||
- "8090:8080" | ||
volumes: | ||
- './oidc-realm.json:/tmp/oidc-realm.json' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
{ | ||
"id": "oidc-keycloak", | ||
"factoryAlias": "oidc", | ||
"title": "OIDC-Keycloak", | ||
"subtitle": "OIDC-Keycloak", | ||
"factoryData": "type: oidc | issuer: http://localhost:8090/auth/realms/oidc-realm | clientId: oidc-client | clientSecret: ss6gE8mODCDfqesQaSG3gwUwZqZt547E", | ||
"enabled": true | ||
} |
Oops, something went wrong.