[ADMINAPI-1117] - Admin API should provide default auth strategy for resource claims #218
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
There was a problem hiding this comment. What is different about this workflow compared to on-pullrequest-dockerfile.yml? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # Licensed to the Ed-Fi Alliance under one or more agreements. | ||
| # The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0. | ||
| # See the LICENSE and NOTICES files in the project root for more information. | ||
|
|
||
| name: On Pull Request - Dockerfile - Admin Console | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - adminapi23-rc.* | ||
|
There was a problem hiding this comment. Should this change to Should there be an |
||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }} | ||
| DOCKER_HUB_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }} | ||
| IMAGE_NAME: ${{ vars.IMAGE_NAME }} | ||
|
|
||
| permissions: read-all | ||
|
|
||
| jobs: | ||
| docker-analysis: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| security-events: write | ||
| pull-requests: write | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| dockerfile: | ||
| [ | ||
| { name: "development", path: "Docker/dev.pgsql.Dockerfile", type: "local" } | ||
| ] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
|
|
||
| - name: Set IMAGE_TAG | ||
| id: set-image-tag | ||
| run: | | ||
| if [ "${{ github.event_name }}" == "pull_request" ]; then | ||
| echo "IMAGE_TAG=${{ github.base_ref }}" >> $GITHUB_ENV | ||
| else | ||
| echo "IMAGE_TAG=${{ github.ref_name }}" >> $GITHUB_ENV | ||
| fi | ||
|
|
||
| - name: Copy application folder to docker context | ||
| if: ${{ matrix.dockerfile.type == 'local' }} | ||
| run: | | ||
| mkdir Docker/Application | ||
| cp -r ./Application/EdFi.Ods.AdminApi ./Docker/Application | ||
| cp -r ./Application/EdFi.Ods.AdminApi.AdminConsole ./Docker/Application | ||
| cp -r ./Application/EdFi.Ods.AdminApi.Common ./Docker/Application | ||
| cp ./Application/NuGet.Config ./Docker/Application | ||
|
|
||
| - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | ||
| name: Run Linter on ${{ matrix.dockerfile.name }} Dockerfile | ||
| with: | ||
| dockerfile: ${{ matrix.dockerfile.path }} | ||
| failure-threshold: error | ||
|
|
||
| - name: Log in to Docker Hub | ||
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||
| with: | ||
| username: ${{ env.DOCKER_USERNAME }} | ||
| password: ${{ env.DOCKER_HUB_TOKEN }} | ||
|
|
||
| - name: Build | ||
| run: | | ||
| path=${{matrix.dockerfile.path}} | ||
| folder=${path%/*} | ||
| cd $folder | ||
| dockerfile=$(echo ${{matrix.dockerfile.path}} | awk -F"/" '{print $NF}') | ||
|
|
||
| docker build -f $dockerfile -t ${{ matrix.dockerfile.name }} --build-arg="VERSION=${{ env.IMAGE_TAG }}" . | ||
|
|
||
| - name: Analyze | ||
| uses: docker/scout-action@67eb1afe777307506aaecb9acd9a0e0389cb99ae # v1.5.0 | ||
| with: | ||
| command: cves | ||
| image: local://${{ matrix.dockerfile.name }} | ||
| sarif-file: sarif-${{ matrix.dockerfile.name }}.output.json | ||
| summary: true | ||
|
|
||
| - name: Push Image on Docker Hub | ||
| run: | | ||
| docker image tag ${{ matrix.dockerfile.name }} ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | ||
| docker push ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | ||
|
|
||
| - name: Upload SARIF result | ||
| id: upload-sarif | ||
| if: ${{ github.event_name != 'pull_request_target' }} | ||
| uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 #codeql-bundle-v2.16.2 | ||
| with: | ||
| sarif_file: sarif-${{ matrix.dockerfile.name }}.output.json | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,63 @@ | ||
| <Project Sdk="Microsoft.NET.Sdk"> | ||
|
|
||
| <PropertyGroup> | ||
| <TargetFramework>net8.0</TargetFramework> | ||
| <ImplicitUsings>enable</ImplicitUsings> | ||
| <Nullable>enable</Nullable> | ||
| </PropertyGroup> | ||
|
|
||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'"> | ||
| <TreatWarningsAsErrors>False</TreatWarningsAsErrors> | ||
| </PropertyGroup> | ||
|
|
||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'"> | ||
| <TreatWarningsAsErrors>False</TreatWarningsAsErrors> | ||
| </PropertyGroup> | ||
|
|
||
| <ItemGroup> | ||
| <Compile Remove="Mockdata\**" /> | ||
| <EmbeddedResource Remove="Mockdata\**" /> | ||
| <None Remove="Mockdata\**" /> | ||
| </ItemGroup> | ||
|
|
||
|
There was a problem hiding this comment. Good call - thank you for excluding the mock data. I wonder if we should simply delete the files before merging to |
||
| <ItemGroup> | ||
| <PackageReference Include="Asp.Versioning.Http" Version="8.1.0" /> | ||
| <PackageReference Include="AutoMapper" Version="13.0.1" /> | ||
| <PackageReference Include="FluentValidation.AspNetCore" Version="11.3.0" /> | ||
| <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.7" /> | ||
| <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="8.0.8" /> | ||
| <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.7"> | ||
| <PrivateAssets>all</PrivateAssets> | ||
| <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | ||
| </PackageReference> | ||
| <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.7" /> | ||
| <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="8.0.7"> | ||
| <PrivateAssets>all</PrivateAssets> | ||
| <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | ||
| </PackageReference> | ||
| <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="9.0.0" /> | ||
| <PackageReference Include="Microsoft.NETCore.App" Version="2.1.30" /> | ||
| <PackageReference Include="Newtonsoft.Json" Version="13.0.3" /> | ||
| <PackageReference Include="Npgsql" Version="8.0.6" /> | ||
| <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.4" /> | ||
| <PackageReference Include="Rijndael256" Version="3.2.0" /> | ||
| <PackageReference Include="Swashbuckle.AspNetCore" Version="7.1.0" /> | ||
| <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="7.1.0" /> | ||
| <PackageReference Include="Swashbuckle.AspNetCore.Filters" Version="8.0.2" /> | ||
| <PackageReference Include="System.Text.Json" Version="9.0.0" /> | ||
| </ItemGroup> | ||
|
|
||
| <ItemGroup> | ||
| <ProjectReference Include="..\EdFi.Ods.AdminApi.Common\EdFi.Ods.AdminApi.Common.csproj" /> | ||
| </ItemGroup> | ||
|
|
||
| <ItemGroup> | ||
| <None Update="Infrastructure\DataAccess\Artifacts\Security\MsSql\SQL\AdminConsoleClaimsetUp.sql"> | ||
| <CopyToOutputDirectory>Always</CopyToOutputDirectory> | ||
| </None> | ||
| <None Update="Infrastructure\DataAccess\Artifacts\Security\PgSql\SQL\AdminConsoleClaimsetUp.sql"> | ||
| <CopyToOutputDirectory>Always</CopyToOutputDirectory> | ||
| </None> | ||
| </ItemGroup> | ||
|
|
||
| </Project> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| // Licensed to the Ed-Fi Alliance under one or more agreements. | ||
| // The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0. | ||
| // See the LICENSE and NOTICES files in the project root for more information. | ||
|
|
||
| using System.ComponentModel.DataAnnotations; | ||
| using EdFi.Ods.AdminApi.AdminConsole.Infrastructure.Services.HealthChecks.Commands; | ||
| using EdFi.Ods.AdminApi.Common.Features; | ||
| using EdFi.Ods.AdminApi.Common.Infrastructure; | ||
| using FluentValidation; | ||
| using Microsoft.AspNetCore.Http; | ||
| using Microsoft.AspNetCore.Routing; | ||
| using Newtonsoft.Json; | ||
| using Swashbuckle.AspNetCore.Annotations; | ||
|
|
||
| namespace EdFi.Ods.AdminApi.AdminConsole.Features.Healthcheck; | ||
| public class AddHealthCheck : IFeature | ||
| { | ||
| public void MapEndpoints(IEndpointRouteBuilder endpoints) | ||
| { | ||
| AdminApiEndpointBuilder.MapPost(endpoints, "/healthcheck", Execute) | ||
|
There was a problem hiding this comment. Is this actually going to be |
||
| .WithRouteOptions(b => b.WithResponseCode(201)) | ||
| .BuildForVersions(AdminApiVersions.AdminConsole); | ||
| } | ||
|
|
||
| public async Task<IResult> Execute(Validator validator, IAddHealthCheckCommand addHealthCheckCommand, AddHealthCheckRequest request) | ||
| { | ||
| await validator.GuardAsync(request); | ||
| var addedHealthCheck = await addHealthCheckCommand.Execute(request); | ||
| return Results.Created($"/healthcheck/{addedHealthCheck.DocId}", null); | ||
| } | ||
|
|
||
| [SwaggerSchema(Title = nameof(AddHealthCheckRequest))] | ||
| public class AddHealthCheckRequest : IAddHealthCheckModel | ||
| { | ||
| [Required] | ||
| public int DocId { get; set; } | ||
| [Required] | ||
| public int InstanceId { get; set; } | ||
| [Required] | ||
| public int EdOrgId { get; set; } | ||
| [Required] | ||
| public int TenantId { get; set; } | ||
| [Required] | ||
| public string Document { get; set; } | ||
| } | ||
|
|
||
| public class Validator : AbstractValidator<AddHealthCheckRequest> | ||
| { | ||
| public Validator() | ||
| { | ||
| RuleFor(m => m.InstanceId) | ||
| .NotNull(); | ||
|
|
||
| RuleFor(m => m.EdOrgId) | ||
| .NotNull(); | ||
|
|
||
| RuleFor(m => m.TenantId) | ||
| .NotNull(); | ||
|
|
||
| RuleFor(m => m.Document) | ||
| .NotNull() | ||
| .Must(BeValidDocument).WithMessage("Document must be a valid JSON."); | ||
| } | ||
|
|
||
| private bool BeValidDocument(string document) | ||
| { | ||
| try | ||
| { | ||
| Newtonsoft.Json.Linq.JToken.Parse(document); | ||
| return true; | ||
| } | ||
| catch (Newtonsoft.Json.JsonReaderException) | ||
| { | ||
| return false; | ||
| } | ||
| } | ||
| } | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine for a short term solution, but you don't need it anymore. The Dockerfile now has a capability for introducing context in a different directory. NO NEED TO CHANGE IN THIS PULL REQUEST 😄 .
Take a look at the DMS dockerfile, lines 18-20. They allow copying files from a different context, other than the current directory.
You provide the additional context at the command line:
Or in a docker-compose file: