Merge pull request #187 from building-envelope-data/release/v1.1.0

Release version v1.1.0

.env.production.sample

@@ -2,6 +2,8 @@ NAME=metabase_production
 
 HOST=www.buildingenvelopedata.org
 HTTP_PORT=8000
+BOOTSTRAP_USER_PASSWORD=
+OPEN_ID_CONNECT_CLIENT_SECRET=
 
 TESTLAB_SOLAR_FACADES_HOST=www.solarbuildingenvelopes.com
 TESTLAB_SOLAR_FACADES_OPEN_ID_CONNECT_CLIENT_SECRET=

.env.sample

@@ -3,6 +3,8 @@ NAME=metabase
 HOST=local.buildingenvelopedata.org
 HTTP_PORT=4040
 HTTPS_PORT=4041
+BOOTSTRAP_USER_PASSWORD=abcABC123@
+OPEN_ID_CONNECT_CLIENT_SECRET=secret
 
 TESTLAB_SOLAR_FACADES_HOST=local.solarbuildingenvelopes.com
 TESTLAB_SOLAR_FACADES_HOST_HTTPS_PORT=5051

.env.staging.sample

@@ -2,6 +2,8 @@ NAME=metabase_staging
 
 HOST=staging.buildingenvelopedata.org
 HTTP_PORT=9000
+BOOTSTRAP_USER_PASSWORD=
+OPEN_ID_CONNECT_CLIENT_SECRET=
 
 TESTLAB_SOLAR_FACADES_HOST=staging.solarbuildingenvelopes.com
 TESTLAB_SOLAR_FACADES_OPEN_ID_CONNECT_CLIENT_SECRET=

.github/workflows/dotnet.yml

@@ -16,7 +16,7 @@ jobs:
     - name: Setup .NET
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 5.0.x
+        dotnet-version: 7.0.x
     - name: Restore dependencies
       working-directory: ./backend
       run: dotnet restore

.github/workflows/label-issues.yml

@@ -0,0 +1,23 @@
+# Inspired by https://docs.github.com/en/actions/managing-issues-and-pull-requests/adding-labels-to-issues
+
+name: Label issues
+on:
+  issues:
+    types:
+      - reopened
+      - opened
+jobs:
+  label_issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ["triage"]
+            })

.gitignore

@@ -5,9 +5,9 @@
 /nginx/html/maintenance.html
 /commit
 /backup.gz
+/tags*
 
 .env
-.vscode
 
 # Compiled output
 dist
@@ -25,6 +25,8 @@ coverage
 
 # Backups
 *.bak
+/backup
 
-# Image Diagrams
-/diagrams/*.png
+# Structurizr diagrams
+/diagrams/structurizr/.structurizr/
+/diagrams/structurizr/*.json

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "dotnet-certificate-tool"]
+	path = backend/dotnet-certificate-tool
+	url = [email protected]:building-envelope-data/dotnet-certificate-tool.git

CHANGELOG.md

@@ -7,8 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## [v1.0.0] - 2022-02-28
-
 ### Added
 
 -
@@ -121,6 +119,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -
 -
 
-[Unreleased]: https://github.com/building-envelope-data/metabase/compare/v1.0.0...HEAD
+## [v1.1.0] - 2024-06-25
+
+### Added
+
+- Make component assemblies manageable [#152](https://github.com/building-envelope-data/metabase/pull/152)
+- Make variant and concretization associations manageable [#153](https://github.com/building-envelope-data/metabase/pull/153)
+- Make most entities and relations manageable [#155](https://github.com/building-envelope-data/metabase/pull/155)
+- Forward bearer tokens to databases [#158](https://github.com/building-envelope-data/metabase/pull/158)
+- Require verification of registered databases [#160](https://github.com/building-envelope-data/metabase/pull/160)
+- Forward GraphQL errors returned when querying databases for data [bf6d16099cb3f9681883d9a6f20eada4185044c7](https://github.com/building-envelope-data/metabase/commit/bf6d16099cb3f9681883d9a6f20eada4185044c7)
+- Enable automatic persisted queries [94277dfc336af87f279a549b38567dd9c13de233](https://github.com/building-envelope-data/metabase/commit/94277dfc336af87f279a549b38567dd9c13de233)
+- Make entities filterable by associated entities [#167](https://github.com/building-envelope-data/metabase/pull/167)
+
+### Changed
+
+- Upgrade packages to latest compatible versions in backend and frontend [#151](https://github.com/building-envelope-data/metabase/pull/151), [#143](https://github.com/building-envelope-data/metabase/pull/143), and [#141](https://github.com/building-envelope-data/metabase/pull/141)
+- Make forms type-safe [88259910da5490be845fe79dab066e868ee841c1](https://github.com/building-envelope-data/metabase/commit/88259910da5490be845fe79dab066e868ee841c1)
+- Clean-up authentication and authorization set-up [#161](https://github.com/building-envelope-data/metabase/pull/161)
+- Protect personal user data and login/registration mutations with client-specific scopes [#162](https://github.com/building-envelope-data/metabase/pull/162)
+- Improve security, in particular, implement the Cookie to Header Token Pattern to prevent Cross Site Request Forgery attacks for user mutations [#163](https://github.com/building-envelope-data/metabase/pull/163)
+
+### Fixed
+
+- Update cached schemata in commit [ffb52beeefea6fa841e927b7da4d6d85d31658ca](https://github.com/building-envelope-data/metabase/commit/ffb52beeefea6fa841e927b7da4d6d85d31658ca)
+- Correct wording regarding following links to match the one expected by regular expressions in tests [#114](https://github.com/building-envelope-data/metabase/pull/114)
+- Remove explicit content-type as it results in requests from banana cake pop responding with 404 in commit [4d8d2eb5101785d78fb0cc1579ee901b694147ad](https://github.com/building-envelope-data/metabase/commit/4d8d2eb5101785d78fb0cc1579ee901b694147ad)
+
+## [v1.0.0] - 2022-02-28
+
+[Unreleased]: https://github.com/building-envelope-data/metabase/compare/v1.1.0...HEAD
+
+[v1.1.0]: https://github.com/building-envelope-data/metabase/compare/v1.0.0...v1.1.0
 
-[v1.0.0]: https://github.com/building-envelope-data/metabase/compare/a3750ff76aeba9ed8a017adecb2c52273278b915...v1.0.0
+[v1.0.0]: https://github.com/building-envelope-data/metabase/compare/5e4c6579bc7b596502c0bc9318cf24435bed2c80...v1.0.0

Dockerfile-show-build-context

@@ -1,3 +1,8 @@
+# syntax=docker/dockerfile:1.6
+# The above line fixes the Dockerfile frontend used by BuildKit. For details
+# see https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/reference.md
+# Available versions are listed on https://hub.docker.com/r/docker/dockerfile
+
 FROM busybox
 
 RUN mkdir /tmp/build/

Makefile

@@ -4,7 +4,7 @@
 include .env
 
 docker_compose = \
-	docker-compose \
+	docker compose \
 		--file docker-compose.yml \
 		--project-name ${NAME}
 
@@ -16,37 +16,50 @@ help : ## Print this help
 .PHONY : help
 .DEFAULT_GOAL := help
 
-name : ## Print value of variable `${NAME}`
+name : ## Print value of variable `NAME`
 	@echo ${NAME}
 .PHONY : name
 
 # ----------------------------- #
 # Interface with Docker Compose #
 # ----------------------------- #
 
-build : ## Build images
-	${docker_compose} pull
-	${docker_compose} build \
-		--pull \
-		--build-arg GROUP_ID=$(shell id --group) \
-		--build-arg USER_ID=$(shell id --user)
+pull : ## Pull images
+	COMPOSE_DOCKER_CLI_BUILD=1 \
+		DOCKER_BUILDKIT=1 \
+			${docker_compose} pull
+.PHONY : pull
+
+# To debug errors during build add `--progress plain \` to get additional
+# output.
+build : pull ## Build images
+	COMPOSE_DOCKER_CLI_BUILD=1 \
+		DOCKER_BUILDKIT=1 \
+			${docker_compose} build \
+				--pull \
+				--build-arg GROUP_ID=$(shell id --group) \
+				--build-arg USER_ID=$(shell id --user)
 .PHONY : build
 
-show-backend-build-context : ## Show the build context configured by `./backend/.dockerignore`
-	docker build \
-		--pull \
-		--no-cache \
-		--file Dockerfile-show-build-context \
-		./backend
-.PHONY : show-backend-build-context
-
-show-frontend-build-context : ## Show the build context configured by `./frontend/.dockerignore`
-	docker build \
-		--pull \
-		--no-cache \
-		--file Dockerfile-show-build-context \
-		./frontend
-.PHONY : show-frontend-build-context
+backend-build-context : ## Show the build context configured by `./backend/.dockerignore`
+	DOCKER_BUILDKIT=1 \
+		docker build \
+			--pull \
+			--no-cache \
+			--progress plain \
+			--file Dockerfile-show-build-context \
+			./backend
+.PHONY : backend-build-context
+
+frontend-build-context : ## Show the build context configured by `./frontend/.dockerignore`
+	DOCKER_BUILDKIT=1 \
+		docker build \
+			--pull \
+			--no-cache \
+			--progress plain \
+			--file Dockerfile-show-build-context \
+			./frontend
+.PHONY : frontend-build-context
 
 remove : ## Remove stopped containers
 	${docker_compose} rm
@@ -57,7 +70,7 @@ remove-data : ## Remove data volumes
 		${NAME}_data
 .PHONY : remove-data
 
-# TODO `docker-compose up` does not support `--user`, see https://github.com/docker/compose/issues/1532
+# TODO `docker compose up` does not support `--user`, see https://github.com/docker/compose/issues/1532
 up : build ## (Re)create, and start containers (after building images if necessary)
 	${docker_compose} up \
 		--remove-orphans \
@@ -109,7 +122,7 @@ runb : CONTAINER = backend
 runb : run ## runute the one-time command `${COMMAND}` against a fresh `backend` container (after starting all containers if necessary)
 .PHONY : runb
 
-shellf : COMMAND = bash -c "make install && exec bash"
+shellf : COMMAND = bash
 shellf : execf ## Enter shell in an existing `frontend` container (after starting all containers if necessary)
 .PHONY : shellf
 
@@ -131,6 +144,12 @@ traceb : ## Trace backend container with identifier `${CONTAINER_ID}`, for examp
 				"
 .PHONY : traceb
 
+shelln : up ## Enter shell in an existing `nginx` container (after starting all containers if necessary)
+	${docker_compose} exec \
+		nginx \
+		bash
+.PHONY : shelln
+
 psql : ## Enter PostgreSQL interactive terminal in the running `database` container
 	${docker_compose} exec \
 		database \
@@ -145,18 +164,27 @@ shelld : up ## Enter shell in an existing `database` container (after starting a
 		bash
 .PHONY : shelld
 
-createdb : ## Create databases
+list : ## List all containers with health status
+	${docker_compose} ps \
+		--no-trunc \
+		--all
+.PHONY : list
+
+createdb : ## Create database
 	${docker_compose} exec \
 		database \
 		bash -c " \
 			createdb --username postgres xbase_development ; \
 		"
 .PHONY : createdb
 
-list : ## List all containers with health status
-	${docker_compose} ps \
-		--all
-.PHONY : list
+dropdb : ## Drop database
+	${docker_compose} exec \
+		database \
+		bash -c " \
+			dropdb --username postgres xbase_development ; \
+		"
+.PHONY : dropdb
 
 begin-maintenance : ## Begin maintenance
 	cp \
@@ -175,20 +203,31 @@ prepare-release : ## Prepare release
 		make prepare-release
 .PHONY : prepare-release
 
+diagrams-plantuml : ## Draw images from textual UML diagrams
+	plantuml diagrams/plantuml/*.puml
+.PHONY : diagrams
+
+# `diagrams-structurizr starts a server which can be accessed with a browser at localhost:9090. The diagrams can be downloaded manually from there.
+diagrams-structurizr : ## Serve diagrams to browser localhost Port 9090
+	docker run -it --rm -p 9090:8080 -v $(shell pwd)/diagrams/structurizr:/usr/local/structurizr structurizr/lite
+.PHONY : diagrams-structurizr
+
 # --------------------- #
 # Generate Certificates #
 # --------------------- #
 
 # TODO Pass passwords in a more secure way!
 jwt-certificates : ## Create JWT encryption and signing certificates if necessary
-	docker build \
-		--pull \
-		--build-arg GROUP_ID=$(shell id --group) \
-		--build-arg USER_ID=$(shell id --user) \
-		--tag ${NAME}_bootstrap \
-		--file ./backend/Dockerfile-bootstrap \
-		./backend
+	DOCKER_BUILDKIT=1 \
+		docker build \
+			--pull \
+			--build-arg GROUP_ID=$(shell id --group) \
+			--build-arg USER_ID=$(shell id --user) \
+			--tag ${NAME}_bootstrap \
+			--file ./backend/Dockerfile-bootstrap \
+			./backend
 	docker run \
+		--rm \
 		--user $(shell id --user):$(shell id --group) \
 		--mount type=bind,source="$(shell pwd)/backend",target=/app \
 		${NAME}_bootstrap \
@@ -199,7 +238,7 @@ jwt-certificates : ## Create JWT encryption and signing certificates if necessar
 				${JSON_WEB_TOKEN_ENCRYPTION_CERTIFICATE_PASSWORD} \
 				${JSON_WEB_TOKEN_SIGNING_CERTIFICATE_PASSWORD} \
 		"
-.PHONY : certificates
+.PHONY : jwt-certificates
 
 # For an introduction to how HTTPS works see https://howhttps.works
 ssl : ## Generate and trust certificate authority, and generate SSL certificates
@@ -215,9 +254,10 @@ ssl : ## Generate and trust certificate authority, and generate SSL certificates
 generate-certificate-authority : ## Generate certificate authority ECDSA private key and self-signed certificate
 	mkdir --parents ./ssl/
 		docker run \
+		--rm \
 		--user $(shell id --user):$(shell id --group) \
 		--mount type=bind,source="$(shell pwd)/ssl",target=/ssl \
-		nginx:1.19.9 \
+		nginx:1.25-bookworm \
 		bash -cx " \
 			echo \"# Generate the elliptic curve (EC) private key '/ssl/${CERTIFICATE_AUTHORITY_BASE_FILE_NAME}.key' with parameters 'secp384r1', that is, a NIST/SECG curve over a 384 bit prime field as said in the output of the command 'openssl ecparam -list_curves'\" && \
 			openssl ecparam \
@@ -322,9 +362,10 @@ trust-certificate-authority : ## Trust the authority's SSL certificate
 generate-ssl-certificate : ## Generate ECDSA private key and SSL certificate signed by our certificate authority
 	mkdir --parents ./ssl/
 	docker run \
+		--rm \
 		--user $(shell id --user):$(shell id --group) \
 		--mount type=bind,source="$(shell pwd)/ssl",target=/ssl \
-		nginx:1.19.9 \
+		nginx:1.25-bookworm \
 		bash -cx " \
 			echo \"# Generate the elliptic curve (EC) private key '/ssl/${SSL_CERTIFICATE_BASE_FILE_NAME}.key' with parameters 'secp384r1', that is, a NIST/SECG curve over a 384 bit prime field as said in the output of the command 'openssl ecparam -list_curves'\" && \
 			openssl ecparam \
@@ -410,3 +451,11 @@ generate-ssl-certificate : ## Generate ECDSA private key and SSL certificate sig
 fetch-ssl-certificate : ## Fetch the SSL certificate of the server
 	openssl s_client ${HOST}:${HTTPS_PORT}
 .PHONY : fetch-ssl-certificate
+
+ssl-certificate : ## Print the SSL certificate
+	openssl x509 -text -noout -in ./ssl/${SSL_CERTIFICATE_BASE_FILE_NAME}.crt
+.PHONY : ssl-certificate
+
+certificate-authority : ## View the certificate authority
+	openssl x509 -text -noout -in ./ssl/${CERTIFICATE_AUTHORITY_BASE_FILE_NAME}.crt
+.PHONY : certificate-authority