From 5aa016173eda9a6c7fdf7a78fdc0bf4e5b995e40 Mon Sep 17 00:00:00 2001
From: karmaking <daniel@danieltippmann.de>
Date: Tue, 23 Jul 2024 14:20:08 +0200
Subject: [PATCH] build pipeline WIP

---
 .github/workflows/build_package.yml | 48 +++++++++++++++++++++++++++++
 .gitignore                          |  2 ++
 Dockerfile                          |  7 +++++
 application.properties              | 27 ++++++++++++++++
 entrypoint.sh                       |  3 ++
 5 files changed, 87 insertions(+)
 create mode 100644 .github/workflows/build_package.yml
 create mode 100644 Dockerfile
 create mode 100644 application.properties
 create mode 100644 entrypoint.sh

diff --git a/.github/workflows/build_package.yml b/.github/workflows/build_package.yml
new file mode 100644
index 0000000..d625e7c
--- /dev/null
+++ b/.github/workflows/build_package.yml
@@ -0,0 +1,48 @@
+name: build and publish container
+
+on: [push]
+env:
+  ## Sets environment variable
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: obp-hola
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          cache: maven
+      - name: Build with Maven
+        run: MAVEN_OPTS="-Dmaven.test.failure.ignore=false -Xmx3G -Xss4m -XX:MaxPermSize=3G" mvn clean package
+      - name: Build the Docker image
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker done
+
+      - uses: sigstore/cosign-installer@main
+
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+
+      - name: Sign container image
+        run: |
+          cosign sign -y --key cosign.key \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop-OC
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest-OC
+        env:
+          COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index c021489..2a897dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,5 @@ build/
 /src/main/resources/application-local.properties
 /src/main/resources/application-remote.properties
 /src/main/resources/cert/
+
+.application.env
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c16fa81
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,7 @@
+FROM openjdk:17-jdk-alpine
+WORKDIR /
+COPY target/obp-hola-app-*-SNAPSHOT.jar obp-hola.jar
+COPY application.properties application.properties
+EXPOSE 8087
+ENTRYPOINT ["java","-jar","/obp-hola.jar"]
+#ENTRYPOINT ["/entrypoint.sh"]
diff --git a/application.properties b/application.properties
new file mode 100644
index 0000000..2b0fc9a
--- /dev/null
+++ b/application.properties
@@ -0,0 +1,27 @@
+server.port=${server.port}
+oauth2.public_url=${oauth2.public_url}
+obp.base_url=${obp.base_url}
+endpoint.path.prefix=${endpoint.path.prefix}
+
+mtls.keyStore.path=/etc/ssl/certs/keystore.jks
+mtls.keyStore.password=${mtls.keyStore.password}
+mtls.keyStore.alias=${mtls.keyStore.alias}
+mtls.trustStore.path=/etc/ssl/certs/truststore.jks
+mtls.trustStore.password=${mtls.trustStore.password}
+
+display_standards=${display_standards}
+force_jws=${force_jws}
+
+server.servlet.session.cookie.name=${server.servlet.session.cookie.name}
+
+logo.bank.enabled=${logo.bank.enabled}
+logo.bank.url=${logo.bank.url}
+
+### insert oauth2-related keys from API consumer registration below ###
+
+oauth2.client_id=${oauth2.client_id}
+oauth2.redirect_uri=${oauth2.redirect_uri}
+oauth2.client_scope=${oauth2.client_scope}
+oauth2.jws_alg=${oauth2.jws_alg}
+oauth2.jwk_private_key=${oauth2.jwk_private_key}
+
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..d2d3bce
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,3 @@
+echo $KEYSTORE_BASE64 | base64 -d > /etc/ssl/certs/keystore.jks
+echo $TRUSTSTORE_BASE64 | base64 -d > /etc/ssl/certs/truststore.jks
+exec java -jar /obp-hola.jar