SECURITY-3: Switch from Ant -> Gradle #419
Conversation
Tested by replacing the old auth jar in workspace deluxe with the fat jar
Service responds to testmode endpoints that access the db, namely GET customroles Also split the build into dependencies and compile so the dependencies are cached
| // For some reason the test directories are included in the war file | ||
| // although the files are gone. Not sure why |
There was a problem hiding this comment.
This gets fixed in the next PR
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## develop #419 +/- ##
==========================================
Coverage 93.39% 93.39%
Complexity 2142 2142
==========================================
Files 126 126
Lines 7520 7520
Branches 1178 1178
==========================================
Hits 7023 7023
Misses 454 454
Partials 43 43 |
| task buildGitCommitFile { | ||
| doLast { | ||
| def commitId = grgit.head().id | ||
| // is there a varible for builddir/classe/java/main? |
There was a problem hiding this comment.
I have these fixed locally, they'll show up in a future PR if that's ok
| * TODO TEST Figure out why tests fail without this and remove. Might have something to do | ||
| * with the stfuLoggers() call in many of the tests, might kill logging for tests that | ||
| * require it | ||
| * Although it seems to make Mongo start up correctly as well which is odd |
There was a problem hiding this comment.
same issue in the workspace -- there seems to be some sort of interaction between gradle and the loggers that means tests only pass with forkEvery on
| // anyway. | ||
| // https://mvnrepository.com/artifact/org.jetbrains/syslog4j/0.9.46 | ||
| // Need to rework the java common logger to not use syslog4j at all since it's abandonware | ||
| // and has a ton of CVEs, even in the newer versions. |
There was a problem hiding this comment.
you can get it easily by adding clojars to the repo list:
repositories {
mavenCentral()
maven {
name = "Clojars"
url = "https://repo.clojars.org/"
}
}
There was a problem hiding this comment.
Ok, cool. That being said, I think there's a reason it's not on maven - it hasn't been maintained for 10 years and is riddled with CVEs. At this point I'd prefer this hacky garbage since it gives us even more impetus to get rid of syslog4j altogether
There was a problem hiding this comment.
Presumably the same logic also applies to the kbase jars?
There was a problem hiding this comment.
I don't think so - we can get rid of syslog4j because we don't want the services logging to syslog anymore anyway. We still need the code in the kbase jars like common / auth
There was a problem hiding this comment.
I have thought about trying to get GHA to build jars though, I think they have a maven set up
There was a problem hiding this comment.
Yes, I looked into it when I was doing the workspace conversion. It would certainly be neater than having a repo of jars...
| * | ||
| * This generated file contains a sample Java application project to get you started. | ||
| * For more details take a look at the 'Building Java & JVM projects' chapter in the Gradle | ||
| * User Manual available at https://docs.gradle.org/7.4.2/userguide/building_java_projects.html |
There was a problem hiding this comment.
Not sure if all this blurb is really needed...
There was a problem hiding this comment.
Nuked locally, will show up in a future PR
|
@MrCreosote |
| COPY templates /tmp/auth2/templates/ | ||
| COPY war /tmp/auth2/war/ | ||
| # for the git commit | ||
| COPY .git /tmp/auth2/.git/ |
There was a problem hiding this comment.
What's the purpose of moving .git inside the container? To track/verify version?
There was a problem hiding this comment.
This step needs access to git: https://github.com/kbase/auth2/pull/419/files#diff-49a96e7eea8a94af862798a45174e6ac43eb4f8b4bd40759b5da63ba31ec3ef7R23
It doesn't factor in the final container size due to the 2 stage build
It's removed in the next commit after I get Eclipse builds working (with a minor annoyance, but working) |
|
@MrCreosote |
Easy one first: generateManageAuthScript generates this: https://github.com/kbase/auth2/blob/develop/README.md?plain=1#L260 generateTemplateFileList creates a list of all the templates (a manifest) in the fatTestJar generates a fat test jar, including all dependencies, the templates, and the templates manifest. The fat jar will replace the current auth jar + the jars repo in workspace and other repos for running an auth2 server in their test rigs. The fat jar is completely self contained, so the jars repo is no longer needed |
|
@MrCreosote |
It's in build/libs |
MrCreosote
changed the title
This PR is a bit large but for me it was easier to understand the changes with the full ant -> gradle conversion. Instead, the PR is split up mostly by commit - the first commit gets the basics (compile & test) working, and then each new commit adds a new feature (or in the case of the last commit, improves an old one).
I found that Eclipse Buildship really doesn't like our project layout, and so the next PR will switch the project to a standard Gradle layout, but that involves moving every single source file, so... different PR.