diff --git a/.sdkmanrc b/.sdkmanrc index 272da7d..66b7844 100644 --- a/.sdkmanrc +++ b/.sdkmanrc @@ -1,3 +1,4 @@ # Enable auto-env through the sdkman_auto_env config # Add key=value pairs of SDKs to use below -java=17.0.8-tem +java=21.0.2-tem +gradle=8.5 diff --git a/.woodpecker/.backend.yml b/.woodpecker/.backend.yml index 3b1b52b..7c7b5af 100644 --- a/.woodpecker/.backend.yml +++ b/.woodpecker/.backend.yml @@ -3,6 +3,7 @@ variables: - &java_image "gradle:8.5.0-jdk17" when: path: "app/**" + event: [push, tag] clone: git: image: woodpeckerci/plugin-git @@ -16,27 +17,31 @@ steps: commands: - . ./version.sh "lint:style": - group: lint image: *java_image commands: - gradle --no-daemon spotlessCheck + depends_on: ["prepare:version"] "lint:dockerfile": - group: lint image: ghcr.io/hadolint/hadolint:latest-debian commands: - hadolint --version + depends_on: ["prepare:version"] "build:java": - group: build + depends_on: + - lint:style + - lint:dockerfile image: *java_image commands: - . ./version-lock.sh - ./gradlew -Pversion=$CD_CURRENT_VERSION build "analyze:sbom": + depends_on: ["build:java"] image: *java_image commands: - ./gradlew cyclonedxBom "deploy:backend": + depends_on: ["analyze:sbom"] image: alpine:latest commands: - echo "deploy backend" diff --git a/.woodpecker/.documentation.yml b/.woodpecker/.documentation.yml index bc95f1e..d64ba23 100644 --- a/.woodpecker/.documentation.yml +++ b/.woodpecker/.documentation.yml @@ -1,6 +1,7 @@ --- when: path: "documentation/**" + event: [push, tag] variables: - &frontend_image "cl00e9ment/node.js-builder:git" clone: diff --git a/.woodpecker/.frontend.yml b/.woodpecker/.frontend.yml index b1ecf2a..167d368 100644 --- a/.woodpecker/.frontend.yml +++ b/.woodpecker/.frontend.yml @@ -1,6 +1,7 @@ --- when: path: "frontend/**" + event: [push, tag] variables: - &frontend_image "cl00e9ment/node.js-builder:git" clone: @@ -13,12 +14,11 @@ clone: steps: "prepare:version": image: bitnami/git:2.43.0 - group: prepare commands: - . ./version.sh "prepare:frontend": image: *frontend_image - group: prepare + depends_on: ["prepare:version"] commands: - pnpm install directory: frontend diff --git a/.woodpecker/.lint_general.yml b/.woodpecker/.lint_general.yml index da16c57..bb43f91 100644 --- a/.woodpecker/.lint_general.yml +++ b/.woodpecker/.lint_general.yml @@ -1,4 +1,6 @@ --- +when: + event: [push, tag] clone: git: image: woodpeckerci/plugin-git @@ -11,7 +13,6 @@ steps: - git log -1 --pretty=%B >> commitlint.txt "lint:commitlint": - group: lint image: node:lts-slim commands: - npm install --save-dev conventional-changelog-conventionalcommits @commitlint/config-conventional commitlint@latest @@ -21,14 +22,12 @@ steps: - branch: [main, dev] event: push "lint:precommit": - group: lint image: python:3.11.6-bullseye commands: - pip install pre-commit - pre-commit install - pre-commit run --all-files "lint:credentials": - group: lint image: ghcr.io/gitleaks/gitleaks:latest commands: - export HOME=/home/gitleaks diff --git a/app/README.md b/app/README.md index e69de29..5c33b15 100644 --- a/app/README.md +++ b/app/README.md @@ -0,0 +1 @@ +trigger diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 5136fdd..7b45796 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -4,7 +4,7 @@ plugins { id("com.opitzconsulting.demo.ci.java-application-conventions") - id("org.springframework.boot") version "3.1.5" + id("org.springframework.boot") version "3.2.2" id("io.spring.dependency-management") version "1.1.4" } diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 4666df1..20039c1 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -8,7 +8,7 @@ "@antora/cli": "3.1.7", "@antora/lunr-extension": "^1.0.0-alpha.8", "@antora/site-generator": "3.1.7", - "asciidoctor-kroki": "^0.17.0", + "asciidoctor-kroki": "^0.18.0", "http-server": "^14.1.1", "linkinator": "^5.0.1" } @@ -387,9 +387,9 @@ "dev": true }, "node_modules/asciidoctor-kroki": { - "version": "0.17.0", - "resolved": "https://registry.npmjs.org/asciidoctor-kroki/-/asciidoctor-kroki-0.17.0.tgz", - "integrity": "sha512-aObUUfAtcfUTjhAP32bgrcoKXLRta57o3V5k+t73FXDKiLi+QfkHE+9+H4mGPTnghXBtiRYzsu7BbVGfTHoQzQ==", + "version": "0.18.1", + "resolved": "http://npm.demo.rattermeyer.de/asciidoctor-kroki/-/asciidoctor-kroki-0.18.1.tgz", + "integrity": "sha512-eQxbBCaPTbyNoJtk62Gp+6h4LlJp2147g7eS0QIVjqaLpFa8sseH0BlMiBoATrJUYv1w3nR+FTzvloBJ/MioYg==", "dev": true, "dependencies": { "json5": "2.2.3", @@ -402,12 +402,12 @@ "node": ">=10" }, "peerDependencies": { - "@asciidoctor/core": "~2.2" + "@asciidoctor/core": ">=2.2 <4.0" } }, "node_modules/asciidoctor-kroki/node_modules/unxhr": { "version": "1.2.0", - "resolved": "https://registry.npmjs.org/unxhr/-/unxhr-1.2.0.tgz", + "resolved": "http://npm.demo.rattermeyer.de/unxhr/-/unxhr-1.2.0.tgz", "integrity": "sha512-6cGpm8NFXPD9QbSNx0cD2giy7teZ6xOkCUH3U89WKVkL9N9rBrWjlCwhR94Re18ZlAop4MOc3WU1M3Hv/bgpIw==", "dev": true, "engines": { diff --git a/documentation/package.json b/documentation/package.json index 53d2ee1..58039bb 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -8,7 +8,7 @@ "@antora/cli": "3.1.7", "@antora/lunr-extension": "^1.0.0-alpha.8", "@antora/site-generator": "3.1.7", - "asciidoctor-kroki": "^0.17.0", + "asciidoctor-kroki": "^0.18.0", "http-server": "^14.1.1", "linkinator": "^5.0.1" } diff --git a/documentation/pnpm-lock.yaml b/documentation/pnpm-lock.yaml index eb0ceb0..cdd908d 100644 --- a/documentation/pnpm-lock.yaml +++ b/documentation/pnpm-lock.yaml @@ -15,8 +15,8 @@ devDependencies: specifier: 3.1.7 version: 3.1.7 asciidoctor-kroki: - specifier: ^0.17.0 - version: 0.17.0(@asciidoctor/core@2.2.6) + specifier: ^0.18.0 + version: 0.18.1(@asciidoctor/core@2.2.6) http-server: specifier: ^14.1.1 version: 14.1.1 @@ -100,16 +100,6 @@ packages: vinyl-fs: 3.0.3 dev: true - /@antora/logger@3.1.5: - resolution: {integrity: sha512-DGIxiv/rsWRWxFTRD4Hu2TXiFUHOqCpiu4Rf7LxOPdKkuF6i167fw8BuZeFfTzvOE2W2FhB4sopI0EiAZ1D/vQ==} - engines: {node: '>=16.0.0'} - dependencies: - '@antora/expand-path-helper': 2.0.0 - pino: 8.14.2 - pino-pretty: 10.0.1 - sonic-boom: 3.3.0 - dev: true - /@antora/logger@3.1.7: resolution: {integrity: sha512-Z2tfNIi9G4BnAZq26Kp30974FxCVCtvH46FOi6ClnkJg6Uf2gTrVlJERmtsDTsHjWsf1qKbnj/4b99/AU31iQg==} engines: {node: '>=16.0.0'} @@ -146,16 +136,6 @@ packages: require-from-string: 2.0.2 dev: true - /@antora/playbook-builder@3.1.5: - resolution: {integrity: sha512-h3zD1FkN8BVnsmHSgB3CTatVu5Q8E8lqZs7Zfsh7uN5eQHhxsPjOvVByeM1RhCpQuY+o2hERY2XexoLb8V89TQ==} - engines: {node: '>=16.0.0'} - dependencies: - '@iarna/toml': 2.2.5 - convict: 6.2.4 - js-yaml: 4.1.0 - json5: 2.2.3 - dev: true - /@antora/playbook-builder@3.1.7: resolution: {integrity: sha512-lU80S1BqUy9DvqziEzRwpYTaWhOshxgrGAjf/F5VjAIaHCGVx0rZgfoI2rgFFkbVaH94kauOngdtTXDPXC1fPQ==} engines: {node: '>=16.0.0'} @@ -291,11 +271,11 @@ packages: resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} dev: true - /asciidoctor-kroki@0.17.0(@asciidoctor/core@2.2.6): - resolution: {integrity: sha512-aObUUfAtcfUTjhAP32bgrcoKXLRta57o3V5k+t73FXDKiLi+QfkHE+9+H4mGPTnghXBtiRYzsu7BbVGfTHoQzQ==} + /asciidoctor-kroki@0.18.1(@asciidoctor/core@2.2.6): + resolution: {integrity: sha512-eQxbBCaPTbyNoJtk62Gp+6h4LlJp2147g7eS0QIVjqaLpFa8sseH0BlMiBoATrJUYv1w3nR+FTzvloBJ/MioYg==} engines: {node: '>=10'} peerDependencies: - '@asciidoctor/core': ~2.2 + '@asciidoctor/core': '>=2.2 <4.0' dependencies: '@asciidoctor/core': 2.2.6 json5: 2.2.3 diff --git a/infrastructure/.env b/infrastructure/.env deleted file mode 100644 index 1665e05..0000000 --- a/infrastructure/.env +++ /dev/null @@ -1,49 +0,0 @@ -# base domain -BASE_DOMAIN=rattermeyer.de - -# Traefik server host -TRAEFIK_HOST=traefik.demo.${BASE_DOMAIN} -TRAEFIK_LETSENCRYPT_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory -TRAEFIK_LETSENCRYPT_EMAIL=richard.attermeyer@gmail.com -TRAEIFK_LOCALIP_WHITELIST=127.0.0.1/32, 192.168.0.0/16, 172.16.0.0/12, ::1, 2a00:6020:b41a:b600::/56 - -MAIL_HOST=mail.demo.${BASE_DOMAIN} - -# forgejo server address -FORGEJO_HOST=git.demo.${BASE_DOMAIN} -FORGEJO_URL=https://${FORGEJO_HOST} - -# Woodpecker server host -WOODPECKER_HOST=ci.demo.${BASE_DOMAIN} -# Woodpecker server address -WOODPECKER_URL=https://${WOODPECKER_HOST} - -# Shared secret used by server and agents to authenticate communication (can be generated by 'openssl rand -hex 32') -WOODPECKER_AGENT_SECRET=c45adc154097b7a13a446da394570b888ea2e7da3aa462a318150266c9355f5d -# Comma-separated list of admin accounts -#WOODPECKER_ADMIN=CHANGE_ME -WOODPECKER_ADMIN=fjadmin - -WOODPECKER_FORGEJO_URL=${FORGEJO_URL} -# giteleaks:allow -WOODPECKER_FORGEJO_CLIENT=e0049f6b-dd9d-4854-8b48-10dc724f61c3 -# giteleaks:allow -WOODPECKER_FORGEJO_SECRET=gto_7nu6b2cljkimzc5bhbj2u7t2d5hpmig6wqbgmscaoq23x3uvgoda - -# Renovate -RENOVATE_TOKEN=CHANGE_ME - -# Registry -REGISTRY_HOST=container.demo.${BASE_DOMAIN} -REGISTRY_UI_HOST=container-ui.demo.${BASE_DOMAIN} - -REPOSILITE_HOST=mvn.demo.${BASE_DOMAIN} -REPOSILITE_UI_HOST=mvn-ui.demo.${BASE_DOMAIN} -REPOSILITE_JAVA_COMPOSE_OPTS= -REPOSILITE_MEMORY=256M -REPOSILITE_COMPOSE_OPTS="--token admin:changeme" -REPOSILITE_PORT=8080 - -VERDACCIO_HOST=npm.demo.${BASE_DOMAIN} - -SONARQUBE_HOST=sonarqube.demo.${BASE_DOMAIN} diff --git a/infrastructure/compose.yaml b/infrastructure/compose.yaml index d1aee22..fb1881d 100644 --- a/infrastructure/compose.yaml +++ b/infrastructure/compose.yaml @@ -162,7 +162,7 @@ services: container_name: woodpecker-agent image: woodpeckerci/woodpecker-agent:v2.2.2 restart: unless-stopped - cpus: 0.5 + cpus: 2 mem_limit: 512m depends_on: - woodpecker-server diff --git a/infrastructure/sonarqube/Dockerfile b/infrastructure/sonarqube/Dockerfile index 6cd6720..50ab6ad 100644 --- a/infrastructure/sonarqube/Dockerfile +++ b/infrastructure/sonarqube/Dockerfile @@ -1,4 +1,4 @@ -FROM sonarqube:9.9-community +FROM sonarqube:10.3-community ARG COMMUNITY_BRANCH_VERSION=1.14.0 ENV COMMUNITY_BRANCH_URL=https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/${COMMUNITY_BRANCH_VERSION}/sonarqube-community-branch-plugin-${COMMUNITY_BRANCH_VERSION}.jar WORKDIR ${SONARQUBE_HOME}/extensions