Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
T
templateService
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Bazarbay Tulenov
templateService
Commits
73ff187e
Commit
73ff187e
authored
Dec 25, 2023
by
Denis
Committed by
Denis Ligin
Dec 25, 2023
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
merge
parent
3c5a1bf1
Pipeline
#330
failed with stage
Changes
6
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
135 additions
and
44 deletions
+135
-44
.gitlab-ci.yml
.gitlab-ci.yml
+70
-0
Dockerfile
Dockerfile
+17
-8
docker-compose.yaml
docker-compose.yaml
+29
-22
src/main/java/kz/project/printedFormsService/config/SecurityConfiguration.java
...ect/printedFormsService/config/SecurityConfiguration.java
+2
-0
src/main/java/kz/project/printedFormsService/converter/JwtAuthConverter.java
...oject/printedFormsService/converter/JwtAuthConverter.java
+13
-10
src/main/resources/application.yml
src/main/resources/application.yml
+4
-4
No files found.
.gitlab-ci.yml
0 → 100644
View file @
73ff187e
default
:
image
:
docker:24.0.5
services
:
-
name
:
docker:24.0.5-dind
command
:
[
"
--insecure-registry=registry.nitec.kz:8200"
]
before_script
:
-
docker info
-
docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry.nitec.kz:8200
-
mkdir -p ~/.ssh
-
echo "$GITLAB_SSH_KEY" > ~/.ssh/id_rsa
-
chmod 600 ~/.ssh/id_rsa
-
ssh-keyscan $PROD_JUMP_HOST >> ~/.ssh/known_hosts
variables
:
DOCKER_TLS_CERTDIR
:
"
/certs"
CONTAINER_IMAGE
:
registry.nitec.kz:8200/qaztech/ui/template-service:latest
.deploy_app
:
script
:
-
echo "Install app to server $CURRENT_DEPLOYMENT_SERVER"
-
echo $CURRENT_DEPLOYMENT_SERVER
-
|
cat > ~/.ssh/config << EOF
Host jumphost
HostName $CURRENT_JUMP_HOST
User $GITLAB_SSH_USER
Host $CURRENT_DEPLOYMENT_SERVER
ProxyJump jumphost
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
User $GITLAB_SSH_USER
EOF
-
cat ~/.ssh/config
-
ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo -i ls -la ~'
-
scp -i ~/.ssh/id_rsa ./docker-compose.yaml $CURRENT_DEPLOYMENT_SERVER:/opt/printform/templateservice/docker-compose.yaml
# - scp -i ~/.ssh/id_rsa bpms.tar $CURRENT_DEPLOYMENT_SERVER:~/
# - scp -i ~/.ssh/id_rsa .env $CURRENT_DEPLOYMENT_SERVER:~/
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo -i ls -la /opt/applatform/backend/'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo -i docker load -i ~/bpms.tar'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker stop acgateway || true'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker rm acgateway_backup || true'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker rename acgateway acgateway_backup || true'
-
ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'cd /opt/printform/templateservice/ && sudo docker-compose up --build -d'
-
sleep
30
-
ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker ps'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker logs acgateway'
# - ssh -i ~/.ssh/id_rsa $CURRENT_DEPLOYMENT_SERVER 'sudo docker system prune -f'
-
echo "Successfully deploy to $CURRENT_DEPLOYMENT_SERVER"
build
:
stage
:
build
script
:
-
docker build -t $CONTAINER_IMAGE -f Dockerfile .
-
docker push $CONTAINER_IMAGE
# - docker tag $CONTAINER_IMAGE bpms:latest
# - docker save bpms:latest -o bpms.tar
-
export CURRENT_DEPLOYMENT_SERVER=$PROD_DEPLOY_HOST
-
export CURRENT_JUMP_HOST=$PROD_JUMP_HOST
-
!reference
[
.deploy_app
,
script
]
# - export CURRENT_DEPLOYMENT_SERVER=$DEV_DEPLOY_HOST2
# - !reference [.deploy_app, script]
tags
:
-
govtech-ic-docker
# rules:
# - when: manual
# - docker
Dockerfile
View file @
73ff187e
FROM
xldevops/jdk17-lts
FROM
gradle:jdk18 as builder
USER
root
RUN
addgroup builder
&&
adduser
--ingroup
builder builder
COPY
--chown=builder:builder . /home/builder
USER
builder
WORKDIR
/home/builder
RUN
gradle build
--info
-x
test
ARG
JAR_FILE=build/libs/printedFormsService-app.jar
FROM
openjdk:18.0-slim
WORKDIR
/app
#RUN mkdir /app
RUN
groupadd
--system
appuser
&&
\
useradd
--system
--gid
appuser appuser
&&
\
COPY
${JAR_FILE} /spring-boot-application.jar
chown
-R
appuser:appuser /app
USER
appuser
ENTRYPOINT
["java", "-Djava.security.egd=file:/dev/./urandom", "-jar","/spring-boot-application.jar"]
WORKDIR
/app
COPY
--chown=appuser:appuser --from=builder /home/builder/build/libs/printedFormsService-app.jar /app
EXPOSE
8081
ENTRYPOINT
exec java ${JVM_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /app/printedFormsService-app.jar
docker-compose.yaml
View file @
73ff187e
version
:
'
3'
version
:
'
3'
services
:
services
:
postgres
:
# postgres:
image
:
postgres
# image: postgres
network_mode
:
host
# networks:
environment
:
# - test
POSTGRES_DB
:
template_db
# environment:
POSTGRES_USER
:
postgres
# POSTGRES_DB: template_db
POSTGRES_PASSWORD
:
password
# POSTGRES_USER: postgres
expose
:
# POSTGRES_PASSWORD: password
-
5432
# expose:
ports
:
# - 5432
-
"
5432:5432"
# ports:
# - "5432:5432"
client-backend
:
client-backend
:
image
:
templete-service:latest
image
:
registry.nitec.kz:8200/qaztech/ui/template-service:latest
build
:
extra_hosts
:
context
:
./
-
idp.applatform.qaztech.gov.kz:172.22.229.115
dockerfile
:
Dockerfile
networks
:
-
printform
ports
:
ports
:
-
"
808
1
:8081"
-
"
808
5
:8081"
depends_on
:
#
depends_on:
-
postgres
#
- postgres
environment
:
environment
:
-
SERVER_PORT=
8081
-
SERVER_PORT=8081
-
KEYCLOAK_REALM=applatform
-
SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/template_db
-
SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/template_db
-
KEYCLOAK_URI= https://keycloak.portal.btsd.kz
-
KEYCLOAK_URI=https://idp.applatform.qaztech.gov.kz
-
KEYCLOAK_CLIENT_SECRET= F3ldvoA1iBLF142bhfHZNOtZZ0wjRiE4
-
KEYCLOAK_CLIENT_SECRET=1NYLMNlWXpPDW3QKeZ4VjlY76DuzNtaB
-
KEYCLOAK_REALM= selfserviceportal
networks
:
printform
:
external
:
true
name
:
printform
\ No newline at end of file
src/main/java/kz/project/printedFormsService/config/SecurityConfiguration.java
View file @
73ff187e
...
@@ -94,6 +94,8 @@ public class SecurityConfiguration {
...
@@ -94,6 +94,8 @@ public class SecurityConfiguration {
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
.
hasAnyRole
(
PROJECT_A_CREATOR
,
PROJECT_B_CREATOR
,
PROJECT_A_EDITOR
,
PROJECT_B_EDITOR
,
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
PROJECT_A_DELETE
,
PROJECT_B_DELETE
,
ADMIN
)
.
requestMatchers
(
BASE_PATH
+
"/**"
)
.
hasAnyRole
(
ADMIN
)
.
anyRequest
().
authenticated
()
.
anyRequest
().
authenticated
()
);
);
...
...
src/main/java/kz/project/printedFormsService/converter/JwtAuthConverter.java
View file @
73ff187e
...
@@ -28,18 +28,21 @@ public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationTo
...
@@ -28,18 +28,21 @@ public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationTo
}
}
private
Collection
<
GrantedAuthority
>
extractAuthorities
(
Jwt
jwt
)
{
private
Collection
<
GrantedAuthority
>
extractAuthorities
(
Jwt
jwt
)
{
if
(
jwt
.
getClaim
(
"realm_access"
)
!=
null
)
{
if
(
jwt
.
getClaim
(
"resource_access"
)
!=
null
)
{
Map
<
String
,
Object
>
realmAccess
=
jwt
.
getClaim
(
"realm_access"
);
Map
<
String
,
Map
<
String
,
Object
>>
resourceAccess
=
jwt
.
getClaim
(
"resource_access"
);
ObjectMapper
mapper
=
new
ObjectMapper
();
if
(
resourceAccess
.
containsKey
(
"print_form"
)){
List
<
String
>
roles
=
mapper
.
convertValue
(
realmAccess
.
get
(
"roles"
),
new
TypeReference
<>()
{
ObjectMapper
mapper
=
new
ObjectMapper
();
});
List
<
String
>
roles
=
mapper
.
convertValue
(
resourceAccess
.
get
(
"print_form"
).
get
(
"roles"
),
new
TypeReference
<>()
{
List
<
GrantedAuthority
>
authorities
=
new
ArrayList
<>();
});
List
<
GrantedAuthority
>
authorities
=
new
ArrayList
<>();
for
(
String
role
:
roles
)
{
authorities
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_"
+
role
));
for
(
String
role
:
roles
)
{
authorities
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_"
+
role
));
}
return
authorities
;
}
}
return
authorities
;
}
}
return
new
ArrayList
<>();
return
new
ArrayList
<>();
}
}
...
...
src/main/resources/application.yml
View file @
73ff187e
...
@@ -6,20 +6,20 @@ spring:
...
@@ -6,20 +6,20 @@ spring:
oauth2
:
oauth2
:
resourceserver
:
resourceserver
:
jwt
:
jwt
:
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/${KEYCLOAK_REALM:
selfserviceportal
}/protocol/openid-connect/certs
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/${KEYCLOAK_REALM:}/protocol/openid-connect/certs
client
:
client
:
registration
:
registration
:
keycloak
:
keycloak
:
client-id
:
print_form
client-id
:
print_form
client-secret
:
${KEYCLOAK_CLIENT_SECRET:
MAJ7LHWtuZYpUI4wqdol6uKoyINj2OeE
}
client-secret
:
${KEYCLOAK_CLIENT_SECRET:
PCFdHvlgAZTjqoieXvHN3z8zZENrbfKJ
}
client-name
:
Keycloak
client-name
:
Keycloak
provider
:
keycloak
provider
:
keycloak
scope
:
openid
scope
:
openid
authorization-grant-type
:
authorization_code
authorization-grant-type
:
authorization_code
provider
:
provider
:
keycloak
:
keycloak
:
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/${KEYCLOAK_REALM
:selfserviceportal
}/protocol/openid-connect/certs
jwk-set-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
issuer-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/${KEYCLOAK_REALM
:selfserviceportal
}
issuer-uri
:
${KEYCLOAK_URI:http://94.247.129.11:8080}/realms/${KEYCLOAK_REALM}
jpa
:
jpa
:
hibernate
:
hibernate
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment