DWN-2572 json-smart upgrade

.circleci/README.md

@@ -0,0 +1,14 @@
+# How to make changes?
+##### Install the CircleCI CLI:
+https://circleci.com/docs/2.0/local-cli/#installation
+
+##### Making a change
+Change the areas of the .circleci/config.yml file that need to be edited
+
+##### To verify your changes
+Any config can be verified, to ensure your changes are valid against the yaml and orb schemas, 
+from the root of the project, run: `circleci config validate .circleci/config.yml --org-slug gh/gresham-computing --token $CIRCLE_TOKEN`
+
+##### Possible errors:
+- Your file must be encoded in UTF-8 (powershell defaulted to UTF-16)
+- Must use Unix style line endings (LF, not CRLF)

.circleci/cci_create_release_and_snapshot.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+REPOSITORY=https://github.com/gresham-computing/openid-connect-server
+MASTER_BRANCH=1.3.x
+
+function get_version {
+    local currentVersion=$(mvn -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec -q)
+    IFS='-' read -r -a parts <<< "$currentVersion"
+
+    local NEXT_NUMBER="$((${parts[1]} + 1))"
+    RELEASE_VERSION="${parts[0]}"-"${parts[1]}"
+    NEXT_SNAPSHOT_VERSION="${parts[0]}"-$NEXT_NUMBER-SNAPSHOT
+}
+
+function bump_to_release {
+    mvn -s gresham-nexus-settings/ctc.plugins.settings.xml versions:set -DnewVersion=$RELEASE_VERSION
+    git tag v$RELEASE_VERSION
+    echo -e "\nopenid-connect-server release: $RELEASE_VERSION\n"
+}
+
+function bump_to_next_snapshot {
+    mvn -s gresham-nexus-settings/ctc.plugins.settings.xml versions:set -DnewVersion=$NEXT_SNAPSHOT_VERSION
+    echo -e "\nopenid-connect-server snapshot: $NEXT_SNAPSHOT_VERSION\n"
+}
+
+function commit_changes {
+    git commit -a -m "$1"
+}
+
+function push_changes {
+    git push $REPOSITORY $MASTER_BRANCH --tags
+}
+
+get_version
+bump_to_release
+commit_changes "New openid-connect-server release: ${RELEASE_VERSION}"
+push_changes
+bump_to_next_snapshot
+commit_changes "Next openid-connect-server snapshot: $NEXT_SNAPSHOT_VERSION"
+push_changes

.circleci/cci_generate_artifact_links.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+HOME=~/project
+DOWNLOAD_PAGE=$HOME/download.html
+LOG=$HOME/mavenOutput.log
+SEARCH_TERMS=(openid-connect uma)
+
+function generate_artifact_links {
+    EXTENSION=$1
+    echo "<!DOCTYPE html><html><body><h2>Last Deployed Artifacts</h2>" >> $DOWNLOAD_PAGE
+
+    for searchTerm in ${SEARCH_TERMS[@]}; do
+        jarUrls+=($(grep -Eo '(http|https).*'${searchTerm}'.*[^-sources].'${EXTENSION}' | sort --unique' $LOG))
+    done
+
+    if [[ ! -z $jarUrls ]]; then
+        echo "<ul>" >> $DOWNLOAD_PAGE
+
+        for jarUrl in "${jarUrls[@]}"; do
+            jarName=$(basename $jarUrl)
+            echo "<li><a href="$jarUrl">$jarName</a></li>" >> $DOWNLOAD_PAGE
+        done
+        echo "</ul>" >> $DOWNLOAD_PAGE
+    else 
+        echo "No uploaded artifacts found." >> $DOWNLOAD_PAGE
+    fi
+
+    echo "<h2>Last Deployed Sources</h2>" >> $DOWNLOAD_PAGE
+
+    # get all sources upload URLs into an array.
+    for searchTerm in ${SEARCH_TERMS[@]}; do
+        sourceUrls+=($(grep -Eo '(http|https).*'${searchTerm}'.*[-sources].'${EXTENSION}' | sort --unique' $LOG))
+    done
+
+    #if download links are found
+    if [[ ! -z $sourceUrls ]]; then
+        echo "<ul>" >> $DOWNLOAD_PAGE
+
+        # write each array entry as a list item URL
+        for sourceUrl in "${sourceUrls[@]}"
+        do 
+            sourceName=$(basename $sourceUrl)
+            echo "<li><a href="$sourceUrl">$sourceName</a></li>" >> $DOWNLOAD_PAGE
+        done
+        echo "</ul>" >> $DOWNLOAD_PAGE
+    else
+        echo "No uploaded artifacts found." >> $DOWNLOAD_PAGE
+    fi
+    echo "</body></html>" >> $DOWNLOAD_PAGE
+}
+
+generate_artifact_links $@ 

.circleci/config.yml

@@ -0,0 +1,175 @@
+version: 2.1
+
+parameters:
+  release:
+    type: boolean
+    default: false
+
+orbs:
+  gresham: gresham-computing/[email protected]
+
+executors:
+  docker-executor:
+    docker:
+      - image: 399104266609.dkr.ecr.eu-west-1.amazonaws.com/circleci-build-images:corretto-8u382
+        aws_auth:
+          aws_access_key_id: $GIS_PRD_ECR_INT_BUILD_ACCESS_KEY
+          aws_secret_access_key: $GIS_PRD_ECR_INT_BUILD_SECRET_ACCESS_KEY
+
+jobs:
+  build-and-deploy:
+    executor: docker-executor
+    steps:
+      - checkout
+      - get-maven-settings-file
+      - restore-cache
+      - gresham/get-whitelister
+      - gresham/whitelist-add:
+          pattern: OpenId
+      - run:
+          name: "Setting Maven version"
+          command: |
+            MASTER_BRANCH=1.3.x
+            VERSION=$(mvn -s gresham-nexus-settings/ctc.plugins.settings.xml -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec -q)
+            if [[ "${CIRCLE_BRANCH}" != "${MASTER_BRANCH}" && "${VERSION}" == *-SNAPSHOT ]]; then
+              mvn -s gresham-nexus-settings/ctc.plugins.settings.xml versions:set -DnewVersion=${CIRCLE_BRANCH}.GRESHAM-SNAPSHOT -B
+            fi
+      - run:
+          name: "Running Maven build and deploy"
+          command: |
+            mvn -s gresham-nexus-settings/ctc.plugins.settings.xml clean deploy \
+              -B -V -U -DskipTests -DskipITs \
+              -DaltSnapshotDeploymentRepository=snapshots::default::https://nexus.greshamtech.com/repository/thirdparty-maven-snapshots/ \
+              -DaltReleaseDeploymentRepository=releases::default::https://nexus.greshamtech.com/repository/thirdparty-maven-releases/ \
+              |& tee -a /home/circleci/project/mavenOutput.log
+      - generate-download-urls:
+          extension: jar
+      - save-cache
+      - gresham/whitelist-remove:
+          pattern: OpenId
+      - persist-workspace
+
+  test:
+    executor: docker-executor
+    steps:
+      - attach_workspace:
+          at: .
+      - restore-cache
+      - gresham/get-whitelister
+      - gresham/whitelist-add:
+          pattern: OpenId
+      - run:
+          name: "Running tests"
+          command: mvn -fae -s gresham-nexus-settings/ctc.plugins.settings.xml test -B -V -U
+      - save-test-results
+      - save-cache
+      - persist-workspace
+      - gresham/whitelist-remove:
+          pattern: OpenId
+
+  release:
+    executor: docker-executor
+    steps:
+      - checkout
+      - get-maven-settings-file
+      - gresham/get-whitelister
+      - gresham/whitelist-add:
+          pattern: OpenId
+      - restore-cache
+      - run:
+          name: Creating openid-connect-server release and next snapshot
+          command: chmod +x .circleci/cci_create_release_and_snapshot.sh && .circleci/cci_create_release_and_snapshot.sh
+      - save-cache
+      - gresham/whitelist-remove:
+          pattern: OpenId
+
+workflows:
+  build-and-test:
+    unless: << pipeline.parameters.release >>
+    jobs:
+      - build-and-deploy:
+          context:
+            - gresham-aws
+            - CTC
+            - CircleCi-Gresham-Credentials
+      - test:
+          requires:
+            - build-and-deploy
+          context:
+            - gresham-aws
+            - CTC
+            - CircleCi-Gresham-Credentials
+
+  build-release:
+    when: << pipeline.parameters.release >>
+    jobs:
+      - release:
+          context:
+            - gresham-aws
+            - CTC
+            - CircleCi-Gresham-Credentials
+          filters:
+            branches:
+              only: 1.3.x
+
+commands:
+  setup-git-credentials:
+    steps:
+      - run:
+          name: Setting up Git credentials
+          command: |
+            git config --global user.name "CircleCI"
+            git config --global user.email "$GITHUB_GRESHAM_USER"
+
+  get-maven-settings-file:
+    steps:
+      - setup-git-credentials
+      - run:
+          name: Getting Maven settings file
+          command: |
+            git config --global url."https://api:${GITHUB_GRESHAM_PW}@github.com/".insteadOf "https://github.com/"
+            git clone https://github.com/gresham-computing/gresham-nexus-settings
+
+  save-cache:
+    steps:
+      - save_cache:
+          paths:
+            - ~/.m2
+          key: v1-m2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "pom.xml" }}
+
+  restore-cache:
+    steps:
+      - restore_cache:
+          keys:
+            - v1-m2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "pom.xml" }}
+            - v1-m2-{{ .Branch }}-{{ .Environment.CIRCLE_JOB }}
+            - v1-m2-
+
+  persist-workspace:
+    steps:
+      - persist_to_workspace:
+          root: .
+          paths:
+            - .
+
+  generate-download-urls:
+    parameters:
+      extension:
+        type: string
+    steps:
+      - run:
+          name: "Generating artifact download URLs"
+          command: chmod +x .circleci/cci_generate_artifact_links.sh && .circleci/cci_generate_artifact_links.sh << parameters.extension >>
+      - store_artifacts:
+          path: download.html
+
+  save-test-results:
+    steps:
+      - run:
+          name: Save test results
+          command: |
+            mkdir -p ~/test-results/junit/
+            find . -type f -regex ".*/target/surefire-reports/.*xml" -exec cp {} ~/test-results/junit/ \;
+          when: always
+      - store_test_results:
+          path: ~/test-results

.circleci/run_release_workflow.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [[ -z "${CIRCLE_TOKEN}" ]]; then
+  echo Cannot trigger release workflow. CircleCI user token not found.
+  exit 1
+fi
+
+BRANCH=1.3.x
+
+echo -e "\nTriggering release workflow on branch: ${BRANCH}.\n" 
+
+status_code=$(curl --request POST \
+  --url https://circleci.com/api/v2/project/github/gresham-computing/openid-connect-server/pipeline \
+  --header 'Circle-Token: '${CIRCLE_TOKEN}'' \
+  --header 'content-type: application/json' \
+  --data '{"branch":"'${BRANCH}'","parameters":{"release": true}}' \
+  -o response.json \
+  -w "%{http_code}")
+
+  if [ "${status_code}" -ge "200" ] && [ "${status_code}" -lt "300" ]; then
+      echo -e "\nAPI call succeeded [${status_code}]. Response:\n"
+      cat response.json
+      rm response.json
+  else
+      echo -e "\nAPI call failed [${status_code}]. Response:\n"
+      cat response.json
+      rm response.json
+      exit 1
+  fi

CHANGELOG.md

@@ -1,5 +1,21 @@
 Unreleased:
 
+- Updated JDK to Corretto 1.8.342
+- Upgraded Jackson Components to 2.15.2
+
+
+*1.3.3-GRESHAM-28:
+- Updated JDK to Corretto 1.8.332
+- Upgraded Jackson Components to 2.13.3
+
+*1.3.3-GRESHAM:
+- Upgraded libraries with known vulnerabilities
+- Added a Gresham specific Jenkinsfile
+- Added a password encoder to the client entity service
+- Fixes a bug by specifying the name of the scope columnn
+- Removed functionality that passed the client secret down to the UI
+- Updated JDK to Corretto 1.8.252
+
 *1.3.2:
 - Added changelog
 - Set default redirect URI resolver strict matching to true

README.md

@@ -29,3 +29,9 @@ The authors and key contributors of the project include:
 
 
 Copyright ©2017, [MIT Internet Trust Consortium](http://www.trust.mit.edu/). Licensed under the Apache 2.0 license, for details see `LICENSE.txt`. 
+
+## Release Process
+
+Here at Gresham, we use this component for a base for the auth server, our developing branch is 1.3.x and any feature branches should be made off of that branch.
+
+A release build can be invoked by running .circleci/run_release_workflow.sh shell script. It uses CircleCI API to trigger the release workflow and it requires a CIRCLE_TOKEN environment variable with a personal CircleCI API token to be set. Once triggered, the build will bump appropriate versions to release and then proceed to bump them to next snapshot.

openid-connect-client/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.3-SNAPSHOT</version>
+		<version>1.3.3.GRESHAM-29-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>
@@ -45,7 +45,7 @@
 					<target>${java-version}</target>
 				</configuration>
 			</plugin>
-			<!-- BUILD SOURCE FILES -->
+			<!--&lt;!&ndash; BUILD SOURCE FILES &ndash;&gt;
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-source-plugin</artifactId>
@@ -58,7 +58,7 @@
 					</execution>
 				</executions>
 			</plugin>
-			<!-- BUILD JavaDoc FILES -->
+			&lt;!&ndash; BUILD JavaDoc FILES &ndash;&gt;
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>
@@ -70,7 +70,7 @@
 						</goals>
 					</execution>
 				</executions>
-			</plugin>
+			</plugin>-->
 		</plugins>
 	</build>
 </project>