-
Notifications
You must be signed in to change notification settings - Fork 494
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'IQSS/develop' into
IQSS/7632_exclude_packages
- Loading branch information
Showing
1,799 changed files
with
127,966 additions
and
46,331 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
APP_IMAGE=gdcc/dataverse:unstable | ||
POSTGRES_VERSION=16 | ||
DATAVERSE_DB_USER=dataverse | ||
SOLR_VERSION=9.3.0 | ||
SKIP_DEPLOY=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# https://www.git-scm.com/docs/gitattributes | ||
|
||
# This set mandatory LF line endings for .sh files preventing from windows users to having to change the value of their git config --global core.autocrlf to 'false' or 'input' | ||
*.sh text eol=lf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
name: Bug report | ||
about: Did you encounter something unexpected or incorrect in the Dataverse software? | ||
We'd like to hear about it! | ||
title: '' | ||
labels: 'Type: Bug' | ||
assignees: '' | ||
|
||
--- | ||
|
||
<!-- | ||
Thank you for contributing to the Dataverse Project through the creation of a bug report! | ||
WARNING: If this is a security issue it should be reported privately to security@dataverse.org | ||
More information on bug issues and contributions can be found in the "Contributing to Dataverse" page: | ||
https://github.com/IQSS/dataverse/blob/develop/CONTRIBUTING.md#bug-reportsissues | ||
Please fill out as much of the template as you can. | ||
Start below this comment section. | ||
--> | ||
**What steps does it take to reproduce the issue?** | ||
|
||
* When does this issue occur? | ||
|
||
|
||
* Which page(s) does it occurs on? | ||
|
||
|
||
* What happens? | ||
|
||
|
||
* To whom does it occur (all users, curators, superusers)? | ||
|
||
|
||
* What did you expect to happen? | ||
|
||
|
||
|
||
**Which version of Dataverse are you using?** | ||
|
||
|
||
|
||
**Any related open or closed issues to this bug report?** | ||
|
||
|
||
|
||
**Screenshots:** | ||
|
||
No matter the issue, screenshots are always welcome. | ||
|
||
To add a screenshot, please use one of the following formats and/or methods described here: | ||
|
||
* https://help.github.com/en/articles/file-attachments-on-issues-and-pull-requests | ||
* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
--- | ||
name: Feature request | ||
about: Suggest an idea or new feature for the Dataverse software! | ||
title: 'Feature Request/Idea:' | ||
labels: 'Type: Feature' | ||
assignees: '' | ||
|
||
--- | ||
|
||
<!-- | ||
Thank you for contributing to the Dataverse Project through the creation of a feature request! | ||
More information on ideas/feature requests and contributions can be found in the "Contributing to Dataverse" page: | ||
https://github.com/IQSS/dataverse/blob/develop/CONTRIBUTING.md#ideasfeature-requests | ||
Please fill out as much of the template as you can. | ||
Start below this comment section. | ||
--> | ||
|
||
**Overview of the Feature Request** | ||
|
||
|
||
**What kind of user is the feature intended for?** | ||
(Example users roles: API User, Curator, Depositor, Guest, Superuser, Sysadmin) | ||
|
||
|
||
**What inspired the request?** | ||
|
||
|
||
**What existing behavior do you want changed?** | ||
|
||
|
||
**Any brand new behavior do you want to add to Dataverse?** | ||
|
||
|
||
**Any open or closed issues related to this feature request?** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Security | ||
|
||
To report a security vulnerability please email security@dataverse.org as explained at https://guides.dataverse.org/en/latest/installation/config.html#reporting-security-issues | ||
|
||
Advice on securing your installation can be found at https://guides.dataverse.org/en/latest/installation/config.html#securing-your-installation | ||
|
||
Security practices and procedures used by the Dataverse team are described at https://guides.dataverse.org/en/latest/developers/security.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
--- | ||
name: Preview Application Container Image | ||
|
||
on: | ||
# We only run the push commands if we are asked to by an issue comment with the correct command. | ||
# This workflow is always taken from the default branch and runs in repo context with access to secrets. | ||
repository_dispatch: | ||
types: [ push-image-command ] | ||
|
||
env: | ||
IMAGE_TAG: unstable | ||
BASE_IMAGE_TAG: unstable | ||
PLATFORMS: "linux/amd64,linux/arm64" | ||
|
||
jobs: | ||
deploy: | ||
name: "Package & Push" | ||
runs-on: ubuntu-latest | ||
# Only run in upstream repo - avoid unnecessary runs in forks | ||
if: ${{ github.repository_owner == 'IQSS' }} | ||
steps: | ||
# Checkout the pull request code as when merged | ||
- uses: actions/checkout@v3 | ||
with: | ||
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | ||
- uses: actions/setup-java@v3 | ||
with: | ||
java-version: "17" | ||
distribution: 'adopt' | ||
- uses: actions/cache@v3 | ||
with: | ||
path: ~/.m2 | ||
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: ${{ runner.os }}-m2 | ||
|
||
# Note: Accessing, pushing tags etc. to GHCR will only succeed in upstream because secrets. | ||
- name: Login to Github Container Registry | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ secrets.GHCR_USERNAME }} | ||
password: ${{ secrets.GHCR_TOKEN }} | ||
|
||
- name: Set up QEMU for multi-arch builds | ||
uses: docker/setup-qemu-action@v2 | ||
|
||
# Get the image tag from either the command or default to branch name (Not used for now) | ||
#- name: Get the target tag name | ||
# id: vars | ||
# run: | | ||
# tag=${{ github.event.client_payload.slash_command.args.named.tag }} | ||
# if [[ -z "$tag" ]]; then tag=$(echo "${{ github.event.client_payload.pull_request.head.ref }}" | tr '\\/_:&+,;#*' '-'); fi | ||
# echo "IMAGE_TAG=$tag" >> $GITHUB_ENV | ||
|
||
# Set image tag to branch name of the PR | ||
- name: Set image tag to branch name | ||
run: | | ||
echo "IMAGE_TAG=$(echo "${{ github.event.client_payload.pull_request.head.ref }}" | tr '\\/_:&+,;#*' '-')" >> $GITHUB_ENV | ||
# Necessary to split as otherwise the submodules are not available (deploy skips install) | ||
- name: Build app and configbaker container image with local architecture and submodules (profile will skip tests) | ||
run: > | ||
mvn -B -f modules/dataverse-parent | ||
-P ct -pl edu.harvard.iq:dataverse -am | ||
install | ||
- name: Deploy multi-arch application and configbaker container image | ||
run: > | ||
mvn | ||
-Dapp.image.tag=${{ env.IMAGE_TAG }} -Dbase.image.tag=${{ env.BASE_IMAGE_TAG }} | ||
-Ddocker.registry=ghcr.io -Ddocker.platforms=${{ env.PLATFORMS }} | ||
-Pct deploy | ||
- uses: marocchino/sticky-pull-request-comment@v2 | ||
with: | ||
header: registry-push | ||
hide_and_recreate: true | ||
hide_classify: "OUTDATED" | ||
number: ${{ github.event.client_payload.pull_request.number }} | ||
message: | | ||
:package: Pushed preview images as | ||
``` | ||
ghcr.io/gdcc/dataverse:${{ env.IMAGE_TAG }} | ||
``` | ||
``` | ||
ghcr.io/gdcc/configbaker:${{ env.IMAGE_TAG }} | ||
``` | ||
:ship: [See on GHCR](https://github.com/orgs/gdcc/packages/container). Use by referencing with full name as printed above, mind the registry name. | ||
# Leave a note when things have gone sideways | ||
- uses: peter-evans/create-or-update-comment@v3 | ||
if: ${{ failure() }} | ||
with: | ||
issue-number: ${{ github.event.client_payload.pull_request.number }} | ||
body: > | ||
:package: Could not push preview images :disappointed:. | ||
See [log](https://github.com/IQSS/dataverse/actions/runs/${{ github.run_id }}) for details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,171 @@ | ||
--- | ||
name: Application Container Image | ||
|
||
on: | ||
# We are deliberately *not* running on push events here to avoid double runs. | ||
# Instead, push events will trigger from the base image and maven unit tests via workflow_call. | ||
workflow_call: | ||
pull_request: | ||
branches: | ||
- develop | ||
- master | ||
paths: | ||
- 'src/main/docker/**' | ||
- 'modules/container-configbaker/**' | ||
- '.github/workflows/container_app_push.yml' | ||
|
||
env: | ||
IMAGE_TAG: unstable | ||
BASE_IMAGE_TAG: unstable | ||
REGISTRY: "" # Empty means default to Docker Hub | ||
PLATFORMS: "linux/amd64,linux/arm64" | ||
MASTER_BRANCH_TAG: alpha | ||
|
||
jobs: | ||
build: | ||
name: "Build & Test" | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
pull-requests: write | ||
# Only run in upstream repo - avoid unnecessary runs in forks | ||
if: ${{ github.repository_owner == 'IQSS' }} | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up JDK | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: "17" | ||
distribution: temurin | ||
cache: maven | ||
|
||
- name: Build app and configbaker container image with local architecture and submodules (profile will skip tests) | ||
run: > | ||
mvn -B -f modules/dataverse-parent | ||
-P ct -pl edu.harvard.iq:dataverse -am | ||
install | ||
# TODO: add smoke / integration testing here (add "-Pct -DskipIntegrationTests=false") | ||
|
||
hub-description: | ||
needs: build | ||
name: Push image descriptions to Docker Hub | ||
# Run this when triggered via push or schedule as reused workflow from base / maven unit tests. | ||
# Excluding PRs here means we will have no trouble with secrets access. Also avoid runs in forks. | ||
if: ${{ github.event_name != 'pull_request' && github.ref_name == 'develop' && github.repository_owner == 'IQSS' }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: peter-evans/dockerhub-description@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
repository: gdcc/dataverse | ||
short-description: "Dataverse Application Container Image providing the executable" | ||
readme-filepath: ./src/main/docker/README.md | ||
- uses: peter-evans/dockerhub-description@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
repository: gdcc/configbaker | ||
short-description: "Dataverse Config Baker Container Image providing setup tooling and more" | ||
readme-filepath: ./modules/container-configbaker/README.md | ||
|
||
# Note: Accessing, pushing tags etc. to DockerHub or GHCR will only succeed in upstream because secrets. | ||
# We check for them here and subsequent jobs can rely on this to decide if they shall run. | ||
check-secrets: | ||
needs: build | ||
name: Check for Secrets Availability | ||
runs-on: ubuntu-latest | ||
outputs: | ||
available: ${{ steps.secret-check.outputs.available }} | ||
steps: | ||
- id: secret-check | ||
# perform secret check & put boolean result as an output | ||
shell: bash | ||
run: | | ||
if [ "${{ secrets.DOCKERHUB_TOKEN }}" != '' ]; then | ||
echo "available=true" >> $GITHUB_OUTPUT; | ||
else | ||
echo "available=false" >> $GITHUB_OUTPUT; | ||
fi | ||
deploy: | ||
needs: check-secrets | ||
name: "Package & Publish" | ||
runs-on: ubuntu-latest | ||
# Only run this job if we have access to secrets. This is true for events like push/schedule which run in | ||
# context of the main repo, but for PRs only true if coming from the main repo! Forks have no secret access. | ||
# | ||
# Note: The team's decision was to not auto-deploy an image on any git push where no PR exists (yet). | ||
# Accordingly, only run for push events on branches develop and master. | ||
if: needs.check-secrets.outputs.available == 'true' && | ||
( github.event_name != 'push' || ( github.event_name == 'push' && contains(fromJSON('["develop", "master"]'), github.ref_name))) | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-java@v3 | ||
with: | ||
java-version: "17" | ||
distribution: temurin | ||
|
||
# Depending on context, we push to different targets. Login accordingly. | ||
- if: github.event_name != 'pull_request' | ||
name: Log in to Docker Hub registry | ||
uses: docker/login-action@v2 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- if: ${{ github.event_name == 'pull_request' }} | ||
name: Login to Github Container Registry | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ secrets.GHCR_USERNAME }} | ||
password: ${{ secrets.GHCR_TOKEN }} | ||
|
||
- name: Set up QEMU for multi-arch builds | ||
uses: docker/setup-qemu-action@v2 | ||
|
||
- name: Re-set image tag based on branch (if master) | ||
if: ${{ github.ref_name == 'master' }} | ||
run: | | ||
echo "IMAGE_TAG=${{ env.MASTER_BRANCH_TAG }}" >> $GITHUB_ENV | ||
echo "BASE_IMAGE_TAG=${{ env.MASTER_BRANCH_TAG }}" >> $GITHUB_ENV | ||
- name: Re-set image tag and container registry when on PR | ||
if: ${{ github.event_name == 'pull_request' }} | ||
run: | | ||
echo "IMAGE_TAG=$(echo "$GITHUB_HEAD_REF" | tr '\\/_:&+,;#*' '-')" >> $GITHUB_ENV | ||
echo "REGISTRY='-Ddocker.registry=ghcr.io'" >> $GITHUB_ENV | ||
# Necessary to split as otherwise the submodules are not available (deploy skips install) | ||
- name: Build app and configbaker container image with local architecture and submodules (profile will skip tests) | ||
run: > | ||
mvn -B -f modules/dataverse-parent | ||
-P ct -pl edu.harvard.iq:dataverse -am | ||
install | ||
- name: Deploy multi-arch application and configbaker container image | ||
run: > | ||
mvn | ||
-Dapp.image.tag=${{ env.IMAGE_TAG }} -Dbase.image.tag=${{ env.BASE_IMAGE_TAG }} | ||
${{ env.REGISTRY }} -Ddocker.platforms=${{ env.PLATFORMS }} | ||
-P ct deploy | ||
- uses: marocchino/sticky-pull-request-comment@v2 | ||
if: ${{ github.event_name == 'pull_request' }} | ||
with: | ||
header: registry-push | ||
hide_and_recreate: true | ||
hide_classify: "OUTDATED" | ||
message: | | ||
:package: Pushed preview images as | ||
``` | ||
ghcr.io/gdcc/dataverse:${{ env.IMAGE_TAG }} | ||
``` | ||
``` | ||
ghcr.io/gdcc/configbaker:${{ env.IMAGE_TAG }} | ||
``` | ||
:ship: [See on GHCR](https://github.com/orgs/gdcc/packages/container). Use by referencing with full name as printed above, mind the registry name. |
Oops, something went wrong.