puzzle · peggimann · Dec 8, 2023 · Dec 8, 2023 · Dec 8, 2023 · Dec 8, 2023
diff --git a/.github/workflows/deploy-action.yml b/.github/workflows/deploy-action.yml
@@ -6,8 +6,125 @@ on:
 
 
 jobs:
+
+  extract-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions
+      - name: Extract Maven project version
+        run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec | sed 's/-SNAPSHOT$//')" >> $GITHUB_OUTPUT
+        id: store-version
+
+  build-docker-image:
+    needs: extract-version
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+
+      - name: Set up node 18
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18.17.1
+
+      - name: Install Dependencies
+        run: cd ./frontend && npm ci
+
+      - name: Build frontend with Angular
+        run: cd ./frontend && npm run build
+
+      - name: Build backend with Maven
+        run: mvn -B clean package --file pom.xml -P build-for-docker
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build the docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile
+          tags: ${{ steps.store-version.outputs.version }}
+          load: true
+          push: false
+          outputs: type=docker,dest=/tmp/okr-docker-image.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: okr-image
+          path: /tmp/okr-docker-image.tar
+
+      - name: print imagetags
+        run: echo ${{ steps.store-version.outputs.version }}
+
+  e2e-docker:
+    runs-on: ubuntu-22.04
+    needs: build-docker-image
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: okr-image
+          path: /tmp
+
+      - name: Load image
+        run: docker load --input /tmp/okr-docker-image.tar
+
+      - name: show images
+        run: docker image ls -a
+
+      - name: Run docker image
+        run: |
+          docker run --network=host \
+          -p 8080:8080 \
+          -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER-URI=http://localhost:8544/realms/pitc \
+          -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK-SET-URI=http://localhost:8544/realms/pitc/protocol/openid-connect/certs \
+          -e SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT-ID=pitc_okr_staging \
+          -e SPRING_PROFILES_ACTIVE-ID=integration-test \
+          -e SPRING_DATASOURCE_URL="jdbc:h2:mem:db;DB_CLOSE_DELAY=-1" \
+          -e SPRING_DATASOURCE_USERNAME=user \
+          -e SPRING_DATASOURCE_PASSWORD=sa \
+          -e SPRING_FLYWAY_LOCATIONS="classpath:db/h2-db/database-h2-schema,classpath:db/h2-db/data-test-h2" \
+          ${{ steps.store-version.outputs.version }} &
+
+      - name: run keycloak docker
+        run: |
+          docker run \
+          -e KEYCLOAK_ADMIN=admin \
+          -e KEYCLOAK_ADMIN_PASSWORD=keycloak \
+          -v ./docker/config/realm-export.json:/opt/keycloak/data/import/realm.json \
+          -p 8544:8080 \
+          quay.io/keycloak/keycloak:22.0.0 \
+          start-dev --import-realm &
+
+      - uses: abhi1693/[email protected]
+        with:
+          browser: chrome
+          version: latest
+
+      - name: Cypress run e2e tests
+        uses: cypress-io/github-action@v6
+        with:
+          build: npm i -D cypress
+          install: false
+          wait-on: 'http://localhost:8080/config, http://localhost:8544'
+          wait-on-timeout: 120
+          browser: chrome
+          headed: true
+          working-directory: frontend
+          config: baseUrl=http://localhost:8080
+
   okr-deploy:
     runs-on: ubuntu-latest
+    needs: e2e-docker
     steps:
       - name: Checkout project
         uses: actions/checkout@v4
@@ -20,10 +137,6 @@ jobs:
           server-id: github
           settings-path: ${{ github.workspace }}
 
-      - name: Extract Maven project version
-        run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec | sed 's/-SNAPSHOT$//')" >> $GITHUB_OUTPUT
-        id: store-version
-
       - name: Set up node 18
         uses: actions/setup-node@v4
         with:
@@ -89,3 +202,46 @@ jobs:
           git push origin ${{ vars.TARGET_REFERENCE }}
       - run: rm -rf ccy-repo
         shell: bash
+
+  generate-and-push-sbom:
+    runs-on: ubuntu-latest
+    needs: okr-deploy
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Install cdxgen
+        working-directory: frontend
+        run: npm install -g @cyclonedx/[email protected]
+
+      - name: 'Generate SBOM for maven dependencies'
+        working-directory: backend
+        run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
+
+      - name: 'Generate SBOM for npm dependencies'
+        working-directory: frontend
+        run: cdxgen -o ../sbom-npm.xml -t npm .
+
+      - name: 'Merge frontend and backend SBOMs'
+        run: |
+          docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/backend/target/bom.xml data/sbom-npm.xml --output-file data/sbom.xml
+
+      - name: 'Push merged SBOM to dependency track'
+        env:
+          PROJECT_NAME: okr-production
+        run: |
+          curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \
+          --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \
+          --header "Content-Type: multipart/form-data" \
+          --form "autoCreate=true" \
+          --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \
+          --form "projectVersion=latest" \
+          --form "[email protected]"
+
+  clean-up:
+    needs: generate-and-push-sbom
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: remove dockers
+        run: docker ps -aq | xargs -r docker rm -f
diff --git a/.github/workflows/staging-deploy-action.yml b/.github/workflows/staging-deploy-action.yml
@@ -65,10 +65,10 @@ jobs:
         run: cd ./frontend && npm ci
 
       - name: Build frontend with Angular
-        run: cd ./frontend && npm run build:staging
+        run: cd ./frontend && npm run build
 
       - name: Build backend with Maven
-        run: mvn -B clean package --file pom.xml -P staging
+        run: mvn -B clean package --file pom.xml -P build-for-docker
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -243,7 +243,7 @@ jobs:
 
       - name: 'Push merged SBOM to dependency track'
         env:
-          PROJECT_NAME: okr
+          PROJECT_NAME: okr-staging
         run: |
           curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \
           --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \

diff --git a/frontend/angular.json b/frontend/angular.json
@@ -60,27 +60,6 @@
               ],
               "outputHashing": "all"
             },
-            "staging": {
-              "budgets": [
-                {
-                  "type": "initial",
-                  "maximumWarning": "3mb",
-                  "maximumError": "5mb"
-                },
-                {
-                  "type": "anyComponentStyle",
-                  "maximumWarning": "2kb",
-                  "maximumError": "4kb"
-                }
-              ],
-              "fileReplacements": [
-                {
-                  "replace": "src/environments/environment.ts",
-                  "with": "src/environments/environment.staging.ts"
-                }
-              ],
-              "outputHashing": "all"
-            },
             "development": {
               "buildOptimizer": false,
               "optimization": false,

diff --git a/frontend/src/environments/environment.staging.ts b/frontend/src/environments/environment.staging.ts