add release checklist

.github/ISSUE_TEMPLATE/release-checklist.md

@@ -0,0 +1,43 @@
+---
+name: Release checklist
+about: Použi tento checklist na testovanie artefaktov pred public releaseom
+title: "Release "
+labels: release
+assignees: @slovensko-digital/autogram-release-team
+---
+
+## Windows
+
+- [ ] funguje inštalácia na Windows cez stiahnutý .msi
+- [ ] funguje spustenie v GUI móde
+- [ ] funguje URL handler [autogram://go](autogram://go)
+- [ ] funguje GUI otvoriť jeden súbor, ten sa zobrazí, viem ho podpísať, vytvorí sa podpísaný súbor
+- [ ]  funguje CLI `autogram --help`
+
+## Linux
+- [ ] funguje inštalácia na Linux (Debian-based) cez stiahnutý .deb
+- [ ] funguje inštalácia na Linux cez stiahnutý .rpm
+- [ ] funguje spustenie v GUI móde
+- [ ] funguje URL handler [autogram://go](autogram://go)
+- [ ] funguje GUI otvoriť jeden súbor, ten sa zobrazí, viem ho podpísať, vytvorí sa podpísaný súbor
+- [ ]  funguje CLI `autogram --help`
+
+## MacOS
+- [ ] funguje inštalácia na MacOS cez stiahnutý .pkg
+- [ ] funguje spustenie v GUI móde
+- [ ] funguje URL handler [autogram://go](autogram://go)
+- [ ] funguje GUI otvoriť jeden súbor, ten sa zobrazí, viem ho podpísať, vytvorí sa podpísaný súbor
+- [ ] funguje CLI `/Applications/Autogram.app/Contents/MacOS/AutogramApp --help`
+
+
+## Na aspoň jednom systéme
+
+- [ ] fungujú všetky smoke testy `./mvnw test -Psmoke`
+- [ ] funguje spustenie v GUI serverovom móde `autogram --url=autogram://listen?protocol=http&port=37201` na inom porte
+- [ ] funguje CLI `autogram --cli --source source.pdf`
+- [ ] funguje CLI `autogram --cli --source source.pdf --target target.pdf`
+- [ ] funguje CLI `autogram --cli --source source-dir --target target-dir`
+- [ ] funguje API info request
+- [ ] funguje API docs request
+- [ ] funguje API sign request
+- [ ] funguje s [extension](https://github.com/slovensko-digital/autogram-extension)

.github/workflows/package.yaml

@@ -108,3 +108,20 @@ jobs:
             target/*.dmg
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: imjohnbo/extract-issue-template-fields@f5232d9bc6ad9aff26c462e60a2c8ef0b17aa3fa
+        if: startsWith(github.ref, 'refs/tags/')
+        id: issueTemplate
+        with:
+          path: .github/ISSUE_TEMPLATE/release-checklist.md
+
+      - name: Create release checklist issue
+        uses: imjohnbo/issue-bot@3d96848fb5e9a4a473bb81ae62b4b4866a56e93a
+        if: startsWith(github.ref, 'refs/tags/')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          assignees: ${{ steps.issueTemplate.outputs.assignees }}
+          labels: ${{ steps.issueTemplate.outputs.labels }}
+          title: ${{ steps.issueTemplate.outputs.title }} ${{github.ref_name}}
+          body: ${{ steps.issueTemplate.outputs.body }}

RELEASE.md

@@ -0,0 +1,33 @@
+Release robí slovensko.digital, ale checklist je verejný aby mohol každý contributor samostatne
+pretestovať zmeny pred tým než urobí PR.
+
+# Release Checklist
+
+## Kontrola nového kódu
+
+Je potrebné skontrolovať či nepribudol škodlivý kód, exfiltrácia secrets cez GH actions, či je nová core funkcionalita pokrytá testami.
+
+## Testing
+
+- [ ] zelené všetky automatizované testy
+- [ ] funguje inštalácia na Windows cez stiahnutý .msi
+- [ ] funguje inštalácia na MacOS cez stiahnutý .pkg
+- [ ] funguje inštalácia na Linux (Debian-based) cez stiahnutý .deb
+- [ ] funguje inštalácia na Linux cez stiahnutý .rpm
+- [ ] funguje spustenie v GUI móde
+- [ ] funguje spustenie v GUI serverovom móde `autogram --url=autogram://listen?protocol=http&port=37200`
+- [ ] funguje URL handler na Windows [autogram://go](autogram://go)
+- [ ] funguje URL handler na MacOS [autogram://go](autogram://go)
+- [ ] funguje URL handler na Linux [autogram://go](autogram://go)
+- [ ] funguje GUI otvoriť jeden súbor, ten sa zobrazí, viem ho podpísať, vytvorí sa podpísaný súbor
+- [ ] funguje CLI `autogram --cli --source source.pdf`
+- [ ] funguje CLI `autogram --cli --source source.pdf --target target.pdf`
+- [ ] funguje CLI `autogram --cli --source source-dir --target target-dir`
+- [ ] funguje API info request
+- [ ] funguje API docs request
+- [ ] funguje API sign request
+- [ ] funguje s [extension](https://github.com/slovensko-digital/autogram-extension)
+
+## Pripraviť popis releasu
+
+vid. existujúce [Releases](https://github.com/slovensko-digital/autogram/releases)

pom.xml

@@ -26,7 +26,9 @@
         <mockito.version>5.4.0</mockito.version>
         <commons-cli.version>1.5.0</commons-cli.version>
         <xmlunit.version>2.9.1</xmlunit.version>
+        <snakeyml.version>2.0</snakeyml.version>
         <jimfs.version>1.2</jimfs.version>
+        <testExcludedGroups>HttpSmokeTest</testExcludedGroups>
     </properties>
 
     <dependencyManagement>
@@ -133,6 +135,26 @@
             <version>${xmlunit.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>${snakeyml.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>com.google.jimfs</groupId>
             <artifactId>jimfs</artifactId>
@@ -150,6 +172,9 @@
                     <version>3.1.2</version>
                     <configuration>
                         <jvm>${jlink.jdk.path}${file.separator}bin${file.separator}java</jvm>
+                        <!-- done this way because you can't override excludedGroups in a profile
+                        https://issues.apache.org/jira/browse/SUREFIRE-1645 -->
+                        <excludedGroups>${testExcludedGroups}</excludedGroups>
                     </configuration>
                 </plugin>
             </plugins>
@@ -515,5 +540,25 @@
                 <github.auth>Bearer ${env.GITHUB_TOKEN}</github.auth>
             </properties>
         </profile>
+
+        <profile>
+            <id>smoke</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <version>3.1.2</version>
+                        <configuration>
+                            <jvm>${jlink.jdk.path}${file.separator}bin${file.separator}java</jvm>
+                            <groups>HttpSmokeTest</groups>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+            <properties>
+                <testExcludedGroups></testExcludedGroups>
+            </properties>
+        </profile>
     </profiles>
 </project>

src/main/java/digital/slovensko/autogram/server/dto/ServerSigningParameters.java

@@ -2,6 +2,7 @@
 
 import java.util.Arrays;
 import java.util.Base64;
+import java.util.Map;
 
 import javax.xml.crypto.dsig.CanonicalizationMethod;
 
@@ -47,12 +48,12 @@ public enum VisualizationWidthEnum {
     private final VisualizationWidthEnum visualizationWidth;
 
     public ServerSigningParameters(SignatureLevel level, ASiCContainerType container,
-                                   String containerFilename, String containerXmlns, SignaturePackaging packaging,
-                                   DigestAlgorithm digestAlgorithm,
-                                   Boolean en319132, LocalCanonicalizationMethod infoCanonicalization,
-                                   LocalCanonicalizationMethod propertiesCanonicalization, LocalCanonicalizationMethod keyInfoCanonicalization,
-                                   String schema, String transformation,
-                                   String Identifier, boolean checkPDFACompliance, VisualizationWidthEnum preferredPreviewWidth) {
+            String containerFilename, String containerXmlns, SignaturePackaging packaging,
+            DigestAlgorithm digestAlgorithm,
+            Boolean en319132, LocalCanonicalizationMethod infoCanonicalization,
+            LocalCanonicalizationMethod propertiesCanonicalization, LocalCanonicalizationMethod keyInfoCanonicalization,
+            String schema, String transformation,
+            String Identifier, boolean checkPDFACompliance, VisualizationWidthEnum preferredPreviewWidth) {
         this.level = level;
         this.container = container;
         this.containerXmlns = containerXmlns;
@@ -85,6 +86,48 @@ public SigningParameters getSigningParameters(boolean isBase64) {
                 identifier, checkPDFACompliance, getVisualizationWidth());
     }
 
+    public static ServerSigningParameters fromMap(Map<String, Object> map) {
+        var level = SignatureLevel.valueByName((String) map.get("level"));
+        var container = fromMapToEnum(ASiCContainerType.class, map.get("container"));
+        var containerFilename = (String) map.get("containerFilename");
+        var containerXmlns = (String) map.get("containerXmlns");
+        var packaging = fromMapToEnum(SignaturePackaging.class, map.get("packaging"));
+        var digestAlgorithm = fromMapToEnum(DigestAlgorithm.class, map.get("digestAlgorithm"));
+        var en319132 = (Boolean) map.get("en319132");
+        var infoCanonicalization = fromMapToEnum(LocalCanonicalizationMethod.class, map.get("infoCanonicalization"));
+        var propertiesCanonicalization = fromMapToEnum(LocalCanonicalizationMethod.class,
+                map.get("propertiesCanonicalization"));
+        var keyInfoCanonicalization = fromMapToEnum(LocalCanonicalizationMethod.class,
+                map.get("keyInfoCanonicalization"));
+        var schema = (String) map.get("schema");
+        var transformation = (String) map.get("transformation");
+        var identifier = (String) map.get("identifier");
+        var checkPDFACompliance = map.getOrDefault("checkPDFACompliance", "false") == "true";
+        var visualizationWidth = fromMapToEnum(VisualizationWidthEnum.class, map.get("visualizationWidth"));
+
+        return new ServerSigningParameters(
+                level,
+                container,
+                containerFilename,
+                containerXmlns,
+                packaging,
+                digestAlgorithm,
+                en319132,
+                infoCanonicalization,
+                propertiesCanonicalization,
+                keyInfoCanonicalization,
+                schema,
+                transformation,
+                identifier, checkPDFACompliance, visualizationWidth);
+    }
+
+    private static <T extends Enum<T>> T fromMapToEnum(Class<T> clazz, Object obj) {
+        var visualizationWidthStr = (String) obj;
+        if (visualizationWidthStr == null)
+            return null;
+        return T.valueOf(clazz, visualizationWidthStr);
+    }
+
     private String getTransformation(boolean isBase64) {
         if (transformation == null)
             return null;