From 8381f52351441bead9c31336cf59ff3a12a309d5 Mon Sep 17 00:00:00 2001 From: Victor Alfaro Date: Mon, 14 Oct 2024 14:50:05 -0600 Subject: [PATCH 1/5] #28717: minor change to add secret and valid call to internal workflow (#30317) --- .github/workflows/issue_comp_link-issue-to-pr.yml | 13 ++++++++++++- .github/workflows/issue_open-pr.yml | 5 ++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/issue_comp_link-issue-to-pr.yml b/.github/workflows/issue_comp_link-issue-to-pr.yml index 19e04332595..f5eb3509ee0 100644 --- a/.github/workflows/issue_comp_link-issue-to-pr.yml +++ b/.github/workflows/issue_comp_link-issue-to-pr.yml @@ -7,6 +7,15 @@ on: description: 'Pull Request branch' type: string required: true + pr_url: + description: 'Pull Request URL' + type: string + required: true + secrets: + CI_MACHINE_TOKEN: + description: 'CI machine token' + required: true + workflow_dispatch: inputs: pr_branch: @@ -80,6 +89,8 @@ jobs: core.setOutput('pr_list', prList); core.setOutput('existing_comment_id', existingCommentId); + console.log(`pr_list: [${prList}]`); + console.log(`existing_comment_id: [${existingCommentId}]`); - name: Update or create comment if: steps.check_comment.outputs.existing_comment_id == '' @@ -98,5 +109,5 @@ jobs: owner: '${{ github.repository_owner }}', repo: '${{ github.event.repository.name }}', comment_id: ${{ steps.check_comment.outputs.existing_comment_id }}, - body: prs.join('\n'), + body: `${prs.join('\n')}`, }); diff --git a/.github/workflows/issue_open-pr.yml b/.github/workflows/issue_open-pr.yml index 37249fdeead..636551a9af7 100644 --- a/.github/workflows/issue_open-pr.yml +++ b/.github/workflows/issue_open-pr.yml @@ -7,6 +7,9 @@ on: jobs: add-issue-to-pr: name: Add Issue to PR - uses: ./.github/workflows/issue_comp-link-issue-to-pr.yml + uses: ./.github/workflows/issue_comp_link-issue-to-pr.yml with: pr_branch: ${{ github.head_ref }} + pr_url: ${{ github.event.pull_request.html_url }} + secrets: + CI_MACHINE_TOKEN: ${{ secrets.CI_MACHINE_TOKEN }} From 1b5ac6da463b2481b3b3f5f98f378526736bab1b Mon Sep 17 00:00:00 2001 From: Jose Castro Date: Mon, 14 Oct 2024 22:11:50 -0600 Subject: [PATCH 2/5] feat(Locales) #30300 : Include a Feature Flag for the old Languages portlet (#30341) ### Proposed Changes * Includes a new Feature Flagg called `FEATURE_FLAG_LOCALES_HIDE-OLD-LANGUAGES-PORTLET` -- enabled by default -- which hides the old `Languages` portlet from the list of available portlets in the `Settings > Roles & Tools > Tools` portlet. * If customers still need to be able to add the old `Languages` portlet into the main menu, they can just go ahead and turn the FF on. * These are all DWR-related classes, so we don't have any Unit Tests or Integration Tests for them. --- .../dotmarketing/business/ajax/DwrUtil.java | 12 ++- .../dotmarketing/business/ajax/RoleAjax.java | 90 +++++++++++-------- 2 files changed, 65 insertions(+), 37 deletions(-) diff --git a/dotCMS/src/main/java/com/dotmarketing/business/ajax/DwrUtil.java b/dotCMS/src/main/java/com/dotmarketing/business/ajax/DwrUtil.java index 1f59d1edd1c..3573cab05b9 100644 --- a/dotCMS/src/main/java/com/dotmarketing/business/ajax/DwrUtil.java +++ b/dotCMS/src/main/java/com/dotmarketing/business/ajax/DwrUtil.java @@ -27,7 +27,7 @@ * Provides utility methods for DWR-related classes that allow developers to retrieve common-use * information such as: * @@ -176,4 +176,14 @@ public static ServletContext getServletContext() { return ctx.getServletContext(); } + /** + * Returns the current HTTP Request object from the DWR Web Context Factory. + * + * @return The current instance of the {@link HttpServletRequest} object. + */ + public static HttpServletRequest getHttpServletRequest() { + final WebContext ctx = WebContextFactory.get(); + return ctx.getHttpServletRequest(); + } + } diff --git a/dotCMS/src/main/java/com/dotmarketing/business/ajax/RoleAjax.java b/dotCMS/src/main/java/com/dotmarketing/business/ajax/RoleAjax.java index 0846a9be693..826af08e106 100644 --- a/dotCMS/src/main/java/com/dotmarketing/business/ajax/RoleAjax.java +++ b/dotCMS/src/main/java/com/dotmarketing/business/ajax/RoleAjax.java @@ -1,8 +1,5 @@ package com.dotmarketing.business.ajax; -import static com.dotmarketing.business.ajax.DwrUtil.getLoggedInUser; -import static com.dotmarketing.business.ajax.DwrUtil.validateRolesPortletPermissions; - import com.dotcms.api.system.event.Payload; import com.dotcms.api.system.event.SystemEventType; import com.dotcms.api.system.event.SystemEventsAPI; @@ -54,6 +51,7 @@ import com.dotmarketing.quartz.job.CascadePermissionsJob; import com.dotmarketing.util.ActivityLogger; import com.dotmarketing.util.AdminLogger; +import com.dotmarketing.util.Config; import com.dotmarketing.util.DateUtil; import com.dotmarketing.util.Logger; import com.dotmarketing.util.SecurityLogger; @@ -66,6 +64,9 @@ import com.liferay.portal.language.LanguageUtil; import com.liferay.portal.model.Portlet; import com.liferay.portal.model.User; +import io.vavr.Lazy; + +import javax.servlet.http.HttpServletRequest; import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.Arrays; @@ -77,22 +78,40 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.servlet.http.HttpServletRequest; +import static com.dotmarketing.business.ajax.DwrUtil.getLoggedInUser; +import static com.dotmarketing.business.ajax.DwrUtil.validateRolesPortletPermissions; +import static com.dotmarketing.util.PortletID.LANGUAGES; + +/** + * This class exposes Role and Portlet-related information to the DWR framework. This class is used + * by several Dojo-based portlets in the dotCMS backend, and will be progressively migrated to the + * respective REST Endpoint classes in the near future. + * + * @author root + * @since Mar 22nd, 2012 + */ public class RoleAjax { private final SystemEventsAPI systemEventsAPI; + private final PortletAPI portletAPI; + private final UserWebAPI userWebAPI; + + private static final Lazy HIDE_OLD_LANGUAGES_PORTLET = + Lazy.of(() -> Config.getBooleanProperty("FEATURE_FLAG_LOCALES_HIDE-OLD-LANGUAGES-PORTLET", true)); private static final ObjectMapper mapper = DotObjectMapperProvider.getInstance() .getDefaultObjectMapper(); public RoleAjax(){ - this(APILocator.getSystemEventsAPI()); + this(APILocator.getSystemEventsAPI(), APILocator.getPortletAPI(), WebAPILocator.getUserWebAPI()); } - + @VisibleForTesting - protected RoleAjax(SystemEventsAPI systemEventsAPI) { + protected RoleAjax(final SystemEventsAPI systemEventsAPI, final PortletAPI portletAPI, final UserWebAPI userWebAPI) { this.systemEventsAPI = systemEventsAPI; + this.portletAPI = portletAPI; + this.userWebAPI = userWebAPI; } public List> getRolesTreeFiltered(boolean onlyUserAssignableRoles, String excludeRoles) throws DotDataException{ @@ -592,38 +611,37 @@ public void saveRoleLayouts(String roleId, String[] layoutIds) throws DotDataExc } /** - * Retrieves the info { title, id } of all portlets that can be added to layouts - * @return - * @throws SystemException - * @throws LanguageException - * @throws DotRuntimeException - * @throws PortalException + * Retrieves the title and ID of all portlets that can be added to the main menu -- i.e., + * layouts -- in the dotCMS backend + * + * @return A list of maps, each containing the title and ID of a portlet that can be added to + * the main menu. + * + * @throws SystemException An error occurred when retrieving all Portlets from the database. + * @throws LanguageException An error occurred when retrieving the localized title of a + * Portlet. */ - public List> getAllAvailablePortletInfoList() throws SystemException, LanguageException, DotRuntimeException, PortalException { - - PortletAPI portletAPI = APILocator.getPortletAPI(); - UserWebAPI uWebAPI = WebAPILocator.getUserWebAPI(); - WebContext ctx = WebContextFactory.get(); - HttpServletRequest request = ctx.getHttpServletRequest(); - - List> listOfPortletsInfo = new ArrayList<>(); - - final Collection portlets = portletAPI.findAllPortlets(); - for(final Portlet portlet: portlets) { - if(portletAPI.canAddPortletToLayout(portlet)) { - Map portletMap = new HashMap<>(); - String portletTitle = LanguageUtil.get(uWebAPI.getLoggedInUser(request),"com.dotcms.repackage.javax.portlet.title." + portlet.getPortletId()); - portletMap.put("title", portletTitle); - portletMap.put("id", portlet.getPortletId()); - listOfPortletsInfo.add(portletMap); + @SuppressWarnings("unused") + public List> getAllAvailablePortletInfoList() throws SystemException, + LanguageException { + final HttpServletRequest request = DwrUtil.getHttpServletRequest(); + final List> listOfPortletsInfo = new ArrayList<>(); + final Collection portlets = this.portletAPI.findAllPortlets(); + for (final Portlet portlet : portlets) { + if (LANGUAGES.name().equalsIgnoreCase(portlet.getPortletId()) + && Boolean.TRUE.equals(HIDE_OLD_LANGUAGES_PORTLET.get())) { + continue; } - } - Collections.sort(listOfPortletsInfo, new Comparator>() { - public int compare(Map o1, Map o2) { - return ((String)o1.get("title")).compareTo(((String)o2.get("title"))); + if (this.portletAPI.canAddPortletToLayout(portlet)) { + final String portletTitle = LanguageUtil.get(this.userWebAPI.getLoggedInUser(request), + "com.dotcms.repackage.javax.portlet.title." + portlet.getPortletId()); + listOfPortletsInfo.add(Map.of( + "title", portletTitle, + "id", portlet.getPortletId() + )); } - }); - + } + listOfPortletsInfo.sort(Comparator.comparing(o -> ((String) o.get("title")).toLowerCase())); return listOfPortletsInfo; } From 8c7e974e863c4a53451e4e593658164d72f5027d Mon Sep 17 00:00:00 2001 From: spbolton Date: Tue, 15 Oct 2024 11:56:57 +0100 Subject: [PATCH 3/5] feat(backend): Need to ship with the updated glowroot.jar (#30024) (#30339) ### Proposed Changes * Add latest glowroot.jar to the release and package within the docker container * Detect existing glowroot javaagent and run as is if present for backwards compatibility * Set glowroot version to 0.14.2 and remove duplicate declarations centralising into parent/pom.xml * Add the following environment variables with their defaults ``` GLOWROOT_ENABLED=false # enable/disable glowroot GLOWROOT_SHARED_FOLDER=/data/shared/glowroot # shared folder for glowroot for persistance GLOWROOT_WEB_UI_ENABLED=false # enable/disable local glowroot web ui by setting bind address to 0.0.0.0, used for local developement GLOWROOT_CONF_DIR=/data/shared/glowroot # If GLOWROOT_WEB_UI_ENABLED=true then default to use config from $CATALINA_HOME/glowroot/local-web within container else use $GLOWROOT_SHARED_FOLDER GLOWROOT_LOG_DIR=$GLOWROOT_CONF_DIR/logs. # WE may want to later modify the default location of this to a common logs folder. GLOWROOT_DATA_DIR=$GLOWROOT_SHARED_FOLDER/data GLOWROOT_TMP_DIR=$GLOWROOT_CONF_DIR/tmp. # We may want to later modify the default location of this to with a common tmp folder GLOWROOT_AGENT_ID= # If set then separate folders are created for each agent GLOWROOT_AGENT_ID also sets -Dglowroot.multi.dir=true which is required for multi-agent and to replicate old behavior GLOWROOT_COLLECTOR_ADDRESS= # If set then the remote collector at this address is used instead of the DATA_DIR ``` - To simplify the use of glowroot in maven a glowroot profile that can be triggered with -Ddocker.glowroot.enabled=true is provided that will add the port mapping to port 4000 as well as add the GLOWROOT_ENABLED=true and GLOWROOT_WEB_UI_ENABLED=true environment variables. These params will work whether we are starting up the dev docker instance or for the instance started for postman tests. A random port mapping is used to avoid conflicts with other instances glowroot installations unless -Dglowroot.port={port} is used also. ## Documentation Note this change should be backwards compatible to cloud engineering existing setup but will require a change to remove the existing agentpath and instead use the environment variables defined above. We will need to add this information to the documentation Note the previous default behavior is for the location of the configuration, log, data, and tmp dirs to be relative to the location of the glowroot.jar in the agentpath. This we would usually set on instances to /data/shared/glowroot ## Tests Test that glowroot can be enabled in development using maven while running pustman tests and using ./mvnw -pl :dotcms-core -Pdocker-start -Ddocker.glowroot.enabled=true Test port can be overridend with -Dglowroot.port={port} Test that glowroot can be enabled in a local docker-compose by adding GLOWROOT_WEB_UI_ENABLED=true and GLOWROOT_ENABLED=true Test that a GLOWROOT_COLLECTOR_ADDRESS can be configured to point to a remote collector Test each of the environment variables can be modified. Test that an existing -agentpath is used as is without further modification of the Command line Check for commandline options expected in each case on server startup When WEB_UI_ENABLED=true than it should show UI listening on 0.0.0.0:4000 otherwise it will show UI listening on 127.0.0.1:4000 ''' 2024-10-14 14:07:32 2024-10-14 13:07:32.571 INFO org.glowroot - creating glowroot schema... 2024-10-14 14:07:32 2024-10-14 13:07:32.688 INFO org.glowroot - glowroot schema created 2024-10-14 14:07:32 2024-10-14 13:07:32.822 INFO org.glowroot - UI listening on 0.0.0.0:4000 ''' --- bom/application/pom.xml | 5 +- dotCMS/pom.xml | 26 ++++++---- .../resources/container/tomcat9/bin/setenv.sh | 48 +++++++++++++++++-- .../tomcat9/glowroot/local-web/admin.json | 9 ++++ dotcms-integration/pom.xml | 1 - parent/pom.xml | 37 ++++++++++++++ 6 files changed, 107 insertions(+), 19 deletions(-) create mode 100644 dotCMS/src/main/resources/container/tomcat9/glowroot/local-web/admin.json diff --git a/bom/application/pom.xml b/bom/application/pom.xml index 7c0ecb3ac7f..dff2a3a7481 100644 --- a/bom/application/pom.xml +++ b/bom/application/pom.xml @@ -22,7 +22,6 @@ 1.70 4.0.0 4.33.0 - 0.14.1 2.17.2 2.28 22.3.3 @@ -1506,10 +1505,8 @@ org.glowroot glowroot-agent ${glowroot.version} - + zip diff --git a/dotCMS/pom.xml b/dotCMS/pom.xml index 0563719b802..7792bba84dc 100644 --- a/dotCMS/pom.xml +++ b/dotCMS/pom.xml @@ -15,7 +15,6 @@ 2.29.0 ${project.basedir}/src/main/java ${project.basedir}/src/test/java - 0.14.1 1.10.6 ${basedir}/target/dist ${docker.skip} @@ -26,6 +25,7 @@ dotserver/tomcat-${tomcat.version} ${assembly-directory}/${tomcat-dist-folder}/lib ${assembly-directory}/${tomcat-dist-folder}/log4j2/lib + ${assembly-directory}/${tomcat-dist-folder} ${tomcat-lib-folder} ${project.basedir}/src/main/resources/container/tomcat9 ${assembly-directory}/${tomcat-dist-folder}/webapps/ROOT @@ -1269,15 +1269,6 @@ test - - - - org.junit.jupiter @@ -1511,6 +1502,17 @@ + + org.glowroot + glowroot-agent + dist + zip + ${glowroot.version} + true + + ${tomcat-glowroot-parent-folder} + + com.dotcms dotcms-core-web @@ -1976,6 +1978,10 @@ standalone + + ${tomcat9-overrides}/glowroot/local-web/admin.json + glowroot/local-web + ${tomcat9-overrides}/bin/build.conf bin diff --git a/dotCMS/src/main/resources/container/tomcat9/bin/setenv.sh b/dotCMS/src/main/resources/container/tomcat9/bin/setenv.sh index ec68ddc4cfa..7abdddc52cb 100644 --- a/dotCMS/src/main/resources/container/tomcat9/bin/setenv.sh +++ b/dotCMS/src/main/resources/container/tomcat9/bin/setenv.sh @@ -21,15 +21,14 @@ export CATALINA_OPTS="$CATALINA_OPTS --add-opens java.management/javax.managemen export CATALINA_OPTS="$CATALINA_OPTS --add-opens java.base/sun.nio.cs=ALL-UNNAMED" export CATALINA_OPTS="$CATALINA_OPTS --add-opens java.base/sun.util.calendar=ALL-UNNAMED" export CATALINA_OPTS="$CATALINA_OPTS --add-opens java.base/sun.util.locale=ALL-UNNAMED" - - +export CATALINA_OPTS="$CATALINA_OPTS --add-opens java.base/jdk.internal.misc=ALL-UNNAMED" export CATALINA_OPTS="$CATALINA_OPTS -Djavax.xml.transform.TransformerFactory=com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl" export CATALINA_OPTS="$CATALINA_OPTS -Djavax.xml.parsers.DocumentBuilderFactory=com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl" export CATALINA_OPTS="$CATALINA_OPTS -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl" export CATALINA_OPTS="$CATALINA_OPTS -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=org.apache.tomcat.util.digester.EnvironmentPropertySource" - +# Set Log4j properties if not already set if echo "$CATALINA_OPTS" | grep -q '\-Dlog4j2\.configurationFile'; then echo "Log4j configuration already set" else @@ -46,11 +45,52 @@ fi ADDITIONAL_CLASSPATH="$CATALINA_HOME/log4j2/lib/*" +# Set CLASSPATH with additional path if necessary if [ -n "$CLASSPATH" ]; then CLASSPATH="$CLASSPATH:$ADDITIONAL_CLASSPATH" else CLASSPATH="$ADDITIONAL_CLASSPATH" fi -export CLASSPATH +# CATALINA_OPTS: Used to pass options to the JVM running Tomcat. This script appends various options to CATALINA_OPTS to configure encoding, module access, XML parser implementations, and Log4j settings. +# GLOWROOT_ENABLED: If set to "true", the Glowroot agent is added to CATALINA_OPTS. +# GLOWROOT_CONF_DIR: Directory for Glowroot configuration files. Defaults to $CATALINA_HOME/glowroot/local-web if GLOWROOT_WEB_UI_ENABLED is "true", otherwise defaults to $GLOWROOT_SHARED_FOLDER. +# GLOWROOT_LOG_DIR: Directory for Glowroot log files. Defaults to $GLOWROOT_CONF_DIR/logs if not set. +# GLOWROOT_TMP_DIR: Directory for Glowroot temporary files. Defaults to $GLOWROOT_CONF_DIR/tmp if not set. +# GLOWROOT_DATA_DIR: Directory for Glowroot data files. Defaults to $GLOWROOT_SHARED_FOLDER/data if not set. +# GLOWROOT_AGENT_ID: If set, specifies the agent ID for Glowroot and enables multi-directory mode. +# GLOWROOT_COLLECTOR_ADDRESS: If set, specifies the collector address for Glowroot. + +add_glowroot_agent() { + if ! echo "$CATALINA_OPTS" | grep -q '\-javaagent:.*glowroot\.jar'; then + echo "Adding Glowroot agent to CATALINA_OPTS" + if [ "$GLOWROOT_ENABLED" = "true" ]; then + export CATALINA_OPTS="$CATALINA_OPTS -javaagent:$CATALINA_HOME/glowroot/glowroot.jar" + + export GLOWROOT_SHARED_FOLDER="/data/shared/glowroot" + + # Set GLOWROOT_CONF_DIR based on GLOWROOT_WEB_UI_ENABLED + if [ -z "$GLOWROOT_CONF_DIR" ]; then + GLOWROOT_CONF_DIR="$([ "$GLOWROOT_WEB_UI_ENABLED" = "true" ] && echo "$CATALINA_HOME/glowroot/local-web" || echo "$GLOWROOT_SHARED_FOLDER")" + fi + CATALINA_OPTS="$CATALINA_OPTS -Dglowroot.conf.dir=$GLOWROOT_CONF_DIR" + # We may want to modify these defaults + CATALINA_OPTS="$CATALINA_OPTS -Dglowroot.log.dir=${GLOWROOT_LOG_DIR:=$GLOWROOT_CONF_DIR/logs}" + CATALINA_OPTS="$CATALINA_OPTS -Dglowroot.tmp.dir=${GLOWROOT_TMP_DIR:=$GLOWROOT_CONF_DIR/tmp}" + CATALINA_OPTS="$CATALINA_OPTS -Dglowroot.data.dir=${GLOWROOT_DATA_DIR:=$GLOWROOT_SHARED_FOLDER/data}" + + # Set GLOWROOT_AGENT_ID and enable multi-directory mode if defined + [ -n "$GLOWROOT_AGENT_ID" ] && CATALINA_OPTS="$CATALINA_OPTS -Dglowroot.agent.id=$GLOWROOT_AGENT_ID -Dglowroot.multi.dir=true" + [ -n "$GLOWROOT_COLLECTOR_ADDRESS" ] && CATALINA_OPTS="$CATALINA_OPTS -Dglowroot.collector.address=$GLOWROOT_COLLECTOR_ADDRESS" + + fi + else + echo "Using Legacy Glowroot agent settings from CATALINA_OPTS" + fi +} + +# Run the function to add Glowroot agent settings to CATALINA_OPTS if enabled +add_glowroot_agent +export CATALINA_OPTS +export CLASSPATH \ No newline at end of file diff --git a/dotCMS/src/main/resources/container/tomcat9/glowroot/local-web/admin.json b/dotCMS/src/main/resources/container/tomcat9/glowroot/local-web/admin.json new file mode 100644 index 00000000000..62f296113d3 --- /dev/null +++ b/dotCMS/src/main/resources/container/tomcat9/glowroot/local-web/admin.json @@ -0,0 +1,9 @@ +{ + "web": { + "port": 4000, + "bindAddress": "0.0.0.0", + "contextPath": "/", + "sessionTimeoutMinutes": 30, + "sessionCookieName": "GLOWROOT_SESSION_ID" + } +} \ No newline at end of file diff --git a/dotcms-integration/pom.xml b/dotcms-integration/pom.xml index 80123dc92e8..77236ae2e84 100644 --- a/dotcms-integration/pom.xml +++ b/dotcms-integration/pom.xml @@ -16,7 +16,6 @@ 2.37.0 1.16 - 0.14.1 1.10.6 ${basedir}/target/dist true diff --git a/parent/pom.xml b/parent/pom.xml index c9a18512631..45558300054 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -196,6 +196,8 @@ false n 5005 + false + -agentlib:jdwp=transport=dt_socket,server=y,suspend=${debug.suspend.flag},address=*:${debug.port} @@ -206,6 +208,7 @@ ${maven.multiModuleProjectDirectory}/environments ${environment.properties.folder}/environment.properties true + 0.14.2 @@ -1573,6 +1576,40 @@ + + glowroot + + + docker.glowroot.enabled + true + + + + + + + + io.fabric8 + docker-maven-plugin + + + + + + glowroot.port:4000 + + + true + true + + + + + + + + + coverage From d5fde2786dd17f2f8b7a0bb9028f9b6f86e0cc9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Enrique=20Colina=20Rodr=C3=ADguez?= Date: Tue, 15 Oct 2024 13:21:26 +0200 Subject: [PATCH 4/5] refactor(deployment): Add generated SBom to Github release artifacts (#29944) (#30326) ### Proposed Changes * Encapsulated the `generate-sbom` process within a GitHub Action and invoked it from a workflow. * Integration within `Legacy release process`, to build the sbom during the release only if it's successfully generated. ### Additional Info Related to #29944 (Add generated SBom to Github release artifacts). --- .../legacy-release/sbom-generator/action.yml | 64 +++++++++++++++++++ .../legacy-release_maven-release-process.yml | 61 ++++++++++++++---- 2 files changed, 114 insertions(+), 11 deletions(-) create mode 100644 .github/actions/legacy-release/sbom-generator/action.yml diff --git a/.github/actions/legacy-release/sbom-generator/action.yml b/.github/actions/legacy-release/sbom-generator/action.yml new file mode 100644 index 00000000000..f023ddd85b2 --- /dev/null +++ b/.github/actions/legacy-release/sbom-generator/action.yml @@ -0,0 +1,64 @@ +name: 'DotCMS SBOM Generator' +description: 'Generates SBOM for a specified version of dotCMS' +inputs: + dotcms_version: + description: 'The dotCMS version (vYY.MM.DD)' + required: true + github_token: + description: 'GitHub token for pushing changes' + required: true +outputs: + sbom-artifact: + description: 'SBOM artifact' + value: ${{ steps.sbom-artifact.outputs.artifact }} + +runs: + using: "composite" + steps: + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: dotCMS/core + token: ${{ inputs.github_token }} + path: core + + - name: Set dotCMS version + shell: bash + run: | + formatted_tag=$(echo "${{ inputs.dotcms_version }}" | sed -e 's/^dotcms-cli-//' -e 's/^v//') + echo "DOTCMS_VERSION=$formatted_tag" >> $GITHUB_ENV + + - name: Pull and run dotCMS Docker image + shell: bash + run: | + docker pull dotcms/dotcms:${{ env.DOTCMS_VERSION }} + docker run -d -p 8082:8082 dotcms/dotcms:${{ env.DOTCMS_VERSION }} + + - name: Install pipx + shell: bash + run: pip install pipx + + - name: Scan Docker Image with Syft + shell: bash + run: | + pipx run anchore_syft dotcms/dotcms:${{ env.DOTCMS_VERSION }} -o cyclonedx-json > core/sbom-cyclonedx.json + + - name: Rename SBOM file with dotCMS version + shell: bash + run: | + mv core/sbom-cyclonedx.json core/sbom-dotcms-${{ env.DOTCMS_VERSION }}.json + + - name: Upload SBOM to GitHub + uses: actions/upload-artifact@v4 + with: + name: sbom-dotcms-${{ env.DOTCMS_VERSION }} + path: core/sbom-dotcms-${{ env.DOTCMS_VERSION }}.json + + - name: Set SBOM artifact + shell: bash + id: sbom-artifact + env: + PACKAGE: ${{ inputs.dotcms_package }} + VERSION: ${{ env.DOTCMS_VERSION }} + run: | + echo "artifact=sbom-dotcms-${VERSION}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/legacy-release_maven-release-process.yml b/.github/workflows/legacy-release_maven-release-process.yml index 86642738cf1..5f5050d36fb 100644 --- a/.github/workflows/legacy-release_maven-release-process.yml +++ b/.github/workflows/legacy-release_maven-release-process.yml @@ -126,7 +126,7 @@ jobs: echo "release_commit=${release_commit}" >> $GITHUB_OUTPUT - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: ${{ env.JAVA_VERSION }} distribution: ${{ env.JAVA_DISTRO }} @@ -158,7 +158,7 @@ jobs: - name: Cache Maven Repository id: cache-maven - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.m2/repository key: maven-core-${{ steps.set-common-vars.outputs.date }}-${{ github.run_id }} @@ -168,7 +168,7 @@ jobs: - name: Cache Core Output id: cache-core-output - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ./dotCMS/target/classes @@ -181,7 +181,7 @@ jobs: - name: Cache Node Binary id: cache-node-binary - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | core-web/installs @@ -190,7 +190,7 @@ jobs: - name: Cache NPM id: cache-npm - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.npm @@ -200,7 +200,7 @@ jobs: - name: Cache Docker Context id: cache-docker-context - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ env.DOCKER_BUILD_CONTEXT }}/context key: docker-context-${{ steps.set-common-vars.outputs.date }}-${{ github.run_id }} @@ -235,14 +235,14 @@ jobs: - name: Restore Maven Repository id: restore-maven - uses: actions/cache/restore@v3 + uses: actions/cache/restore@v4 with: path: ~/.m2/repository key: maven-core-${{ needs.prepare-release.outputs.date }}-${{ github.run_id }} - name: Restore Core Output id: restore-core-output - uses: actions/cache/restore@v3 + uses: actions/cache/restore@v4 with: path: | ./dotCMS/target/classes @@ -252,20 +252,20 @@ jobs: - name: Restore Node Binary id: restore-node-binary - uses: actions/cache/restore@v3 + uses: actions/cache/restore@v4 with: path: core-web/installs key: node-binary-${{ hashFiles('core-web/.nvmrc') }} - name: Restore NPM id: restore-npm - uses: actions/cache/restore@v3 + uses: actions/cache/restore@v4 with: path: ~/.npm key: npm-${{ hashFiles('core-web/package-lock.json') }} - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: ${{ env.JAVA_VERSION }} distribution: ${{ env.JAVA_DISTRO }} @@ -340,6 +340,45 @@ jobs: docker_io_username: ${{ secrets.DOCKER_USERNAME }} docker_io_token: ${{ secrets.DOCKER_TOKEN }} + generate-sbom: + name: Generate SBOM + runs-on: ubuntu-latest + needs: [ prepare-release, build-push-image ] + continue-on-error: true + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/legacy-release/sbom-generator + id: sbom-generator + with: + dotcms_version: ${{ needs.prepare-release.outputs.release_version }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Download all build artifacts' + uses: actions/download-artifact@v4 + with: + path: ${{ github.workspace }}/artifacts + pattern: ${{ steps.sbom-generator.outputs.sbom-artifact }} + + - name: Upload SBOM Asset + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + echo "::group::Upload SBOM Asset" + ARTIFACT_NAME=${{ steps.sbom-generator.outputs.sbom-artifact }} + SBOM="./artifacts/${ARTIFACT_NAME}/${ARTIFACT_NAME}.json" + + if [ -f "${SBOM}" ]; then + echo "SBOM: ${SBOM}" + cat "${SBOM}" + + zip "${ARTIFACT_NAME}.zip" "${SBOM}" + gh release upload "${{ needs.prepare-release.outputs.release_tag }}" "${ARTIFACT_NAME}.zip" + else + echo "SBOM artifact not found." + fi + echo "::endgroup::" + finish-release: name: Finish Release runs-on: ubuntu-latest From 10c59ee4175ef1024bd612f137fd700157be4ea3 Mon Sep 17 00:00:00 2001 From: Will Ezell Date: Tue, 15 Oct 2024 10:37:06 -0400 Subject: [PATCH 5/5] fix(perf) don't create session if it is not required (#30322) This pull request includes changes to improve session handling in the `CurrentVariantWebInterceptor` and `VariantWebAPIImpl` classes. The main focus is on ensuring sessions are only created when necessary, which can help optimize resource usage and performance. Session handling improvements: * [`dotCMS/src/main/java/com/dotcms/variant/business/web/CurrentVariantWebInterceptor.java`](diffhunk://#diff-65fdb30fd885a08035709f661b6cd0e1e4f4354bde74a4f3e1f6464e765d0731L59-R59): Modified `getSession` to avoid creating a new session if one does not already exist by passing `false` to `getSession`. * [`dotCMS/src/main/java/com/dotcms/variant/business/web/VariantWebAPIImpl.java`](diffhunk://#diff-c67db85ad5a8303546f73462e9074d4cf3f669295e99d9ca050c4bd8ce25e7f2L69-R78): Renamed `setSessionAttribute` to `setSessionAttributeIfNeeded` and updated the method to conditionally create a session based on the `currentVariantName`. --- .../business/web/CurrentVariantWebInterceptor.java | 4 ++-- .../dotcms/variant/business/web/VariantWebAPIImpl.java | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/dotCMS/src/main/java/com/dotcms/variant/business/web/CurrentVariantWebInterceptor.java b/dotCMS/src/main/java/com/dotcms/variant/business/web/CurrentVariantWebInterceptor.java index a763e6360f0..6e9b7127663 100644 --- a/dotCMS/src/main/java/com/dotcms/variant/business/web/CurrentVariantWebInterceptor.java +++ b/dotCMS/src/main/java/com/dotcms/variant/business/web/CurrentVariantWebInterceptor.java @@ -56,7 +56,7 @@ public Result intercept(final HttpServletRequest request, final HttpServletRespo } if (!UtilMethods.isSet(currentVariantName)) { - final HttpSession session = request.getSession(); + final HttpSession session = request.getSession(false); if (session != null) { final Object attribute = session.getAttribute(VariantAPI.VARIANT_KEY); @@ -98,4 +98,4 @@ private static Optional getVariantValueFromReferer(final String refererV return Optional.empty(); } -} \ No newline at end of file +} diff --git a/dotCMS/src/main/java/com/dotcms/variant/business/web/VariantWebAPIImpl.java b/dotCMS/src/main/java/com/dotcms/variant/business/web/VariantWebAPIImpl.java index d1c2b146e4c..bf386e9e983 100644 --- a/dotCMS/src/main/java/com/dotcms/variant/business/web/VariantWebAPIImpl.java +++ b/dotCMS/src/main/java/com/dotcms/variant/business/web/VariantWebAPIImpl.java @@ -66,19 +66,21 @@ public String currentVariantId() { } } - setSessionAttribute(request, currentVariantName); + setSessionAttributeIfNeeded(request, currentVariantName); return currentVariantName; } - private static void setSessionAttribute(final HttpServletRequest request, + private static void setSessionAttributeIfNeeded(final HttpServletRequest request, final String currentVariantName) { - final HttpSession session = request.getSession(true); + boolean buildSessionIfNeeded = !"DEFAULT".equals(currentVariantName); + + final HttpSession session = request.getSession(buildSessionIfNeeded); if (!UtilMethods.isSet(session)) { return; } - + final Object attribute = session.getAttribute(VariantAPI.VARIANT_KEY); if (mustOverwrite(attribute, currentVariantName)) {