Release 3.1.0 (#50)

Released 3.1-3.1.0
Major changes included GitHub action workflows, switching to confluent-kafka-go library, and upgrading dependencies.

Signed-off-by: David N Perkins <[email protected]>

.github/workflows/ci-workflow.yml

@@ -0,0 +1,156 @@
+name: CI Workflow
+
+on:
+  push:
+    branches: [ '**' ]
+  workflow_dispatch:
+
+concurrency: ci-${{ github.ref }}
+
+jobs:
+
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    env:
+      API_SPEC_DEV_BRANCH: main
+      API_SPEC_TAG: 3.1-2.0.2
+      APPID_TENANT: 0f389ea4-778e-4831-9b29-6156c4c1df1e
+      APPID_URL: https://us-east.appid.cloud.ibm.com
+      ELASTIC_CRN: "crn:v1:bluemix:public:databases-for-elasticsearch:us-east:a/52366c9ab214402f9e96917b1b2850e9:c9acb36a-0feb-4b6e-aac1-6651c71d19e4::"
+      ELASTIC_URL: https://c9acb36a-0feb-4b6e-aac1-6651c71d19e4.2adb0220806343e3ae11df79c89b377f.databases.appdomain.cloud:32085
+      HRI_URL: https://localhost:1323/hri
+      IAM_CLOUD_URL: https://iam.cloud.ibm.com
+      JWT_AUDIENCE_ID: 21e7d376-9cdb-4a9d-a11f-9b76c007244d
+      KAFKA_BROKERS: broker-0-twvyj4m0kft5j0mh.kafka.svc01.us-east.eventstreams.cloud.ibm.com:9093,broker-1-twvyj4m0kft5j0mh.kafka.svc01.us-east.eventstreams.cloud.ibm.com:9093,broker-2-twvyj4m0kft5j0mh.kafka.svc01.us-east.eventstreams.cloud.ibm.com:9093,broker-3-twvyj4m0kft5j0mh.kafka.svc01.us-east.eventstreams.cloud.ibm.com:9093,broker-4-twvyj4m0kft5j0mh.kafka.svc01.us-east.eventstreams.cloud.ibm.com:9093,broker-5-twvyj4m0kft5j0mh.kafka.svc01.us-east.eventstreams.cloud.ibm.com:9093
+      KAFKA_INSTANCE: hri-dev1-event-streams
+      TENANT_ID: test
+      COS_URL: https://s3.us-east.cloud-object-storage.appdomain.cloud
+
+      CLOUD_API_KEY: ${{ secrets.CLOUD_API_KEY }}
+      ELASTIC_PASSWORD: ${{ secrets.ELASTIC_PASSWORD }}
+      ELASTIC_USERNAME: ${{ secrets.ELASTIC_USERNAME }}
+      KAFKA_PASSWORD: ${{ secrets.KAFKA_PASSWORD }}
+
+    steps:
+      - name: Set Branch Name
+        uses: nelonoel/[email protected]
+
+      - name: Install Go 1.15
+        uses: actions/setup-go@v2
+        with:
+          go-version: ^1.15
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Copyright Check
+        run: ./copyrightCheck.sh
+
+      - name: Build HRI Executable and Run Unit Tests
+        run: make
+
+      - name: Run Smoke Tests
+        run: ./run-smoketests.sh
+
+      - name: Install Ruby 2.6.5
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6.5
+          bundler-cache: false
+
+      - name: Install Ruby Gems, Run Dredd Tests, and Run IVT
+        run: |
+          gem install bundler
+          BUNDLE_GEMFILE="./test/Gemfile" bundle install
+          gem specific_install -l https://github.com/Alvearie/hri-test-helpers.git main
+          gem install dredd_hooks
+          ./run-dreddtests.sh
+          curl -sL https://ibm.biz/idt-installer | bash
+          ibmcloud login --apikey $CLOUD_API_KEY -r us-east || { echo 'IBM Cloud CLI login failed!'; exit 1; }
+          ibmcloud plugin install event-streams
+          ibmcloud es init -i ${KAFKA_INSTANCE}
+          ./run-ivttests.sh
+
+      - name: Upload Test Results
+        if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/support-')
+        run: |
+          ./combine_ivt_results.sh
+          ./test/spec/upload_test_reports.rb IVT
+          ./test/spec/upload_test_reports.rb Dredd
+
+      - name: Post Slack Update
+        if: ${{ failure() && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/support-') ) }}
+        id: slack
+        uses: slackapi/[email protected]
+        with:
+          payload: "{\"Repo\":\"${{ github.repository }}\",\"Workflow\":\"${{ github.workflow }}\",\"Branch\":\"${{ env.BRANCH_NAME }}\",\"Link\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}"
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  docker-build:
+    name: Docker Build
+    needs: build
+    if: ${{ github.ref == 'refs/heads/develop' }}
+    runs-on: ubuntu-latest
+    env:
+      IMAGE_NAME: mgmt-api
+      TOOLCHAIN_ID: 44eca025-5bc3-4dc9-8d86-d8c4956d09f0
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Determine Image Name & Tag
+        run: |
+          IMAGE_ID=ghcr.io/${{ github.repository }}/$IMAGE_NAME
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          echo IMAGE_ID=$IMAGE_ID:$VERSION
+          echo "IMAGE_ID=$IMAGE_ID:$VERSION" >> $GITHUB_ENV
+
+      - name: Build image
+        run: docker build . --file docker/Dockerfile --tag $IMAGE_ID --label "runnumber=${GITHUB_RUN_ID}"
+
+      - name: Dockle Linter
+        uses: erzz/[email protected]
+        with:
+          image: "${{ env.IMAGE_ID }}"
+          report-format: sarif
+          exit-code: 1
+          failure-threshold: 'WARN'
+
+      - name: Vulnerability Scan
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: "${{ env.IMAGE_ID }}"
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Push image
+        run: docker push $IMAGE_ID
+
+      - name: Trigger IBM Toolchain
+        if: github.ref == 'refs/heads/develop'
+        env:
+          CLOUD_API_KEY: ${{ secrets.CLOUD_API_KEY }}
+        run: |
+          curl -sL https://ibm.biz/idt-installer | bash
+          ibmcloud login --apikey $CLOUD_API_KEY -r us-east
+          ibmcloud dev tekton-trigger $TOOLCHAIN_ID --trigger-name 'CD Manual Trigger'
+
+      - name: Post Slack Update
+        if: ${{ failure() }}
+        id: slack
+        uses: slackapi/[email protected]
+        with:
+          payload: "{\"Repo\":\"${{ github.repository }}\",\"Workflow\":\"${{ github.workflow }}\",\"Branch\":\"${{ env.BRANCH_NAME }}\",\"Link\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}"
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/code-scans.yml

@@ -0,0 +1,44 @@
+name: Code Scans 
+
+on:
+  push:
+   branches: [ 'main', 'develop', 'support-*' ]
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+concurrency: code-scans-${{ github.ref }}
+
+jobs:
+  code-analysis:
+    name: Static Code Analysis
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        # full checkout for SonarCloud analysis
+        fetch-depth: 0
+
+    - name: Setup Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.15
+
+    - name: Unit Tests and Coverage
+      run: make test
+
+    - name: SonarCloud Scan
+      uses: sonarsource/[email protected]
+      with:
+        projectBaseDir: ./src
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+    - name: Post Slack Update
+      if: ${{ failure() && github.event_name == 'push' }}
+      id: slack
+      uses: slackapi/[email protected]
+      with:
+        payload: "{\"Repo\":\"${{ github.repository }}\",\"Workflow\":\"${{ github.workflow }}\",\"Branch\":\"${{ env.BRANCH_NAME }}\",\"Link\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}"
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/pull_request.yml

@@ -0,0 +1,47 @@
+name: Pull Request Checks 
+
+on:
+  pull_request:
+    types: [opened]
+  pull_request_review:
+   types: [submitted]
+
+concurrency: pr-${{ github.ref }}
+
+jobs:
+  dependency-checks:
+    name: Dependency Checks
+    # run if the PR was opened or there was a comment containing '/pr_checks'
+    if: (github.event_name == 'pull_request') || (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/pr_checks'))
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Setup Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.15
+
+    - name: Check Dependencies
+      # override default -eo pipefail
+      shell: bash --noprofile --norc {0}
+      run: |
+        wget -q -O nancy https://github.com/sonatype-nexus-community/nancy/releases/download/v1.0.22/nancy-v1.0.22-linux-amd64
+        chmod 555 nancy
+        cd src
+        go list -json -m all | ../nancy sleuth
+        found=$?
+        echo "VULNERABILITIES=$found" >> $GITHUB_ENV
+        [[ "$found" == 1 ]] && echo "::error ::Vulnerabilities found in dependencies."
+        exit 0
+
+    - uses: actions/github-script@v4
+      if: ${{ env.VULNERABILITIES != 0 }}
+      with:
+        script: |
+          github.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: "## ⚠️ Vulnerabilities found in dependencies.\nSee the 'PR -> Vulnerability Checks' logs for more details: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          })

.github/workflows/release.yml

@@ -0,0 +1,78 @@
+name: Release
+
+on: 
+  push:
+    tags: [ '**' ]
+  workflow_dispatch:
+
+concurrency: release-${{ github.ref }}
+
+env:
+  IMAGE_NAME: mgmt-api
+  WH_COMMONS_CR: us.icr.io/wh-common-rns/hri
+
+jobs:
+  docker-build:
+    name: Docker Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Determine Image Name & Tag
+        run: |
+          IMAGE_ID=ghcr.io/${{ github.repository }}/$IMAGE_NAME
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          # Strip "v" prefix from tag name
+          VERSION=$(echo $VERSION | sed -e 's/^v//')
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo IMAGE_ID=$IMAGE_ID:$VERSION
+          echo "IMAGE_ID=$IMAGE_ID:$VERSION" >> $GITHUB_ENV
+
+      - name: Build image
+        run: docker build . --file docker/Dockerfile --tag $IMAGE_ID --label "runnumber=${GITHUB_RUN_ID}"
+
+      - name: Dockle Linter
+        uses: erzz/[email protected]
+        with:
+          image: "${{ env.IMAGE_ID }}"
+          report-format: sarif
+          exit-code: 1
+          failure-threshold: 'WARN'
+
+      - name: Vulnerability Scan
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: "${{ env.IMAGE_ID }}"
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Push image
+        run: docker push $IMAGE_ID
+
+      - name: Push image to WH Commons CR
+        env:
+          CLOUD_API_KEY: ${{ secrets.CLOUD_API_KEY }}
+        run: |
+          curl -sL https://ibm.biz/idt-installer | bash
+          ibmcloud login --apikey $CLOUD_API_KEY -r us-south
+          ibmcloud cr login
+          docker tag $IMAGE_ID $WH_COMMONS_CR/$IMAGE_NAME:$VERSION
+          docker push $WH_COMMONS_CR/$IMAGE_NAME:$VERSION
+
+      - name: Post Slack Update
+        if: ${{ failure() }}
+        id: slack
+        uses: slackapi/[email protected]
+        with:
+          payload: "{\"Repo\":\"${{ github.repository }}\",\"Workflow\":\"${{ github.workflow }}\",\"Branch\":\"${{ env.BRANCH_NAME }}\",\"Link\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}"
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.gitignore

@@ -11,7 +11,12 @@ src/testCoverage.out
 
 build/
 src/github.com
+src/hri
 pkg
+.gradle
+.DS_Store
+test/.idea
+test/jwt_assertion_tokens.json
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
@@ -26,3 +31,7 @@ test/jwt_assertion_tokens.json
 
 #VS Code:
 *.code-workspace
+
+# Docker test files
+docker/test.env
+