Ok 735 ovara build and deploy

.github/workflows/build.yml

@@ -0,0 +1,148 @@
+name: Ovara-virkailija build workflow
+
+on:
+  workflow_dispatch:
+  push:
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  # BACKEND
+  build-backend:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/cache@v4
+        id: restore-build
+        with:
+          path: |
+            ovara-backend/target
+          key: ${{ github.sha }}
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: '21'
+          distribution: 'corretto'
+          cache: 'maven'
+
+      - uses: szenius/[email protected]
+        with:
+          timezoneLinux: "Europe/Helsinki"
+
+      - name: Build with Maven
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          cd ovara-backend
+          mvn clean package -B
+
+  deploy-backend-container:
+    needs: build-backend
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/cache@v4
+        id: restore-build
+        with:
+          path: |
+            ovara-backend/target
+          key: ${{ github.sha }}
+
+      - name: Build and deploy Docker container
+        shell: bash
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          set -euo pipefail
+          git clone https://github.com/Opetushallitus/ci-tools.git
+          source ci-tools/common/setup-tools.sh
+          export ARTIFACT_NAME="ovara-backend"
+          export BASE_IMAGE="baseimage-fatjar-openjdk21:master"
+          source ci-tools/common/setup-tools.sh
+          mv ovara-backend/target/ovara-backend-*.jar $DOCKER_BUILD_DIR/artifact/${ARTIFACT_NAME}.jar
+          cp -vr ovara-backend/src/main/resources/oph-configuration $DOCKER_BUILD_DIR/config/oph-configuration/
+          ./ci-tools/common/pull-image.sh
+          ./ci-tools/github-build/build-fatjar.sh $ARTIFACT_NAME
+          ./ci-tools/github-build/upload-image.sh $ARTIFACT_NAME
+
+  # UI
+  lint:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - name: Install dependencies
+        run: |
+          cd ovara-ui
+          npm ci
+      - name: Run lint
+        run: |
+          cd ovara-ui
+          # npm run typecheck
+          npm run lint
+
+  test:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - name: Install dependencies
+        run: |
+          cd ovara-ui
+          npm ci
+      - name: Run unit tests
+        run: |
+          cd ovara-ui
+          npm test
+
+  deploy-ui-zip:
+    needs: [lint, test]
+    timeout-minutes: 30
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - name: Install dependencies
+        run: |
+          cd ovara-ui
+          npm ci --no-audit --prefer-offline
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
+        with:
+          role-to-assume: ${{ secrets.AWS_OPH_UTILITY_ROLE_ARN }}
+          role-session-name: ovara-ui-deploy-zip
+          aws-region: eu-west-1
+      - name: Deploy zip to s3
+        env:
+          bucket: ${{ secrets.BUCKET_NAME }}
+        run: |
+          cd ovara-ui
+          SKIP_TYPECHECK=true npm run build
+          zip -r ga-${{github.run_number}}.zip .next/*.* .next/BUILD_ID .next/static .next/standalone public
+          aws s3 cp --no-progress ga-${{github.run_number}}.zip s3://"$bucket"/ovara-ui/ga-${{github.run_number}}.zip

.gitignore

@@ -4,3 +4,12 @@ node_modules
 .next
 
 .mise.toml
+
+# local env files
+.env*.local
+
+# CDK
+.cdk.staging
+cdk.out
+.open-next
+cdk/**/*.d.ts

ovara-backend/.gitignore

@@ -34,6 +34,6 @@ build/
 
 .mise.toml
 
-application-dev.properties
+src/main/resources/oph-configuration/application-dev.properties
 
 ovara.dump

ovara-backend/pom.xml

@@ -30,6 +30,7 @@
         <scala.version>3.5.0</scala.version>
         <java.cas.version>1.2.1-SNAPSHOT</java.cas.version>
         <scalatest.version>3.2.19</scalatest.version>
+
     </properties>
     <dependencies>
         <dependency>
@@ -152,6 +153,42 @@
             <artifactId>slf4j-api</artifactId>
         </dependency>
     </dependencies>
+
+    <repositories>
+        <repository>
+            <id>github</id>
+            <url>https://maven.pkg.github.com/opetushallitus/packages</url>
+            <releases>
+                <enabled>false</enabled>
+                <checksumPolicy>warn</checksumPolicy>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+                <updatePolicy>daily</updatePolicy>
+                <checksumPolicy>warn</checksumPolicy>
+            </snapshots>
+        </repository>
+        <repository>
+            <id>oph-sade-artifactory-snapshots</id>
+            <url>https://artifactory.opintopolku.fi/artifactory/oph-sade-snapshot-local</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
+        <repository>
+            <id>oph-sade-artifactory-releases</id>
+            <url>https://artifactory.opintopolku.fi/artifactory/oph-sade-release-local</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
     <build>
         <plugins>
             <plugin>
@@ -171,6 +208,33 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.7</version>
+                <configuration>
+                    <skipTests>true</skipTests>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.scalatest</groupId>
+                <artifactId>scalatest-maven-plugin</artifactId>
+                <version>2.2.0</version>
+                <configuration>
+                    <reportsDirectory>${project.build.directory}/surefire-reports</reportsDirectory>
+                    <junitxml>.</junitxml>
+                    <filereports>WDF TestSuite.txt</filereports>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>test</id>
+                        <goals>
+                            <goal>test</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
         </plugins>
     </build>
 

ovara-backend/settings.xml

@@ -1,4 +1,5 @@
 <!-- Maven settings -tiedosto CI-buildia varten, tarvitaan jotta voidaan autentikoitua Github Packages -repoon -->
+
 <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
@@ -29,5 +30,15 @@
             <username>private-token</username>
             <password>${env.GITHUB_TOKEN}</password>
         </server>
+        <server>
+            <id>oph-sade-artifactory</id>
+            <username>${env.ARTIFACTORY_USERNAME}</username>
+            <password>${env.ARTIFACTORY_PASSWORD}</password>
+        </server>
+        <server>
+            <id>oph-nexus</id>
+            <username>${env.ARTIFACTORY_USERNAME}</username>
+            <password>${env.ARTIFACTORY_PASSWORD}</password>
+        </server>
     </servers>
 </settings>

ovara-backend/src/main/resources/oph-configuration/application-prod.properties.template

@@ -0,0 +1,16 @@
+# ENVIRONMENT SPECIFIC CONFIG
+# DB CONNECTION
+spring.datasource.url={{host_postgresql_ovara}}
+spring.datasource.username={{ovara_backend_postgresql_username}}
+spring.datasource.password={{ovara_backend_postgresql_password}}
+
+# CAS
+opintopolku.virkailija.domain={{host_virkailija}}
+opintopolku.virkailija.url=https://${opintopolku.virkailija.domain}
+ovara.backend.url=${opintopolku.virkailija.url}/ovara-backend
+ovara.ui.url=${opintopolku.virkailija.url}/ovara
+cas.url=${opintopolku.virkailija.url}/cas
+ovara-backend.cas.username={{ovara_backend_cas_username}}
+ovara-backend.cas.password={{ovara_backend_cas_password}}
+
+ovara_backend.uses-ssl-proxy

ovara-backend/src/main/resources/oph-configuration/application.properties

@@ -0,0 +1,6 @@
+spring.application.name=ovara-backend
+server.servlet.context-path=/ovara-backend
+
+#swagger-ui config
+springdoc.swagger-ui.path=/swagger-ui
+springdoc.swagger-ui.operationsSorter=alpha

ovara-backend/src/main/scala/fi/oph/ovara/backend/raportointi/Controller.scala

@@ -37,8 +37,8 @@ class Controller(
   mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
   mapper.configure(SerializationFeature.INDENT_OUTPUT, true)
 
-  @GetMapping(path = Array("ping"))
-  def ping = "Ovara application is running!"
+  @GetMapping(path = Array("healthcheck"))
+  def healthcheck = "Ovara application is running!"
 
   @GetMapping(path = Array("user"))
   def user(@AuthenticationPrincipal userDetails: UserDetails): String = {

ovara-backend/src/main/scala/fi/oph/ovara/backend/security/SecurityConfig.scala

@@ -22,14 +22,14 @@ import org.springframework.security.web.authentication.HttpStatusEntryPoint
 
 @Configuration
 @EnableWebSecurity
-class CasConfig  {
+class SecurityConfig  {
   @Value("${cas.url}")
   val cas_url: String = null
 
   @Value("${ovara.backend.url}")
   val ovara_backend_url: String = null
 
-  @Value("${opintopolku.virkailija.domain}")
+  @Value("${opintopolku.virkailija.url}")
   val opintopolku_virkailija_domain: String = null
 
   @Value("${ovara-backend.cas.username}")
@@ -116,6 +116,16 @@ class CasConfig  {
       .build()
   }
 
+  @Bean
+  @Order(3)
+  def healthcheckFilterChain(http: HttpSecurity): SecurityFilterChain = {
+    http
+      .securityMatcher("/api/healthcheck")
+      .authorizeHttpRequests(requests => requests.anyRequest.permitAll)
+      .csrf(c => c.disable)
+      .build()
+  }
+
   @Bean
   @Order(1)
   def csrfFilterChain(http: HttpSecurity): SecurityFilterChain = {

ovara-backend/src/main/scala/fi/oph/ovara/backend/service/OnrService.scala

@@ -18,7 +18,7 @@ import scala.jdk.javaapi.FutureConverters.asScala
 class OnrService {
   val LOG: Logger = LoggerFactory.getLogger(classOf[OnrService])
 
-  @Value("${opintopolku.virkailija.domain}")
+  @Value("${opintopolku.virkailija.url}")
   val opintopolku_virkailija_domain: String = null
 
   @Autowired