Merge remote-tracking branch 'upstream/main' into feature/vote-decrypt

.github/workflows/docker.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: Check out code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: create secrets
       run: |

.github/workflows/project-automation.yml

@@ -0,0 +1,32 @@
+name: Project automation
+on:
+  workflow_call:
+    inputs:
+      resource_node_id:
+        required: true
+        type: string
+      status_value:
+        required: true
+        type: string
+    secrets:
+      AUTOMATION_APP_ID:
+        required: true
+      AUTOMATION_APP_INSTALLATION_ID:
+        required: true
+      AUTOMATION_APP_PRIVATE_KEY:
+        required: true
+
+jobs:
+  workflow_call:
+    name: Set status
+    runs-on: ubuntu-latest
+    steps:
+      - uses: leonsteinhaeuser/[email protected]
+        with:
+          gh_app_ID: ${{ secrets.AUTOMATION_APP_ID }}
+          gh_app_installation_ID: ${{ secrets.AUTOMATION_APP_INSTALLATION_ID }}
+          gh_app_secret_key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }}
+          organization: OpenSlides
+          project_id: 2
+          resource_node_id: ${{ inputs.resource_node_id }}
+          status_value: ${{ inputs.status_value }}

.github/workflows/project-issue-closed.yml

@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  issues:
+    types:
+      - closed
+
+jobs:
+  issue_closed:
+    name: Issue closed
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.issue.node_id }}
+      status_value: "Done"

.github/workflows/project-issue-opened.yml

@@ -0,0 +1,15 @@
+name: Project automation
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  issue_opened:
+    name: Issue opened
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.issue.node_id }}
+      status_value: "Backlog"

.github/workflows/project-pull-request-closed.yml

@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - closed
+
+jobs:
+  pull_request_closed:
+    name: Pull request closed
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Done"

.github/workflows/project-pull-request-opened.yml

@@ -0,0 +1,15 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  pull_request_opened:
+    name: Pull request opened
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Work in progress"

.github/workflows/project-pull-request-review-requested.yml

@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - review_requested
+
+jobs:
+  pull_request_review_requested:
+    name: Pull request review requested
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Review in progress"

.github/workflows/test.yml

@@ -6,12 +6,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: '1.20'
+        go-version: '1.21'
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: go fmt
       run: test -z $(gofmt -l .)
@@ -30,15 +30,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Start environment
       run: docker-compose -f "system_test/docker-compose.yml" up -d --build
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: '1.20'
+        go-version: '1.21'
 
     - name: run test
       run: VOTE_SYSTEM_TEST=1 go test -timeout 60s ./system_test/

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.20.6-alpine as base
+FROM golang:1.21.6-alpine as base
 WORKDIR /root/
 
 RUN apk add git

backend/backend.go

@@ -14,20 +14,20 @@ import (
 )
 
 var (
-	envRedisHost = environment.NewVariable("VOTE_REDIS_HOST", "localhost", "Host of the redis used for the fast backend.")
-	envRedisPort = environment.NewVariable("VOTE_REDIS_PORT", "6379", "Port of the redis used for the fast backend.")
+	envRedisHost = environment.NewVariable("CACHE_HOST", "localhost", "Host of the redis used for the fast backend.")
+	envRedisPort = environment.NewVariable("CACHE_PORT", "6379", "Port of the redis used for the fast backend.")
 
-	envPostgresHost     = environment.NewVariable("VOTE_DATABASE_HOST", "localhost", "Host of the postgres database used for long polls.")
-	envPostgresPort     = environment.NewVariable("VOTE_DATABASE_PORT", "5432", "Port of the postgres database used for long polls.")
-	envPostgresUser     = environment.NewVariable("VOTE_DATABASE_USER", "openslides", "Databasename of the postgres database used for long polls.")
-	envPostgresDatabase = environment.NewVariable("VOTE_DATABASE_NAME", "openslides", "Name of the database to save long running polls.")
-	envPostgresPassword = environment.NewSecret("postgres_password", "Password of the postgres database used for long polls.")
+	envPostgresHost         = environment.NewVariable("VOTE_DATABASE_HOST", "localhost", "Host of the postgres database used for long polls.")
+	envPostgresPort         = environment.NewVariable("VOTE_DATABASE_PORT", "5432", "Port of the postgres database used for long polls.")
+	envPostgresUser         = environment.NewVariable("VOTE_DATABASE_USER", "openslides", "Databasename of the postgres database used for long polls.")
+	envPostgresDatabase     = environment.NewVariable("VOTE_DATABASE_NAME", "openslides", "Name of the database to save long running polls.")
+	envPostgresPasswordFile = environment.NewVariable("VOTE_DATABASE_PASSWORD_FILE", "/run/secrets/postgres_password", "Password of the postgres database used for long polls.")
 
 	envSingleInstance = environment.NewVariable("VOTE_SINGLE_INSTANCE", "false", "More performance if the serice is not scalled horizontally.")
 )
 
 // Build builds a fast and a long backends from the environment.
-func Build(lookup environment.Environmenter) (fast, long func(context.Context) (vote.Backend, error), singleInstance bool) {
+func Build(lookup environment.Environmenter) (fast, long func(context.Context) (vote.Backend, error), singleInstance bool, err error) {
 	// All environment variables have to be called in this function and not in a
 	// sub function. In other case they will not be included in the generated
 	// file environment.md.
@@ -47,10 +47,15 @@ func Build(lookup environment.Environmenter) (fast, long func(context.Context) (
 		return r, nil
 	}
 
+	dbPassword, err := environment.ReadSecret(lookup, envPostgresPasswordFile)
+	if err != nil {
+		return nil, nil, false, fmt.Errorf("reading postgres password: %w", err)
+	}
+
 	postgresAddr := fmt.Sprintf(
 		`user='%s' password='%s' host='%s' port='%s' dbname='%s'`,
 		encodePostgresConfig(envPostgresUser.Value(lookup)),
-		encodePostgresConfig(envPostgresPassword.Value(lookup)),
+		dbPassword,
 		encodePostgresConfig(envPostgresHost.Value(lookup)),
 		encodePostgresConfig(envPostgresPort.Value(lookup)),
 		encodePostgresConfig(envPostgresDatabase.Value(lookup)),
@@ -76,7 +81,7 @@ func Build(lookup environment.Environmenter) (fast, long func(context.Context) (
 		fast = buildMemory
 	}
 
-	return fast, long, singleInstace
+	return fast, long, singleInstace, nil
 }
 
 // encodePostgresConfig encodes a string to be used in the postgres key value style.

environment.md

@@ -8,32 +8,24 @@ The Service uses the following environment variables:
 * `VOTE_PORT`: Port on which the service listen on. The default is `9013`.
 * `MESSAGE_BUS_HOST`: Host of the redis server. The default is `localhost`.
 * `MESSAGE_BUS_PORT`: Port of the redis server. The default is `6379`.
-* `DATASTORE_DATABASE_USER`: Postgres User. The default is `openslides`.
 * `OPENSLIDES_DEVELOPMENT`: If set, the service uses the default secrets. The default is `false`.
-* `SECRETS_PATH`: Path where the secrets are stored. The default is `/run/secrets`.
-* `DATASTORE_DATABASE_HOST`: Postgres Host. The default is `localhost`.
-* `DATASTORE_DATABASE_PORT`: Postgres Post. The default is `5432`.
-* `DATASTORE_DATABASE_NAME`: Postgres Database. The default is `openslides`.
+* `DATABASE_PASSWORD_FILE`: Postgres Password. The default is `/run/secrets/postgres_password`.
+* `DATABASE_USER`: Postgres Database. The default is `openslides`.
+* `DATABASE_HOST`: Postgres Host. The default is `localhost`.
+* `DATABASE_PORT`: Postgres Post. The default is `5432`.
+* `DATABASE_NAME`: Postgres User. The default is `openslides`.
 * `AUTH_PROTOCOL`: Protocol of the auth service. The default is `http`.
 * `AUTH_HOST`: Host of the auth service. The default is `localhost`.
 * `AUTH_PORT`: Port of the auth service. The default is `9004`.
 * `AUTH_FAKE`: Use user id 1 for every request. Ignores all other auth environment variables. The default is `false`.
-* `VOTE_REDIS_HOST`: Host of the redis used for the fast backend. The default is `localhost`.
-* `VOTE_REDIS_PORT`: Port of the redis used for the fast backend. The default is `6379`.
+* `AUTH_TOKEN_KEY_FILE`: Key to sign the JWT auth tocken. The default is `/run/secrets/auth_token_key`.
+* `AUTH_COOKIE_KEY_FILE`: Key to sign the JWT auth cookie. The default is `/run/secrets/auth_cookie_key`.
+* `CACHE_HOST`: Host of the redis used for the fast backend. The default is `localhost`.
+* `CACHE_PORT`: Port of the redis used for the fast backend. The default is `6379`.
+* `VOTE_DATABASE_PASSWORD_FILE`: Password of the postgres database used for long polls. The default is `/run/secrets/postgres_password`.
 * `VOTE_DATABASE_USER`: Databasename of the postgres database used for long polls. The default is `openslides`.
 * `VOTE_DATABASE_HOST`: Host of the postgres database used for long polls. The default is `localhost`.
 * `VOTE_DATABASE_PORT`: Port of the postgres database used for long polls. The default is `5432`.
 * `VOTE_DATABASE_NAME`: Name of the database to save long running polls. The default is `openslides`.
 * `VOTE_SINGLE_INSTANCE`: More performance if the serice is not scalled horizontally. The default is `false`.
 * `VOTE_DECRYPT_SERVICE`: Host and port of the decrypt service. Empty string to disable this feature. The default is ``.
-
-
-## Secrets
-
-Secrets are filenames in the directory `SECRETS_PATH` (default: `/run/secrets/`). 
-The service only starts if it can find each secret file and read its content. 
-The default values are only used, if the environment variable `OPENSLIDES_DEVELOPMENT` is set.
-
-* `postgres_password`: Postgres Password. The default is `openslides`.
-* `auth_token_key`: Key to sign the JWT auth tocken. The default is `auth-dev-token-key`.
-* `auth_cookie_key`: Key to sign the JWT auth cookie. The default is `auth-dev-cookie-key`.

go.mod

@@ -1,52 +1,52 @@
 module github.com/OpenSlides/openslides-vote-service
 
-go 1.20
+go 1.21
 
 require (
-	github.com/OpenSlides/openslides-autoupdate-service v0.4.1-0.20230715174429-9ae2b8b93596
+	github.com/OpenSlides/openslides-autoupdate-service v0.4.1-0.20240202132656-5f250dd2b6b3
 	github.com/OpenSlides/vote-decrypt v0.0.0-20230712184022-ae80dcaacc54
-	github.com/alecthomas/kong v0.8.0
+	github.com/alecthomas/kong v0.8.1
 	github.com/gomodule/redigo v1.8.9
-	github.com/jackc/pgx/v5 v5.4.2
+	github.com/jackc/pgx/v5 v5.5.2
 	github.com/ory/dockertest/v3 v3.10.0
 )
 
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/containerd/continuity v0.3.0 // indirect
-	github.com/docker/cli v23.0.1+incompatible // indirect
-	github.com/docker/docker v23.0.3+incompatible // indirect
+	github.com/docker/cli v23.0.4+incompatible // indirect
+	github.com/docker/docker v24.0.7+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/puddle/v2 v2.2.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 // indirect
+	github.com/jackc/puddle/v2 v2.2.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2 // indirect
-	github.com/opencontainers/runc v1.1.7 // indirect
+	github.com/opencontainers/runc v1.1.12 // indirect
 	github.com/ostcar/topic v0.4.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.9.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
 	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.56.2 // indirect