feature/init gateway

.github/workflows/build.yaml

@@ -1,19 +1,15 @@
-name: build and test
+name: build
 
-on: [push]
+on:
+  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
-  compliance:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Advance Security Policy as Code
-        uses: advanced-security/[email protected]
-        with:
-          policy: it-at-m/policy-as-code
-          policy-path: default.yaml
-          token: ${{ secrets.GITHUB_TOKEN }}
-          argvs: "--disable-dependabot --disable-secret-scanning --disable-code-scanning --display"
+  maven:
+    uses: ./.github/workflows/maven.yaml
+    with:
+      build-images: ${{ github.ref_name == 'main' }}
+      release-version: dev
+    secrets: inherit

.github/workflows/dependency_review.yaml

@@ -0,0 +1,15 @@
+name: dependency-review
+
+on:
+  pull_request:
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          config-file: it-at-m/.github/workflow-configs/dependency_review.yaml@main

.github/workflows/maven.yaml

@@ -0,0 +1,93 @@
+env:
+  JAVA_VERSION: 17
+  REGISTRY: ghcr.io
+  TZ: Europe/Berlin
+
+on:
+  workflow_call:
+    inputs:
+      snapshot-release:
+        description: 'Snapshot release?'
+        type: boolean
+        default: true
+      build-images:
+        description: 'Build and push images?'
+        type: boolean
+        default: false
+      release-version:
+        description: 'Release version'
+        type: string
+        required: false
+        default: "X.Y.Z"
+      next-version:
+        description: "Next version to use after release."
+        type: string
+        required: false
+        default: "X.Y.Z-SNAPSHOT"
+
+jobs:
+  build-maven:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: "temurin"
+          cache: "maven"
+      - name: Maven build
+        if: ${{ inputs.snapshot-release != false }}
+        run: mvn --batch-mode clean install
+      - name: Maven release
+        if: ${{ inputs.snapshot-release == false }}
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "GitHub Actions"
+          mvn release:prepare -f ./pom.xml -B -DreleaseVersion=${{ inputs.release-version }} -DdevelopmentVersion=${{ inputs.next-version }}
+          mvn release:perform -f ./pom.xml -Darguments="-Dmaven.deploy.skip=true"
+      - name: "Upload target artifacts"
+        uses: actions/upload-artifact@v4
+        with:
+          name: target
+          path: "**/target"
+          retention-days: 5
+
+  build-images:
+    if: inputs.build-images == true
+    needs: build-maven
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - name: refarch-gateway
+            path: ./refarch-gateway
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Download target artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: target
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for image
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: "${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.name }}"
+          tags: |
+            type=raw,value=${{ inputs.release-version }}
+            type=raw,value=latest,enable=${{ inputs.snapshot-release == false }}
+      - name: Build and push image
+        uses: docker/build-push-action@v4
+        with:
+          context: ${{ matrix.path }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/release.yaml

@@ -0,0 +1,46 @@
+name: release
+
+on:
+  workflow_dispatch:
+    inputs:
+      snapshot-release:
+        description: 'Snapshot release?'
+        type: boolean
+        default: true
+      build-images:
+        description: 'Build and push images?'
+        type: boolean
+        default: false
+      release-version:
+        description: 'Release version'
+        type: string
+        required: true
+        default: "X.Y.Z"
+      next-version:
+        description: "Next version to use after release."
+        type: string
+        required: true
+        default: "X.Y.Z-SNAPSHOT"
+
+jobs:
+  build:
+    uses: ./.github/workflows/maven.yaml
+    with:
+      snapshot-release: ${{ inputs.snapshot-release != false }}
+      build-images: true
+      release-version: ${{ inputs.release-version }}
+    secrets: inherit
+
+  create-github-release:
+    if: ${{ inputs.snapshot-release == false }}
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create GitHub Release
+        id: create_release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.inputs.release-version }}
+          draft: false
+          prerelease: false
+          generate_release_notes: false

.gitignore

@@ -0,0 +1,34 @@
+# Covers Maven specific
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+!/.mvn/wrapper/maven-wrapper.jar
+
+# Covers Eclipse specific:
+.settings/
+.classpath
+.project
+
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
+.idea
+*.iml
+
+# Covers Netbeans:
+**/nbproject/private/
+**/nbproject/Makefile-*.mk
+**/nbproject/Package-*.bash
+build/
+nbbuild/
+dist/
+nbdist/
+.nb-gradle/
+
+# Sonstiges
+$(pwd)
+

README.md

@@ -1,60 +1,23 @@
-## Customize this file after creating the new REPO and remove this lines.
-What to adjust:  
-* Add the your project or repo name direct under the logo.
-* Add a short and long desciption.
-* Add links for your final repo to report a bug or request a feature.
-* Add list of used technologies.
-* If you have, add a roadmap or remove this section.
-* Fill up the section for set up and documentation.
- * Start in this file only with documentation and link to the docs folder.
-* Add more project shields. Use [shields.io](https://shields.io/) with style `for-the-badge`.
-
-## ------- end to remove -------
-<!-- add Project Logo, if existing -->
-
-# repo or project name
+# Refarch
 
 [![Made with love by it@M][made-with-love-shield]][itm-opensource]
 <!-- feel free to add more shields, style 'for-the-badge' -> see https://shields.io/badges -->
 
-*Add a description from your project here.*
+Collection of different reference architecture (Refarch) components developed by it@M.
 
+## Usage
 
-### Built With
+The usage of the different components is described in their corresponding README.md
 
-The documentation project is built with technologies we use in our projects:
-
-* *write here the list of used technologies*
-
-## Roadmap
-
-*if you have a ROADMAP for your project add this here*
-
-
-See the [open issues](#) for a full list of proposed features (and known issues).
-
-
-## Set up
-*how can i start and fly this project*
-
-## Documentation
-*what insights do you have to tell*
-
-```mermaid
-graph TD;
-    A-->B;
-    A-->C;
-    B-->D;
-    C-->D;
-```
-
-use [diagrams](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams).
+- [refarch-gateway](./refarch-gateway/README.md)
 
 ## Contributing
 
-Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any
+contributions you make are **greatly appreciated**.
 
-If you have a suggestion that would make this better, please open an issue with the tag "enhancement", fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
+If you have a suggestion that would make this better, please open an issue with the tag "enhancement", fork the repo and
+create a pull request. You can also simply open an issue with the tag "enhancement".
 Don't forget to give the project a star! Thanks again!
 
 1. Open an issue with the tag "enhancement"
@@ -66,16 +29,16 @@ Don't forget to give the project a star! Thanks again!
 
 More about this in the [CODE_OF_CONDUCT](/CODE_OF_CONDUCT.md) file.
 
-
 ## License
 
 Distributed under the MIT License. See [LICENSE](LICENSE) file for more information.
 
-
 ## Contact
 
 it@M - [email protected]
 
 <!-- project shields / links -->
+
 [made-with-love-shield]: https://img.shields.io/badge/made%20with%20%E2%9D%A4%20by-it%40M-yellow?style=for-the-badge
+
 [itm-opensource]: https://opensource.muenchen.de/

pom.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>de.muenchen.oss</groupId>
+    <artifactId>refarch</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+    <name>refarch</name>
+
+    <modules>
+        <module>refarch-gateway</module>
+    </modules>
+
+    <scm>
+        <url>https://github.com/it-at-m/refarch.git</url>
+        <connection>scm:git:https://github.com/it-at-m/refarch.git</connection>
+        <developerConnection>scm:git:https://github.com/it-at-m/refarch.git</developerConnection>
+    </scm>
+    <licenses>
+        <license>
+            <name>MIT</name>
+        </license>
+    </licenses>
+</project>

refarch-gateway/Dockerfile

@@ -0,0 +1,3 @@
+FROM registry.access.redhat.com/ubi9/openjdk-17:latest
+
+COPY target/*.jar /deployments/spring-boot-application.jar

refarch-gateway/README.md

@@ -0,0 +1,41 @@
+# Refarch Gateway
+
+## Usage
+
+- Image: TODO
+- Helm-Chart: TODO
+
+### Routing
+
+Routes are configured via environment variables as listed under [Configuration](#configuration).
+
+By default, routes require authentication through oAuth2 and manage the session between the client and gateway using
+cookies.
+The gateway then maps the session cookie to a JWT before routing it.
+
+Beside the default behaviour there are some special route prefixes which are handled different:
+
+- `/public/**`: All `OPTIONS` and `GET` requests are routed without security.
+- `/clients/**`: Uses JWT for authenticating incoming requests instead of session cookies.
+
+## Profiles
+
+| Profile       | Description                                                                                       |
+|---------------|---------------------------------------------------------------------------------------------------|
+| `no-security` | Disables complete security like authentication, authorization, csrf etc. Routing works as normal. |
+
+## Configuration
+
+| Var                                                      | Description                                        | Example                                                                 |
+|----------------------------------------------------------|----------------------------------------------------|-------------------------------------------------------------------------|
+| `SSO_ISSUER_URL`                                         | Url of the oAuth2 server used for authentication.  | `https://sso.muenchen.de/auth/realms/muenchen.de`                       |
+| `SSO_CLIENT_ID`                                          | OAuth2 client id used for authentication.          |                                                                         |
+| `SSO_CLIENT_SECRET`                                      | OAuth2 client secret used for authentication.      |                                                                         |
+| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_ID`                 | Id of a route definition.                          | `backend`                                                               |
+| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_URI`                | The uri to route to if this route matches.         | `http://backend-service:8080/`                                          |
+| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_PREDICATES_<index>` | Route predicates i.e. matcher.                     | `Path=/api/backend-service/**`                                          |
+| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_FILTERS_<index>`    | List of filters applied to the route.              | `RewritePath=/api/backend-service/(?<urlsegments>.*), /$\{urlsegments}` |
+| `ALLOWED_ORIGINS_PUBLIC` (optional)                      | List of urls allowed as origin for public routes.  | `https://*.muenchen.de,http://localhost:*`                              |
+| `ALLOWED_ORIGINS_CLIENTS` (optional)                     | List of urls allowed as origin for clients routes. | `https://*.muenchen.de,http://localhost:*`                              |
+| `REFARCH_SECURITY_CSRFWHITELISTED_<index>` (optional)    | List of routes to disable csrf protection for.     | `/example/**`                                                           |
+| `INFO_APPSWITCHER_URL` (optional)                        | App switcher url for usage in refarch frontend.    | `https://appswitcher.muenchen.de`                                       |