Merge branch 'main' into dependabot/gradle/uk.org.webcompere-system-s…

…tubs-core-2.1.6
spiffe · Feb 28, 2024 · 6fd0a8f · 6fd0a8f
2 parents 65f6e3d + 4103c93
commit 6fd0a8f
Show file tree

Hide file tree

Showing 15 changed files with 237 additions and 56 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,110 @@
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+replay_pid*
+
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+# GitHub
+.github
+
+# Git
+.git
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -19,7 +19,7 @@ jobs:
       - name: Generate and upload coverage report
         env:
           COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
-        run: ./gradlew build jacocoTestReport coveralls
+        run: ./gradlew jacocoTestReport coveralls
       - name: Cleanup Gradle Cache
         # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
         # Restoring these files from a GitHub Actions cache might cause problems for future builds.

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,34 @@
+name: container build
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    env:
+      REGISTRY: ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - run: echo "DOCKER_TAG=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+      - name: Publish java-spiffe-helper
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}-helper:${{ env.DOCKER_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,33 @@
 # Changelog
 
+## [0.8.5] - 2024-14-02
+
+### Added
+
+- Docker container and CI workflow for `java-spiffe-helper` (#187)
+
+### Changed
+
+- Updated Gradle to version 8.5 (#201)
+- Various enhancements in `java-spiffe-helper` (#199)
+
+### Fixed
+
+- Addressed a Fat Jar Assembly issue. (#198)
+
+### Dependency updates
+
+- Bump `io.grpc:grpc-protobuf` and  `io.grpc:grpc-stub` from 1.54.0 to 1.61.1 (#202)
+- Bump `commons-validator:commons-validator` from 1.7. to 1.8.0 (#197)
+- Bump `commons-cli:commons-cli` from 1.5.0 to 1.6.0 (#196)
+- Bump `com.google.protobuf:protoc` from 3.21.12 to 3.25.2 (#193)
+- Bump `io.netty:netty-transport-native-kqueue` from 4.1.91.Final to 4.1.106.Final (#192)
+- Bump `org.apache.commons:commons-lang3` from 3.12.0 to 3.14.0 (#189)
+- Bump `com.nimbusds:nimbus-jose-jwt` from 9.31 to 9.37.3 (#184)
+- Bump `org.projectlombok:lombok` from 1.18.26 to 1.18.30 (#170)
+- Bump `com.google.protobuf:protobuf-gradle-plugin` from 0.9.2 to 0.9.4 (#153)
+
+
 ## [0.8.4] - 2023-04-14
 
 ### Dependencies updates

diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1,4 +1,4 @@
-@maxlambrecht @rturner3
+* @maxlambrecht @rturner3
 
 ##########################################
 # Maintainers

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,15 @@
+FROM eclipse-temurin:17-jdk AS builder
+WORKDIR /builder
+COPY . /builder
+
+RUN ./gradlew dependencies
+RUN ./gradlew java-spiffe-helper:assemble -ParchiveClassifier=docker -Pversion=docker
+
+FROM eclipse-temurin:17-jre AS runner
+USER nobody
+
+COPY conf/java-spiffe-helper.properties /app/java-spiffe-helper.properties
+COPY --from=builder /builder/java-spiffe-helper/build/libs/java-spiffe-helper-docker-docker.jar /app/java-spiffe-helper.jar
+
+ENTRYPOINT ["java", "-jar", "/app/java-spiffe-helper.jar"]
+CMD ["--config", "/app/java-spiffe-helper.properties"]
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # Java SPIFFE Library
 
 [![continuous-integration](https://github.com/spiffe/java-spiffe/actions/workflows/gradle.yml/badge.svg)](https://github.com/spiffe/java-spiffe/actions/workflows/gradle.yml)
-[![Coverage Status](https://coveralls.io/repos/github/spiffe/java-spiffe/badge.svg)](https://coveralls.io/github/spiffe/java-spiffe?branch=master)
+[![Coverage Status](https://coveralls.io/repos/github/spiffe/java-spiffe/badge.svg)](https://coveralls.io/github/spiffe/java-spiffe?branch=main)
 
 ## Overview
 
@@ -26,7 +26,7 @@ X.509 and JWT SVIDs and bundles.
 Download
 --------
 
-The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.8.4). 
+The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.8.5). 
 
 The dependencies can be added to `pom.xml`
 
@@ -35,7 +35,7 @@ To import the `java-spiffe-provider` component:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>java-spiffe-provider</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
 </dependency>
 ```
 The `java-spiffe-provider` component imports the `java-spiffe-core` component.
@@ -45,20 +45,20 @@ To just import the `java-spiffe-core` component:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>java-spiffe-core</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
 </dependency>
 ```
 
 Using Gradle:
 
 Import `java-spiffe-provider`:
 ```gradle
-implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.4'
+implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.5'
 ```
 
 Import `java-spiffe-core`:
 ```gradle
-implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.4'
+implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.5'
 ```
 
 ### MacOS Support
@@ -72,14 +72,14 @@ In case run on a osx-x86 architecture, add to your `pom.xml`:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>grpc-netty-macos</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
   <scope>runtime</scope>
 </dependency>
 ```
 
 Using Gradle:
 ```gradle
-runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.4'
+runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.5'
 ```
 
 #### Aarch64 (M1) Architecture
@@ -91,28 +91,32 @@ If you are running the aarch64 architecture (M1 CPUs), add to your `pom.xml`:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>grpc-netty-macos-aarch64</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
   <scope>runtime</scope>
 </dependency>
 ```
 
 Using Gradle:
 
 ```gradle
-runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.4'
+runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.5'
 ```
 
 *Caveat: not all OpenJDK distributions are aarch64 native, make sure your JDK is also running
 natively*
 
-### Note: `java-spiffe-helper` artifact
 
-As the [java-spiffe-helper](java-spiffe-helper/README.md) artifact is meant to be used as a standalone JAR and not as a Maven dependency, 
-it is not published to Maven Central, but to [Github releases](https://github.com/spiffe/java-spiffe/releases/tag/v0.8.4), for both 
-[Linux](https://github.com/spiffe/java-spiffe/releases/download/v0.8.4/java-spiffe-helper-0.8.4-linux-x86_64.jar) and 
-[MacOS](https://github.com/spiffe/java-spiffe/releases/download/v0.8.4/java-spiffe-helper-0.8.4-osx-x86_64.jar) versions.
+## Java SPIFFE Helper
 
-### Build the JARs
+The `java-spiffe-helper` module manages X.509 SVIDs and Bundles in Java Keystores.
+
+### Docker Image
+
+Pull the `java-spiffe-helper` image from `ghcr.io/spiffe/java-spiffe-helper:0.8.5`.
+
+For more details, see [java-spiffe-helper/README.md](java-spiffe-helper/README.md).
+
+## Build the JARs
 
 On Linux or MacOS, run: