NAVAIR VE Version 4.0.2

.circleci/config.yml

@@ -7,7 +7,7 @@ jobs:
   build:
     docker:
       # specify the version you desire here
-      - image: cimg/node:20.1.0-browsers
+      - image: circleci/node:8.11.2-browsers
 
       # Specify service dependencies here if necessary
       # CircleCI maintains a library of pre-built images
@@ -25,11 +25,11 @@ jobs:
           # fallback to using the latest cache if no exact match is found
           - openmbee-ve-
 
-      - run: yarn install
+      - run: npm install
 
       - save_cache:
           paths:
             - node_modules
           key: openmbee-ve-{{ checksum "package.json" }}
 
-      - run: VE_ENV=example yarn test
+      - run: ./node_modules/grunt/bin/grunt #--ARTIFACTORY_URL=https://oss.jfrog.org --ARTIFACTORY_USER=$ARTIFACTORY_USER --ARTIFACTORY_PASSWORD=$ARTIFACTORY_PASSWORD --SNAPSHOT_REPO=oss-snapshot-local --RELEASE_REPO=oss-release-local --GROUP_ID=org.openmbee deploy

.dockerignore

@@ -1,9 +1 @@
-*
-
-!yarn.lock
-!webpack.config.ts
-!package.json
-!src/
-!config/
-!tsconfig.json
-!lib
+Dockerfile

.gitignore

@@ -7,12 +7,18 @@ build
 dist
 deploy
 docs
-/app/*
+app/bower_components
+app/bower_components_target
 .sass-cache
 .idea
 PhantomJS_*
 Chrome_*
 test-results/
 angular-mms-grunt-servers.json
-venv
-.vscode
+
+# paths I added
+/node_modules/*
+package-lock.json
+yarn.lock.json
+Dockerfile.test
+build.log

.gitlab-ci.yml

@@ -0,0 +1,86 @@
+variables:
+  DOCKER_DRIVER: overlay2
+  DOCKER_TLS_CERTDIR: "/certs"
+  SELECTOR: "openmbee-ve"
+  TAG: "latest"
+  ENVIRONMENT: "dev"
+  OC_PROJECT: $OC_DEV_NAMESPACE
+  OC_TOKEN: $OC_DEV_TOKEN
+  OC_URL: $OC_PIPELINE_URL
+
+
+stages:
+  - build
+  - deploy
+
+build:
+  image: registry-cli-docker.wseasttest.navair.navy.mil:5001/docker:20.10.1
+  services:
+  - name: docker:20.10.1-dind
+    command: 
+      - /bin/sh
+      - -c
+      - apk update && apk add ca-certificates wget && wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates && update-ca-certificates --fresh > /dev/null && dockerd-entrypoint.sh --insecure-registry=registry-cli-docker.wseasttest.navair.navy.mil:5000 --insecure-registry=registry-cli-docker.wseasttest.navair.navy.mil:5001 --debug || exit
+  stage: build
+  tags:
+    - dind
+    - rhel
+    - edmz
+  before_script:
+    - echo $CI_COMMIT_REF_NAME
+    - |
+      if echo $CI_COMMIT_REF_NAME | grep -E [[:digit:]]+.[[:digit:]]+.[[:digit:]]+;     
+      then
+          TAG=$CI_COMMIT_REF_NAME
+      else
+          TAG="latest"
+      fi
+    - apk -U upgrade
+    - docker info
+  script:
+    - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry-cli-docker.wseasttest.navair.navy.mil:5000
+    - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry-cli-docker.wseasttest.navair.navy.mil:5001
+    - docker build -f $DOCKERFILE_PATH --build-arg NEXUS_USERNAME=$NEXUS_USERNAME --build-arg NEXUS_PASSWORD=$NEXUS_PASSWORD -t registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG .
+    - docker push registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG
+
+deploy:
+  image: openshift/origin-cli:v3.11
+  stage: deploy
+  tags:
+    - edmz
+    - dind
+    - rhel
+  before_script:
+    - |
+      if [[ "$CI_COMMIT_REF_NAME" =~ [[:digit:]]+.[[:digit:]]+.[[:digit:]]+-RC[[:digit:]]+-SNAPSHOT ]]
+      then
+          TAG=$CI_COMMIT_REF_NAME
+          OC_PROJECT=$OC_STAGE_NAMESPACE
+          OC_TOKEN=$OC_STAGE_TOKEN
+      elif [[ "$CI_COMMIT_REF_NAME" =~ [[:digit:]]+.[[:digit:]]+.[[:digit:]]+.[[:digit:]]+-FINAL ]]     
+      then
+          TAG=$CI_COMMIT_REF_NAME
+          OC_PROJECT=$OC_PROD_NAMESPACE
+          OC_URL=$OC_PROD_URL
+          OC_TOKEN=$OC_PROD_TOKEN
+      else
+          TAG="latest"
+      fi
+  script:
+    - echo $OC_URL
+    - oc login $OC_URL --token=$OC_TOKEN --insecure-skip-tls-verify
+    - oc project $OC_PROJECT
+    - |
+      OC_PATCH_STATUS=$(oc patch deploymentconfig openmbee-ve -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$SELECTOR\",\"image\": \"registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG\"}]}}}}")
+    - echo $OC_PATCH_STATUS
+    - |
+      if [[ "$OC_PATCH_STATUS" == *"not patched" ]]; then
+       oc rollout latest dc/$SELECTOR
+       oc rollout status dc/$SELECTOR
+      fi
+    - oc logout
+
+# Security scanning for ip adddresss and secret values
+# include:
+#   - template: Security/Secret-Detection.gitlab-ci.yml
+

Dockerfile

@@ -1,39 +1,128 @@
-################################################################################
-# Dockerfile
-#
-# Enquier
-# [email protected]
-#
-# This is the Dockerfile for View Editor (VE).
-# To build the container, run the following command: `docker build -t ve .`
-# To run the container, run `docker run -it -p 80:9000 --name ve ve`
-#
-################################################################################
-FROM node:16-alpine as builder
+
+FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/node:19.1.0-bullseye as build_env
+
+# WORKDIR /opt/mbee/ve
+# COPY ./ /opt/mbee/ve
+# set working directory
 
 ENV VE_ENV 'example'
 
 WORKDIR /opt/mbee/ve
 COPY ./ /opt/mbee/ve
 
-# Configures git to use https:// instead of git://
-RUN apk add --update git
-RUN apk add --update openssh
+# RUN mkdir /usr/src/app
+# WORKDIR /usr/src/app
+
+ARG NEXUS_USERNAME
+ARG NEXUS_PASSWORD
+
+
+# Use Arena for nexus repos using npm (used in 1st stage)
+RUN wget --no-check-certificate -O /opt/mbee/ve/.npmrc https://wcf-serve.apps.arena-workspace.navair.navy.mil/config/nexusiq/.npmrc
+RUN export nexus_creds=$(echo -n ${NEXUS_USERNAME}:${NEXUS_PASSWORD} | openssl base64 -A) && sed -i "s/<credentials>/$nexus_creds/g" ./.npmrc
+
+# Use Arena for nexus repos using apt (used in 2nd stage)
+RUN wget --no-check-certificate -O /etc/apt/sources.list https://wcf-serve.apps.arena-workspace.navair.navy.mil/config/debian/bullseye-sources.list
+RUN sed -i "s/<username>/$NEXUS_USERNAME/g" /etc/apt/sources.list
+RUN sed -i "s/<password>/$NEXUS_PASSWORD/g" /etc/apt/sources.list
+
+# install certs. this url is not reachable outside the openshift environment.
+RUN wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF  
+RUN wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/ -P /usr/local/share/ca-certificates/WCF
+
+RUN update-ca-certificates
+RUN sed -i "s/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT/g" /etc/ssl/openssl.cnf
+
+# install dependencies
+# RUN apt-get update && apt-get upgrade -y
+
+COPY . .
+
+#allows to pull from github without using ssh
 RUN git config --global url."https://".insteadOf git://
 
-# Install dependencies
-RUN yarn install
+#RUN npm install -g bower-update-all
+RUN cat ~/.npmrc || true
+RUN npm config ls
+
+RUN python --version || true
+#Resolve Node SASS issue
+# RUN apt-get update && apt-get install -y python make g++
+# RUN which python
+RUN apt-get update && apt-get install -y python2
+ENV PYTHON=python2
+
+RUN python --version || true
 
-# Build App
-RUN yarn build
+RUN rm -rf node_modules && rm -rf package-lock.json && yarn.lock || true
+RUN ls -lah 
+RUN npm cache clean --force
+RUN npm install -g grunt-cli
+RUN npm install [email protected] --ignore-scripts
+RUN npm install
 
+# RUN npm install [email protected]
+# RUN npm update && npm install
+# RUN node ./node_modules/node-sass/scripts/install.js
+# RUN npm rebuild node-sass
+
+
+
+RUN cat app/config/config.example.js || true
+
+RUN apt-get install -y ruby && apt-get install -y sass
+RUN grunt build --env=example
+
+FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/nginx:1.22
+
+COPY --from=build_env /etc/apt/sources.list /etc/apt/
+COPY --from=build_env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+# COPY --from=build_env /usr/local/share/ca-certificates/ /etc/ssl/certs/ca-certificates.crt
+
+# Install curl, ping, dslookup and dig commands
+RUN apt-get update && apt-get install -y iputils-ping curl dnsutils|| true
+
+RUN useradd -ms /bin/bash username || true
+RUN echo 'username ALL=(ALL:ALL) NOPASSWD: /bin/ping, /usr/bin/dig, /usr/bin/nslookup' >> /etc/sudoer || true
+
+# install dependencies
+# Original Commands will raise high vulnerability due to libxpm4
+# RUN apt-mark hold libxpm4
+# RUN apt-get update && apt-get upgrade -y \ 
+#     curl \
+#     ca-certificates
+
+# Resolve the libxpm4 vulnerability
+# install dependencies
+RUN apt-get update && \
+    apt-get install -y \
+    libxpm4=1:3.5.12-1.1~deb11u1 \
+    curl \
+    ca-certificates && \
+    apt-mark hold libxpm4 && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# # set working directory
+# RUN mkdir /usr/src/appx
+# WORKDIR /usr/src/app
+WORKDIR /opt/mbee/ve
 
-FROM nginx:mainline-alpine as production
+# copy files from build image
+COPY --from=build_env /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf
+COPY --from=build_env /opt/mbee/ve/dist  /usr/share/nginx/html/
+COPY --from=build_env /opt/mbee/ve/app/config/config.example.js /usr/share/nginx/html/
+COPY --from=build_env /opt/mbee/ve/nginx.conf /etc/nginx/conf.d/default.conf
+# COPY --from=build_env /opt/mbee/ve/json_data/ usr/share/nginx/html/
 
-COPY --from=builder /opt/mbee/ve/dist /usr/share/nginx/html
 
-COPY ./config/default.nginx.template /etc/nginx/templates/default.conf.template
+# OpenMBEE default dockerfile uses the following line. This line lead to our permission errors 
+# TODO: to test behavior use this line and change line 96 to RUN sed -i.bak 's/^user/#user/' /etc/nginx/templates/default.conf.template
+# COPY ./config/default.nginx.template /etc/nginx/templates/default.conf.template
 
-# Expose ports
-EXPOSE ${NGINX_PORT}
+# # configure and copy nginx config
+# ## support running as arbitrary user which belogs to the root group
+RUN chmod g+rwx /var/cache/nginx /var/run /var/log/nginx
+# ## comment user directive as master process is run as user in OpenShift
+RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
 
+EXPOSE 8080