try to update documentation and scripts

.env

@@ -1,9 +1,10 @@
-SHARES_SERVER_VERSION=latest
+#SHARES_SERVER_VERSION=latest
 # SHARES_SERVER_VERSION=latest
-SHARES_SERVER_DB_VERSION=0.1.0
+#SHARES_SERVER_DB_VERSION=0.1.0
 # don't set DOCKER_REGISTRY when working only locally
 # DOCKER_REGISTRY=
-DOCKER_REGISTRY=gitlab.ext.cyber.ee:5050/cdoc2/
+#DOCKER_REGISTRY=gitlab.ext.cyber.ee:5050/cdoc2/
+DOCKER_REGISTRY=ghcr.io
 # database properties
 POSTGRES_URL=cdoc2-shares-postgres:5432
 POSTGRES_DB=super-awesome-shares-server

README-DOCKER.md

@@ -1,59 +1,16 @@
 # Build and run CDOC2 components
 
+TODO: This document is not up to date. See cdoc2-java-ref-impl/test/README.md for working docker-compose example 
+
 ## Build binaries
 
 Follow the instructions in [Main README](README.md#building) to build all Java binaries
 
-## Docker usage
-
-There are two docker compose files:
-
-* docker-compose.yml - to run database scripts from source code
-* docker-compose-with-pre-made-images.yml - use pre-made liquibase image for database configuration
-
-To install the latest Docker Compose version see https://docs.docker.com/compose/install/
-
-`.env` file contains environment variables needed to create docker images and run docker compose.
-
-To create new shares-server image run `build-image.sh` in `shares-server` directory:
-```bash
-cd shares-server
-./build-image.sh
-```
-
-Change to project root and to check if everything is boots up correctly run docker compose in terminal window:
+Build Docker images locally:
 ```bash
-docker compose -f docker-compose.yml up --build
+./build-images.sh
 ```
 
-When all good then exit the process and run again detached mode:  
-```bash
-docker kill $(docker ps -q); docker rm $(docker ps -a -q)
-docker compose -f docker-compose.yml up -d
-```
-
-Application properties are loaded from `config/application.properties.docker` file.
-
-All certificates and related are loaded from `keys` directory.
-
-For more details on creating server certificates and trust stores, see [Generating Server keystore](keys/README.md).
-
-
-### Build Docker liquibase image
-
-Check the `.env` file for properties.
-
-To create our pre-configured liquibase image run `create-liquibase-chanteset-image.sh` in 
-`server-db` directory:
-```bash
-cd server-db
-./create-liquibase-chanteset-image.sh
-```
-
-To use our pre-configured liquibase image run in project root:
-```bash
-docker compose -f docker-compose-with-pre-made-images.yml up --build
-```
 
 ## Testing
 
@@ -68,28 +25,5 @@ curl -k https://localhost:18443/actuator/health
 
 ### Encrypt a file using CDOC2 Key Shares Server
 
-In the `cdoc2-java-ref-impl/cdoc2-cli` repo execute:
-
-```
-java -jar target/cdoc2-cli-*.jar create \
-  --server=config/localhost/localhost.properties \
-  -f /path/to/enrypted-file.cdoc \
-  -r EST_ID_CODE \
-  /path/to/input-file
-```
-
-Replace `EST_ID_CODE` with the Estonian identification code of the recipient.
-
-### Decrypt a file using CDOC2 Key Shares Server
-
-In the `cdoc2-java-ref-impl/cdoc2-cli` repo execute:
-
-```
-java -jar target/cdoc2-cli*.jar decrypt \
-  --server=config/localhost/localhost.properties \
-  -f /path/to/enrypted-file.cdoc \
-  -o /path/to/derypted-file.cdoc
-```
-
-For more details on how to use `cdoc2-cli` see [CDOC2 CLI](../cdoc2-cli/README.md).
+See `cdoc2-java-ref-impl/cdoc2-cli/README.md` for more details on how to encrypt/decrypt using Smart-ID.
 

README.md

@@ -73,7 +73,7 @@ See [getting-started.md](getting-started.md) and [admin-guide.md](admin-guide.md
 
 ### Running pre-built Docker/OCI images
 
-TODO:
+See [cdoc2-java-ref-impl](https://github.com/open-eid/cdoc2-java-ref-impl)/test/config/shares-server/docker-compose.yml
 
 ## Releasing and versioning
 

build-images.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+# build Docker images locally
+PROJECT_DIR=$(pwd)
+
+cd $PROJECT_DIR/shares-server
+bash build-image.sh
+
+cd $PROJECT_DIR/server-db
+bash build-image.sh
+
+cd $PROJECT_DIR

docker-compose-with-pre-made-images.yml

@@ -1,3 +1,4 @@
+# Not up to date, see https://github.com/open-eid/cdoc2-java-ref-impl/test/README.md for working docker example
 services:
   cdoc2-shares-postgres:
     container_name: cdoc2-shares-postgres

docker-compose.yml

@@ -1,3 +1,4 @@
+# Not up to date, see https://github.com/open-eid/cdoc2-java-ref-impl/test/README.md for working docker example
 services:
   cdoc2-shares-postgres:
     container_name: cdoc2-shares-postgres
@@ -49,6 +50,8 @@ services:
         target: /config/servertruststore.jks
       - source: keystore
         target: /config/cdoc2server.p12
+      - source: sid-trusted-issuers-truststore
+        target: /config/sid_trusted_issuers.jks
     environment:
       - SPRING_CONFIG_ADDITIONAL_LOCATION=optional:file:/config/application.properties
       - POSTGRES_URL=${POSTGRES_URL}
@@ -79,6 +82,8 @@ services:
         target: /config/servertruststore.jks
       - source: keystore
         target: /config/cdoc2server.p12
+      - source: sid-trusted-issuers-truststore
+        target: /config/sid_trusted_issuers.jks
     environment:
       - SPRING_CONFIG_ADDITIONAL_LOCATION=optional:file:/config/application.properties
       - POSTGRES_URL=${POSTGRES_URL}
@@ -98,4 +103,6 @@ configs:
   truststore:
     file: ./keys/servertruststore.jks
   keystore:
-    file: ./keys/cdoc2server.p12
+    file: ./keys/cdoc2server.p12
+  sid-trusted-issuers-truststore:
+      file: ./shares-server/test/resources/sid-trusted-issuers/test_sid_trusted_issuers.jks

postgres.README.md

@@ -1,10 +1,10 @@
 ## Create postgres instance inside docker
 
 ```
-docker run --name cdoc2-psql -p 5432:5432 -e POSTGRES_DB=cdoc2-shares -e POSTGRES_PASSWORD=secret -d postgres
+docker run --name cdoc2-shares-psql -p 5432:5432 -e POSTGRES_DB=cdoc2-shares -e POSTGRES_PASSWORD=secret -d postgres
 
-docker start cdoc2-psql
-docker stop cdoc2-psql
+docker start cdoc2-shares-psql
+docker stop cdoc2-shares-psql
 ```
 #docker rm cdoc2-psql
 
@@ -16,18 +16,18 @@ image (version must match server version) that contains liquibase changeset file
 server version and create a `cdoc2-shares` database. If database is running inside Docker, 
 then `--link` is required, so that liquibase container can connect to it.
 ```
-docker run --rm --link cdoc2-psql \
+docker run --rm --link cdoc2-shares-psql \
   --env DB_URL=jdbc:postgresql://cdoc2-psql/cdoc2-shares \
   --env DB_PASSWORD=secret \
   --env DB_USER=postgres \
-  ghcr.io/open-eid/cdoc2-server-liquibase:v1.4.1-rc.1-74cbc827e3cf08c2f4a51711a2072b6344f9aee1
+  ghcr.io/open-eid/cdoc2-shares-server-liquibase:latest
 ```
 
 or use standard liquibase command:
 
 ```
-docker run --rm --link cdoc2-psql \
-ghcr.io/open-eid/cdoc2-server-liquibase:v1.4.1-rc.1-74cbc827e3cf08c2f4a51711a2072b6344f9aee1 \
+docker run --rm --link cdoc2-shares-psql \
+ghcr.io/open-eid/cdoc2-shares-server-liquibase:latest \
   --url jdbc:postgresql://cdoc2-psql/cdoc2-shares \
   --username=postgres \
   --password=secret \
@@ -39,7 +39,3 @@ Can also be used to update DB running in other host by changing `--url`, `--user
 Then `--link` is not required.
 
 More info https://hub.docker.com/r/liquibase/liquibase
-
-## Or use docker-compose.yml
-
-Follow the instruction in `docker/README.md`.

server-db/build-image.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+#set -x
+
+SHARES_SERVER_VERSION=$(cd ../shares-server && mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+DOCKER_REGISTRY=ghcr.io
+DOCKER_REPOSITORY=open-eid
+
+LIQUIBASE_IMAGE_NAME=cdoc2-shares-server-liquibase
+
+# version shows what version of shares-server is used in pair with liquibase image
+# Docker version should be same as shares-server-version although server-db pom version might be different
+docker build -t ${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}/${LIQUIBASE_IMAGE_NAME}:${SHARES_SERVER_VERSION} ../server-db/src/main/resources/db

shares-server/build-image.sh

@@ -1,8 +1,17 @@
-# load env
-cd ..
-source load-env.sh
+#!/usr/bin/env bash
+# build Docker image locally
+#set -x
 
-cd shares-server
+SHARES_SERVER_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+DOCKER_REGISTRY=ghcr.io
+DOCKER_REPOSITORY=open-eid
+IMAGE_NAME=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
 
-# TODO: should spring-boot.build-image.publish=true only if env variable DOCKER_REGISTRY is set
-mvn spring-boot:build-image -Dspring-boot.build-image.publish=false -Dspring-boot.build-image.imageName=${DOCKER_REGISTRY}cdoc2-shares-server/shares-server:${SHARES_SERVER_VERSION} -Dspring-boot.build-image.createdDate=now
+LIQUIBASE_IMAGE_NAME=cdoc2-shares-server-liquibase
+
+mvn spring-boot:build-image \
+-Dmaven.test.skip=true \
+-Dspring-boot.build-image.publish=false \
+-Dspring-boot.build-image.imageName=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}/${IMAGE_NAME}:${SHARES_SERVER_VERSION} \
+-Dspring-boot.build-image.tags=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}/${IMAGE_NAME}:latest \
+-Dspring-boot.build-image.createdDate=now

shares-server/config/application.properties.docker

@@ -18,17 +18,16 @@ logging.level.root=info
 logging.level.ee.cyber.cdoc2=trace
 
 # database configuration
-<<<<<<<< HEAD:shares-server/docker/application.properties
-spring.datasource.url=jdbc:postgresql://cdoc2-shares-postgres:5432/postgres
-spring.datasource.username=postgres
-spring.datasource.password=postgres
-========
 spring.datasource.url=jdbc:postgresql://${POSTGRES_URL}/${POSTGRES_DB}
 spring.datasource.username=${POSTGRES_USER}
 spring.datasource.password=${POSTGRES_PASSWORD}
->>>>>>>> 8196b41c00da545fd7d59f6a1a97553f0747ed43:shares-server/config/application.properties.docker
 spring.datasource.driver-class-name=org.postgresql.Driver
 
+spring.ssl.bundle.jks.sid-trusted-issuers.truststore.location=config/test_sid_trusted_issuers.jks
+spring.ssl.bundle.jks.sid-trusted-issuers.truststore.password=changeit
+spring.ssl.bundle.jks.sid-trusted-issuers.truststore.type=jks
+
+
 # https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.monitoring
 # run management on separate https port
 management.server.port=18443