Bump up to 4.4.2

Merge branch 'develop'

Author: qifeng-bai

build.gradle

@@ -11,7 +11,7 @@
  * rights and limitations under the License.
  */
 buildscript {
-    version "4.4.1"
+    version "4.4.2"
     group "au.org.ala"
 }
 

cicd/backend/config.ini

@@ -2,25 +2,170 @@
 PRODUCT_COMPONENT = backend
 PIPELINE_STACK_NAME = ala-${PRODUCT_NAME}-${PRODUCT_COMPONENT}-pipeline-${ENVIRONMENT}
 DATABASE_STACK_NAME = ala-${PRODUCT_NAME}-database-${ENVIRONMENT}
-HELM_RELEASE_NAME = ala-alerts-${CLEAN_BRANCH}
+HELM_RELEASE_NAME = ala-alerts-${ENVIRONMENT}
 DOMAIN_NAME = ${PRODUCT_NAME}.${HOSTED_ZONE}
 AUTO_DEPLOY = true
 SLACK_DEPLOY_NOTIFICATION = false
 SLACK_ALERT_CHANNEL = deployments
 
+;Alerts config file properties
+ALERTS_CONTEXT_PATH =
+CAS_AUTH_BASE_URL = https://auth-test.ala.org.au
+CAS_ALERTS_APIKEY_WHITELIST =
+DB_DRIVER_CLASS_NAME = com.mysql.jdbc.Driver
+DB_USERNAME = admin
+DB_HOSTNAME = mysql-rds
+MYSQL_CONNECTION_SSL = False
+DB_CREATE_MODE = update
+ENABLE_MYANNOTATION = true
+ENABLE_SPECIESLISTS_ALERTS = true
+ENABLE_SPATIAL_ALERTS = true
+ENABLE_BLOGS_ALERTS = true
+ENABLE_CITIZEN_SCIENCE_ALERTS = true
+BIOCACHE_URL = https://biocache.ala.org.au
+BIOCACHE_SERVICE_URL = https://biocache.ala.org.au/ws
+SPATIAL_URL = https://spatial.ala.org.au
+COLLECTORY_URL = https://collections.ala.org.au
+ALERTS_COLLECTORY_SERVICE_URL = https://api.ala.org.au/metadata
+ALERTS_USERDETAILS_URL = https://api.ala.org.au/userdetails/cognito//userDetails/getUserListFull
+LISTS_URL = https://lists.ala.org.au
+ENABLE_EMAIL = true
+MAIL_SES_ENABLED = true
+HEADER_AND_FOOTER_BASEURL = https://www-test-2023.ala.org.au/commonui-bs3-2019
+HEADER_AND_FOOTER_VERSION = 2
+ALA_BASE_URL = https://www.ala.org.au
+BIE_BASE_URL = https://bie.ala.org.au
+BIE_SEARCH_PATH = /search
+ALERTS_SKIN_LAYOUT = ala-main
+SKIN_HOME_URL = http://www.ala.org.au
+SKIN_ORG_NAME_LONG = "Atlas of Living Australia"
+ORG_NAME_SHORT = ALA
+ORG_SUPPORT_EMAIL = support@ala.org.au
+ALERTS_SITE_DEFAULT_LANGUAGE = en
+SKIN_FAVICON = https://www.ala.org.au/app/uploads/2019/01/cropped-favicon-32x32.png
+PRIVACY_POLICY_URL = https://www.ala.org.au/about/terms-of-use/privacy-policy/
+OCCURRENCE_SEARCH_TITLE = "occurrence search"
+OCCURRENCE_SEARCH_URL = https://biocache.ala.org.au/occurrences/search?q=passer
+REGIONS_SEARCH_TITLE = ACT
+REGIONS_SEARCH_URL = http://regions.ala.org.au/states/Australian+Capital+Territory
+SPECIES_PAGES_SEARCH_TITLE = Shingle-back
+SPECIES_PAGES_SEARCH_URL = https://bie.ala.org.au/species/Tiliqua+rugosa
+COLLECTION_SEARCH_TITLE = ANIC
+COLLECTION_SEARCH_URL = https://collections.ala.org.au/public/show/co13
+BIOSECURITY_MORE_INFO =
+BIOSECURITY_QUERY_URL = '/occurrences/search?q=species_list_uid:___LISTIDPARAM___&fq=decade:2020&fq=country:Australia&fq=first_loaded_date:[___DATEPARAM___%20TO%20*]&fq=occurrence_date:[___LASTYEARPARAM___%20TO%20*]&sort=first_loaded_date&dir=desc&disableAllQualityFilters=true'
+SPECIES_LIST_SERVER = https://lists.ala.org.au
+BIOSECURITY_CSV_LOCAL_ENABLED = false
+BIOSECURITY_CSV_S3_ENABLED = true
+GRAILS_PLUGIN_AWSSDK_REGION = ap-southeast-2
+S3_BUCKET_NAME = ala-alerts
+GRAILS_PLUGIN_AWSSDK_S3_PROFILE =
+OIDC_DISCOVERY_URI = https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_OOXU9GW39/.well-known/openid-configuration
+JWT_DISCOVERY_URI = https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_OOXU9GW39/.well-known/openid-configuration
+OIDC_LOGOUT_URL = https://auth-secure.auth.ap-southeast-2.amazoncognito.com/logout
+OIDC_ALA_USERID_CLAIM = username
+OIDC_LOGOUT_ACTION = cognito
+OIDC_SCOPE = "openid profile email ala/attrs ala/roles"
+CORE_ROLE_ATTRIBUTE = ala:role
+CORE_AFFILIATION_SURVEY_ENABLED = true
+CORE_AUTH_COOKIE_NAME = ALA-Auth
+COOKIE_AUTH_COOKIE_ENABLED = true
+COOKIE_AUTH_COOKIE_DOMAIN = .ala.org.au
+JWT_ROLES_FROM_ACCESS_TOKEN = true
+JWT_USER_ID_CLAIM = username
+JWT_ROLE_CLAIMS = cognito:groups
+APIKEY_CHECK_ENABLED = true
+APIKEY_AUTH_URL = https://auth-test.ala.org.au/apikey/
+APIKEY_CHECK_URL = https://auth-test.ala.org.au/apikey/ws/check?apikey=
+APIKEY_USERDETAILS_URL = https://auth-test.ala.org.au/userdetails/
+WEBSERVICE_JWT = true
+ALERTS_WEBSERVICE_JWT_SCOPES = "ala/internal users/read ala/attrs"
+USERSYNC_BATCHSIZE = 1000
+USERDETAILS_URL = https://api.test.ala.org.au/userdetails/cognito/
+USERDETAILS_WEB_URL = https://aws-auth-test-2023.test.ala.org.au/userdetails/
+USERDETAILS_API_URL = https://api.test.ala.org.au/userdetails/cognito/
+OPENAPI_OAUTH_URL = https://auth-secure.auth.ap-southeast-2.amazoncognito.com/oauth2
+TERMS_URL = https://www.ala.org.au/terms-of-use/
+SUPPORT_EMAIL = support@ala.org.au
+
+CPU_REQUEST = 1
+MEMORY_REQUEST = 4096Mi
+CPU_LIMIT = 1
+MEMORY_LIMIT = 4096Mi
+
 [development]
 # code pipeline
 PIPELINE_STACK_NAME = ala-${PRODUCT_NAME}-${PRODUCT_COMPONENT}-pipeline-${CLEAN_BRANCH}
 ; Update the database stack name if creating a new database stack for feature branch
-DATABASE_STACK_NAME = ala-${PRODUCT_NAME}-database-develop
+; DATABASE_STACK_NAME = ala-${PRODUCT_NAME}-database-${CLEAN_BRANCH}
+DATABASE_STACK_NAME = ala-${PRODUCT_NAME}-database-testing
 SLACK_DEPLOY_NOTIFICATION = true
 SLACK_ALERT_CHANNEL = zabbix-alerts
 DOMAIN_NAME = ${PRODUCT_NAME}-${CLEAN_BRANCH}.${HOSTED_ZONE}
+HELM_RELEASE_NAME = ala-alerts-${CLEAN_BRANCH}
+
+;Alerts config file properties
+CAS_AUTH_BASE_URL = https://auth-test.ala.org.au
+BIOCACHE_URL = https://biocache-test.ala.org.au
+BIOCACHE_SERVICE_URL = https://biocache-ws-test.ala.org.au/ws
+SPATIAL_URL = https://spatial.ala.org.au
+COLLECTORY_URL = https://collections-test.ala.org.au
+ALERTS_COLLECTORY_SERVICE_URL = https://api.test.ala.org.au/metadata
+ALERTS_USERDETAILS_URL = https://api.test.ala.org.au/userdetails/cognito//userDetails/getUserListFull
+LISTS_URL = https://lists-test.ala.org.au
+ALA_BASE_URL = https://www-test.ala.org.au
+BIE_BASE_URL = https://bie-test.ala.org.au
+SKIN_ORG_NAME_LONG = "Atlas of Living Australia \(TEST\)"
+PRIVACY_POLICY_URL = https://www.ala.org.au/about/terms-of-use/privacy-policy/
+OCCURRENCE_SEARCH_URL = https://biocache-test.ala.org.au/occurrences/search?q=passer
+REGIONS_SEARCH_URL = http://regions-test.ala.org.au/states/Australian+Capital+Territory
+SPECIES_PAGES_SEARCH_URL = https://bie.ala.org.au/species/Tiliqua+rugosa
+COLLECTION_SEARCH_URL = https://collections.ala.org.au/public/show/co13
+SPECIES_LIST_SERVER = https://lists-test.ala.org.au
+OIDC_DISCOVERY_URI = https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_OOXU9GW39/.well-known/openid-configuration
+JWT_DISCOVERY_URI = https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_OOXU9GW39/.well-known/openid-configuration
+OIDC_LOGOUT_URL = https://auth-secure.auth.ap-southeast-2.amazoncognito.com/logout
+CORE_AUTH_COOKIE_NAME = ALA-Auth-Test
+APIKEY_AUTH_URL = https://auth-test.ala.org.au/apikey/
+APIKEY_CHECK_URL = https://auth-test.ala.org.au/apikey/ws/check?apikey=
+APIKEY_USERDETAILS_URL = https://auth-test.ala.org.au/userdetails/
+USERDETAILS_URL = https://api.test.ala.org.au/userdetails/cognito/
+USERDETAILS_WEB_URL = https://aws-auth-test-2023.test.ala.org.au/userdetails/
+USERDETAILS_API_URL = https://api.test.ala.org.au/userdetails/cognito/
 
 [testing]
 SLACK_DEPLOY_NOTIFICATION = true
 SLACK_ALERT_CHANNEL = zabbix-alerts
 
+;Alerts config file properties
+CAS_AUTH_BASE_URL = https://auth-test.ala.org.au
+BIOCACHE_URL = https://biocache-test.ala.org.au
+BIOCACHE_SERVICE_URL = https://biocache-ws-test.ala.org.au/ws
+SPATIAL_URL = https://spatial.ala.org.au
+COLLECTORY_URL = https://collections-test.ala.org.au
+ALERTS_COLLECTORY_SERVICE_URL = https://api.test.ala.org.au/metadata
+ALERTS_USERDETAILS_URL = https://api.test.ala.org.au/userdetails/cognito//userDetails/getUserListFull
+LISTS_URL = https://lists-test.ala.org.au
+ALA_BASE_URL = https://www-test.ala.org.au
+BIE_BASE_URL = https://bie-test.ala.org.au
+SKIN_ORG_NAME_LONG = "Atlas of Living Australia (TEST)"
+PRIVACY_POLICY_URL = https://www.ala.org.au/about/terms-of-use/privacy-policy/
+OCCURRENCE_SEARCH_URL = https://biocache-test.ala.org.au/occurrences/search?q=passer
+REGIONS_SEARCH_URL = http://regions-test.ala.org.au/states/Australian+Capital+Territory
+SPECIES_PAGES_SEARCH_URL = https://bie.ala.org.au/species/Tiliqua+rugosa
+COLLECTION_SEARCH_URL = https://collections.ala.org.au/public/show/co13
+SPECIES_LIST_SERVER = https://lists-test.ala.org.au
+OIDC_DISCOVERY_URI = https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_OOXU9GW39/.well-known/openid-configuration
+JWT_DISCOVERY_URI = https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_OOXU9GW39/.well-known/openid-configuration
+OIDC_LOGOUT_URL = https://auth-secure.auth.ap-southeast-2.amazoncognito.com/logout
+CORE_AUTH_COOKIE_NAME = ALA-Auth-Test
+APIKEY_AUTH_URL = https://auth-test.ala.org.au/apikey/
+APIKEY_CHECK_URL = https://auth-test.ala.org.au/apikey/ws/check?apikey=
+APIKEY_USERDETAILS_URL = https://auth-test.ala.org.au/userdetails/
+USERDETAILS_URL = https://api.test.ala.org.au/userdetails/cognito/
+USERDETAILS_WEB_URL = https://aws-auth-test-2023.test.ala.org.au/userdetails/
+USERDETAILS_API_URL = https://api.test.ala.org.au/userdetails/cognito/
+
 [staging]
 
 [production]

cicd/backend/pipeline/deploy_alerts_buildspec.yaml

@@ -4,8 +4,6 @@ env:
   shell: bash
   variables:
     JAVA_TOOL_OPTIONS: -Dhttps.protocols=TLSv1.2
-  secrets-manager:
-    DB_PASSWORD: $ALERTS_SECRET_NAME:db-password
 
 phases:
   install:
@@ -22,39 +20,9 @@ phases:
   build:
     commands:
       - echo Build started on $(date)
-      - wget https://raw.githubusercontent.com/AtlasOfLivingAustralia/ala-install/refs/heads/master/ansible/roles/alerts/templates/alerts-config.properties
       - aws eks --region ap-southeast-2 update-kubeconfig --name $EKS_CLUSTER_NAME
-      - |
-        USER_POOL_ID=$(aws cloudformation describe-stacks --stack-name $COGNITO_STACK_NAME \
-          --query "Stacks[0].Outputs[?OutputKey=='UserPoolId'].OutputValue" --output text)
-      - |
-        CLIENT_ID=$(aws cloudformation describe-stacks --stack-name $BASE_STACK_NAME \
-          --query "Stacks[0].Outputs[?OutputKey=='AlertsAppClient'].OutputValue" --output text)
-      - |
-        CLIENT_SECRET=$(aws cognito-idp describe-user-pool-client --user-pool-id $USER_POOL_ID \
-          --client-id $CLIENT_ID --query "UserPoolClient.ClientSecret" --output text)
-      - |
-        SERVER_TO_SERVER_CLIENT_ID=$(aws cloudformation describe-stacks --stack-name $BASE_STACK_NAME \
-          --query "Stacks[0].Outputs[?OutputKey=='AlertsServerToServerAppClient'].OutputValue" --output text)
-      - |
-        SERVER_TO_SERVER_CLIENT_SECRET=$(aws cognito-idp describe-user-pool-client --user-pool-id $USER_POOL_ID \
-          --client-id $SERVER_TO_SERVER_CLIENT_ID --query "UserPoolClient.ClientSecret" --output text)
       - kubectl config set-context --current --namespace=alerts
-      - |
-        python3 cicd/gen_app_config.py -t alerts-config.properties \
-          -v $CODEBUILD_SRC_DIR_AnsibleInventoriesSourceArtifact/alerts/alerts-feature-branch \
-          -b $CLEAN_BRANCH \
-          -o alerts-config.properties
-      - sed -i "s/dataSource.password=/dataSource.password=$DB_PASSWORD/" alerts-config.properties
-      - sed -i "s/security.oidc.clientId=/security.oidc.clientId=$CLIENT_ID/" alerts-config.properties
-      - sed -i "s/security.oidc.secret=/security.oidc.secret=$CLIENT_SECRET/" alerts-config.properties
-      - sed -i "s/webservice.client-id=/webservice.client-id=$SERVER_TO_SERVER_CLIENT_ID/" alerts-config.properties
-      - sed -i "s/webservice.client-secret=/webservice.client-secret=$SERVER_TO_SERVER_CLIENT_SECRET/" alerts-config.properties
-      - sed -i "s/mysql-rds\/alerts/mysql-rds-$CLEAN_BRANCH\/alertsdevelopment/" alerts-config.properties
-      - sed -i "s/ala-alerts-test/alerts-$CLEAN_BRANCH/" alerts-config.properties
-      - sed -i '1i server.port=8000' alerts-config.properties
-      - kubectl delete secret alerts-config-secret-$CLEAN_BRANCH || true
-      - kubectl create secret generic alerts-config-secret-$CLEAN_BRANCH --from-file=alerts-config.properties
+      - echo "Creating service account for alerts..."
       - |
         ALERTS_ROLE_ARN=$(aws cloudformation describe-stacks --stack-name $BASE_STACK_NAME \
           --query "Stacks[0].Outputs[?OutputKey=='AlertsRoleArn'].OutputValue" --output text)
@@ -64,6 +32,8 @@ phases:
           --namespace alerts --cluster $EKS_CLUSTER_NAME --attach-role-arn $ALERTS_ROLE_ARN \
           --approve --override-existing-serviceaccounts \
           --tags "product=alerts,environment=development,branch=${CLEAN_BRANCH}"
+      - echo "Service account created."
+      - echo "Deploying alerts via helm..."
       - cd helm
       - |
         export CERTIFICATE_ARN=$(aws acm list-certificates --region ap-southeast-2 \
@@ -79,7 +49,8 @@ phases:
           --set ingress.certificateArn=$CERTIFICATE_ARN \
           --set secret.name=alerts-config-secret-$CLEAN_BRANCH \
           --set serviceAccount.name=alerts-service-account-$CLEAN_BRANCH \
-          --set rds.name=mysql-rds-$CLEAN_BRANCH
+          --set rds.name=mysql-rds-$CLEAN_BRANCH \
+          -f $CODEBUILD_SRC_DIR_ExportConfigArtifact/helm-values.yaml
       - kubectl rollout restart deployment $HELM_RELEASE_NAME
   post_build:
     commands:
@@ -89,9 +60,4 @@ phases:
 artifacts:
   base-directory: $CODEBUILD_SRC_DIR
   files:
-    - '**/*'
-  secondary-artifacts:
-    AnsibleInventoriesSourceArtifact:
-      base-directory: $CODEBUILD_SRC_DIR_AnsibleInventoriesSourceArtifact
-      files:
-        - '**/*'
+    - '**/*'

cicd/backend/pipeline/deploy_pipeline.sh

@@ -150,5 +150,6 @@ aws cloudformation deploy \
         pProductComponent=$PRODUCT_COMPONENT \
         pProductName=$PRODUCT_NAME \
         pDomainName=$DOMAIN_NAME \
+        pSecretName=$SECRET_NAME \
         pRestartExecutionOnUpdate=$RESTART_PIPELINE_ON_UPDATE \