...
- Look at maven for each project and update libraries for any vulnerabilities
Look at owasp dependency check goal
Code Block mvn -f grouper-parent site
- See the jenkins security report (change version in URL)
- Look at the jiras for the stable branch and make sure all commits are cherry picked back
- See if there is an updated Tomee Webprofile version
- If so, get the tomee tar.gz to the webprod3 server in the proper directory
- Adjust the tomee version in GrouperInstaller.java
- Run "ant build" in grouper-client, make sure it compiles
- If there are DDL changes make sure theres not an index longer than expected 768
- Check unit tests (email with CI test results (summary))
- Tag as GROUPER_RELEASE_x.y.z in grouper git
- In Internet2 build git, branch as x.y.z.
- Branch from the latest commit in the proper branch (check the network graph if unclear)
git checkout 2.5.62
git checkout -b 2.5.63 - Check out the latest 2.5.x and 2.6.x to see if there is anything needing to be cherry-picked (Note: might need to change java version in jenkinsfile)
git pull
git diff origin/2.5.62..origin/2.6.9 Create an empty commit so it triggers a build
git commit --allow-empty -m "build 2.5.63"- Push to remote
- Branch from the latest commit in the proper branch (check the network graph if unclear)
- Wait 15 minutes build to finish (old: for build to finish)
- Go to: https://oss.sonatype.org/#stagingRepositories
- Select the x.y.z version and click "Release"
(ok to leave checked "automatically drop") - Browse public repositories, Navigate the folder structure to /edu/internet2/middleware/grouper/grouper to make sure the new version is there
- Select the x.y.z version and click "Release"
- In the docker_grouper project
- remove any patches
- make an x.y.z branch if not already there
- Make sure docker unit test count matches the number of changed unit tests in grouperContainerUnitTest.sh
have there been any new tests (assert*) since the last release? If so, update grouperContainerUnitTest.sh by incrementing expectedSuccesses by the number of new tests
git log -p 2.5.62.. -- container_files/tier-support/test/grouperContainerUnitTestUi.sh container_files/tier-support/test/grouperContainerUnitTest.sh
- Change the Dockerfile to x.y.z in two placesone place (or two for 2.5), commit and push
- Wait 15 minutes
- Wait until build is done
- Check build output for conflicting jars
- Run the container unit tests. Link to Grouper dockerhub
Container mysql replicate (if build error)
Expand Code Block mchyzer@ISC20-0637-WL:~/containerTest$ cat Dockerfile FROM centos:centos7 as installing RUN yum update -y \ && yum install -y wget tar unzip dos2unix patch \ && yum clean all RUN yum install -y wget tar unzip dos2unix patch RUN yum install -y epel-release \ && yum update -y \ && yum install -y mariadb-server mariadb \ && yum clean all \ && rm -rf /var/cache/yum RUN mysql_install_db --force \ && chown -R mysql:mysql /var/lib/mysql/ \ && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \ && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \ && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \ && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \ && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \ && cat /etc/my.cnf \ && echo "/usr/bin/mysqld_safe &" > /tmp/config \ && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \ && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \ && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \ && bash /tmp/config \ && rm -f /tmp/config EXPOSE 3306 CMD mysqld_safe mchyzer@ISC20-0637-WL:~/containerTest$ docker build -t my_mysql . [+] Building 26.8s (9/9) FINISHED => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 1.27kB 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/library/centos:centos7 2.5s => [1/5] FROM docker.io/library/centos:centos7@sha256:9d4bcbbb213dfd745b58be38b13b996ebb5ac315fe75711bd618426a630e0987 0.0s => CACHED [2/5] RUN yum update -y && yum install -y wget tar unzip dos2unix patch && yum clean all 0.0s => CACHED [3/5] RUN yum install -y wget tar unzip dos2unix patch 0.0s => [4/5] RUN yum install -y epel-release && yum update -y && yum install -y mariadb-server mariadb && yum clean all && rm -rf /var/cache/yum 17.2s => [5/5] RUN mysql_install_db --force && chown -R mysql:mysql /var/lib/mysql/ && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf && sed - 6.2s => exporting to image 0.9s => => exporting layers 0.9s => => writing image sha256:21400cf1803d58e336753379217dc0539a100aa8b5e9bd8923b1b07d816db4cc 0.0s => => naming to docker.io/library/my_mysql 0.0s Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them mchyzer@ISC20-0637-WL:~/containerTest$ docker run --detach --name my_mysql --publish 3306:3306 my_mysql:latest- Use the installer to install the container against a mysql from docker (case sensitive)
- jdbc:mysql://docker.for.win.localhost:3306/grouper_v2_5?useSSL=false
- Upgrade the demo server
Adjust the version of apache/shib/java/tomcat in the release notes
Code Block docker run --rm i2incommon/grouper:2.5.xx bash -c "java -version && httpd -v && /usr/sbin/shibd -v && grep "Apache Tomcat Version" /opt/tomee/RELEASE-NOTES"
- Adjust the SHA in release notes
- docker image inspect i2incommon/grouper:2.5.xx --format '{{ .RepoDigests }}'
...