fix docker build

.github/workflows/ci.yaml

@@ -14,9 +14,6 @@ jobs:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    env:
-      MAVEN_PROFILE: webapi-postgresql
-
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
@@ -38,10 +35,10 @@ jobs:
               ${{ runner.os }}-maven-
 
       - name: Build code
-        run: mvn -B -DskipTests=true -DskipUnitTests=true -P${{ env.MAVEN_PROFILE }} package
+        run: mvn -B -DskipTests=true -DskipUnitTests=true package
 
       - name: Test
-        run: mvn -B -P${{ env.MAVEN_PROFILE }} test
+        run: mvn -B test
 
   # Check that the docker image builds correctly
   # Push to ghcr.io for commits on master or webapi-3.0.

.github/workflows/release.yaml

@@ -10,16 +10,13 @@ env:
 
 jobs:
   upload:
-    env:
-      MAVEN_PROFILE: webapi-postgresql
-
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions/setup-java@v4
         with:
@@ -37,10 +34,10 @@ jobs:
             ${{ runner.os }}-maven-
 
       - name: Build JAR
-        run: mvn -B -DskipTests=true -DskipUnitTests=true -P${{ env.MAVEN_PROFILE }} package
+        run: mvn -B -DskipTests=true -DskipUnitTests=true -Dpackaging.type=jar package
 
       - name: Build WAR
-        run: mvn -B -DskipTests=true -DskipUnitTests=true -P${{ env.MAVEN_PROFILE }},war package
+        run: mvn -B -DskipTests=true -DskipUnitTests=true package
 
       # Upload both JAR and WAR to GitHub release
       - name: Upload to GitHub
@@ -50,48 +47,50 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
   # Build and push tagged release docker image to
-  # ohdsi/atlas:<version> and ohdsi/atlas:latest.
+  # ohdsi/webapi:<version> and ohdsi/webapi:latest.
   docker:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       # Add Docker labels and tags
       - name: Docker meta
         id: docker_meta
-        uses: crazy-max/ghaction-docker-meta@v1
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.DOCKER_IMAGE }}
-          tag-match: v(.*)
-          tag-match-group: 1
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
 
       # Setup docker build environment
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
       - name: Set build parameters
         id: build_params
         run: |
-          echo "::set-output name=sha8::${GITHUB_SHA::8}"
+          echo "sha8=${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: ./
           file: ./Dockerfile
-          # Allow running the image on the architectures supported by nginx-unprivileged:alpine.
+          # Allow running the image on the architectures supported by the base image.
           platforms: linux/amd64,linux/arm64
           push: true
           build-args: |

Dockerfile

@@ -2,23 +2,17 @@ FROM maven:3.9-eclipse-temurin-21 AS builder
 
 WORKDIR /code
 
-ARG MAVEN_PROFILE=webapi-docker,trexsql
+ARG MAVEN_PROFILE=trexsql
 ARG MAVEN_PARAMS="" # can use maven options, e.g. -DskipTests=true -DskipUnitTests=true
 
 ARG OPENTELEMETRY_JAVA_AGENT_VERSION=1.17.0
 RUN curl -LSsO https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OPENTELEMETRY_JAVA_AGENT_VERSION}/opentelemetry-javaagent.jar
 
-# Download dependencies
-COPY pom.xml /code/
-RUN mkdir .git \
-    && mvn package \
-     -Dpackaging.type=jar \
-     -P${MAVEN_PROFILE}
-
 ARG GIT_BRANCH=unknown
 ARG GIT_COMMIT_ID_ABBREV=unknown
 
 # Compile code and repackage it
+COPY pom.xml /code/
 COPY src /code/src
 RUN mvn package ${MAVEN_PARAMS} \
     -Dpackaging.type=jar \

README.md

@@ -24,6 +24,62 @@ The API Documentation is found at [http://webapidoc.ohdsi.org/](http://webapidoc
 
 Documentation can be found a the [Web API Installation Guide](https://github.com/OHDSI/WebAPI/wiki) which covers the system requirements and installation instructions.
 
+## WebAPI Configuration in version 3.0
+
+Application configuration has moved from a maven build-based pipeline (in version 2.x) to external configuration in WebAPI 3.0 (and using a new YAML format) as described in this [Atlas Sandbox project](https://github.com/OHDSI/AtlasWebAPISandbox/tree/main/ExternalConfig).
+
+### VS.Code Launch settings Example
+
+In VS Code, to launch the app using an external config, you can define a new launch settings in your local .vscode/launch.json file:
+
+```
+{
+  "configurations": [
+    {
+      "type": "java",
+      "name": "WebApi",
+      "request": "launch",
+      "mainClass": "org.ohdsi.webapi.WebApi",
+      "projectName": "WebAPI",
+      "vmArgs": "-Dspring.config.additional-location=file:C:/localsource/VSCodeWorkspace/webapi30-application.yaml"
+    }
+	]
+}
+```
+_Note the format of Windows paths in this example_
+
+This will pass the necessary VM arg to load additional Spring configuration from the specified file.  For example, for a local Postgres install with Windows Authentication enabled:
+
+```
+datasource:
+  dialect: postgresql
+  dialect.source: postgresql
+  driverClassName: org.postgresql.Driver
+  ohdsi:
+    schema: webapi
+  password: app1
+  url: jdbc:postgresql://localhost:5436/OHDSI_30
+  username: ohdsi_app_user
+security:
+  auth:
+    windows: 
+        enabled: true  
+  origin: http://localhost
+  provider: AtlasRegularSecurity
+```
+### Deploying WAR to Tomcat
+
+You can provide the enviornment variable `spring.config.additional-location` using a context.xml that is uploaded along with the WAR:
+
+```
+<Context>
+    <Environment name="spring.config.additional-location"
+                 value="file:/some/path/webapi/config/local-config.yaml"
+                 type="java.lang.String"
+                 override="false"/>
+</Context>
+```
+
 ## JAR Build (Executable)
 
 WebAPI can also be built as a self-contained executable JAR with embedded Tomcat:
@@ -56,40 +112,42 @@ java -jar target/WebAPI.jar \
 Notes:
 - Batch uses a table prefix and the security datasource can be overridden if you choose a separate connection, but both are optional when you keep everything on the main datasource/schema.
 
-## SAML Auth support
+## SAML Auth support (Updated for 3.0)
 
 The following parameters are used:
 
-- `security.saml.idpMetadataLocation=classpath:saml/dev/idp-metadata.xml` - path to metadata used by identity provider
-- `security.saml.metadataLocation=saml/dev/sp-metadata.xml` - service provider metadata path
-- `security.saml.keyManager.keyStoreFile=classpath:saml/samlKeystore.jks` - path to keystore
-- `security.saml.keyManager.storePassword=nalle123` - keystore password
-- `security.saml.keyManager.passwords.arachnenetwork=nalle123` - private key password
-- `security.saml.keyManager.defaultKey=apollo` - keystore alias
-- `security.saml.sloUrl=https://localhost:8443/cas/logout` - identity provider logout URL
-- `security.saml.callbackUrl=http://localhost:8080/WebAPI/user/saml/callback` - URL called from identity provider after login
+- `security.auth.saml.idpMetadataLocation=classpath:saml/dev/idp-metadata.xml` - path to metadata used by identity provider
+- `security.auth.saml.metadataLocation=saml/dev/sp-metadata.xml` - service provider metadata path
+- `security.auth.saml.keyManager.keyStoreFile=classpath:saml/samlKeystore.jks` - path to keystore
+- `security.auth.saml.keyManager.storePassword=nalle123` - keystore password
+- `security.auth.saml.keyManager.passwords.arachnenetwork=nalle123` - private key password
+- `security.auth.saml.keyManager.defaultKey=apollo` - keystore alias
+- `security.auth.saml.sloUrl=https://localhost:8443/cas/logout` - identity provider logout URL
+- `security.auth.saml.callbackUrl=http://localhost:8080/WebAPI/user/saml/callback` - URL called from identity provider after login
 
 Sample idp metadata and sp metadata config files for okta:
 - `saml/dev/idp-metadata-okta.xml`
 - `saml/dev/sp-metadata-okta.xml`
 
-## Managing auth providers
+## Managing auth providers (Updated for v3.0)
 
 The following parameters are used to enable/disable certain provider:
 
-- `security.auth.windows.enabled`
-- `security.auth.kerberos.enabled`
-- `security.auth.openid.enabled`
-- `security.auth.facebook.enabled`
-- `security.auth.github.enabled`
-- `security.auth.google.enabled`
-- `security.auth.jdbc.enabled`
-- `security.auth.ldap.enabled`
 - `security.auth.ad.enabled`
 - `security.auth.cas.enabled`
+- `security.auth.jdbc.enabled`
+- `security.auth.kerberos.enabled`
+- `security.auth.ldap.enabled`
+- `security.auth.oauth.facebook.enabled`
+- `security.auth.oauth.github.enabled`
+- `security.auth.oauth.google.enabled`
+- `security.auth.openid.enabled`
+- `security.auth.windows.enabled`
 
 Acceptable values are `true` and `false`
 
+Default paramaters for each of these authentication providers are provided as an example in the embedded application.yaml file.  All providers are disabled by default.
+
 ## Geospatial support
 
 Instructions can be found at [webapi-component-geospatial](https://github.com/OHDSI/webapi-component-geospatial)

docker/auth-test/docker-compose.yml

@@ -58,24 +58,24 @@ services:
       - SECURITY_AUTH_CAS_ENABLED=false
       - SECURITY_AUTH_WINDOWS_ENABLED=false
       - SECURITY_AUTH_KERBEROS_ENABLED=false
-      - SECURITY_AUTH_GOOGLE_ENABLED=false
-      - SECURITY_AUTH_FACEBOOK_ENABLED=false
-      - SECURITY_AUTH_GITHUB_ENABLED=false
-      - SECURITY_OID_CLIENTID=webapi-client
-      - SECURITY_OID_APISECRET=webapi-secret
-      - SECURITY_OID_URL=http://mock-oauth2:9090/default/.well-known/openid-configuration
-      - SECURITY_OID_EXTERNALURL=http://localhost:9090/default
-      - SECURITY_OID_LOGOUTURL=http://localhost:9090/default/endsession
-      - SECURITY_OID_EXTRASCOPES=profile email
-      - SECURITY_OAUTH_CALLBACK_UI=http://localhost:18080/WebAPI/#/welcome
-      - SECURITY_OAUTH_CALLBACK_API=http://localhost:18080/WebAPI/user/oauth/callback
-      - SECURITY_OAUTH_CALLBACK_URLRESOLVER=query
-      - SECURITY_DB_DATASOURCE_URL=jdbc:postgresql://postgres:5432/ohdsi
-      - SECURITY_DB_DATASOURCE_DRIVERCLASSNAME=org.postgresql.Driver
-      - SECURITY_DB_DATASOURCE_USERNAME=postgres
-      - SECURITY_DB_DATASOURCE_PASSWORD=postgres
-      - SECURITY_DB_DATASOURCE_SCHEMA=webapi
-      - SECURITY_DB_DATASOURCE_AUTHENTICATIONQUERY=select password, firstname, middlename, lastname from webapi.users where lower(email) = lower(?)
+      - SECURITY_AUTH_OAUTH_GOOGLE_ENABLED=false
+      - SECURITY_AUTH_OAUTH_FACEBOOK_ENABLED=false
+      - SECURITY_AUTH_OAUTH_GITHUB_ENABLED=false
+      - SECURITY_AUTH_OPENID_CLIENTID=webapi-client
+      - SECURITY_AUTH_OPENID_APISECRET=webapi-secret
+      - SECURITY_AUTH_OPENID_URL=http://mock-oauth2:9090/default/.well-known/openid-configuration
+      - SECURITY_AUTH_OPENID_EXTERNALURL=http://localhost:9090/default
+      - SECURITY_AUTH_OPENID_LOGOUTURL=http://localhost:9090/default/endsession
+      - SECURITY_AUTH_OPENID_EXTRASCOPES=profile email
+      - SECURITY_AUTH_OAUTH_CALLBACK_UI=http://localhost:18080/WebAPI/#/welcome
+      - SECURITY_AUTH_OAUTH_CALLBACK_API=http://localhost:18080/WebAPI/user/oauth/callback
+      - SECURITY_AUTH_OAUTH_CALLBACK_URLRESOLVER=query
+      - SECURITY_AUTH_JDBC_DATASOURCE_URL=jdbc:postgresql://postgres:5432/ohdsi
+      - SECURITY_AUTH_JDBC_DATASOURCE_DRIVERCLASSNAME=org.postgresql.Driver
+      - SECURITY_AUTH_JDBC_DATASOURCE_USERNAME=postgres
+      - SECURITY_AUTH_JDBC_DATASOURCE_PASSWORD=postgres
+      - SECURITY_AUTH_JDBC_DATASOURCE_SCHEMA=webapi
+      - SECURITY_AUTH_JDBC_DATASOURCE_AUTHENTICATIONQUERY=select password, firstname, middlename, lastname from webapi.users where lower(email) = lower(?)
       - LOGGING_LEVEL_ORG_OHDSI_WEBAPI_SECURITY=DEBUG
       - LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY=DEBUG
     ports: