Feature/2023 api update (#27)

* hook up some testing to help avoid broken dependencies * add mvnw * see dockstore/dockstore#5483 * add map, fix link
dockstore · Nov 29, 2023 · 574498a · 574498a
1 parent 63b831e
commit 574498a
Show file tree

Hide file tree

Showing 17 changed files with 603 additions and 10 deletions.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -0,0 +1,23 @@
+## How to contribute to Dockstore
+
+#### **Did you find a bug?**
+
+* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/dockstore/dockstore/issues).
+
+* If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/dockstore/dockstore/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring.
+
+#### **Did you write a patch that fixes a bug?**
+
+* Open a new GitHub pull request with the patch.
+
+* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.
+
+* Before submitting, please read ensure that your code passes the style guide and tests. See the GitHub status checks on your PR for more details. Note that until we resolve [this](https://github.com/dockstore/dockstore/issues/3541) issue, a large number of integration tests will fail.
+
+#### **Do you intend to add a new feature or change an existing one?**
+
+* Suggest your change as a [github issue](https://github.com/dockstore/dockstore/issues) either by creating a new issue or commenting on an existing one and start writing code. The relevant repositories are nested under our [organization](https://github.com/dockstore) including the webservice (dockstore), the user interface (dockstore-ui2), the command-line interface (dockstore-cli), and many more. 
+
+#### **Do you want to contribute to the Dockstore documentation?**
+
+* Most of our documentation is generated from [dockstore-documentation](https://github.com/dockstore/dockstore-documentation).
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+ - UI version: [e.g. 2.5.0]
+ - Webservice version: [e.g. 1.8.0]
+ - host location: [e.g. staging.dockstore.org]
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Dockstore Community Forum
+    url: https://discuss.dockstore.org/c/dockstore-arch/7
+    about: Please ask and answer questions here.
+  - name: Dockstore Security and Internal Issues
+    url: https://ucsc-cgl.atlassian.net/browse/DOCK
+    about: Please report security vulnerabilities here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,33 @@
+**Description**
+A description of the PR, should include a decent explanation as to why this change was needed and a decent explanation as to what this change does
+
+**Review Instructions**
+Describe if this ticket needs review and if so, how one may go about it in qa and/or staging environments.
+For example, a ticket based on Security Hub, Snyk, or Dependabot may not need review since those services 
+will generate new warnings if the issue has not been resolved properly. On the other hand, an infrastructure
+ticket that results in visible changes to the end-user will definitely require review. 
+Many tickets will likely be between these two extremes, so some judgement may be required.
+
+**Issue**
+A link to a github issue or SEAB- ticket (using that as a prefix)
+
+**Security and Privacy**
+
+If there are any concerns that require extra attention from the security team, highlight them here.
+
+e.g. Does this change...
+* Any user data we collect, or data location?
+* Access control, authentication or authorization?
+* Encryption features?
+
+Please make sure that you've checked the following before submitting your pull request. Thanks!
+
+- [ ] Check that you pass the basic style checks and unit tests by running `mvn clean install`
+- [ ] Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
+- [ ] Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
+- [ ] If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
+- [ ] Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
+- [ ] Do not serve user-uploaded binary images through the Dockstore API
+- [ ] Ensure that endpoints that only allow privileged access enforce that with the `@RolesAllowed` annotation
+- [ ] Do not create cookies, although this may change in the future
+- [ ] If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead. 
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,39 @@
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions, path is indeed "/" https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "dockstore/dockstore"        
+
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # start with security updates only https://stackoverflow.com/a/68254421
+    open-pull-requests-limit: 0  
+    reviewers:
+      - "dockstore/dockstore"        
+
+  # Maintain dependencies for Dockerfile
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # start with security updates only https://stackoverflow.com/a/68254421  
+    open-pull-requests-limit: 0
+    reviewers:
+      - "dockstore/dockstore"   
+
+  # Maintain dependencies for swagger-ui and cwltool
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # start with security updates only https://stackoverflow.com/a/68254421
+    reviewers:
+      - "dockstore/dockstore"        
diff --git a/.github/workflows/.mvnw.yml.swp b/.github/workflows/.mvnw.yml.swp
diff --git a/.github/workflows/mvnw.yml b/.github/workflows/mvnw.yml
@@ -0,0 +1,37 @@
+name: Regular dockstore-style build
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        java: [ '17.0.4+8' ]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: ${{ matrix.java }}
+          distribution: 'adopt'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: java
+
+      # Step that does that actual cache save and restore
+      - uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+           ${{ runner.os }}-maven-
+      - name: Build with mvnw
+        run: ./mvnw clean install
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2          
diff --git a/.mvn/.mvn.iml b/.mvn/.mvn.iml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+  <component name="MavenCustomPomFilePath">
+    <option name="mavenPomFileUrl" value="file://$MODULE_DIR$/jvm.config" />
+  </component>
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5">
+    <output url="file://$MODULE_DIR$/../target/classes" />
+    <output-test url="file://$MODULE_DIR$/../target/test-classes" />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
diff --git a/.mvn/jvm.config b/.mvn/jvm.config
@@ -0,0 +1 @@
+-XX:+IgnoreUnrecognizedVMOptions --add-opens=java.base/java.util=ALL-UNNAMED
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar