Updates

- Tweak JVM memory parameters for build
- Add GitHub action for releasing vNext docker images
- Upgrade jQuery to 3.5.1 due to SECVULN
- Update Java in all containers to v11 (LTS)

.github/workflows/ci.yml

@@ -1,4 +1,11 @@
 name: Continuous Integration
+concurrency:
+  cancel-in-progress: false
+  group: "build-test"
+
+defaults:
+  run:
+    shell: bash
 
 on:
   pull_request:
@@ -22,7 +29,6 @@ jobs:
           fetch-depth: 0
 
       - name: Build and Test
-        shell: bash
         run: cd build/ && ./assemble_api.sh && ./run_all_tests.sh
 
       - name: Codecov

.github/workflows/publish-site.yml

@@ -1,4 +1,11 @@
 name: Microsite
+concurrency:
+  cancel-in-progress: true
+  group: "publish-site"
+
+defaults:
+  run:
+    shell: bash
 
 on:
   workflow_dispatch:
@@ -15,7 +22,6 @@ jobs:
           fetch-depth: 0
 
       - run: "build/publish_docs.sh"
-        shell: bash
         env:
           SBT_MICROSITES_PUBLISH_TOKEN: ${{ secrets.VINYLDNS_MICROSITE }}
           ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'

.github/workflows/release-vnext.yml

@@ -0,0 +1,93 @@
+name: VinylDNS Release vNext
+concurrency:
+  cancel-in-progress: true
+  group: "release-vnext"
+
+defaults:
+  run:
+    shell: bash
+
+on:
+  push:
+    branches: [ 'master','main' ]
+  workflow_dispatch:
+    branches: [ 'master', 'main' ]
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+
+  verify:
+    name: Verify Release
+    if: "!contains(github.event.head_commit.message, 'ci skip')"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout current branch (full)
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Build and Test
+        id: build
+        shell: bash
+        run: cd build/ && \
+          ./assemble_api.sh && \
+          ./run_all_tests.sh
+
+  docker-release-api:
+    name: Release API vNext Image
+    needs: [ verify ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout current branch (full)
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Import Content Trust Key
+        run: docker trust key load <(echo "${SIGNING_KEY}") --name vinyldns_svc
+        env:
+          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
+
+      - name: Publish API Docker Image
+        run: make -C build/docker/api publish-vnext
+        env:
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
+
+  docker-release-portal:
+    name: Release Portal vNext Image
+    needs: [ verify ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout current branch (full)
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Import Content Trust Key
+        run: docker trust key load <(echo "${SIGNING_KEY}") --name vinyldns_svc
+        env:
+          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
+
+      - name: Publish Portal Docker Image
+        run: make -C build/docker/portal publish-vnext
+        env:
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

.github/workflows/release.yml

@@ -1,4 +1,11 @@
-name: VinylDNS Release
+name: VinylDNS Official Docker Release
+concurrency:
+  cancel-in-progress: true
+  group: "release"
+
+defaults:
+  run:
+    shell: bash
 
 on:
   workflow_dispatch:
@@ -21,7 +28,6 @@ jobs:
 
       - name: Build and Test
         id: build
-        shell: bash
         run: cd build/ && \
           ./assemble_api.sh && \
           ./run_all_tests.sh
@@ -40,12 +46,10 @@ jobs:
 
       - name: Build Artifacts
         id: build
-        shell: bash
         run: cd build/ && ./assemble_api.sh && ./assemble_portal.sh
 
       - name: Get Version
         id: get-version
-        shell: bash
         run: echo "::set-output name=vinyldns_version::$(awk -F'"' '{print $2}' ./version.sbt)"
 
       - name: Create GitHub Release
@@ -77,13 +81,11 @@ jobs:
 
       - name: Import Content Trust Key
         run: docker trust key load <(echo "${SIGNING_KEY}") --name vinyldns_svc
-        shell: bash
         env:
           SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
           DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
 
       - name: Publish API Docker Image
-        shell: bash
         run: make -C build/docker/api publish
         env:
           DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
@@ -107,13 +109,11 @@ jobs:
 
       - name: Import Content Trust Key
         run: docker trust key load <(echo "${SIGNING_KEY}") --name vinyldns_svc
-        shell: bash
         env:
           SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
           DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
 
       - name: Publish Portal Docker Image
-        shell: bash
         run: make -C build/docker/portal publish
         env:
           DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

DEVELOPER_GUIDE.md

@@ -27,7 +27,7 @@
 
 ## Developer Requirements (Local)
 
-- Java 8 (at least u162)
+- Java 8+
 - Scala 2.12
 - sbt 1.4+
 

README.md

@@ -36,16 +36,17 @@ Integration is simple with first-class language support including:
 
 ## Table of Contents
 
-- [Quickstart](#quickstart)
-- [Things to Try in the Portal](#things-to-try-in-the-portal)
-  - [Verifying Your Changes](#verifying-your-changes)
-  - [Other things to note](#other-things-to-note)
-- [Code of Conduct](#code-of-conduct)
-- [Developer Guide](#developer-guide)
-- [Contributing](#contributing)
-- [Contact](#contact)
-- [Maintainers and Contributors](#maintainers-and-contributors)
-- [Credits](#credits)
+* [Quickstart](#quickstart)
+    - [Quickstart Optimization](#quickstart-optimization)
+* [Things to Try in the Portal](#things-to-try-in-the-portal)
+    + [Verifying Your Changes](#verifying-your-changes)
+    + [Other things to note](#other-things-to-note)
+* [Code of Conduct](#code-of-conduct)
+* [Developer Guide](#developer-guide)
+* [Contributing](#contributing)
+* [Contact](#contact)
+* [Maintainers and Contributors](#maintainers-and-contributors)
+* [Credits](#credits)
 
 ## Quickstart
 
@@ -62,7 +63,21 @@ VinylDNS on your machine with docker:
 1. To stop the local setup, run `./utils/clean-vinyldns-containers.sh`.
 
 There exist several clients at <https://github.com/vinyldns> that can be used to make API requests, using the
-endpoint `http://localhost:9000`
+endpoint `http://localhost:9000`.
+
+#### Quickstart Optimization
+
+If you are experimenting with Quickstart, you may encounter a delay each time you run it. This is because the API and
+Portal are rebuilt every time you launch Quickstart. If you'd like to cache the builds of the API and Portal, you may
+want to first run:
+
+| Script                     | Description                                                                  |
+|----------------------------|------------------------------------------------------------------------------|
+| `build/assemble_api.sh`    | This will create the API `jar` file which will then be used by Quickstart    |
+| `build/assemble_portal.sh` | This will create the Portal `zip` file which will then be used by Quickstart |
+
+Once these scripts are run, the artifacts are placed into the `artifacts/` directory and will be reused for each
+Quickstart launch. If you'd like to regenerate the artifacts, simply delete them and rerun the scripts above.
 
 ## Things to Try in the Portal
 
@@ -130,7 +145,8 @@ See the [Contributing Guide](CONTRIBUTING.md).
 
 ## Contact
 
-- If you have any security concerns please contact the maintainers directly [vinyldns-core@googlegroups.com](mailto:vinyldns-core@googlegroups.com)
+- If you have any security concerns please contact the maintainers
+  directly [vinyldns-core@googlegroups.com](mailto:vinyldns-core@googlegroups.com)
 
 ## Maintainers and Contributors
 

build/docker/api/Dockerfile

@@ -7,18 +7,17 @@ WORKDIR /build
 RUN mkdir -p /opt/vinyldns/conf && \
     if [ -f artifacts/vinyldns-api.jar ]; then cp artifacts/vinyldns-api.jar /opt/vinyldns/; fi && \
     if [ ! -f /opt/vinyldns/vinyldns-api.jar ]; then \
-      env SBT_OPTS="-XX:+UseConcMarkSweepGC -Xmx4G -Xms1G" \
+      env SBT_OPTS="-Xmx2G -Xms512M -Xss2M -XX:MaxMetaspaceSize=2G" \
       sbt -Dbuild.scalafmtOnCompile=false -Dbuild.lintOnCompile=fase ";project api;coverageOff;assembly" \
       && cp artifacts/vinyldns-api.jar /opt/vinyldns/; \
     fi
 
-FROM adoptopenjdk/openjdk11:jdk-11.0.8_10-alpine
+FROM openjdk:11-slim
 ARG DOCKER_FILE_PATH
 ARG VINYLDNS_VERSION
 
 RUN test -n "VINYLDNS_VERSION" || (echo "VINYLDNS_VERSION  not set" && false) && \
     test -n "DOCKER_FILE_PATH" || (echo "DOCKER_FILE_PATH  not set" && false) && \
-    apk add --update --no-cache bash && \
     mkdir -p /opt/vinyldns/lib_extra && \
     echo "${VINYLDNS_VERSION}" > /opt/vinyldns/version
 

build/docker/api/Makefile

@@ -27,7 +27,7 @@ endif
 
 .ONESHELL:
 
-.PHONY: all build run publish
+.PHONY: all artifact build run publish build-vnext publish-vnext
 
 all: build run
 
@@ -55,3 +55,13 @@ publish: build
 	DOCKER_CONTENT_TRUST=1 docker push $(IMAGE_NAME):$(IMAGE_TAG)
 	DOCKER_CONTENT_TRUST=1 docker push $(IMAGE_NAME):latest
 
+build-vnext:
+	@set -euo pipefail
+	cd ../../..
+	docker build $(BUILD_ARGS) --build-arg DOCKER_FILE_PATH="$$(realpath --relative-to="." "$(ROOT_DIR)")" --build-arg VINYLDNS_VERSION="vnext" -t $(IMAGE_NAME):vnext -f "$(ROOT_DIR)/Dockerfile" .
+	docker tag $(IMAGE_NAME):$(IMAGE_TAG) "$(IMAGE_NAME):vnext-$$(date -u  +"%Y%m%d")"
+
+publish-vnext: build-vnext
+	@set -euo pipefail
+	DOCKER_CONTENT_TRUST=1 docker push $(IMAGE_NAME):vnext
+	DOCKER_CONTENT_TRUST=1 docker push "$(IMAGE_NAME):vnext-$$(date -u  +"%Y%m%d")"

build/docker/portal/Dockerfile

@@ -20,13 +20,12 @@ RUN mkdir -p /opt/vinyldns/conf && \
        rm -rf /opt/vinyldns/vinyldns-portal*; \
     fi
 
-FROM adoptopenjdk/openjdk11:jdk-11.0.8_10-alpine
+FROM openjdk:11-slim
 ARG DOCKER_FILE_PATH
 ARG VINYLDNS_VERSION
 
 RUN test -n "VINYLDNS_VERSION" || (echo "VINYLDNS_VERSION  not set" && false) && \
     test -n "DOCKER_FILE_PATH" || (echo "DOCKER_FILE_PATH  not set" && false) && \
-    apk add --update --no-cache bash && \
     mkdir -p /opt/vinyldns/lib_extra && \
     echo "${VINYLDNS_VERSION}" > /opt/vinyldns/version
 

build/docker/portal/Makefile

@@ -27,11 +27,7 @@ endif
 
 .ONESHELL:
 
-.PHONY: all build run
-
-all: build run
-
-.PHONY: all build run publish
+.PHONY: all artifact build run publish build-vnext publish-vnext
 
 all: build run
 
@@ -59,3 +55,13 @@ publish: build
 	DOCKER_CONTENT_TRUST=1 docker push $(IMAGE_NAME):$(IMAGE_TAG)
 	DOCKER_CONTENT_TRUST=1 docker push $(IMAGE_NAME):latest
 
+build-vnext:
+	@set -euo pipefail
+	cd ../../..
+	docker build $(BUILD_ARGS) --build-arg DOCKER_FILE_PATH="$$(realpath --relative-to="." "$(ROOT_DIR)")" --build-arg VINYLDNS_VERSION="vnext" -t $(IMAGE_NAME):vnext -f "$(ROOT_DIR)/Dockerfile" .
+	docker tag $(IMAGE_NAME):$(IMAGE_TAG) "$(IMAGE_NAME):vnext-$$(date -u  +'%Y%m%d')"
+
+publish-vnext: build-vnext
+	@set -euo pipefail
+	DOCKER_CONTENT_TRUST=1 docker push $(IMAGE_NAME):vnext
+	DOCKER_CONTENT_TRUST=1 docker push "$(IMAGE_NAME):vnext-$$(date -u  +'%Y%m%d')"

modules/portal/package.json

@@ -23,7 +23,7 @@
     "grunt-mocha-phantomjs": "^3.0.0",
     "jasmine-core": "^2.99.1",
     "jasmine-jquery": "2.1.1",
-    "jquery": "^2.2.4",
+    "jquery": "^3.5.1",
     "karma": "^2.0.5",
     "karma-chrome-launcher": "^2.2.0",
     "karma-jasmine": "^1.0.2",

quickstart/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.5"
+version: "3.8"
 
 services:
 
@@ -31,13 +31,14 @@ services:
   # The VinylDNS API
   api:
     container_name: "vinyldns-api"
+    oom_kill_disable: true
     image: "vinyldns/api:${VINYLDNS_IMAGE_VERSION}"
     build:
       context: ../
       dockerfile: build/docker/api/Dockerfile
       args:
         VINYLDNS_VERSION: "${VINYLDNS_IMAGE_VERSION}"
-        DOCKER_FILE_PATH: "../build/docker/api"
+        DOCKER_FILE_PATH: "build/docker/api"
     volumes:
       - ../build/docker/api/application.conf:/opt/vinyldns/conf/application.conf
     env_file:
@@ -50,12 +51,13 @@ services:
   # The VinylDNS portal
   portal:
     container_name: "vinyldns-portal"
+    oom_kill_disable: true
     image: "vinyldns/portal:${VINYLDNS_IMAGE_VERSION}"
     build:
       context: ../
       dockerfile: build/docker/portal/Dockerfile
       args:
-        DOCKER_FILE_PATH: "../build/docker/portal"
+        DOCKER_FILE_PATH: "build/docker/portal"
         VINYLDNS_VERSION: "${VINYLDNS_IMAGE_VERSION}"
     env_file:
       .env

test/api/integration/Dockerfile

@@ -11,7 +11,7 @@ WORKDIR /build
 ARG SKIP_API_BUILD="false"
 RUN if [ -f artifacts/vinyldns-api.jar ]; then cp artifacts/vinyldns-api.jar /opt/vinyldns; fi && \
     if [ ! -f /opt/vinyldns/vinyldns-api.jar ] && [ "$SKIP_API_BUILD" == "false" ]; then \
-      env SBT_OPTS="-XX:+UseConcMarkSweepGC -Xmx4G -Xms1G" \
+      env SBT_OPTS="-Xmx2G -Xms512M -Xss2M -XX:MaxMetaspaceSize=2G" \
       sbt -Dbuild.scalafmtOnCompile=false -Dbuild.lintOnCompile=fase ";project api;coverageOff;assembly" \
       && cp artifacts/vinyldns-api.jar /opt/vinyldns/; \
     fi