From 3725fb00634df0a5b2c35ad08ddb94ca700326fb Mon Sep 17 00:00:00 2001 From: BRUVRY-LAGADEC Date: Thu, 18 Sep 2025 19:13:21 +0200 Subject: [PATCH 01/13] feat: demonstration Improve Linux demo process --- .env.demo.coriolis | 4 ++-- .gitignore | 3 +-- .../2903996_Rtraj.nc | Bin .../{2903996_coriolis => 2903996}/2903996_meta.nc | Bin .../{2903996_coriolis => 2903996}/2903996_tech.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_001.nc | Bin .../R2903996_001D.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_002.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_003.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_009.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_010.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_011.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_012.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_013.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_014.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_015.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_016.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_017.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_018.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_019.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_020.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_023.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_024.nc | Bin demo/outputs/2903996/.gitkeep | 0 demo/outputs/3901945/.gitkeep | 0 run-file-checker-linux.sh | 14 ++++++++++---- 26 files changed, 13 insertions(+), 8 deletions(-) rename demo/inputs/{2903996_coriolis => 2903996}/2903996_Rtraj.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/2903996_meta.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/2903996_tech.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_001.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_001D.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_002.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_003.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_009.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_010.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_011.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_012.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_013.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_014.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_015.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_016.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_017.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_018.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_019.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_020.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_023.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_024.nc (100%) create mode 100644 demo/outputs/2903996/.gitkeep create mode 100644 demo/outputs/3901945/.gitkeep diff --git a/.env.demo.coriolis b/.env.demo.coriolis index 78a0a1f..02c5783 100644 --- a/.env.demo.coriolis +++ b/.env.demo.coriolis @@ -5,8 +5,8 @@ FILECHECKER_IMAGE_TAG=develop # External directories to mount to the container FILECHECKER_SPEC_VOLUME=./file_checker_spec -FILECHECKER_INPUT_VOLUME=./demo/inputs/2903996_coriolis -FILECHECKER_OUTPUT_VOLUME=./demo/outputs/2903996_coriolis +FILECHECKER_INPUT_VOLUME=./demo/inputs/2903996 +FILECHECKER_OUTPUT_VOLUME=./demo/outputs/2903996 # Variable specific to floats to check DAC_NAME=coriolis diff --git a/.gitignore b/.gitignore index 5319791..e56acf4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -demo/outputs/* +*.filecheck .env -!.gitkeep \ No newline at end of file diff --git a/demo/inputs/2903996_coriolis/2903996_Rtraj.nc b/demo/inputs/2903996/2903996_Rtraj.nc similarity index 100% rename from demo/inputs/2903996_coriolis/2903996_Rtraj.nc rename to demo/inputs/2903996/2903996_Rtraj.nc diff --git a/demo/inputs/2903996_coriolis/2903996_meta.nc b/demo/inputs/2903996/2903996_meta.nc similarity index 100% rename from demo/inputs/2903996_coriolis/2903996_meta.nc rename to demo/inputs/2903996/2903996_meta.nc diff --git a/demo/inputs/2903996_coriolis/2903996_tech.nc b/demo/inputs/2903996/2903996_tech.nc similarity index 100% rename from demo/inputs/2903996_coriolis/2903996_tech.nc rename to demo/inputs/2903996/2903996_tech.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_001.nc b/demo/inputs/2903996/R2903996_001.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_001.nc rename to demo/inputs/2903996/R2903996_001.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_001D.nc b/demo/inputs/2903996/R2903996_001D.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_001D.nc rename to demo/inputs/2903996/R2903996_001D.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_002.nc b/demo/inputs/2903996/R2903996_002.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_002.nc rename to demo/inputs/2903996/R2903996_002.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_003.nc b/demo/inputs/2903996/R2903996_003.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_003.nc rename to demo/inputs/2903996/R2903996_003.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_009.nc b/demo/inputs/2903996/R2903996_009.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_009.nc rename to demo/inputs/2903996/R2903996_009.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_010.nc b/demo/inputs/2903996/R2903996_010.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_010.nc rename to demo/inputs/2903996/R2903996_010.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_011.nc b/demo/inputs/2903996/R2903996_011.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_011.nc rename to demo/inputs/2903996/R2903996_011.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_012.nc b/demo/inputs/2903996/R2903996_012.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_012.nc rename to demo/inputs/2903996/R2903996_012.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_013.nc b/demo/inputs/2903996/R2903996_013.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_013.nc rename to demo/inputs/2903996/R2903996_013.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_014.nc b/demo/inputs/2903996/R2903996_014.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_014.nc rename to demo/inputs/2903996/R2903996_014.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_015.nc b/demo/inputs/2903996/R2903996_015.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_015.nc rename to demo/inputs/2903996/R2903996_015.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_016.nc b/demo/inputs/2903996/R2903996_016.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_016.nc rename to demo/inputs/2903996/R2903996_016.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_017.nc b/demo/inputs/2903996/R2903996_017.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_017.nc rename to demo/inputs/2903996/R2903996_017.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_018.nc b/demo/inputs/2903996/R2903996_018.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_018.nc rename to demo/inputs/2903996/R2903996_018.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_019.nc b/demo/inputs/2903996/R2903996_019.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_019.nc rename to demo/inputs/2903996/R2903996_019.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_020.nc b/demo/inputs/2903996/R2903996_020.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_020.nc rename to demo/inputs/2903996/R2903996_020.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_023.nc b/demo/inputs/2903996/R2903996_023.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_023.nc rename to demo/inputs/2903996/R2903996_023.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_024.nc b/demo/inputs/2903996/R2903996_024.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_024.nc rename to demo/inputs/2903996/R2903996_024.nc diff --git a/demo/outputs/2903996/.gitkeep b/demo/outputs/2903996/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/demo/outputs/3901945/.gitkeep b/demo/outputs/3901945/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/run-file-checker-linux.sh b/run-file-checker-linux.sh index 1d28621..ef08160 100755 --- a/run-file-checker-linux.sh +++ b/run-file-checker-linux.sh @@ -1,8 +1,14 @@ #!/bin/bash -# TODO : add when container can run as non root -# export DOCKER_UID=$UID -# export DOCKER_GID=$(id -g $UID) +export DOCKER_UID=$UID +export DOCKER_GID=$(id -g $UID) +# BODC file format checker +echo "----- File format checker for BODC 3901945 -----" docker compose --env-file .env.demo.bodc down -docker compose --env-file .env.demo.bodc up \ No newline at end of file +docker compose --env-file .env.demo.bodc up + +# Coriolis file format checker +echo "----- File format checker for COriolis 2903996 -----" +docker compose --env-file .env.demo.coriolis down +docker compose --env-file .env.demo.coriolis up \ No newline at end of file From 301e8876b7682816fafa1300cce5e47d05220eb4 Mon Sep 17 00:00:00 2001 From: LUBAC Date: Tue, 23 Sep 2025 17:54:15 +0200 Subject: [PATCH 02/13] update table 27 --- file_checker_spec/ref_table-27 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file_checker_spec/ref_table-27 b/file_checker_spec/ref_table-27 index 896b33a..ecbe6dd 100644 --- a/file_checker_spec/ref_table-27 +++ b/file_checker_spec/ref_table-27 @@ -1,5 +1,5 @@ // $Revision: 1327 $ -// $Date: 2022-04-21 21:17:54 +0000 (Thu, 21 Apr 2022) $ +// $Date: 2025-09-23 17:30:00 +0000 (Thu, 23 Sep 2025) $ //SENSOR_MODEL | SENSOR_MAKER | COMMENTS | SENSOR | | update date | update comment | parameter status operational/pilot/obsolete From 98c982c57f20e6587ca07e819d6e727b40e21753 Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 09:33:20 +0200 Subject: [PATCH 03/13] update Dockerfile for security --- file_checker_exec/Dockerfile | 4 ++-- file_checker_spec/ref_table-27 | 2 +- file_checker_spec/ref_table-41 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/file_checker_exec/Dockerfile b/file_checker_exec/Dockerfile index c459e60..d953082 100644 --- a/file_checker_exec/Dockerfile +++ b/file_checker_exec/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:21-jdk-alpine AS builder +FROM eclipse-temurin:21-jdk-jammy AS builder LABEL org.opencontainers.image.authors="yvan.lubac@euro-argo.eu" LABEL org.opencontainers.image.description="Docker Image for Argo netcdf File Checler" @@ -20,7 +20,7 @@ COPY ./src ./src RUN chmod +x ./mvnw \ && ./mvnw clean package -FROM eclipse-temurin:8-jre-alpine AS runtime +FROM eclipse-temurin:8-jre-jammy AS runtime WORKDIR /app diff --git a/file_checker_spec/ref_table-27 b/file_checker_spec/ref_table-27 index ecbe6dd..3a35f1d 100644 --- a/file_checker_spec/ref_table-27 +++ b/file_checker_spec/ref_table-27 @@ -1,4 +1,4 @@ -// $Revision: 1327 $ +// $Revision: 1328 $ // $Date: 2025-09-23 17:30:00 +0000 (Thu, 23 Sep 2025) $ //SENSOR_MODEL | SENSOR_MAKER | COMMENTS | SENSOR | | update date | update comment | parameter status operational/pilot/obsolete diff --git a/file_checker_spec/ref_table-41 b/file_checker_spec/ref_table-41 index e66b2ba..2046a8e 100644 --- a/file_checker_spec/ref_table-41 +++ b/file_checker_spec/ref_table-41 @@ -1,4 +1,4 @@ -// $Revision: 0001 $ +// $Revision: 0002 $ // $Date: 2025-23-09 //CODNAM From e5534cff50dec0f19c76eb7f7fdf358a5bcc920f Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 10:04:37 +0200 Subject: [PATCH 04/13] fix dockerfile --- file_checker_exec/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file_checker_exec/Dockerfile b/file_checker_exec/Dockerfile index d953082..a2b135e 100644 --- a/file_checker_exec/Dockerfile +++ b/file_checker_exec/Dockerfile @@ -26,7 +26,7 @@ WORKDIR /app RUN set -e \ && addgroup --system --gid 1001 gcontainer \ -&& adduser --system --uid 1001 -G gcontainer fileCheckerRunner +&& adduser --system --uid 1001 --gid 1001 --no-create-home fileCheckerRunner RUN set -e \ && mkdir -p /app/results /app/data /app/file_checker_spec \ From c14556424b8941aaa92a74a0f47f71c12ef2fd6f Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 11:16:20 +0200 Subject: [PATCH 05/13] update github CI and add ifremer CI --- .github/workflows/workflow-java.yml | 8 +------- gitlab-ci.yml | 32 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 gitlab-ci.yml diff --git a/.github/workflows/workflow-java.yml b/.github/workflows/workflow-java.yml index 7b1cbe9..fbf77df 100644 --- a/.github/workflows/workflow-java.yml +++ b/.github/workflows/workflow-java.yml @@ -21,10 +21,4 @@ jobs: uses: ./.github/workflows/component-container-image.yml with: context: file_checker_exec - image-path: ghcr.io/OneArgo/ArgoFormatChecker/app - container-image-security: - needs: [container-image-build] - uses: ./.github/workflows/component-container-image-security.yml - with: - context: file_checker_exec - image-path: ghcr.io/OneArgo/ArgoFormatChecker/app + image-path: ghcr.io/OneArgo/ArgoFormatChecker/app \ No newline at end of file diff --git a/gitlab-ci.yml b/gitlab-ci.yml new file mode 100644 index 0000000..b775174 --- /dev/null +++ b/gitlab-ci.yml @@ -0,0 +1,32 @@ +--- +include: + - component: $CI_SERVER_FQDN/dev-ops/templates/automatisation/ci-cd/pipeline-java-container-image@~latest + inputs: + container_image_build_context: "./file_checker_exec" + container_image_docker_file_path: "./file_checker_exec/Dockerfile" + java_builder_artifacts_path: "**/target/*.{war,jar}" + java_builder_build_command: "clean package -f file_checker_exec/pom.xml" + java_builder_maven_quality_enable: "false" + java_builder_maven_settings_path: "./file_checker_exec/settings.xml" + java_builder_publish_command: "deploy -f file_checker_exec/pom.xml" + java_builder_quality_command: "checkstyle:check -f file_checker_exec/pom.xml" + java_builder_tests_command: "test -f file_checker_exec/pom.xml" + java_publish_enable: "true" + pipeline_enable_sonarqube: "false" + lint_yamllint_enable: "false" + +security:filesystem:scan 🛡️: + rules: + - when: always + +check_container-image_scanning: + stage: security + image: alpine:latest + script: + - CRITICAL_COUNT=$(grep -o '' scanning-report.html | wc -l || echo 0) + - echo "Number of critical vulnerabilities:${CRITICAL_COUNT}" + - if [ "$CRITICAL_COUNT" -gt 0 ]; then echo "Critical vulnerabilities detected"; exit 1; fi + needs: + - job: security:filesystem:scan 🛡️ + artifacts: true + allow_failure: false From 3ae4ec164656e7198d76cb9f4d52f59f7d9a7c0f Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 11:23:11 +0200 Subject: [PATCH 06/13] gitlab ci --- gitlab-ci.yml => .gitlab-ci.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename gitlab-ci.yml => .gitlab-ci.yml (100%) diff --git a/gitlab-ci.yml b/.gitlab-ci.yml similarity index 100% rename from gitlab-ci.yml rename to .gitlab-ci.yml From 6b4a7a845390732993601050b6d9b11e7ba4516d Mon Sep 17 00:00:00 2001 From: LUBAC Date: Tue, 23 Sep 2025 17:54:15 +0200 Subject: [PATCH 07/13] update table 27 --- file_checker_spec/ref_table-27 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file_checker_spec/ref_table-27 b/file_checker_spec/ref_table-27 index 896b33a..ecbe6dd 100644 --- a/file_checker_spec/ref_table-27 +++ b/file_checker_spec/ref_table-27 @@ -1,5 +1,5 @@ // $Revision: 1327 $ -// $Date: 2022-04-21 21:17:54 +0000 (Thu, 21 Apr 2022) $ +// $Date: 2025-09-23 17:30:00 +0000 (Thu, 23 Sep 2025) $ //SENSOR_MODEL | SENSOR_MAKER | COMMENTS | SENSOR | | update date | update comment | parameter status operational/pilot/obsolete From b9d513cb678cb939c28ded69f6339ebbb28ef74e Mon Sep 17 00:00:00 2001 From: BRUVRY-LAGADEC Date: Thu, 18 Sep 2025 19:13:21 +0200 Subject: [PATCH 08/13] feat: demonstration Improve Linux demo process --- .env.demo.coriolis | 4 ++-- .gitignore | 3 +-- .../2903996_Rtraj.nc | Bin .../{2903996_coriolis => 2903996}/2903996_meta.nc | Bin .../{2903996_coriolis => 2903996}/2903996_tech.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_001.nc | Bin .../R2903996_001D.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_002.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_003.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_009.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_010.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_011.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_012.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_013.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_014.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_015.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_016.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_017.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_018.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_019.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_020.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_023.nc | Bin .../{2903996_coriolis => 2903996}/R2903996_024.nc | Bin demo/outputs/2903996/.gitkeep | 0 demo/outputs/3901945/.gitkeep | 0 run-file-checker-linux.sh | 14 ++++++++++---- 26 files changed, 13 insertions(+), 8 deletions(-) rename demo/inputs/{2903996_coriolis => 2903996}/2903996_Rtraj.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/2903996_meta.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/2903996_tech.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_001.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_001D.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_002.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_003.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_009.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_010.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_011.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_012.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_013.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_014.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_015.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_016.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_017.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_018.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_019.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_020.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_023.nc (100%) rename demo/inputs/{2903996_coriolis => 2903996}/R2903996_024.nc (100%) create mode 100644 demo/outputs/2903996/.gitkeep create mode 100644 demo/outputs/3901945/.gitkeep diff --git a/.env.demo.coriolis b/.env.demo.coriolis index 78a0a1f..02c5783 100644 --- a/.env.demo.coriolis +++ b/.env.demo.coriolis @@ -5,8 +5,8 @@ FILECHECKER_IMAGE_TAG=develop # External directories to mount to the container FILECHECKER_SPEC_VOLUME=./file_checker_spec -FILECHECKER_INPUT_VOLUME=./demo/inputs/2903996_coriolis -FILECHECKER_OUTPUT_VOLUME=./demo/outputs/2903996_coriolis +FILECHECKER_INPUT_VOLUME=./demo/inputs/2903996 +FILECHECKER_OUTPUT_VOLUME=./demo/outputs/2903996 # Variable specific to floats to check DAC_NAME=coriolis diff --git a/.gitignore b/.gitignore index 5319791..e56acf4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -demo/outputs/* +*.filecheck .env -!.gitkeep \ No newline at end of file diff --git a/demo/inputs/2903996_coriolis/2903996_Rtraj.nc b/demo/inputs/2903996/2903996_Rtraj.nc similarity index 100% rename from demo/inputs/2903996_coriolis/2903996_Rtraj.nc rename to demo/inputs/2903996/2903996_Rtraj.nc diff --git a/demo/inputs/2903996_coriolis/2903996_meta.nc b/demo/inputs/2903996/2903996_meta.nc similarity index 100% rename from demo/inputs/2903996_coriolis/2903996_meta.nc rename to demo/inputs/2903996/2903996_meta.nc diff --git a/demo/inputs/2903996_coriolis/2903996_tech.nc b/demo/inputs/2903996/2903996_tech.nc similarity index 100% rename from demo/inputs/2903996_coriolis/2903996_tech.nc rename to demo/inputs/2903996/2903996_tech.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_001.nc b/demo/inputs/2903996/R2903996_001.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_001.nc rename to demo/inputs/2903996/R2903996_001.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_001D.nc b/demo/inputs/2903996/R2903996_001D.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_001D.nc rename to demo/inputs/2903996/R2903996_001D.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_002.nc b/demo/inputs/2903996/R2903996_002.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_002.nc rename to demo/inputs/2903996/R2903996_002.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_003.nc b/demo/inputs/2903996/R2903996_003.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_003.nc rename to demo/inputs/2903996/R2903996_003.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_009.nc b/demo/inputs/2903996/R2903996_009.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_009.nc rename to demo/inputs/2903996/R2903996_009.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_010.nc b/demo/inputs/2903996/R2903996_010.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_010.nc rename to demo/inputs/2903996/R2903996_010.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_011.nc b/demo/inputs/2903996/R2903996_011.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_011.nc rename to demo/inputs/2903996/R2903996_011.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_012.nc b/demo/inputs/2903996/R2903996_012.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_012.nc rename to demo/inputs/2903996/R2903996_012.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_013.nc b/demo/inputs/2903996/R2903996_013.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_013.nc rename to demo/inputs/2903996/R2903996_013.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_014.nc b/demo/inputs/2903996/R2903996_014.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_014.nc rename to demo/inputs/2903996/R2903996_014.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_015.nc b/demo/inputs/2903996/R2903996_015.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_015.nc rename to demo/inputs/2903996/R2903996_015.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_016.nc b/demo/inputs/2903996/R2903996_016.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_016.nc rename to demo/inputs/2903996/R2903996_016.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_017.nc b/demo/inputs/2903996/R2903996_017.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_017.nc rename to demo/inputs/2903996/R2903996_017.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_018.nc b/demo/inputs/2903996/R2903996_018.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_018.nc rename to demo/inputs/2903996/R2903996_018.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_019.nc b/demo/inputs/2903996/R2903996_019.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_019.nc rename to demo/inputs/2903996/R2903996_019.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_020.nc b/demo/inputs/2903996/R2903996_020.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_020.nc rename to demo/inputs/2903996/R2903996_020.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_023.nc b/demo/inputs/2903996/R2903996_023.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_023.nc rename to demo/inputs/2903996/R2903996_023.nc diff --git a/demo/inputs/2903996_coriolis/R2903996_024.nc b/demo/inputs/2903996/R2903996_024.nc similarity index 100% rename from demo/inputs/2903996_coriolis/R2903996_024.nc rename to demo/inputs/2903996/R2903996_024.nc diff --git a/demo/outputs/2903996/.gitkeep b/demo/outputs/2903996/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/demo/outputs/3901945/.gitkeep b/demo/outputs/3901945/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/run-file-checker-linux.sh b/run-file-checker-linux.sh index 1d28621..ef08160 100755 --- a/run-file-checker-linux.sh +++ b/run-file-checker-linux.sh @@ -1,8 +1,14 @@ #!/bin/bash -# TODO : add when container can run as non root -# export DOCKER_UID=$UID -# export DOCKER_GID=$(id -g $UID) +export DOCKER_UID=$UID +export DOCKER_GID=$(id -g $UID) +# BODC file format checker +echo "----- File format checker for BODC 3901945 -----" docker compose --env-file .env.demo.bodc down -docker compose --env-file .env.demo.bodc up \ No newline at end of file +docker compose --env-file .env.demo.bodc up + +# Coriolis file format checker +echo "----- File format checker for COriolis 2903996 -----" +docker compose --env-file .env.demo.coriolis down +docker compose --env-file .env.demo.coriolis up \ No newline at end of file From 978500cc16c8f34f6913d50a6f6b63ccadfe5a7b Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 09:33:20 +0200 Subject: [PATCH 09/13] update Dockerfile for security --- file_checker_exec/Dockerfile | 4 ++-- file_checker_spec/ref_table-27 | 2 +- file_checker_spec/ref_table-41 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/file_checker_exec/Dockerfile b/file_checker_exec/Dockerfile index c459e60..d953082 100644 --- a/file_checker_exec/Dockerfile +++ b/file_checker_exec/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:21-jdk-alpine AS builder +FROM eclipse-temurin:21-jdk-jammy AS builder LABEL org.opencontainers.image.authors="yvan.lubac@euro-argo.eu" LABEL org.opencontainers.image.description="Docker Image for Argo netcdf File Checler" @@ -20,7 +20,7 @@ COPY ./src ./src RUN chmod +x ./mvnw \ && ./mvnw clean package -FROM eclipse-temurin:8-jre-alpine AS runtime +FROM eclipse-temurin:8-jre-jammy AS runtime WORKDIR /app diff --git a/file_checker_spec/ref_table-27 b/file_checker_spec/ref_table-27 index ecbe6dd..3a35f1d 100644 --- a/file_checker_spec/ref_table-27 +++ b/file_checker_spec/ref_table-27 @@ -1,4 +1,4 @@ -// $Revision: 1327 $ +// $Revision: 1328 $ // $Date: 2025-09-23 17:30:00 +0000 (Thu, 23 Sep 2025) $ //SENSOR_MODEL | SENSOR_MAKER | COMMENTS | SENSOR | | update date | update comment | parameter status operational/pilot/obsolete diff --git a/file_checker_spec/ref_table-41 b/file_checker_spec/ref_table-41 index e66b2ba..2046a8e 100644 --- a/file_checker_spec/ref_table-41 +++ b/file_checker_spec/ref_table-41 @@ -1,4 +1,4 @@ -// $Revision: 0001 $ +// $Revision: 0002 $ // $Date: 2025-23-09 //CODNAM From b529b77b1df91dbd45a8179b5a9526be1f2eba9f Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 10:04:37 +0200 Subject: [PATCH 10/13] fix dockerfile --- file_checker_exec/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file_checker_exec/Dockerfile b/file_checker_exec/Dockerfile index d953082..a2b135e 100644 --- a/file_checker_exec/Dockerfile +++ b/file_checker_exec/Dockerfile @@ -26,7 +26,7 @@ WORKDIR /app RUN set -e \ && addgroup --system --gid 1001 gcontainer \ -&& adduser --system --uid 1001 -G gcontainer fileCheckerRunner +&& adduser --system --uid 1001 --gid 1001 --no-create-home fileCheckerRunner RUN set -e \ && mkdir -p /app/results /app/data /app/file_checker_spec \ From 0d21755942a5cdc479d28bcbc307d8131ef51f51 Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 11:16:20 +0200 Subject: [PATCH 11/13] update github CI and add ifremer CI --- .github/workflows/workflow-java.yml | 8 +------- gitlab-ci.yml | 32 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 gitlab-ci.yml diff --git a/.github/workflows/workflow-java.yml b/.github/workflows/workflow-java.yml index 7b1cbe9..fbf77df 100644 --- a/.github/workflows/workflow-java.yml +++ b/.github/workflows/workflow-java.yml @@ -21,10 +21,4 @@ jobs: uses: ./.github/workflows/component-container-image.yml with: context: file_checker_exec - image-path: ghcr.io/OneArgo/ArgoFormatChecker/app - container-image-security: - needs: [container-image-build] - uses: ./.github/workflows/component-container-image-security.yml - with: - context: file_checker_exec - image-path: ghcr.io/OneArgo/ArgoFormatChecker/app + image-path: ghcr.io/OneArgo/ArgoFormatChecker/app \ No newline at end of file diff --git a/gitlab-ci.yml b/gitlab-ci.yml new file mode 100644 index 0000000..b775174 --- /dev/null +++ b/gitlab-ci.yml @@ -0,0 +1,32 @@ +--- +include: + - component: $CI_SERVER_FQDN/dev-ops/templates/automatisation/ci-cd/pipeline-java-container-image@~latest + inputs: + container_image_build_context: "./file_checker_exec" + container_image_docker_file_path: "./file_checker_exec/Dockerfile" + java_builder_artifacts_path: "**/target/*.{war,jar}" + java_builder_build_command: "clean package -f file_checker_exec/pom.xml" + java_builder_maven_quality_enable: "false" + java_builder_maven_settings_path: "./file_checker_exec/settings.xml" + java_builder_publish_command: "deploy -f file_checker_exec/pom.xml" + java_builder_quality_command: "checkstyle:check -f file_checker_exec/pom.xml" + java_builder_tests_command: "test -f file_checker_exec/pom.xml" + java_publish_enable: "true" + pipeline_enable_sonarqube: "false" + lint_yamllint_enable: "false" + +security:filesystem:scan 🛡️: + rules: + - when: always + +check_container-image_scanning: + stage: security + image: alpine:latest + script: + - CRITICAL_COUNT=$(grep -o '' scanning-report.html | wc -l || echo 0) + - echo "Number of critical vulnerabilities:${CRITICAL_COUNT}" + - if [ "$CRITICAL_COUNT" -gt 0 ]; then echo "Critical vulnerabilities detected"; exit 1; fi + needs: + - job: security:filesystem:scan 🛡️ + artifacts: true + allow_failure: false From a613d17561726a36ac2a41ecdbf5eca6565e1f64 Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 11:23:11 +0200 Subject: [PATCH 12/13] gitlab ci --- gitlab-ci.yml => .gitlab-ci.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename gitlab-ci.yml => .gitlab-ci.yml (100%) diff --git a/gitlab-ci.yml b/.gitlab-ci.yml similarity index 100% rename from gitlab-ci.yml rename to .gitlab-ci.yml From f0dd1b7c5c70d21b4d887a8a51279eb145cc6be0 Mon Sep 17 00:00:00 2001 From: LUBAC Date: Wed, 24 Sep 2025 11:54:10 +0200 Subject: [PATCH 13/13] update dockerfile --- file_checker_exec/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/file_checker_exec/Dockerfile b/file_checker_exec/Dockerfile index a2b135e..c459e60 100644 --- a/file_checker_exec/Dockerfile +++ b/file_checker_exec/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:21-jdk-jammy AS builder +FROM eclipse-temurin:21-jdk-alpine AS builder LABEL org.opencontainers.image.authors="yvan.lubac@euro-argo.eu" LABEL org.opencontainers.image.description="Docker Image for Argo netcdf File Checler" @@ -20,13 +20,13 @@ COPY ./src ./src RUN chmod +x ./mvnw \ && ./mvnw clean package -FROM eclipse-temurin:8-jre-jammy AS runtime +FROM eclipse-temurin:8-jre-alpine AS runtime WORKDIR /app RUN set -e \ && addgroup --system --gid 1001 gcontainer \ -&& adduser --system --uid 1001 --gid 1001 --no-create-home fileCheckerRunner +&& adduser --system --uid 1001 -G gcontainer fileCheckerRunner RUN set -e \ && mkdir -p /app/results /app/data /app/file_checker_spec \