first commit

config/.gitignore

@@ -0,0 +1,3 @@
+/*.ear
+/*.jar
+/*.war

config/Dockerfile

@@ -0,0 +1,49 @@
+ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG BACKEND_IMAGE=repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
+ARG FRONTEND_IMAGE=docker.angie.software/angie:latest
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-Pprod"
+
+RUN apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG=ru_RU.UTF-8
+ENV LANGUAGE=ru_RU.UTF-8
+ENV LC_ALL=ru_RU.UTF-8
+
+WORKDIR /app
+COPY . .
+RUN mkdir -p $HOME/.m2 \
+# && cp -f config/pgs-settings.xml $HOME/.m2/settings.xml \
+# && cp -f config/pgs-npmrc frontend/.npmrc \
+ && mvn clean \
+ && mvn package -T4C ${MVN_FLAGS}
+
+
+FROM $BACKEND_IMAGE AS backend
+ARG ADMIN_PASSWORD=Secr3t
+
+USER root
+
+COPY config/tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+USER tomcat
+
+COPY --from=builder /app/backend/target/dashboard.war /var/lib/tomcat/webapps/dashboard.war
+
+FROM backend AS combo
+COPY --from=builder /app/frontend/target/frontend*.war /var/lib/tomcat/webapps/ROOT.war
+
+FROM $FRONTEND_IMAGE AS frontend
+
+COPY config/angie.conf /etc/angie/angie.conf
+COPY --from=builder /app/frontend/dist /frontend

config/Dockerfile.TC

@@ -0,0 +1,22 @@
+#Dockerfile for TeamCity build "run in docker"
+
+FROM repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
+ARG ADMIN_PASSWORD=Secr3t
+
+USER root
+
+COPY tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+COPY frontend.war /var/lib/tomcat/webapps/ROOT.war
+COPY dashboard.war /var/lib/tomcat/webapps/dashboard.war
+
+USER tomcat
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]

config/Dockerfile.alt

@@ -0,0 +1,49 @@
+ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-Pprod"
+
+RUN apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+WORKDIR /app
+
+COPY . .
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG ru_RU.UTF-8
+ENV LANGUAGE ru_RU.UTF-8
+ENV LC_ALL ru_RU.UTF-8
+
+RUN mvn clean \
+ && mvn package -T4C ${MVN_FLAGS}
+
+FROM $RUNTIME_IMAGE
+ARG ADMIN_PASSWORD=Secr3t
+
+COPY config/entrypoint.sh /entrypoint.sh
+
+RUN apt-get update \
+ && apt-get -y install glibc-locales java-17-openjdk-headless mc \
+                       tomcat tomcat-admin-webapps \
+ && apt-get clean \
+ && chmod +x /entrypoint.sh
+
+COPY config/tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+COPY --from=builder /app/frontend/target/frontend*.war /var/lib/tomcat/webapps/ROOT.war
+COPY --from=builder /app/backend/target/dashboard*.war /var/lib/tomcat/webapps/dashboard.war
+
+USER tomcat
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]

config/Dockerfile.backend

@@ -0,0 +1,40 @@
+ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG RUNTIME_IMAGE=repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-Pprod"
+
+RUN apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG=ru_RU.UTF-8
+ENV LANGUAGE=ru_RU.UTF-8
+ENV LC_ALL=ru_RU.UTF-8
+
+WORKDIR /app
+COPY . .
+RUN mkdir -p $HOME/.m2 \
+# && cp -f config/pgs-settings.xml $HOME/.m2/settings.xml \
+# && cp -f config/pgs-npmrc frontend/.npmrc \
+ && mvn clean \
+ && mvn package -T4C ${MVN_FLAGS}
+
+
+FROM $RUNTIME_IMAGE
+ARG ADMIN_PASSWORD=Secr3t
+
+USER root
+
+COPY config/tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+USER tomcat
+
+COPY --from=builder /app/backend/target/dashboard*.war /var/lib/tomcat/webapps/dashboard.war

config/Dockerfile.frontend

@@ -0,0 +1,29 @@
+ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG RUNTIME_IMAGE=docker.angie.software/angie:latest
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-Pprod"
+
+RUN apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG=ru_RU.UTF-8
+ENV LANGUAGE=ru_RU.UTF-8
+ENV LC_ALL=ru_RU.UTF-8
+
+WORKDIR /app
+COPY . .
+RUN mkdir -p $HOME/.m2 \
+# && cp config/pgs-settings.xml $HOME/.m2/settings.xml \
+# && cp -f config/pgs-npmrc frontend/.npmrc \
+ && mvn clean \
+ && mvn package -T4C ${MVN_FLAGS}
+
+
+FROM $RUNTIME_IMAGE
+
+COPY config/angie.conf /etc/angie/angie.conf
+COPY --from=builder /app/frontend/dist /frontend

config/angie.conf

@@ -0,0 +1,84 @@
+include /etc/angie/modules-enabled.d/*.conf;
+
+worker_processes  10;
+
+error_log   /var/log/angie/error.log;
+
+events {
+        worker_connections  1024;
+}
+
+include /etc/angie/conf-enabled.d/*.conf;
+
+http {
+        include       /etc/angie/mime.types;
+	default_type  application/octet-stream;
+
+        sendfile  on;
+
+        gzip  on;
+
+        # text/html doesn't need to be defined there, it's compressed always
+        gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml;
+
+        # gzip_comp_level 9;
+        include /etc/angie/sites-enabled.d/*.conf;
+
+        log_format angie_main
+          '$remote_addr - $remote_user [$time_local] $request '
+          '"$status" $body_bytes_sent "$http_referer" '
+          '"$http_user_agent" "$http_x_forwarded_for" '
+          '"$request_filename" "$gzip_ratio" $upstream_response_time server: $host : $document_root $fastcgi_script_name ';
+
+        server {
+    		listen 80 default;
+
+		access_log /var/log/angie/access.log angie_main;
+    		error_log /var/log/angie/error.log error;
+
+    		charset utf-8;
+
+    		client_max_body_size 32m;
+
+    		##
+    		# `gzip` Settings
+    		#
+    		#
+    		gzip on;
+    		gzip_disable "msie6";
+
+    		gzip_vary on;
+    		gzip_proxied any;
+    		gzip_comp_level 6;
+    		gzip_buffers 16 8k;
+    		gzip_http_version 1.1;
+    		gzip_min_length 256;
+    		gzip_types
+    		  application/atom+xml
+   		  application/geo+json
+   		  application/javascript
+    		  application/x-javascript
+    		  application/json
+    		  application/ld+json
+    		  application/manifest+json
+    		  application/rdf+xml
+    		  application/rss+xml
+    		  application/xhtml+xml
+    		  application/xml
+    		  font/eot
+    		  font/otf
+    		  font/ttf
+    		  image/svg+xml
+    		  text/css
+    		  text/javascript
+    		  text/plain
+    		  text/xml;
+
+    		location / {
+        	  root /frontend;
+        	  index index.html;
+        	  expires -1;
+        	  try_files $uri $uri/ $uri/index.html;
+    		}
+	}
+}

config/docker-compose.yaml

@@ -0,0 +1,10 @@
+version: "3"
+services:
+  webbpm-app:
+    build:
+      context: .
+      dockerfile: Dockerfile.TC
+    ports:
+      - 8080
+    env_file:
+      - micord.env

config/entrypoint.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+. /etc/tomcat/tomcat.conf
+. /etc/sysconfig/tomcat
+
+/usr/libexec/tomcat/server start

config/micord.env

@@ -0,0 +1,7 @@
+TZ=Europe/Moscow
+# App datasource
+DB_APP_USERNAME=ervu-dashboard
+DB_APP_PASSWORD=ervu-dashboard
+DB_APP_HOST=10.10.31.119
+DB_APP_PORT=5432
+DB_APP_NAME=ervu-dashboard

config/tomcat/etc/tomcat/conf.d/db.conf

@@ -0,0 +1,8 @@
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS \
+ -Ddb.app.host=${DB_APP_HOST:-db} \
+ -Ddb.app.port=${DB_APP_PORT:-5432} \
+ -Ddb.app.name=${DB_APP_NAME:-app} \
+ -Ddb.app.username=${DB_APP_USERNAME:-app_user} \
+ -Ddb.app.password=${DB_APP_PASSWORD:-apppassword} \
+"
+export JDK_JAVA_OPTIONS

config/tomcat/etc/tomcat/context.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context>
+
+    <!-- Default set of monitored resources. If one of these changes, the    -->
+    <!-- web application will be reloaded.                                   -->
+    <WatchedResource>WEB-INF/web.xml</WatchedResource>
+    <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
+    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
+
+    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+    <!--
+    <Manager pathname="" />
+    -->
+
+    <Resource name="webbpm/AppDS" auth="Container"
+          type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
+          url="jdbc:postgresql://${db.app.host}:${db.app.port}/${db.app.name}"
+          username="${db.app.username}" password="${db.app.password}" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>
+</Context>

config/tomcat/etc/tomcat/tomcat-users.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary.
+
+  Built-in Tomcat manager roles:
+    - manager-gui    - allows access to the HTML GUI and the status pages
+    - manager-script - allows access to the HTTP API and the status pages
+    - manager-jmx    - allows access to the JMX proxy and the status pages
+    - manager-status - allows access to the status pages only
+
+  The users below are wrapped in a comment and are therefore ignored. If you
+  wish to configure one or more of these users for use with the manager web
+  application, do not forget to remove the <!.. ..> that surrounds them. You
+  will also need to set the passwords to something appropriate.
+-->
+  <user username="admin" password="<must-be-changed>" roles="manager-gui"/>
+</tomcat-users>

config/tomcat/etc/tomcat/tomcat.conf

@@ -0,0 +1,52 @@
+# System-wide configuration file for tomcat services
+# This will be loaded by systemd as an environment file,
+# so please keep the syntax. For shell expansion support
+# place your custom files as /etc/tomcat/conf.d/*.conf
+#
+# There are 2 "classes" of startup behavior in this package.
+# The old one, the default service named tomcat.service.
+# The new named instances are called tomcat@instance.service.
+#
+# Use this file to change default values for all services.
+# Change the service specific ones to affect only one service.
+# For tomcat.service it's /etc/sysconfig/tomcat, for
+# tomcat@instance it's /etc/sysconfig/tomcat@instance.
+
+# This variable is used to figure out if config is loaded or not.
+TOMCAT_CFG_LOADED="1"
+
+# In new-style instances, if CATALINA_BASE isn't specified, it will
+# be constructed by joining TOMCATS_BASE and NAME.
+TOMCATS_BASE="/var/lib/tomcats/"
+
+# Where your java installation lives
+JAVA_HOME="/usr/lib/jvm/jre"
+
+# Where your tomcat installation lives
+CATALINA_HOME="/usr/share/tomcat"
+
+# System-wide tmp
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib"
+
+# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
+#JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory"
+JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
+# TimeoutStopSec in tomcat.service.
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

config/tomcat/etc/tomcat/webbpm.properties

@@ -0,0 +1,20 @@
+
+#
+# WebBPM properties
+#
+
+authentication.method=form
+
+bpmn.enable=false
+fias.enable=false
+gar.enable=false
+
+mail.jndi.resource.name=
+
+reset_password.mail.template.path=mail/reset_password.html
+security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$
+
+webbpm.mode=production
+webbpm.jbpm.hibernate_statistics.enabled=false
+webbpm.cache.hazelcast.hosts=127.0.0.1
+webbpm.cache.hazelcast.outbound_port_definitions=5801-5820

config/tomcat/var/lib/tomcat/webapps/manager/META-INF/context.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+  <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+                   sameSiteCookies="strict" />
+<!--
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="d+\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+-->
+  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
+</Context>