Merge pull request #33 from SchweizerischeBundesbahnen/feature/update…

…-from-zally

Rebase zalando/zally onto SBB/zally

.github/workflows/build-zally.yml

@@ -2,9 +2,16 @@ name: Zally Pull Request Builds
 
 on:
   push:
-    branches: [ main ]
+    branches:
+      - main
+      - master
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+      - '[0-9]+.[0-9]+.[0-9]+-*'
   pull_request:
-    branches: [ main ]
+    branches:
+      - main
+      - master
 
 jobs:
   build-zally:
@@ -32,13 +39,38 @@ jobs:
           ./gradlew --console=plain build
       - uses: codecov/codecov-action@v1
         with:
-          files: ./server/zally-server/build/reports/jacoco/test/jacocoTestReport.xml,./server/zally-ruleset-zally/build//reports/jacoco/test/jacocoTestReport.xml,./server/zally-ruleset-zalando/build/reports/jacoco/test/jacocoTestReport.xml,./server/zally-core/build/reports/jacoco/test/jacocoTestReport.xml,./server/zally-rule-api/build/reports/jacoco/test/jacocoTestReport.xml
+          files: ./server/zally-server/build/reports/jacoco/test/jacocoTestReport.xml,./server/zally-ruleset-zally/build//reports/jacoco/test/jacocoTestReport.xml,./server/zally-ruleset-sbb/build/reports/jacoco/test/jacocoTestReport.xml,./server/zally-core/build/reports/jacoco/test/jacocoTestReport.xml,./server/zally-rule-api/build/reports/jacoco/test/jacocoTestReport.xml
       - name: Cleanup Gradle Cache
         # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
         # Restoring these files from a GitHub Actions cache might cause problems for future builds.
         run: |
           rm -f ~/.gradle/caches/modules-2/modules-2.lock
           rm -f ~/.gradle/caches/modules-2/gc.properties
+      - name: Build Docker Image
+        run: |
+          docker build \
+          -t schweizerischebundesbahnen/zally-server:latest \
+          ./server
+      - name: Login to Docker Repository
+        uses: azure/docker-login@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+        if: github.ref_name == 'master' || github.ref_name == 'main' || startsWith(github.ref, 'refs/tags')
+      - name: Tag latest
+        if: github.ref_name == 'master' || github.ref_name == 'main'
+        run: docker image tag schweizerischebundesbahnen/zally-server schweizerischebundesbahnen/zally-server:latest
+
+      - name: Parse release version from git tag
+        if: startsWith(github.ref, 'refs/tags')
+        id: docker_release_version
+        run: echo ::set-output name=docker_release_version::${GITHUB_REF/refs\/tags\//}
+      - name: Tag version
+        if: startsWith(github.ref, 'refs/tags')
+        run: docker image tag schweizerischebundesbahnen/zally-server schweizerischebundesbahnen/zally-server:${{ steps.docker_release_version.outputs.docker_release_version }}
+      - name: Push Docker Image
+        run: docker push schweizerischebundesbahnen/zally-server --all-tags
+        if: github.ref_name == 'master' || github.ref_name == 'main' || startsWith(github.ref, 'refs/tags')
 
   build-cli:
     runs-on: ubuntu-latest
@@ -71,14 +103,23 @@ jobs:
       - uses: codecov/codecov-action@v1
         with:
           files: ./cli/zally/coverage.txt
+      - name: Release CLI with GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        if: startsWith(github.ref, 'refs/tags')
+        with:
+          version: latest
+          args: release --rm-dist
+          workdir: .
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  test-web-ui:
+  build-web-ui:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: "18.14.2"
       - name: Configure yarn
         run: yarn install -q
       - name: Build & Test CLI
@@ -90,3 +131,28 @@ jobs:
       - uses: codecov/codecov-action@v1
         with:
           files: ./web-ui/target/coverage/lcov.info
+      - name: Build Docker Image
+        run: |
+          docker build \
+          -t schweizerischebundesbahnen/zally-web-ui:latest \
+          ./web-ui
+      - name: Login to Docker Repository
+        uses: azure/docker-login@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+        if: github.ref_name == 'master' || github.ref_name == 'main' || startsWith(github.ref, 'refs/tags')
+      - name: Tag latest
+        if: github.ref_name == 'master' || github.ref_name == 'main'
+        run: docker image tag schweizerischebundesbahnen/zally-web-ui schweizerischebundesbahnen/zally-web-ui:latest
+
+      - name: Parse release version from git tag
+        if: startsWith(github.ref, 'refs/tags')
+        id: docker_release_version
+        run: echo ::set-output name=docker_release_version::${GITHUB_REF/refs\/tags\//}
+      - name: Tag version
+        if: startsWith(github.ref, 'refs/tags')
+        run: docker image tag schweizerischebundesbahnen/zally-web-ui schweizerischebundesbahnen/zally-web-ui:${{ steps.docker_release_version.outputs.docker_release_version }}
+      - name: Push Docker Image
+        run: docker push schweizerischebundesbahnen/zally-web-ui --all-tags
+        if: github.ref_name == 'master' || github.ref_name == 'main' || startsWith(github.ref, 'refs/tags')

CONTRIBUTING

@@ -4,18 +4,18 @@ We are happy to accept contributions! This is what makes Open Source possible. W
 that you follow these guidelines when contributing.
 
 ## Issues
-Found a bug or have an idea for a feature? You can help us by [creating an issue](https://github.com/zalando/zally/issues).
+Found a bug or have an idea for a feature? You can help us by [creating an issue](https://github.com/schweizerischebundesbahnen/zally/issues).
 Just make sure that an issue describing the bug or feature does not already exist. You can go even further and
-[open a Pull Request](https://github.com/zalando/zally/pulls) with the fix or proposed feature.
+[open a Pull Request](https://github.com/schweizerischebundesbahnen/zally/pulls) with the fix or proposed feature.
 
 ## Pull Requests
 Follow these steps to contribute your work to Zally:
 
-1. [Open an issue](https://github.com/zalando/zally/issues) describing the problem or proposed feature. Ask maintainers (in the issue thread) to assign the issue to you so we know who is working on what.
+1. [Open an issue](https://github.com/schweizerischebundesbahnen/zally/issues) describing the problem or proposed feature. Ask maintainers (in the issue thread) to assign the issue to you so we know who is working on what.
 1. Fork this repo and create a branch for your work.
 1. Push changes to your branch.
 1. Test your changes.
-1. Open a [Pull Request](https://github.com/zalando/zally/pulls) when your code is ready for review.
+1. Open a [Pull Request](https://github.com/schweizerischebundesbahnen/zally/pulls) when your code is ready for review.
     1. Mention the issue number in the comment (e.g. Fixes #37).
 1. We will review your PR, give feedback, and merge when it is ready.
 

README.md

@@ -1,8 +1,11 @@
 # Zally: A minimalistic, simple-to-use OpenAPI 2 and 3 linter
 
-[![Build Status](https://travis-ci.org/zalando/zally.svg?branch=master)](https://travis-ci.org/zalando/zally)
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/05a7515011504c06b1cb35ede27ac7d4)](https://www.codacy.com/app/zally/zally?utm_source=github.com&utm_medium=referral&utm_content=zalando/zally&utm_campaign=Badge_Grade)
-[![Join the chat at https://gitter.im/zalando/zally](https://badges.gitter.im/zalando/zally.svg)](https://gitter.im/zalando/zally?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Latest Release](https://img.shields.io/github/v/release/schweizerischebundesbahnen/zally.svg)](https://github.com/SchweizerischeBundesbahnen/zally/releases)
+[![Test Status](https://travis-ci.com/SchweizerischeBundesbahnen/zally.svg?branch=master)](https://travis-ci.com/SchweizerischeBundesbahnen/zally)
+[![Build Status](https://github.com/SchweizerischeBundesbahnen/zally/workflows/Build%20&%20Deploy%20latest/badge.svg?branch=master)](https://github.com/SchweizerischeBundesbahnen/zally/actions?query=workflow%3A%22Build+%26+Deploy+latest%22)
+
+![GitHub contributors](https://img.shields.io/github/contributors/schweizerischebundesbahnen/zally)
+![GitHub License](https://img.shields.io/github/license/schweizerischebundesbahnen/zally)
 
 <img src="logo.png" width="200" height="200" />
 
@@ -13,7 +16,7 @@ it performs the following tasks :
 - Checks compliance
 - Delivers early feedback for API designers
 - Ensures the same look-and-feel of APIs
-- Supports [API-First approach](https://opensource.zalando.com/restful-api-guidelines/#100)
+- Supports API-First approach
 - Provides best practices and advices
 
 Its standard configuration will check your APIs against the rules defined in

cli/README.md

@@ -21,6 +21,12 @@ requesting violations check at a given Zally server.
     cd zally/cli/zally
     GO111MODULE=on ./test.sh
     ```
+
+    On windows with Cmder:
+    ```bash
+    cd zally
+    GO111MODULE=on sh ./test.sh
+    ```
 
 1. Build the binary:
 

cli/zally/integration_test.go

@@ -77,6 +77,7 @@ func TestIntegrationWithRemoteJsonFile(t *testing.T) {
 	assertMoreThanZeroViolations(t, out, e)
 }
 
+/* FIXME: insert a test yaml file, that meets SBB's rules
 func TestIntegrationWithNoMustViolations(t *testing.T) {
 	out, e := RunAppAndCaptureOutput([]string{"", "lint", "../../server/zally-test/src/main/resources/fixtures/no_must_violations.yaml"})
 
@@ -88,12 +89,13 @@ func TestIntegrationWithNoMustViolations(t *testing.T) {
 	assert.Zero(t, hint)
 	assert.Nil(t, e)
 }
+*/
 
 func TestIntegrationDisplayRulesList(t *testing.T) {
 	out, e := RunAppAndCaptureOutput([]string{"", "rules"})
 
 	assert.Contains(t, out, "Avoid Link in Header Rule")
-	assert.Contains(t, out, "https://zalando.github.io/restful-api-guidelines/#166")
+	assert.Contains(t, out, "https://schweizerischebundesbahnen.github.io/api-principles/restful/principles/#must-use-standard-http-status-codes")
 
 	assert.Nil(t, e)
 }

documentation/build-under-wsl.md

@@ -45,7 +45,7 @@ The following notes document my working environment for building and testing a f
 
   ```bash
   cd /mnt/c
-  git clone https://github.com/zalando/zally
+  git clone https://github.com/schweizerischebundesbahnen/zally
   cd zally
 
 ## Build and Run

documentation/operation.md

@@ -15,6 +15,14 @@ about implemented rules and statistics.
 Optionally, you can connect Zally Server to a persistence layer, e.g. a PostgreSQL
 database. Per default, a in-memory database is provided automatically.
 
+#### Remote URL linting
+Zally is able to lint API specifications resolved by a given Web URL - we call that Remote URLs.
+When you want to lint OAuth 2.0 protected resources, you need to configure the credentials in the
+remote-urls.conf file. You can find the template file for Remote URL configuration at
+```server/zally-server/src/main/resources/remote-urls.conf```. You can use the environment variable
+```REMOTE_URLS_CONFIG_FILE``` to configure the path to the configuration file on the server. In
+k8s contexts, we mount the file as a config map to the given path.
+
 ### Web UI
 
 The most intuitive and easy way to use Zally is to set up and run Zally Web UI.

examples/.travis.yml.example

@@ -10,7 +10,7 @@ jdk:
 
 install:
   # Clone Zally
-  - git clone https://github.com/zalando/zally.git
+  - git clone https://github.com/schweizerischebundesbahnen/zally.git
 
   # Build a local Zally server
   - cd zally/server

server/build.gradle.kts

@@ -1,9 +1,14 @@
 import org.jetbrains.dokka.gradle.DokkaTask
+import org.jetbrains.kotlin.gradle.dsl.kotlinExtension
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 java {
     sourceCompatibility = JavaVersion.VERSION_17
     targetCompatibility = JavaVersion.VERSION_17
+
+    toolchain {
+        languageVersion.set(JavaLanguageVersion.of(17))
+    }
 }
 
 plugins {
@@ -49,10 +54,6 @@ subprojects {
         includeCompileClasspath = false
     }
 
-    tasks.withType<KotlinCompile>().configureEach() {
-        kotlinOptions.jvmTarget = "17"
-    }
-
     tasks.withType<DokkaTask>().configureEach {
         outputDirectory.set(buildDir.resolve("dokka"))
     }
@@ -80,7 +81,7 @@ subprojects {
                 from(components["java"])
                 pom {
                     description.set("OpenAPI linter service")
-                    url.set("https://github.com/zalando/zally")
+                    url.set("https://github.com/schweizerischebundesbahnen/zally")
                     name.set("OpenAPI linter")
                     licenses {
                         license {
@@ -121,7 +122,7 @@ subprojects {
                     scm {
                         connection.set("scm:git:git://github.com/zalando/zally.git")
                         developerConnection.set("scm:git:ssh://github.com:zalando/zally.git")
-                        url.set("https://github.com/zalando/zally/tree/master")
+                        url.set("https://github.com/schweizerischebundesbahnen/zally/tree/master")
                     }
                 }
             }

server/rules.md

@@ -12,6 +12,10 @@ The rules cannot be disabled or configured.
 
 Primarily Zally exists to enforce the various guidelines of the [Zalando RESTful API and Event Scheme Guidelines](http://zalando.github.io/restful-api-guidelines/). Individual rules descriptions won't be repeated here.
 
+# SBBRuleSet
+
+We have added an SBB specific RuleSet which checks the compliance of the rules compared to [SBB's API Principles](https://schweizerischebundesbahnen.github.io/api-principles/).
+
 # ZallyRuleSet
 
 Zally also contains some additional rules enforcing aspects of the OpenAPI spec or other common sense rules that don't form part of the Zalando guidelines. Those addiitonal rules are documented here.

server/settings.gradle.kts

@@ -3,7 +3,8 @@ rootProject.name = "zally"
 include(
     "zally-rule-api",
     "zally-core",
-    "zally-ruleset-zalando",
+    "zally-ruleset-sbb",
+    // "zally-ruleset-zalando",
     "zally-ruleset-zally",
     "zally-test",
     "zally-server"

server/zally-core/src/main/kotlin/org/zalando/zally/core/RulesManager.kt

@@ -34,7 +34,7 @@ class RulesManager(val config: Config, val rules: List<RuleDetails>) {
                         it.getConstructor().newInstance()
                     }
                     RuleDetails(ruleSet, rule, instance)
-                }
+                }.filter { ruleDetails -> !listOf("ZalandoRuleSet").stream().anyMatch(ruleDetails.ruleSet.id::equals) } // FIXME: make rulesets configurable
 
             return RulesManager(config, details)
         }

server/zally-core/src/main/kotlin/org/zalando/zally/core/RulesValidator.kt

@@ -25,8 +25,8 @@ abstract class RulesValidator<RootT : Any>(val rules: RulesManager) : ApiValidat
                 parseResult.violations.map { violation ->
                     Result(
                         id = "InternalRuleSet",
-                        url = URI.create("https://zalando.github.io/restful-api-guidelines/#101"),
-                        title = "provide API specification using OpenAPI",
+                        url = URI.create("https://github.com/schweizerischebundesbahnen/zally/blob/master/server/rules.md"),
+                        title = "Unable to parse API specification",
                         description = violation.description,
                         violationType = Severity.MUST,
                         pointer = violation.pointer,

server/zally-ruleset-sbb/README.md

@@ -0,0 +1,37 @@
+# How the SBB ruleset is created
+
+We take the approach to start from Zalando's ruleset and then tailor it to SBB's need.
+
+## Initial Steps
+1. Copy from zally-ruleset-zalando
+2. Refactor package names
+3. Add directory 'zalando-ruleset-sbb' to 'settings.gradle.kts'
+4. Add 'compile(project(":zally-ruleset-sbb"))' to 'build.gradke.kts'
+5. Rename 'ZalandoRuleSet' to 'SBBRuleSet'
+
+## Configuration of Rules
+- Removed "Provide API Identifier" (215)
+- Removed "Provide API Audience" (219)
+- Removed "Following Naming Convention for Hostnames" (224)
+- Removed "Use 429 With Header For Rate Limits" (153)
+- Removed "Snake_case for property names" (118) 
+- Removed "Snake_case for query params" (118) 
+- Removed "Secure Endpoints with OAuth 2.0" (104) - Managed by SBB's APIM
+- Removed "Secure All Endpoints With Scopes" (105) - Managed by SBB's APIM
+
+- Set "Secure All Endpoints With Scopes" (105) to SHOULD
+- Set "Response As JSON Object" (110) to SHOULD
+- Set "Use Problem JSON" (176) to SHOULD
+- Set "Prefer Compatible Extensions" (107) to MAY
+- Set "Pluralize Resource Names" (134) to SHOULD
+- Set "Propietary Headers" (183) to SHOULD and specify some SBB specific ones
+
+- Added "CamelCase in Property Names" rule (hint: it's configured via CaseChecker in reference.conf)
+- Added "CamelCase for Query Params" rule (hint: it's configured via CaseChecker in reference.conf)
+- Added "Do URI Versioning"
+- Added zipkin headers (X-B3-ParentSpanId, X-B3-SpanId, X-B3-TraceId, X-B3-Sampled)
+- Added SBB headers (Requester-Info, Request-Id, Process-Id, Correlation-Id, Transaction-Id, X-Contract-Id, X-Conversation-Id)
+
+## Todo
+- Adjust links to SBB ruleset (https://schweizerischebundesbahnen.github.io/api-principles/restful/)
+- Add documentation for newly added rules

server/zally-ruleset-sbb/build.gradle.kts

@@ -0,0 +1,8 @@
+dependencies {
+    kapt(project(":zally-core"))
+
+    implementation(project(":zally-core"))
+    implementation("de.mpg.mpi-inf:javatools:2017-06-28")
+
+    testImplementation(project(":zally-test"))
+}