Switch from Ant build to Maven and add GitHub Actions CI

.github/workflows/ci.yml

@@ -0,0 +1,28 @@
+name: CI
+on: [push, pull_request]
+jobs:
+  build:
+    name: Build and Test (${{ matrix.os }} / OpenJDK ${{ matrix.jdk }})
+    strategy:
+      fail-fast: true
+      matrix:
+        jdk: ['8']
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK ${{ matrix.jdk }}
+        uses: actions/setup-java@v3
+        with:
+          java-version: ${{ matrix.jdk }}
+          distribution: 'temurin'
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Maven Build
+        run: mvn clean package -DskipTests
+      - name: Test
+        run: mvn verify

.gitignore

@@ -1,3 +1,2 @@
-build/
-.*
+target/
 !.gitignore

pom.xml

@@ -0,0 +1,108 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.exist-db</groupId>
+    <artifactId>exist-apps-parent</artifactId>
+    <version>1.12.0</version>
+    <relativePath/>
+  </parent>
+
+  <groupId>org.exist-db.apps</groupId>
+  <artifactId>existdb-saml-xquery</artifactId>
+  <version>1.7.0-SNAPSHOT</version>
+
+
+  <name>eXist-db SAML XQuery</name>
+  <description>SAML v2.0 Implementation in XQuery</description>
+  <url>https://github.com/eXist-db/existdb-saml</url>
+
+  <scm>
+    <url>https://github.com/eXist-db/existdb-saml.git</url>
+    <connection>scm:git:https://github.com/eXist-db/existdb-saml.git</connection>
+    <developerConnection>scm:git:https://github.com/eXist-db/existdb-saml.git</developerConnection>
+  </scm>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+    <!-- used in the EXPath Package Descriptor -->
+    <package-name>http://exist-db.org/apps/exsaml</package-name>
+
+    <exist.version>6.0.1</exist.version>
+
+    <exist.saml.username>exsaml</exist.saml.username>
+    <exist.saml.library.path>/db/system/repo/${project.artifactId}-${project.version}</exist.saml.library.path>
+
+  </properties>
+
+  <build>
+    <resources>
+      <resource>
+        <directory>src/main/xar-resources</directory>
+        <filtering>false</filtering>
+      </resource>
+      <resource>
+        <directory>src/main/xar-resources-filtered</directory>
+        <filtering>true</filtering>
+      </resource>
+    </resources>
+
+    <testResources>
+      <testResource>
+        <directory>src/test/resources</directory>
+        <filtering>false</filtering>
+      </testResource>
+      <testResource>
+        <directory>src/test/resources-filtered</directory>
+        <filtering>true</filtering>
+      </testResource>
+    </testResources>
+
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+      </plugin>
+
+      <plugin>
+        <groupId>ro.kuberam.maven.plugins</groupId>
+        <artifactId>kuberam-expath-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>create-xar</id>
+            <phase>package</phase>
+            <goals>
+              <goal>make-xar</goal>
+            </goals>
+            <configuration>
+              <descriptor>xar-assembly.xml</descriptor>
+              <finalName>${package-final-name}</finalName>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-gpg-plugin</artifactId>
+        <configuration>
+          <useAgent>true</useAgent>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-release-plugin</artifactId>
+        <configuration>
+          <mavenExecutorId>forked-path </mavenExecutorId>
+          <!-- avoid a bug with GPG plugin hanging http://jira.codehaus.org/browse/MGPG-9 -->
+          <autoVersionSubmodules>true</autoVersionSubmodules>
+          <tagNameFormat>@{project.version}</tagNameFormat>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>

content/clean-reqids.xql → src/main/xar-resources-filtered/clean-reqids.xq

@@ -1,10 +1,10 @@
 xquery version "3.1";
 
-import module namespace exsaml="http://exist-db.org/xquery/exsaml" at "/db/apps/existdb-saml/content/exsaml.xqm";
+import module namespace exsaml = "http://exist-db.org/xquery/exsaml" at "${exist.saml.library.path}/modules/exsaml.xqm";
 import module namespace functx = "http://www.functx.com";
 
 declare function local:clean-reqids() {
-    let $reqid-col := "/db/apps/existdb-saml/saml-request-ids"
+    let $reqid-col := "${exist.saml.library.path}/saml-request-ids"
     let $reqids := for $reqid in collection($reqid-col)/reqid
                         let $duration := xs:dateTime(current-dateTime()) - xs:dateTime($reqid)
                         return

content/exsaml.xqm → src/main/xar-resources-filtered/modules/exsaml.xqm

@@ -51,7 +51,7 @@ declare %private variable $exsaml:fake-user   := data($exsaml:config/fake-idp/@u
 declare %private variable $exsaml:fake-group  := data($exsaml:config/fake-idp/@group);
 
 (: SAML specific constants and non-configurable vars :)
-declare %private variable $exsaml:saml-coll-reqid := "/db/apps/existdb-saml/saml-request-ids";
+declare %private variable $exsaml:saml-coll-reqid := "${exist.saml.library.path}/saml-request-ids";
 declare %private variable $exsaml:saml-version   := "2.0";
 declare %private variable $exsaml:status-success := "urn:oasis:names:tc:SAML:2.0:status:Success";
 (: debugging only to simulate failure in fake-idp :)
@@ -100,7 +100,7 @@ declare function exsaml:build-authnreq-redir-url($relaystate as xs:string) {
     let $zip := compression:deflate($bin, true())
 (:    let $log := exsaml:log("debug", "build-authnreq-redir-url; zip: " || $zip):)
     (: urlencode base64 request data :)
-    let $urlenc := xmldb:encode($zip)
+    let $urlenc := xmldb:encode($zip cast as xs:string)
 
     let $log := exsaml:log("debug", "build-authnreq-redir-url; urlenc: " || $urlenc)
 
@@ -122,15 +122,15 @@ declare %private function exsaml:build-saml-authnreq() {
     return $req
 };
 
-declare %private function exsaml:store-authnreqid-as-exsol-user($id as xs:string, $instant as xs:string) {
+declare %private function exsaml:store-authnreqid-as-exsol-user($id as xs:string, $instant as xs:dateTime) {
       let $create-collection := 
         if (        
             not(xmldb:collection-available($exsaml:saml-coll-reqid))
         )
         then (
             let $log := exsaml:log("info", "collection " || $exsaml:saml-coll-reqid || " does not exist, attempting to create it")
             return
-                xmldb:create-collection("/db/apps/existdb-saml", "saml-request-ids")
+                xmldb:create-collection(fn:replace($exsaml:saml-coll-reqid, "(.*)/[^/]+", "$1"), fn:replace($exsaml:saml-coll-reqid, ".*/([^/]+)", "$1"))
         )
         else ()
     return
@@ -139,7 +139,7 @@ declare %private function exsaml:store-authnreqid-as-exsol-user($id as xs:string
 };
 
 (: store issued request ids in a collection,  :)
-declare %private function exsaml:store-authnreqid($id as xs:string, $instant as xs:string) {
+declare %private function exsaml:store-authnreqid($id as xs:string, $instant as xs:dateTime) {
     let $log := exsaml:log("info", "storing SAML request id: " || $id || ", date: " || $instant)
     return
         system:as-user(
@@ -228,7 +228,7 @@ declare function exsaml:process-saml-response-post() {
         else ""
 
     let $pass := exsaml:create-user-password($auth/@nameid)
-    let $log-in := xmldb:login("/db/apps", $auth/@nameid, $pass, true())
+    let $log-in := xmldb:login("/db", $auth/@nameid, $pass, true())
     let $log := util:log("info", "login result: " || $log-in || ", " || fn:serialize(sm:id()))
 
     (: put SAML token into browser session :)

content/scheduler.xql → src/main/xar-resources-filtered/scheduler.xq

@@ -1,21 +1,18 @@
 xquery version "3.1";
 
-import module namespace scheduler="http://exist-db.org/xquery/scheduler" at "java:org.exist.xquery.modules.scheduler.SchedulerModule";
-
-
-declare namespace sc="http://exist-db.org/xquery/scheduler";
+import module namespace scheduler = "http://exist-db.org/xquery/scheduler";
 
 declare variable $local:job-name := "clean-up-sso-reqids";
 declare variable $local:cron := "0 0 11 * * ? *";
 
 declare function local:start-job() {
-    scheduler:schedule-xquery-cron-job("/db/apps/existdb-saml/content/clean-reqids.xql", $local:cron, $local:job-name)
+    scheduler:schedule-xquery-cron-job("${exist.saml.library.path}/clean-reqids.xql", $local:cron, $local:job-name)
 };
 
 declare function local:show-job() {
     let $jobs := scheduler:get-scheduled-jobs()
      return
-         $jobs//sc:job[@name=$local:job-name]
+         $jobs//scheduler:job[@name=$local:job-name]
 };
 
 declare function local:stop-job() {

content/config-exsaml.xml → src/main/xar-resources/modules/config-exsaml.xml

@@ -52,7 +52,7 @@
     <!--   @username: username of privileged user -->
     <!--   @username: username of privileged user -->
     <!--   @pass: plaintext password, WILL GO AWAY -->
-    <exsaml-creds username="exsaml" group="exsaml" pass="my other password"/>
+    <exsaml-creds username="${exist.saml.username}" group="${exist.saml.username}" pass="${exist.saml.username}"/>
 
     <!-- settings for dynamic user creation -->
     <!-- Since we are using a third party for authentication (SAML IDP), there

src/main/xar-resources/post-install.xq

@@ -0,0 +1,22 @@
+xquery version "3.1";
+
+import module namespace sm = "http://exist-db.org/xquery/securitymanager";
+import module namespace xmldb = "http://exist-db.org/xquery/xmldb";
+
+(: the target collection into which the app is deployed :)
+declare variable $target external;
+
+declare variable $saml-user-name := "${exist.saml.username}";
+declare variable $saml-request-ids-collection-name := "saml-request-ids";
+declare variable $saml-request-ids-collection-path := $target || "/" || $saml-request-ids-collection-name;
+declare variable $saml-request-ids-collection-uri := xs:anyURI($saml-request-ids-collection-path);
+
+let $_ :=
+    if (fn:not(xmldb:collection-available($saml-request-ids-collection-path)))
+    then
+      xmldb:create-collection($target, $saml-request-ids-collection-name)
+    else()
+return
+    let $_ := sm:chmod($saml-request-ids-collection-uri, "rwxr-x---")
+    return
+        sm:chown($saml-request-ids-collection-uri, $saml-user-name || ":" || $saml-user-name)

src/main/xar-resources/pre-install.xq

@@ -0,0 +1,11 @@
+xquery version "3.1";
+
+import module namespace sm = "http://exist-db.org/xquery/securitymanager";
+
+declare variable $saml-user-name := "${exist.saml.username}";
+
+(: Create the default 'exsaml' user account :)
+if (fn:not(sm:user-exists($saml-user-name)))
+then
+  sm:create-account($saml-user-name, $saml-user-name, (), "existdb-saml", "existdb-saml-xquery SAML Authentication Account")
+else()