Also updated closure rules to GitHub master, as the current release version
(0.80.0) has compatibility issues with bazel 0.23.1.
See: https://github.com/bazelbuild/rules_closure/issues/333
Note that on Debian Testing (Buster) there's currently an issue with OpenSSL that can be temporarily fixed by setting the environment variable OPENSSL_CONF to /etc/ssl.
See: https://fransdejonge.com/2018/12/run-enpass-on-debian-buster-testing/
Lastly, migrated from the --local_resources flag (to be deprecated) to --local_ram_resources and --local_cpu_resources.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=237527805
Use javax.servlet:servlet-api:2.5 and exclude all other implementations.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=237505707
This is no way to make Blaze and Bazel happy at the same point. Without [] Blaze complains about import orders. However the new order breaks Bazel. Bazel suggested to add a suppression to suppress order check, which fixes the Bazel problem, but the suppression string is not recognized by Blaze.
I cannot think of another way to solve this other than MOE. Luckily we'll delete all the BUILD files when we move to Gradle anyway.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=237501133
Mockito in third_party is updated to 1.10. We do not need to backport this rule anymore.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=237496086
Note that the Bazel closure rules run the linter at head, while fixjs/cider/critique/etc run the released version, so they will complain about the formatting introduced by this CL until a new release is out.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=237358273
- Created configs for Proxy server, GKE, and terraform
- Created sans_list file for use with tarsier client
- Updated allowedClients in registry server
TODO: Update dr-bashrc to support crash environment
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236659249
Changed the order of the create registrar form fields and updated the delegate email and country code labels to be more intuitive
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236354256
This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.
We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.
Also, this is a security risk, as it allowed to do "billable actions" (creating a new domain for example) with the only authentication being access to the registrar's G Suite account.
This bypassed the certificate, IP whitelist, and EPP password, which is bad.
PUBLIC:
Remove the web console EPP endpoint
This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.
We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236244195
This is mostly for build reports that use xml or other non-browsable
format. Most notable - the JUnit xml test results.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236118885
Super users can look up auth info in Datastore or BigQuery backup anyway.
Requiring it only adds friction when using the super user extension, without
any additional security benefit.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235786090
We set the initial value to the "icann referral email", but registrars can change it later if they want.
Although this value isn't strictly required, we assume it exists in the spec11 report.
Also changed the name of the contact email from "email" to "consoleUserEmail"
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235734200
This change added the implementation of screenshot comparison with
ChromeWebDriver which will be used in the open-source code base.
This change also set a default window size(1200x2000) for each screenshot
test. This is to make the size of screenshot deterministic to help
build the screenshot comparison tests.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235539713
This CL fixes .bzl files to make them compatible with the next versions of Bazel. This is done by running the following command on all the .bzl files:
buildifier --lint=fix --warnings=attr-non-empty,attr-single-file,ctx-actions,output-group
More information: []
Tested:
tap_presubmit
Some tests failed; test failures are believed to be unrelated to this CL
BEGIN_PUBLIC
Internal cleanup
END_PUBLIC
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235192309
We currently deploy metadata files for vulnerability scanning
to a GoB repo. The Vomit team has requested that we provide
the .pom and .jar files for each dependency in the GoB repo
for their new manifest approach of scanning.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235029408
Note that this also requires setting the CREDZ environment variable to the
contents of the service account credentials file (wrapped in single quotes for
shell command protection)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234993149
We are moving toward using GitHub as the source of truth for the domain registry project (Nomulus). As such, the piper location will soon be deleted, along with it the terraform configs. These files are copied to the canonical location []
Note that the files under modules will still be present in the open source code base as it allows open source users to set up the project quickly. The files under envs are specific to each actual project and is removed entirely from the open source code (it was excluded by MOE before).
Some files are renamed to conform to the newly established terraform code style.
There was a remaining regarding using latchkey to set up IAM policies that I intend to punt for now. I imagine if we decide to use latchkey, it means that the IAM related terraform configs will be removed for the Annealing set up. However we would still like to leave that in the open source configs such that it still is a one-stop shop to set up your project.
The automation mode is set to DRYRUN so that there are no accidental changes to our projects during .dev launch. It will be changed back later.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234838043
This uploads all the report files to GCS, and also creates a cover page that
summarises all the task states.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234601015
Otherwise, registrars will never receive a notification through EPP that a
domain has been synchronously deleted by us.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234172289
This makes it consistent with the parameter of the same name on the tld commands.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234148699
Our Gradle build now requires three programs to build: Java, npm and gcloud. There are no existing images that contain all of them. Even if there were, they probably come from some random Joe on the Internet and we cannot trust the image to be free of malwares. Therefore we need to build our own builder.
The builder images will be built by Cloud Build and upload to our container registry. We should periodically rebuild it to pull in the latest security updates both for the base Ubuntu image, and for the components that we install. I have not figured out a way to do that yet. For now we'll just trigger Cloud Build manually once in a while.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234009343
There's no reason not to always create the source mapping but we shouldn't
distribute it in production.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233984970
The npmInstall task installs gradle/node_modules/google-closure-library, which should not be tracked by git.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233826415
The correct way to override the plugins repo is through the pluginManagement
section in the gradle settings file. Also make use of the gradle.properties
file to initialize repositoryUrl and also publishUrl so we don't have to mess
around with finding and assigning them in the main gradle file.
The lock files are also updated.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233810854
*** Reason for rollback ***
Breaks the build.
*** Original change description ***
Fix overrides of plugin repository
The correct way to override the plugins repo is through the pluginManagement
section in the gradle settings file. Also make use of the gradle.properties
file to initialize repositoryUrl and also publishUrl so we don't have to mess
around with finding and assigning them in the main gradle file.
***
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233801411
The correct way to override the plugins repo is through the pluginManagement
section in the gradle settings file. Also make use of the gradle.properties
file to initialize repositoryUrl and also publishUrl so we don't have to mess
around with finding and assigning them in the main gradle file.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233778270
This change does a few things:
1. Partially externalized WebDriver tests by using ChromeDriver
as an implementation of WebDriver API in the external build.
2. Refactored WebDriverRule.java to decouple the creation and
using of WebDriver related stuff so we can have different
implementations in internal and external builds.
3. Refactored the usage of some internal libraries to have a
central place to store all of them to make it easier to
remove them in the external build.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233661757
Icann reports have 3 parameter-provided injections:
- yearMonth
- subdir
- reportType
We move all of them away from the "inner classes" and only @Inject them in the Actions themselves.
This has 2 benefits:
- it's much clearer what all the parameter inputs of the Actions are
- the "inner injected classes" don't assume anything about the Action that uses them - they will work just as well for JSON actions as for "regular" actions.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233625765
The goal of this CL is to set up the build environment to allow plugins to work.
We have a trivial plugin that doesn't do anything (yet) - it just sets itself as the finalizer of all Reporting tasks.
Eventually, this plugin will upload all reports to GCS, and even create a "cover page" linking to each one of them.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233617499
This makes sure that the WAR files created by running "gradle stage" can be deployed by appcfg (tested the pubapi service on alpha). We need to copy all the static html files regardless of the service because the error.html handler is registered for sandbox and production environments across services. Without those files the gradle app engine plugin refuses to create the WAR files.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233608424
It looks like I must have somehow duplicated the absolute path when I copied
these, this puts them in the right place (I think...)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233412326
This CL changes the Cloud Build flows to retrieve dependencies from our self-hosted GCS repository, to ensure that the release build are reproducible and hermetic (Note that it is still not truely reproducible as the dependency publishing process will override any existing artifacts in GCS with the current artifacts in Maven central. This is an issue that we should fix later).
There are a couple of changes involved to get this working:
1. Changed internal repo location to pull from the new repo.
2. Remove jcenter repo. It is only used to pull in the docker gradle plugin, which is not used. We instead build the deploy jar file with Gradle and build the docker image with a Dockerfile. The docker gradle plugin artifacts uploaded to GCS cannot be read because it is using some special classifier which seems to not be preserved when uploading. The java application plugin is also removed because it is only used by the docker gradle plugin.
3. Removed netty tcnative library classifier. It does not appear to be actually used (the jar downloaded from Maven central is an uber jar) and the classifier again interferes with downloading the artifacts from GCS.
4. Removed the cyclic dependency of the util project on itself. It was added because the nebula linter wanted it, which I think is an erroneous warning which should be reported upstream. The cyclic dependency was not a problem before (for yet unknown reasons), but it seems like when we force the dependency resolution (by calling project.generateDependencyPublications during configuration stage) it exacerbated the hidden issue and caused a cyclic task dependency in the util project, which is fatal. Now Nebula will complain again, but the warning is considered benign and will not cause the build to fail.
5. Added the nebula dependency lock files. We need these files when using the GCS maven repo because the we only upload artifacts after conflict resolution to GCS. If both v1 and v2 of the same library are requested in the dependency graph, only one will be uploaded. If we do not have the lock files in place, when building from GCS maven repo, Gradle will try to first find both v1 and v2 in the repo (which fails because v1 is not present in the repo), before proceeding to select v2 to use.
6. Refactored the code to upload Maven artifacts to GCS. We need to manually edit the POM file to reproduce the dependencies for each artifact so that they are all put in the classpath during compilation. Before, the POM files do not have any dependency information, which causes compilation to fail because transitive dependencies are not loaded (even though they are present in the GCS repo).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233408051
I should have caught this in the review, but [] is loading *ALL*
contacts individually from Datastore on every domain update. This will add a
large number of Datastore round trips and thus significantly reduce update
performance.
This CL changes the behavior to *ONLY* load contacts when there is a duplicate
(which is needed to determine the contact's display name to generate the error
message), and loads all of them in a single batch rather than individually.
This also makes some minor changes around domain getters returning empty sets
instead of null.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233128140
This allows us to have the source mapping appear when debugging, just like we have when logging on to alpha, prod, or locally.
Tested on Crash with building from Gradle
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233092769
This CL does a few things:
- Adds the template Soy-to-JS compilation (note: this requires the extra
soyutils_usegoog.js file separately so that the compiled *.soy.js files work
- Adds the Closure Compiler to compile and check our JS
- Adds an NPM task to allow us to download dependencies
- Adds the Closure library as an NPM package
Note: this probably won't compile until we fix the test JS files
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233059414
This change also added a test to verify that EPP request to modify
both contacts and registrant at same time can be handled as expected.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232935690
This makes such tasks work with Gradle's incremental build.
In practice this change is not very useful:
- The Dagger annotation processor version we use is not fully
compatible with Gradle incremental build, and currently causes
unnecessary rebuild in the util package, and forces tests to always run.
Will try the latest version later, which claims to support incremental
build.
- AppEngine deploy task leaves behind non-writable tools.jar files.
Reruns of any builds that include :services:*:explodeWar would fail,
and the easiest work-around right now is to run Gradle clean task.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232929552
This is to remind the user that the function actually uses cache, and also
for naming consistency with EppResourceUtils.loadByForeignKeyCached().
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232870846
We figure out the TLD state so that we properly check whether or not we can provision sunrise domains in that TLD. We also change the message slightly so that it's a bit more clear when we aren't in sunrise.
Note: it is deliberate that NAME_COLLISION reservations are provisionable in sunrise.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232742813
The publish and generateDependencyMetadata tasks need to run
on root project as well.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232742630
The redacted text for the email field displays a longer prompt to
contact the registrar, per the request filed at b/123573370.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232716133
