mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: Test-Commit für VCS-Integration (MP-8) (#15)

Browse Source 
* MP-8 OTHER Implementiere JWT-Authentifizierungs-Filter im Gateway

* Fix(ci): Update upload-artifact action to v4

* Fix(ci): Add start command for Keycloak and failure logs

* Fix(ci): Remove invalid 'command' property from Keycloak service

* Fix(ci): Use KC_DEV_MODE env var to start Keycloak

* Fix(ci): Keycloak service was removed from GitHub Actions services and replaced with a manual docker run step that starts Keycloak with the start-dev command.

* dev(ci): vereinheitliche Keycloak auf 26.4.2; aktiviere Health im CI (MP-8)

* Fix(ci): Stabilize Keycloak startup in integration tests via matrix

- Add `dev-file` Keycloak variant to matrix for stability fallback.
- Improve wait logic and health checks for Keycloak and Postgres.
- Unify Keycloak version to 26.4.2 across codebase.
- Add log dumps on failure.

* Fix(ci): Die betroffene Datei docs/Visionen-Ideen/Infrastruktur-Strategie_DSGVO-Konformität.md endet aktuell mit genau einer leeren Zeile (Zeile 87). Das entspricht der Regel MD047 („Files should end with a single newline character“). Damit ist deine Korrektur korrekt.

* Fix(ci): Repository-wide auto-fix for Markdown files was implemented with a GitHub Actions workflow and a local helper script. EditorConfig and markdownlint ignore files were added to ensure consistent formatting. Instructions for using the auto-fix both via GitHub Actions and locally were provided.

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* Fix(ci): Stabilize integration tests with Keycloak matrix build (MP-8)

Introduces a matrix strategy (`keycloak_db: [postgres, dev-file]`)
in the integration-tests workflow to mitigate flaky Keycloak starts
when using the Postgres service container.

- Adds a `dev-file` Keycloak variant for stability fallback.
- Improves wait logic and health checks for Keycloak/Postgres.
- Unifies Keycloak version to 26.4.2 across codebase (Dockerfile, Compose,
  ADR, README, tests).
- Adds log dumps on failure in CI.
- Ensures `KC_HEALTH_ENABLED=true` is set.
- Updates related documentation (README, Schlachtplan).
- Includes broader Docker SSoT cleanup (versions.toml as source,
  script updates, env file cleanup, validator hardening).

This resolves recurring CI failures related to Keycloak startup and
ensures required checks for PRs (#15) are reliable, while also
improving overall Docker build consistency.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* Fix(ci): Replace OpenAPI validator with Spectral

Replaces the deprecated 'char0n/swagger-editor-validate' action,
which failed due to sandbox issues in GitHub Actions, with the
modern '@stoplight/spectral-cli'.

This ensures robust OpenAPI specification validation without
requiring a headless browser environment. The 'generate-api-docs'
job now depends on the successful completion of the Spectral validation.

Part of resolving CI failures for PR #15 (MP-8).

* Fix(ci): Specify spectral:oas ruleset for OpenAPI validation (MP-8)

* Fix(ci): Remove explicit ruleset argument for Spectral validation (MP-8)

* Fix(ci): Added a .spectral.yaml file to fix Spectral linting errors. Corrected markdown lint issues in two documentation files. Updated README.md with a new guidelines section to fix link validation errors.

* Fix(ci): Markdownlint errors were fixed by adding required blank lines. The Guidelines Validation error was resolved by updating the README.md link. The API Documentation Generator workflow was stabilized by updating paths, tasks, and validation steps.

* Fix(ci): Alle vier fehlerhaften GitHub-Action-Prüfungen wurden behoben. Fehler in der OpenAPI-Spezifikation, Probleme mit der Markdown-Linting-Analyse und Validierungsfehler bei Querverweisen wurden korrigiert. Die README.md enthält nun alle erforderlichen Links zu den Richtlinien.

* Fix(ci): Markdown linting errors in docs/api/README.md were fixed by specifying languages in fenced code blocks. OpenAPI specification errors in documentation.yaml were resolved by correcting example property types to strings. Cross-reference validation errors in README.md were fixed by adding the missing link to project-standards/coding-standards.md.

* Fix(ci): Duplicate heading errors in docs/api/members-api.md were fixed. Cross-reference validation errors for docker-architecture.md were resolved. All originally reported issues passed validation successfully.

* Fix(ci): The markdown heading levels in docs/api/members-api.md were corrected from h5 to h4 to fix linting errors. The missing cross-reference link from technology-guides/docker/docker-development.md to docker-overview.md was added. These fixes resolved the original validation and linting errors causing the process to fail.

* Fix(ci): Duplicate heading warnings in docs/api/members-api.md were resolved. Cross-reference validation for docker-development.md to docker-architecture.md was fixed. A new unrelated warning about docker-production.md was identified but not addressed.

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): README.md und einige andere Dokumentationen überarbeitet.
ports-and-urls.md hinzugefügt.
Related: MP-DOCS-001

* refactor(ci,docs): Die Markdownlint-Fehler in README.md und docs/README.md wurden behoben, indem die Überschriftenebenen angepasst, überflüssige Satzzeichen am Ende entfernt und die notwendigen Leerzeilen um Überschriften, Listen, Tabellen und Codeblöcke eingefügt wurden. Das problematische Leerzeichen am Ende in docs/README.md wurde ebenfalls entfernt. Die Dateien entsprechen nun den vorgegebenen Markdownlint-Regeln und sollten die CI-Validierung bestehen.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Dead links in docs/architecture/adr were fixed by updating URLs to stable sources and adding an ignore pattern for a placeholder link. Specific ADR files had their broken links replaced with valid ones. The markdown-link-check GitHub Action is expected to pass with zero dead links now.
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* Chore: Rerun CI checks with updated branch protection rules
This commit is contained in:
StefanMo
2025-11-07 12:26:33 +01:00
committed by GitHub
parent 6850cd92d4
commit b35c4087a2
129 changed files with 4016 additions and 7131 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/docker-build.sh
+76 -11
View File
@@ -1,7 +1,9 @@
#!/bin/bash
# ===================================================================
# Docker Build Script with Centralized Version Management
# Automatically sources versions from docker/versions.toml via environment files
# Supports two modes:
# - compat (default): load docker/build-args/*.env (current behavior)
# - envless: parse docker/versions.toml directly and export DOCKER_* vars
# ===================================================================
set -e
@@ -11,6 +13,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
DOCKER_DIR="$PROJECT_ROOT/docker"
BUILD_ARGS_DIR="$DOCKER_DIR/build-args"
VERSIONS_TOML="$DOCKER_DIR/versions.toml"
# Colors for output
RED='\033[0;31m'
@@ -36,9 +39,63 @@ print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Function to load environment files
# --- Helpers to read versions.toml directly (POSIX-friendly) ---
get_version() {
local key=$1
awk -v k="$key" '
/^\[versions\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == k && $2 == "=" { v=$3; gsub(/"/ ,"", v); print v; exit }
' "$VERSIONS_TOML" || true
}
get_env_mappings() {
awk '/^\[environment-mapping\]/,/^\[/ { if (/^[a-zA-Z].*= /) { key=$1; val=$3; gsub(/"/,"",val); print key":"val } }' "$VERSIONS_TOML" || true
}
# Function to load from versions.toml (env-less mode)
load_from_versions() {
if [[ ! -f "$VERSIONS_TOML" ]]; then
print_error "versions.toml not found at $VERSIONS_TOML"
exit 1
fi
print_info "Loading centralized versions directly from versions.toml (env-less mode)..."
# Export BUILD_DATE if not already set
export BUILD_DATE=${BUILD_DATE:-$(date -u +'%Y-%m-%dT%H:%M:%SZ')}
# Map all environment-mapping keys to DOCKER_* variables using [versions] values
while IFS=: read -r toml_key env_var; do
[[ -z "$toml_key" || -z "$env_var" ]] && continue
val=$(get_version "$toml_key")
if [[ -n "$val" ]]; then
export "$env_var"="$val"
fi
done < <(get_env_mappings)
# Additional convenience exports used by compose build args
export DOCKER_GRADLE_VERSION="${DOCKER_GRADLE_VERSION:-$(get_version gradle)}"
export DOCKER_JAVA_VERSION="${DOCKER_JAVA_VERSION:-$(get_version java)}"
export DOCKER_NODE_VERSION="${DOCKER_NODE_VERSION:-$(get_version node)}"
export DOCKER_NGINX_VERSION="${DOCKER_NGINX_VERSION:-$(get_version nginx)}"
# Ensure DOCKER_APP_VERSION is derived from app-version
local app_ver
app_ver=$(get_version "app-version")
if [[ -n "$app_ver" ]]; then
export DOCKER_APP_VERSION="$app_ver"
fi
# Backwards compatibility for scripts expecting plain names
export VERSION="${VERSION:-$app_ver}"
print_success "versions.toml loaded; DOCKER_* variables exported."
}
# Function to load environment files (compat mode)
load_env_files() {
print_info "Loading centralized Docker version environment files..."
print_info "Loading centralized Docker version environment files (compat mode)..."
# Load global environment variables
if [[ -f "$BUILD_ARGS_DIR/global.env" ]]; then
@@ -141,21 +198,21 @@ show_help() {
echo " -v, --versions Show current versions"
echo " -h, --help Show this help message"
echo ""
echo "Environment:"
echo " DOCKER_SSOT_MODE=envless|compat Default: compat"
echo ""
echo "Examples:"
echo " $0 services # Build all services"
echo " $0 clients # Build client applications"
echo " $0 all # Build everything"
echo " $0 --versions # Show current versions"
echo ""
echo "The script automatically loads versions from:"
echo " - docker/build-args/global.env"
echo " - docker/build-args/services.env"
echo " - docker/build-args/clients.env"
echo " - docker/build-args/infrastructure.env"
echo " DOCKER_SSOT_MODE=envless $0 --versions # Use versions.toml directly"
}
# Main execution
main() {
local MODE="${DOCKER_SSOT_MODE:-compat}"
# Parse command line arguments
case $1 in
-h|--help)
@@ -163,7 +220,11 @@ main() {
exit 0
;;
-v|--versions)
load_env_files
if [[ "$MODE" == "envless" ]]; then
load_from_versions
else
load_env_files
fi
show_versions
exit 0
;;
@@ -174,7 +235,11 @@ main() {
;;
*)
# Load environment and build
load_env_files
if [[ "$MODE" == "envless" ]]; then
load_from_versions
else
load_env_files
fi
show_versions
echo ""
build_category "$1"
scripts/docker-versions-update.sh
+33 -13
View File
@@ -77,11 +77,14 @@ sync_to_env_files() {
local spring_default=$(get_version "spring-profiles-default")
# shellcheck disable=SC2155
local spring_docker=$(get_version "spring-profiles-docker")
# shellcheck disable=SC2155
local alpine_version=$(get_version "alpine")
local prometheus_version=$(get_version "prometheus")
local grafana_version=$(get_version "grafana")
local keycloak_version=$(get_version "keycloak")
local postgres_version=$(get_version "postgres")
local redis_version=$(get_version "redis")
local consul_version=$(get_version "consul")
local zookeeper_version=$(get_version "zookeeper")
local kafka_version=$(get_version "kafka")
# Update global.env
cat > "$BUILD_ARGS_DIR/global.env" << EOF
@@ -96,18 +99,21 @@ GRADLE_VERSION=$gradle_version
JAVA_VERSION=$java_version
# --- Build Metadata ---
BUILD_DATE=\$(date -u +'%Y-%m-%dT%H:%M:%SZ')
VERSION=$app_version
# --- Common Base Images ---
ALPINE_VERSION=$alpine_version
ECLIPSE_TEMURIN_JDK_VERSION=$java_version-jdk-alpine
ECLIPSE_TEMURIN_JRE_VERSION=$java_version-jre-alpine
# --- Monitoring & Infrastructure Services ---
DOCKER_PROMETHEUS_VERSION=$prometheus_version
DOCKER_GRAFANA_VERSION=$grafana_version
DOCKER_KEYCLOAK_VERSION=$keycloak_version
# --- Datastore Images ---
DOCKER_POSTGRES_VERSION=$postgres_version
DOCKER_REDIS_VERSION=$redis_version
# --- Additional Infrastructure Images ---
DOCKER_CONSUL_VERSION=$consul_version
DOCKER_ZOOKEEPER_VERSION=$zookeeper_version
DOCKER_KAFKA_VERSION=$kafka_version
EOF
print_success "Updated global.env"
@@ -120,7 +126,7 @@ EOF
# ===================================================================
# --- Include Global Arguments ---
# Source global.env for GRADLE_VERSION, JAVA_VERSION, BUILD_DATE, VERSION
# Source global.env for GRADLE_VERSION, JAVA_VERSION, VERSION
# --- Client-Specific Build Tools ---
NODE_VERSION=$node_version
@@ -133,12 +139,10 @@ CLIENT_NAME=meldestelle-client
# --- Web Application Specific ---
WEB_APP_PORT=4000
WEB_APP_BUILD_TARGET=wasmJsBrowserDistribution
# --- Desktop Application Specific ---
DESKTOP_APP_VNC_PORT=5901
DESKTOP_APP_NOVNC_PORT=6080
DESKTOP_APP_BUILD_TARGET=composeDesktop
# --- Client Environment ---
NODE_ENV=production
@@ -160,7 +164,7 @@ EOF
# ===================================================================
# --- Include Global Arguments ---
# Source global.env for GRADLE_VERSION, JAVA_VERSION, BUILD_DATE, VERSION
# Source global.env for GRADLE_VERSION, JAVA_VERSION, VERSION
# --- Spring Boot Services Configuration ---
SPRING_PROFILES_ACTIVE=$spring_docker
@@ -191,7 +195,7 @@ EOF
# ===================================================================
# --- Include Global Arguments ---
# Source global.env for GRADLE_VERSION, JAVA_VERSION, BUILD_DATE, VERSION
# Source global.env for GRADLE_VERSION, JAVA_VERSION, VERSION
# --- Infrastructure Services Configuration ---
SPRING_PROFILES_ACTIVE=$spring_default
@@ -225,6 +229,22 @@ DB_NAME=meldestelle
EOF
print_success "Updated infrastructure.env"
# --- Post-generation cleanup to enforce SSoT policies ---
# 1) Remove any accidental bare DOCKER_* placeholders from non-global envs
sed -i "/^DOCKER_[A-Z0-9_]\+$/d" "$BUILD_ARGS_DIR/services.env" || true
sed -i "/^DOCKER_[A-Z0-9_]\+$/d" "$BUILD_ARGS_DIR/infrastructure.env" || true
sed -i "/^DOCKER_[A-Z0-9_]\+$/d" "$BUILD_ARGS_DIR/clients.env" || true
# 2) Remove forbidden DOCKER_APP_VERSION from all build-args envs (it is mapped at runtime)
sed -i "/^DOCKER_APP_VERSION\(=.*\)\?$/d" "$BUILD_ARGS_DIR/global.env" || true
sed -i "/^DOCKER_APP_VERSION\(=.*\)\?$/d" "$BUILD_ARGS_DIR/clients.env" || true
sed -i "/^DOCKER_APP_VERSION\(=.*\)\?$/d" "$BUILD_ARGS_DIR/services.env" || true
sed -i "/^DOCKER_APP_VERSION\(=.*\)\?$/d" "$BUILD_ARGS_DIR/infrastructure.env" || true
# 3) Purge stray numeric service-port assignments that must not live in global.env
# e.g., lines like: prometheus = 9090
sed -i -E "/^[a-z_]+ = [0-9]+$/d" "$BUILD_ARGS_DIR/global.env" || true
print_success "All environment files synced successfully!"
}
scripts/generate-compose-files.sh
+46 -19
View File
@@ -41,20 +41,36 @@ print_error() {
# Function to extract version from TOML file
get_version() {
local key=$1
grep "^$key = " "$VERSIONS_TOML" | sed 's/.*= "\(.*\)"/\1/' || echo ""
awk -v k="$key" '
/^\[versions\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == k && $2 == "=" {
val = $3; gsub(/"/, "", val); print val; exit
}
' "$VERSIONS_TOML" || echo ""
}
# Function to extract port from TOML file
get_port() {
local service=$1
grep "^$service = " "$VERSIONS_TOML" | grep -A 50 "\[service-ports\]" | grep "^$service = " | sed 's/.*= \(.*\)/\1/' || echo ""
awk -v key="$service" '
/^\[service-ports\]/ { in_section=1; next }
/^\[/ { in_section=0 }
in_section && $1 == key { print $3; exit }
' "$VERSIONS_TOML" || echo ""
}
# Function to extract environment config from TOML file
get_env_config() {
local env=$1
local key=$2
awk "/\[environments\.$env\]/,/^\[/ {if (/^$key = /) {gsub(/.*= \"?|\"?$/, \"\"); print}}" "$VERSIONS_TOML" || echo ""
awk -v env="$env" -v k="$key" '
$0 ~ "^\\[environments\."env"\\]" { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == k && $2 == "=" {
val=$3; gsub(/"/, "", val); print val; exit
}
' "$VERSIONS_TOML" || echo ""
}
# Function to generate build args section for a service category
@@ -63,31 +79,31 @@ generate_build_args_section() {
cat << EOF
args:
# Global build arguments (from docker/build-args/global.env)
GRADLE_VERSION: \${DOCKER_GRADLE_VERSION:-$(get_version "gradle")}
JAVA_VERSION: \${DOCKER_JAVA_VERSION:-$(get_version "java")}
# Global build arguments (centralized DOCKER_* variables)
GRADLE_VERSION: \${DOCKER_GRADLE_VERSION}
JAVA_VERSION: \${DOCKER_JAVA_VERSION}
BUILD_DATE: \${BUILD_DATE}
VERSION: \${DOCKER_APP_VERSION:-$(get_version "app-version")}
VERSION: \${DOCKER_APP_VERSION}
EOF
case $category in
"services")
cat << EOF
# Service-specific arguments (from docker/build-args/services.env)
SPRING_PROFILES_ACTIVE: \${DOCKER_SPRING_PROFILES_DOCKER:-$(get_version "spring-profiles-docker")}
# Service-specific arguments (centralized DOCKER_* variables)
SPRING_PROFILES_ACTIVE: \${DOCKER_SPRING_PROFILES_DOCKER}
EOF
;;
"infrastructure")
cat << EOF
# Infrastructure-specific arguments (from docker/build-args/infrastructure.env)
SPRING_PROFILES_ACTIVE: \${DOCKER_SPRING_PROFILES_DEFAULT:-$(get_version "spring-profiles-default")}
# Infrastructure-specific arguments (centralized DOCKER_* variables)
SPRING_PROFILES_ACTIVE: \${DOCKER_SPRING_PROFILES_DEFAULT}
EOF
;;
"clients")
cat << EOF
# Client-specific arguments (from docker/build-args/clients.env)
NODE_VERSION: \${DOCKER_NODE_VERSION:-$(get_version "node")}
NGINX_VERSION: \${DOCKER_NGINX_VERSION:-$(get_version "nginx")}
# Client-specific arguments (centralized DOCKER_* variables)
NODE_VERSION: \${DOCKER_NODE_VERSION}
NGINX_VERSION: \${DOCKER_NGINX_VERSION}
EOF
;;
esac
@@ -103,11 +119,13 @@ generate_environment_vars_for_service() {
local log_level=$(get_env_config $environment "log-level")
local debug_port=$(get_env_config $environment "jvm-debug-port")
local service_port=$(get_port $service)
local service_upper=$(echo "$service" | tr '[:lower:]' '[:upper:]' | tr '-' '_')
local port_var="${service_upper}_PORT"
cat << EOF
environment:
SPRING_PROFILES_ACTIVE: \${SPRING_PROFILES_ACTIVE:-$spring_profiles}
SERVER_PORT: \${${service^^}_PORT:-$service_port}
SERVER_PORT: \${$port_var:-$service_port}
DEBUG: \${DEBUG:-$debug_enabled}
LOGGING_LEVEL_ROOT: \${LOGGING_LEVEL_ROOT:-$log_level}
EOF
@@ -148,16 +166,25 @@ generate_service_definition() {
local service_port=$(get_port $service)
local debug_port=$(get_env_config $environment "jvm-debug-port")
# Normalize service name to ENV var pattern (e.g., ping-service -> PING_SERVICE)
local service_upper=$(echo "$service" | tr '[:lower:]' '[:upper:]' | tr '-' '_')
# Map to actual Dockerfile path when service directory name differs from service key
local dockerfile_service="$service"
if [[ "$category" == "infrastructure" && "$service" == "api-gateway" ]]; then
dockerfile_service="gateway"
fi
cat << EOF
$service:
build:
context: .
dockerfile: dockerfiles/$category/$service/Dockerfile
dockerfile: dockerfiles/$category/$dockerfile_service/Dockerfile
$(generate_build_args_section $category)
container_name: meldestelle-$service
$(generate_environment_vars_for_service $service $environment)
ports:
- "\${${service^^}_PORT:-$service_port}:$service_port"
- "\${${service_upper}_PORT:-$service_port}:$service_port"
EOF
# Add debug port if enabled
@@ -192,7 +219,7 @@ services:
# Database
# ===================================================================
postgres:
image: postgres:16-alpine
image: postgres:\${DOCKER_POSTGRES_VERSION:-$(get_version "postgres")}
container_name: meldestelle-postgres
environment:
POSTGRES_USER: \${POSTGRES_USER:-meldestelle}
@@ -217,7 +244,7 @@ services:
# Cache
# ===================================================================
redis:
image: redis:7-alpine
image: redis:\${DOCKER_REDIS_VERSION:-$(get_version "redis")}
container_name: meldestelle-redis
ports:
- "\${REDIS_PORT:-$(get_port redis)}:$(get_port redis)"
scripts/git-hooks/pre-commit-ssot
+76
View File
@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# ===================================================================
# Git pre-commit hook: Enforce Docker SSoT (Single Source of Truth)
# Runs lightweight sync/generate/validate and drift check before commit
# Install: make hooks-install (copies this file into .git/hooks/pre-commit)
# ===================================================================
set -euo pipefail
ROOT_DIR=$(git rev-parse --show-toplevel)
cd "$ROOT_DIR"
# Colors
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
info() { echo -e "${YELLOW}[pre-commit][INFO]${NC} $*"; }
success() { echo -e "${GREEN}[pre-commit][OK]${NC} $*"; }
error() { echo -e "${RED}[pre-commit][ERROR]${NC} $*"; }
MODE="${DOCKER_SSOT_MODE:-compat}"
# Only run if Docker-related files are in the index or if explicitly requested
if ! git diff --cached --name-only | grep -E '^(docker/|dockerfiles/|docker-compose.*\.yml(\.optimized)?|scripts/(generate-compose-files\.sh|docker-versions-update\.sh|validate-docker-consistency\.sh))' >/dev/null; then
info "No Docker-related changes staged; skipping SSoT checks."
exit 0
fi
if [ "$MODE" = "envless" ]; then
info "Env-less mode active → skipping env file sync and using versions.toml directly"
else
info "Synchronizing versions to env files..."
bash scripts/docker-versions-update.sh sync >/dev/null
fi
info "Regenerating docker-compose files (development)..."
bash scripts/generate-compose-files.sh all development >/dev/null
info "Validating Docker SSoT consistency (mode: $MODE)..."
if ! DOCKER_SSOT_MODE="$MODE" bash scripts/validate-docker-consistency.sh all >/dev/null; then
error "SSoT validation failed. See details by running: DOCKER_SSOT_MODE=$MODE bash scripts/validate-docker-consistency.sh all"
exit 1
fi
info "Checking for drift (ignoring timestamps/comments)..."
CHANGED=$(git diff --name-only || true)
if [ -n "$CHANGED" ]; then
fail=0
for f in $CHANGED; do
DIFF_FILTERED=$(git diff --unified=0 -- "$f" \
| awk 'BEGIN{show=0} { \
if ($0 ~ /^\+\+\+|^---|^@@/) { next } \
if ($0 ~ /^[+-]# (Generated:|Last updated:)/) { next } \
if ($0 ~ /^[+-]#\s*Generated from docker\/versions.toml/) { next } \
if ($0 ~ /^[+-]#\s*Environment:/) { next } \
if ($0 ~ /^[+-]#\s*Source:/) { next } \
if ($0 ~ /^[+-]$/) { next } \
if ($0 ~ /^[+-]/) { print $0 } \
}')
if [ -n "$DIFF_FILTERED" ]; then
error "SSoT drift detected in $f (beyond timestamps):"
echo "$DIFF_FILTERED"
fail=1
fi
done
if [ $fail -ne 0 ]; then
if [ "$MODE" = "envless" ]; then
error "Generated artifacts differ from repository. Run:\n DOCKER_SSOT_MODE=envless bash scripts/generate-compose-files.sh all\nThen add and commit the changes."
else
error "Generated artifacts differ from repository. Run:\n bash scripts/docker-versions-update.sh sync\n bash scripts/generate-compose-files.sh all\nThen add and commit the changes."
fi
exit 1
fi
fi
success "Docker SSoT checks passed."
exit 0
scripts/setup-keycloak.sh
+3 -2
View File
@@ -7,8 +7,9 @@ set -e
# Konfiguration
KEYCLOAK_URL=${KEYCLOAK_URL:-"http://localhost:8180"}
ADMIN_USER=${KEYCLOAK_ADMIN:-"admin"}
ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-"admin"}
# Support both new KC_BOOTSTRAP_* (Keycloak 26+) and legacy KEYCLOAK_* env vars
ADMIN_USER=${KC_BOOTSTRAP_ADMIN_USERNAME:-${KEYCLOAK_ADMIN:-"admin"}}
ADMIN_PASSWORD=${KC_BOOTSTRAP_ADMIN_PASSWORD:-${KEYCLOAK_ADMIN_PASSWORD:-"admin"}}
REALM_NAME="meldestelle"
echo "🚀 Starting Keycloak setup for Meldestelle..."
scripts/validate-docker-consistency.sh
+424 -62
View File
@@ -32,23 +32,27 @@ print_info() {
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
((CHECKS_PASSED++))
CHECKS_PASSED=$((CHECKS_PASSED + 1))
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
((WARNINGS++))
WARNINGS=$((WARNINGS + 1))
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
((ERRORS++))
ERRORS=$((ERRORS + 1))
}
# Function to extract version from TOML file
# Function to extract version from TOML file (restricted to [versions])
get_version() {
local key=$1
grep "^$key = " "$VERSIONS_TOML" | sed 's/.*= "\(.*\)"/\1/' || echo ""
awk -v k="$key" '
/^\[versions\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == k && $2 == "=" { v=$3; gsub(/"/,"",v); print v; exit }
' "$VERSIONS_TOML" || echo ""
}
# Function to get valid ARG names from TOML
@@ -58,20 +62,11 @@ get_valid_args() {
# Extract all build-args from [build-args] section
awk '/^\[build-args\]/,/^\[/ {
if (/^[a-zA-Z].*= \[/) {
in_array = 1
line = $0
gsub(/.*= \[/, "", line)
}
if (in_array) {
gsub(/[\[\]",]/, " ", line)
split(line, args, " ")
for (i in args) {
if (args[i] != "" && args[i] != "]") {
print args[i]
}
}
if (/\]/) in_array = 0
# Extract tokens inside quotes across array lines
while (match($0, /"[A-Za-z0-9_]+"/)) {
token = substr($0, RSTART+1, RLENGTH-2)
print token
$0 = substr($0, RSTART+RLENGTH)
}
}' "$VERSIONS_TOML" || true
@@ -103,8 +98,8 @@ validate_dockerfile_args() {
return
fi
# Get all ARG declarations from Dockerfile
local dockerfile_args=$(grep "^ARG " "$dockerfile" | sed 's/^ARG //' | sed 's/=.*//' | sort -u)
# Get all ARG declarations from Dockerfile (allow none without exiting)
local dockerfile_args=$({ grep "^ARG " "$dockerfile" || true; } | sed 's/^ARG //' | sed 's/=.*//' | sort -u)
# Get valid ARG names from TOML
local valid_args=$(get_valid_args | sort -u)
@@ -129,7 +124,7 @@ validate_dockerfile_args() {
has_centralized_args=true
;;
# Application-specific args that should be centralized
GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|BUILD_DATE|VERSION|SPRING_PROFILES_ACTIVE|SERVICE_PATH|SERVICE_NAME|SERVICE_PORT|CLIENT_PATH|CLIENT_MODULE|CLIENT_NAME)
GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|VERSION|SPRING_PROFILES_ACTIVE|SERVICE_PATH|SERVICE_NAME|SERVICE_PORT|CLIENT_PATH|CLIENT_MODULE|CLIENT_NAME)
if echo "$valid_args" | grep -q "^$arg$"; then
print_success " ✓ Centralized ARG: $arg"
has_centralized_args=true
@@ -159,15 +154,27 @@ validate_dockerfile_args() {
print_warning " ⚠ Dockerfile should use centralized ARGs from versions.toml"
fi
# Check for hardcoded versions
local hardcoded_versions=$(grep -E "ARG.*=.*(alpine|[0-9]+\.[0-9]+)" "$dockerfile" | grep -v "APP_" || true)
if [[ -n "$hardcoded_versions" ]]; then
print_error " ❌ Hardcoded versions found (should use versions.toml):"
echo "$hardcoded_versions" | while read -r line; do
print_error " $line"
# Check for default assignments on centralized ARGs (forbidden)
local centralized_args_regex='^(GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|VERSION|SPRING_PROFILES_ACTIVE)='
local defaulted_args=$(grep -nE "^ARG ${centralized_args_regex}" "$dockerfile" || true)
if [[ -n "$defaulted_args" ]]; then
print_error " ❌ Centralized ARGs must not have default values in Dockerfiles:"
echo "$defaulted_args" | while read -r line; do
print_error " $relative_path:$line"
done
else
print_success " ✓ No hardcoded versions found"
print_success " ✓ No default values set for centralized ARGs"
fi
# Check for hardcoded versions in ARG default values
local hardcoded_versions=$(grep -nE "^ARG [A-Z0-9_]+=.*(alpine|[0-9]+\.[0-9]+)" "$dockerfile" | grep -v "APP_" || true)
if [[ -n "$hardcoded_versions" ]]; then
print_error " ❌ Hardcoded versions found in ARG defaults (should use versions.toml):"
echo "$hardcoded_versions" | while read -r line; do
print_error " $relative_path:$line"
done
else
print_success " ✓ No hardcoded version literals in ARG defaults"
fi
}
@@ -186,40 +193,146 @@ validate_compose_versions() {
# Get environment variable mappings
local env_mappings=$(get_env_mappings)
# 0) Fail on blank ARG values for critical build args
local blank_args=$(grep -nE '^[[:space:]]*(GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|VERSION|SPRING_PROFILES_ACTIVE):[[:space:]]*$' "$compose_file" || true)
if [[ -n "$blank_args" ]]; then
print_error " ❌ Blank build args detected (must reference centralized DOCKER_* variables):"
echo "$blank_args" | while read -r line; do
print_error " $relative_path:$line"
done
else
print_success " ✓ No blank critical build args in compose file"
fi
# Enforce that critical build args map to centralized DOCKER_* variables (mapping style only)
# IMPORTANT: Only validate mappings inside build->args sections (not environment blocks)
local critical_vars=(GRADLE_VERSION JAVA_VERSION NODE_VERSION NGINX_VERSION VERSION SPRING_PROFILES_ACTIVE)
for v in "${critical_vars[@]}"; do
# Find mapping-style entries for VAR: value that are within an args: block
local mapping_lines=$(awk -v var="$v" '
{
line[NR] = $0
}
END {
for (i = 1; i <= NR; i++) {
if (line[i] ~ "^[[:space:]]*" var ":[[:space:]]*.+$") {
found = 0
# Look back up to 12 lines to see if we are under an args: section
for (j = i - 1; j >= 1 && j >= i - 12; j--) {
if (line[j] ~ /^[[:space:]]*args:[[:space:]]*$/) { found = 1; break }
if (line[j] ~ /^[[:space:]]*(environment|services|volumes|secrets|networks):/ ) { break }
}
if (found) { printf("%d:%s\n", i, line[i]) }
}
}
}' "$compose_file" || true)
if [[ -n "$mapping_lines" ]]; then
while IFS= read -r line; do
# Extract line number and content
local ln=$(echo "$line" | cut -d: -f1)
local content=$(echo "$line" | cut -d: -f2-)
# Ensure value uses ${DOCKER_*}
if echo "$content" | grep -q '\${DOCKER_'; then
: # OK
else
print_error "$v should reference centralized DOCKER_* variable in build args mapping (found: $content)"
print_error " $relative_path:$ln"
fi
done <<< "$mapping_lines"
fi
done
# 2a) Validate default fallbacks in ${DOCKER_*:-fallback} match SSoT values
# Build reverse mapping from environment-mapping (env var -> versions key)
declare -A env_to_version_key
while IFS=':' read -r toml_key env_var; do
[[ -z "$toml_key" || -z "$env_var" ]] && continue
case "$toml_key" in
gradle-version) env_to_version_key[$env_var]="gradle";;
java-version) env_to_version_key[$env_var]="java";;
node-version) env_to_version_key[$env_var]="node";;
nginx-version) env_to_version_key[$env_var]="nginx";;
postgres-version) env_to_version_key[$env_var]="postgres";;
redis-version) env_to_version_key[$env_var]="redis";;
prometheus-version) env_to_version_key[$env_var]="prometheus";;
grafana-version) env_to_version_key[$env_var]="grafana";;
keycloak-version) env_to_version_key[$env_var]="keycloak";;
consul-version) env_to_version_key[$env_var]="consul";;
zookeeper-version) env_to_version_key[$env_var]="zookeeper";;
kafka-version) env_to_version_key[$env_var]="kafka";;
spring-profiles-default) env_to_version_key[$env_var]="spring-profiles-default";;
spring-profiles-docker) env_to_version_key[$env_var]="spring-profiles-docker";;
app-version) env_to_version_key[$env_var]="app-version";;
esac
done <<< "$env_mappings"
# Find occurrences with explicit default fallbacks
local fallback_lines=$(grep -nE '\${DOCKER_[A-Z0-9_]+:-[^}]+' "$compose_file" || true)
if [[ -n "$fallback_lines" ]]; then
while IFS= read -r ln; do
[[ -z "$ln" ]] && continue
local num=$(echo "$ln" | cut -d: -f1)
local text=$(echo "$ln" | cut -d: -f2-)
# Extract var name and fallback
local var=$(echo "$text" | sed -n 's/.*${\([A-Z0-9_]\+\):-\([^}][^}]*\)}.*/\1/p')
local fallback=$(echo "$text" | sed -n 's/.*${\([A-Z0-9_]\+\):-\([^}][^}]*\)}.*/\2/p')
if [[ -z "$var" || -z "$fallback" ]]; then
continue
fi
local key=${env_to_version_key[$var]}
if [[ -z "$key" ]]; then
# Not a centralized version/profile var, ignore
continue
fi
local expected=$(get_version "$key")
if [[ -z "$expected" ]]; then
print_warning " ⚠ No SSoT value for $var (key: $key) to compare fallback against"
continue
fi
if [[ "$fallback" != "$expected" ]]; then
print_error " ❌ Outdated default fallback for $var in ${relative_path}:${num} — found '$fallback', expected '$expected' from versions.toml ($key)"
else
print_success " ✓ Fallback for $var matches SSoT ($expected)"
fi
done <<< "$fallback_lines"
fi
# Check for version references in compose file
local version_refs=$(grep -o '\${DOCKER_[^}]*}' "$compose_file" | sort -u || true)
if [[ -z "$version_refs" ]]; then
print_warning " ⚠ No centralized version references found"
return
fi
# do not return; still check for hardcoded images
else
# Validate each version reference
while IFS= read -r ref; do
[[ -z "$ref" ]] && continue
# Validate each version reference
while IFS= read -r ref; do
[[ -z "$ref" ]] && continue
local var_name=${ref#\$\{}
var_name=${var_name%\}}
# Strip any default fallback (:-value) from the variable name
var_name=${var_name%%:-*}
local var_name=${ref#\$\{}
var_name=${var_name%\}}
# Check if mapping exists in TOML
local mapping_found=false
while IFS=':' read -r toml_key env_var; do
if [[ "$env_var" == "$var_name" ]]; then
mapping_found=true
local toml_version=$(get_version "$toml_key")
if [[ -n "$toml_version" ]]; then
print_success " ✓ Version reference $ref maps to $toml_key = $toml_version"
else
print_error " ❌ TOML key $toml_key has no value"
# Check if mapping exists in TOML
local mapping_found=false
while IFS=':' read -r toml_key env_var; do
if [[ "$env_var" == "$var_name" ]]; then
mapping_found=true
local toml_version=$(get_version "$toml_key")
if [[ -n "$toml_version" ]]; then
print_success " ✓ Version reference $ref maps to $toml_key = $toml_version"
else
print_error " ❌ TOML key $toml_key has no value"
fi
break
fi
break
fi
done <<< "$env_mappings"
done <<< "$env_mappings"
if [[ "$mapping_found" == false ]]; then
print_warning " ⚠ Version reference $ref has no mapping in environment-mapping section"
fi
done <<< "$version_refs"
if [[ "$mapping_found" == false ]]; then
print_warning " ⚠ Version reference $ref has no mapping in environment-mapping section"
fi
done <<< "$version_refs"
fi
# Check for hardcoded image versions
local hardcoded_images=$(grep -E "image:.*:[0-9]" "$compose_file" | grep -v "\${" || true)
@@ -283,6 +396,13 @@ validate_port_consistency() {
# Function to validate build args environment files
validate_build_args_files() {
# Skip when running env-less mode
if [[ "${DOCKER_SSOT_MODE:-compat}" == "envless" ]]; then
print_info "Env-less mode active → skipping build-args/*.env validation"
print_success " ✓ Skipped: build-args env files not required in env-less mode"
return
fi
print_info "Validating build-args environment files..."
local build_args_files=("global.env" "services.env" "infrastructure.env" "clients.env")
@@ -300,12 +420,55 @@ validate_build_args_files() {
print_warning " ⚠ Build args file is empty: $env_file"
fi
# Check for DOCKER_ environment variables
local docker_vars=$(grep "^DOCKER_" "$full_path" | wc -l || echo "0")
if [[ "$docker_vars" -gt 0 ]]; then
print_success " ✓ Found $docker_vars centralized version variables in $env_file"
# 1) Ensure only valid lines: comments, blanks, or key=value
local invalid_lines=$(grep -n -vE '^(#|\s*$|[A-Za-z_][A-Za-z0-9_]*=)' "$full_path" || true)
if [[ -n "$invalid_lines" ]]; then
print_error " ❌ Invalid lines (must be key=value or comment):"
echo "$invalid_lines" | while read -r line; do
print_error " $env_file:$line"
done
else
print_warning " ⚠ No DOCKER_ version variables found in $env_file"
print_success " ✓ Format OK (only key=value/comments) in $env_file"
fi
# 2) No bare placeholder like `DOCKER_XYZ` without value
local bare_docker=$(grep -nE '^DOCKER_[A-Z0-9_]+$' "$full_path" || true)
if [[ -n "$bare_docker" ]]; then
print_error " ❌ Bare DOCKER_* placeholders without values found:"
echo "$bare_docker" | while read -r line; do
print_error " $env_file:$line"
done
else
print_success " ✓ No bare DOCKER_* placeholders in $env_file"
fi
# 3) Policy: Only global.env may contain DOCKER_* keys
local docker_keys_count=$(grep -E '^DOCKER_[A-Z0-9_]+' "$full_path" | wc -l || echo "0")
if [[ "$env_file" == "global.env" ]]; then
if [[ "$docker_keys_count" -gt 0 ]]; then
print_success " ✓ DOCKER_* variables present only in global.env ($docker_keys_count found)"
else
print_warning " ⚠ Expected some DOCKER_* variables in global.env (prometheus/grafana/keycloak, etc.)"
fi
# Required keys in global.env
for key in GRADLE_VERSION JAVA_VERSION VERSION; do
if grep -q "^$key=" "$full_path"; then
print_success "$key present in global.env"
else
print_error " ❌ Missing $key in global.env"
fi
done
else
if [[ "$docker_keys_count" -gt 0 ]]; then
print_error " ❌ DOCKER_* variables must not be present in $env_file (keep them centralized in global.env)"
else
print_success " ✓ No centralized DOCKER_* vars in $env_file (as expected)"
fi
fi
# 4) Ban DOCKER_APP_VERSION in any build-args env (it is mapped from VERSION at runtime)
if grep -q '^DOCKER_APP_VERSION=' "$full_path"; then
print_error " ❌ DOCKER_APP_VERSION should not be defined in build-args files (mapped from VERSION in docker-build.sh)"
fi
else
print_error " ❌ Build args file missing: $env_file"
@@ -313,6 +476,197 @@ validate_build_args_files() {
done
}
# Additional drift-detection helpers
# Get a port value from [service-ports] in versions.toml
get_toml_port() {
local service_key=$1
awk -v key="$service_key" '
/^\[service-ports\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == key { print $3; exit }
' "$VERSIONS_TOML" || echo ""
}
# Validate equality between versions.toml and build-args env files (key-to-key)
validate_env_value_equality() {
# Skip when running env-less mode (no build-args/*.env are authoritative)
if [[ "${DOCKER_SSOT_MODE:-compat}" == "envless" ]]; then
print_info "Env-less mode active → skipping TOML↔env value equality check"
print_success " ✓ Skipped: values derive directly from versions.toml at runtime"
return
fi
print_info "Validating value equality between versions.toml and build-args envs..."
local has_diff=false
# Internal helper for comparing a TOML key to an env key within a given file
_check_env_pair() {
local env_file=$1
local env_key=$2
local toml_key=$3
local expected
local actual
local path="$DOCKER_DIR/build-args/$env_file"
if [[ ! -f "$path" ]]; then
print_error " ❌ Missing env file: $env_file"
has_diff=true
return
fi
# Expected from TOML
expected=$(get_version "$toml_key")
# Fallback: try service-ports lookup for any matching key if not found in [versions]
if [[ -z "$expected" ]]; then
local port_lookup=$(get_toml_port "$toml_key")
if [[ -n "$port_lookup" ]]; then
expected="$port_lookup"
fi
fi
# Actual from env file
actual=$(grep -E "^${env_key}=" "$path" | head -1 | sed 's/^[^=]*=//')
if [[ -z "$expected" ]]; then
print_warning " ⚠ TOML key '$toml_key' returned no value (check versions.toml)"
return
fi
if [[ -z "$actual" ]]; then
print_error "$env_file missing $env_key (expected $expected)"
has_diff=true
return
fi
if [[ "$expected" != "$actual" ]]; then
print_error " ❌ Mismatch in $env_file: $env_key='$actual' != $toml_key='$expected'"
has_diff=true
else
print_success "$env_file: $env_key matches $toml_key ($expected)"
fi
}
# global.env mappings
_check_env_pair "global.env" "GRADLE_VERSION" "gradle"
_check_env_pair "global.env" "JAVA_VERSION" "java"
_check_env_pair "global.env" "VERSION" "app-version"
_check_env_pair "global.env" "DOCKER_PROMETHEUS_VERSION" "prometheus"
_check_env_pair "global.env" "DOCKER_GRAFANA_VERSION" "grafana"
_check_env_pair "global.env" "DOCKER_KEYCLOAK_VERSION" "keycloak"
# clients.env mappings
_check_env_pair "clients.env" "NODE_VERSION" "node"
_check_env_pair "clients.env" "NGINX_VERSION" "nginx"
_check_env_pair "clients.env" "APP_VERSION" "app-version"
# Ports for clients (map to [service-ports])
_check_env_pair "clients.env" "WEB_APP_PORT" "web-app"
_check_env_pair "clients.env" "DESKTOP_APP_VNC_PORT" "desktop-app-vnc"
_check_env_pair "clients.env" "DESKTOP_APP_NOVNC_PORT" "desktop-app-novnc"
# services.env mappings
_check_env_pair "services.env" "SPRING_PROFILES_ACTIVE" "spring-profiles-docker"
_check_env_pair "services.env" "PING_SERVICE_PORT" "ping-service"
_check_env_pair "services.env" "MEMBERS_SERVICE_PORT" "members-service"
_check_env_pair "services.env" "HORSES_SERVICE_PORT" "horses-service"
_check_env_pair "services.env" "EVENTS_SERVICE_PORT" "events-service"
_check_env_pair "services.env" "MASTERDATA_SERVICE_PORT" "masterdata-service"
# infrastructure.env mappings
_check_env_pair "infrastructure.env" "SPRING_PROFILES_ACTIVE" "spring-profiles-default"
_check_env_pair "infrastructure.env" "GATEWAY_PORT" "api-gateway"
_check_env_pair "infrastructure.env" "AUTH_SERVER_PORT" "auth-server"
_check_env_pair "infrastructure.env" "MONITORING_SERVER_PORT" "monitoring-server"
if [[ "$has_diff" == false ]]; then
print_success "Environment files are fully synchronized with versions.toml"
fi
}
# Scan for free-floating version strings outside controlled files
scan_free_floating_versions() {
print_info "Scanning for free-floating version literals outside SSoT-managed files..."
# Collect version values from [versions]
local version_values
version_values=$(awk '
/^\[versions\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $2 == "=" { v=$3; gsub(/"/,"",v); if (v ~ /[\.-]/) print v }
' "$VERSIONS_TOML" )
local found_any=false
while IFS= read -r val; do
[[ -z "$val" ]] && continue
# search occurrences excluding controlled locations
local hits
# Use find to avoid non-portable grep --exclude flags (BusyBox compatibility)
hits=$(
find "$PROJECT_ROOT" -type f \
-not -path "*/.git/*" \
-not -path "*/build/*" \
-not -path "*/.gradle/*" \
-not -path "*/node_modules/*" \
-not -path "*/dist/*" \
-not -path "*/out/*" \
-not -path "*/target/*" \
-not -path "$PROJECT_ROOT/README.md" \
-not -path "$PROJECT_ROOT/docker/versions.toml" \
-not -path "$PROJECT_ROOT/docker/build-args/global.env" \
-not -path "$PROJECT_ROOT/docker/build-args/services.env" \
-not -path "$PROJECT_ROOT/docker/build-args/clients.env" \
-not -path "$PROJECT_ROOT/docker/build-args/infrastructure.env" \
-not -name "docker-compose*.yml" \
-not -name "docker-compose*.yml.optimized" \
-not -path "$PROJECT_ROOT/scripts/generate-compose-files.sh" \
-not -path "$PROJECT_ROOT/scripts/docker-versions-update.sh" \
-print0 \
| while IFS= read -r -d '' f; do
grep -nF -- "$val" "$f" || true
done
)
if [[ -n "$hits" ]]; then
found_any=true
print_warning " ⚠ Detected occurrences of version literal '$val' outside controlled files:"
echo "$hits" | sed 's/^/ /'
fi
done <<< "$version_values"
# Generic pattern scan for suspicious literals (best-effort; warnings only)
local generic
# Portable generic scan using find + grep (avoid non-POSIX grep options)
generic=$(\
find "$PROJECT_ROOT" -type f \
-not -path "*/.git/*" \
-not -path "*/build/*" \
-not -path "*/.gradle/*" \
-not -path "*/node_modules/*" \
-not -path "*/dist/*" \
-not -path "*/out/*" \
-not -path "*/target/*" \
-not -path "$PROJECT_ROOT/docker/versions.toml" \
-not -name "docker-compose*.yml" \
-not -name "docker-compose*.yml.optimized" \
-not -path "$PROJECT_ROOT/docker/build-args/global.env" \
-not -path "$PROJECT_ROOT/docker/build-args/services.env" \
-not -path "$PROJECT_ROOT/docker/build-args/clients.env" \
-not -path "$PROJECT_ROOT/docker/build-args/infrastructure.env" \
-not -path "$PROJECT_ROOT/scripts/generate-compose-files.sh" \
-not -path "$PROJECT_ROOT/scripts/docker-versions-update.sh" \
-not -path "$PROJECT_ROOT/README.md" \
-print0 \
| xargs -0 -r grep -nE -- '(^|[^0-9])([0-9]+\.[0-9]+\.[0-9]+([a-zA-Z0-9._-]+)?)' 2>/dev/null \
| head -n 200 || true)
if [[ -n "$generic" ]]; then
found_any=true
print_warning " ⚠ Generic version-like strings found (review for potential drift):"
echo "$generic" | sed 's/^/ /'
fi
if [[ "$found_any" == false ]]; then
print_success " ✓ No free-floating version literals detected"
fi
}
# Function to show validation summary
show_summary() {
echo ""
@@ -380,8 +734,8 @@ main() {
echo ""
done
# Validate docker-compose files
for compose_file in docker-compose*.yml; do
# Validate docker-compose files (including optimized variants)
for compose_file in docker-compose*.yml docker-compose*.yml.optimized; do
if [[ -f "$PROJECT_ROOT/$compose_file" ]]; then
validate_compose_versions "$PROJECT_ROOT/$compose_file"
echo ""
@@ -394,6 +748,14 @@ main() {
# Validate build args files
validate_build_args_files
echo ""
# Validate value equality between versions.toml and build-args envs
validate_env_value_equality
echo ""
# Scan repository for free-floating version literals
scan_free_floating_versions
;;
"dockerfiles")
find "$DOCKERFILES_DIR" -name "Dockerfile" -type f | while read -r dockerfile; do
@@ -402,7 +764,7 @@ main() {
done
;;
"compose")
for compose_file in docker-compose*.yml; do
for compose_file in docker-compose*.yml docker-compose*.yml.optimized; do
if [[ -f "$PROJECT_ROOT/$compose_file" ]]; then
validate_compose_versions "$PROJECT_ROOT/$compose_file"
echo ""