Merge remote-tracking branch 'origin/master' into vse-UID2-797-track-advertiser-token-expiry

Author: vishalegbert-ttd

.github/workflows/create-release.yaml

@@ -0,0 +1,25 @@
+name: Publish Major Version to Docker
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'The tag to apply to the Docker file'
+        type: string
+      cloud_provider:
+        type: choice
+        description: 'The Cloud Provider to build for'
+        options:
+        - default
+        - aws
+        - gcp
+        - azure
+        default: default
+
+jobs:
+  build-publish-docker:
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-publish-docker-versioned.yaml@main
+    with: 
+      tag: ${{ inputs.tag }}
+      cloud_provider: ${{ inputs.cloud_provider }}
+      release_type: 'Major'
+    secrets: inherit

.github/workflows/publish-docker-major.yaml

@@ -0,0 +1,25 @@
+name: Publish Minor Version to Docker
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'The tag to apply to the Docker file'
+        type: string
+      cloud_provider:
+        type: choice
+        description: 'The Cloud Provider to build for'
+        options:
+        - default
+        - aws
+        - gcp
+        - azure
+        default: default
+
+jobs:
+  build-publish-docker:
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-publish-docker-versioned.yaml@main
+    with: 
+      tag: ${{ inputs.tag }}
+      cloud_provider: ${{ inputs.cloud_provider }}
+      release_type: 'Minor'
+    secrets: inherit

.github/workflows/publish-docker-minor.yaml

@@ -1,20 +1,25 @@
-name: Publish Docker
+name: Publish Patch to Docker
 on:
   workflow_dispatch:
     inputs:
       tag:
         description: 'The tag to apply to the Docker file'
         type: string
       cloud_provider:
-        description: 'Must be one of [aws, gcp, azure, default]'
-        required: false
-        default: 'default'
-        type: string
+        type: choice
+        description: 'The Cloud Provider to build for'
+        options:
+        - default
+        - aws
+        - gcp
+        - azure
+        default: default
 
 jobs:
   build-publish-docker:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-publish-docker.yaml@main
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-publish-docker-versioned.yaml@main
     with: 
       tag: ${{ inputs.tag }}
       cloud_provider: ${{ inputs.cloud_provider }}
-    secrets: inherit
+      release_type: 'Patch'
+    secrets: inherit

.github/workflows/publish-docker.yaml …thub/workflows/publish-docker-patch.yaml.github/workflows/publish-docker.yaml renamed to .github/workflows/publish-docker-patch.yaml .github/workflows/publish-docker.yaml renamed to .github/workflows/publish-docker-patch.yaml

@@ -0,0 +1,25 @@
+name: Publish Snapshot to Docker
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'The tag to apply to the Docker file'
+        type: string
+      cloud_provider:
+        type: choice
+        description: 'The Cloud Provider to build for'
+        options:
+        - default
+        - aws
+        - gcp
+        - azure
+        default: default
+
+jobs:
+  build-publish-docker:
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-publish-docker-versioned.yaml@main
+    with: 
+      tag: ${{ inputs.tag }}
+      cloud_provider: ${{ inputs.cloud_provider }}
+      release_type: 'Snapshot'
+    secrets: inherit

.github/workflows/publish-docker-snapshot.yaml

@@ -1,32 +1,40 @@
 name: Validate Docker Image
 on:
   workflow_dispatch:
+    inputs:
       failure_severity:
         description: 'Must be one of CRITICAL, HIGH, MEDIUM'
         required: false
-        default: 'CRITICAL'
-        type: string
+        default: 'HIGH'
+      fail_on_error:
+        description: 'If true, will fail the build if vulnerabilities are found'
+        required: true
+        type: boolean
+        default: true
   schedule:
     - cron: '0 20 * * *' #every day at 20:00
 
 jobs:
   build-publish-docker-default:
     uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@main
     with: 
-      failure_severity: ${{ inputs.failure_severity || 'CRITICAL'}}
+      failure_severity: ${{ inputs.failure_severity || 'HIGH'}}
+      fail_on_error: ${{ inputs.fail_on_error || true }}
       cloud_provider: 'default'
     secrets: inherit
   build-publish-docker-aws:
     uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@main
     with: 
-      failure_severity: ${{ inputs.failure_severity || 'CRITICAL'}}
+      failure_severity: ${{ inputs.failure_severity || 'HIGH'}}
+      fail_on_error: ${{ inputs.fail_on_error || true }}
       cloud_provider: 'aws'
     secrets: inherit
     needs: [build-publish-docker-default]
   build-publish-docker-gcp:
     uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@main
     with: 
-      failure_severity: ${{ inputs.failure_severity || 'CRITICAL'}}
+      failure_severity: ${{ inputs.failure_severity || 'HIGH'}}
+      fail_on_error: ${{ inputs.fail_on_error || true }}
       cloud_provider: 'gcp'
     secrets: inherit
-    needs: [build-publish-docker-aws]
+    needs: [build-publish-docker-aws]

.github/workflows/validate-image.yaml

@@ -1,4 +1,4 @@
-FROM eclipse-temurin@sha256:c99492a6cf649269c2e39f468fa64dacca233e362059ce1deb218c56e51969a0
+FROM eclipse-temurin@sha256:d19c17f59e768549cd3d26f577be73b5e26e652dd66210d91a6738a355aa1dfe
 
 WORKDIR /app
 EXPOSE 8080

Dockerfile

@@ -23,12 +23,12 @@ RUN mvn package -B -Paws -DskipTests=true \
     && (mvn help:evaluate -Dexpression=project.version | grep -e '^[1-9][^\[]' > ./package.version)
 
 # build libjnsm.so
-RUN git clone https://github.com/IABTechLab/nsm-java.git \
-    && (cd nsm-java/jnsm; cargo build --lib --release; cd ../..) \
-    && cp nsm-java/jnsm/target/release/libjnsm.so .
+RUN git clone https://github.com/IABTechLab/uid2-attestation-aws.git \
+    && (cd uid2-attestation-aws/jnsm; cargo build --lib --release; cd ../..) \
+    && cp uid2-attestation-aws/jnsm/target/release/libjnsm.so .
 
 # build vsockpx
-RUN git clone https://github.com/IABTechLab/vsock-skeleton-key.git \
-    && mkdir vsock-skeleton-key/build \
-    && (cd vsock-skeleton-key/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../..) \
-    && cp vsock-skeleton-key/build/vsock-bridge/src/vsock-bridge ./vsockpx
+RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
+    && mkdir uid2-aws-enclave-vsockproxy/build \
+    && (cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../..) \
+    && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx

Dockerfile.nitro.builder

@@ -9,6 +9,7 @@
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,
   "advertising_token_v3": false,
+  "advertising_token_v4": false,
   "refresh_token_v3": false,
   "identity_v3": false,
   "identity_scope": "uid2",
@@ -27,4 +28,4 @@
   "optout_heap_default_capacity": 8192,
   "optout_max_partitions": 30,
   "optout_partition_interval": 86400
-}
+}

conf/local-config.json

@@ -3,7 +3,7 @@
   "storage_mock": true,
   "enforce_https": false,
   "core_attest_url": "http://core:8088/attest",
-  "core_api_token": "OPINTAjLRWcVlCDl9+BbwR38gzxYdiWFa751ynWLuI7JU4iA=",
+  "core_api_token": "OPLCLAjLRWcVlCDl9+BbwR38gzxYdiWFa751ynWLuI7JU4iA=",
   "clients_metadata_path": "http://core:8088/clients/refresh",
   "keys_metadata_path": "http://core:8088/key/refresh",
   "keys_acl_metadata_path": "http://core:8088/key/acl/refresh",