Updating and adding pages.

Signed-off-by: Dennis Labordus <[email protected]>

Author: Dennis Labordus

docs/DEPENDABOT.md

@@ -0,0 +1,100 @@
+<!--
+SPDX-FileCopyrightText: 2021 Alliander N.V.
+
+SPDX-License-Identifier: CC-BY-4.0
+-->
+
+## Dependabot
+
+### Configure Dependabot Settings
+
+The first step is that we want to enable Alerts from Dependabot. This needs to be done for every repository that 
+uses Dependabot. Go to the settings of the repository and select "Security & analysis". Next enable "Dependabot alerts"
+and "Dependabot security updates".
+
+Also remember to give the repository access to the secret DB_GITHUB_PACKAGES at organization level.
+
+### Configure Dependabot (yaml)
+
+Next step is to add a configuration file to the repository that will enable Dependabot. In the repository create a 
+file "dependabot.yml" in the directory ".github". The basic content will be something like
+
+```yaml
+version: 2
+
+registries: #(1)
+  maven-github:
+    type: maven-repository
+    url: https://maven.pkg.github.com/com-pas/*
+    username: OWNER
+    password: ${{ secrets.DB_GITHUB_PACKAGES }}
+
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions" #(2)
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 5
+
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven" #(3)
+    directory: "/"
+    registries:
+      - maven-github
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 5
+```
+
+- (1): This configures the GitHub Maven Repository that Dependabot can use to search for new versions of CoMPAS Dependencies.
+- (2): This will check if the newest versions of GitHub Actions are used. Default it will scan the directory ".githuib/workflows" 
+       under the directory defined here (in this case "/").
+- (3): This will scan the Maven Plugins and Dependencies defined in the pom.xml files. The GitHub Maven Repository is also
+       defined here.
+
+Both scans are executed daily and create a maximum of 5 pull request. After a pull request is handled it will create the 
+next one if there is one.
+
+The configuration can be fine-tuned further. For instance with some libraries it isn't possible to use the latest version.
+Below is an example how to prevent Dependabot from creating pull request for these dependencies. In the example 
+the JAXB Implementation can't higher.
+
+```yaml
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven"
+    directory: "/"
+    registries:
+      - maven-github
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 5
+    ignore:
+      # Next two dependencies shouldn't be upgrade, because RestEasy isn't using newer version. (2.3.X)
+      - dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
+        versions: [ "[3.0,)" ]
+      - dependency-name: com.sun.xml.bind:jaxb-impl
+        versions: [ "[3.0,)" ]
+```
+
+Dependabot uses the configuration found in the default branch (often 'develop'), so to make it effective use a 
+pull request to merge it into the default branch.
+
+### Adding Dependabot Secret DB_GITHUB_PACKAGES
+
+Tot access GitHub Packages a secret DB_GITHUB_PACKAGES needs to be created.
+- First create a new personal access token from https://github.com/settings/tokens. Tokens can only be created as personal tokens.
+  The token also must have the right "read:packages".
+- Next create a new organisation secret from https://github.com/organizations/com-pas/settings/secrets/dependabot with the value of
+  personal access token you created above. Name the secret DB_GITHUB_PACKAGES. Make it available to the repositories that have
+  Dependabot configured.
+
+Now Dependabot can use this secret to access GitHub Packages.
+
+### Handling the pull request
+
+Pull request created by Dependabot can be handled just like other pull request, but there is 1 issue to know.  
+Some GitHub Actions, like SonarCloud and AutomateProjects, will fail if they are started by the pull request from
+Dependabot. This is caused by a security issues that was fixed. These actions can't access Secrets when started by a Bot.  
+For some of these actions it maybe solved in some way, but if that is not possible just manually re-run the action.
+The action will then succeed. 

docs/DEPLOYMENT.md

@@ -0,0 +1,31 @@
+<!--
+SPDX-FileCopyrightText: 2021 Alliander N.V.
+
+SPDX-License-Identifier: CC-BY-4.0
+-->
+
+## Deployment of CoMPAS
+We deploy the (native) Docker image of all CoMPAS services to Docker Hub. This way, it can be pulled and deployed into environments of your choice (OpenShift for example).
+
+### Quick Deployment instructions (under construction)
+The following instructions are terminal instructions for publishing a Quarkus docker image to Docker Hub. This should be done by a Github Action in the future.
+
+```
+docker login # Creating a Docker session
+```
+In order to publish it to Docker Hub, you have to login first and create a session.
+
+```
+./gradlew clean build -Pnative -Dquarkus.native.container-build=true -Dquarkus.container-image.build=true -Dquarkus.container-image.group=group -Dquarkus.container-image.name=name -Dquarkus.container-image.push=true
+```
+Few points in this single command:
+- `-Pnative` creates a native executable (this needs some prework, see the Building Native Image [documentation](https://quarkus.io/guides/building-native-image)).
+- `-Dquarkus.native.container-build=true` creates a Linux executable without GraalVM being installed (only necessary if GraalVM is not installed).
+- `-Dquarkus.container-image.build=true` creates a container image with the native executable in it.
+- `-Dquarkus.container-image.group=group` defining the group name. Standard it's the system user name.
+- `-Dquarkus.container-image.name=name` defining the name of the image. Standard it's 'app'.
+- `-Dquarkus.container-image.push=true` deploys to docker image to Docker Hub.
+
+## Sources
+#### Full documentation about deploying Quarkus application to Docker Hub
+https://dev.to/marcuspaulo/tutorial-publish-a-quarkus-application-in-kubernetes-minikube-and-dockerhub-36nd

docs/GITHUB_ACTIONS.md

@@ -0,0 +1,223 @@
+<!--
+SPDX-FileCopyrightText: 2021 Alliander N.V.
+
+SPDX-License-Identifier: CC-BY-4.0
+-->
+
+## Github Actions
+Every repository within the CoMPAS Github organization need a default set of Github Actions.
+[Github Actions](https://github.com/features/actions) are CI/CD steps within a Github Repository that you can configure. This way, you can ensure that certain steps (like building) are always triggered on for example a commit push.
+
+Within CoMPAS, we define the following 'must have' Github Actions:
+  - [Building](#building)
+  - [REUSE check](#reuse-check)
+  - [SonarCloud](#sonarcloud)
+  - [Docker Hub Deployment](#docker-hub-deployment)
+
+More to follow.
+
+Github Actions are configured using YAML files. These files are stored in the `.github/workflows` directory of a specific repository.
+
+### Building
+All source code repositories need some kind of building step.
+By default, all source code repositories use Maven as the build tool.
+
+This building step is pretty easy to configure. Just create a `maven_build.yml` file in the `.github/workflows` directory containing the following source code:
+
+```yaml
+name: Maven Build
+
+on: push #(1)
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK 1.11
+        uses: actions/[email protected]
+        with:
+          distribution: 'zulu'
+          java-version: '11'
+      - name: Create custom Maven Settings.xml #(2)
+        uses: whelk-io/maven-settings-xml-action@v18
+        with:
+          output_file: custom_maven_settings.xml
+          servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
+      - name: Build with Maven
+        run: mvn -s custom_maven_settings.xml -B clean verify #(3)
+```
+
+A few points to remember:
+- (1): By default, all actions are triggered on a push action.
+- (2): This step creates a custom settings.xml for authenticating for Github Packages. For more information,
+  check the [Contributing file](https://github.com/com-pas/contributing/blob/master/CONTRIBUTING.md).
+- (3): This is a default for building a Maven project. It may differ in some cases, please feel free to adjust it.
+
+### REUSE check
+For keeping our copyright and licensing information up to date and correct, we use [REUSE](https://reuse.software/) to check this. This is also configured for every separate repository in an easy manner: just create a `reuse.yml` file in the `.github/workflows` directory containing the following source code:
+
+```yaml
+name: REUSE Compliance Check
+
+on: push #(1)
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: REUSE Compliance Check
+      uses: fsfe/reuse-action@v1
+```
+
+A few points to remember:
+- (1): By default, all actions are triggered on a push action.
+
+This is the only thing that has to be done. After this, it will be checked on every push.
+
+#### REUSE badge
+For transparancy, CoMPAS repositories also include a REUSE badge in their README for fast checking the REUSE compliance.
+
+Two steps are needed to get a REUSE badge to work:
+
+1. Register the Repository at the [REUSE website](https://api.reuse.software/register). For name and email, check the [Slack channel](https://app.slack.com/client/TLU68MTML).
+2. Add the following code to the README:
+   
+```md
+[![REUSE status](https://api.reuse.software/badge/github.com/com-pas/repoName)](https://api.reuse.software/info/github.com/com-pas/repoName)
+```
+
+There is one steps left: Replace `repoName` with the name of the specific repository (as stated in the URL).
+
+After doing all these steps, everything is set up for the REUSE check.
+
+### SonarCloud
+For static code analysis, CoMPAS is using [SonarCloud](https://sonarcloud.io/). To configure this, there are several steps that needs to be done.
+
+1. Go to the [CoMPAS Github organization settings](https://github.com/organizations/com-pas/settings/profile), and click on "Installed Github Apps". SonarCloud is listed here already (because we are already using it). Click on the 'configure' button next to it.
+2. In the "Repository access" section, select the repository you want to add. By default, not every repository is added as an extra check.
+3. Create a new project in [SonarCloud](https://sonarcloud.io/projects/create).
+4. Select the repository to be analyzed, click Set Up.
+5. Choose the Analysis Method "With Github Actions".
+6. It first tells you to create a SONAR_TOKEN secret in your repo. Go to your repository -> Settings - Secrets -> New repository secret -> Name: SONAR_TOKEN. Value: Copy the value from the SonarCloud website into here. Then save the secret
+7. Select Maven as the option that best describes our build and **remember the projectKey**. and create a `sonarcloud_analysis.yml` file in the `.github/workflows` directory containing the following source code running.
+
+```yaml
+name: SonarCloud Analysis
+
+on: push #(1)
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 1.11
+        uses: actions/[email protected]
+        with:
+          distribution: 'zulu'
+          java-version: '11'
+      - name: Cache SonarCloud packages
+        uses: actions/[email protected]
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/[email protected]
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Create custom Maven Settings.xml #(2)
+        uses: whelk-io/maven-settings-xml-action@v18
+        with:
+          output_file: custom_maven_settings.xml
+          servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
+      - name: Build and analyze
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: | #(3)
+          mvn -s custom_maven_settings.xml -B -Psonar \
+          -Dsonar.projectKey=<insert project key> \
+          -Dsonar.organization=com-pas \
+          -Dsonar.host.url=https://sonarcloud.io \
+          verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+```
+
+A few points to remember:
+- (1): By default, all actions are triggered on a push action.
+- (2): Creates a custom `settings.xml` having the credentials for the Github Packages.
+  For more information, check our [Contributing](https://github.com/com-pas/contributing/blob/master/CONTRIBUTING.md).
+- (3): Replace the `<insert project key>` with the project key you copied.
+
+Once this is set, it's all done!
+
+### Docker Hub Deployment
+For automatic deployment of our microservices, CoMPAS uses Docker Hub as the central docker image repository. This way, all Docker images can be pulled from a central image repository.
+
+This step is easy to configure. Just create a `dockerhub_deployment.yml` file in the `.github/workflows` directory containing the following source code:
+
+```yaml
+name: Docker Hub Deployment
+
+on:
+  release:
+    types: [released] #(1)
+
+jobs:
+  push_to_registry:
+    name: Build and publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to Docker Hub #(2)
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+      - name: Extract tag name #(3)
+        id: extract_tagname
+        shell: bash
+        # Extra the tagname form the git reference, value of GITHUB_REF will be something like refs/tags/<tag_name>.
+        run: echo "##[set-output name=tagname;]$(echo ${GITHUB_REF##*/})"
+      - name: Set up JDK 11
+        uses: actions/[email protected]
+        with:
+          distribution: 'zulu'
+          java-version: '11'
+      - name: Create custom Maven Settings.xml
+        uses: whelk-io/maven-settings-xml-action@v18
+        with:
+          output_file: custom_maven_settings.xml #(4)
+          servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
+      - name: Set version with Maven
+        run: mvn -B versions:set -DprocessAllModules=true -DnewVersion=${{ steps.extract_tagname.outputs.tagname }}
+      - name: Deploy with Maven to GitHub Packages and Docker Hub #(5)
+        run: ./mvnw -B -s custom_maven_settings.xml -Prelease,native clean deploy
+```
+
+A few points to remember:
+- (1): By default, the docker image is only deployed on release. This way we have a strict deployment flow, and versions always have the same content. For more information about types of releases, check the [Github Actions documentation](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#release).
+- (2): Before deploying to Docker Hub, we need to login first. This can be done by executing a GitHub Action. In this example, `DOCKER_HUB_USERNAME` and `DOCKER_HUB_PASSWORD` are used, which are secrets stored at [CoMPAS organization](https://github.com/organizations/com-pas/settings/secrets/actions). For more information about the username and password, ask in the the [Slack channel](https://app.slack.com/client/TLU68MTML).
+- (3): Extract the tag name from Git and use that as version to be set with Maven (${{ steps.extract_tagname.outputs.tagname }}).
+- (4): Creates a custom `settings.xml` having the credentials for the Github Packages.
+  For more information, check our [Contributing](https://github.com/com-pas/contributing/blob/master/CONTRIBUTING.md).
+- (5): Building and publishing the docker image is build tool / framework specific. By default, CoMPAS services are using Quarkus and Maven. Deploying to Docker Hub is quite easy using Quarkus and maven, it's just a matter of building in combination with setting some properties. In this example, we use the `quarkus-profile` parameter instead of including all the parameters. This way, we can define profile specific properties in our `application.properties` file (For more information about this, check our [Docker Hub Deployment page](./DEPLOYMENT.md)):
+
+```ini
+%publishNativeImage.quarkus.native.container-build=true
+%publishNativeImage.quarkus.container-image.build=true
+%publishNativeImage.quarkus.container-image.group=lfenergycompas
+%publishNativeImage.quarkus.container-image.name=compas-scl-data-service
+%publishNativeImage.quarkus.container-image.push=true
+```

docs/_includes/sidebar.html

@@ -20,9 +20,18 @@ <h2>
       <a class="sidebar-nav-item{% if page.url == 'GOVERNANCE.html' %} active{% endif %}" href="{{ site.baseurl }}/GOVERNANCE.html">Governance</a>
       <a class="sidebar-nav-item{% if page.url == 'DEVELOPING.html' %} active{% endif %}" href="{{ site.baseurl }}/DEVELOPING.html">Developing</a>
       <ul class="nav-list ">
-        <li class="nav-list-item ">
+        <li class="nav-list-item">
           <a class="sidebar-nav-item{% if page.url == 'STYLEGUIDE.html' %} active{% endif %}" href="{{ site.baseurl }}/STYLEGUIDE.html">Styleguide</a>
         </li>
+        <li class="nav-list-item">
+          <a class="sidebar-nav-item{% if page.url == 'GITHUB_ACTIONS.html' %} active{% endif %}" href="{{ site.baseurl }}/GITHUB_ACTIONS.html">Github Actions</a>
+        </li>
+        <li class="nav-list-item">
+          <a class="sidebar-nav-item{% if page.url == 'DEPENDABOT.html' %} active{% endif %}" href="{{ site.baseurl }}/DEPENDABOT.html">Dependabot</a>
+        </li>
+        <li class="nav-list-item">
+          <a class="sidebar-nav-item{% if page.url == 'DEPLOYMENT.html' %} active{% endif %}" href="{{ site.baseurl }}/DEPLOYMENT.html">Deployment</a>
+        </li>
       </ul>
 
     </nav>