imi-ms
diff --git a/‎.env‎
Lines changed: 3 additions & 2 deletions b/‎.env‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/docker_testenv/.env‎
Lines changed: 26 additions & 0 deletions b/‎.github/docker_testenv/.env‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎.github/docker_testenv/Dockerfile‎
Lines changed: 13 additions & 0 deletions b/‎.github/docker_testenv/Dockerfile‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/docker_testenv/docker-compose.yml‎
Lines changed: 38 additions & 0 deletions b/‎.github/docker_testenv/docker-compose.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎.github/workflows/pr-checks.yml‎
Lines changed: 267 additions & 0 deletions b/‎.github/workflows/pr-checks.yml‎
Lines changed: 267 additions & 0 deletions
@@ -13,8 +13,9 @@ MYSQL_MOPAT_AUDIT_URL=jdbc:mysql://db-container:3306/moPat_audit?autoReconnect=t
 
 # Local volume paths
 HL7_VOLUME=./data/export/HL7
-FHIR_VOLUME=./data/export/HL7
-ODM_VOLUME=./data/export/HL7
+FHIR_VOLUME=./data/export/FHIR
+ODM_VOLUME=./data/export/ODM
+REDCAP_VOLUME=./data/export/REDCap
 UPLOAD_VOLUME=./data/upload
 IMAGES_VOLUME=./data/images
 CONFIG_DIR=/etc/mopat
 
@@ -0,0 +1,26 @@
+# .env file
+# DB settings
+# !!! ADJUST THESE SETTINGS !!!
+MYSQL_ROOT_PASSWORD=root
+MYSQL_USER=mopat
+MYSQL_PASSWORD=mopat
+PEPPER=AdP5ktlaIVaon53yJg8zEZSnFr33Dinil69ZtZMTWXubKMUEpfyNvOgWLdwNLhedY3WT5TVcqgg
+
+# DB Connection settings - The hostname is corresponding to the container name of the db
+MYSQL_MOPAT_URL=jdbc:mysql://db-container:3306/moPat?autoReconnect=true&useUnicode=true&useEncoding=true&characterEncoding=UTF-8
+MYSQL_MOPAT_USER_URL=jdbc:mysql://db-container:3306/moPat_user?autoReconnect=true&useUnicode=true&useEncoding=true&characterEncoding=UTF-8
+MYSQL_MOPAT_AUDIT_URL=jdbc:mysql://db-container:3306/moPat_audit?autoReconnect=true&useUnicode=true&useEncoding=true&characterEncoding=UTF-8
+
+# Local volume paths
+HL7_VOLUME=./data/export/HL7
+FHIR_VOLUME=./data/export/FHIR
+ODM_VOLUME=./data/export/ODM
+UPLOAD_VOLUME=./data/upload
+IMAGES_VOLUME=./data/images
+CONFIG_DIR=/etc/mopat
+
+# Path for the database data
+DB_DATA_PATH=./data/db
+
+# Port configuration
+WEBAPP_PORT=8080
@@ -0,0 +1,13 @@
+FROM maven:3.9.11-eclipse-temurin-17-noble as builder
+WORKDIR /app
+COPY pom.xml .
+COPY src ./src
+COPY .git ./.git
+RUN mvn -B -f pom.xml dependency:go-offline
+RUN mvn -B install -DskipTests
+FROM tomcat:10-jdk17-temurin-noble
+RUN rm -rf /usr/local/tomcat/webapps/*
+COPY src/main/resources/docker-server.xml /usr/local/tomcat/conf/server.xml
+COPY --from=builder /app/target/*.war /usr/local/tomcat/webapps/ROOT.war
+EXPOSE 8080
+CMD ["catalina.sh", "run"]
@@ -0,0 +1,38 @@
+services:
+  db-container:
+    image: mariadb
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_DATABASE: initDb
+    ports:
+      - "127.0.0.1:3306:3306"
+    volumes:
+      - ${DB_DATA_PATH}:/var/lib/mysql
+      - ./db:/docker-entrypoint-initdb.d
+
+  webapp-container:
+    build:
+      context: ../..
+      dockerfile: .github/docker_testenv/Dockerfile
+    depends_on:
+      - db-container
+    ports:
+      - "127.0.0.1:${WEBAPP_PORT}:8080"
+    volumes:
+      - ${HL7_VOLUME}:/var/lib/tomcat10/export/HL7
+      - ${FHIR_VOLUME}:/var/lib/tomcat10/export/FHIR
+      - ${ODM_VOLUME}:/var/lib/tomcat10/export/ODM
+      - ${UPLOAD_VOLUME}:/var/lib/tomcat10/upload
+      - ${IMAGES_VOLUME}:/var/lib/tomcat10/images
+      - ${CONFIG_DIR}:/etc/mopat
+      - ./src/main/resources/docker-server.xml:/usr/local/tomcat/conf/server.xml:ro
+    environment:
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_MOPAT_URL=${MYSQL_MOPAT_URL}
+      - MYSQL_MOPAT_USER_URL=${MYSQL_MOPAT_USER_URL}
+      - MYSQL_MOPAT_AUDIT_URL=${MYSQL_MOPAT_AUDIT_URL}
+      - PEPPER=${PEPPER}
@@ -0,0 +1,267 @@
+name: test
+
+on: pull_request
+
+jobs:
+  unit-tests:
+    permissions:
+      checks: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    outputs:
+      unittest-results: ${{ steps.decode-results.outputs.content }}
+    services:
+      mariadb:
+        image: mariadb:latest
+        env:
+          MARIADB_ROOT_PASSWORD: root
+        ports:
+          - 3306:3306
+        options: >-
+          --health-cmd="healthcheck.sh 
+          --connect 
+          --innodb_initialized" 
+          --health-interval=10s 
+          --health-timeout=5s 
+          --health-retries=3
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Install MySQL client and Load Database Schema
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y default-mysql-client
+          mysql -h 127.0.0.1 -u root --password=root -e "CREATE USER IF NOT EXISTS 'mopat'@'%' IDENTIFIED BY 'mopat';"
+          mysql -h 127.0.0.1 -u root --password=root -e "GRANT ALL PRIVILEGES ON *.* TO 'mopat'@'%'; FLUSH PRIVILEGES;"
+          mysql -h 127.0.0.1 -u root --password=root < db/installationInitTest.sql
+
+      - name: Test with Maven
+        run: mvn -B test --file pom.xml
+
+      - name: Publish Test Report
+        id: testReport
+        uses: mikepenz/action-junit-report@v5
+        if: success() || failure() # always run even if the previous step fails
+        with:
+          report_paths: '**/target/surefire-reports/*.xml'
+
+      - name: Decode results
+        id: decode-results
+        if: always() && github.event_name == 'pull_request'
+        run: |
+          echo "<details><summary>🧪 Unit Test Results</summary>" >> unit-results.md
+          echo "${{ steps.testReport.outputs.summary }}" >> unit-results.md
+          echo "</details>" >> unit-results.md
+          # Save content as output
+          echo "content<<EOF" >> $GITHUB_OUTPUT
+          cat unit-results.md >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+          
+
+  selenium-tests:
+    permissions:
+      checks: write
+      pull-requests: write
+
+    runs-on: ubuntu-latest
+    outputs:
+      selenium-results: ${{ steps.decode-results.outputs.content }}
+
+    steps:
+      # Checkout the repository
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      # Set up Docker
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Pull the Chrome image
+      - name: Pull Selenoid Chrome Image
+        run: docker pull selenoid/chrome:latest
+
+      # Setup Docker-Compose
+      - name: Docker Compose Action
+        uses: hoverkraft-tech/compose-action@v2.0.2
+        with:
+          compose-file: "selenium/docker-compose.yml"
+
+      # Wait for the server to be ready before running tests
+      - name: Wait for the application to be ready
+        run: |
+          until curl --output /dev/null --silent --head --fail http://localhost:8080; do
+            echo 'Waiting for the application to be ready...'
+            sleep 5
+          done
+          until curl --output /dev/null --silent --head --fail http://localhost:4444/status; do
+            echo 'Waiting for Selenoid to be ready...'
+            sleep 5
+          done
+
+      # Set up Python and run Selenium tests
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.13' # Specify the version of Python you are using
+
+      - name: Install dependencies
+        run: pip install -r selenium/requirements.txt  # Ensure your Selenium and other dependencies are listed here
+
+      - name: Run Selenium tests
+        run: |
+          python3 selenium/selenium_tests.py > test-results.log
+
+      - name: Save results to env
+        if: always() && github.event_name == 'pull_request'
+        id: test_report
+        run: echo "SELENIUM_TEST_SUMMARY=$(base64 -w 0 test-results.log)" >> $GITHUB_ENV
+
+        # Install GitHub CLI
+      - name: Install GitHub CLI
+        run: sudo apt-get update && sudo apt-get install -y gh
+
+      - name: Decode results
+        id: decode-results
+        if: always() && github.event_name == 'pull_request'
+        run: |
+          decoded_results=$(echo "${{ env.SELENIUM_TEST_SUMMARY }}" | base64 --decode)
+          echo "<details><summary>🌐 Selenium Test Results</summary>" > selenium_block.md
+          echo "$decoded_results" >> selenium_block.md
+          echo "</details>" >> selenium_block.md
+          # Save content as output
+          echo "content<<EOF" >> $GITHUB_OUTPUT
+          cat selenium_block.md >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+  trivy-scan:
+    runs-on: ubuntu-latest
+    outputs:
+      trivy-results: ${{ steps.trivy-table.outputs.content }}
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker images with docker compose
+        working-directory: ./.github/docker_testenv
+        run: |
+          docker compose build
+
+      - name: Run Trivy vulnerability scanner on image
+        id: trivy
+        uses: aquasecurity/trivy-action@0.34.2
+        env:
+          TRIVY_DISABLE_VEX_NOTICE: "true"
+        with:
+          image-ref: docker_testenv-webapp-container:latest
+          format: json
+          exit-code: 0
+          output: trivy-report.json
+
+      - name: Convert Trivy JSON to Markdown table (split OS vs app)
+        id: trivy-table
+        run: |
+          # Check if any vulnerabilities exist
+          if ! jq -e '.Results[].Vulnerabilities | select(length > 0)' trivy-report.json > /dev/null; then
+            echo "✅ No vulnerabilities found!" >> trivy-comment.md
+            exit 0
+          fi
+
+          #####################################
+          # 🐳 1️⃣ Base Image Vulnerabilities (os-pkgs)
+          #####################################
+
+          os_total=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]?] | length' trivy-report.json)
+          os_with_fixes=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]? | select(.FixedVersion != null and .FixedVersion != "")] | length' trivy-report.json)
+
+          echo "<details><summary>🐳 Base Image Vulnerabilities: $os_total vulnerabilities found, $os_with_fixes with fixes</summary>" >> trivy-comment.md
+          echo "" >> trivy-comment.md
+
+          jq -r '
+            [ .Results[]
+              | select(.Class == "os-pkgs")
+              | .Vulnerabilities[]?
+            ]
+            | select(length > 0)
+            | group_by(.PkgName)
+            | sort_by(.[0].PkgName)
+            | .[]
+            | "#### 📦 Package: \([.[0].PkgName])\n"
+              + "| Severity | Vulnerability ID | Installed Version | Fixed Version |\n"
+              + "|-----------|------------------|------------------|----------------|\n"
+              + (map("| \(.Severity) | \(.VulnerabilityID) | \(.InstalledVersion) | \(.FixedVersion // "-") |") | join("\n"))
+              + "\n"
+          ' trivy-report.json >> trivy-comment.md
+
+          echo "</details>" >> trivy-comment.md
+          echo "" >> trivy-comment.md
+
+          #####################################
+          # ☕️ 2️⃣ Tomcat / Java / Library Vulnerabilities
+          #####################################
+
+          app_total=$(jq '[.Results[] | select(.Class!="os-pkgs") | .Vulnerabilities[]?] | length' trivy-report.json)
+          app_with_fixes=$(jq '[.Results[] | select(.Class!="os-pkgs") | .Vulnerabilities[]? | select(.FixedVersion != null and .FixedVersion != "")] | length' trivy-report.json)
+
+          echo "<details><summary>☕️ Application / Library Vulnerabilities: $app_total vulnerabilities found, $app_with_fixes with fixes</summary>" >> trivy-comment.md
+          echo "" >> trivy-comment.md
+
+          jq -r '
+            [ .Results[]
+              | select(.Class != "os-pkgs")
+              | .Vulnerabilities[]?
+            ]
+            | select(length > 0)
+            | group_by(.PkgName)
+            | sort_by(.[0].PkgName)
+            | .[]
+            | "#### 📦 Package: \([.[0].PkgName])\n"
+              + "| Severity | Vulnerability ID | Installed Version | Fixed Version |\n"
+              + "|-----------|------------------|------------------|----------------|\n"
+              + (map("| \(.Severity) | \(.VulnerabilityID) | \(.InstalledVersion) | \(.FixedVersion // "-") |") | join("\n"))
+              + "\n"
+          ' trivy-report.json >> trivy-comment.md
+
+          echo "</details>" >> trivy-comment.md
+          # Save content as output
+          echo "content<<EOF" >> $GITHUB_OUTPUT
+          cat trivy-comment.md >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+  comment:
+    runs-on: ubuntu-latest
+    needs: [unit-tests, selenium-tests, trivy-scan]
+    if: always()
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Post PR comment
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            ### Test Results
+            
+            ${{ needs.unit-tests.outputs.unittest-results }}
+            
+            ${{ needs.selenium-tests.outputs.selenium-results }}
+            
+            ### Vulnerability Scan Results
+            
+            ${{ needs.trivy-scan.outputs.trivy-results }}
+
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}