removes remnants of security-tokens from docker build (leaves possible incomplete TLS support)

ast-9.2.9.tar.gz:

	wget https://github.com/Starlink/ast/files/8843897/ast-9.2.9.tar.gz

.PHONY: warlink

.PHONY: fetchwar

fetchwar:

	cp ../data-discovery/target/vlkb-siav2-$(VERSION).war .

build: fetchwar

	docker build --build-arg VLKB_VERSION=$(VERSION) -t siav2 -f Dockerfile .

# the docker-login below needed a ca-cert(?) which in the middle of the certificate-chain,

# but was not automatically downloaded and also local cert/ket pair(?) ->

# -> see: /etc/docker/certs.d/git.ia2.ianf.it:5050/*

#

# docker login git.ia2.inaf.it:5050 (robert.butora C-tol szokasos-hossu)

# to download: use image: ... in compose.yaml or

# docker run ... git.ia2.inaf.it:5050/butora/vlkb-datasets/vlkb

publish-locally-siav2:

	docker tag siav2 git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)

	docker push      git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)

	docker image rm  git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)

##docker login registry.gitlab.com --> robert.butora xC*n

publish-remotely-to-ska:

	docker tag soda registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)

	docker push     registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)

	docker image rm registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)

###############################################################################

#TAG ?= $(VERSION)

#REMOTE_SODA_IMAGE_NAME = registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(TAG)

#SODA_IMAGE_NAME = soda:$(TAG)

# https://gitlab.com/ska-telescope/src/visivo-vlkb-soda/container_registry/3917365

###############################################################################

#.PHONY: publish

#publish:

#	docker tag $(SODA_IMAGE_NAME) $(REMOTE_SODA_IMAGE_NAME)

#	docker push $(REMOTE_SODA_IMAGE_NAME)

#	docker image rm $(REMOTE_SODA_IMAGE_NAME)

#	@echo "SODA_IMAGE_NAME        : "$(SODA_IMAGE_NAME)

#	@echo "REMOTE_SODA_IMAGE_NAME : "$(REMOTE_SODA_IMAGE_NAME)

###############################################################################

      - DB_URI=jdbc:postgresql://vlkb-db:5432/vialactea

      - DB_USERNAME=vialactea

      - DB_PASSWORD=ia2vlkb

      - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_cutout

      - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/soda

volumes:

# notes on security:

# set volume mapping in compose.yaml: security/ -> /etc/pki/tls/

# configure port/SSL connector: (path is relative to the dir where compose.yaml is

# * server-connector.xml : set tomcat connector with certificates

#    -- ia2 needs SECTIGO

#    -- iam needs self-signed keystore.jks

# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)

# FIXME implement *.properties and server-connector.xml by paramters

# * server-connector.xml : set tomcat connector with certificates (ia2 needs SECTIGO)

#

#### Security

# SSL-certificates are site-dependent and must be regularly updated:

# vlkb-cutout expects them in /etc/pki/tls

#

# map volume: ./security:/etc/pki/tls:z,ro

# vlkb-soda expects them in /etc/pki/tls

#

# ia2token: 

#  auth.propeties

#  authpolicy.properties

#  server-connector.xml

#  SECTIGO/*

# map volume: ./security:/etc/pki/tls:ro

#

# iamtoken:

#  iamtoken.properties

#  server-connector.xml

#  keystore.jks

#

# certificates endpoint

jwks_url=

# account created for the service

resource_id=

# username for non-authenticated requests

non_authn_username=anonymous