You need (or may want) the following CLI tools. For UNIX users, there is a prepared Brewfile, see
below.
Necessary tools:
- lefthook - manages our git hooks
- Github CLI - used by lefthook to check for pipeline status before push
- docker - our container runtime (on macOS, the easiest way is to use Docker Desktop)
- gopass - a tool to sync secrets
- Node.js - JavaScript runtime & dependency management
- nodenv - manages the node.js environment
Backend only:
- java - we use Java 21 in the backend
Optional, but recommended tools:
- jq - handy JSON Processor
- yq - handy YAML Processor
- actionlint - a tool that lints GitHub Action pipeline definitions
- shellcheck - shell script analyzer, that also provides extensions for VS Code
- trivy - our vulnerability scanner
- adr-tools - a command-line tool to manage our Architecture Decision Records (ADRs)
- direnv - manages our local environment
If you use homebrew, you can simply execute this to to install all required
and optional
dependencies:
brew bundleIf you decided to install direnv, you have to hook it onto your shell as
described here. E.g. for ZSH add this
to ~/.zshrc:
eval "$(direnv hook zsh)"To get started with development, run:
./run.sh initThis will install a couple of Git hooks which are supposed to help you to:
- commit properly formatted source code only (and not break the build otherwise)
- write conventional commit messages
For shared secrets required for development we're using gopass. To set up follow these steps:
- If not done yet: generate a gpg keypair
- Then export your public key:
gpg --armor --export --output my-name.gpg [email protected] - Provide some team member the public GPG key with encryption capability (that team member will add you as a recipient).
Then, run:
gopass init
gopass clone [email protected]:digitalservicebund/neuris-password-store.git neuris --sync gitcliNote
If there are any issues with this command, you need to clean the store and try again until it works unfortunately
☹️ . Be aware that this command removes ALL gopass stores from your machine, not only project related ones:rm -rf ~/.local/share/gopass/stores
Try if you can get access:
gopass list neurisSynchronize the password store:
gopass syncNow you can generate a new .env file containing the secrets. When using a Yubikey you may asked multiple times for
your pin:
./run.sh envNote
This needs to be repeated every time the secrets change.
The caselaw application requires the initialization of lookup tables by the migration application image.
To be able to pull the ris-data-migration image, log in to the GitHub Package Repository using your username and a
credential token stored in 1Password (1PW):
If you don't have a personal access token, read here on how to create one. Then:
export CR_PAT=$(op read op://Employee/CR_PAT/password)
echo $CR_PAT | docker login ghcr.io -u USERNAME --password-stdin # Replace USERNAME with your GitHub usernameThe following step requires an OTC access token, read here for more info.
To connect to your S3 bucket, ensure your AWS credentials are stored in 1Password, and then set the following environment variables in your shell:
op item edit 'OTC' aws_access_key_id=[your-access-key-id]
op item edit 'OTC' aws_secret_access_key=[your-access-key-id]
The following command will migrate the minimally required data (refdata and juris tables):
Make sure the latest ris data migration image is in compose.yaml and then run:
./run.sh -iNote: If you wish to migrate documentation units, use the instructions in run_migration_locally.md
Run the whole stack including migration (initialization) inside docker:
./run.sh devIf you don't want to watch the log stream but let Docker perform health checks until everything is up, use detached mode:
./run.sh dev -d
./run.sh dev --detachedTo run the frontend stack only (without backend and initialization) run:
./run.sh dev -n
./run.sh dev --no-backendWhen choosing the no-backend variant, checkout the backend manual on how to run the backend stand-alone without docker. The easiest way would be to start the backend utilizing Spring Boot developer tools so changes in the Java sources will be reflected without manually restarting:
cd backend
SPRING_PROFILES_ACTIVE=local ./gradlew bootRunOverall docker compose spins up a reverse proxy (traefik) which listens on port 80. Therefore the application is
available at http://127.0.0.1. If you get a bad gateway error make sure your firewall is not messing with you. On
Ubuntu sudo ufw disable might do the trick. You may setup a certain firewall rule. Overall your milage may vary.
Note
When first starting the development server, dependencies will be installed automatically. This includes supported browsers for E2E and a11y testing through playwright. Should that fail, you
To see logs of the containers, use e.g.
docker compose logs # for all
docker compose logs frontend # for specific servicesTo stop the whole environment:
./run.sh downRead the component individual documentation to figure out how to run them individually:
The pipeline performs the deployment through GitOps using ArgoCD ( see example pipeline deploy step definition):
- Build and push the new Docker image (see here)
- Commit the new tag in the deployment manifest in the neuris-infra repository
- Sync the respective ArgoCD App, which will cause ArgoCD to apply all changed Kubernetes manifests on the cluster to create the desired state
You can run both frontend and backend tests simultaneously with the following commit:
lefthook run testsTo access the api documentation, start the application and navigate to /api/docs.html
or /api/docs.json in your
browser.
Architecture decisions are kept in the doc/adr directory and are managed with adr-tools.
Opt in to CI posting notifications for failing jobs to a particular Slack channel by setting a
repository secret
with the name SLACK_WEBHOOK_URL, containing a url
for Incoming Webhooks.
All reports will be published here https://digitalservicebund.github.io/ris-reports/