Revert "rebasing" (#2033)

This reverts commit e30a4ac.

.dockerignore

@@ -0,0 +1,14 @@
+/.idea/
+/project/boot/
+/project/plugins/project
+target/
+lib_managed/
+src_managed/
+test-output/
+*.iml
+.classpath_nb
+.cache
+.classpath
+.project
+/.settings/
+/bin/

.gitallowed

@@ -0,0 +1 @@
+core/src/test/scala/org/broadinstitute/dsde/rawls/model/ExecutionModelSpec.scala

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,46 @@
+- [ ] **Submitter**: Include the JIRA issue number in the PR description
+- [ ] **Submitter**: Check that the **Product Owner** has signed off on any user-facing changes
+- [ ] **Submitter**: Make sure Swagger is updated if API changes
+  - [ ] **...and Orchestration's Swagger too!**
+- [ ] **Submitter**: If updating admin endpoints, also update [firecloud-admin-cli](https://github.com/broadinstitute/firecloud-admin-cli)
+- [ ] **Submitter**: Check documentation and code comments. Add explanatory PR comments if helpful.
+- [ ] **Submitter**: JIRA ticket checks:
+  * Acceptance criteria exists and is met
+  * Note any changes to implementation from the description
+  * To Demo flag is set
+  * Release Summary is filled out, if applicable
+  * Add notes on how to QA
+- [ ] **Submitter**: Update RC_XXX release ticket with any config or environment changes necessary
+- [ ] **Submitter**: Database checks:
+  * If PR includes new or changed db queries, include the explain plans in the description
+  * Make sure liquibase is updated if appropriate
+  * If doing a migration, take a backup of the
+  [dev](https://console.cloud.google.com/sql/instances/terraform-qfarbdq3lrexxck5htofjs5z6m/backups?project=broad-dsde-dev&organizationId=548622027621)
+  and
+  [alpha](https://console.cloud.google.com/sql/instances/terraform-r4caezzc35c4tb7pgdhwkmme4y/backups?project=broad-dsde-alpha&organizationId=548622027621)
+  DBs in Google Cloud Console
+- [ ] **Submitter**: Update FISMA documentation if changes to:
+  * Authentication
+  * Authorization
+  * Encryption
+  * Audit trails
+- [ ] Tell your tech lead (TL) that the PR exists if they want to look at it
+- [ ] Anoint a lead reviewer (LR). **Assign PR to LR**
+* Review cycle:
+  * LR reviews
+  * Rest of team may comment on PR at will
+  * **LR assigns to submitter** for feedback fixes
+  * Submitter rebases to develop again if necessary
+  * Submitter makes further commits. DO NOT SQUASH
+  * Submitter updates documentation as needed
+  * Submitter **reassigns to LR** for further feedback
+- [ ] **TL** sign off
+- [ ] **LR** sign off
+- [ ] **Assign to submitter** to finalize
+- [ ] **Submitter**: Verify all tests go green, including CI tests
+- [ ] **Submitter**: Squash commits and merge to develop
+- [ ] **Submitter**: Delete branch after merge
+- [ ] **Submitter**: **Test this change works on dev environment after deployment**. YOU own getting it fixed if dev isn't working for ANY reason!
+- [ ] **Submitter**: Verify swagger UI on dev environment still works after deployment
+- [ ] **Submitter**: Inform other teams of any API changes via Slack and/or email
+- [ ] **Submitter**: Mark JIRA issue as resolved once this checklist is completed

.github/pr-labeler.yml

@@ -0,0 +1 @@
+Scala_Steward: 'update/*'

.github/workflows/format.yaml

@@ -0,0 +1,24 @@
+name: Check formatting for modified files with scalafmt
+
+on:
+  pull_request:
+    paths-ignore: ['**.md']
+
+jobs:
+  format:
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: coursier-cache-action
+        uses: coursier/cache-action@v5
+
+      - name: Check formatting for modified files
+        run: |
+          sbt scalafmtCheckAll

.github/workflows/pr-labeler.yml

@@ -0,0 +1,14 @@
+name: PR Labeler
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  pr-labeler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: TimonVS/pr-labeler-action@v3
+        with:
+          configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -0,0 +1,75 @@
+name: Scala tests with coverage
+
+on:
+  pull_request:
+    paths-ignore: ['**.md']
+  push:
+    paths-ignore: ['**.md']
+
+jobs:
+
+  test:
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - uses: actions/checkout@v2
+
+      # coursier cache action caches both coursier and sbt caches
+      - name: coursier-cache-action
+        uses: coursier/cache-action@v5
+
+      - name: Start MySQL
+        run: |
+          sh docker/run-mysql.sh start
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'temurin'
+          java-version: 17
+
+      - name: Git secrets setup
+        run: |
+          git clone https://github.com/awslabs/git-secrets.git ~/git-secrets
+          cd ~/git-secrets
+          git checkout ad82d68ee924906a0401dfd48de5057731a9bc84
+          sudo make install
+
+      - name: Secrets check
+        run: |
+          ./minnie-kenny.sh --force
+          git secrets --scan-history
+
+      - name: Run tests
+        id: tests
+        run: >-
+          sbt clean coverage test coverageReport
+          -J-Xmx3g
+          -Denv.type=test
+          -Dmysql.host=localhost
+          -Dmysql.port=3310
+          it:compile
+
+      # A known github bug results in 'annotations generated in a Github action during a step executed in
+      # the “pull request” event, end up in the “workflow” for the "push’ event.'
+      # Until they fix that problem, we must ensure this step creates a unique check_name, else
+      # the pull_request and push checks will overwrite each other.
+      # https://github.com/ScaCap/action-surefire-report/issues/39
+      # https://github.community/t/specify-check-suite-when-creating-a-checkrun/118380
+      - name: Upload Test Report
+        uses: mikepenz/[email protected]
+        if: ${{ always() }}
+        with:
+          report_paths: '**/target/test-reports/TEST-*.xml'
+          check_name: Test Report ${{ github.event_name }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Codecov upload
+        uses: codecov/codecov-action@v3
+        if: ${{ always() }}
+
+      - name: Stop MySQL
+        run: |
+          sh docker/run-mysql.sh stop

.github/workflows/trivy.yml

@@ -0,0 +1,15 @@
+name: Trivy scan
+on: [pull_request]
+
+jobs:
+  appsec-trivy:
+    name: DSP AppSec Trivy check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      # The Dockerfile copies this, so it needs to exist for the build to succeed
+      - run: touch rawls.jar
+
+      # https://github.com/broadinstitute/dsp-appsec-trivy-action
+      - uses: broadinstitute/dsp-appsec-trivy-action@v1

.gitignore

@@ -0,0 +1,33 @@
+.idea/
+.vscode/
+/project/boot/
+/project/plugins/project
+target/
+lib_managed/
+src_managed/
+test-output/
+*.iml
+.classpath_nb
+.cache
+.classpath
+.project
+/.settings/
+/bin/
+*.log
+/config/
+rawlsdb/
+
+*.pid
+automation/src/test/resources/
+automation/.bsp/
+automation/test-reports/
+/.bsp/
+
+.bloop/
+.metals/
+project/.bloop/
+metals.sbt
+
+rawls-assembly-0.1.jar
+
+/local-mysqlstore

.java-version

@@ -0,0 +1 @@
+17

.scala-steward.conf

@@ -0,0 +1,111 @@
+# pullRequests.frequency allows to control how often or when Scala Steward
+# is allowed to create pull requests.
+#
+# Possible values:
+#   @asap
+#     PRs are created without delay.
+#
+#   <timespan>
+#     PRs are created only again after the given timespan since the last PR
+#     has passed. Example values are "36 hours", "1 day", or "14 days".
+
+#   <CRON expression>
+#     PRs are created roughly according to the given CRON expression.
+#
+#     CRON expressions consist of five fields:
+#     minutes, hour of day, day of month, month, and day of week.
+#
+#     See https://www.alonsodomin.me/cron4s/userguide/index.html#parsing for
+#     more information about the CRON expressions that are supported.
+#
+#     Note that the date parts of the CRON expression are matched exactly
+#     while the time parts are only used to abide to the frequency of
+#     the given expression.
+#
+#
+pullRequests.frequency = "0 0 ? * MON" # every monday at midnight
+
+
+# Only these dependencies which match the given patterns are updated.
+#
+# Each pattern must have `groupId`, and may have `artifactId` and `version`.
+# Defaults to empty `[]` which mean Scala Steward will update all dependencies.
+# updates.allow  = [ { groupId = "com.example" } ]
+
+# The dependencies which match the given version pattern are updated.
+# Dependencies that are not listed will be updated.
+#
+# Each pattern must have `groupId`, `version` and optional `artifactId`.
+# Defaults to empty `[]` which mean Scala Steward will update all dependencies.
+# the following example will allow to update foo when version is 1.1.x
+# updates.pin  = [ { groupId = "com.example", artifactId="foo", version = "1.1." } ]
+
+# The dependencies which match the given pattern are NOT updated.
+#
+# Each pattern must have `groupId`, and may have `artifactId` and `version`.
+# Defaults to empty `[]` which mean Scala Steward will not ignore dependencies.
+# updates.ignore = [ { groupId = "org.acme", artifactId="foo", version = "1.0" } ]
+
+# If set, Scala Steward will only create or update `n` PRs each time it runs (see `pullRequests.frequency` above).
+# Useful if running frequently and/or CI build are costly
+# Default: None
+updates.limit = 5
+
+# The extensions of files that should be updated.
+# Default: [".scala", ".sbt", ".sbt.shared", ".sc", ".yml", "pom.xml"]
+# updates.fileExtensions = [".scala", ".sbt", ".sbt.shared", ".sc", ".yml", ".md", ".markdown", ".txt"]
+
+# If "on-conflicts", Scala Steward will update the PR it created to resolve conflicts as
+# long as you don't change it yourself.
+# If "always", Scala Steward will always update the PR it created as long as
+# you don't change it yourself.
+# If "never", Scala Steward will never update the PR
+# Default: "on-conflicts"
+updatePullRequests = "on-conflicts"
+
+# If set, Scala Steward will use this message template for the commit messages and PR titles.
+# Supported variables: ${artifactName}, ${currentVersion}, ${nextVersion} and ${default}
+# Default: "${default}" which is equivalent to "Update ${artifactName} to ${nextVersion}"
+commits.message = "Update ${artifactName} from ${currentVersion} to ${nextVersion}"
+
+# If true and when upgrading version in .scalafmt.conf, Scala Steward will perform scalafmt
+# and add a separate commit when format changed. So you don't need reformat manually and can merge PR.
+# If false, Scala Steward will not perform scalafmt, so your CI may abort when reformat needed.
+# Default: true
+# scalafmt.runAfterUpgrading = false
+
+# It is possible to have multiple scala projects in a single repository. In that case the folders containing the projects (build.sbt folders)
+# are specified using the buildRoots property. Note that the paths used there are relative and if the repo directory itself also contains a build.sbt the dot can be used to specify it.
+# Default: ["."]
+# buildRoots = [ ".", "subfolder/projectA" ]
+
+# Define commands that are executed after an update via a hook.
+# A groupId and/or artifactId can be defined to only execute after certain dependencies are updated. If neither is defined, the hook runs for every update.
+# postUpdateHooks = [{
+#   command = ["sbt", "protobufGenerate"],
+#   commitMessage = "Regenerated protobuf files",
+#   groupId = "com.github.sbt",
+#   artifactId = "sbt-protobuf"
+# }]
+
+# You can override some config options for dependencies that matches the given pattern.
+# Currently, "pullRequests" can be overridden.
+# Each pattern must have `groupId`, and may have `artifactId` and `version`.
+# First-matched entry is used.
+# More-specific entry should be placed before less-specific entry.
+#
+# Default: empty `[]`
+# dependencyOverrides = [
+#   {
+#     dependency = { groupId = "com.example", artifactId = "foo", version = "2." },
+#     pullRequests = { frequency = "1 day" },
+#   },
+#   {
+#     dependency = { groupId = "com.example", artifactId = "foo" },
+#     pullRequests = { frequency = "30 day" },
+#   },
+#   {
+#     dependency = { groupId = "com.example" },
+#     pullRequests = { frequency = "14 day" },
+#   }
+# ]

.scalafmt.conf

@@ -0,0 +1,17 @@
+version = 3.5.9
+align = none
+align.openParenCallSite = true
+align.openParenDefnSite = true
+maxColumn = 120
+continuationIndent.defnSite = 2
+assumeStandardLibraryStripMargin = true
+danglingParentheses.preset = true
+rewrite.rules = [SortImports, RedundantBraces, RedundantParens, SortModifiers]
+docstrings.style = keep
+project.excludeFilters = [
+  Dependencies.scala,
+  Settings.scala,
+  build.sbt
+]
+runner.dialect = scala213
+project.git = true

Dockerfile

@@ -0,0 +1,26 @@
+FROM us.gcr.io/broad-dsp-gcr-public/base/jre:17-debian
+
+# To run, must build the jar using ./docker/build.sh
+
+# Rawls' default port
+EXPOSE 8080
+EXPOSE 5050
+
+ENV GIT_MODEL_HASH $GIT_MODEL_HASH
+
+RUN mkdir /rawls
+COPY ./rawls*.jar /rawls
+
+# Add Rawls as a service (it will start when the container starts)
+CMD java $JAVA_OPTS -jar $(find /rawls -name 'rawls*.jar')
+
+# These next 4 commands are for enabling SSH to the container.
+# id_rsa.pub is referenced below, but this should be any public key
+# that you want to be added to authorized_keys for the root user.
+# Copy the public key into this directory because ADD cannot reference
+# Files outside of this directory
+
+#EXPOSE 22
+#RUN rm -f /etc/service/sshd/down
+#ADD id_rsa.pub /tmp/id_rsa.pub
+#RUN cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys