First commit for the Query Service.

.circleci/config.yml

@@ -0,0 +1,137 @@
+version: 2.1
+
+orbs:
+  codecov: codecov/codecov@1
+  snyk: snyk/[email protected]
+
+executors:
+  gradle_docker:
+    docker:
+      - image: cimg/openjdk:11.0
+  helm:
+    docker:
+      - image: hypertrace/helm-gcs-packager:0.1.1
+
+commands:
+  gradle:
+    description: 'Run the provided gradle command'
+    parameters:
+      args:
+        type: string
+      when:
+        default: "on_success"
+        type: enum
+        enum: ["on_fail", "on_success", "always"]
+    steps:
+      - run:
+          name: << parameters.args >>
+          command: ./gradlew << parameters.args >> --info --max-workers=2 -Dorg.gradle.jvmargs=-Xmx2g -Dorg.gradle.console=plain --continue
+          when: << parameters.when >>
+  setup_build_environment:
+    description: 'Generates cache key from a hash of all gradle files'
+    steps:
+      - checkout
+      - run:
+          name: Generate cache key
+          command: find . -type f -name "*.gradle*" -exec shasum {} + | sort > /tmp/checksum.txt && cat /tmp/checksum.txt
+      - restore_cache:
+          keys:
+            - v1-dependencies-{{ checksum "/tmp/checksum.txt" }}
+            # fallback to using the latest cache if no exact match is found
+            - v1-dependencies-
+  populate_and_save_cache:
+    description: 'Downloads all gradle dependencies and uploads cache for later use'
+    steps:
+      - gradle:
+          args: downloadDependencies
+      - save_cache:
+          paths:
+            - ~/.gradle
+          key: v1-dependencies-{{ checksum "/tmp/checksum.txt" }}
+
+jobs:
+  build:
+    executor: gradle_docker
+    steps:
+      - setup_build_environment
+      - setup_remote_docker
+      - populate_and_save_cache
+      - gradle:
+          args: build dockerBuildImages
+      - gradle:
+          args: jacocoTestReport
+      - codecov/upload:
+          flags: unit
+  publish:
+    executor: gradle_docker
+    steps:
+      - setup_build_environment
+      - setup_remote_docker
+      - gradle:
+          args: :tag -Prelease
+      - gradle:
+          args: publish dockerPushImages
+      - add_ssh_keys:
+          fingerprints:
+            - 'bd:a2:a2:90:46:6c:51:d0:af:8b:1b:c2:d6:e2:f2:e2'
+      - run: git push origin $(./gradlew -q :printVersion)
+  validate-charts:
+    executor: helm
+    steps:
+      - checkout
+      - run:
+          name: Helm Charts Lint and Template Render
+          command: |
+            helm lint --strict ./helm/
+            helm template ./helm/
+  snyk-scan:
+    executor:
+      name: gradle_docker
+    environment:
+      GRADLE_OPTS: -Dorg.gradle.workers.max=1 # Snyk doesn't handle parallelism well
+    steps:
+      - setup_build_environment
+      - snyk/scan:
+          additional-arguments: --all-sub-projects --policy-path=.snyk
+
+  package-charts:
+    executor: helm
+    steps:
+      - checkout
+      - run:
+          name: Package and Publish Helm Charts
+          command: |
+            CHART_VERSION=$(git describe --abbrev=0)
+            CHART_NAME=$(awk '/^name:/ {print $2}' ./helm/Chart.yaml)
+            export GOOGLE_APPLICATION_CREDENTIALS=${HOME}/helm-gcs-key.json
+            echo ${HELM_GCS_CREDENTIALS} > ${GOOGLE_APPLICATION_CREDENTIALS}
+            helm repo add helm-gcs ${HELM_GCS_REPOSITORY}
+            helm package --version ${CHART_VERSION} --app-version ${CHART_VERSION} ./helm/
+            helm gcs push ${CHART_NAME}-${CHART_VERSION}.tgz helm-gcs --public --retry
+
+workflows:
+  version: 2
+  build-and-publish:
+    jobs:
+      - build
+      - validate-charts
+      - snyk-scan:
+          context: hypertrace-vulnerability-scanning
+      - publish:
+          context: hypertrace-publishing
+          requires:
+            - build
+            - validate-charts
+            - snyk-scan
+          filters:
+            branches:
+              only:
+                - master
+      - package-charts:
+          context: hypertrace-publishing
+          requires:
+            - publish
+          filters:
+            branches:
+              only:
+                - master

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# Each line is a file pattern followed by one or more owners.
+
+# global
+* @buchi-busireddy @tim-mwangi @avinashkolluru @inespo

.gitignore

@@ -0,0 +1,25 @@
+.gradle
+build/
+cscope.*
+.classpath
+.project
+.svn
+target/
+bin/
+*/bin/
+*.iml
+.settings/
+out/
+.DS_Store
+test-output
+*.log
+*.patch
+*.log.gz
+*.code-workspace
+.idea/*.xml
+.idea/libraries/
+.idea/dictionaries/
+.idea/codeStyles/
+.idea/.name
+# Local config to handle using Java 8 vs java 11.
+.java-version

.snyk

@@ -0,0 +1,13 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JAVA-LOG4J-572732:
+    - '*':
+        reason: no available replacement
+        expires: 2020-07-31T00:00:00.000Z
+  SNYK-JAVA-IONETTY-473694:
+    - '*':
+        reason: no available replacement
+        expires: 2020-07-31T00:00:00.000Z
+patch: {}