Merge branch 'master' of github.com:spryker/docker-sdk into feature/frw-11487/master-rmq-42-rollout

Author: vol4onok

.github/workflows/trivy.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Scan for secrets in the repository
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'fs'                  # File system scan
           trivy-config: .trivy/trivy.yaml  # Path to the Trivy config file

bin/sdk/compose.sh

@@ -195,7 +195,9 @@ function Compose::restart() {
 function Compose::stop() {
     Console::verbose "${INFO}Stopping all containers${NC}"
     Compose::command stop
-    Compose::command stop mutagen
+    if Service::isServiceExist mutagen; then
+        Compose::command stop mutagen
+    fi
     Registry::Flow::runAfterStop
 }
 

bin/sdk/mount/mutagen.sh

@@ -287,16 +287,43 @@ function Mount::Mutagen::createSyncSession() {
 }
 
 # This is necessary due to https://github.com/mutagen-io/mutagen/issues/225
+function Mount::Mutagen::waitForSessionReady() {
+    local sessionName="${1:-${SPRYKER_SYNC_SESSION_NAME}}"
+    local maxWaitSeconds="${2:-300}"
+    local intervalSeconds=3
+    local elapsed=0
+    local status
+
+    Console::verbose "${INFO}Waiting for mutagen sync session to finish initial scan...${NC}"
+
+    while [ "${elapsed}" -lt "${maxWaitSeconds}" ]; do
+        status=$(mutagen sync list "${sessionName}" 2>/dev/null | grep 'Status:' | sed 's/.*Status: //' || echo '')
+
+        if echo "${status}" | grep -qi "Watching for changes\|Synchronized"; then
+            Console::verbose "${INFO}Mutagen sync session ready (${status})${NC}"
+            return 0
+        fi
+
+        Console::verbose "${INFO}Mutagen status: ${status} (${elapsed}s elapsed)${NC}"
+        sleep "${intervalSeconds}"
+        elapsed=$((elapsed + intervalSeconds))
+    done
+
+    Console::warn "Mutagen session did not reach ready state within ${maxWaitSeconds}s (last status: ${status}). Proceeding anyway."
+    return 0
+}
+
 function Mount::Mutagen::afterCliReady() {
     if ! Mount::Mutagen::createSyncSession; then
         Console::warn "Mutagen sync session creation failed or timed out. Boot will continue."
         Console::warn "You can manually create the session later or retry after fixing Mutagen issues."
         return 0
     fi
-    
+
     if Mount::Mutagen::sessionExists; then
+        Mount::Mutagen::waitForSessionReady
         Console::verbose "${INFO}Flushing file syncronization${NC}"
-        Mount::Mutagen::runWithTimeout 10 mutagen sync flush "${SPRYKER_SYNC_SESSION_NAME}" 2>/dev/null || true
+        Mount::Mutagen::runWithTimeout 60 mutagen sync flush "${SPRYKER_SYNC_SESSION_NAME}" 2>/dev/null || true
     fi
 }
 

context/dashboard/package-lock.json

@@ -0,0 +1,150 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+HOST="${HOST:-localhost}"
+PORT="${PORT:-8080}"
+
+# === marker & token produced by Groovy ===
+BOOTSTRAP_DIR="/root/.jenkins/secrets/bootstrap"
+MARKER_FILE="${BOOTSTRAP_DIR}/.token_ready"
+SPRYKER_SCHEDULER_USER="${SPRYKER_SCHEDULER_USER:-}"   # optional; will auto-detect if empty
+TOKEN_FILE="${BOOTSTRAP_DIR}/${SPRYKER_SCHEDULER_USER:-}.token"
+
+# Will be filled after reading token
+AUTH_CURL=()
+TOKEN_VALUE=""
+
+# --- helpers (auth-aware once AUTH_CURL is set) ---
+getCrumb() {
+  # Returns 'Jenkins-Crumb:<crumb>' or empty if endpoint not enabled
+  curl -sf "http://${HOST}:${PORT}/crumbIssuer/api/json" \
+    "${AUTH_CURL[@]}" 2>/dev/null \
+    | jq -r '"Jenkins-Crumb:"+.crumb' 2>/dev/null || true
+}
+
+suspendJenkins() {
+  local crumb
+  crumb="$(getCrumb || true)"
+  curl -sfLI -X POST "http://${HOST}:${PORT}/quietDown" \
+    "${AUTH_CURL[@]}" \
+    ${crumb:+-H "$crumb"} \
+    || true
+}
+
+countRunningJobs() {
+  # returns a number (defaults to 0 on error)
+  curl -sf "http://${HOST}:${PORT}/computer/api/json" \
+    "${AUTH_CURL[@]}" 2>/dev/null \
+    | jq -r '.busyExecutors' 2>/dev/null || echo 0
+}
+
+waitForFinishOfActiveJobs() {
+  suspendJenkins
+  local count
+  count="$(countRunningJobs || echo 0)"
+  while [ "${count}" -gt 0 ]; do
+    echo "Active jobs count: ${count}"
+    sleep 1
+    count="$(countRunningJobs || echo 0)"
+  done
+  echo "No running jobs. Exiting..."
+}
+
+waitForJenkinsToStart() {
+  local code=000
+  local url="http://${HOST}:${PORT}/login"   # safe endpoint under SSO
+
+  echo "Waiting for Jenkins HTTP on ${url} (accept 200/3xx/401/403)..."
+  until code="$(curl -sS -o /dev/null -w '%{http_code}' -I "$url" || echo 000)"; \
+        [[ "$code" == "200" || "$code" == "401" || "$code" == "403" || \
+           "$code" == "301" || "$code" == "302" || "$code" == "303" || \
+           "$code" == "307" || "$code" == "308" ]]; do
+    sleep 1
+  done
+  echo "Jenkins responded with HTTP ${code} — proceeding."
+}
+
+waitForGroovyBootstrap() {
+  echo "Waiting for Groovy bootstrap marker: ${MARKER_FILE}"
+  local waited=0
+  local timeout="${WAIT_TIMEOUT:-300}" # seconds; set 0 to disable
+  until [ -f "${MARKER_FILE}" ]; do
+    sleep 1
+    waited=$((waited+1))
+    if [ "${timeout}" -gt 0 ] && [ "${waited}" -ge "${timeout}" ]; then
+      echo "ERROR: Timed out waiting for ${MARKER_FILE}"
+      exit 1
+    fi
+  done
+  echo "Groovy bootstrap complete."
+
+  # Discover token file if username wasn't set
+  if [ -z "${SPRYKER_SCHEDULER_USER}" ]; then
+    TOKEN_FILE="$(find "${BOOTSTRAP_DIR}" -maxdepth 1 -type f -name '*.token' | head -n1 || true)"
+    if [ -z "${TOKEN_FILE}" ]; then
+      echo "ERROR: No token file found in ${BOOTSTRAP_DIR}"
+      exit 1
+    fi
+    SPRYKER_SCHEDULER_USER="$(basename "${TOKEN_FILE}")"
+    SPRYKER_SCHEDULER_USER="${SPRYKER_SCHEDULER_USER%.token}"
+  fi
+}
+
+readToken() {
+  if [ ! -f "${TOKEN_FILE}" ]; then
+    echo "ERROR: Token file not found: ${TOKEN_FILE}"
+    exit 1
+  fi
+  TOKEN_VALUE="$(awk -F'=' '/^tokenValue=/{print $2; exit}' "${TOKEN_FILE}")"
+  if [ -z "${TOKEN_VALUE:-}" ]; then
+    echo "ERROR: tokenValue not present in ${TOKEN_FILE}"
+    exit 1
+  fi
+  echo "Token for user ${SPRYKER_SCHEDULER_USER} loaded from ${TOKEN_FILE}"
+
+  # Prepare auth array for curl
+  local auth_b64
+  auth_b64="$(printf '%s' "${SPRYKER_SCHEDULER_USER}:${TOKEN_VALUE}" | base64)"
+  AUTH_CURL=(-H "Authorization: Basic ${auth_b64}")
+}
+
+# === main bootstrap ===
+mkdir -p ~/.jenkins/updates
+rm -rf ~/.jenkins/plugins || echo 'plugins did not exist anyway'
+mkdir -p ~/.jenkins/plugins
+test -f ~/.jenkins/jenkins.model.JenkinsLocationConfiguration.xml || envsubst < /opt/jenkins.model.JenkinsLocationConfiguration.xml > ~/.jenkins/jenkins.model.JenkinsLocationConfiguration.xml
+
+# On shutdown: drain queue then stop Jenkins
+trap 'waitForFinishOfActiveJobs; kill ${pid}; exit 0;' SIGTERM
+
+# Seed plugins from ref
+cp -r /usr/share/jenkins/ref/plugins/* /root/.jenkins/plugins/ || true
+
+# Init bootstrap script
+HOME_DIR="${JENKINS_HOME:-/root/.jenkins}"
+INIT_REF="/usr/share/jenkins/ref/init.groovy.d"
+INIT_HOME="${HOME_DIR}/init.groovy.d"
+
+mkdir -p "${INIT_HOME}"
+if [ -d "${INIT_REF}" ]; then
+  # copy only if there are .groovy files; avoid failing when none exist
+  if find "${INIT_REF}" -maxdepth 1 -type f -name '*.groovy' | read _; then
+    find "${INIT_REF}" -maxdepth 1 -type f -name '*.groovy' -print -exec cp -f {} "${INIT_HOME}/" \;
+  fi
+fi
+echo "Init scripts in HOME (${INIT_HOME}):"
+ls -l "${INIT_HOME}" || true
+
+# Start Jenkins (Groovy init runs now and creates the token)
+java ${JAVA_OPTS:-} -Djenkins.install.runSetupWizard=false -jar /usr/share/jenkins/jenkins.war ${JENKINS_OPTS:-} & pid=$!
+
+# First wait: HTTP up (no auth yet)
+waitForJenkinsToStart
+echo "HTTP port ${PORT} on ${HOST} all started up.."
+
+# Wait for Groovy to finish and write the marker + token
+waitForGroovyBootstrap
+readToken
+
+# Keep PID 1 alive
+wait "${pid}"

context/jenkins/export/entrypoint-sso.sh

@@ -628,6 +628,7 @@ services:
   scheduler:
     engine: jenkins
     version: 2.176
+    number-of-executors: 4
     endpoints:
       scheduler.spryker.local:
 
@@ -836,6 +837,67 @@ docker:
 Now you can access the applications from the `{ IP address 1 }` and `{ IP address 2 }` IP addresses.
 
 
+### Per-store and per-region maintenance pages
+
+By default, all endpoints of an application share the same maintenance page located at `public/{application}/maintenance/index.html` (e.g., `public/Yves/maintenance/index.html`).
+
+You can customize the maintenance page per store or per region by placing an `index.html` file in a subdirectory named after the store or region code:
+
+```
+public/Yves/maintenance/
+├── index.html          # Default maintenance page (fallback)
+├── EU/
+│   └── index.html      # Maintenance page for EU region
+├── US/
+│   └── index.html      # Maintenance page for US region
+├── DE/
+│   └── index.html      # Maintenance page for DE store (legacy store mode)
+└── AT/
+    └── index.html      # Maintenance page for AT store (legacy store mode)
+```
+
+The same structure applies to all applications (`Backoffice`, `MerchantPortal`, `Zed`, etc.).
+
+Nginx resolves the maintenance page using the following fallback order:
+
+**Dynamic store mode** (region-based endpoints):
+1. `maintenance/{region}/index.html` — region-specific page
+2. `maintenance/index.html` — default page
+
+**Legacy store mode** (store-based endpoints):
+1. `maintenance/{store}/index.html` — store-specific page
+2. `maintenance/{region}/index.html` — region-specific page
+3. `maintenance/index.html` — default page
+
+If no store-specific or region-specific page exists, the default `maintenance/index.html` is served. The default maintenance page is required and must always be present.
+
+#### Testing maintenance pages locally
+
+To verify a maintenance page locally without changing the deploy file, follow these steps:
+
+1. Boot the environment with your deploy file:
+```bash
+docker/sdk boot {deploy file name}
+```
+
+2. Open the generated `docker/deployment/default/docker-compose.yml` and add the `SPRYKER_MAINTENANCE_MODE_ENABLED` environment variable to the `frontend` service:
+```yaml
+services:
+  frontend:
+    image: ...
+    environment:
+      SPRYKER_MAINTENANCE_MODE_ENABLED: 1
+```
+
+3. Start the environment:
+```bash
+docker/sdk up
+```
+
+4. Open Yves in a browser — the maintenance page should be displayed.
+
+> **Note:** `docker/deployment/default/docker-compose.yml` is a generated file and will be overwritten the next time `docker/sdk boot` is run. This approach is intended for temporary local testing only. Do not commit this change.
+
 
 ### docker: logs:
 * `docker: logs: path:` defines the path to the directory with Docker logs. This variable is optional. If not specified, the default value applies: `path: '/var/log/spryker`.
@@ -1083,6 +1145,7 @@ A scheduler *Service* used to run application-specific jobs periodically in the
 
 * Project-wide
   * `scheduler: engine:` - possible value is `jenkins`.
+  * `scheduler: number-of-executors:` - defines the number of executors for the Jenkins instance. The minimum supported Jenkins version is 2.516.3. This property is relevant only for local development and does not affect the Cloud setup.
   * `scheduler: endpoints:` - defines the service's port and web interface that can be accessed via given endpoints.
 
 

docs/07-deploy-file/02-deploy.file.reference.v1.md

@@ -68,6 +68,8 @@ services.*.engine:
     string-type:
 services.*.endpoints:
     array-type:
+services.scheduler.number-of-executors:
+    integer-type:
 
 # Docker
 docker.ssl.enabled:

generator/deploy-file-generator/config/validation.yml

@@ -44,7 +44,8 @@ server {
     zedHost: zedHost,
     timeout: applicationData['http']['timeout'] | default('1m'),
     project: _context,
-    regionEndpointMap: _context['regionEndpointMap'][endpointData['identifier']]
+    regionEndpointMap: _context['regionEndpointMap'][endpointData['identifier']],
+    groupRegion: groupData['region'],
 } %}
 {% endfor %}
 {% endfor %}

generator/src/templates/nginx/conf.d/frontend.default.conf.twig

@@ -56,4 +56,12 @@
         fastcgi_param SPRYKER_JENKINS_CSRF_PROTECTION_ENABLED {{ (services['scheduler']['csrf-protection-enabled'] | default(false)) ? 1 : 0 }};
 {% endblock location %}
     }
+
+    location @maintenance {
+{% if endpointData['region'] is defined %}
+        try_files /maintenance/{{ endpointData['identifier'] }}/index.html /maintenance/index.html =503;
+{% else %}
+        try_files /maintenance/{{ endpointData['identifier'] }}/index.html /maintenance/{{ groupRegion }}/index.html /maintenance/index.html =503;
+{% endif %}
+    }
 {% endblock locations %}

generator/src/templates/nginx/http/application.server.conf.twig

@@ -1,3 +1,3 @@
     error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 422 425 426 428 429 431 451 /errorpage/4xx.html;
     error_page 500 501 502 504 505 506 507 508 509 510 511 /errorpage/5xx.html;
-    error_page 503 /maintenance/index.html;
+    error_page 503 @maintenance;