feat: initial CI scaffolding and processors (#1)

Add initial processors and release please scaffolding

Author: ttschampel

.github/workflows/checks.yaml

@@ -0,0 +1,59 @@
+name: "Checks"
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  merge_group:
+    branches:
+      - main
+    types:
+      - checks_requested
+
+permissions:
+  contents: read
+
+jobs:
+  pr:
+    name: Validate PR title
+    if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name)
+    runs-on: ubuntu-22.04
+    permissions:
+      pull-requests: read
+    steps:
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  mavenverify:
+    runs-on: ubuntu-latest
+    if: always()
+    needs:
+      - pr
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Set up JDK
+        uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
+        with:
+          java-version: "21"
+          distribution: "temurin"
+          server-id: github
+      - name: Maven Verify
+        run: |
+          mvn --batch-mode clean install -DskipTests -s settings.xml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+  ci:
+    needs:
+      - mavenverify
+      - pr
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - if: contains(needs.*.result, 'failure')
+        run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1

.github/workflows/release.yaml

@@ -0,0 +1,42 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
+        with:
+          app-id: "${{ secrets.APP_ID }}"
+          private-key: "${{ secrets.AUTOMATION_KEY }}"
+      - uses: google-github-actions/release-please-action@v4
+        with:
+          token: "${{ steps.generate_token.outputs.token }}"
+          config-file: release-please.json
+          manifest-file: .release-please-manifest.json
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Set up JDK
+        uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
+        with:
+          java-version: "21"
+          distribution: "temurin"
+          server-id: github
+      - name: Publish package
+        run: mvn --batch-mode deploy -s settings.xml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.gitignore

@@ -0,0 +1,2 @@
+/.idea/
+/**/target/

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.0.0"
+}

CODEOWNERS

@@ -0,0 +1,8 @@
+# CODEOWNERS
+
+* @opentdf/nifi @opentdf/architecture
+
+## High Security Area
+
+CODEOWNERS     @opentdf/architecture @opentdf/security
+LICENSE        @opentdf/architecture

LICENSE

@@ -0,0 +1,19 @@
+# The Clear BSD License
+
+Copyright 2023 Virtru Corporation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted (subject to the limitations in the disclaimer below)
+provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+* Neither the name of Virtru Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without
+  specific prior written permission.
+NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

Makefile

@@ -0,0 +1,17 @@
+
+.PHONY: compose-package
+compose-package: nar-build
+	@echo "package for docker compose"
+	rm -rf deploy/extensions/*.nar
+	cp nifi-tdf-nar/target/*.nar deploy/extensions
+	cp nifi-tdf-controller-services-api-nar/target/*.nar deploy/extensions
+
+.PHONY: truststore-create
+truststore-create:
+	@echo "Build Truststore from *.crt in ./deploy/truststore"
+	cd ./deploy && ./build_truststore.sh
+
+.PHONY: nar-build
+nar-build:
+	@echo "Build NARs"
+	mvn clean package -s settings.xml

README.md

@@ -1,2 +1,20 @@
-# nifi
-OpenTDF NiFi Processors
+# OpenTDF NiFi
+Integration of the [OpenTDF Platform](https://github.com/opentdf/platform) into [NiFi](https://nifi.apache.org/)
+
+Components:
+* ConvertToTDF: A NiFi processor that converts FlowFile content to TDF format 
+* ConvertFromTDF: A NiFi processor that converts TDF formatted FlowFile content to it's plaintext representation
+* OpenTDFControllerService: A NiFi controller service providing OpenTDF Platform Configuration
+
+
+# Quick Start - Docker Compose
+
+1. Build the NiFi Archives (NARs) and place in the docker compose mounted volumes
+    ```shell
+    make compose-package
+    ```
+1. Start docker compose
+    ```shell
+    docker compose up
+    ```
+1. [Log into NiFi](http://localhost:18080/nifi)

deploy/build_truststore.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+TRUSTSTORE_PASSWORD=password
+
+certDir="$(pwd)/truststore"
+
+echo "import certs from $certDir"
+
+for filename in $certDir/*.crt; do
+  echo "import $filename into truststore"
+  filelocal=$(basename ${filename})
+  docker run -v $(pwd)/truststore:/keys  \
+      openjdk:latest keytool \
+      -import -trustcacerts \
+      -alias $filelocal \
+      -file keys/$filelocal \
+      -destkeystore keys/ca.jks \
+      -noprompt \
+      -deststorepass "$TRUSTSTORE_PASSWORD"
+done
+

docker-compose.yaml

@@ -0,0 +1,17 @@
+version: '3'
+services:
+  opentdf-nifi:
+    image: ghcr.io/ttschampel/nifi/nifi-1.25.0-jre17:latest
+    restart: always
+    ulimits:
+      nofile:
+        soft: 2048
+        hard: 4096
+    environment:
+      - NIFI_WEB_HTTP_PORT=8080
+    volumes:
+      - ./deploy/extensions:/opt/nifi/nifi-current/extensions #mount custom NARs
+      - ./deploy/truststore:/opt/nifi/nifi-current/truststore # mounts truststore
+      - ./deploy/custom-libs:/opt/nifi/nifi-current/custom-libs #mount additional libs
+    ports:
+      - 18080:8080/tcp