jlengrand/moderne-docs
1
0
Fork 0
mirror of https://github.com/jlengrand/moderne-docs.git synced 2026-03-10 08:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial save of docusaurus conversion

Browse Source 
Getting started docs converted

How-to guides

References

Begin CLI docs

Add cli how to guides

Moderne IDE docs

Add release docs

Update office hours

Add DX and workshops

Add admin doc getting started

Add agent config docs

Add tables for agent config

Start reporting + configure mermaid

Finish platform admin docs

Finish doc copying + remove gitbook stuff

Fix broken links

Get stuff up to date

Attempt to fix site
This commit is contained in:
Mike Solomon
2024-10-11 10:04:55 -07:00
parent 568b601763
commit 90fdba96d8
742 changed files with 31131 additions and 6157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/administrator-documentation/licensing.md Normal file
View File

@@ -0,0 +1,11 @@
# Licensing
In order to download and deploy the [Moderne Agent](#user-content-fn-1)[^1] or [Moderne DX](#user-content-fn-2)[^2], you must have a signed contract with Moderne, Inc. Your usage and deployment of the Moderne Agent and Moderne DX is bound by the terms of said contract.
Your usage of the [Moderne CLI](#user-content-fn-3)[^3] is governed by the [Moderne CLI license](../user-documentation/moderne-cli/getting-started/moderne-cli-license.md).
[^1]: On-premise component (OCI container or executable jar) for the Moderne SaaS which connects the Moderne SaaS to internal systems.
[^2]: On-premise installation of the Moderne recipe and repository catalog.
[^3]: Command-line interface used for multi-repository actions, such as running Rewrite recipes, and Git actions.

BIN
docs/administrator-documentation/moderne-dx/how-to-guides/assets/artifactory.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

BIN
docs/administrator-documentation/moderne-dx/how-to-guides/assets/maven-indexer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 146 KiB

BIN
docs/administrator-documentation/moderne-dx/how-to-guides/assets/maven-publish-index.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/administrator-documentation/moderne-dx/how-to-guides/assets/maven-publish.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

BIN
docs/administrator-documentation/moderne-dx/how-to-guides/assets/sona-tasks.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 106 KiB

208
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-organizations.md Normal file
View File

@@ -0,0 +1,208 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure Organizations with Moderne DX
Many users desire the ability to dynamically control the organizational structure (repository groupings) of their repositories within Moderne DX. There are two ways to achieve this, either by supplying DX with a file describing the organizational structure (via a `repos.csv`) or by integrating with an organization service.
In order for Moderne to obtain information about your organizational structure, you will need to configure the Moderne DX service to point to your Organizations source. This guide will explain how to do that.
#### Prerequisites
This guide assumes that:
* You are an admin of Moderne DX
* You have deployed Moderne DX in your environment
* You have already [configured Moderne DX to connect to your Artifactory instance](./configure-dx-with-artifactory-access.md)
## File based organization structure
The simplest way to achieve the organization structure is to supply a `repos.csv` file directly in DX.
That being said, there are a few downsides of file based organization structure:
- You cannot configure any [DevCenter](../../moderne-platform/how-to-guides/dev-center.md)
- Organization based access control is not available
## Generating repos.csv
If you choose to fork our Organizations service template, you will have to generate your `repos.csv` file. This file takes the following format:
| cloneUrl | branch | org1 | org2 | org3 |
|---------------|----------|---------|-------------|------|
| `https://github.com/openrewrite/rewrite-recipe-bom` | main | Open Source | ALL | |
| `https://github.com/Netflix/spectator-go` | main | Netflix | Open Source | ALL |
The organizations under `org1`, `org2`, `org3`, etc. represent the hierarchy of organizations. There is no limit to the number of organizations that can be provided via this CSV.
The above example would be used in Moderne DX to generate an organizational listing of the following:
* ALL
* Open Source
* `https://github.com/openrewrite/rewrite-recipe-bom:main`
* Netflix
* `https://github.com/Netflix/spectator-go:main`
To generate this `repos.csv`, we recommend using "[repo fetchers](https://github.com/moderneinc/moderne-organizations/blob/main/repo-fetchers/README.md)" inside our Organizations service template.
## Service based organization structure
A more feature rich replacement of the file based approach is to create an [Organizations service](../../moderne-platform/how-to-guides/organizations-service.md). This allows you to use additional features like the DevCenter, organization based access control, and per organization commit options.
### Organizations service template and API
You have two main options for building this service. You can:
1. (**Recommended**) Fork our [Organizations service template](https://github.com/moderneinc/moderne-organizations) and modify it to meet your needs. Please see the [README](https://github.com/moderneinc/moderne-organizations/blob/main/README.md) for how to spin this up quickly. It can be as simple as updating a CSV file.
2. Build your own service that fulfills the [GraphQL contract](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls) using any GraphQL stack (e.g., NodeJS, Rust, C#, etc.)
We generally recommend forking the template and modifying it as, in most cases, that will be faster and easier than building it yourself. Regardless of which one you choose, however, some developer time will be required on your end.
### Deploying the service
How you deploy the service is largely up to your company. With that being said, there are a few important things to be aware of:
* Moderne will make a request per repository to the Organizations service once every 10 minutes by default (you can change this interval in your configuration). Please ensure that you have metrics to track how this service is performing so you can adjust it over time.
* You'll want a minimum system spec of 2 CPU cores, 8 GB of memory, and at least 10 GB of persistent storage.
## DX organization structure configuration
The following table contains all of the variables/arguments you need to add to your Moderne DX service run command in order for it to interact with your organization structure data source. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne DX service guide](./dx-configuration.md).
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_ORGANIZATION_URL` | `true` | | The URL of your GraphQL service that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_REPOSCSV`. |
| `MODERNE_DX_ORGANIZATION_REPOSCSV` | `true` | | The path of your repos.csv file that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_URL`. |
| `MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS` | `false` | | The commit options used if not specified by the organization service. |
| `MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS` | `false` | `600` | Specifies how often to request your organization information. Only used when combined with `MODERNE_DX_ORGANIZATION_URL`. |
| `MODERNE_DX_ORGANIZATION_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. Only used when combined with `MODERNE_DX_ORGANIZATION_URL`. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-e MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS=Direct,Branch,Fork,PullRequest,ForkAndPullRequest \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|---------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.organization.url` | `true` | | The URL of your GraphQL service that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_REPOSCSV`. |
| `--moderne.dx.organization.reposCsv` | `true` | | The path of your repos.csv file that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_URL`. |
| `--moderne.dx.organization.defaultCommitOptions` | `false` | | The commit options used if not specified by the organization service. |
| `--moderne.dx.organization.updateIntervalSeconds` | `false` | `600` | Specifies how often to request your organization information. Only used when combined with `--moderne.dx.organization.url`. |
| `--moderne.dx.organization.skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. Only used when combined with `--moderne.dx.organization.url`. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.organization.url=http://localhost:8091 \
--moderne.dx.organization.updateIntervalSeconds=600 \
--moderne.dx.organization.defaultCommitOptions=Direct,Branch,Fork,PullRequest,ForkAndPullRequest \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Confirming it works
After starting up Moderne DX again, you can now make the following GraphQL query using the embedded GraphiQL IDE found at `https://<moderne-dx-host>:8080/graphiql`:
```graphql
query orgs {
organizations {
id
repositoriesPages {
count
edges {
node {
origin
path
branch
}
}
}
parent {
id
}
}
}
```
If you run this immediately after startup, you may get no results. Once your index operation is completed, you will get results similar to the following:
```graphql
{
"data": {
"organizations": [
{
"id": "Organization 1",
"repositoriesPages": {
"count": 2,
"edges": [
{
"node": {
"origin": "github.com",
"path": "organization/repository1",
"branch": "main"
}
},
{
"node": {
"origin": "github.com",
"path": "organization/repository2",
"branch": "main"
}
}
]
},
{
"id": "Organization 2",
"repositoriesPages": {
"count": 7,
"edges": [...]
}
},
{
"id": "Organization 3",
"repositoriesPages": {
"count": 25,
"edges": [...]
}
}
]
}
}
```
## Using Moderne DX with organizations
Once you've configured all of the above things, you can use the Moderne CLI (mod) and run the following commands:
This command will set your Moderne location to your internally-deployed Moderne DX installation:
```bash
mod config moderne edit --token=<token> --api=https://<moderne-dx-host>:8080 http://<moderne-dx-host>:8080
```
This command will ask Moderne DX for all repositories inside the organization you selected and clone them to `<path>`:
```bash
mod git clone moderne <path> <organization-id>
```
Once these are both done, your developers can now start running recipes and committing the results!

84
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-ssl.md Normal file
View File

@@ -0,0 +1,84 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure Moderne DX service with client SSL certificates
If you are configuring the Moderne DX service to connect to a service that requires a self-signed certificate to perform an HTTPS request (e.g., Maven or Artifactory) you will need to:
* Supply a KeyStore for the service to use in the `PKCS12` format at the following location: `${JAVA_HOME}/lib/security/client_keystore.p12`
* Configure the service to `skipSSL` for this service (See the [Artifactory](./configure-dx-with-artifactory-recipes.md) or [Maven](./configure-dx-with-maven-repository-access.md) service documentation)
Below are a few examples of creating the KeyStore in some common scenarios:
<Tabs>
<TabItem value="certificate-without-key" label="Certificate without key">
```bash
RUN openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys
```
</TabItem>
<TabItem value="certificate-and-key-files" label="Certificate and key files">
```bash
openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-inkey <pathtocertfolder>/cert.key \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit
```
</TabItem>
<TabItem value="certificate-and-key-in-one-file" label="Certificate and key in one file">
```bash
RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit
```
</TabItem>
</Tabs>
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
If you are running the service in an OCI container, you will need to create a new Dockerfile based on the Moderne DX service and supply the image with the KeyStore.
**Example:**
```docker
FROM moderne.azurecr.io/moderne-dev/moderne/moderne-dx:latest
USER root
COPY s2s-cert.pem ${JAVA_HOME}/lib/security/s2s-cert.pem
#Certifcate without keys
RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
Nothing else needs to happen for the executable JAR flow other than ensuring the KeyStore has been added to the following location: `${JAVA_HOME}/lib/security/client_keystore.p12`
```
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
```
</TabItem>
</Tabs>

156
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-with-artifactory-access.md Normal file
View File

@@ -0,0 +1,156 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure Moderne DX with Artifactory access: LSTs
Artifactory serves as a source of LST artifacts. This integration uses [Artifactory Query Language](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) (AQL) to identify LST artifacts.
This guide will walk you through how to configure the Moderne DX service to connect to your Artifactory instance to retrieve the list LST artifacts.
:::info
If you're wanting to configure Artifactory to support recipe artifacts, please see [this guide](./configure-dx-with-artifactory-recipes.md) instead.
:::
#### Prerequisites
* You will need a username and password for an Artifactory user that is allowed to issue the relevant AQL queries that will be configured
## Configuring the Moderne DX service
The following table contains all of the variables/arguments you need to add to your Moderne DX service run command in order for it to get LST artifacts from your Artifactory instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne DX service guide](./dx-configuration.md).
You can configure multiple Artifactory servers by including multiple entries, each with a different `{index}`. Within a given Artifactory server configuration, you can configure multiple LST query filters by including multiple entries, each with a different `{index}`.
Also, by default, LST indexing has to happen on every new installation before `mod git clone moderne` can be used against Moderne DX. For 50,000 repositories, this can take hours and be very taxing on your Artifactory or your Maven repositories. By attaching and configuring persistent storage to Moderne DX, the LST index will be maintained between deployments and restarts of the application, leading to much quicker startup times. This can be configured with the `MODERNE_DX_STORAGE_ENABLED` and `MODERNE_DX_STORAGE_PATH` vars included in the table below.
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------------------|----------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_STORAGE_ENABLED` | `true` | `false` | Enables persistent storage for the LST index. |
| `MODERNE_DX_STORAGE_PATH` | `true` | `<dx configuration directory>/storage` | The path of the LST index directory on the container or local disk. (`<dx configuration directory>`refers to the location where all configuration for DX lives, including the recipe catalog, tokens, etc. It's not configurable. |
| `MODERNE_DX_ARTIFACTORY_{index}_URL` | `true` | | The URL of your Artifactory instance. |
| `MODERNE_DX_ARTIFACTORY_{index}_USERNAME` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `MODERNE_DX_ARTIFACTORY_{index}_PASSWORD` | `true` | | The password used to connect to your Artifactory instance. |
| `MODERNE_DX_ARTIFACTORY_{index}_ASTQUERYFILTERS_{index}` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `MODERNE_DX_ARTIFACTORY_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the service to this Artifactory instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_DX_ARTIFACTORY_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to_ `true` _to skip this validation. |
| `MODERNE_DX_ARTIFACTSYNC_SINCE` | `false` | | Specifies how long in the past to sync your artifacts. Defaults to syncing all time. It is recommended to set a start date of the sync or it will try to search your entire artifactory. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_STORAGE_ENABLED=true \
-e MODERNE_DX_STORAGE_PATH=/some/storage/path \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME=admin \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD=password \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_ARTIFACTSYNC_SINCE=2024-01-01T00:00:00Z
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------------|----------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.storage.enabled` | `true` | `false` | Enables persistent storage for the LST index. |
| `--moderne.dx.storage.path` | `true` | `<dx configuration directory>/storage` | The path of the LST index directory on the container or local disk. (`<dx configuration directory>`refers to the location where all configuration for DX lives, including the recipe catalog, tokens, etc. It's not configurable. |
| `--moderne.dx.artifactory[{index}].url` | `true` | | The URL of your Artifactory instance. |
| `--moderne.dx.artifactory[{index}].username` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `--moderne.dx.artifactory[{index}].password` | `true` | | The password used to connect to your Artifactory instance. |
| `--moderne.dx.artifactory[{index}].astQueryFilters[{index}]` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `--moderne.dx.artifactory[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the service to this Artifactory instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.dx.artifactory[{index}].skipValidateConnectivity` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to_ `true` _to skip this validation. |
| `--moderne.dx.artifactSync.since` | `false` | | Specifies how long in the past to sync your artifacts. Defaults to syncing all time. It is recommended to set a start date of the sync or it will try to search your entire artifactory. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.storage.enabled=true \
---moderne.dx.storage.path=/some/storage/path \
--moderne.dx.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.dx.artifactory[0].username=admin \
--moderne.dx.artifactory[0].password=password \
--moderne.dx.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.dx.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
--moderne.dx.artifactSync.since=2024-01-01T00:00:00Z \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Confirming it works
After starting up Moderne DX, it will then ask your artifact repository for LST artifacts. This process can take several minutes. You can test it worked by making the following GraphQL query using `https://<moderne-dx-host>:8080/graphiql`:
```graphql
query orgs {
organizations {
id
repositoriesPages {
count
edges {
node {
origin
path
branch
}
}
}
parent {
id
}
}
}
```
If you run this immediately after startup, you may get no results. Once your index operation is completed, you will get results similar to the following:
```graphql
{
"data": {
"organizations": [
{
"id": "All",
"name": "All",
"repositoriesPages": {
"count": 2,
"edges": [
{
"node": {
"origin": "github.com",
"path": "organization/repository1",
"branch": "main"
}
},
{
"node": {
"origin": "github.com",
"path": "organization/repository2",
"branch": "main"
}
}
]
}
}
]
}
}
```
:::info
Note that if you set up an [organization integration](./configure-dx-organizations.md), the returned results from this query will be organized into **organizations** rather than **repositories**.
:::

80
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-with-artifactory-recipes.md Normal file
View File

@@ -0,0 +1,80 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure Moderne DX with Artifactory access: recipes
In order for Moderne DX to interact with your recipe artifacts from Artifactory, you will need to create a Maven formatted repository inside of Artifactory and point the Moderne DX service to said repository. This guide will walk you through how to configure the Moderne DX service to get the list of recipe artifacts from the repository you created in Artifactory.
## Publishing recipe artifacts
Recipe artifacts will automatically be picked up by Moderne so long as you set the recipe source flag to true in the below [configuration step](#configuring-the-moderne-dx-service).
## Configuring the Moderne DX service
The following table contains all of the variables/arguments you need to add to your Moderne DX service run command in order for it to get recipe artifacts from your Maven formatted repository inside of Artifactory. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne DX service guide](./dx-configuration.md).
You can configure multiple Maven formatted repositories by including multiple entries, each with a different `{index}`.
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository inside of Artifactory. |
| `MODERNE_DX_MAVEN_{index}_ASTSOURCE` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. Defaults to `true` but you should set this to `false` (Note: LSTs used to be called ASTs). |
| `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where Maven index files will be downloaded to. This is on the disk where the service is being run and **not** in Artifactory. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` configured. |
| `MODERNE_DX_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_DX_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_DX_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_DX_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_DX_MAVEN_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_ASTSOURCE=false \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME=admin \
-e MODERNE_DX_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.maven[{index}].url` | `true` | | The URL of your Maven repository inside of Artifactory. |
| `--moderne.dx.maven[{index}].astSource` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. Defaults to `true` but you should set this to `false` (Note: LSTs used to be called ASTs). |
| `--moderne.dx.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where Maven index files will be downloaded to. This is on the disk where the service is being run and **not** in Artifactory. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` configured. |
| `--moderne.dx.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.dx.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.dx.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.dx.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.dx.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.dx.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.dx.maven[{index}].skipValidateConnectivity` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].astSource=false \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.maven[0].username=admin \
--moderne.dx.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>

136
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-with-maven-repository-access.md Normal file
View File

@@ -0,0 +1,136 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure Moderne DX with Maven repository access
In order for Moderne DX to get the list of your [Lossless Semantic Tree](../../moderne-platform/references/lossless-semantic-trees.md) (LST) and recipe artifacts, the service needs to be configured to talk to your Maven-formatted artifact repositories. There are a variety of services that support repositories in this format. Some examples include [JFrog Artifactory](https://jfrog.com/artifactory/), [Sonatype Nexus](https://www.sonatype.com/products/nexus-repository), and [Azure Artifacts](https://azure.microsoft.com/en-us/services/devops/artifacts/).
:::info
If your company has a rule that any externally-hosted JARs (e.g., Maven Central) be brought into an internal Maven repository (e.g., Artifactory) and scanned before being used, the instructions in this doc **must** be followed. Furthermore, [please ensure that you point DX to your internal Maven repository and that the OpenRewrite JARs and dependencies are included in said repository](./configure-dx-with-strict-recipe-sources.md).
:::
This guide will explain how to:
* [Configure your artifact service to support LST and recipes artifacts](#publishing-lst-artifacts)
* [Configure the Moderne DX service to connect to any service that supports Maven-formatted repositories](#configuring-the-moderne-dx-service)
#### Prerequisites
* You might need a username and password for a user that is allowed to resolve artifacts.
:::info
In many organizations, artifact resolution is unauthenticated while artifact publishing is authenticated. If artifact resolution is unauthenticated, you may omit the username/password configuration in the [Configuration step](#configuring-the-moderne-dx-service).
:::
## Publishing LST artifacts
### Configure the Maven Indexer
In order to publish LST artifacts, the artifact registry must be regularly updated with an index in the [Maven Indexer](https://maven.apache.org/maven-indexer/) format. The frequency with which the index is updated is an approximation of the time it will take for an LST that is published to your artifact repository to show up in Moderne. You will need to decide where the border is between faster publishing and the load required on your Artifactory instance.
Please follow the below instructions to configure the indexer for your Maven formatted repository:
<Tabs>
<TabItem value="artifactory" label="Artifactory">
:::warning
If you are using Artifactory to publish LST artifacts, it is _highly_ recommended that you follow the instructions in the [configuring an agent with Artifactory doc](configure-dx-with-artifactory-access.md) instead as that will result in faster artifact consumption while also avoiding substantial load on your Artifactory instance. The following instructions should only be followed if you can not use [AQL](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) for some reason.
:::
In Artifactory, select the `Artifactory` link on the left nav and then select `Maven Indexer` under Services:
![](./assets/artifactory.png)
For a repository to be a source of LSTs, it must be included in the list of repositories that are indexed:
![](./assets/maven-indexer.png)
</TabItem>
<TabItem value="nexus-repository" label="Nexus Repository">
Under the administration view, select `Tasks` on the left nav:
![](./assets/sona-tasks.png)
Select `Create task` and create a `Maven - Publish Maven Indexer files` task:
![](./assets/maven-publish.png)
Select the repository that will serve LST artifacts and specify a frequency with which this index should be updated:
![](./assets/maven-publish-index.png)
</TabItem>
</Tabs>
## Publishing recipe artifacts
Recipe artifacts will be available for the Moderne CLI to download so long as you set the recipe source flag to true in the below [configuration step](#configuring-the-moderne-dx-service).
## Configuring the Moderne DX service
The following table contains all of the variables/arguments you need to add to the Moderne DX service's run command in order for it to get the list of LST and recipe artifacts from your Maven formatted repository. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne DX service guide](./dx-configuration.md).
You can configure multiple Maven formatted repositories by including multiple entries, each with a different `{index}`.
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository. |
| `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` configured. |
| `MODERNE_DX_MAVEN_{index}_ASTSOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts. (Note: LSTs used to be called ASTs). |
| `MODERNE_DX_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_DX_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_DX_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_DX_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_DX_MAVEN_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME=admin \
-e MODERNE_DX_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.maven[{index}].url` | `true` | | The URL of your Maven repository. |
| `--moderne.dx.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `--moderne.dx.maven[{index}].localRepository` configured. |
| `--moderne.agent.maven[{index}].astSource` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts. (Note: LSTs used to be called ASTs). |
| `--moderne.dx.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.dx.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.dx.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.dx.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.dx.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.dx.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.dx.maven[{index}].skipValidateConnectivity` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.maven[0].username=admin \
--moderne.dx.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>

61
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-with-on-prem-scm.md Normal file
View File

@@ -0,0 +1,61 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure on-prem source code management (SCM) with Moderne DX
In order for Moderne DX to correctly map repository clone URLs to the right origin and path you will need to provide the base URL(s) for your SCM server. For SaaS SCM services like GitHub, GitLab, Bitbucket (cloud) and AzureDevOps no extra configuration is required. For on-prem SCM servers, though, you will need to provide Moderne with additional information. Specifically the type, base URL, and any alternate URLs that are used to access the server.
## Configuring the Moderne DX service
The following table contains all of the variables/arguments you need to add to your Moderne DX service run command in order for it to correctly map and match the origins from different clone URLs. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne DX service guide](dx-configuration.md).
You can configure multiple SCM servers by including multiple entries, each with a different `{index}`.
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|--------------------------------------------------------------|----------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_SCM_{index}_BASEURL` | `true` | | The primary URL of your SCM server. This URL will be used as the origin. |
| `MODERNE_DX_SCM_{index}_TYPE` | `true` | | Specifies the type of the SCM server (case insensitive). Choose between: `GitHub, GitLab, Bitbucket, BitbucketCloud, AzureDevOps`. |
| `MODERNE_DX_SCM_{index}_ALTERNATEURLS_{alternate_url_index}` | `true` | | One or more alternate URLs (each with a different `{alternate_url_index}`) which point to the same server. Use this to specify all the protocol and port combinations that can be used to reach the same server. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_SCM_0_BASEURL=https://bitbucket.example.com/stash \
-e MODERNE_DX_SCM_0_TYPE=Bitbucket \
-e MODERNE_DX_SCM_0_ALTERNATEURLS_0=ssh://bitbucket.example.com:7999 \
-e MODERNE_DX_SCM_0_ALTERNATEURLS_1=http://bitbucket.example.com:8080/stash \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------------------|----------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.scm[{index}].baseUrl` | `true` | | The primary URL of your SCM server. This URL will be used as the origin. |
| `--moderne.dx.scm[{index}].type` | `true` | | Specifies the type of the SCM server (case insensitive). Choose between: `GitHub, GitLab, Bitbucket, BitbucketCloud, AzureDevOps`. |
| `--moderne.dx.scm[{index}].alternateUrls[{alternate_url_index}]` | `true` | | One or more alternate URLs (each with a different `{alternate_url_index}`) which point to the same server. Use this to specify all the protocol and port combinations that can be used to reach the same server. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.scm[0].baseUrl=https://bitbucket.example.com/stash \
--moderne.dx.scm[0].type=Bitbucket \
--moderne.dx.scm[0].alternateUrls[0]=ssh://bitbucket.example.com:7999 \
--moderne.dx.scm[0].alternateUrls[1]=http://bitbucket.example.com:8080/stash \
# ... Additional arguments
```
</TabItem>
</Tabs>

102
docs/administrator-documentation/moderne-dx/how-to-guides/configure-dx-with-strict-recipe-sources.md Normal file
View File

@@ -0,0 +1,102 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure Moderne DX with strict recipe sources
The Moderne CLI is configured to use the following Maven repositories to load recipe artifacts from in the event the Moderne DX service has not been configured with any recipe sources or if a recipe artifact cannot be sourced from what is configured.
```xml
<repository>
<id>maven-central-explicit</id>
<url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>oss-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>artifact-registry</id>
<url>https://us-west1-maven.pkg.dev/moderne-dev/moderne-recipe</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>jitpack</id>
<url>https://jitpack.io</url>
<releases>
<enabled>true</enabled>
</releases>
</repository>
```
This fallback behavior can be disabled using recipe configuration. If the Moderne DX service is configured with this setting then recipes will only be sourced by what this service defines.
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|----------------------------------------------|--------------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `MODERNE_DX_RECIPE_USEONLYCONFIGURED` | `true` | | Only use the recipe sources configured in the service. |
| `MODERNE_DX_RECIPE_POMCACHE_TYPE` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `MODERNE_DX_RECIPE_POMCACHE_ENTRYTTLMINUTES` | `false` | | How long entries should live in the POM cache. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_HOST` | `true` (If the POM cache type is set to `REDIS`) | | The URL of the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_PORT` | `true` (If the POM cache type is set to `REDIS`) | | The port number of the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_USERNAME` | `false` | | The username needed to authenticate to the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_PASSWORD` | `false` | | The password needed to authenticate with the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_SSL` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_DATABASE` | `false` | | The Redis DB index. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_RECIPE_USEONLYCONFIGURED=true \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|------------------------------------------------|--------------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `--moderne.dx.recipe.useOnlyConfigured` | `true` | | Only use the recipe sources configured in the service. |
| `--moderne.dx.recipe.pomCache.type` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `--moderne.dx.recipe.pomCache.entryTtlMinutes` | `false` | | How long entries should live in the POM cache. |
| `--moderne.dx.recipe.pomCache.redis.host` | `true` (If the POM cache type is set to `REDIS`) | | The URL of the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.port` | `true` (If the POM cache type is set to `REDIS`) | | The port number of the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.username` | `false` | | The username needed to authenticate to the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.password` | `false` | | The password needed to authenticate with the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.ssl` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.database` | `false` | | The Redis DB index. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.recipe.useOnlyConfigured=true \
# ... Additional arguments
```
</TabItem>
</Tabs>

41
docs/administrator-documentation/moderne-dx/how-to-guides/deploying-recipe-artifacts-in-moderne-dx.md Normal file
View File

@@ -0,0 +1,41 @@
# Deploying recipe artifacts in Moderne DX
## Deploy using the Moderne GraphQL API
To deploy recipe artifacts using Moderne DX's GraphQL API, you can make a GraphQL mutation using `https://<moderne-dx-host>:8080/graphql` similar to the following (or issue the request through the UI at `https://<moderne-dx-host>:8080/graphiql`).
```graphql
mutation loadRecipes {
loadRecipes(
groupId: "org.openrewrite.recipe"
artifactId: "rewrite-spring"
version: "LATEST"
) {
id
}
}
```
In order to execute GraphQL mutations, it is required that an `Authorization` HTTP header be included in the request. You can set the header value in GraphiQL's _Headers_ tab as a JSON object:
```bash
{"Authorization": "Bearer <access token used to configure DX>"}
```
:::info
Postman has a brief primer on how to issue GraphQL requests [here](https://learning.postman.com/docs/sending-requests/graphql/graphql-http/).
:::
## Deploy using the Moderne CLI
To deploy recipe artifacts into Moderne DX, you must first install the recipe artifacts into the local CLI recipe marketplace. The following command downloads OpenRewrite's rewrite-spring recipes artifact from a pre-configured list of artifact repositories such as https://repo.maven.apache.org/maven2.
```bash
mod config recipes jar install org.openrewrite.recipe.rewrite-spring.LATEST
```
Next, upload all recipe artifacts from the local CLI marketplace to Moderne DX using the command:
```bash
mod config recipes moderne push
```

472
docs/administrator-documentation/moderne-dx/how-to-guides/dx-configuration.md Normal file
View File

@@ -0,0 +1,472 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configuring Moderne DX
Moderne DX is a secure, fully on-premises, enterprise-level automated code remediation solution. At its heart is a central service that must be configured for everything to work correctly. This guide will walk you through how to do that.
## Moderne DX setup instructions
### Step 1: Determine how you will run the service
There are two ways you can run the DX service:
1. You can use Java to run a Spring Boot executable JAR
2. You can create a Docker image that downloads and runs the executable JAR
:::info
Regardless of which option you pick, we recommend that you dedicate a minimum of 2 CPU cores, 8 GB of memory, and at least 10 GB of persistent storage.
:::
[Moderne DX can be found on Maven Central](https://central.sonatype.com/artifact/io.moderne/moderne-dx/versions). From there, you can select the latest version and download the appropriate JAR to either run or to configure your image with.
If you deploy to Kubernetes or any other containerized environment like AWS ECS, you'll want to create a Docker image to run the service.
If you deploy to a [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service) environment such Cloud Foundry, you'll want to use the JAR to run the service.
The table below provides some core information for running the service. However, in order for the service to function correctly, additional variables will need to be added based on your environment (such as what artifact repositories you have configured, and whether or not you've configured an [Organizations service](../../moderne-platform/how-to-guides/organizations-service.md)). We'll walk through each of those in the following steps.
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
**How to build the Docker image**
```bash
docker build -t moderne-dx:latest .
```
**How to run the image with an environment file**
```bash
docker run --env-file=moderne-dx.env moderne-dx:latest
```
**How to run the image with command line arguments**
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_DX_TOKEN_0 \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME \
-e MODERNE_DX_MAVEN_0_PASSWORD \
# ... Additional variables to come
-p 8080:8080
moderne-dx:latest
```
**Example Dockerfile**
:::info
You are responsible for creating this Dockerfile and your own base image. It is your responsibility to keep this up-to-date when vulnerabilities arise. The below one is a suggestion for getting started - but yours will differ from this as it should point to and use your own tools and services.
:::
```docker
FROM eclipse-temurin:17-jdk
RUN apt-get update && apt-get install -y libxml2-utils
# Set the environment variable MODERNE_DX_VERSION
ARG MODERNE_DX_VERSION
ENV MODERNE_DX_VERSION=${MODERNE_DX_VERSION}
WORKDIR /app
USER root
RUN groupadd -r app && useradd --no-log-init -r -m -g app app && chown -R app:app /app
USER app
# Download the specified version of moderne-dx JAR file if MODERNE_DX_VERSION is provided,
# otherwise download the latest version
RUN if [ -n "${MODERNE_DX_VERSION}" ]; then \
echo "Downloading version: ${MODERNE_DX_VERSION}"; \
curl -s --insecure --request GET --url "https://repo1.maven.org/maven2/io/moderne/moderne-dx/${MODERNE_DX_VERSION}/moderne-dx-${MODERNE_DX_VERSION}.jar" --output dx.jar; \
else \
LATEST_VERSION=$(curl -s --insecure --request GET --url "https://repo1.maven.org/maven2/io/moderne/moderne-dx/maven-metadata.xml" | xmllint --xpath 'string(/metadata/versioning/latest)' -); \
if [ -z "${LATEST_VERSION}" ]; then \
echo "Failed to get latest version"; \
exit 1; \
fi; \
echo "Downloading latest version: ${LATEST_VERSION}"; \
curl -s --insecure --request GET --url "https://repo1.maven.org/maven2/io/moderne/moderne-dx/${LATEST_VERSION}/moderne-dx-${LATEST_VERSION}.jar" --output dx.jar; \
fi
ENTRYPOINT ["java"]
CMD ["-XX:-OmitStackTraceInFastThrow", "-XX:MaxRAMPercentage=65.0", "-XX:MaxDirectMemorySize=2G", "-XX:+HeapDumpOnOutOfMemoryError", "-XX:+UseStringDeduplication", "-jar", "/app/dx.jar"]
EXPOSE 8080
```
**Example environment variables file**
```bash
MODERNE_DX_TOKEN_0=${MODERNE_TOKEN}
MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/
MODERNE_DX_ARTIFACTORY_0_USERNAME=${ARTIFACTORY_USER}
MODERNE_DX_ARTIFACTORY_0_PASSWORD=${ARTIFACTORY_PASSWORD}
MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}'
MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}'
MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local
MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven
MODERNE_DX_MAVEN_0_USERNAME=${MAVEN_USER}
MODERNE_DX_MAVEN_0_PASSWORD=${MAVEN_PASSWORD}
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**How to run the service:**
Use `java` to run a jar in combination with arguments that you'll add in the subsequent steps. The final command will look similar to:
```bash
java -jar moderne-dx-{version}.jar \
# ... Additional arguments explained in the following steps
```
</TabItem>
</Tabs>
### Step 2: Configure the service to connect to your artifact repositories
The Moderne DX service needs to connect to your artifact repositories for two reasons:
1. To obtain information about your [LST](../../moderne-platform/references/lossless-semantic-trees.md) artifacts so that the CLI can list and potentially grab them.
2. To obtain your recipe artifacts (if any exist). These recipe artifacts contain custom recipes, defined by your team, that perform transformations against your LST artifacts.
Your company might have many artifact repositories, potentially in different products, that you wish to connect the Moderne DX service to. Each of these artifact repositories could contain LST artifacts, recipe artifacts, or a combination of both. The setup instructions differ based on what product you use to store your artifact repositories and what artifacts you wish to send to Moderne.
:::info
The Moderne DX service can only talk to _Maven formatted_ artifact repositories. There are a variety of open-source and commercial products that exist that can serve artifacts in this format (such as [Artifactory](https://jfrog.com/artifactory/) and [Sonatype Nexus](https://www.sonatype.com/products/nexus-repository)). A single instance of one of these products may contain multiple Maven repositories.
:::
Moderne offers two options for connecting to your artifact repository: a generic Maven connection that can connect to any Maven formatted repository regardless of vendor and an Artifactory-specific connection that is optimized to serve LST artifacts more quickly.
If you _do not_ plan on using Artifactory to store LST or recipe artifacts, please follow the [Maven repository configuration instructions](./configure-dx-with-maven-repository-access.md) and then jump to [Step 4](#step-4-optionally-configure-an-organization-structure).
If you _do_ plan on using Artifactory to store artifacts, you have two options:
1. Use the [Artifactory LST configuration instructions](./configure-dx-with-artifactory-access.md) to set up a connection that gets the list of LST artifacts. Then, if you plan on creating custom recipes, you would follow the [Artifactory recipe configuration instructions](./configure-dx-with-artifactory-recipes.md) to set up a connection in Artifactory to serve recipe artifacts. **(recommended)**
2. Use the [Maven repository configuration instructions](./configure-dx-with-maven-repository-access.md) to set up a connection that serves both LST artifacts and recipe artifacts to Moderne. This is not recommended as LST artifacts will have a considerable delay between being published and being available in the CLI. However, if for some reason you can not use AQL queries, this approach is necessary.
The below table shows the key differences between the two types of configuration:
| **Maven repository configuration** | **Artifactory repository configuration** |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Is not tied to a particular vendor. | Can only be used with Artifactory. |
| Serves BOTH recipe artifacts and LST artifacts. | Serves ONLY LST artifacts. Requires Maven configuration to serve recipe artifacts. |
| Recipe artifacts are immediately available for [deployment to Moderne](../../moderne-platform/how-to-guides/importing-external-recipes.md) upon publishing to the Maven formatted repository. | Can not serve recipe artifacts without Maven configuration. |
| LST artifacts may be served if an index in the [Maven Indexer](https://maven.apache.org/maven-indexer/) format is regularly published to the repository. There will be a considerable delay between when an LST is published to the Maven repository and when it is available in the Moderne CLI. This delay is approximately the delay between updates to the index which is controlled by a batch process that your artifact repository executes on a schedule. | LST artifacts will be available in near-real time (within a minute or two) in the Moderne CLI when they are published to Artifactory. This is because Artifactory configuration uses [Artifactory Query Language](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) (AQL) to identify recently published artifacts. AQL queries Artifactory's internal relational database for information about artifacts rather than using an index produced in a batch process. |
Please ensure you've followed either the [Maven](./configure-dx-with-maven-repository-access.md) or [Artifactory](./configure-dx-with-artifactory-access.md) instructions before continuing.
Below is an example of what the Moderne DX service run command might look like at the end of this step.
:::tip
`token[N]` / `TOKEN_N` is used to specify one or more tokens that can be used by admins.
:::
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_DX_TOKEN_0 \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME \
-e MODERNE_DX_MAVEN_0_PASSWORD \
# ... Additional variables to come
-p 8080:8080
moderne-dx:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.dx.token[0]=...
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
java -jar moderne-dx-{version}.jar \
--moderne.dx.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.dx.artifactory[0].astQueryFilters[0]='"name":{"$match":"*-ast.jar"}' \
--moderne.dx.artifactory[0].astQueryFilters[1]='"repo":{"$eq":"example-maven"}' \
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
# ... Additional arguments to come
```
</TabItem>
</Tabs>
### Step 3: Set up Moderne DX License
In order for your developers to run recipes using the CLI, they will need a license. Moderne DX provides a convenient mechanism for distributing license keys. Moderne will send a license key to your admin, and you will provide that license key to DX's startup configuration. When CLI users configure the DX connection with `mod config moderne edit`, the CLI will retrieve the license from Moderne DX.
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
```bash
export MODERNE_DX_LICENSEKEY=...
docker run \
# ... other arguments
-e MODERNE_DX_LICENSEKEY
# ... Additional variables to come
-p 8080:8080
moderne-dx:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.dx.licenseKey=...
export MODERNE_DX_LICENSEKEY=...
java -jar moderne-dx-{version}.jar \
# ... other arguments
```
</TabItem>
</Tabs>
### Step 4: (Optionally) Configure an organization structure
Many organizations desire the ability to control the organizational structure of their repositories within the Moderne Platform in a dynamic way. To facilitate this need, Moderne provides two approaches: a file-based one or a service-based one (where you configure an Organizations service that is hosted inside of your environment).
If you want to set up this integration, please [follow the instructions in our configuring Organizations with Moderne DX doc](./configure-dx-organizations.md).
Below is an example of what the Moderne DX service run command might look like at the end of this step if you set up the Organizations service.
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
```bash
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_DX_TOKEN_0 \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME \
-e MODERNE_DX_MAVEN_0_PASSWORD \
-e MODERNE_DX_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-e MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS=PullRequest,Branch,Direct \
# ... Additional variables to come
-p 8080:8080
moderne-dx:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.dx.token[0]=...
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
java -jar moderne-dx-{version}.jar \
--moderne.dx.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.dx.artifactory[0].astQueryFilters[0]='"name":{"$match":"*-ast.jar"}' \
--moderne.dx.artifactory[0].astQueryFilters[1]='"repo":{"$eq":"example-maven"}' \
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.organization.url=http://localhost:8091 \
--moderne.dx.organization.updateIntervalSeconds=600 \
--moderne.dx.organization.defaultCommitOptions=PullRequest,Branch,Direct \
```
</TabItem>
</Tabs>
### Step 5: (Optionally) Use strict recipe sources.
Some organizations want recipe artifacts to only come from locations configured in the Moderne DX service. If you want to configure that, please follow the [strict recipe sources instructions](./configure-dx-with-strict-recipe-sources.md).
Below is an example of what the Moderne DX service run command might look like at the end of this step if you configured the service to use only configured recipe sources.
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_DX_TOKEN_0 \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME \
-e MODERNE_DX_MAVEN_0_PASSWORD \
-e MODERNE_DX_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-e MODERNE_DX_RECIPE_USEONLYCONFIGURED=true \
-e MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS=PullRequest,Branch,Direct \
-p 8080:8080
moderne-dx:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.dx.token[0]=...
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
java -jar moderne-dx-{version}.jar \
--moderne.dx.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.dx.artifactory[0].astQueryFilters[0]='"name":{"$match":"*-ast.jar"}' \
--moderne.dx.artifactory[0].astQueryFilters[1]='"repo":{"$eq":"example-maven"}' \
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.organization.url=http://localhost:8091 \
--moderne.dx.organization.updateIntervalSeconds=600 \
--moderne.dx.organization.defaultCommitOptions=PullRequest,Branch,Direct \
--moderne.dx.recipe.useOnlyConfigured=true
```
</TabItem>
</Tabs>
### Step 6: (Optionally) Provide SSL client keystore
If you have configured any services that require client SSL certificates (such as Maven or Artifactory), you will need to provide a KeyStore with these certificates. Please see the [configure DX with SSL certificate instructions](./configure-dx-ssl.md).
### Step 7: Run the service
At this point, you should have configured everything needed to run the Moderne DX service. If you run into issues running the command, please don't hesitate to reach out.
Below is a table that has instructions for how to run the service in combination with some examples of the variables/arguments provided in the previous steps:
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
1. Rebuild your Docker image with the latest JAR and any other changes you need to make.
2. Run the `docker run` command in combination with all of the environment variables you've added in the previous steps:
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_DX_TOKEN_0 \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME \
-e MODERNE_DX_MAVEN_0_PASSWORD \
-e MODERNE_DX_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-e MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS=PullRequest,Branch,Direct \
-p 8080:8080
moderne-dx:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
Use `java` to run a jar in combination with arguments that you've added in the previous steps:
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.dx.token[0]=...
export MODERNE_DX_TOKEN_0=...
export MODERNE_DX_ARTIFACTORY_0_USERNAME=...
export MODERNE_DX_ARTIFACTORY_0_PASSWORD=...
export MODERNE_DX_MAVEN_0_USERNAME=...
export MODERNE_DX_MAVEN_0_PASSWORD=...
java -jar moderne-dx-{version}.jar \
--moderne.dx.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.dx.artifactory[0].astQueryFilters[0]='"name":{"$match":"*-ast.jar"}' \
--moderne.dx.artifactory[0].astQueryFilters[1]='"repo":{"$eq":"example-maven"}' \
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.organization.url=http://localhost:8091 \
--moderne.dx.organization.updateIntervalSeconds=600 \
--moderne.dx.organization.defaultCommitOptions=PullRequest,Branch,Direct \
```
* Note: System properties can be used in place of arguments. For example, you can use `-Dmoderne.dx.token={token_value}` as an argument instead of `--moderne.dx.token={token_value}`.
</TabItem>
</Tabs>
## Updating your service
If you want to update the Moderne DX service over time, please follow the instructions in the table below:
<Tabs groupId="dx-type">
<TabItem value="docker-image" label="Docker image">
Update your Dockerfile to contain the [latest DX JAR](https://central.sonatype.com/artifact/io.moderne/moderne-dx/versions). Then rebuild your Docker image and restart your Docker instance by running the `docker run ...` command again.
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
To update your version of the Executable JAR, change the `{version}` in `java -jar moderne-dx-{version}.jar` to be the [latest DX JAR](https://central.sonatype.com/artifact/io.moderne/moderne-dx/versions).
</TabItem>
</Tabs>

365
docs/administrator-documentation/moderne-dx/how-to-guides/dx-variables.md Normal file
View File

@@ -0,0 +1,365 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# All DX configuration variables
This document includes all of the variables you can configure the Moderne agent to run with. Your configuration will only use some of these.
## Maven repository access variables
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository. |
| `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` configured. |
| `MODERNE_DX_MAVEN_{index}_ASTSOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts. (Note: LSTs used to be called ASTs). |
| `MODERNE_DX_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_DX_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_DX_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_DX_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_DX_MAVEN_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME=admin \
-e MODERNE_DX_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.maven[{index}].url` | `true` | | The URL of your Maven repository. |
| `--moderne.dx.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `--moderne.dx.maven[{index}].localRepository` configured. |
| `--moderne.agent.maven[{index}].astSource` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts. (Note: LSTs used to be called ASTs). |
| `--moderne.dx.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.dx.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.dx.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.dx.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.dx.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.dx.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.dx.maven[{index}].skipValidateConnectivity` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.maven[0].username=admin \
--moderne.dx.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Artifactory LST variables
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------------------|----------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_STORAGE_ENABLED` | `true` | `false` | Enables persistent storage for the LST index. |
| `MODERNE_DX_STORAGE_PATH` | `true` | `<dx configuration directory>/storage` | The path of the LST index directory on the container or local disk. (`<dx configuration directory>`refers to the location where all configuration for DX lives, including the recipe catalog, tokens, etc. It's not configurable. |
| `MODERNE_DX_ARTIFACTORY_{index}_URL` | `true` | | The URL of your Artifactory instance. |
| `MODERNE_DX_ARTIFACTORY_{index}_USERNAME` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `MODERNE_DX_ARTIFACTORY_{index}_PASSWORD` | `true` | | The password used to connect to your Artifactory instance. |
| `MODERNE_DX_ARTIFACTORY_{index}_ASTQUERYFILTERS_{index}` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `MODERNE_DX_ARTIFACTORY_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the service to this Artifactory instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_DX_ARTIFACTORY_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to_ `true` _to skip this validation. |
| `MODERNE_DX_ARTIFACTSYNC_SINCE` | `false` | | Specifies how long in the past to sync your artifacts. Defaults to syncing all time. It is recommended to set a start date of the sync or it will try to search your entire artifactory. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_STORAGE_ENABLED=true \
-e MODERNE_DX_STORAGE_PATH=/some/storage/path \
-e MODERNE_DX_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_DX_ARTIFACTORY_0_USERNAME=admin \
-e MODERNE_DX_ARTIFACTORY_0_PASSWORD=password \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_DX_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_DX_ARTIFACTSYNC_SINCE=2024-01-01T00:00:00Z
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------------|----------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.storage.enabled` | `true` | `false` | Enables persistent storage for the LST index. |
| `--moderne.dx.storage.path` | `true` | `<dx configuration directory>/storage` | The path of the LST index directory on the container or local disk. (`<dx configuration directory>`refers to the location where all configuration for DX lives, including the recipe catalog, tokens, etc. It's not configurable. |
| `--moderne.dx.artifactory[{index}].url` | `true` | | The URL of your Artifactory instance. |
| `--moderne.dx.artifactory[{index}].username` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `--moderne.dx.artifactory[{index}].password` | `true` | | The password used to connect to your Artifactory instance. |
| `--moderne.dx.artifactory[{index}].astQueryFilters[{index}]` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `--moderne.dx.artifactory[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the service to this Artifactory instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.dx.artifactory[{index}].skipValidateConnectivity` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to_ `true` _to skip this validation. |
| `--moderne.dx.artifactSync.since` | `false` | | Specifies how long in the past to sync your artifacts. Defaults to syncing all time. It is recommended to set a start date of the sync or it will try to search your entire artifactory. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.storage.enabled=true \
---moderne.dx.storage.path=/some/storage/path \
--moderne.dx.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.dx.artifactory[0].username=admin \
--moderne.dx.artifactory[0].password=password \
--moderne.dx.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.dx.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
--moderne.dx.artifactSync.since=2024-01-01T00:00:00Z \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Artifactory recipe variables
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository inside of Artifactory. |
| `MODERNE_DX_MAVEN_{index}_ASTSOURCE` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. Defaults to `true` but you should set this to `false` (Note: LSTs used to be called ASTs). |
| `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where Maven index files will be downloaded to. This is on the disk where the service is being run and **not** in Artifactory. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` configured. |
| `MODERNE_DX_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_DX_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_DX_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_DX_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_DX_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_DX_MAVEN_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_DX_MAVEN_0_ASTSOURCE=false \
-e MODERNE_DX_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_DX_MAVEN_0_USERNAME=admin \
-e MODERNE_DX_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.maven[{index}].url` | `true` | | The URL of your Maven repository inside of Artifactory. |
| `--moderne.dx.maven[{index}].astSource` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. Defaults to `true` but you should set this to `false` (Note: LSTs used to be called ASTs). |
| `--moderne.dx.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where Maven index files will be downloaded to. This is on the disk where the service is being run and **not** in Artifactory. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different `MODERNE_DX_MAVEN_{index}_LOCALREPOSITORY` configured. |
| `--moderne.dx.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.dx.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.dx.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.dx.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.dx.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.dx.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.dx.maven[{index}].skipValidateConnectivity` | `false` | `false` | By default, on DX startup, we validate that it can connect to the configured resource, and fail to start up the DX if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.dx.maven[0].astSource=false \
--moderne.dx.maven[0].localRepository=~/.moderne-maven \
--moderne.dx.maven[0].username=admin \
--moderne.dx.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>
## On-prem SCM variables
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|--------------------------------------------------------------|----------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_SCM_{index}_BASEURL` | `true` | | The primary URL of your SCM server. This URL will be used as the origin. |
| `MODERNE_DX_SCM_{index}_TYPE` | `true` | | Specifies the type of the SCM server (case insensitive). Choose between: `GitHub, GitLab, Bitbucket, BitbucketCloud, AzureDevOps`. |
| `MODERNE_DX_SCM_{index}_ALTERNATEURLS_{alternate_url_index}` | `true` | | One or more alternate URLs (each with a different `{alternate_url_index}`) which point to the same server. Use this to specify all the protocol and port combinations that can be used to reach the same server. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_SCM_0_BASEURL=https://bitbucket.example.com/stash \
-e MODERNE_DX_SCM_0_TYPE=Bitbucket \
-e MODERNE_DX_SCM_0_ALTERNATEURLS_0=ssh://bitbucket.example.com:7999 \
-e MODERNE_DX_SCM_0_ALTERNATEURLS_1=http://bitbucket.example.com:8080/stash \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------------------|----------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.scm[{index}].baseUrl` | `true` | | The primary URL of your SCM server. This URL will be used as the origin. |
| `--moderne.dx.scm[{index}].type` | `true` | | Specifies the type of the SCM server (case insensitive). Choose between: `GitHub, GitLab, Bitbucket, BitbucketCloud, AzureDevOps`. |
| `--moderne.dx.scm[{index}].alternateUrls[{alternate_url_index}]` | `true` | | One or more alternate URLs (each with a different `{alternate_url_index}`) which point to the same server. Use this to specify all the protocol and port combinations that can be used to reach the same server. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.scm[0].baseUrl=https://bitbucket.example.com/stash \
--moderne.dx.scm[0].type=Bitbucket \
--moderne.dx.scm[0].alternateUrls[0]=ssh://bitbucket.example.com:7999 \
--moderne.dx.scm[0].alternateUrls[1]=http://bitbucket.example.com:8080/stash \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Organizations service variables
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_DX_ORGANIZATION_URL` | `true` | | The URL of your GraphQL service that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_REPOSCSV`. |
| `MODERNE_DX_ORGANIZATION_REPOSCSV` | `true` | | The path of your repos.csv file that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_URL`. |
| `MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS` | `false` | | The commit options used if not specified by the organization service. |
| `MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS` | `false` | `600` | Specifies how often to request your organization information. Only used when combined with `MODERNE_DX_ORGANIZATION_URL`. |
| `MODERNE_DX_ORGANIZATION_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. Only used when combined with `MODERNE_DX_ORGANIZATION_URL`. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_DX_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-e MODERNE_DX_ORGANIZATION_DEFAULTCOMMITOPTIONS=Direct,Branch,Fork,PullRequest,ForkAndPullRequest \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|---------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.dx.organization.url` | `true` | | The URL of your GraphQL service that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_REPOSCSV`. |
| `--moderne.dx.organization.reposCsv` | `true` | | The path of your repos.csv file that provides organization information. Cannot be combined with `MODERNE_DX_ORGANIZATION_URL`. |
| `--moderne.dx.organization.defaultCommitOptions` | `false` | | The commit options used if not specified by the organization service. |
| `--moderne.dx.organization.updateIntervalSeconds` | `false` | `600` | Specifies how often to request your organization information. Only used when combined with `--moderne.dx.organization.url`. |
| `--moderne.dx.organization.skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. Only used when combined with `--moderne.dx.organization.url`. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.organization.url=http://localhost:8091 \
--moderne.dx.organization.updateIntervalSeconds=600 \
--moderne.dx.organization.defaultCommitOptions=Direct,Branch,Fork,PullRequest,ForkAndPullRequest \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Strict recipe sources variables
<Tabs groupId="dx-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|----------------------------------------------|--------------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `MODERNE_DX_RECIPE_USEONLYCONFIGURED` | `true` | | Only use the recipe sources configured in the service. |
| `MODERNE_DX_RECIPE_POMCACHE_TYPE` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `MODERNE_DX_RECIPE_POMCACHE_ENTRYTTLMINUTES` | `false` | | How long entries should live in the POM cache. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_HOST` | `true` (If the POM cache type is set to `REDIS`) | | The URL of the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_PORT` | `true` (If the POM cache type is set to `REDIS`) | | The port number of the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_USERNAME` | `false` | | The username needed to authenticate to the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_PASSWORD` | `false` | | The password needed to authenticate with the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_SSL` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `MODERNE_DX_RECIPE_POMCACHE_REDIS_DATABASE` | `false` | | The Redis DB index. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_DX_RECIPE_USEONLYCONFIGURED=true \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|------------------------------------------------|--------------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `--moderne.dx.recipe.useOnlyConfigured` | `true` | | Only use the recipe sources configured in the service. |
| `--moderne.dx.recipe.pomCache.type` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `--moderne.dx.recipe.pomCache.entryTtlMinutes` | `false` | | How long entries should live in the POM cache. |
| `--moderne.dx.recipe.pomCache.redis.host` | `true` (If the POM cache type is set to `REDIS`) | | The URL of the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.port` | `true` (If the POM cache type is set to `REDIS`) | | The port number of the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.username` | `false` | | The username needed to authenticate to the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.password` | `false` | | The password needed to authenticate with the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.ssl` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `--moderne.dx.recipe.pomCache.redis.database` | `false` | | The Redis DB index. |
**Example:**
```bash
java -jar moderne-dx-{version}.jar \
# ... Existing arguments
--moderne.dx.recipe.useOnlyConfigured=true \
# ... Additional arguments
```
</TabItem>
</Tabs>

9
docs/administrator-documentation/moderne-dx/how-to-guides/mass-ingest-and-run-dx.md Normal file
View File

@@ -0,0 +1,9 @@
# Mass ingest
One of the first steps of integrating your code with Moderne is setting up a pipeline that builds and publishes [LST](../../moderne-platform/references/lossless-semantic-trees.md) artifacts to an artifact repository that you control.
To do this, we recommend that you set up a Docker image to pull the CLI, configure it, build the LSTs, and publish said artifacts. You would then run this image on a schedule (typically once per day) so that Moderne can have the latest LST artifacts available.
For detailed instructions on how to set up ingestion, please follow the directions in the [Moderne mass ingest example repository](https://github.com/moderneinc/mass-ingest-example/blob/main/README.md).
Once you have ingestion set up, you may want to run recipes against every organization (group of repositories) in your company. To help with that, please follow the directions in the [Moderne mass run example repository](https://github.com/moderneinc/moderne-mass-run/blob/main/README.md)

BIN
docs/administrator-documentation/moderne-dx/references/assets/ModerneDX-Arch2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 211 KiB

51
docs/administrator-documentation/moderne-dx/references/moderne-dx-architecture.md Normal file
View File

@@ -0,0 +1,51 @@
# Moderne DX architecture
Moderne DX includes a centralized, internal service you install to manage Moderne CLI instances, enabling you to share and improve recipes, coordinate across teams, and access reporting. You operate the Moderne DX edition using your own security controls, and all of your code and data stays on-premises.
## Architecture diagram
<figure>
![](./assets/ModerneDX-Arch2.png)
<figcaption></figcaption>
</figure>
## Comparison with Moderne Enterprise
### Capabilities
| | Moderne DX | Moderne Platform Enterprise |
| ------------------------------------ | :------------------: | :-------------------------: |
| SCA - auto search and remediation | :white_check_mark: | :white_check_mark: |
| SAST - auto search and remediation | :white_check_mark: | :white_check_mark: |
| OWASP Top 10 auto-remediation | :white_check_mark: | :white_check_mark: |
| Framework and library auto-migration | :white_check_mark: | :white_check_mark: |
| Global code intelligence | | :white_check_mark: |
| Custom recipe development assistance | :white_check_mark: | :white_check_mark: |
### Features
| | Moderne DX | Moderne Platform Enterprise |
| ------------------------------ | :------------------: | :-------------------------: |
| Moderne CLI multi-repo DevEx | :white_check_mark: | :white_check_mark: |
| IDE plugin | :white_check_mark: | :white_check_mark: |
| Recipe marketplace | :white_check_mark: | :white_check_mark: |
| Data tables (impact analysis) | :white_check_mark: | :white_check_mark: |
| Data visualizations | | :white_check_mark: |
| Code intel dashboards | | :white_check_mark: |
| AI integrations | | :white_check_mark: |
| Scheduled recipe execution | | :white_check_mark: |
| Change campaigns | | :white_check_mark: |
| Organizational hierarchy | :white_check_mark: | :white_check_mark: |
| Reporting | :white_check_mark: | :white_check_mark: |
| Centralized LST management | :white_check_mark: | :white_check_mark: |
### Implementation
| | Moderne DX | Moderne Platform Enterprise |
| ---------------------------------------------------- | :------------------: | :-------------------------: |
| SSO integration for login | :white_check_mark: | :white_check_mark: |
| VCS (GitHub, GitLab, Bitbucket) integration | :white_check_mark: | :white_check_mark: |
| Artifact repository (Artifactory, Nexus) integration | :white_check_mark: | :white_check_mark: |
| IdP integration | :white_check_mark: | :white_check_mark: |
| Single, private tenant SaaS | | :white_check_mark: |
| Fully on premises | :white_check_mark: | |

23
docs/administrator-documentation/moderne-platform/faq.md Normal file
View File

@@ -0,0 +1,23 @@
# Frequently asked questions (FAQ)
## Why do artifact scanners detect vulnerabilities in recipe artifacts/JARs?
In order to modernize and upgrade old or vulnerable code, some OpenRewrite recipe modules bundle copies of old libraries. Libraries bundled into recipe modules are never executed. That being said, these libraries are **never executed**.
OpenRewrite exercises the Java compiler internally to compile code patterns that exist in these old and/or vulnerable libraries. These patterns are then used to **match** old or vulnerable code for the sake of modernizing or repairing it.
Using a library in compilation in this way **does not trigger class initialization** in the way that reflection might, for example. In other words, code paths in libraries used in compilation are **never executed**.
As an example of this, consider the case of [rewrite-spring](https://github.com/openrewrite/rewrite-spring). It has libraries bundled inside of the [META-INF/rewrite/classpath directory](https://github.com/openrewrite/rewrite-spring/tree/main/src/main/resources/META-INF/rewrite). However, those JARs are not made into a Fat Jar or a shaded library in the traditional sense. It is not possible that by using `rewrite-spring` that one of those libraries gets called.
## Why do we need to provide a full list of repositories for the Organizations service?
We have noticed that if companies do not provide a complete list of repositories that there is confusion around the results from some recipes/data tables/visualizations.
For instance, many companies track vulnerability remediations through Moderne. Once Moderne shows no results found for said remediation, people may believe that the vulnerability is completely fixed. However, as there are hundreds or thousands of repositories unaccounted for, the vulnerability may still exist, and more work will need to be done.
By providing a list of every repository, even if they aren't ingested into the Moderne Platform, you will be able to understand how complete an impact analysis or remediation is.
If you need help configuring your Organizations service to return all repositories, please see our [reference implementation](https://github.com/moderneinc/moderne-organizations) which uses a [repos.csv](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/repos.csv) to expose all repositories as well as [scripts that you can use to identify those repositories in your source control](https://github.com/moderneinc/moderne-organizations/tree/main/repo-fetchers).
Of course, you're also welcome to build your own service that fulfills [the GraphQL contract we provide](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls).

103
docs/administrator-documentation/moderne-platform/getting-started/admin-pages.md Normal file
View File

@@ -0,0 +1,103 @@
# Admin pages explained
As an administrator (admin) in the Moderne Platform, you have access to a variety of admin pages that let you manage and control various aspects of the platform. To help ensure you can perform your administrative tasks efficiently and effectively, let's walk through each of these pages.
## Navigating to the admin pages
All of the admin pages can be found by clicking on the `Admin` link in the Moderne nav sidebar:
<figure>
![](./assets/admin-sidebar.png)
<figcaption>_Admin link in the sidebar_</figcaption>
</figure>
Clicking on that will open up a modal that contains all of the admin pages:
<figure>
![](./assets/admin-page-modal.png)
<figcaption>_Admin link modal_</figcaption>
</figure>
## Agents page
You can think of the agents page as a sort of landing area that shows all of the technologies you've configured your agents to have access to. You can click on each tile to get taken to a details page that has more information about a particular connection. This can be particularly useful for debugging whether or not a service is connected to the agent.
You can see whether or not an agent is connected to a particular service by scrolling to the bottom of the details page and looking at the `Connected` column:
<figure>
![](./assets/connected-col.png)
<figcaption>_Connected status_</figcaption>
</figure>
For Artifactory specifically, you can also get an AQL query to test to make sure you've configured it correctly. You can do this by clicking on the Artifactory card, and then clicking on `CURL` or `WebRequest` underneath the `Test on Mac/Linux` or `Test on Windows` label:
<figure>
![](./assets/artifactory-test.png)
<figcaption>_AQL query link_</figcaption>
</figure>
:::info
If you configure the same connection in multiple agents, you will only see it once on the Agents page.
:::
## Audit log page
The audit log page lists all actions taken by users on the platform.
In the top-left hand corner of the page, there is a filter dropdown that lets you select common, important, filters such as all logins in the last week or all commits in the last month:
<figure>
![](./assets/audit-common.png)
<figcaption>_Audit page common filters_</figcaption>
</figure>
For information about how to add/remove columns or how to add custom filters on individual columns, please see the [filtering section](#filtering) at the bottom of this doc.
## Workers page
Workers are configured by Moderne and are servers that run recipes. As Moderne controls these, this page will likely not be of use to you or your team. It's mainly there for debugging issues that may arise and for confirming that there are indeed workers available to run recipes.
## Quarantine page
As an admin, you can quarantine repositories in the Moderne Platform. This prevents recipes from being run on said repositories.
Consider the case where you have some old repositories that aren't building. Instead of having error messages appear when you run recipes or having the DevCenter provide warnings about repositories not building, you can quarantine these repositories until they're fixed or removed.
For information about how to add/remove columns or how to add custom filters on individual columns, please see the [filtering section](#filtering) at the bottom of this doc.
## Reports page
The reports page is exactly as it sounds; it contains a list of detailed reports that you can download. These reports contain more information than you would obtain in the audit log.
## Access tokens page
The access tokens page lets you see who has created an access token for your tenant. It also lets you remove all access tokens for a particular user.
The search box lets you enter partial searches such as `@moderne.io` to find all users with an `@moderne.io` email address.
To remove access tokens for a user, click on the trash can icon under `Actions` and then press `Delete` in the modal that appears.
## Filtering
All Moderne pages that have tables offer the same filtering abilities.
You can filter individual columns by mousing over the column name, clicking on the three vertical dots that appear, and then clicking on `Filter`:
<figure>
![](./assets/col-filter.png)
<figcaption>_Column filtering_</figcaption>
</figure>
You can then select the column you're interested in, choose the operator you want to apply to that column, and enter the value you want to search for. To combine filters together, press the `Add filter`.
<figure>
![](./assets/specific-filter.png)
<figcaption>_Filter modal_</figcaption>
</figure>
If you want to add or remove columns from the table, you can mouse over any column, click on the three vertical dots that appear, and then select `Manage columns`. You'll then see a modal that you can add or remove columns:
<figure>
![](./assets/audit-log-columns.png)
<figcaption>_Audit log columns_</figcaption>
</figure>

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/admin-page-modal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/admin-sidebar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/artifactory-test.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/audit-common.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/audit-log-columns.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/col-filter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/connected-col.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/dep-insight.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 130 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/pov-example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 265 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/specific-filter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/administrator-documentation/moderne-platform/getting-started/assets/vuln-dep.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

82
docs/administrator-documentation/moderne-platform/getting-started/proof-of-value.md Normal file
View File

@@ -0,0 +1,82 @@
import ReactPlayer from 'react-player';
# Proof of value process
With Moderne, you can automate maintenance processes such as framework migrations, security vulnerability fixes, and code quality standardization. Code refactoring work that used to take months and teams of developers can be done in minutes, closing vulnerabilities and saving millions of dollars in software maintenance costs while giving developers substantially more time to focus on delivering business value.
We are often asked how to introduce the power of Moderne to an organization in order to build confidence in the tooling and facilitate a successful paradigm shift for their teams. To start, it's best to focus on lower risk, lower effort, and lower complexity tasks for developers. This might include tasks such as cleaning up code quality issues or addressing isolated CVEs. Once success is shown in these areas, you can build up to more substantial updates, such as minor framework updates or patches, and eventually to more complex code migration work.
The idea is for all of these types of updates to become a continuous process for your organization. Gradually phasing them in over time helps to achieve both technological and cultural change, which ultimately drives adoption.
![](./assets/pov-example.png)
## Proof of value (POV) Steps
1. To begin the process, please fill out [this questionnaire](https://lq7oxv9ggnm.typeform.com/to/r1ib8ecu?typeform-source=www.google.com) so that we can provision the appropriate services for your organization.
2. Once you've filled out the form, we will provision an isolated Moderne Platform in the cloud provider and region of your choice. Deployment is fully automated and takes approximately one hour. Please let us know which cloud provider and region you prefer.
3. Please follow the instructions in our [on-premise agent configuration doc](../how-to-guides/agent-configuration/agent-config.md). The agent is a single docker image or JAR that can run on a Virtual Machine, Kubernetes, or Cloud Foundry. It controls the encryption key and connects to on-prem systems such as your source code manager (SCM) and artifact repository. To ensure the agent functions correctly, you will need to create a read-only service account for your artifact repository and your SCM. This will allow developers to authenticate with your SCM for access control and commits/PRs (if commits are enabled for your tenant). The installation process typically takes less than an hour once the service accounts and SCM configurations are in place.
4. To enable SSO for Moderne, you will need to connect to your Identity Provider (IdP). This is done in a 30-minute meeting with Moderne to exchange metadata. If requested, a username/password can also be used during the POV process instead of SSO.
5. Next, you'll need to [set up the ingestion pipeline](../how-to-guides/mass-ingest.md). This pipeline will build and publish LST artifacts for the repositories you specify to your artifact repository. From there, the Moderne agent will find these LST artifacts, encrypt them, and ship them to the Moderne cloud.
* The more repositories you add and the more diverse they are, the easier it is to demonstrate value. Customers typically start with 50-100 repositories.
* No changes are required to the repositories themselves (such as installing build plugins).
6. With all of that done, you're now ready to run some recipes. Below, we'll provide some suggestions for recipes to run. The links will take you to the [Moderne SaaS](https://app.moderne.io) where you can run the recipes on a variety of open-source repositories. You will need to sign in to view and run recipes.
7. After you run recipes, you'll generate some [data tables](../../../user-documentation/moderne-platform/getting-started/data-tables.md) and some [visualizations](../../../user-documentation/moderne-platform/getting-started/visualizations.md).
### Recipes to run
_Ordered from least complex to most complex_
* [Common static analysis fixes](https://app.moderne.io/recipes/org.openrewrite.staticanalysis.CommonStaticAnalysis)
* Improve code quality and readability
* Fix common mistakes
* Eliminate legacy patterns and minor performance issues
* SLF4J Logging best practices
* [Improve performance](https://app.moderne.io/recipes/org.openrewrite.java.logging.slf4j.ParameterizedLogging) by preferring parameterized logging to string concatenation
* [Improve error reporting](https://app.moderne.io/recipes/org.openrewrite.java.logging.slf4j.CompleteExceptionLogging) by using exception-specialized logging invocations where applicable
* Maven dependency management
* [Upgrade Maven dependencies](https://app.moderne.io/recipes/org.openrewrite.maven.UpgradeDependencyVersion) to keep dependencies patched and up-to-date
* [Exclude test dependencies](https://app.moderne.io/recipes/org.openrewrite.maven.ExcludeDependency) like JUnit from the compile scope
* [Remove redundant explicit dependency versions](https://app.moderne.io/recipes/org.openrewrite.maven.RemoveRedundantDependencyVersions) to clean up Maven POMs
* [Dependency insight for Gradle and Maven](https://app.moderne.io/recipes/org.openrewrite.java.dependencies.DependencyInsight)
![](./assets/dep-insight.png)
* Gradle wrapper and plugin upgrades
* [Update Gradle Wrapper](https://app.moderne.io/recipes/org.openrewrite.gradle.UpdateGradleWrapper) to keep Gradle itself up to date
* [Update Gradle Plugin](https://app.moderne.io/recipes/org.openrewrite.gradle.plugins.UpgradePluginVersion) to keep build plugins up to date
* Security enhancements and discovery
* [Find secrets](https://app.moderne.io/marketplace/org.openrewrite.java.security.secrets) like passwords, encryption keys, access tokens
* [Use secure random number generation](https://app.moderne.io/recipes/org.openrewrite.java.security.SecureRandom)
* [Java security best practices](https://app.moderne.io/recipes/org.openrewrite.java.security.JavaSecurityBestPractices)
* [OWASP Top 10](https://app.moderne.io/recipes/org.openrewrite.java.security.OwaspTopTen)
* [Find and fix vulnerable dependencies](https://app.moderne.io/recipes/org.openrewrite.java.dependencies.DependencyVulnerabilityCheck)
![](./assets/vuln-dep.png)
* Modernize test frameworks
* [Junit 4 to 5 migration](https://app.moderne.io/recipes/org.openrewrite.java.testing.junit5.JUnit4to5Migration)
* [Mockito 1 to 4 migration](https://app.moderne.io/recipes/org.openrewrite.java.testing.mockito.Mockito1to4Migration)
* [Migrate JUnit assertions to AssertJ](https://app.moderne.io/recipes/org.openrewrite.java.testing.assertj.Assertj) improved readability and consistency over stock JUnit assertions
* Major migrations
* [Java 8 to 11](https://app.moderne.io/recipes/org.openrewrite.java.migrate.Java8toJava11)
* [Java 11 to 17](https://app.moderne.io/recipes/org.openrewrite.java.migrate.UpgradeToJava17)
* [Spring Boot 1 to 2](https://app.moderne.io/recipes/org.openrewrite.java.spring.boot2.UpgradeSpringBoot_2_7)
* [Spring Boot 2 to 3](https://app.moderne.io/recipes/org.openrewrite.java.spring.boot3.UpgradeSpringBoot_3_0)
* Custom migrations. Custom recipes can be developed to help with internal platform API management, EJB to Spring migrations, etc.
Major migrations are complex transformations consisting of multiple individual recipes. At some point, these transformations represent one-off use cases and there are diminishing returns from trying to automate them fully. Mostly, they will lift your applications 80-90% of the way to completion with the remainder requiring some manual actions expected to be taken by developers.
### Impact analysis
Another substantial use case worth testing is impact analysis. When adding new functionality or fixing a bug, it's often times good to think about what the consequences would be. While you _could_ make a change and see who yells at you, it's generally better if you take the time to do your due diligence and figure out what's going to happen.
Below are some recipes that you can use to help you with impact analysis as well as a detailed video that will walk you through using these recipes.
<ReactPlayer className="reactPlayer" url='https://youtu.be/jMxSWB5jJ5M?t=306' controls="true" />
#### Recipes to run
* [Find method usages](https://app.moderne.io/recipes/org.openrewrite.java.search.FindMethods)
* [Find types](https://app.moderne.io/recipes/org.openrewrite.java.search.FindTypes)
* [Dependency insight for Gradle and Maven](https://app.moderne.io/recipes/org.openrewrite.java.dependencies.DependencyInsight)
* [Update Gradle or Maven dependency versions](https://app.moderne.io/recipes/org.openrewrite.java.dependencies.UpgradeDependencyVersion)

702
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/agent-config.md Normal file
View File

@@ -0,0 +1,702 @@
---
slug: /administrator-documentation/moderne-platform/how-to-guides/agent-configuration/agent-configuration
---
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configuring the Moderne agent
In order to securely communicate with the Moderne SaaS, you will need to set up an on-premise agent in your environment. To assist you with that process and provide you with information about the agent, this guide will:
* [Give you some high-level information about the agent](#high-level-agent-information)
* [Provide step-by-step instructions for configuring the agent](#agent-setup-instructions)
* [Teach you how to update the agent later on](#updating-your-agent)
## High-level agent information
### What does the agent do?
The Moderne on-premise agent:
* Encrypts and ships [LST](../../references/lossless-semantic-trees.md) and recipe artifacts from your artifact repository (e.g., Artifactory) to the Moderne SaaS
* Provides the symmetric key that Moderne needs to decrypt your artifacts
* Forwards requests from the Moderne SaaS to your SCM(s) (e.g., GitHub)
* Forwards requests from the Moderne SaaS to the organization service (if configured)
## Agent setup instructions
### Step 1: Generate your symmetric key
The Moderne agent requires customers to create a hex-encoded 256-bit AES encryption key. This key will be used to encrypt LST and recipe artifacts before they are sent to your SaaS tenant. To generate a key, please run the following `openssl` command:
```bash
openssl enc -aes-256-cbc -k secret -P
```
This will return a `salt`, `key`, and `iv`. Please copy the `key` and save it for use in [step 3](#step-3-configure-the-agent-with-the-core-variablesarguments) as the `symmetricKey`.
### Step 2: Determine how you will run the agent
Moderne offers two ways of running the agent:
1. An [OCI image](https://github.com/opencontainers/image-spec) that can be run using any OCI runtime (e.g., Docker, Podman)
2. A Spring Boot executable JAR that can be run with Java
Regardless of which one you pick, you'll want a minimum system spec of 2 CPU cores, 8 GB of memory, and at least 10 GB of persistent or local storage.
If you deploy to Kubernetes or any other containerized environment like AWS ECS, you'll want to use the OCI image to run the agent.
If you deploy to a [PaaS](https://en.wikipedia.org/wiki/Platform_as_a_service) environment such Cloud Foundry, you'll want to use the JAR to run the agent.
The table below provides the core command for running the agent. However, in order for the agent to function correctly, additional variables will need to be added based on your environment (such as what SCM(s) your company uses, what artifact repositories you have configured, and whether or not you've configured an [Organizations service](../organizations-service.md)). We'll walk through each of those in the following steps.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**How to build the Docker image**
```bash
docker build -t moderne-agent:latest .
```
**How to run the Docker image with an environment file**
```bash
docker run --env-file=moderne-agent.env moderne-agent:latest
```
**How to run the image with command line arguments**
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
docker run \
# Example environment variables. These will be explained in step 3.
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
# ... Additional environment variables
-p 8080:8080
moderne-agent:latest
```
**Example Dockerfile**
:::info
You are responsible for creating this Dockerfile and your own base image. It is your responsibility to keep this up-to-date when vulnerabilities arise. The below one is a suggestion for getting started - but yours will differ from this as it should point to and use your own tools and services.
:::
```docker
FROM eclipse-temurin:17-jdk
RUN apt-get update && apt-get install -y libxml2-utils
# Set the environment variable MODERNE_AGENT_VERSION
ARG MODERNE_AGENT_VERSION
ENV MODERNE_AGENT_VERSION=${MODERNE_AGENT_VERSION}
WORKDIR /app
USER root
RUN groupadd -r app && useradd --no-log-init -r -m -g app app && chown -R app:app /app
USER app
# Download the specified version of moderne-agent JAR file if MODERNE_AGENT_VERSION is provided,
# otherwise download the latest version
RUN if [ -n "${MODERNE_AGENT_VERSION}" ]; then \
echo "Downloading version: ${MODERNE_AGENT_VERSION}"; \
curl -s --insecure --request GET --url "https://repo1.maven.org/maven2/io/moderne/moderne-agent/${MODERNE_AGENT_VERSION}/moderne-agent-${MODERNE_AGENT_VERSION}.jar" --output agent.jar; \
else \
LATEST_VERSION=$(curl -s --insecure --request GET --url "https://repo1.maven.org/maven2/io/moderne/moderne-agent/maven-metadata.xml" | xmllint --xpath 'string(/metadata/versioning/latest)' -); \
if [ -z "${LATEST_VERSION}" ]; then \
echo "Failed to get latest version"; \
exit 1; \
fi; \
echo "Downloading latest version: ${LATEST_VERSION}"; \
curl -s --insecure --request GET --url "https://repo1.maven.org/maven2/io/moderne/moderne-agent/${LATEST_VERSION}/moderne-agent-${LATEST_VERSION}.jar" --output agent.jar; \
fi
ENTRYPOINT ["java"]
CMD ["-XX:-OmitStackTraceInFastThrow", "-XX:MaxRAMPercentage=65.0", "-XX:MaxDirectMemorySize=2G", "-XX:+HeapDumpOnOutOfMemoryError", "-XX:+UseStringDeduplication", "-jar", "/app/agent.jar"]
EXPOSE 8080
```
**Example environment variables file**
```bash
MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
MODERNE_AGENT_CRYPTO_SYMMETRICKEY=${SYMMETRIC_KEY}
MODERNE_AGENT_TOKEN=${MODERNE_AGENT_TOKEN}
MODERNE_AGENT_NICKNAME=prod-1
MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=${GITHUB_CLIENT_ID}
MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=${GITHUB_CLIENT_SECRET}
MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com
MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne
MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite
MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true
MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/
MODERNE_AGENT_ARTIFACTORY_0_USERNAME=${ARTIFACTORY_USERNAME}
MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=${ARTIFACTORY_PASSWORD}
MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}'
MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}'
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Download the JAR:**
The download URL can be found on the [**Agent releases page**](../../../../releases/agent-releases#maven-download)**.**
**How to run the agent:**
Use `java` to run a jar in combination with arguments that you'll add in the subsequent steps. The final command will look similar to:
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
java -jar moderne-agent-{version}.jar \
# Example arguments. These will be explained in step 3.
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
# ... Additional arguments
```
* **Note:** System properties can be used in place of arguments. For example, you can use `-Dmoderne.agent.token={token_value}` as an argument instead of `--moderne.agent.token={token_value}`.
</TabItem>
</Tabs>
### Step 3: Configure the agent with the core variables/arguments
All agents must be configured with the variables listed as required below:
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|----------------------------------------------|------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_APIGATEWAYRSOCKETURI` | `true` | | The URI used to connect to the Moderne API, provided by Moderne. |
| `MODERNE_AGENT_CRYPTO_SYMMETRICKEY` | `true` | | A 256-bit AES encryption key, hex encoded. Used to encrypt your artifacts. |
| `MODERNE_AGENT_NICKNAME` | `true` | | A name used to identify your agent in the SaaS agent dashboard UI. |
| `MODERNE_AGENT_TOKEN` | `true` | | The Moderne SaaS agent connection token, provided by Moderne. |
| `MODERNE_AGENT_DOWNLOADPARALLELISM` | `false` | 2 threads | How many threads are used to download LSTs. |
| `MODERNE_AGENT_ARTIFACTINDEXINTERVALSECONDS` | `false` | 120 seconds | How frequently LSTs will be indexed. |
| `MODERNE_AGENT_DEFAULTCOMMITOPTIONS_{index}` | `false` | All options available. | Use to restrict which commit options are available on a tenant level (if the organizations service doesn't return any). Acceptable values: `Direct`, `Branch`, `Fork`, `PullRequest`, `ForkAndPullRequest`. |
**Example:**
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
-e MODERNE_AGENT_DEFAULTCOMMITOPTIONS_0=PullRequest \
-e MODERNE_AGENT_DEFAULTCOMMITOPTIONS_1=ForkAndPullRequest \
# ... Additional variables
-p 8080:8080
moderne-agent:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|----------------------------------------------|------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.apiGatewayRsocketUri` | `true` | | The URI used to connect to the Moderne API, provided by Moderne. |
| `--moderne.agent.crypto.symmetricKey` | `true` | | A 256-bit AES encryption key, hex encoded. Used to encrypt your artifacts. |
| `--moderne.agent.nickname` | `true` | | A name used to identify your agent in the SaaS agent dashboard UI. |
| `--moderne.agent.token` | `true` | | The Moderne SaaS agent connection token, provided by Moderne. |
| `--moderne.agent.downloadParallelism` | `false` | 2 threads | How many threads are used to download LSTs. |
| `--moderne.agent.artifactIndexIntervalSeconds` | `false` | 120 seconds | How frequently LSTs will be indexed. |
| `--moderne.agent.defaultCommitOptions[{index}]` | `false` | All options available. | Use to restrict which commit options are available on a tenant level (if the organizations service doesn't return any). Acceptable values: `Direct`, `Branch`, `Fork`, `PullRequest`, `ForkAndPullRequest`. |
**Example:**
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
--moderne.agent.defaultCommitOptions[0]=PullRequest \
--moderne.agent.defaultCommitOptions[1]=ForkAndPullRequest \
# ... Additional arguments
```
</TabItem>
</Tabs>
### Step 4: Configure the agent to work with your SCM(s)
Connecting the agent to your SCM enables Moderne to display recipe results in the UI and commit changes from recipes back to your SCM (in the form of PRs, forks, commits, etc).
For every SCM that you want to connect to Moderne, please follow the instructions in the following guides. These guides will explain how to configure an SCM to talk to the Moderne agent and they will provide you with a list of variables to add to the agent run command. You can configure one agent with multiple SCMs.
**SCM configuration:**
* [Azure DevOps Services configuration](./configure-an-agent-with-azure-devops-services.md)
* [Bitbucket Cloud configuration](./configure-bitbucket-cloud-to-agent.md)
* [Bitbucket Data Center configuration](./configure-bitbucket-to-agent.md)
* [GitHub configuration](./configure-an-agent-with-github.md)
* [GitLab configuration](./configure-an-agent-with-gitlab.md)
Below is an example of what an agent run command might look like at the end of this step.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
# ... Additional variables to come
-p 8080:8080
moderne-agent:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
# ... Additional arguments to come
```
</TabItem>
</Tabs>
### Step 5: Configure the agent to connect to your artifact repositories
The Moderne agent needs to connect to your artifact repositories for two reasons:
1. To obtain your [LST](../../references/lossless-semantic-trees.md) artifacts so that recipes can be run on your code.
2. To obtain your recipe artifacts (if any exist). These recipe artifacts contain custom recipes, defined by your team, that perform transformations against your LST artifacts.
Your company might have many artifact repositories, potentially in different products, that you wish to connect the Moderne agent to. Each of these artifact repositories could contain LST artifacts, recipe artifacts, or a combination of both. The setup instructions differ based on what product you use to store your artifact repositories and what artifacts you wish to send to Moderne.
:::info
The Moderne agent can only talk to _Maven formatted_ artifact repositories. There are a variety of open-source and commercial products that exist that can serve artifacts in this format (such as [Artifactory](https://jfrog.com/artifactory/) and [Sonatype Nexus](https://www.sonatype.com/products/nexus-repository)). A single instance of one of these products may contain multiple Maven repositories.
:::
Moderne offers two options for connecting to your artifact repository: a generic Maven connection that can connect to any Maven formatted repository regardless of vendor and an Artifactory-specific connection that is optimized to serve LST artifacts more quickly.
If you _do not_ plan on using Artifactory to store LST or recipe artifacts, please follow the [Maven repository configuration instructions](./configure-an-agent-with-maven-repository-access.md) and then jump to [Step 6](#step-6-optionally-configure-the-organizations-service).
If you _do_ plan on using Artifactory to store artifacts, you have two options:
1. Use the [Artifactory LST configuration instructions](./configure-an-agent-with-artifactory-access.md) to set up a connection that serves LST artifacts to Moderne. Then, if you plan on creating custom recipes, you would follow the [Artifactory recipe configuration instructions](./configuring-artifactory-with-recipes.md) to set up a connection in Artifactory to serve recipe artifacts. **(recommended)**
2. Use the [Maven repository configuration instructions](./configure-an-agent-with-maven-repository-access.md) to set up a connection that serves both LST artifacts and recipe artifacts to Moderne. This is not recommended as LST artifacts will have a considerable delay between being published and showing up in Moderne. However, if for some reason you can not use AQL queries, this approach is necessary.
The below table shows the key differences between the two types of configuration:
| **Maven repository configuration** | **Artifactory repository configuration** |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Is not tied to a particular vendor. | Can only be used with Artifactory. |
| Serves BOTH recipe artifacts and LST artifacts. | Serves ONLY LST artifacts. Requires Maven configuration to serve recipe artifacts. |
| Recipe artifacts are immediately available for [deployment to Moderne](../importing-external-recipes.md) upon publishing to the Maven formatted repository. | Can not serve recipe artifacts without Maven configuration. |
| LST artifacts may be served if an index in the [Maven Indexer](https://maven.apache.org/maven-indexer/) format is regularly published to the repository. There will be a considerable delay between when an LST is published to the Maven repository and when it shows up in Moderne. This delay is approximately the delay between updates to the index which is controlled by a batch process that your artifact repository executes on a schedule. | LST artifacts will show up in near-real time (within a minute or two) in the Moderne Platform when they are published to Artifactory. This is because Artifactory configuration uses [Artifactory Query Language](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) (AQL) to identify recently published artifacts. AQL queries Artifactory's internal relational database for information about artifacts rather than using an index produced in a batch process. |
Please ensure you've followed either the [Maven](./configure-an-agent-with-maven-repository-access.md) or [Artifactory](./configure-an-agent-with-artifactory-access.md) instructions before continuing.
Below is an example of what an agent run command might look like at the end of this step.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME \
-e MODERNE_AGENT_MAVEN_0_PASSWORD \
# ... Additional variables to come
-p 8080:8080
mmoderne-agent:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
# ... Additional arguments to come
```
</TabItem>
</Tabs>
### Step 6: (Optionally) Configure the Organizations service
Many organizations desire the ability to control the organizational structure of their repositories within the Moderne Platform in a dynamic way. To facilitate this need, Moderne provides an optional integration with an Organizations service that is hosted inside of your environment.
If you want to set up this service, please check out our [configuring the Organizations service guide](../organizations-service.md). Then, once it has been set up, [please configure the agent accordingly](./configure-organizations-service.md).
Below is an example of what an agent run command might look like at the end of this step if you set up the Organizations service.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME \
-e MODERNE_AGENT_MAVEN_0_PASSWORD \
-e MODERNE_AGENT_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-p 8080:8080
moderne-agent:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.organization.url=http://localhost:8091 \
--moderne.agent.organization.updateIntervalSeconds=600 \
```
</TabItem>
</Tabs>
### Step 7: (Optionally) Use strict recipe sources.
Some organizations want recipe artifacts to only come from locations configured in the Moderne agent. If you want to configure that, please follow the [strict recipe sources instructions](./configure-an-agent-with-strict-recipe-sources.md).
Below is an example of what an agent run command might look like at the end of this step if you configured the agent to use only configured recipe sources.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME \
-e MODERNE_AGENT_MAVEN_0_PASSWORD \
-e MODERNE_AGENT_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-e MODERNE_AGENT_RECIPE_USEONLYCONFIGURED=true \
-p 8080:8080
moderne-agent:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
--moderne.agent.token=yourToken \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.organization.url=http://localhost:8091 \
--moderne.agent.organization.updateIntervalSeconds=600 \
--moderne.agent.recipe.useOnlyConfigured=true
```
</TabItem>
</Tabs>
### Step 8: (Optionally) Provide SSL client keystore
If you have configured any services that require client SSL certificates (such as Maven or Artifactory), you will need to provide a KeyStore with these certificates. Please follow [these instructions](./configure-an-agent-with-client-ssl-certificates.md) to configure the KeyStore.
### Step 9: Run the agent
At this point, you should have configured everything needed to run the Moderne agent. If you run into issues running the command, please don't hesitate to reach out.
Below is a table that has instructions for how to run the agent in combination with some examples of the variables/arguments provided in the previous steps:
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**How to build the Docker image**
```bash
docker build -t moderne-agent:latest .
```
**How to run the Docker image with an environment file**
```bash
docker run --env-file=moderne-agent.env moderne-agent:latest
```
**Run the `docker run` command in combination with all of the environment variables you've added in the previous steps:**
```bash
# Please note that if you create environment variables for secrets, you still need to let Docker
# know that these variables exist by including it via: `-e ENV_VAR_NAME`.
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME \
-e MODERNE_AGENT_MAVEN_0_PASSWORD \
-e MODERNE_AGENT_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
-p 8080:8080
moderne-agent:latest
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
Use `java` to run a jar in combination with arguments that you've added in the previous steps:
```bash
# Exporting environment variables with the exact same structure as the parameter in the Java command makes it so you no longer need to include them in the below Java command. For instance, the first export below is equivalent to including this parameter in the Java command:
# --moderne.agent.crypto.symmetricKey=...
export MODERNE_AGENT_CRYPTO_SYMMETRICKEY=...
export MODERNE_AGENT_TOKEN=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=...
export MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=...
export MODERNE_AGENT_ARTIFACTORY_0_USERNAME=...
export MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=...
export MODERNE_AGENT_MAVEN_0_USERNAME=...
export MODERNE_AGENT_MAVEN_0_PASSWORD=...
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.nickname=prod-1 \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.organization.url=http://localhost:8091 \
--moderne.agent.organization.updateIntervalSeconds=600 \
```
* Note: System properties can be used in place of arguments. For example, you can use `-Dmoderne.agent.token={token_value}` as an argument instead of `--moderne.agent.token={token_value}`.
</TabItem>
</Tabs>
## Updating your agent
If you want to update the Moderne agent over time, please follow the instructions in the table below:
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
If you're running the commands provided in this guide, you should see that the last line of every agent run command is `moderne-agent:latest`.
If that's true, then you can rebuild the agent image and it should pick up the latest version. If you've decided to pin the version to something else instead of `latest`, please see our [releases page](../../../../releases/agent-releases.md) for the versions.
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
To update your version of the Executable JAR, change the `{version}` in `java -jar moderne-agent-{version}.jar` to be the latest one on [the releases page](../../../../releases/agent-releases.md).
</TabItem>
</Tabs>

828
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/agent-variables.md Normal file
View File

@@ -0,0 +1,828 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# All agent configuration variables
This document includes all of the variables you can configure the Moderne agent to run with. Your configuration will only use some of these.
## Core variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|----------------------------------------------|------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_APIGATEWAYRSOCKETURI` | `true` | | The URI used to connect to the Moderne API, provided by Moderne. |
| `MODERNE_AGENT_CRYPTO_SYMMETRICKEY` | `true` | | A 256-bit AES encryption key, hex encoded. Used to encrypt your artifacts. |
| `MODERNE_AGENT_NICKNAME` | `true` | | A name used to identify your agent in the SaaS agent dashboard UI. |
| `MODERNE_AGENT_TOKEN` | `true` | | The Moderne SaaS agent connection token, provided by Moderne. |
| `MODERNE_AGENT_DOWNLOADPARALLELISM` | `false` | 2 threads | How many threads are used to download LSTs. |
| `MODERNE_AGENT_ARTIFACTINDEXINTERVALSECONDS` | `false` | 120 seconds | How frequently LSTs will be indexed. |
| `MODERNE_AGENT_DEFAULTCOMMITOPTIONS_{index}` | `false` | All options available. | Use to restrict which commit options are available on a tenant level (if the organizations service doesn't return any). Acceptable values: `Direct`, `Branch`, `Fork`, `PullRequest`, `ForkAndPullRequest`. |
**Example:**
```bash
docker run \
-e MODERNE_AGENT_APIGATEWAYRSOCKETURI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY=yourSymmetricKey \
-e MODERNE_AGENT_NICKNAME=prod-1 \
-e MODERNE_AGENT_TOKEN=yourToken \
-e MODERNE_AGENT_DEFAULTCOMMITOPTIONS_0=PullRequest \
-e MODERNE_AGENT_DEFAULTCOMMITOPTIONS_1=ForkAndPullRequest \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-------------------------------------------------|------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.apiGatewayRsocketUri` | `true` | | The URI used to connect to the Moderne API, provided by Moderne. |
| `--moderne.agent.crypto.symmetricKey` | `true` | | A 256-bit AES encryption key, hex encoded. Used to encrypt your artifacts. |
| `--moderne.agent.nickname` | `true` | | A name used to identify your agent in the SaaS agent dashboard UI. |
| `--moderne.agent.token` | `true` | | The Moderne SaaS agent connection token, provided by Moderne. |
| `--moderne.agent.downloadParallelism` | `false` | 2 threads | How many threads are used to download LSTs. |
| `--moderne.agent.artifactIndexIntervalSeconds` | `false` | 120 seconds | How frequently LSTs will be indexed. |
| `--moderne.agent.defaultCommitOptions[{index}]` | `false` | All options available. | Use to restrict which commit options are available on a tenant level (if the organizations service doesn't return any). Acceptable values: `Direct`, `Branch`, `Fork`, `PullRequest`, `ForkAndPullRequest`. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
--moderne.agent.apiGatewayRsocketUri=https://api.tenant.moderne.io/rsocket \
--moderne.agent.crypto.symmetricKey=yourSymmetricKey
--moderne.agent.nickname=prod-1 \
--moderne.agent.token=yourToken \
--moderne.agent.defaultCommitOptions[0]=PullRequest \
--moderne.agent.defaultCommitOptions[1]=ForkAndPullRequest \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Azure variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|--------------------------------------------------------|--------------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_CLIENTID` | `true` | | The client ID of the registered OAuth app. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_CLIENTSECRET` | `true` | | The client secret of the registered OAuth app. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_TENANTID` | `true` | | The Azure tenant ID of the registered OAuth app. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Azure DevOps instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_PRIVATEKEY` | `false` | | The SSH private key used to establish a SSH connection with Azure DevOps. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_PASSPHRASE` | `true` (If the SSH key is specified + encrypted) | | The passphrase used to encrypt the SSH private key |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_SSHFILENAME` | `true` (If the SSH key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_USER` | `true` (If the SSH key is specified) | | The username used for SSH communication with Azure DevOps. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_CLIENTID=4affd674-286d-423f-b643-7ffe4dec0f53 \
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_TENANTID=488bc312-9fdc-43d2-a647-7a7b28066cc4 \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------------|--------------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.azuredevops[{index}].oauth.clientId` | `true` | | The client ID of the registered OAuth app. |
| `--moderne.agent.azuredevops[{index}].oauth.clientSecret` | `true` | | The client secret of the registered OAuth app. |
| `--moderne.agent.azuredevops[{index}].oauth.tenantId` | `true` | | The Azure tenant ID of the registered OAuth app. |
| `--moderne.agent.azuredevops[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Azure DevOps instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.azuredevops[{index}].ssh.privateKey` | `false` | | The SSH private key used to establish a SSH connection with Azure DevOps. |
| `--moderne.agent.azuredevops[{index}].ssh.passphrase` | `true` (If the SSH key is specified + encrypted) | | The passphrase used to encrypt the SSH private key |
| `--moderne.agent.azuredevops[{index}].ssh.sshFileName` | `true` (If the SSH key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.azuredevops[{index}].ssh.user` | `true` (If the SSH key is specified) | | The username used for SSH communication with Azure DevOps. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.azuredevops[0].oauth.clientId=4affd674-286d-423f-b643-7ffe4dec0f53 \
--moderne.agent.azuredevops[0].oauth.clientSecret=yourClientSecret \
--moderne.agent.azuredevops[0].oauth.tenantId=488bc312-9fdc-43d2-a647-7a7b28066cc4 \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Bitbucket Cloud variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|---------|--------------------------------------------------------|
| `MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_KEY` | `true` | | The key specified in your Bitbucket OAuth consumer. |
| `MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_SECRET` | `true` | | The secret specified in your Bitbucket OAuth consumer. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_KEY=yourOAuthKey \
-e MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_SECRET=yourSecretKey \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------|----------|---------|--------------------------------------------------------|
| `--moderne.agent.bitbucket.cloud.oauthKey` | `true` | | The key specified in your Bitbucket OAuth consumer. |
| `--moderne.agent.bitbucket.cloud.oauthSecret` | `true` | | The secret specified in your Bitbucket OAuth consumer. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.bitbucket.cloud.oauthKey=yourOAuthKey \
--moderne.agent.bitbucket.cloud.oauthSecret=yourSecretKey \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Bitbucket Data Center variables
:::info
You can configure multiple Bitbucket instances by including multiple entries, each with a different `{index}`.
:::
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------------------------|-----------------------------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_BITBUCKET_{index}_PRIVATEKEY` | `true` | | The private key you configured for this Bitbucket instance. |
| `MODERNE_AGENT_BITBUCKET_{index}_URL` | `true` | | The fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `MODERNE_AGENT_BITBUCKET_{index}_ALTERNATEURLS_{index}` | `false` | | The list of alternative fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `MODERNE_AGENT_BITBUCKET_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Bitbucket instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_PRIVATEKEY` | `false` | | The SSH private key used to establish a SSH connection with Bitbucket. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_PASSPHRASE` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_SSHFILENAME` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_USER` | `true` (If the SSH private key is specified) | | The username used for SSH communication with Bitbucket. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_PORT` | `true` (If the SSH private key is specified) | `7999` | The port used to communicate via SSH with Bitbucket. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_BITBUCKET_0_PRIVATEKEY=yourPrivateKey \
-e MODERNE_AGENT_BITBUCKET_0_URL=https://bitbucket.myorg.com \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-------------------------------------------------------------|-----------------------------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.bitbucket[{index}].privateKey` | `true` | | The private key you configured for this Bitbucket instance. |
| `--moderne.agent.bitbucket[{index}].url` | `true` | | The fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `--moderne.agent.bitbucket[{index}].alternateUrls[{index}]` | `false` | | The list of alternative fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `--moderne.agent.bitbucket[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Bitbucket instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.bitbucket[{index}].ssh.privateKey` | `false` | | The SSH private key used to establish a SSH connection with Bitbucket. |
| `--moderne.agent.bitbucket[{index}].ssh.passphrase` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.bitbucket[{index}].ssh.sshFileName` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.bitbucket[{index}].ssh.user` | `true` (If the SSH private key is specified) | | The username used for SSH communication with Bitbucket. |
| `--moderne.agent.bitbucket[{index}].ssh.port` | `true` (If the SSH private key is specified) | `7999` | The port used to communicate via SSH with Bitbucket. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.bitbucket[0].privateKey=yourPrivateKey \
--moderne.agent.bitbucket[0].url=https://bitbucket.myorg.com \
# ... Additional arguments
```
</TabItem>
</Tabs>
## GitHub variables
:::info
You can configure multiple GitHub OAuth apps by including multiple entries, each with a different `{index}`.
:::
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|----------------------------------------------------------------|----------------------------------------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_GITHUB_{index}_OAUTH_CLIENTID` | `true` | | The client id configured in GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_OAUTH_CLIENTSECRET` | `true` | | The client secret configured in GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_URL` | `true` | | The fully-qualified hostname of the running GitHub instance. |
| `MODERNE_AGENT_GITHUB_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitHub instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_GITHUB_{index}_ALLOWABLE_ORGANIZATIONS_{index}` | `false` | See description | Specifies what organizations you can fork recipe results to. By default, there are no restrictions on which organizations can be committed to. If you want multiple organizations, increase the last index and add one per line. |
| `MODERNE_AGENT_GITHUB_{index}_OAUTH_INCLUDEPRIVATEREPOS` | `false` | See description | By default, the OAuth app will only have access to public repositories within your organization(s). To provide the OAuth app access to private repositories, you can set this to `true`. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_PRIVATEKEY` | `false` | | (Optional) The SSH private key used to establish a SSH connection with GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_PASSPHRASE` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_SSHFILENAME` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_USER` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_PORT` | `false` | `7999` | The port used to communicate via SSH with GitHub. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=yourClientId \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-------------------------------------------------------------------|----------------------------------------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.github[{index}].oauth.clientId` | `true` | | The client id configured in GitHub. |
| `--moderne.agent.github[{index}].oauth.clientSecret` | `true` | | The client secret configured in GitHub. |
| `--moderne.agent.github[{index}].url` | `true` | | The fully-qualified hostname of the running GitHub instance. |
| `--moderne.agent.github[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitHub instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.github[{index}].allowableOrganizations[{index}]` | `false` | See description | Specifies what organizations you can fork recipe results to. By default, there are no restrictions on which organizations can be committed to. If you want multiple organizations, increase the last index and add one per line. |
| `--moderne.agent.github[{index}].oauth.includePrivateRepos` | `false` | See description | By default, the OAuth app will only have access to public repositories within your organization(s). To provide the OAuth app access to private repositories, you can set this to `true`. |
| `--moderne.agent.github[{index}].ssh.privateKey` | `false` | | (Optional) The SSH private key used to establish a SSH connection with GitHub. |
| `--moderne.agent.github[{index}].ssh.passphrase` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `--moderne.agent.github[{index}].ssh.sshFileName` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.github[{index}].ssh.user` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitHub. |
| `--moderne.agent.github[{index}].ssh.port` | `false` | `7999` | The port used to communicate via SSH with GitHub. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.github[0].oauth.clientId=yourClientId \
--moderne.agent.github[0].oauth.clientSecret=yourClientSecret \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
# ... Additional arguments
```
</TabItem>
</Tabs>
## GitLab variables
You can configure multiple GitLab OAuth apps by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------------------|----------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_GITLAB_{index}_OAUTH_CLIENTID` | `true` | | The application id configured in GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_OAUTH_CLIENTSECRET` | `true` | | The secret configured in GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_URL` | `true` | | The fully-qualified hostname of your GitLab instance. |
| `MODERNE_AGENT_GITLAB_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitLab instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_PRIVATEKEY` | `false` | | The SSH private key used to establish a SSH connection with GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_PASSPHRASE` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_SSHFILENAME` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_USER` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_PORT` | `false` | `7999` | The port used to communicate via SSH with GitLab. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_GITLAB_0_OAUTH_CLIENTID=yourClientId \
-e MODERNE_AGENT_GITLAB_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_GITLAB_0_URL=https://your-gitlab.com \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|------------------------------------------------------|----------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.gitlab[{index}].oauth.clientId` | `true` | | The application id configured in GitLab. |
| `--moderne.agent.gitlab[{index}].oauth.clientSecret` | `true` | | The secret configured in GitLab. |
| `--moderne.agent.gitlab[{index}].url` | `true` | | The fully-qualified hostname of your GitLab instance. |
| `--moderne.agent.gitlab[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitLab instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.gitlab[{index}].ssh.privateKey` | `false` | | The SSH private key used to establish a SSH connection with GitLab. |
| `--moderne.agent.gitlab[{index}].ssh.passphrase` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `--moderne.agent.gitlab[{index}].ssh.sshFileName` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.gitlab[{index}].ssh.user` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitLab. |
| `--moderne.agent.gitlab[{index}].ssh.port` | `false` | `7999` | The port used to communicate via SSH with GitLab. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.gitlab[0].oauth.clientId=yourClientId \
--moderne.agent.gitlab[0].oauth.clientSecret=yourClientSecret \
--moderne.agent.gitlab[0].url=https://your-gitlab.com \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Organizations service variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|------------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_ORGANIZATION_URL` | `true` | | The URL of your GraphQL service that provides organization information. |
| `MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS` | `false` | `600` | Specifies how often to request your organization information. |
| `MODERNE_AGENT_ORGANIZATION_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|------------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.organization.url` | `true` | | The URL of your GraphQL service that provides organization information. |
| `--moderne.agent.organization.updateIntervalSeconds` | `false` | `600` | Specifies how often to request your organization information. |
| `--moderne.agent.organization.skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.organization.url=http://localhost:8091 \
--moderne.agent.organization.updateIntervalSeconds=600 \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Maven repository variables
You can configure multiple Maven repositories by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|-------------------------------------------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository. |
| `MODERNE_AGENT_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `MODERNE_AGENT_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_AGENT_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_AGENT_MAVEN_{index}_ASTSOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts (Note: LSTs used to be called ASTs). |
| `MODERNE_AGENT_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_AGENT_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME=admin \
-e MODERNE_AGENT_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------|-------------------------------------------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`--moderne.agent.maven[{index}].url` | `true` | | The URL of your Maven repository. |
| `--moderne.agent.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `--moderne.agent.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.agent.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.agent.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.agent.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.agent.maven[{index}].astSource` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts (Note: LSTs used to be called ASTs). |
| `--moderne.agent.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.agent.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne-agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.maven[0].username=admin \
--moderne.agent.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Artifactory repository variables
You can configure multiple Artifactory servers by including multiple entries, each with a different `{index}`. Within a given Artifactory server configuration, you can configure multiple LST query filters by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-------------------------------------------------------------|------------------------------------------------|---------|----------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_ARTIFACTORY_{index}_URL` | `true` | | The URL of your Artifactory instance. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_USERNAME` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_PASSWORD` | `true` | | The password used to connect to your Artifactory instance. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_ASTQUERYFILTERS_{index}` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the agent to this Artifactory instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME=admin \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=password \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------------------|----------|---------|----------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.artifactory[{index}].url` | `true` | | The URL of your Artifactory instance. |
| `--moderne.agent.artifactory[{index}].username` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `--moderne.agent.artifactory[{index}].password` | `true` | | The password used to connect to your Artifactory instance. |
| `--moderne.agent.artifactory[{index}].astQueryFilters[{index}]` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `--moderne.agent.artifactory[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the agent to this Artifactory instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].username=admin \
--moderne.agent.artifactory[0].password=password \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Artifactory recipe variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository. |
| `MODERNE_AGENT_MAVEN_{index}_ASTSOURCE` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. **You should set this to false** (Note: LSTs used to be called ASTs). |
| `MODERNE_AGENT_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `MODERNE_AGENT_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_AGENT_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_AGENT_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_AGENT_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
:::warning
If you want to configure a [Moderne DevCenter](../dev-center.md), you will need to ensure that you have exactly one Maven repository configured with `RECIPESOURCE` set to `true`. (It is fine to have this same Maven repository configured in multiple agents.)
:::
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_ASTSOURCE=false \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME=admin \
-e MODERNE_AGENT_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.maven[{index}].url` | `true` | | The URL of your Maven repository. |
| `--moderne.agent.maven[{index}].astSource` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. **You should set this to false** (Note: LSTs used to be called ASTs). |
| `--moderne.agent.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `--moderne.agent.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.agent.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.agent.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.agent.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.agent.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.agent.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
:::warning
If you want to configure a [Moderne DevCenter](../dev-center.md), you will need to ensure that you have exactly one Maven repository configured with `recipeSource` set to `true`. (It is fine to have this same Maven repository configured in multiple agents.)
:::
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].astSource=false \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.maven[0].username=admin \
--moderne.agent.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Strict recipe sources variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-------------------------------------------------|-------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_RECIPE_USEONLYCONFIGURED` | `true` | | Only use the recipe sources configured in the agent. |
| `MODERNE_AGENT_RECIPE_POMCACHE_TYPE` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `MODERNE_AGENT_RECIPE_POMCACHE_ENTRYTTLMINUTES` | `false` | | How long entries should live in the POM cache. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_HOST` | `true` (If the POM cache type is `REDIS`) | | The URL of the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_PORT` | `true` (If the POM cache type is `REDIS`) | | The port number of the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_USERNAME` | `false` | | The username needed to authenticate to the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_PASSWORD` | `false` | | The password needed to authenticate with the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_SSL` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_DATABASE` | `false` | | The Redis DB index. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_RECIPE_USEONLYCONFIGURED=true \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|---------------------------------------------------|-------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `--moderne.agent.recipe.useOnlyConfigured` | `true` | | Only use the recipe sources configured in the agent. |
| `--moderne.agent.recipe.pomCache.type` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `--moderne.agent.recipe.pomCache.entryTtlMinutes` | `false` | | How long entries should live in the POM cache. |
| `--moderne.agent.recipe.pomCache.redis.host` | `true` (If the POM cache type is `REDIS`) | | The URL of the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.port` | `true` (If the POM cache type is `REDIS`) | | The port number of the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.username` | `false` | | The username needed to authenticate to the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.password` | `false` | | The password needed to authenticate with the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.ssl` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.database` | `false` | | The Redis DB index. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.recipe.useOnlyConfigured=true \
# ... Additional arguments
```
</TabItem>
</Tabs>
## PyPI variables
:::info
You can configure multiple PyPI package indexes by including multiple entries, each with a different `{index}`.
:::
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|--------------------------------------------------|----------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_VISUALIZATIONS_USEONLYCONFIGURED` | `true` | `false` | Only use the visualization sources configured in the agent. |
| `MODERNE_AGENT_PYPI_{index}_URL` | `true` | | The URL of your PyPI package index. |
| `MODERNE_AGENT_PYPI_{index}_USERNAME` | `false` | `null` | The username used to access the index. |
| `MODERNE_AGENT_PYPI_{index}_PASSWORD` | `false` | `null` | The password used to access the index. |
| `MODERNE_AGENT_PYPI_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this PyPI package index. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_VISUALIZATIONS_USEONLYCONFIGURED=true \
-e MODERNE_AGENT_PYPI_0_URL=https://pypi.example.com/simple \
-e MODERNE_AGENT_PYPI_0_USERNAME=admin \
-e MODERNE_AGENT_PYPI_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------|----------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.visualizations.useOnlyConfigured` | `true` | `false` | Only use the visualization sources configured in the agent. |
| `--moderne.agent.pypi[{index}].url` | `true` | | The URL of your PyPI package index. |
| `--moderne.agent.pypi[{index}].username` | `false` | `null` | The username used to access the index. |
| `--moderne.agent.pypi[{index}].password` | `false` | `null` | The password used to access the index. |
| `--moderne.agent.pypi[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this PyPI package index. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.visualizations.useOnlyConfigured=true \
--moderne.agent.pypi[0].url=https://pypi.example.com/simple \
--moderne.agent.pypi[0].username=admin \
--moderne.agent.pypi[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>
## HTTP proxy variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------|----------|---------|---------------------------------------------|
| `MODERNE_AGENT_APIGATEWAY_PROXY_HOST` | `false` | | Host (without scheme) for the proxy server. |
| `MODERNE_AGENT_APIGATEWAY_PROXY_PORT` | `false` | | Port for the proxy server. |
:::info
If you include either a host or port, you must include both.
:::
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_APIGATEWAY_PROXY_HOST=proxy.mycompany.com \
-e MODERNE_AGENT_APIGATEWAY_PROXY_PORT=8179 \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------|----------|---------|---------------------------------------------|
| `--moderne.agent.apiGateway.proxy.host` | `false` | | Host (without scheme) for the proxy server. |
| `--moderne.agent.apiGateway.proxy.port` | `false` | | Port for the proxy server. |
:::info
If you include either a host or port, you must include both.
:::
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.apiGateway.proxy.host=proxy.mycompany.com \
--moderne.agent.apiGateway.proxy.port=8179 \
# ... Additional arguments
```
</TabItem>
</Tabs>
## Generic HTTP tool variables
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------------------|----------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_HTTPTOOL_{index}_URL` | `true` | | Fully qualified URL to your HTTP tool. |
| `MODERNE_AGENT_HTTPTOOL_{index}_USERNAME` | `false` | | Username used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `MODERNE_AGENT_HTTPTOOL_{index}_PASSWORD` | `false` | | Password used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `MODERNE_AGENT_HTTPTOOL_{index}_BEARERTOKEN` | `false` | | Bearer token used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If `bearerToken` is specified, username and password must not be provided. |
| `MODERNE_AGENT_HTTPTOOL_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this HTTP tool. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_HTTPTOOL_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on agent startup, we will validate that we can connect to this HTTP tool, and fail to start up the agent if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_HTTPTOOL_0_URL=https://launchdarkly.mycompany.com \
-e MODERNE_AGENT_HTTPTOOL_0_USERNAME=myUser \
-e MODERNE_AGENT_HTTPTOOL_0_PASSWORD=${SECRET_NAME} \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------------------|----------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.httpTool[{index}].url` | `true` | | Fully qualified URL to your HTTP tool. |
| `--moderne.agent.httpTool[{index}].username` | `false` | | Username used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `--moderne.agent.httpTool[{index}].password` | `false` | | Password used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `--moderne.agent.httpTool[{index}].bearerToken` | `false` | | Bearer token used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If `bearerToken` is specified, username and password must not be provided. |
| `--moderne.agent.httpTool[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this HTTP tool. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.httpTool[{index}].skipValidateConnectivity` | `false` | `false` | By default, on agent startup, we will validate that we can connect to this HTTP tool, and fail to start up the agent if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.httpTool[0].url=https://launchdarkly.mycompany.com \
--moderne.agent.httpTool[0].username=myUser \
--moderne.agent.httpTool[0].password=${SECRET_NAME} \
# ... Additional arguments
```
</TabItem>
</Tabs>

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/agent-bitbucket-create-link.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/artifactory.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 189 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_entra_id_app_registrations.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_entra_id_register_an_application.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 342 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_oauth_add_api_permissions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 92 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_oauth_add_client_secret.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_oauth_add_client_secret_form.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_oauth_app_registration_overview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 115 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/azure_services_entra_id.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/bitbucket-permissions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 137 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/callback.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/deploy-recipe-artifact.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/dev-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/gh-req-fields.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/gh-secrets.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/gl-app-page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/gl-scopes.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/gl-secrets.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/http-proxy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 69 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/http-tool.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/key-secret.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/maven-indexer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 146 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/maven-publish-index.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/maven-publish.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/moderne-deploy-page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/assets/sona-tasks.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 106 KiB

67
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-to-connect-to-moderne-via-an-http-proxy.md Normal file
View File

@@ -0,0 +1,67 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent to connect to Moderne via an HTTP proxy
If your organization requires an HTTP proxy in order to be able to access the public internet, you can configure this proxy for communication between the Moderne Agent and the Moderne API Gateway.
This proxy will be used for egress, and then the API gateway will establish the Layer 7 connection with the Moderne Agent through which all further communication will pass.
<figure>
![](./assets/http-proxy.png)
<figcaption></figcaption>
</figure>
## Agent configuration
The following table contains all the variables/arguments you need to add to your Moderne Agent run command to work with your HTTP proxy. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------|----------|---------|---------------------------------------------|
| `MODERNE_AGENT_APIGATEWAY_PROXY_HOST` | `false` | | Host (without scheme) for the proxy server. |
| `MODERNE_AGENT_APIGATEWAY_PROXY_PORT` | `false` | | Port for the proxy server. |
:::info
If you include either a host or port, you must include both.
:::
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_APIGATEWAY_PROXY_HOST=proxy.mycompany.com \
-e MODERNE_AGENT_APIGATEWAY_PROXY_PORT=8179 \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------|----------|---------|---------------------------------------------|
| `--moderne.agent.apiGateway.proxy.host` | `false` | | Host (without scheme) for the proxy server. |
| `--moderne.agent.apiGateway.proxy.port` | `false` | | Port for the proxy server. |
:::info
If you include either a host or port, you must include both.
:::
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.apiGateway.proxy.host=proxy.mycompany.com \
--moderne.agent.apiGateway.proxy.port=8179 \
# ... Additional arguments
```
</TabItem>
</Tabs>

76
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-artifactory-access.md Normal file
View File

@@ -0,0 +1,76 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with Artifactory access: LSTs
Artifactory serves as a source of LST artifacts for Moderne. This integration uses [Artifactory Query Language](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) (AQL) to identify LST artifacts that have not yet been encrypted and transmitted to Moderne in near real-time.
This guide will walk you through how to configure the Moderne agent to connect to your Artifactory instance to retrieve LST artifacts.
:::info
If you're wanting to configure Artifactory to support recipe artifacts, please see [this guide](./configuring-artifactory-with-recipes.md) instead.
:::
#### Prerequisites
* You will need a username and password for an Artifactory user that is allowed to issue the relevant AQL queries that will be configured
## Configuring the Moderne agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to get LST artifacts from your Artifactory instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
You can configure multiple Artifactory servers by including multiple entries, each with a different `{index}`. Within a given Artifactory server configuration, you can configure multiple LST query filters by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-------------------------------------------------------------|------------------------------------------------|---------|----------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_ARTIFACTORY_{index}_URL` | `true` | | The URL of your Artifactory instance. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_USERNAME` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_PASSWORD` | `true` | | The password used to connect to your Artifactory instance. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_ASTQUERYFILTERS_{index}` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `MODERNE_AGENT_ARTIFACTORY_{index}_SKIPSSL` | `true` (If you use a self-signed SSL/TLS cert) | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the agent to this Artifactory instance. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME=admin \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=password \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_0='"name":{"$match":"*-ast.jar"}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTQUERYFILTERS_1='"repo":{"$eq":"example-maven"}' \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------------------|------------------------------------------------|---------|----------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.artifactory[{index}].url` | `true` | | The URL of your Artifactory instance. |
| `--moderne.agent.artifactory[{index}].username` | `true` | | The username used to connect to your Artifactory instance. This user must have permission to run AQL queries. |
| `--moderne.agent.artifactory[{index}].password` | `true` | | The password used to connect to your Artifactory instance. |
| `--moderne.agent.artifactory[{index}].astQueryFilters[{index}]` | `true` | | The AQL query fragment used to select LST artifacts to send to Moderne. If multiple are specified, they are combined together with an `AND`. |
| `--moderne.agent.artifactory[{index}].skipSsl` | `true` (If you use a self-signed SSL/TLS cert) | `false` | Specifies whether or not to skip SSL verification for HTTP connections from the agent to this Artifactory instance. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].username=admin \
--moderne.agent.artifactory[0].password=password \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}' \
# ... Additional arguments
```
</TabItem>
</Tabs>

125
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-azure-devops-services.md Normal file
View File

@@ -0,0 +1,125 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with Azure DevOps Services
In order to view recipe results and commit changes from a recipe back to Azure DevOps Services, you'll need to register a Microsoft Entra ID OAuth app and configure the Moderne agent with the appropriate variables.
:::info
Azure DevOps Services supports two OAuth 2.0 models: Microsoft Entra ID OAuth and the legacy Azure DevOps OAuth 2.0 models. The Moderne platform only supports the Microsoft Entra ID OAuth model.
:::
## Azure DevOps Services Configuration
### Step 1: Create a Microsoft Entra ID OAuth App registration
1. Natigate to https://portal.azure.com
2. Under Azure services, click on **Microsoft Entra ID**
<figure>
![](./assets/azure_services_entra_id.png)
<figcaption></figcaption>
</figure>
3. Click on **App registrations**
<figure>
![](./assets/azure_entra_id_app_registrations.png)
<figcaption></figcaption>
</figure>
4. Click on **New registration**
5. In the Register an application form:
1. Enter "Moderne client OAuth app" or similar in the **Name** field
2. Select **Single Tenant** under **Supported account types**
3. In the **Redirect URI** section, enter a Web platform entry with the URL `https://your-domain.moderne.io`
<figure>
![](./assets/azure_entra_id_register_an_application.png)
<figcaption></figcaption>
</figure>
6. Click **Register**
7. In the app's Overview page click **Add a certificate or secret**
<figure>
![](./assets/azure_oauth_add_client_secret.png)
<figcaption></figcaption>
</figure>
8. Click **New client sercret**
9. In the Add a client secret form:
1. Enter "Moderne client OAuth app client secret" or similar in the **Description** field
2. Optionally set a non-default secret expiration in the **Expires** field
<figure>
![](./assets/azure_oauth_add_client_secret_form.png)
<figcaption></figcaption>
</figure>
3. Click **Add**
10. Under Manage, click on **API permissions**
1. Add Azure DevOps permissions for **vso.code_manage** and **vso.graph**
<figure>
![](./assets/azure_oauth_add_api_permissions.png)
<figcaption></figcaption>
</figure>
## Agent configuration
### Step 2: Configure the Moderne Agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to work with your Azure DevOps Services instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
Values for client ID, client secret and tenant ID can be found in the Overview page for your OAuth app's registration:
![](./assets/azure_oauth_app_registration_overview.png)
:::info
You can configure multiple Azure DevOps OAuth apps by including multiple entries, each with a different `{index}`.
:::
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|--------------------------------------------------------|--------------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_CLIENTID` | `true` | | The client ID of the registered OAuth app. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_CLIENTSECRET` | `true` | | The client secret of the registered OAuth app. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_TENANTID` | `true` | | The Azure tenant ID of the registered OAuth app. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Azure DevOps instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_PRIVATEKEY` | `false` | | The SSH private key used to establish a SSH connection with Azure DevOps. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_PASSPHRASE` | `true` (If the SSH key is specified + encrypted) | | The passphrase used to encrypt the SSH private key |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_SSHFILENAME` | `true` (If the SSH key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_USER` | `true` (If the SSH key is specified) | | The username used for SSH communication with Azure DevOps. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_CLIENTID=4affd674-286d-423f-b643-7ffe4dec0f53 \
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_TENANTID=488bc312-9fdc-43d2-a647-7a7b28066cc4 \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------------|--------------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.azuredevops[{index}].oauth.clientId` | `true` | | The client ID of the registered OAuth app. |
| `--moderne.agent.azuredevops[{index}].oauth.clientSecret` | `true` | | The client secret of the registered OAuth app. |
| `--moderne.agent.azuredevops[{index}].oauth.tenantId` | `true` | | The Azure tenant ID of the registered OAuth app. |
| `--moderne.agent.azuredevops[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Azure DevOps instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.azuredevops[{index}].ssh.privateKey` | `false` | | The SSH private key used to establish a SSH connection with Azure DevOps. |
| `--moderne.agent.azuredevops[{index}].ssh.passphrase` | `true` (If the SSH key is specified + encrypted) | | The passphrase used to encrypt the SSH private key |
| `--moderne.agent.azuredevops[{index}].ssh.sshFileName` | `true` (If the SSH key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.azuredevops[{index}].ssh.user` | `true` (If the SSH key is specified) | | The username used for SSH communication with Azure DevOps. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.azuredevops[0].oauth.clientId=4affd674-286d-423f-b643-7ffe4dec0f53 \
--moderne.agent.azuredevops[0].oauth.clientSecret=yourClientSecret \
--moderne.agent.azuredevops[0].oauth.tenantId=488bc312-9fdc-43d2-a647-7a7b28066cc4 \
# ... Additional arguments
```
</TabItem>
</Tabs>

85
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-client-ssl-certificates.md Normal file
View File

@@ -0,0 +1,85 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with client SSL certificates
If you are configuring the Moderne agent to connect to a service that requires a self-signed certificate to perform a HTTPS request (e.g., Maven or Artifactory) you will need to:
* Supply a KeyStore for the agent to use in the `PKCS12` format at the following location: `${JAVA_HOME}/lib/security/client_keystore.p12`
* Configure the agent to `skipSSL` for this service (See the [Artifactory](./configuring-artifactory-with-recipes.md) or [Maven](./configure-an-agent-with-maven-repository-access.md) agent documentation)
Below are a few examples of creating the KeyStore in some common scenarios:
<Tabs>
<TabItem value="certificate-without-key" label="Certificate without key">
```bash
RUN openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys
```
</TabItem>
<TabItem value="certificate-and-key-files" label="Certificate and key files">
```bash
openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-inkey <pathtocertfolder>/cert.key \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit
```
</TabItem>
<TabItem value="certificate-and-key-in-one-file" label="Certificate and key in one file">
```bash
RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit
```
</TabItem>
</Tabs>
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
If you are running the agent in an OCI container, you will need to create a new Dockerfile based on the Moderne agent and supply the image with the KeyStore.
**Example:**
```docker
FROM moderne.azurecr.io/moderne-dev/moderne/moderne-agent:latest
USER root
COPY s2s-cert.pem ${JAVA_HOME}/lib/security/s2s-cert.pem
#Certifcate without keys
RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
Nothing else needs to happen for the executable JAR flow other than ensuring the KeyStore has been added to the following location: `${JAVA_HOME}/lib/security/client_keystore.p12`
```
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
```
</TabItem>
</Tabs>

75
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-generic-http-tools-for-use-in-recipes.md Normal file
View File

@@ -0,0 +1,75 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with generic HTTP tools for use in recipes
You have internal services within your enterprise that you may want to use within your recipes. Some possible examples follow:
* Launch Darkly - I want to use a recipe to identify code paths that can no longer be hit due to a Launch Darkly flag that has been turned on for a long time.
* Security advisory database - I have a security advisory database internally, and I want to use a recipe to identify when my dependencies match a security advisory in my internal database.
* NPM Registries - I want to run a recipe that performs `npm install` commands that need to install dependencies from a private registry.
Setting up a generic HTTP tool will allow you to use `org.openrewrite.ipc.http.HttpSender` from your internal recipes to call tools inside your environment. [Example usage of HttpSender](https://github.com/openrewrite/rewrite-generative-ai/blob/357d5f39f22cf47f4d5df417c1ddb6c883dd5c24/src/main/java/org/openrewrite/ai/model/GenerativeCodeEditor.java#L48-L57). It also enables the use of `org.openrewrite.nodejs.NpmExecutor` in NodeJS recipes allowing the platform to proxy HTTP requests made during npm installs to the registry within your environment. [Example usage of NpmExecutor](https://github.com/moderneinc/rewrite-codemods-ng/blob/main/src/main/java/org/openrewrite/codemods/migrate/angular/NodeBasedRecipe.java#L108-L158).
<figure>
![](./assets/http-tool.png)
<figcaption></figcaption>
</figure>
## Agent configuration
The following table contains all the variables/arguments you need to add to your Moderne agent run command to work with your HTTP tool. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
You can configure multiple generic HTTP tools by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------------------|----------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_HTTPTOOL_{index}_URL` | `true` | | Fully qualified URL to your HTTP tool. |
| `MODERNE_AGENT_HTTPTOOL_{index}_USERNAME` | `false` | | Username used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `MODERNE_AGENT_HTTPTOOL_{index}_PASSWORD` | `false` | | Password used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `MODERNE_AGENT_HTTPTOOL_{index}_BEARERTOKEN` | `false` | | Bearer token used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If `bearerToken` is specified, username and password must not be provided. |
| `MODERNE_AGENT_HTTPTOOL_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this HTTP tool. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_HTTPTOOL_{index}_SKIPVALIDATECONNECTIVITY` | `false` | `false` | By default, on agent startup, we will validate that we can connect to this HTTP tool, and fail to start up the agent if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_HTTPTOOL_0_URL=https://launchdarkly.mycompany.com \
-e MODERNE_AGENT_HTTPTOOL_0_USERNAME=myUser \
-e MODERNE_AGENT_HTTPTOOL_0_PASSWORD=${SECRET_NAME} \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------------------|----------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.httpTool[{index}].url` | `true` | | Fully qualified URL to your HTTP tool. |
| `--moderne.agent.httpTool[{index}].username` | `false` | | Username used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `--moderne.agent.httpTool[{index}].password` | `false` | | Password used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If username and password are specified, `bearerToken` must not be provided. |
| `--moderne.agent.httpTool[{index}].bearerToken` | `false` | | Bearer token used to authenticate to HTTP tool. <br/><br/>**Note:** Only one of basic auth (username+password) and bearer token can be used. If `bearerToken` is specified, username and password must not be provided. |
| `--moderne.agent.httpTool[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this HTTP tool. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.httpTool[{index}].skipValidateConnectivity` | `false` | `false` | By default, on agent startup, we will validate that we can connect to this HTTP tool, and fail to start up the agent if we cannot. Set this to `true` to skip this validation. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.httpTool[0].url=https://launchdarkly.mycompany.com \
--moderne.agent.httpTool[0].username=myUser \
--moderne.agent.httpTool[0].password=${SECRET_NAME} \
# ... Additional arguments
```
</TabItem>
</Tabs>

128
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-github.md Normal file
View File

@@ -0,0 +1,128 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with GitHub
In order to view recipe results and commit changes from a recipe back to GitHub, you'll need to create a GitHub OAuth app and configure the Moderne agent with the appropriate variables.
To assist with that, this guide will:
* [Walk you through how to create a GitHub OAuth application](#step-1-create-an-oauth-application)
* [Provide you with a list of necessary variables the agent needs to communicate with your GitHub instance](#step-2-configure-the-moderne-agent)
:::info
[Why an OAuth app and not a GitHub app?](../../references/github-permissions.md#github-oauth-applications-vs-github-applications)
:::
#### Prerequisites
* You will need administrator access to your organization's GitHub account
## GitHub configuration
### Step 1: Create an OAuth application
1. Navigate to the settings page for your organization: `https://github.com/organizations/<YOUR_ORG>/settings/applications`
2. Expand `Developer settings` on the bottom left of the page:
<figure>
![](./assets/dev-settings.png)
<figcaption></figcaption>
</figure>
3. Click the `New OAuth App` button in the upper right of your screen.
4. Supply the required fields and register the application (See [examples](#example-values) below):
<figure>
![](./assets/gh-req-fields.png)
<figcaption></figcaption>
</figure>
5. On your newly created application click the `Generate a new client secret` button:
<figure>
![](./assets/gh-secrets.png)
<figcaption></figcaption>
</figure>
6. Copy the `Client ID` and `Client secret` from this page; they will be used as [arguments for the Moderne Agent](#step-2-configure-the-moderne-agent).
#### Example values
| Field | Example |
| -------------------------- | -------------------------- |
| Application Name | `Moderne SaaS` |
| Homepage URL | `https://myorg.moderne.io` |
| Authorization callback URL | `https://myorg.moderne.io` |
## Agent configuration
### Step 2: Configure the Moderne Agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to work with your GitHub instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
:::info
You can configure multiple GitHub OAuth apps by including multiple entries, each with a different `{index}`.
:::
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|----------------------------------------------------------------|----------------------------------------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_GITHUB_{index}_OAUTH_CLIENTID` | `true` | | The client id configured in GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_OAUTH_CLIENTSECRET` | `true` | | The client secret configured in GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_URL` | `true` | | The fully-qualified hostname of the running GitHub instance. |
| `MODERNE_AGENT_GITHUB_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitHub instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_GITHUB_{index}_ALLOWABLE_ORGANIZATIONS_{index}` | `false` | See description | Specifies what organizations you can fork recipe results to. By default, there are no restrictions on which organizations can be committed to. If you want multiple organizations, increase the last index and add one per line. |
| `MODERNE_AGENT_GITHUB_{index}_OAUTH_INCLUDEPRIVATEREPOS` | `false` | See description | By default, the OAuth app will only have access to public repositories within your organization(s). To provide the OAuth app access to private repositories, you can set this to `true`. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_PRIVATEKEY` | `false` | | (Optional) The SSH private key used to establish a SSH connection with GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_PASSPHRASE` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_SSHFILENAME` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_USER` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitHub. |
| `MODERNE_AGENT_GITHUB_{index}_SSH_PORT` | `false` | `7999` | The port used to communicate via SSH with GitHub. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=yourClientId \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_0=moderne \
-e MODERNE_AGENT_GITHUB_0_ALLOWABLE_ORGANIZATIONS_1=openrewrite \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-------------------------------------------------------------------|----------------------------------------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.github[{index}].oauth.clientId` | `true` | | The client id configured in GitHub. |
| `--moderne.agent.github[{index}].oauth.clientSecret` | `true` | | The client secret configured in GitHub. |
| `--moderne.agent.github[{index}].url` | `true` | | The fully-qualified hostname of the running GitHub instance. |
| `--moderne.agent.github[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitHub instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.github[{index}].allowableOrganizations[{index}]` | `false` | See description | Specifies what organizations you can fork recipe results to. By default, there are no restrictions on which organizations can be committed to. If you want multiple organizations, increase the last index and add one per line. |
| `--moderne.agent.github[{index}].oauth.includePrivateRepos` | `false` | See description | By default, the OAuth app will only have access to public repositories within your organization(s). To provide the OAuth app access to private repositories, you can set this to `true`. |
| `--moderne.agent.github[{index}].ssh.privateKey` | `false` | | (Optional) The SSH private key used to establish a SSH connection with GitHub. |
| `--moderne.agent.github[{index}].ssh.passphrase` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `--moderne.agent.github[{index}].ssh.sshFileName` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.github[{index}].ssh.user` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitHub. |
| `--moderne.agent.github[{index}].ssh.port` | `false` | `7999` | The port used to communicate via SSH with GitHub. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.github[0].oauth.clientId=yourClientId \
--moderne.agent.github[0].oauth.clientSecret=yourClientSecret \
--moderne.agent.github[0].url=https://myorg.github.com \
--moderne.agent.github[0].allowableOrganizations[0]=moderne \
--moderne.agent.github[0].allowableOrganizations[1]=openrewrite \
--moderne.agent.github[0].oauth.includePrivateRepos=true \
# ... Additional arguments
```
</TabItem>
</Tabs>

99
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-gitlab.md Normal file
View File

@@ -0,0 +1,99 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with GitLab
In order to view recipe results and commit changes from a recipe back to GitLab, you'll need to create a GitLab OAuth app and configure the Moderne agent with the appropriate variables.
To assist with that, this guide will:
* [Walk you through how to create a GitLab OAuth application](#step-1-create-an-oauth-application)
* [Provide you with a list of necessary variables the agent needs to communicate with your GitLab instance](#step-2-configure-the-moderne-agent)
#### Prerequisites
* You will need administrator access to your organization's GitLab account
## GitLab configuration
### Step 1: Create an OAuth application
1. Navigate to the Applications page for your organization: `https://gitlab.com/groups/<yourorg>/-/settings/applications`
2. Provide an application name and redirect URI. The redirect URI will be in this format: `https://<tenantname>.moderne.io`:
![](./assets/gl-app-page.png)
3. Pick the following scopes:
![](./assets/gl-scopes.png)
4. Click the Save application button
5. Copy the `Application ID` and `Secret` from this page; they will be used as arguments for the Moderne Agent:
![](./assets/gl-secrets.png)
## Agent configuration
### Step 2: Configure the Moderne Agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to work with your GitLab instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
You can configure multiple GitLab OAuth apps by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------------------|----------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_GITLAB_{index}_OAUTH_CLIENTID` | `true` | | The application id configured in GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_OAUTH_CLIENTSECRET` | `true` | | The secret configured in GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_URL` | `true` | | The fully-qualified hostname of your GitLab instance. |
| `MODERNE_AGENT_GITLAB_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitLab instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_PRIVATEKEY` | `false` | | The SSH private key used to establish a SSH connection with GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_PASSPHRASE` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_SSHFILENAME` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_USER` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitLab. |
| `MODERNE_AGENT_GITLAB_{index}_SSH_PORT` | `false` | `7999` | The port used to communicate via SSH with GitLab. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_GITLAB_0_OAUTH_CLIENTID=yourClientId \
-e MODERNE_AGENT_GITLAB_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_GITLAB_0_URL=https://your-gitlab.com \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|------------------------------------------------------|----------------------------------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.gitlab[{index}].oauth.clientId` | `true` | | The application id configured in GitLab. |
| `--moderne.agent.gitlab[{index}].oauth.clientSecret` | `true` | | The secret configured in GitLab. |
| `--moderne.agent.gitlab[{index}].url` | `true` | | The fully-qualified hostname of your GitLab instance. |
| `--moderne.agent.gitlab[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this GitLab instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.gitlab[{index}].ssh.privateKey` | `false` | | The SSH private key used to establish a SSH connection with GitLab. |
| `--moderne.agent.gitlab[{index}].ssh.passphrase` | `true` (If the SSH private key is specified) | | The passphrase used to encrypt the SSH private key. |
| `--moderne.agent.gitlab[{index}].ssh.sshFileName` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.gitlab[{index}].ssh.user` | `true` (If the SSH private key is specified) | | The username used for SSH communication with GitLab. |
| `--moderne.agent.gitlab[{index}].ssh.port` | `false` | `7999` | The port used to communicate via SSH with GitLab. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.gitlab[0].oauth.clientId=yourClientId \
--moderne.agent.gitlab[0].oauth.clientSecret=yourClientSecret \
--moderne.agent.gitlab[0].url=https://your-gitlab.com \
# ... Additional arguments
```
</TabItem>
</Tabs>

143
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-maven-repository-access.md Normal file
View File

@@ -0,0 +1,143 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with Maven repository access
In order for Moderne to retrieve your [Lossless Semantic Tree](../../references/lossless-semantic-trees.md) (LST) or recipe artifacts, the agent needs to be configured to talk to your Maven-formatted artifact repositories. This connection also allows Moderne to lookup dependency versions to determine if a new version is available.
There are a variety of services that support Maven-formatted artifact repositories. Some examples include [JFrog Artifactory](https://jfrog.com/artifactory/), [Sonatype Nexus](https://www.sonatype.com/products/nexus-repository), and [Azure Artifacts](https://azure.microsoft.com/en-us/services/devops/artifacts/).
:::info
If your company has a rule that any externally-hosted JARs (e.g., Maven Central) be brought into an internal Maven repository (e.g., Artifactory) and scanned before being used, the instructions in this doc **must** be followed. Furthermore, [please ensure that you point the agent to your internal Maven repository and that the OpenRewrite JARs and dependencies are included in said repository](./configure-an-agent-with-strict-recipe-sources.md).
:::
This guide will explain how to:
* [Configure your artifact service to support LST and recipes artifacts](#publishing-lst-artifacts)
* [Configure the Moderne agent to connect to any service that supports Maven-formatted repositories](#configuring-the-moderne-agent)
#### Prerequisites
* You might need a username and password for a user that is allowed to resolve artifacts.
:::info
In many organizations, artifact resolution is unauthenticated while artifact publishing is authenticated. If artifact resolution is unauthenticated, you may omit the username/password configuration in the [Configuration step](#configuring-the-moderne-agent).
:::
## Publishing LST artifacts
### Configure the Maven Indexer
In order to publish LST artifacts, the artifact registry must be regularly updated with an index in the [Maven Indexer](https://maven.apache.org/maven-indexer/) format. The frequency with which the index is updated is an approximation of the time it will take for an LST that is published to your artifact repository to show up in Moderne. You will need to decide where the border is between faster publishing and the load required on your Artifactory instance.
Please follow the below instructions to configure the indexer for your Maven formatted repository:
<Tabs>
<TabItem value="artifactory" label="Artifactory">
:::warning
If you are using Artifactory to publish LST artifacts, it is _highly_ recommended that you follow the instructions in the [configuring an agent with Artifactory doc](configure-an-agent-with-artifactory-access.md) instead as that will result in faster artifact consumption while also avoiding substantial load on your Artifactory instance. The following instructions should only be followed if you can not use [AQL](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) for some reason.
:::
In Artifactory, select the `Artifactory` link on the left nav and then select `Maven Indexer` under Services:
![](./assets/artifactory.png)
For a repository to be a source of LSTs, it must be included in the list of repositories that are indexed:
![](./assets/maven-indexer.png)
</TabItem>
<TabItem value="nexus-repository" label="Nexus Repository">
Under the administration view, select `Tasks` on the left nav:
![](./assets/sona-tasks.png)
Select `Create task` and create a `Maven - Publish Maven Indexer files` task:
![](./assets/maven-publish.png)
Select the repository that will serve LST artifacts and specify a frequency with which this index should be updated:
![](./assets/maven-publish-index.png)
</TabItem>
</Tabs>
## Publishing recipe artifacts
Recipe artifacts will automatically be picked up by Moderne so long as you set the recipe source flag to true in the below [configuration step](#configuring-the-moderne-agent). These artifacts will be immediately available for [deployment to Moderne](../importing-external-recipes.md) upon being published.
## Configuring the Moderne agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to get LST and recipe artifacts from your Maven formatted repository. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
You can configure multiple Maven formatted repositories by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|-------------------------------------------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository. |
| `MODERNE_AGENT_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `MODERNE_AGENT_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_AGENT_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_AGENT_MAVEN_{index}_ASTSOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts (Note: LSTs used to be called ASTs). |
| `MODERNE_AGENT_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_AGENT_MAVEN_{index}_SKIPSSL` | `true` (If you use a self-signed SSL/TLS certificate) | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. |
:::warning
If you want to configure a [Moderne DevCenter](../dev-center.md), you will need to ensure that you have exactly one Maven repository configured with `RECIPESOURCE` set to `true`. (It is fine to have this same Maven repository configured in multiple agents.)
:::
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME=admin \
-e MODERNE_AGENT_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------|-------------------------------------------------------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`--moderne.agent.maven[{index}].url` | `true` | | The URL of your Maven repository. |
| `--moderne.agent.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `--moderne.agent.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.agent.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.agent.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.agent.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.agent.maven[{index}].astSource` | `false` | `true` | Specifies whether or not this repository should be searched for LST artifacts (Note: LSTs used to be called ASTs). |
| `--moderne.agent.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.agent.maven[{index}].skipSsl` | `true` (If you use a self-signed SSL/TLS certificate) | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. |
:::warning
If you want to configure a [Moderne DevCenter](../dev-center.md), you will need to ensure that you have exactly one Maven repository configured with `recipeSource` set to `true`. (It is fine to have this same Maven repository configured in multiple agents.)
:::
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.maven[0].username=admin \
--moderne.agent.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>

81
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-pypi-access-visualizations.md Normal file
View File

@@ -0,0 +1,81 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with PyPI access: visualizations
In order for Moderne to retrieve your visualization artifacts from PyPI, you will need to configure the agent and run it in a specific environment. This guide will walk you through how to configure the agent to get visualization artifacts from your PyPI package index.
**Note**: This feature is experimental. Running the agent in a different environment (read: os, python version) may break deployed visualizations.
## Publishing visualizations
Visualization artifacts published to the configured PyPI index can be deployed to Moderne if there is an agent configured with access.
## Configuring the Moderne agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to get visualization artifacts from your PyPI package index. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
You can configure multiple PyPI indexes by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|--------------------------------------------------|----------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_VISUALIZATIONS_USEONLYCONFIGURED` | `true` | `false` | Only use the visualization sources configured in the agent. |
| `MODERNE_AGENT_PYPI_{index}_URL` | `true` | | The URL of your PyPI package index. |
| `MODERNE_AGENT_PYPI_{index}_USERNAME` | `false` | `null` | The username used to access the index. |
| `MODERNE_AGENT_PYPI_{index}_PASSWORD` | `false` | `null` | The password used to access the index. |
| `MODERNE_AGENT_PYPI_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this PyPI package index. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_VISUALIZATIONS_USEONLYCONFIGURED=true \
-e MODERNE_AGENT_PYPI_0_URL=https://pypi.example.com/simple \
-e MODERNE_AGENT_PYPI_0_USERNAME=admin \
-e MODERNE_AGENT_PYPI_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------------|----------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.visualizations.useOnlyConfigured` | `true` | `false` | Only use the visualization sources configured in the agent. |
| `--moderne.agent.pypi[{index}].url` | `true` | | The URL of your PyPI package index. |
| `--moderne.agent.pypi[{index}].username` | `false` | `null` | The username used to access the index. |
| `--moderne.agent.pypi[{index}].password` | `false` | `null` | The password used to access the index. |
| `--moderne.agent.pypi[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this PyPI package index. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.visualizations.useOnlyConfigured=true \
--moderne.agent.pypi[0].url=https://pypi.example.com/simple \
--moderne.agent.pypi[0].username=admin \
--moderne.agent.pypi[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>
## The agent environment
To install pip packages from the secure environment the agent runs in we need to install and move the packages on the agent and to the SaaS. To achieve this the environments that the agent and the SaaS run in must be in sync.
The easiest way to achieve this is to run the agent using the OCI container, but if you do run it using your own container or using the executable jar directly you will need to ensure that the environment is set up in a way that the python packages downloaded on the agent will also work on the SaaS. This means:
* Linux (ubuntu:22.04 is tested)
* `/bin/sh` shell with
* Python version 3.11 available under the `python3` command
* Pip and virtualenv (venv) installed. Alias not required (called via `python3 -m pip/venv)`

102
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-an-agent-with-strict-recipe-sources.md Normal file
View File

@@ -0,0 +1,102 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with strict recipe sources
The Moderne SaaS is configured to use the following Maven repositories to load recipe artifacts from in the event the agent has not been configured with any recipe sources or if a recipe artifact cannot be sourced from what is configured. (Requires agent version `0.118.0` or greater)
```xml
<repository>
<id>maven-central-explicit</id>
<url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>oss-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>artifact-registry</id>
<url>https://us-west1-maven.pkg.dev/moderne-dev/moderne-recipe</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>jitpack</id>
<url>https://jitpack.io</url>
<releases>
<enabled>true</enabled>
</releases>
</repository>
```
This fallback behavior can be disabled using recipe configuration. If any agent is configured with this setting then recipes will only be sourced by what the agent defines.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-------------------------------------------------|-------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_RECIPE_USEONLYCONFIGURED` | `true` | | Only use the recipe sources configured in the agent. |
| `MODERNE_AGENT_RECIPE_POMCACHE_TYPE` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `MODERNE_AGENT_RECIPE_POMCACHE_ENTRYTTLMINUTES` | `false` | | How long entries should live in the POM cache. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_HOST` | `true` (If the POM cache type is `REDIS`) | | The URL of the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_PORT` | `true` (If the POM cache type is `REDIS`) | | The port number of the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_USERNAME` | `false` | | The username needed to authenticate to the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_PASSWORD` | `false` | | The password needed to authenticate with the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_SSL` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `MODERNE_AGENT_RECIPE_POMCACHE_REDIS_DATABASE` | `false` | | The Redis DB index. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_RECIPE_USEONLYCONFIGURED=true \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|---------------------------------------------------|-------------------------------------------|---------|---------------------------------------------------------------------------------------------------|
| `--moderne.agent.recipe.useOnlyConfigured` | `true` | | Only use the recipe sources configured in the agent. |
| `--moderne.agent.recipe.pomCache.type` | `false` | | Used to specify what type of cache the POM should use. Acceptable values: `IN_MEMORY` or `REDIS`. |
| `--moderne.agent.recipe.pomCache.entryTtlMinutes` | `false` | | How long entries should live in the POM cache. |
| `--moderne.agent.recipe.pomCache.redis.host` | `true` (If the POM cache type is `REDIS`) | | The URL of the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.port` | `true` (If the POM cache type is `REDIS`) | | The port number of the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.username` | `false` | | The username needed to authenticate to the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.password` | `false` | | The password needed to authenticate with the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.ssl` | `false` | `false` | If set to `true`, then SSL will be enabled for the connection to the Redis instance. |
| `--moderne.agent.recipe.pomCache.redis.database` | `false` | | The Redis DB index. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.recipe.useOnlyConfigured=true \
# ... Additional arguments
```
</TabItem>
</Tabs>

96
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-bitbucket-cloud-to-agent.md Normal file
View File

@@ -0,0 +1,96 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with Bitbucket Cloud access
In order to view recipe results and commit changes from a recipe back to Bitbucket, you'll need to create an application link in Bitbucket and configure the Moderne agent with the appropriate variables.
To assist with that, this guide will:
* [Walk you through how to configure your Bitbucket Cloud instance to support the agent](#step-1-create-a-bitbucket-oauth-consumer)
* [Provide you with a list of necessary variables the agent needs to communicate with your Bitbucket instance](#step-2-configure-the-moderne-agent)
#### Prerequisites
* You will need access to create a Bitbucket OAuth Consumer
## Bitbucket configuration
### Step 1: Create a Bitbucket OAuth Consumer
Follow [this Atlassian guide](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/) to create an OAuth Consumer.
Once that's done, configure the callback URL to point at your Moderne tenant:
<figure>
![](./assets/callback.png)
<figcaption></figcaption>
</figure>
The consumer should have these permissions:
<figure>
![](./assets/bitbucket-permissions.png)
<figcaption></figcaption>
</figure>
* Projects - Read
* Repositories - Write
* Pull requests - Write
Once your consumer has been created, you should see a `key` and a `secret`:
<figure>
![](./assets/key-secret.png)
<figcaption></figcaption>
</figure>
Please save those for use in [Step 2](#step-2-configure-the-moderne-agent).
## Agent configuration
### Step 2: Configure the Moderne agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to work with your Bitbucket instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
<Tabs>
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|---------|--------------------------------------------------------|
| `MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_KEY` | `true` | | The key specified in your Bitbucket OAuth consumer. |
| `MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_SECRET` | `true` | | The secret specified in your Bitbucket OAuth consumer. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_KEY=yourOAuthKey \
-e MODERNE_AGENT_BITBUCKET_CLOUD_OAUTH_SECRET=yourSecretKey \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-----------------------------------------------|----------|---------|--------------------------------------------------------|
| `--moderne.agent.bitbucket.cloud.oauthKey` | `true` | | The key specified in your Bitbucket OAuth consumer. |
| `--moderne.agent.bitbucket.cloud.oauthSecret` | `true` | | The secret specified in your Bitbucket OAuth consumer. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.bitbucket.cloud.oauthKey=yourOAuthKey \
--moderne.agent.bitbucket.cloud.oauthSecret=yourSecretKey \
# ... Additional arguments
```
</TabItem>
</Tabs>

147
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-bitbucket-to-agent.md Normal file
View File

@@ -0,0 +1,147 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with Bitbucket Data Center access
In order to view recipe results and commit changes from a recipe back to Bitbucket, you'll need to create an application link in Bitbucket and configure the Moderne agent with the appropriate variables.
To assist with that, this guide will:
* [Walk you through how to configure your Bitbucket server or Bitbucket Data Center instance to support the agent](#step-1-generate-a-public-and-private-key-for-bitbucket)
* [Provide you with a list of necessary variables the agent needs to communicate with your Bitbucket instance](#step-4-configure-the-moderne-agent)
#### Prerequisites
* You will need administrator access to your Bitbucket on-premise instance
## Bitbucket configuration
### Step 1: Generate a public and private key for Bitbucket
This key will be used by the Moderne agent to talk to Bitbucket.
```bash
openssl genrsa -out bitbucket_privatekey.pem 1024
openssl req -newkey rsa:1024 -x509 -key bitbucket_privatekey.pem -out bitbucket_publickey.cer -days 365
openssl pkcs8 -topk8 -nocrypt -in bitbucket_privatekey.pem -out bitbucket_privatekey.pcks8
openssl x509 -pubkey -noout -in bitbucket_publickey.cer > bitbucket_publickey.pem
```
### Step 2: Create an Application Link in Bitbucket
1. Go to the Administration page in your Bitbucket instance
2. Select _Application Links_ from the _System_ section
3. Click on "Create link"
4. Ensure that the _Application Type_ is set to _Atlassian product_ (this looks weird, but this is the [documented path](https://confluence.atlassian.com/bitbucketserver/link-to-other-applications-1018764620.html) for external applications to integrate)
5. Enter the URL for your Moderne instances as the _Application URL_:
<figure>
![](./assets/agent-bitbucket-create-link.png)
<figcaption>_Create link_</figcaption>
</figure>
6. Click _Continue_
7. Define a new Incoming Application with the following settings:
| Field | Value |
| --------------------- | -------------------------------- |
| Application Name | `Moderne` |
| Application Type | Generic Application |
| Service Provider Name | `moderne` |
| Consumer key | `OauthKey` |
| Request token URL | `https://your-domain.moderne.io` |
| Access token URL | `https://your-domain.moderne.io` |
| Authorize URL | `https://your-domain.moderne.io` |
| Create incoming link | ✅ |
8. Click _Continue_
9. Complete the Incoming Link configuration:
| Field | Value |
| ------------- | ------------------------------------------------------------ |
| Consumer Key | `OauthKey` |
| Consumer Name | `Moderne` |
| Public Key | Paste the public key (`bitbucket_publickey.pem`) from step 1 |
10. Click _Continue_ to complete the Application Link creation
## Agent configuration
### Step 3: Configure the Bitbucket private key for the Moderne agent
In order for the Moderne agent to work with your Bitbucket instance, it will need to be provided with the private key you generated in [Step 1](#step-1-generate-a-public-and-private-key-for-bitbucket). Before Moderne can use this key, though, you will need to convert it to a single-line string.
If you're using Bash or another shell, you can obtain the single-line string by copying the results of the following command (for use in [Step 4](#step-4-configure-the-moderne-agent)):
```bash
cat bitbucket_privatekey.pcks8 | sed '1d;$d' | tr -d '\n'
```
If you're not using a shell, please follow these instructions instead:
1. Open up the `bitbucket_privatekey.pcks8` key in a text editor
2. Remove the first and last line (header and footer) of the private key
* The first line should be: `-----BEGIN PRIVATE KEY-----`
* The last line should be: `-----END PRIVATE KEY-----`
3. Remove all newline and return characters
4. Copy the contents of the file as a single-line string. This will be used in [Step 4](#step-4-configure-the-moderne-agent)
### Step 4: Configure the Moderne Agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to work with your Bitbucket instance. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
:::info
You can configure multiple Bitbucket instances by including multiple entries, each with a different `{index}`.
:::
<Tabs>
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|---------------------------------------------------------|-----------------------------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_BITBUCKET_{index}_PRIVATEKEY` | `true` | | The private key you configured for this Bitbucket instance. |
| `MODERNE_AGENT_BITBUCKET_{index}_URL` | `true` | | The fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `MODERNE_AGENT_BITBUCKET_{index}_ALTERNATEURLS_{index}` | `false` | | The list of alternative fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `MODERNE_AGENT_BITBUCKET_{index}_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Bitbucket instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_PRIVATEKEY` | `false` | | The SSH private key used to establish a SSH connection with Bitbucket. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_PASSPHRASE` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_SSHFILENAME` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_USER` | `true` (If the SSH private key is specified) | | The username used for SSH communication with Bitbucket. |
| `MODERNE_AGENT_BITBUCKET_{index}_SSH_PORT` | `true` (If the SSH private key is specified) | `7999` | The port used to communicate via SSH with Bitbucket. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_BITBUCKET_0_PRIVATEKEY=yourPrivateKey \
-e MODERNE_AGENT_BITBUCKET_0_URL=https://bitbucket.myorg.com \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|-------------------------------------------------------------|-----------------------------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.bitbucket[{index}].privateKey` | `true` | | The private key you configured for this Bitbucket instance. |
| `--moderne.agent.bitbucket[{index}].url` | `true` | | The fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `--moderne.agent.bitbucket[{index}].alternateUrls[{index}]` | `false` | | The list of alternative fully-qualified URL of the running Bitbucket instance. For example: `https://bitbucket.myorg.com`. |
| `--moderne.agent.bitbucket[{index}].skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Bitbucket instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
| `--moderne.agent.bitbucket[{index}].ssh.privateKey` | `false` | | The SSH private key used to establish a SSH connection with Bitbucket. |
| `--moderne.agent.bitbucket[{index}].ssh.passphrase` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.bitbucket[{index}].ssh.sshFileName` | `true` (If the SSH private key is specified) | | The file name of the private key, which the agent will store locally. |
| `--moderne.agent.bitbucket[{index}].ssh.user` | `true` (If the SSH private key is specified) | | The username used for SSH communication with Bitbucket. |
| `--moderne.agent.bitbucket[{index}].ssh.port` | `true` (If the SSH private key is specified) | `7999` | The port used to communicate via SSH with Bitbucket. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.bitbucket[0].privateKey=yourPrivateKey \
--moderne.agent.bitbucket[0].url=https://bitbucket.myorg.com \
# ... Additional arguments
```
</TabItem>
</Tabs>

50
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configure-organizations-service.md Normal file
View File

@@ -0,0 +1,50 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure the agent with the Organizations service
In order for Moderne to obtain information about your organizational structure, you will need to configure the Moderne agent to point to your [Organizations service](../organizations-service.md). This guide will explain how to do that.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|------------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_ORGANIZATION_URL` | `true` | | The URL of your GraphQL service that provides organization information. |
| `MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS` | `false` | `600` | Specifies how often to request your organization information. |
| `MODERNE_AGENT_ORGANIZATION_SKIPSSL` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_ORGANIZATION_URL=http://localhost:8091 \
-e MODERNE_AGENT_ORGANIZATION_UPDATE_INTERVAL_SECONDS=600 \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|------------------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.organization.url` | `true` | | The URL of your GraphQL service that provides organization information. |
| `--moderne.agent.organization.updateIntervalSeconds` | `false` | `600` | Specifies how often to request your organization information. |
| `--moderne.agent.organization.skipSsl` | `false` | `false` | Specifies whether or not to skip SSL validation for HTTP connections to this Organization service instance. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.organization.url=http://localhost:8091 \
--moderne.agent.organization.updateIntervalSeconds=600 \
# ... Additional arguments
```
</TabItem>
</Tabs>

86
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/configuring-artifactory-with-recipes.md Normal file
View File

@@ -0,0 +1,86 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Configure an agent with Artifactory access: recipes
In order for Moderne to retrieve your recipe artifacts from Artifactory, you will need to create a Maven formatted repository inside of Artifactory and point the agent to said repository. This guide will walk you through how to configure the agent to get recipe artifacts from your repository.
## Publishing recipe artifacts
Recipe artifacts will automatically be picked up by Moderne so long as you set the recipe source flag to true in the below [configuration step](#configuring-the-moderne-agent). These artifacts will be immediately available for [deployment to Moderne](../importing-external-recipes.md) upon being published.
## Configuring the Moderne agent
The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to get recipe artifacts from your Maven formatted repository inside of Artifactory. Please note that these variables/arguments must be combined with ones found in other steps in the [Configuring the Moderne agent guide](./agent-config.md).
You can configure multiple Maven formatted repositories by including multiple entries, each with a different `{index}`.
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
**Variables:**
| Variable Name | Required | Default | Description |
|-----------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `MODERNE_AGENT_MAVEN_{index}_URL` | `true` | | The URL of your Maven repository. |
| `MODERNE_AGENT_MAVEN_{index}_ASTSOURCE` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. **You should set this to false** (Note: LSTs used to be called ASTs). |
| `MODERNE_AGENT_MAVEN_{index}_LOCALREPOSITORY` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `MODERNE_AGENT_MAVEN_{index}_USERNAME` | `false` | `null` | The username used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_PASSWORD` | `false` | `null` | The password used to resolve artifacts. |
| `MODERNE_AGENT_MAVEN_{index}_RELEASES` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `MODERNE_AGENT_MAVEN_{index}_SNAPSHOTS` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `MODERNE_AGENT_MAVEN_{index}_RECIPESOURCE` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `MODERNE_AGENT_MAVEN_{index}_SKIPSSL` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
:::warning
If you want to configure a [Moderne DevCenter](../dev-center.md), you will need to ensure that you have exactly one Maven repository configured with `RECIPESOURCE` set to `true`. (It is fine to have this same Maven repository configured in multiple agents.)
:::
**Example:**
```bash
docker run \
# ... Existing variables
-e MODERNE_AGENT_MAVEN_0_URL=https://myartifactory.example.com/artifactory/libs-releases-local \
-e MODERNE_AGENT_MAVEN_0_ASTSOURCE=false \
-e MODERNE_AGENT_MAVEN_0_LOCALREPOSITORY=~/.moderne-maven \
-e MODERNE_AGENT_MAVEN_0_USERNAME=admin \
-e MODERNE_AGENT_MAVEN_0_PASSWORD=password \
# ... Additional variables
```
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
**Arguments:**
| Argument Name | Required | Default | Description |
|--------------------------------------------------|----------|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--moderne.agent.maven[{index}].url` | `true` | | The URL of your Maven repository. |
| `--moderne.agent.maven[{index}].astSource` | `true` | `true` | Specifies whether or not this repository should be searched for LST artifacts. **You should set this to false** (Note: LSTs used to be called ASTs). |
| `--moderne.agent.maven[{index}].localRepository` | `true` | `~/.moderne-maven` | The path on disk where LST artifacts and Maven index files will be downloaded to. This is on the disk where the agent is being run and **not** on the Maven instance. <br/><br/> LST artifacts are deleted from this location after they are transmitted to Moderne. Index files will remain behind to be used to detect diffs in the artifacts. <br/><br/> If multiple Maven repositories are configured on the agent, they **must** have different local repositories configured. |
| `--moderne.agent.maven[{index}].username` | `false` | `null` | The username used to resolve artifacts. |
| `--moderne.agent.maven[{index}].password` | `false` | `null` | The password used to resolve artifacts. |
| `--moderne.agent.maven[{index}].releases` | `false` | `true` | Specifies whether or not this repository should be searched for releases. |
| `--moderne.agent.maven[{index}].snapshots` | `false` | `true` | Specifies whether or not this repository should be searched for snapshots. |
| `--moderne.agent.maven[{index}].recipeSource` | `false` | `true` | Specifies whether or not this repository should be searched for recipe jars. |
| `--moderne.agent.maven[{index}].skipSsl` | `false` | `false` | Whether or not to skip SSL/TLS verification for calls from the agent to this Maven repository. This must be set to `true` if you use a self-signed SSL/TLS certificate. |
:::warning
If you want to configure a [Moderne DevCenter](../dev-center.md), you will need to ensure that you have exactly one Maven repository configured with `recipeSource` set to `true`. (It is fine to have this same Maven repository configured in multiple agents.)
:::
**Example:**
```bash
java -jar moderne-agent-{version}.jar \
# ... Existing arguments
--moderne.agent.maven[0].url=https://myartifactory.example.com/artifactory/libs-releases-local \
--moderne.agent.maven[0].astSource=false \
--moderne.agent.maven[0].localRepository=~/.moderne-maven \
--moderne.agent.maven[0].username=admin \
--moderne.agent.maven[0].password=password \
# ... Additional arguments
```
</TabItem>
</Tabs>

75
docs/administrator-documentation/moderne-platform/how-to-guides/agent-configuration/multi-tenant-private-recipes.md Normal file
View File

@@ -0,0 +1,75 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# Multi-tenant private recipes
:::warning
The instructions on this page will only apply to you if:
* Your company is using the [app.moderne.io](https://app.moderne.io/getting-started) tenant AND
* You want to upload and deploy your own company-specific recipes that nobody else can, but your team should be able to see or run
If your company has your own private tenant (e.g., `<tenant>.moderne.io`), then this page **does not** apply to you.
:::
### Configuration
When you log in to Moderne, you can either log in with GitHub or BitBucket Cloud.
In order for this feature to work, everyone at your company who logs in to Moderne will need to use the same SCM to log in, and they must have the same email domain for their primary email address in said SCM.
In other words, if you worked at `Foo` and you used GitHub to log in to [app.moderne.io](https://app.moderne.io/getting-started), everyone at your company would need to have their primary GitHub email address be set to their `Foo` email address (e.g., `<someone>@foo.io`).
Once that's true, you will need to grab the email domain (`foo.io`) and:
<Tabs groupId="agent-type">
<TabItem value="oci-container" label="OCI Container">
Set the `MODERNE_AGENT_TENANTDOMAIN` property in your agent configuration to the domain name from above.
</TabItem>
<TabItem value="executable-jar" label="Executable JAR">
Set the `moderne.agent.tenantDomain` property in your agent configuration to the domain name from above.
</TabItem>
</Tabs>
### Deploying private recipes
Anyone with an email address that matches the `tenantDomain` is allowed to both upload and use recipes for that domain.
:::danger
All recipes that should be private to your company **must** start with the reverse of your email domain name (e.g., if your domain is `foo.io`, then all recipes must start with `io.foo`).
:::
1. Navigate to the [Moderne deploy page](https://app.moderne.io/recipes/deploy) and press the `Add` button:
<figure>
![](./assets/moderne-deploy-page.png)
<figcaption></figcaption>
</figure>
2. Fill in the recipe artifact information and press "deploy recipe artifact".
<figure>
![](./assets/deploy-recipe-artifact.png)
<figcaption></figcaption>
</figure>
:::tip
You can use `LATEST` as the version so that the recipe will pick up the latest snapshot or release version.\
:::
### Using private recipes
Anyone logged in with the correct email domain will automatically see their company's private recipes in the marketplace. They can use them just like any other (public) recipe.
### Troubleshooting
> _You cannot upload a tenant private recipe with a groupId that does not start with the reverse domain name_.
This warning will appear when your recipe does not start with the reverse of your email domain. For example, if your email domain was `foo.io` and you tried to upload a recipe that was `bar.io`.
> _Unable to deploy as a private recipe, `io.foo` is not a known tenant domain._
This warning will appear if you try to upload a private recipe and your email domain is not a known/configured tenant domain.

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/add-recipe-button.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/deploy-link.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/gav-artifact.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/migration-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/security-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 153 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/visualization-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
docs/administrator-documentation/moderne-platform/how-to-guides/assets/visualization-id.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

24
docs/administrator-documentation/moderne-platform/how-to-guides/create-visualization.md Normal file
View File

@@ -0,0 +1,24 @@
# How to create visualizations
Visualizations provide a unique way of looking at the data generated by specific recipes. A visualization could be a complex image that you can zoom in and out of to examine connections between nodes or it could be as simple as a text-based table that you can filter or search.
In this short guide, we will walk you through how to create your own visualizations.
## Instructions
A visualization is composed of four things:
1. A [Jupyter/IPython Notebook](https://ipython.org/notebook.html) (e.g., [depenedency vulnerability notebook](https://github.com/moderneinc/moderne-visualizations-misc/blob/main/moderne_visualizations_misc/dependency_vulnerabilities.ipynb)).
2. A ["spec"](https://github.com/moderneinc/moderne-visualizations-misc/blob/main/moderne_visualizations_misc/specs/dependency_vulnerabilities.yml) which defines the visualization and states which recipes the visualization applies to.
3. (_Optional, but recommended_) [An image](https://github.com/moderneinc/moderne-visualizations-misc/blob/main/moderne_visualizations_misc/images/dependency_vulnerabilities.300.png) that represents the visualization. If your recipe spec was named `foo_bar` and your image had a height of 300 pixels, your image should be named `foo_bar.300.png`.
4. (_Optional, but recommended_) [Sample data](https://github.com/moderneinc/moderne-visualizations-misc/blob/main/samples/dependency_vulnerabilities.csv) for testing the visualization.
You should create these pieces inside of a repository that you will then publish as a PyPI package to an internal PyPI repository.
Once you've done that, please [configure your agent with access to said repository](../how-to-guides/agent-configuration/configure-an-agent-with-pypi-access-visualizations.md).
For examples of visualizations the Moderne team has created, please check out our public [moderne-visualizations-misc repository](https://github.com/moderneinc/moderne-visualizations-misc).
## Additional reading
For examples and additional information around visualizations, please see our [getting started with visualizations doc](../../../user-documentation/moderne-platform/getting-started/visualizations.md).

337
docs/administrator-documentation/moderne-platform/how-to-guides/dev-center.md Normal file
View File

@@ -0,0 +1,337 @@
# Configuring the DevCenter
The Moderne DevCenter is the mission-control dashboard of the Moderne Platform. It provides you with high-level details about the state of all of your repositories. Using it, you can track the progress of upgrades, migrations, and security vulnerabilities. You can also use it to view [key visualizations](../../../user-documentation/moderne-platform/getting-started/visualizations.md) you care about such as a dependency graph or a SQL operation usage chart.
In this doc, we'll walk you through everything you need to know to configure your own DevCenter.
## Prerequisites
In order to configure any DevCenters, there are two things you need to do (which we'll walk through in more detail below):
1. You must have [configured an Organizations service](./organizations-service.md).
2. You must ensure that the [Moderne agent Maven configuration](./agent-configuration/configure-an-agent-with-maven-repository-access.md) only has **one** entry where the recipe source is set to `true`. (Note: this does not apply to one Maven repository configured identically in multiple agents. Only that you cannot have two distinct Maven repositories configured where recipe source is set to `true`.)
### Organizations service
If you are configuring an Organizations service for the first time, we **strongly** recommend that you use our [Organizations service template](https://github.com/moderneinc/moderne-organizations) and modify it to meet your needs. By doing so, you will only need to update some JSON files rather than writing your own code.
If you've chosen to create your own Organizations service without using our template, please ensure your service fulfills the [latest GraphQL schema](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls). After doing so, please ensure you've [set up the Moderne agent with Maven configuration correctly](#moderne-agent-maven-configuration) and then [jump to the section of this doc about card types and what is necessary for each](#frameworks-and-migration-cards).
### Moderne agent Maven configuration
In order for the DevCenter to function correctly, the agent needs to be configured with details about a Maven repository it can use to store and access recipe JARs from.
If you have not configured the Moderne agent with Maven repository access before, please follow [the instructions in our Moderne agent Maven configuration documentation](./agent-configuration/configure-an-agent-with-maven-repository-access.md) to add **one** entry with recipe source set to `true`.
If you have already configured the Moderne agent with Maven repository access, then you need to ensure that only _one_ has the configuration of `MODERNE_AGENT_MAVEN_{index}_RECIPESOURCE` / `moderne.agent.maven[{index}].recipeSource` set to `true`.
If you have multiple locations where recipes are stored, you will need to create a virtual repository that wraps all of the locations where recipes can be stored. You will also need to ensure that the virtual repository points to the following four repositories (alongside the other repositories where recipe artifacts are stored):
1. `https://oss.sonatype.org/content/repositories/snapshots/`
2. `https://s01.oss.sonatype.org/content/repositories/snapshots/`
3. `https://repo.maven.apache.org/maven2`
4. `https://repo1.maven.org/maven2/`
## Step 1: Ensure you have a `DevCenterDataFetcher` class
_This step only applies if you used the_ [_Moderne Organizations service template_](https://github.com/moderneinc/moderne-organizations)_. If you made your own, please jump to_ [_step 3_](dev-center.md#step-3-create-and-configure-the-devcenter)_._
If you've created an Organizations service prior to March 2024, you will need to copy the [new DevCenterDataFetcher file](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/java/io/moderne/organizations/DevCenterDataFetcher.java) to your Organizations service repository. It will go in the same location as the other source classes such as [Application.java](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/java/io/moderne/organizations/Application.java).
If you've created an Organizations service after March 2024, please ensure that you have a `DevCenterDataFetcher.java` file in your Organizations service repository before moving on to step 2.
## Step 2: Ensure you have an up-to-date `moderne-organizations.graphqls` schema
Similar to the previous step, please double-check your [moderne-organizations.graphqls file](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls) and ensure that there is a `devCenter` field in the `Organization` object:
```graphql
type Organization {
id: ID!
name: String!
"""
Ordered list of commit options as they should appear in the UI.
"""
commitOptions: [CommitOption!]!
parent: Organization
devCenter: DevCenter
}
```
The [DevCenter object](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls#L50-L65) is the schema you need to follow in the below step to configure your DevCenter.
## Step 3: Create and configure the DevCenter
Your service must fulfill the [GraphQL contract mentioned in the previous step](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls). If you chose to use [our template repository](https://github.com/moderneinc/moderne-organizations) for your Organizations service, you will need to run `./gradlew generateGraphqlJava copyGeneratedGraphql` to [get the latest types](https://github.com/moderneinc/moderne-organizations/pull/61/files), and then you will need to configure your own [devcenter.json file](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/devcenter.json).
The `devcenter.json` file is where all of the configuration lies for DevCenters. In this file, you can configure things like which organizations should have a DevCenter, what cards should appear on said DevCenter, and what the keys should be on the cards. This file must follow the GraphQL schema mentioned above.
:::tip
When creating a DevCenter for the first time, we **strongly recommend** that you only create a DevCenter for a few key organizations. This will allow you to get data into the platform faster and ensure that you've configured everything correctly. Once everything is working as expected, you can then add more DevCenters as desired.
:::
### Frameworks and migration cards
Framework and migration cards allow you to see things like what Java version your repositories use, what version of Spring Boot they're on, or what JUnit version they use:
<figure>
![](./assets/migration-card.png)
<figcaption></figcaption>
</figure>
To create these cards, you will need three things:
1. [A relevant title for the card](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/devcenter.json#L6) (e.g., `Spring Boot 3.2`)
2. [A recipe that can be run to fix the core issue the card is highlighting](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/devcenter.json#L11) (e.g., `org.openrewrite.java.spring.boot3.UpgradeSpringBoot_3_2`)
3. [Some measures that break up the card into key categories and help your users determine a level of urgency](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/devcenter.json#L12-L26).
#### Measures
Each measure consists of a name and a recipe that can be used to determine whether or not a repository falls into said measure. We do not recommend that this recipe be the same recipe as the one used to "fix" the card. For instance, in a `Spring Boot 3.2` card, one measure might have a name of `Major` which represents all repositories that are one or more major versions behind. The corresponding recipe would be `org.openrewrite.java.dependencies.DependencyInsight` and it would include the options of `1-2`. This would mark all repositories that use Spring Boot version `1.x` or `2.x` as being a major version or more behind.
:::danger
You must ensure that the measure recipes return disjointed results (i.e., the same repository **can not** be returned by multiple recipes).
For example, if you were tracking Java versions, you may have a repository that contains some code that uses Java 8, 11, and 17. However, you should ensure that your measure recipes only return this repository once.
:::
Each card can have up to **three measures**. These measures should be returned in a specific order; with the most urgent being returned first and the least urgent being returned last. In the `Spring Boot 3.2` example, you might have: `Major`, `Minor`, and `Patch` returned in that specific order.
:::warning
If you change any part of any measure on a card (such as the name of the measure or what recipe it should run), you will lose all results for the card until the next rebuild of the DevCenter.
:::
#### Example
<details>
<summary>Below is an example of an upgradesAndMigrations section for a Spring Boot 3.2 card:</summary>
```json
[
{
"devCenter": {
"upgradesAndMigrations": [
{
"title": "Spring boot 3.2",
"measures": [
{
"name": "Major",
"recipe": {
"recipeId": "org.openrewrite.java.dependencies.DependencyInsight",
"options": [
{
"name": "groupIdPattern",
"value": "org.springframework.boot"
},
{
"name": "artifactIdPattern",
"value": "spring-boot-starter"
},
{
"name": "version",
"value": "1-2"
}
]
}
},
{
"name": "Minor",
"recipe": {
"recipeId": "org.openrewrite.java.dependencies.DependencyInsight",
"options": [
{
"name": "groupIdPattern",
"value": "org.springframework.boot"
},
{
"name": "artifactIdPattern",
"value": "spring-boot-starter"
},
{
"name": "version",
"value": "3-3.1"
}
]
}
},
{
"name": "Patch",
"recipe": {
"recipeId": "org.openrewrite.java.dependencies.DependencyInsight",
"options": [
{
"name": "groupIdPattern",
"value": "org.springframework.boot"
},
{
"name": "artifactIdPattern",
"value": "spring-boot-starter"
},
{
"name": "version",
"value": "3.2-3.2.2"
}
]
}
}
],
"fix": {
"recipeId": "org.openrewrite.java.spring.boot3.UpgradeSpringBoot_3_2"
}
},
{
"title": "Java 21",
"measures": [
{
"name": "Java 8+",
"recipe": {
"recipeId": "org.openrewrite.java.search.HasJavaVersion",
"options": [
{
"name": "version",
"value": "8-10"
}
]
}
},
{
"name": "Java 11+",
"recipe": {
"recipeId": "org.openrewrite.java.search.HasJavaVersion",
"options": [
{
"name": "version",
"value": "11-16"
}
]
}
},
{
"name": "Java 17+",
"recipe": {
"recipeId": "org.openrewrite.java.search.HasJavaVersion",
"options": [
{
"name": "version",
"value": "17-20"
}
]
}
}
],
"fix": {
"recipeId": "org.openrewrite.java.migrate.UpgradeToJava21"
}
},
{
"title": "JUnit 5",
"measures": [
{
"name": "JUnit 4",
"recipe": {
"recipeId": "org.openrewrite.java.search.FindAnnotations",
"options": [
{
"name": "annotationPattern",
"value": "@org.junit.Test"
}
]
}
}
],
"fix": {
"recipeId": "org.openrewrite.java.testing.junit5.JUnit4to5Migration"
}
}
],
// Other things
}
]
```
</details>
### Visualization cards
If there are some visualizations you find particularly important for your organization, you can add them to your DevCenter so that you can quickly view and share them with others.
<figure>
![](./assets/visualization-card.png)
<figcaption></figcaption>
</figure>
To create these cards you need two things:
1. A `visualizationId` that identifies which visualization you want to include (e.g., `io.moderne.DependencyUsageViolin`).
2. Options for the visualization (if any exist).
The `visualizationId` can be found on any visualization card you run in the Moderne Platform:
<figure>
![](./assets/visualization-id.png)
<figcaption></figcaption>
</figure>
#### Example
<details>
<summary>Below is an example of a visualizations section you might have in your DevCenter:</summary>
```json
"visualizations": [
{
"visualizationId": "io.moderne.DependencyUsageViolin",
},
{
"visualizationId": "io.moderne.LanguageComposition"
},
{
"visualizationId": "io.moderne-private.SqlHistogram"
}
],
```
</details>
### Security cards
Security cards give your team a high-level overview of what security issues your repositories have or have not resolved.
Security cards are composed of a list of recipes that fix security issues you care about. You should include no more than 10 security recipes on one DevCenter.
<figure>
![](./assets/security-card.png)
<figcaption></figcaption>
</figure>
#### Example
<details>
<summary>Below is an example of a security section you might have in your DevCenter:</summary>
```json
"security": [
{"recipeId": "org.openrewrite.java.security.OwaspA01"},
{"recipeId": "org.openrewrite.java.security.OwaspA02"},
{"recipeId": "org.openrewrite.java.security.OwaspA03"},
{"recipeId": "org.openrewrite.java.security.OwaspA05"},
{"recipeId": "org.openrewrite.java.security.OwaspA06"},
{"recipeId": "org.openrewrite.java.security.OwaspA08"},
{"recipeId": "org.openrewrite.java.security.RegularExpressionDenialOfService"},
{"recipeId": "org.openrewrite.java.security.SecureRandom"},
{"recipeId": "org.openrewrite.java.security.ZipSlip"},
{"recipeId": "org.openrewrite.java.security.XmlParserXXEVulnerability"}
]
```
</details>
## Next steps
Once you've configured a DevCenter, you will need to wait for data to propagate to it. This can take a considerable amount of time depending on how many repositories and recipes you've configured. Please wait at least 24 hours for data to flow in.

46
docs/administrator-documentation/moderne-platform/how-to-guides/importing-external-recipes.md Normal file
View File

@@ -0,0 +1,46 @@
# Importing external recipes
External recipes can be imported into Moderne.io for use by your organization.
:::tip
It is the responsibility of the administrator configuring this to ensure that the recipe JARs and versions are up-to-date. It is also their responsibility to select/curate the recipe JARs that should be uploaded.
:::
#### Prerequisites
* You will need an Administrator-level account in your Moderne tenant to upload new recipe artifacts.
## Step 1: Load the recipes
From your Moderne tenant, click on _Deploy_ in the left-hand menu:
<figure>
![](./assets/deploy-link.png)
<figcaption></figcaption>
</figure>
## Step 2: Upload the recipe artifacts
1. Click `Add` to open the form to import a recipe:
<figure>
![](./assets/add-recipe-button.png)
<figcaption></figcaption>
</figure>
2. Provide the `Group ID`, `Artifact ID`, and `Version` for the published artifact:
<figure>
![](./assets/gav-artifact.png)
<figcaption></figcaption>
</figure>
3. Click _deploy recipe artifact_ to deploy it.
The artifact information will appear in the table if Moderne.io successfully locates the requested artifact.
**Note:** If you have an [on-premise agent](./agent-configuration/agent-config.md) connected to an Artifactory instance that has been configured to serve recipes, we will look up recipes in your Artifactory repositories in addition to [Nexus](https://oss.sonatype.org/) and [Maven Central](https://search.maven.org/).
## Step 3: View recipes in the catalog
Your custom recipes will appear in the Marketplace and they will be discoverable through search once they have been successfully deployed.

97
docs/administrator-documentation/moderne-platform/how-to-guides/lst-cleanup.md Normal file
View File

@@ -0,0 +1,97 @@
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# LST cleanup
As your team develops new code, LSTs will be created and added to your artifact repository. Over time, however, many of these LSTs will no longer be useful and should be removed to save space.
There are two common scenarios where LSTs need to be manually cleaned up:
1. When people work in feature branches that then get merged in or deleted all LSTs for those branches serve no point as any changes made on them can't be merged in at that point.
2. When people work in feature branches that are continuously updated all old LSTs for those branches serve no point as they aren't accessible from Moderne anymore (as Moderne only grabs the latest ones).
While those two scenarios are similar, the behavior in Moderne and the cleanup process for the LSTs are slightly different. Let's walk through what you'll need to do in both of these situations.
## Cleaning up LSTs for merged/deleted branches
In this scenario, when you go to run a recipe in Moderne, you will be able to run recipes against the repository + branch combination that no longer exists which is a waste of time as you won't be able to merge in the results.
To fix this, you will **first** need to remove the old LSTs from your artifact repository. We strongly recommend setting up some form of automation for this.[ You could potentially write a simple script that removes LSTs that haven't been updated in more than one week](#example-aql-queries-for-finding-old-lsts).
**After the LSTs have been removed from your artifact repository**, you will need to perform some action to let Moderne know about these changes. This is because Moderne **does not** poll for artifacts being deleted. Once Moderne has downloaded an LST, it will continue to allow you to run recipes on it even if those artifacts no longer exist in your artifact repository.
To address this issue, you have two main options:
1. Run a GraphQL cleanup query to sync all LSTs
2. Write custom, more targeted code to sync specific LSTs
### GraphQL cleanup query
:::danger
Be very careful before running the GraphQL query mentioned in this section. Depending on the parameters provided, it can cause some LSTs to be unavailable for up to 24 hours. There is no way to cancel or stop this query once it has been started.
:::
Moderne provides a [GraphQL reindex query that you can run to force a sync of all LSTs](https://app.moderne.io/graphql?url=https%253A%252F%252Fapi.app.moderne.io%252Fgraphql\&query=bXV0YXRpb24gcmVpbmRleCB7CiAgaW5kZXgoZm9yY2VVcGRhdGU6IHRydWUsIG1vZGlmaWVkU2luY2UgOiIyMDIzLTAxLTAxVDAwOjAwWiIpewogICAgY291bnQKICB9Cn0%3D).
<Tabs>
<TabItem value="reindex-mutation" label="Reindex mutation">
```graphql
mutation reindex {
index(forceUpdate: true, modifiedSince :"2023-01-01T00:00Z"){
count
}
}
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -X POST https://api.app.moderne.io/graphql \
-H 'Authorization: Bearer <session token or Moderne PAT here>' \
-H 'Content-Type: application/json' \
-d '{ "query": "mutation reindex {\n index(forceUpdate: true, modifiedSince :\"2023-01-01T00:00Z\"){\n count\n }\n}" }'
```
</TabItem>
</Tabs>
Running this `reindex` query will cause the agent to reach out to your artifact repository and ask for all available LSTs. It will then download the metadata for each of these. After all of the metadata has been downloaded, the old LSTs will effectively be removed from the platform. Moderne will then begin downloading the latest LSTs for each repository. As this runs, you will see repositories begin appearing in the platform again.
While you can still run recipes on the LSTs that are coming in, all of the LSTs won't be available for a significant amount of time (up to 24 hours depending on the number of repositories you have). Because of that, you should strongly consider only running this query during off-hours or on a weekend when there won't be much traffic.
### More targeted, custom code
If you want to ensure Moderne removes old LSTs without incurring any downtime, you can write custom code to interact with the Moderne GraphQL APIs. This code would probably take the form of:
* Get the set of all artifacts for all repositories that exist in Moderne
* Ask your artifact repository if those still exist over there
* If they don't, make a request to remove those LSTs from the Moderne Platform
You could then run this custom script once a week or so.
## Cleaning up old LSTs for branches that still exist
In this scenario, you won't notice any issues in Moderne. You will still be able to run recipes against the latest LSTs and commit the results from said recipes. However, your artifact repository will begin to fill up with old LSTs that are no longer needed.
To fix this issue, we encourage you to write some form of automation that removes old LSTs from your artifact repository (perhaps by deleting all LSTs that haven't been updated in over a week). See [our example below](#example-aql-queries-for-finding-old-lsts) for what this might look like.
Unlike the scenario where a branch is deleted, you **do not need to make any API calls to Moderne**.
## Example AQL queries for finding old LSTs
```aql
items.find({
"repo":{"$match":"ingest-repo"},
"path":{"$match":"some-org/some-repo*"},
"created":{"$last" : "1d"}
}).limit(10000)
```
```bash
curl -X POST -H 'Content-Type: text/plain' -u user:password <artifactory url>/api/search/aql -d 'items.find({"repo":{"$match":"ingest-repo"},"modified":{"$gt":"2023-06-16T18:00:00.000000-04:00"} ,"modified":{"$gt":"2024-04-17T16:48:50.00860443Z"}}).include("name","repo","path","modified").limit(100)'
```

11
docs/administrator-documentation/moderne-platform/how-to-guides/mass-ingest.md Normal file
View File

@@ -0,0 +1,11 @@
# Mass ingest
One of the first steps of integrating your code with Moderne is setting up a pipeline that builds and publishes [LST](../references/lossless-semantic-trees.md) artifacts to an artifact repository that you control.
To do this, we recommend that you set up a Docker image to pull the CLI, configure it, build the LSTs, and publish said artifacts. You would then run this image on a schedule (typically once per day) so that Moderne can have the latest LST artifacts available.
For detailed instructions on how to set up ingestion, please follow the directions in the [Moderne mass ingest example repository](https://github.com/moderneinc/mass-ingest-example/blob/main/README.md).
## Next Steps
* [Configure the Moderne agent](./agent-configuration/agent-config.md)

69
docs/administrator-documentation/moderne-platform/how-to-guides/organizations-service.md Normal file
View File

@@ -0,0 +1,69 @@
# Configuring the Organizations service
Many organizations desire the ability to dynamically control the organizational structure (repository groupings) of their repositories within the Moderne Platform. To facilitate this need, Moderne provides an optional integration with an Organizations service that is hosted in your environment.
Let's walk through everything you need to know to build and integrate such a service with Moderne.
## Integration requirements
In order to dynamically control the organizational structure in Moderne, you will need to:
1. Create and deploy an Organizations service that fulfills [this GraphQL contract](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls) _in your environment_
2. [Configure your Moderne agent to point to this service](./agent-configuration/configure-organizations-service.md)
## Coding the Organizations service
You have two main options for building this service. You can:
1. (**Recommended**) Fork our [Organizations service template](https://github.com/moderneinc/moderne-organizations) and modify it to meet your needs. Please see the [README](https://github.com/moderneinc/moderne-organizations/blob/main/README.md) for how to spin this up quickly. It can be as simple as updating a JSON file that you get from the Moderne Platform.
2. Build your own service that fulfills the [GraphQL contract](https://github.com/moderneinc/moderne-organizations/blob/main/src/main/resources/schema/moderne-organizations.graphqls) using any GraphQL stack (e.g., NodeJS, Rust, C#, etc.)
We generally recommend forking the template and modifying it as, in most cases, that will be faster and easier than building it yourself. Regardless of which one you choose, however, some developer time will be required on your end.
## Deploying the service
How you deploy the service is largely up to your company. With that being said, there are a few important things to be aware of:
* Communication with the Organizations service is done through the [Moderne agent](./agent-configuration/agent-config.md). Therefore, this service **must** be accessible from the agent.
* Moderne will make a request per repository to the Organizations service once every 10 minutes by default (you can change this interval in your [agent configuration](./agent-configuration/configure-organizations-service.md)). Please ensure that you have metrics to track how this service is performing so you can adjust it over time.
* You'll want a minimum system spec of 2 CPU cores, 8 GB of memory, and at least 10 GB of persistent storage.
## FAQ
### If the Organizations service stops responding (e.g., the service is down), what is the expected behavior?
The organizations a user can see in the Moderne Platform are determined by the `userOrganizations` query. If the service is down, then organizations and repositories will be unavailable and recipes would, therefore, be unable to run.
### How do you restrict which commit options are available in the UI?
You can change this in the `commitOptions` array in your organizations service.
[See the configuration options on our reference implementation](https://github.com/moderneinc/moderne-organizations/tree/main?tab=readme-ov-file#commit-options).
### What would happen if the service returned an empty `commitOptions` array? Would that disable commit capabilities for these organizations?
Violating the GraphQL contract will cause errors and make it so the Moderne Platform will not function as expected. Since the GraphQL contract expects `commitOptions` to be populated, the query will error if no options are returned. In turn, users won't be able to run recipes.
### If no Organizations service is active/configured, would it be possible to change the default commit options and repositories in the Moderne UI?
No it is not possible to change the defaults. If no Organizations service is configured in the agent, then an `All` organization will be returned that contains all of the repositories in your org with all commit options available. If an Organizations service is configured but not accessible then nothing will be available in Moderne.
### How often are organizations synced to Moderne?
By default, organizational data is synced every 10 minutes. You can increase or decrease this by modifying your [agent configuration](./agent-configuration/configure-organizations-service.md).
### Is it possible to manually force a sync of the organizations?
Yes. There is a GraphQL admin-only mutation to force a refresh on demand (`refreshOrganizations`).
### What does a query to this service look like?
```bash
curl --request POST \
--url https://organizations.company-name.com/graphql \
--header 'Content-Type: application/json' \
--data '{"query":"query orgs($repository: RepositoryInput) {\n\torganizations(repository: $repository) {\n\t\tid\n\t\tname\n\t\tcommitOptions\n\t}\n}","operationName":"orgs","variables":{"repository":{"origin":"github.com","path":"Netflix/curator","branch":"master"}}}'
```
### Do you have an architecture diagram that shows where this service fits in?
Yes - see our [architecture documentation](../references/architecture.md).

233
docs/administrator-documentation/moderne-platform/references/architecture.md Normal file
View File

@@ -0,0 +1,233 @@
# Moderne architecture
To help you understand how the Moderne Platform works and how it interacts with your environment and services, this document will:
* [Explain how Moderne fits into the typical software development lifecycle](#how-moderne-fits-into-the-software-development-lifecycle)
* [Provide you with an architecture diagram that shows how data flows through the core components in both Moderne's environment and yours](#architecture-diagram)
* [Give you high-level details about each of these core components](#key-components)
## How Moderne fits into the software development lifecycle
Modernes SaaS allows permitted users to run [recipes](https://docs.openrewrite.org/concepts-and-explanations/recipes) on code in the repositories you've added to the platform. These recipes can yield pull requests (PRs) or commits that transform the code.
As the code changes (either due to recipe results being merged in or due to active development), an artifact that contains a serialized representation of the code's [Lossless Semantic Tree](./lossless-semantic-trees.md) (LST) will need to be generated and published.
Once the artifact is published, the Moderne agent will send the changes to Moderne so that the internal state can be updated. After that happens, new recipes can be run against the new artifacts and the process will repeat.
![Moderne + SDL](./assets/moderne-sdl.png)
## Architecture diagram
Below is a high-level architecture diagram that shows the flow of data between Moderne and a typical customer environment. Arrows indicate communication between components. The details of each component can be found in the following sections.
<figure>
![](./assets/moderne-arch-updated.png)
<figcaption>_Moderne architecture_</figcaption>
</figure>
## Key components
### Mass ingest with mod CLI
In order for Moderne to know the current state of your code, artifacts will need to be generated that contain a serialized representation of your code's [LSTs](./lossless-semantic-trees.md). These artifacts must be put inside an artifact repository that the [Moderne agent](#moderne-agent) has access to.
To do this, you'll want to use set up mass ingestion with the Moderne CLI. For instructions on how to do that, please read our [Mass ingestion doc](../how-to-guides/mass-ingest.md).
### Moderne agent
At a high level, you can think of the Moderne agent as a bridge between your environment and Moderne. All data that Moderne needs to function will pass over this bridge and flow into the [Moderne API Gateway](#moderne-api-gateway). As this data is sent to Moderne, it's encrypted with the key being kept in your environment. Whenever Moderne needs to access any data, it will request this key and the data will be decrypted for a short time before it's thrown away. If you decide you no longer want Moderne to have access to anything, you can raise the bridge (shut off the agent) and all of your data that Moderne has will no longer be decryptable.
There are a variety of tools and services that you can configure the agent to be connected to based on the needs of your team.
At a minimum, the agent will need to connect to:
* One or more of your artifact repositories so that changes to the Moderne LST artifacts kept in them can be sent to Moderne
* This is configured via the [Artifactory Query Language](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language) or via Maven configuration. Only artifacts that match what you've configured will be sent to Moderne.
* Your SCM(s) so that PRs or commits can be created by approved users in Moderne
Your team may also wish to configure the agent to:
* Look in your artifact repositories for custom recipe JARs your team creates so that those recipes can be run in the Moderne SaaS
* Connect to your team's [Organizations service](../how-to-guides/organizations-service.md) so that the UI can provide a customized experience for some users or repositories
:::info
You can find all of the documentation for configuring agents in your environment [here](https://docs.moderne.io/how-to/on-premise-agent).
:::
**Setup requirements**
You must:
* Deploy a Moderne-provided OCI image adjacent to Artifactory
* Ensure the agent is able to make an outbound HTTPS request to `https://api.TENANT.moderne.io`
* Ensure the agent is configured with an Artifactory user that is authorized to make `find` AQL requests against repositories containing LST artifacts
* Ensure the agent is configured with an Artifactory user capable of making `GET` requests to obtain the above LST artifacts
* Ensure that the deployed image is configured with an encryption key (stored in Hashicorp Vault or some other key management service)
* Ensure the agent can connect to your SCM(s) to authorize users to see code in the Moderne SaaS and to allow commits on their behalf
:::tip
Multiple agents can be configured for high availability or to connect to only some of these services.
:::
#### Agent security
Agents initiate connections to the [Moderne API gateway](#moderne-api-gateway) via the [RSocket](https://rsocket.io/) protocol. **Moderne will never initiate an API call to the agent**. Because of that, only egress from your environment needs to be open.
When you set up an agent, Moderne will share a token with you that you must configure in the Moderne agents you create. Moderne will reject any connection attempts from unauthorized agent instances. In this way, Moderne requires a minimum level of client (agent) verification as an extra security precaution.
The connection to Moderne is established over [layer 7](https://www.cloudflare.com/learning/ddos/what-is-layer-7/), so you may choose to route traffic from the agent through your own layer 7 gateway. This might be chosen to satisfy a desire for [Modernes API gateway](#moderne-api-gateway) to perform client verification of an inbound agent connection using a mechanism like X.509 in addition to token-based verification.
These measures act in concert with techniques to limit IP addressability of the Moderne API gateway to enhance the overall security posture.
### Organizations service
The Organizations service is an _optional_ service that you can configure in your environment. It defines the organizational structure that a user or a repository belongs to. The Moderne SaaS will use this information to present different UIs or options for different users and repositories. Please see our [Organizations service doc](../how-to-guides/organizations-service.md) for more information.
**Setup requirements**
You must:
* Ensure that the Organizations service is capable of receiving requests from the [Moderne agent](#moderne-agent)
* Ensure your service fulfills the GraphQL contract outlined in our [Organizations service documentation](../how-to-guides/organizations-service.md)
### Moderne API gateway
The Moderne API gateway serves as the entry point to Moderne. It talks with the [Moderne agent](#moderne-agent) to get data from your services to Moderne. It is the only component with a public IP address that can communicate with other Moderne services. The [Moderne UI](#moderne-user-interface) and [Keycloak](#keycloak) also have public IP addresses, but they can't communicate with other Moderne services.
The API gateway is responsible for:
* Handling API requests from your developers or your tools
* Handling API requests from the Moderne UI
* Handling encrypted LST artifacts from the Moderne agent(s)
* Handling encrypted custom recipe artifacts from the Moderne agent(s)
* Rate limiting as needed to guard Moderne services against overuse by a particular user
Authorized users in your company can access audit logs for this gateway via an API.
:::info
The Moderne API gateway is configured with a Moderne-managed SSL certificate.
:::
**Setup requirements**
You must:
* Ensure that `https://api.TENANT.moderne.io` is on the accept list for outbound HTTPS traffic from the Moderne agent
* Ensure that `https://api.TENANT.moderne.io` is on the accept list for outbound HTTPS traffic from the developer's machines
### Moderne user interface
The Moderne UI provides a browser-based interface for:
* Executing search and transformation recipes across your codebase
* Issuing mass commits/PRs based on recipe runs
* Building new recipes based on other recipes
* Viewing audit logs
* Generating access tokens for interacting with the Moderne API
The Moderne UI is implemented with client-side Javascript. The Moderne UI is one of three components with a public IP address (the other two being the [Moderne API gateway](#moderne-api-gateway) and [Keycloak](#keycloak)).
**Setup requirements**
You must:
* Ensure that `https://TENANT.moderne.io` is on the accept list for outbound HTTPS traffic from the developer's machines
### Keycloak
[Keycloak](https://www.keycloak.org/) is an open-source identity and access management system. Moderne services request authorization information for a user from Keycloak. Keycloak then calls out to your identity provider (such as LDAP, Okta, or Keycloak) to determine who is authorized for what.
**Setup requirements**
You must:
* Ensure that `https://login.TENANT.moderne.io` is on the accept list for outbound HTTPS traffic from the developer's machines
:::tip
As configuring identity providers between services can be quite complex, the setup for Keycloak is usually done over a Zoom meeting with Moderne and your company.
:::
### Moderne artifact storage
The Moderne artifact storage service is responsible for receiving pre-encrypted LST artifacts and recipe JARs and storing them in a private object store depending on the cloud provider you use ([Azure Blob Storage](https://learn.microsoft.com/en-us/azure/storage/blobs/), [Google Cloud Storage](https://cloud.google.com/storage), or [AWS S3](https://aws.amazon.com/pm/serv-s3/)).
The artifact storage service will also write high-level information about where to find these artifacts and when they were last updated to our relationship database (RDS) so that the [Moderne workers](#moderne-worker) know where to go to obtain the artifacts they need.
**Setup requirements**
* None
### GraphQL federation
The GraphQL federation is an internal Moderne microservice that composes the GraphQL schemas of individual Moderne microservices into one GraphQL schema. All GraphQL requests pass through the federation service on their way to the individual microservice that supports a piece of the GraphQL schema.
GraphQL federation uses [Netflix Eureka](https://github.com/Netflix/eureka) to locate microservice instances to communicate with and to load-balance requests to those instances.
**Setup requirements**
* None
### Moderne recipe execution
You can think of the Moderne recipe execution service as a manager that helps assign work, direct people on where to go, and provide high-level information. It knows all of the recipes that can be run and it chooses which [workers](#moderne-worker) are responsible for which repositories.
When a new recipe command comes in (such as run `X` recipe on `Y` repositories with `Z` options), the recipe execution service takes that command and stores all of the details in a database table that acts as a queue. Whenever a [worker](#moderne-worker) is free, it will query the database table and look for commands that haven't been started (for the repositories the worker is responsible for).
The recipe execution service is also responsible for providing the results of a recipe run by either calling the database to see what high-level information it has or by calling the worker directly to get the full results (diffs and data tables).
**Setup requirements**
* None
### Moderne worker
Moderne workers are responsible for running recipes and keeping their results. They interact with the [Moderne recipe execution service](#moderne-recipe-execution) to coordinate which repositories they should run recipes for before querying the database for a recipe to run. When a worker is stopped, all of the data and results from the recipes it has run are destroyed. If you need that data, you'll need to re-run the recipe again.
Worker instances are scaled horizontally in direct response to more code being ingested into the platform.
Workers decrypt LST and recipe artifacts by making a request to the [Moderne Agent](#moderne-agent) via the API Gateway for a customer-provided symmetric key. Workers discard this key at the end of every request.
Workers fetch a users SCM OAuth token via the [API gateway](#moderne-api-gateway) in order to make authorization decisions about which repositories said user is allowed to read from. This ensures Modernes read access is aligned with a user's SCM access in real-time for every recipe run request.
**Setup requirements**
* None
### Moderne source code management
The Moderne source code management service is responsible for handling all communication with your SCM(s).
The two primary responsibilities are:
* Creating commits, branches, forks, PRs, etc. in your SCM
* Coordinating authorization with your SCM to see what users are authorized to do or view
Please note that the requests to your SCM will appear to come from the [Moderne agent](#moderne-agent). The Moderne source code management service will talk through the [API gateway](#moderne-api-gateway) to the agent whenever it needs to interact with your SCM.
Authentication and authorization decisions are made in real-time to ensure that they are always up-to-date.
**Setup requirements**
* None
### Moderne audit log
The Moderne audit log retrieves audit logs from our relational database for presentation to privileged users via the [API gateway](#moderne-api-gateway).
Audit logs can be retrieved via a paginated GraphQL API or via a REST call that responds in the CEF format.
Individual Moderne microservices are responsible for contributing to the audit log database when they perform any interaction on behalf of users.
**Setup requirements**
* None
### Moderne tokens
The Moderne tokens service generates and retrieves access tokens tied to a particular user. Access tokens can be used to access the service via IDEs and custom tooling. Users can manage their access tokens via the [Moderne UI](#moderne-user-interface). Tokens are only visible once at creation time and are hidden from that point forward, even from the user that created them.
Please see our [token documentation](../../../user-documentation/moderne-platform/how-to-guides/create-api-access-tokens.md) for more information on how to create, work with, and revoke tokens.
**Setup requirements**
* None

BIN
docs/administrator-documentation/moderne-platform/references/assets/LST-comparison.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 673 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/LST-encryption-diagram.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/admin-access.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/agent-requests.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/audit-log-download.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.0 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/audit-logs.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 226 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/authentication-github-permissions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 137 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/commit-or-pr.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 191 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/commit-recon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 285 KiB

BIN
docs/administrator-documentation/moderne-platform/references/assets/moderne-arch-updated.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

Some files were not shown because too many files have changed in this diff Show More