Removing Sandbox from SAVE (#2909)

### What's:
- Sandbox was a not friendly idea which was implemented not clearly;
- Need to remove that to reduce the complexity of the repository;

.github/workflows/build_and_test.yml

@@ -35,7 +35,6 @@ jobs:
       save-orchestrator: ${{ steps.calculate-dependencies.outputs.save-orchestrator }}
       save-orchestrator-common: ${{ steps.calculate-dependencies.outputs.save-orchestrator-common }}
       save-preprocessor: ${{ steps.calculate-dependencies.outputs.save-preprocessor }}
-      save-sandbox: ${{ steps.calculate-dependencies.outputs.save-sandbox }}
       test-analysis-core: ${{ steps.calculate-dependencies.outputs.test-analysis-core }}
       test-utils: ${{ steps.calculate-dependencies.outputs.test-utils }}
     steps:
@@ -87,8 +86,6 @@ jobs:
               - save-orchestrator-common/**
             save-preprocessor:
               - save-preprocessor/**
-            save-sandbox:
-              - save-sandbox/**
             test-analysis-core:
               - test-analysis-core/**
             test-utils:
@@ -118,7 +115,6 @@ jobs:
           save_frontend=$(( $save_cloud_common + $save_frontend_common + ${{ steps.git-changed-files.outputs.save-frontend_all_changed_files_count }} ))
           save_orchestrator=$(( $save_cloud_common + $save_orchestrator_common + $test_utils + ${{ steps.git-changed-files.outputs.save-orchestrator_all_changed_files_count }} ))
           save_preprocessor=$(( $save_cloud_common + $test_utils + ${{ steps.git-changed-files.outputs.save-preprocessor_all_changed_files_count }} ))
-          save_sandbox=$(( $save_cloud_common + $authentication_service + $test_utils + ${{ steps.git-changed-files.outputs.save-sandbox_all_changed_files_count }} ))
 
           echo "api-gateway=$api_gateway" >> "$GITHUB_OUTPUT"
           echo "authentication-service=$authentication_service" >> "$GITHUB_OUTPUT"
@@ -137,7 +133,6 @@ jobs:
           echo "save-orchestrator=$save_orchestrator" >> "$GITHUB_OUTPUT"
           echo "save-orchestrator-common=$save_orchestrator_common" >> "$GITHUB_OUTPUT"
           echo "save-preprocessor=$save_preprocessor" >> "$GITHUB_OUTPUT"
-          echo "save-sandbox=$save_sandbox" >> "$GITHUB_OUTPUT"
           echo "test-analysis-core=$test_analysis_core" >> "$GITHUB_OUTPUT"
           echo "test-utils=$test_utils" >> "$GITHUB_OUTPUT"
   build_save-cloud-common:
@@ -185,7 +180,6 @@ jobs:
           'save-frontend',
           'save-orchestrator',
           'save-preprocessor',
-          'save-sandbox',
           'test-analysis-core',
           'test-utils'
         ]
@@ -220,8 +214,6 @@ jobs:
             do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.save-orchestrator > 0 }}
           - module: save-preprocessor
             do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.save-preprocessor > 0 }}
-          - module: save-sandbox
-            do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.save-sandbox > 0 }}
           - module: test-analysis-core
             do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.test-analysis-core > 0 }}
           - module: test-utils

.github/workflows/deploy_images.yml

@@ -33,11 +33,6 @@ on:
         default: true
         description: Build new image of save-orchestrator
         required: false
-      sandbox:
-        type: boolean
-        default: true
-        description: Build new image of save-sandbox
-        required: false
       preprocessor:
         type: boolean
         default: true
@@ -64,7 +59,7 @@ jobs:
     uses: ./.github/workflows/build_save-agent_reusable.yml
     with:
       branch: ${{ inputs.branch }}
-      build-save-agent: ${{ github.event_name != 'workflow_dispatch' || inputs.backend || inputs.sandbox }}
+      build-save-agent: ${{ github.event_name != 'workflow_dispatch' || inputs.backend }}
       build-save-demo-agent: ${{ github.event_name != 'workflow_dispatch' || inputs.demo }}
 
   deploy_backend:
@@ -77,18 +72,6 @@ jobs:
       do-build: ${{ github.event_name != 'workflow_dispatch' || inputs.backend }}
       override-docker-tag: ${{ github.event_name == 'workflow_dispatch' }}
       save-cli-version: ${{ needs.build_cli.outputs.version }}
-
-  deploy_sandbox:
-    name: save-sandbox
-    uses: ./.github/workflows/deploy_images_reusable.yml
-    needs: [ build_cli, build_agents ]
-    with:
-      module: save-sandbox
-      branch: ${{ inputs.branch }}
-      do-build: ${{ github.event_name != 'workflow_dispatch' || inputs.sandbox }}
-      override-docker-tag: ${{ github.event_name == 'workflow_dispatch' }}
-      save-cli-version: ${{ needs.build_cli.outputs.version }}
-
   deploy_demo:
     name: save-demo
     uses: ./.github/workflows/deploy_images_reusable.yml
@@ -101,7 +84,7 @@ jobs:
       save-cli-version: stub
 
   deploy_all:
-    name: all excluding save-backend, save-sandbox and save-demo
+    name: all excluding save-backend and save-demo
     strategy:
       fail-fast: false
       matrix:

.github/workflows/deploy_images_reusable.yml

@@ -75,13 +75,13 @@ jobs:
           echo SAVE_CLI_GRADLE_OPTS=-PsaveCliVersion=${{ inputs.save-cli-version }} -PsaveCliPath=${{ github.workspace }}/save-cli >> $GITHUB_ENV
 
       - name: Download save-agent
-        if: inputs.module == 'save-backend' || inputs.module == 'save-sandbox'
+        if: inputs.module == 'save-backend'
         uses: actions/download-artifact@v3
         with:
           name: save-agent
           path: ${{ github.workspace }}/save-agent
       - name: Set saveAgentPath in Gradle
-        if: inputs.module == 'save-backend' || inputs.module == 'save-sandbox'
+        if: inputs.module == 'save-backend'
         run: |
           echo SAVE_AGENT_GRADLE_OPTS=-PsaveAgentPath=${{ github.workspace }}/save-agent >> $GITHUB_ENV
 

CONTRIBUTING.md

@@ -20,11 +20,11 @@ You can enable hot reload by passing `--continuous` flag.
 ## Spring Intellij Idea Ultimate plugin
 In order to make Spring Intellij Idea Ultimate plugin work properly, you need to set these active profiles in service's configuration:  
 
-|         | SaveApplication  | SaveGateway |   SaveOrchestrator   | SavePreprocessor |         SaveSandbox         |
-|:-------:|:----------------:|:-----------:|:--------------------:|:----------------:|:---------------------------:|
-|   Mac   | `mac,dev,secure` |  `mac,dev`  | `dev,mac,docker-tcp` |    `dev,mac`     | `dev,mac,docker-tcp,secure` | 
-| Windows |   `dev,secure`   |    `dev`    | `dev,win,docker-tcp` |      `dev`       | `dev,win,docker-tcp,secure` |
-|  Linux  |   `dev,secure`   |    `dev`    |   `dev,docker-tcp`   |      `dev`       |   `dev,docker-tcp,secure`   |
+|         | SaveApplication  | SaveGateway |   SaveOrchestrator   | SavePreprocessor |
+|:-------:|:----------------:|:-----------:|:--------------------:|:----------------:|
+|   Mac   | `mac,dev,secure` |  `mac,dev`  | `dev,mac,docker-tcp` |    `dev,mac`     |
+| Windows |   `dev,secure`   |    `dev`    | `dev,win,docker-tcp` |      `dev`       |
+|  Linux  |   `dev,secure`   |    `dev`    |   `dev,docker-tcp`   |      `dev`       |
 
 ### Mac M1 contributors
 In order to run `save-orchestrator` on Mac with M1 in order to make it run executions, in addition to `save-deploy/README.md` you need to 

api-gateway/README.md

@@ -25,7 +25,6 @@ and performs some necessary filtering and header manipulation to ensure proper c
 The routes are defined based on specific URI paths:
  - `/sec/**` is not forwarded anywhere but `api-gateway`'s `SecurityInfoController`,
     which is responsible for `/sec/oauth-providers` endpoint
- - `/api/sandbox` is forwarded to `save-sandbox`
  - `/api/demo` is forwarded to `save-demo`
  - `/api/cpg` is forwarded to `save-cpg-demo`
  - `/api/**` is forwarded to `save-backend`

api-gateway/src/main/resources/application-dev.yml

@@ -4,8 +4,6 @@ gateway:
   frontend:
     # In the "dev" environment, the front-end uses TCP port 8080 when run using `webpack-dev-server` (i.e. `browserDevelopmentRun` or `run` Gradle task).
     url: http://localhost:8080
-  sandbox:
-    url: http://localhost:5400
   demo:
     url: http://localhost:5421
   demo-cpg:

api-gateway/src/main/resources/application.yml

@@ -7,8 +7,6 @@ gateway:
     url: http://backend:5800
   frontend:
     url: http://frontend:5810
-  sandbox:
-    url: http://sandbox:5400
   demo:
     url: http://demo:5421
   demo-cpg:
@@ -27,14 +25,6 @@ spring:
   cloud:
     gateway:
       routes:
-        - id: sandbox-api_route
-          uri: ${gateway.sandbox.url}
-          predicates:
-            - Path=/api/sandbox/**
-          filters:
-            # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it
-            - RemoveRequestHeader=Cookie
-            - AuthorizationHeaders=
         - id: demo-api_route
           uri: ${gateway.demo.url}
           predicates:

api-gateway/src/test/resources/application-dev.yml

@@ -4,8 +4,6 @@ gateway:
   frontend:
     # In the "dev" environment, the front-end uses TCP port 8080 when run using `webpack-dev-server` (i.e. `browserDevelopmentRun` or `run` Gradle task).
     url: http://localhost:8080
-  sandbox:
-    url: http://localhost:5400
   demo:
     url: http://localhost:5421
   demo-cpg:

authentication-service/src/main/kotlin/com/saveourtool/save/authservice/config/WebSecurityConfig.kt

@@ -97,7 +97,7 @@ class WebSecurityConfig(
             // they are not proxied from gateway.
             "/actuator/**",
             "/internal/**",
-            // Agents should communicate with sandbox without authorization
+            // Agents should communicate without authorization
             "/heartbeat",
             // `CollectionView` is a public page
             "/api/$v1/projects/by-filters",

buildSrc/src/main/kotlin/com/saveourtool/save/buildutils/DatabaseUtils.kt

@@ -23,7 +23,7 @@ data class DatabaseCredentials(
 }
 
 /**
- * @param projectName save-backend, save-sandbox or save-demo
+ * @param projectName save-backend or save-demo
  * @param profile a profile to get credentials for
  * @return an instance of [DatabaseCredentials] for [profile] in [projectName]
  */

buildSrc/src/main/kotlin/com/saveourtool/save/buildutils/DockerStackConfiguration.kt

@@ -30,11 +30,7 @@ fun Project.registerLiquibaseTask(profile: String) {
         relativeChangeLogFile = "db/db.changelog-master.xml",
         profile = profile
     )
-    val registerLiquibaseTaskSandbox = registerLiquibaseTask(
-        projectName = "save-sandbox",
-        relativeChangeLogFile = "save-sandbox/db/db.changelog-sandbox.xml",
-        profile = profile
-    )
+
     val registerLiquibaseTaskDemo = registerLiquibaseTask(
         projectName = "save-demo",
         relativeChangeLogFile = "save-demo/db/db.changelog-demo.xml",
@@ -48,7 +44,6 @@ fun Project.registerLiquibaseTask(profile: String) {
     tasks.register("liquibaseUpdate") {
         dependsOn(
             registerLiquibaseTaskBackend,
-            registerLiquibaseTaskSandbox,
             registerLiquibaseTaskDemo,
             registerLiquibaseTaskCosv,
         )
@@ -211,7 +206,6 @@ fun Project.createStackDeployTask(profile: String) {
                     FRONTEND_TAG=${defaultVersionOrProperty("frontend.dockerTag")}
                     GATEWAY_TAG=${defaultVersionOrProperty("gateway.dockerTag")}
                     ORCHESTRATOR_TAG=${defaultVersionOrProperty("orchestrator.dockerTag")}
-                    SANDBOX_TAG=${defaultVersionOrProperty("sandbox.dockerTag")}
                     PREPROCESSOR_TAG=${defaultVersionOrProperty("preprocessor.dockerTag")}
                     DEMO_TAG=${defaultVersionOrProperty("demo.dockerTag")}
                     PROFILE=$profile
@@ -248,7 +242,6 @@ fun Project.createStackDeployTask(profile: String) {
             Files.createDirectories(configsDir.resolve("backend"))
             Files.createDirectories(configsDir.resolve("gateway"))
             Files.createDirectories(configsDir.resolve("orchestrator"))
-            Files.createDirectories(configsDir.resolve("sandbox"))
             Files.createDirectories(configsDir.resolve("preprocessor"))
             Files.createDirectories(configsDir.resolve("demo"))
         }
@@ -331,7 +324,6 @@ fun Project.createStackDeployTask(profile: String) {
             "up",
             "-d",
             "orchestrator",
-            "sandbox",
             "backend",
             "frontend",
             "preprocessor",
@@ -351,7 +343,7 @@ fun Project.createStackDeployTask(profile: String) {
                     project(componentName).tasks.named<BootBuildImage>("bootBuildImage")
             dependsOn(buildTask)
             val serviceName = when (componentName) {
-                "save-backend", "save-frontend", "save-orchestrator", "save-sandbox", "save-preprocessor" -> "save_${componentName.substringAfter("save-")}"
+                "save-backend", "save-frontend", "save-orchestrator", "save-preprocessor" -> "save_${componentName.substringAfter("save-")}"
                 "api-gateway" -> "save_gateway"
                 else -> error("Wrong component name $componentName")
             }

docker-compose.yaml

@@ -33,26 +33,6 @@ services:
       labels:
         - "prometheus-job=save-orchestrator"
     logging: *loki-logging-jvm
-  sandbox:
-    image: ghcr.io/saveourtool/save-sandbox:${SANDBOX_TAG}
-    user: root  # to access host's docker socket
-    environment:
-      - "SPRING_PROFILES_ACTIVE=${PROFILE},secure,docker-secrets"
-    secrets:
-      - db_username
-      - db_password
-    ports:
-      - "5400:5400"
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
-      - /home/saveu/configs/sandbox:/home/cnb/config
-      - save-tmp-resources:/tmp
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    deploy:
-      labels:
-        - "prometheus-job=save-sandbox"
-    logging: *loki-logging-jvm
   backend:
     image: ghcr.io/saveourtool/save-backend:${BACKEND_TAG}
     environment:

gradle/plugins/src/main/kotlin/com/saveourtool/save/buildutils/spring-boot-app-configuration.gradle.kts

@@ -33,7 +33,7 @@ tasks.withType<BootRun>().configureEach {
             os.isWindows -> append(",win")
             os.isMacOsX -> append(",mac")
         }
-        if (listOf("save-sandbox", "save-backend", "save-cosv").any { project.path.contains(it) }) {
+        if (listOf("save-backend", "save-cosv").any { project.path.contains(it) }) {
             append(",secure")
         }
     }

save-cloud-charts/save-cloud/README.md

@@ -10,7 +10,6 @@ api-gateway acts as an entrypoint and svc/gateway is actually a LoadBalancer.
   * `spring.datasource.username`
   * `spring.datasource.password`
   * `spring.datasource.backend-url`
-  * `spring.datasource.sandbox-url`
   * `spring.datasource.demo-url`
 
   These secrets are then mounted under the path specified as `DATABASE_SECRETS_PATH` environment variable.
@@ -75,6 +74,6 @@ command line using `--set` flag.
   $ helm --kube-context=minikube --namespace=save-cloud upgrade -i save-cloud save-cloud-0.1.0.tgz/<or use ulr oci://ghcr.io/saveourtool/save-cloud> --values values-minikube.yaml --values=values-images.yaml <any other value files and/or --set flags>
   ```
 * Database migrations can be run by setting value `mysql.migrations.enabled` to `true` (no additional setup, migrations
-  are executed by init container, but may be too slow with constant recreations of backend/sandbox pods)
+  are executed by init container, but may be too slow with constant recreations of backend pods)
   or port 3306 of mysql pod can be forwarded and `liquibaseUpdate` can be executed manually. If needed, don't forget that
   JDBC URL for liquibase in dev profile is read from `application-dev.properties` value `dev.datasource.url`.

save-cloud-charts/save-cloud/templates/agent-network-policy-orchestrator.yaml

@@ -6,8 +6,7 @@ metadata:
 spec:
   # Should be applied to save-agents only
   #
-  # As for now, there is no way to tell orchestrator pod from sandbox pod so need to allow connection to both
-  # orchestrator and sandbox.
+  # As for now, there is no way to tell orchestrator pod so need to allow connection to orchestrator.
   podSelector:
     matchLabels:
       io.kompose.service: save-agent
@@ -36,14 +35,3 @@ spec:
       ports:
         - protocol: TCP
           port: {{ .Values.backend.containerPort }}
-    - to:
-        # Allow traffic to save-sandbox
-        - namespaceSelector:
-            matchLabels:
-              name: {{ .Values.namespace }}
-        - podSelector:
-            matchLabels:
-              io.kompose.service: sandbox
-      ports:
-        - protocol: TCP
-          port: {{ .Values.sandbox.containerPort }}

save-cloud-charts/save-cloud/templates/gateway-configmap.yaml

@@ -6,7 +6,6 @@ data:
   application.properties: |
     gateway.backend.url=http://backend
     gateway.frontend.url=http://frontend
-    gateway.sandbox.url=http://sandbox
     gateway.demo-cpg.url=http://demo-cpg
     gateway.demo.url=http://demo
     server.shutdown=graceful

save-cloud-charts/save-cloud/templates/mysql-deployment.yaml

@@ -7,7 +7,6 @@ metadata:
   name: db-secrets
 stringData:
   spring.datasource.backend-url: 'jdbc:mysql://mysql-service:3306/{{ .Values.mysql.backend_schema }}'
-  spring.datasource.sandbox-url: 'jdbc:mysql://mysql-service:3306/{{ .Values.mysql.sandbox_schema }}'
   spring.datasource.demo-url: 'jdbc:mysql://mysql-service:3306/{{ .Values.mysql.demo_schema }}'
   spring.datasource.username: root
   spring.datasource.password: {{ .Values.mysql.root_password | quote }}