Merge pull request #7 from jlab/auth_oidc_wellknown

using the well-known json dict instead of manually providing multiple…

Author: sjanssen2

.github/workflows/qiita-ci.yml

@@ -154,8 +154,6 @@ jobs:
 
           echo "5. Setting up qiita"
           conda activate qiita
-          # adapt environment_script for private qiita plugins from travis to github actions.
-          sed 's#export PATH="/home/travis/miniconda3/bin:$PATH"; source #source /home/runner/.profile; conda #' -i qiita_db/support_files/patches/54.sql
           qiita-env make --no-load-ontologies
           qiita-test-install
           qiita plugins update
@@ -203,7 +201,34 @@ jobs:
           QIITA_PID=`cat /tmp/supervisord.pid`
           kill $QIITA_PID
           sleep 10
-          if [[ "$COVER_PACKAGE" != *"qiita_db"* ]]; then test_data_studies/commands.sh; all-qiita-cron-job; fi
+          # due to qiita_db tests being more complex and taking longer than
+          # the other tests we will only add some extra tests to the run that is
+          # not testing qiita_db
+          if [[ "$COVER_PACKAGE" != *"qiita_db"* ]]; then
+              # 1. testing that we can add some "dummy" studies to the db via
+              #    CLI
+              test_data_studies/commands.sh;
+              # 2. making sure that all qiita cron jobs complete as expected
+              all-qiita-cron-job;
+              # 3. making sure than a production system has the expected rows
+              #    in all our tables; steps: a. drop test db, b. change $QIITA_CONFIG_FP
+              #    c. create new production system, c. count rows in the db.
+              qiita-env drop;
+              cp $QIITA_CONFIG_FP ${QIITA_CONFIG_FP}.bk
+              sed 's/TEST_ENVIRONMENT = TRUE/TEST_ENVIRONMENT = FALSE/g' ${QIITA_CONFIG_FP}.bk > $QIITA_CONFIG_FP;
+              qiita-env make --no-load-ontologies;
+
+              export PGPASSWORD=postgres
+              pgport=${{ job.services.postgres.ports[5432] }}
+              row_counts=`psql -h localhost -U postgres -d qiita_test -p $pgport -c "SELECT SUM(c.reltuples) FROM pg_class c JOIN pg_namespace n on n.oid = c.relnamespace WHERE n.nspname = 'qiita' AND c.relkind = 'r' AND n.nspname NOT IN ('information_schema', 'pg_catalog');"`
+              if [[ `echo $row_counts` != *" 0 "* ]]; then
+                 echo "***********";
+                 echo "The number of rows in a production system is not what's expected:";
+                 echo $row_counts;
+                 echo "***********";
+                 exit 1
+              fi
+          fi
 
       - name: Submit coveralls
         uses: AndreMiras/coveralls-python-action@develop

CONTRIBUTING.md

@@ -94,6 +94,17 @@ After the initial production release of Qiita, changes to the database schema wi
 2. We keep fully patched versions of the DBS and HTML files in the repository
 3. We keep a patch file for each patch as required in the `qiita_db/support_files/patches` directory. Note that **the patches will be applied in order based on the natural sort order of their filename** (e.g., `2.sql` will be applied before `10.sql`, and `10.sql` will be applied before `a.sql`)
 
+### Patch 91.sql
+
+In May 2024 we decided to:
+* Merge all patches into the main database schema, this means that there are no patches younger than 92.sql.
+* Added a new folder `patches/test_db_sql/` where we can store sql files that will only be applied for the test environment.
+* Added a test to the GitHub actions to test that the production database has an expected number of rows.
+
+Note that these changes mean:
+1. 92.sql is the current first sql file to patch the database.
+2. If you need to make changes (like INSERTS) _only_ to the tests database you need to add a patch to `patches/test_db_sql/`.
+
 ### Developer Workflow
 
 1. Load the fully patched DBS file (e.g., `qiita-db.dbs`) in [DBSchema](http://www.dbschema.com/)

INSTALL.md

@@ -78,7 +78,7 @@ You can reboot the system with `sudo reboot` in case any packages were updated.
 Next, we need to add the Postgres repository to our system:
 ```bash
 sudo apt update
-sudo apt install curl gpg gnupg2 software-properties-common apt-transport-https lsb-release ca-certificates
+sudo apt install curl gpg gnupg2 software-properties-common apt-transport-https lsb-release ca-certificates git
 curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc|sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg
 echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee  /etc/apt/sources.list.d/pgdg.list
 ```
@@ -238,6 +238,9 @@ If you are using [NGINX](https://www.nginx.com/) via conda, you are going to nee
 mkdir -p ${CONDA_PREFIX}/var/run/nginx/
 ```
 
+Note that the shipped nginx version from conda, does **not** contain the mod_zip module: https://github.com/evanmiller/mod_zip
+This leads to unexpected behaviour when generating a download link for anonymous artefact sharing, i.e. Qiita returns a flat file listing artifact filepaths instead of generating a ZIP archive that contains those files. You need to compile nginx with the additional mod_zip module yourself. (I've invested multiple hours to realize that the configure routine does not properly link shared libraries to the nginx binary. Try adding `--with-ld-opt=" -Wl,-rpath,/home/foo/lib "` to the `./auto/configure` call.)
+
 ## Start Qiita
 
 Start postgres (instructions vary depending on operating system and install method).

qiita_core/configuration_manager.py

@@ -137,16 +137,22 @@ class ConfigurationManager(object):
     redirect_endpoint : str
         The internal Qiita endpoint the IdP shall redirect the user after
         logging in
-    authorize_url : str
-        The URL of the IdP to obtain a code (step 1)
-    accesstoken_url : str
-        The URL of the IdP to exchange the code from step 1 for an access
-        token (step 2)
-    userinfo_url : str
-        The URL of the IdP to obtain information about the user, like email,
-        username, ...
+    wellknown_uri : str
+        The URL of the well-known json document, specifying how API end points
+        like 'authorize', 'token' or 'userinfo' are defined. See e.g.
+        https://swagger.io/docs/specification/authentication/
+            openid-connect-discovery/
     label : str
         A speaking label for the Identity Provider
+    scope : str
+        The scope, i.e. fields about a user, which Qiita requests from the
+        Identity Provider, e.g. "profile email eduperson_orcid".
+        Will be automatically extended by the scope "openid", to enable the
+        "authorize_code" OIDC flow.
+    logo : str
+        Optional. Name of a file in qiita_pet/static/img that shall be
+        displayed for login through Service Provider, instead of a plain
+        button
 
     Raises
     ------
@@ -410,7 +416,7 @@ def _get_portal(self, config):
                 raise ValueError(msg % (name, val, 'larger than 180°'))
 
     def _iframe(self, config):
-        self.iframe_qiimp = config.get('iframe', 'QIIMP')
+        self.iframe_qiimp = config.get('iframe', 'QIIMP', fallback=None)
 
     def _get_oidc(self, config):
         """Get the configuration of the open ID connect section(s)
@@ -436,14 +442,18 @@ def _get_oidc(self, config):
                     if provider['redirect_endpoint'].endswith('/'):
                         provider['redirect_endpoint'] = provider[
                             'redirect_endpoint'][:-1]
-                provider['authorize_url'] = config.get(
-                    section_name, 'AUTHORIZE_URL')
-                provider['accesstoken_url'] = config.get(
-                    section_name, 'ACCESS_TOKEN_URL')
-                provider['userinfo_url'] = config.get(
-                    section_name, 'USERINFO_URL')
+                provider['wellknown_uri'] = config.get(
+                    section_name, 'WELLKNOWN_URI')
                 provider['label'] = config.get(section_name, 'LABEL')
                 if not provider['label']:
                     # fallback, if no label is provided
                     provider['label'] = section_name[len(PREFIX):]
                 self.oidc[section_name[len(PREFIX):]] = provider
+                provider['scope'] = config.get(
+                    section_name, 'SCOPE', fallback=None)
+                if not provider['scope']:
+                    provider['scope'] = 'openid'
+                if 'openid' not in provider['scope']:
+                    provider['scope'] = 'openid %s' % provider['scope']
+                provider['logo'] = config.get(
+                    section_name, 'LOGO', fallback=None)

qiita_core/support_files/cert.conf

@@ -0,0 +1,7 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost

qiita_core/support_files/ci_rootca.crt

@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDSzCCAjOgAwIBAgIUMpJXCX29kpvz+72BzsmGaOl8+TowDQYJKoZIhvcNAQEL
+MIIDSzCCAjOgAwIBAgIUNZa06QPa5si7H/HCG2E4s0opIO0wDQYJKoZIhvcNAQEL
 BQAwNTESMBAGA1UEAwwJbG9jYWxob3N0MQswCQYDVQQGEwJVUzESMBAGA1UEBwwJ
-U2FuIERpZWdvMB4XDTIzMDUzMDE3NTcyMVoXDTI0MDUyMDE3NTcyMVowNTESMBAG
+U2FuIERpZWdvMB4XDTI0MDUzMTEzMjU0MVoXDTMzMDgwODEzMjU0MVowNTESMBAG
 A1UEAwwJbG9jYWxob3N0MQswCQYDVQQGEwJVUzESMBAGA1UEBwwJU2FuIERpZWdv
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf68iVrck7gh3edXdxsQ
-bBJCCnL4bXjmj4xRJx9FKo3W4JniTam90VVlNslaP6m3VS3Ri7c5gu+Q9d7WckxJ
-kll2Q8DpY2FT+eB4d+f00MQ/6V7Ec8r7IItWHvgHts09Y69SIxN+C5X98gAMCHy+
-mRrMGdTTU6DwdrBqpIm8GutHx0VhZMQ8537prN0Xp/yv1uX3mij/yQ6ZnygkUePb
-wo/0An3bcmI3aDHjWSr4s66PeScN15nfPikdN8ldu4HpvJL05kcm6Y07ha6LUwn/
-IFb6m770rq8/6fseDXBfn+4sN68fKMoL/nxPpZ4ZmFdxGhyXxzAWe2mSQnEwMxdL
-YQIDAQABo1MwUTAdBgNVHQ4EFgQUd3FeuztN3EoPrxVEPhCpdBjeK+cwHwYDVR0j
-BBgwFoAUd3FeuztN3EoPrxVEPhCpdBjeK+cwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQsFAAOCAQEAgU/2MQBSs2lPdNDjglCfKuviTgZzoMnI9EkPE8OBZTPz
-MrRRdI+IYsS2bxPkBleuiqpU0xbGB34pUlwaQO8620mioHHbgk9dKRHhl/iS2cua
-kCa9yOkgF4aK5eC8UQVvECyvUemH9iwsymCIMF77ZR+tgjSDjJKYv8qkyuG12TTE
-G58C0UUMguhYJXUJ5pdG4j39ybE5Dgfj+308jYZNvW8A+Cv9xNdsgUWpU7q8bVOT
-S9kDaJ5dOVzQ/sfeeZwOyaDaFt5dO8QvxgijBDzXqdeLA/tQi//vVCkavrd3vBkz
-QH/xQdCvrpg5qdleZ4leuQTeqIc235ZJJJmf+DUGSw==
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtb407C1Ow2o0533qIm9
+gerc1aYPoig0eVm91so5IjtbLkSZYGRUaoCF/moFlwn0JWYY7422wfDhvjXTamKz
+sgbowNh8a9rVaQxFOuZTWiN6JNY3Ztfgtq+Y1y6PRUKCb99E2KUXp8Ju5GvEOEj2
+/AQtVAI4vKFggeHSCpTKaZDrV+/muU1mmkb/5diHW5gM19VOihpbj/W5Ki4NXutI
+qNRStlKQMYWiptmbfqzbAU7soA36VjdpbVBsQJurPOWqsWQdivF/NFgl4FsjDEeF
+CB/oZ1SHe/ig2crwrRT7UZjpnZq4g4jDafzGPCBY7aUGETsz32BMPV2P22yKjicP
+pwIDAQABo1MwUTAdBgNVHQ4EFgQUVn2t2bu0rUhb5lsQwvCdO+C3Wd0wHwYDVR0j
+BBgwFoAUVn2t2bu0rUhb5lsQwvCdO+C3Wd0wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAZDqPWyueFdXpT7ZxyfOOAaklbOuXxpOKaU73f4/SewM6
+029lPutTRWaY+j0AiTq8yMbV5Eq7W09krDFCgS/SEE1Pc0ouAkS84iYqneLP2+n/
+qgbh6X4+Hiez0dnLJScMZT3IJB8HVKPUVoHp5zeDXH7i10LfD90g+ynKsMxUrmuu
+MQ/LCt8kWOz2m6fLLYWOLmgWuv7IkZXo5/ShryYgE8gk9hDY62qlLgp5yC6o9mOh
+OM91RLYk461tP+BA72t2TXZ+smihV/eF2YHjnto85HOHAde2tVADsQqz/sSiqXuc
+7Hxn0nKlwIBYD1zvoxqqL2YUHa4wp2fOp1jJ9H3zNA==
 -----END CERTIFICATE-----

qiita_core/support_files/ci_rootca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDC1vjTsLU7DajT
+nfeoib2B6tzVpg+iKDR5Wb3WyjkiO1suRJlgZFRqgIX+agWXCfQlZhjvjbbB8OG+
+NdNqYrOyBujA2Hxr2tVpDEU65lNaI3ok1jdm1+C2r5jXLo9FQoJv30TYpRenwm7k
+a8Q4SPb8BC1UAji8oWCB4dIKlMppkOtX7+a5TWaaRv/l2IdbmAzX1U6KGluP9bkq
+Lg1e60io1FK2UpAxhaKm2Zt+rNsBTuygDfpWN2ltUGxAm6s85aqxZB2K8X80WCXg
+WyMMR4UIH+hnVId7+KDZyvCtFPtRmOmdmriDiMNp/MY8IFjtpQYROzPfYEw9XY/b
+bIqOJw+nAgMBAAECggEAJy8Mg6Y6DFJG7agLMn3g+su89cqbwkTLqMv/fb7VlqjR
+QZDSN6x1vaVzTSMNVL7PtuW9hg+9/WrwO0yf4/lNojP5gy8GdrpfyOyKz7macbpI
+yje6lJg9vP+7gSr/7THfAZipQ9iP1VEo9A8oOxmRckV0yDxaJLVfrz82+qHJw0jj
+Iy/8kkKtQEZ8gN547IDVladRunAGU4xYl9n9hPDfAbA3lPkjNTytzPk8Be4X98kW
+K2L4Q0wloRV6/n7qDamyjFsDarswxFA+TXypiESxQHFCdNiSKqAv3DHE6QcYRWQK
+vwa5QfCIHFpMsclbmGvB9WSPxC6HcMppcWyf5V9RgQKBgQD/xlK2X0ig1yqn9OMX
+oo8XRWZqC4skn3/I8RkeMKS1dBg3o0v3c6uF4RY4i35lMZdPewFtYy8SEQa3XMSk
+6z/DCeBKzIbjqxv5pSFrMu2MR72SlmnTkbyq6T4t+OIII75T11XtbQLidDvZNgQI
+8lnQQsJfBJZQQ/+ERICNomMGlwKBgQDDAuh6gVic/lF4geCAhkRarjrZlUohWUuD
+1jSbSuXs5GoxMZ9+b2JAA2SUxIY3itw/SCT0ASoylmuAcoaZ7OJsjEq5EjJx5uns
+GcJ6TDeGIa9ttGwU5FyLLnCdM4ndGtAYAcDdQWAAkGT+gNOQgqX81bnqhEWGNDkY
+9LxCL0vxcQKBgGjD90U0Ki+XcqVxLUOVFj9V8ekl6UyK+HB6MOuoyQ56CyFfBdLJ
+0kv4Mn3exVr1wSCRJbiEk9c2miWpHfLfWTKubOy2cdn3UHIlLVcXeS2ohQHyEk7S
+txDakNmLxCnJWkBFR7EEodXX/luuQGDZw+gGME9zNY6TC6pF1NIu3ZjpAoGAf4HQ
+RgF60jPLS1MIWqDv4qbXHdtqPAHpyUru3LcNPWZgNMgwc/gaMqbFRix1Ya2ussXW
+O6DjWW5W3gaEEfL8XWMhnH7Ucvs76j8xlMtu5onx7XYx0Ts7c1mrEm5XbzWP6JKE
+62ZKgjPnhSzwqCV0qKuKQ1e3KbfNuY6T5WaNblECgYAZs2s3Hw8eBPDFHVqRdHfl
+a5+M8cXk2pUytNCGwJZ/Q/OJLUH/M9VOUE6ncHs4iX2XoCrHHqHjwZ2s3wgryS2n
+8RJP8Zx0ZQqkgrXrfxxABY8UJsmUQu4X5EksoCYgv6owqNM6NuQBnfSwY6y8TjFs
+4+5t5RSoyHDQeIc4OKiCdA==
+-----END PRIVATE KEY-----

qiita_core/support_files/ci_rootca.srl

@@ -1 +1 @@
-2FB946B7AAF21FDC0387BAA7B5ABF5D91E0D9F4B
+2FB946B7AAF21FDC0387BAA7B5ABF5D91E0D9F4C

qiita_core/support_files/ci_server.crt

@@ -1,22 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgIUL7lGt6ryH9wDh7qntav12R4Nn0swDQYJKoZIhvcNAQEL
+MIIDoTCCAomgAwIBAgIUL7lGt6ryH9wDh7qntav12R4Nn0wwDQYJKoZIhvcNAQEL
 BQAwNTESMBAGA1UEAwwJbG9jYWxob3N0MQswCQYDVQQGEwJVUzESMBAGA1UEBwwJ
-U2FuIERpZWdvMB4XDTIzMDUzMDE4MDQzMloXDTI0MDUyOTE4MDQzMlowbjELMAkG
+U2FuIERpZWdvMB4XDTI0MDUzMTEzMjcwNVoXDTMzMDgxNzEzMjcwNVowbjELMAkG
 A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVNhbiBEaWVn
 bzENMAsGA1UECgwEVUNTRDETMBEGA1UECwwKS25pZ2h0IExhYjESMBAGA1UEAwwJ
-bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBP9ojX6
-JJQkZQ/awx45BDiqCJTdggCVMhCF1dDwYHpNIADWVLqXosUOml2lPp8QAD3MrklB
-+blpPCjvBl/DqVsSqoGN3U3ocFyon4+7XzIXuI2js/Bf42PRCIDvu65WNNpfVmfC
-k1Pc4iTe/pIZEErZ4gENsTdhjvFmiWW+UPwGNu3Ud0RpQtQkvs0mKpp/91RZm4Ra
-woMa3fapfpLYzToSnAHfqP+1eCabLIpYp3Rsj2b0KsaMqyRO1xtb2lCf5nwEG08+
-pctKjObWL03Gza41gcoWn0PGU7Dtks3gNStovcYqTC/roUK5zd+BN6GhdADLEE6r
-RGhoJDSEZS9XewIDAQABo3AwbjAfBgNVHSMEGDAWgBR3cV67O03cSg+vFUQ+EKl0
-GN4r5zAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAUBgNVHREEDTALgglsb2NhbGhv
-c3QwHQYDVR0OBBYEFOk1W4cBT/aN3Q2q4k3OpL6RKgikMA0GCSqGSIb3DQEBCwUA
-A4IBAQBuqKdaQTIHU3al0oa1jGISIRs8WjKi0AswzOiKoeiXbGIsAC0csiW8ErcU
-nwPOB8dKU4AgMrcTjTE+vKw7yie7yQ8tAg+dkNPsjz6ZCbRAttdxDfvO30/cL3Je
-YgIc+A8WAeTUQ4mGWTBlTYZhFG+xMu7La7oPDhvNcAWYQhTj6rUnZ5/ggAygX+wn
-UtR8gjSJU4WxFzyFDVNk9KnqeRC2l1mZHsgyUe+ne534EOiUzxa8D07t+L4jt/0X
-EWGu1/GFODOwOtn9UzKw1I1jaiff5/e3CvSDzK53RY1lWqbdhqoiaMLLWjanjA2i
-KZ/gjVd9s6htU1ede2oLbQ11gRdL
+bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuC9jQSL2
+Zt0S8YHc4T42UMgK1o7qtXRG/G3BWkZYXrcFQHD3CFt4kvBOrWpyqulVDvmhMXbI
+ZUra/Mw5lcL6c3PV4CWa1O/zfJ7OmitXsXq4iuCgizNOD6ms7bNGWXvDoV8pxZ1N
+hKwzWZyKstwgIrutG4GWQbfq1Q+9JsLS4xuPd4+C+0IJpPy6TZ2jswbWjIV1Iikg
+S2w8ZQKNXUoM27cR9m/VXcPUNnzpJPfiYw3r4zezR1ce8wjsownx7LuV1V5NQwnn
+5vXEQRgm5MfLvJZ7i4cE9LX4PY8luPdPBbrfiMvuHJ+9F9K/Ma1xMolAdupNWCt0
+5dfN4/ozEsFYGwIDAQABo3AwbjAfBgNVHSMEGDAWgBRWfa3Zu7StSFvmWxDC8J07
+4LdZ3TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAUBgNVHREEDTALgglsb2NhbGhv
+c3QwHQYDVR0OBBYEFKw6A/4GELz92LjFfSZuZZicn5x/MA0GCSqGSIb3DQEBCwUA
+A4IBAQA2Rh1+Gwi4Wg2IU2g2lckzVBhQmoNgh2ei806K9P12//9sRUT41fwrzGo7
+WHYKJbMP/6l204brq4c6W51xW5QVMtfBHQ4jP3e8Ryq4M/7QNBqfrf7ufzW1cIfj
+kFBukbhZx/cmnTNM5j6cUbinx4GVkxQMJqxGRKVt94updY9T/SrKI4IqFVV9SzsW
+ElqNpmRGElUs05GujBjN7KryUN0ilM3H8aieEIAZlH3TNncVudcdV5+0A6Mkxw8d
+JmsJ1qATnR6ruJmHwjuagY3CYbhDSaQlGbQOKPor7XcT45R36crYuXdWkOh6A0Mx
+Q/uy5CFcuPA1ZCfs0jwDpdBjcUm0
 -----END CERTIFICATE-----

qiita_core/support_files/ci_server.csr

@@ -2,17 +2,17 @@
 MIIC4DCCAcgCAQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
 EjAQBgNVBAcMCVNhbiBEaWVnbzENMAsGA1UECgwEVUNTRDETMBEGA1UECwwKS25p
 Z2h0IExhYjESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAvBP9ojX6JJQkZQ/awx45BDiqCJTdggCVMhCF1dDwYHpNIADW
-VLqXosUOml2lPp8QAD3MrklB+blpPCjvBl/DqVsSqoGN3U3ocFyon4+7XzIXuI2j
-s/Bf42PRCIDvu65WNNpfVmfCk1Pc4iTe/pIZEErZ4gENsTdhjvFmiWW+UPwGNu3U
-d0RpQtQkvs0mKpp/91RZm4RawoMa3fapfpLYzToSnAHfqP+1eCabLIpYp3Rsj2b0
-KsaMqyRO1xtb2lCf5nwEG08+pctKjObWL03Gza41gcoWn0PGU7Dtks3gNStovcYq
-TC/roUK5zd+BN6GhdADLEE6rRGhoJDSEZS9XewIDAQABoC0wKwYJKoZIhvcNAQkO
+AQ8AMIIBCgKCAQEAuC9jQSL2Zt0S8YHc4T42UMgK1o7qtXRG/G3BWkZYXrcFQHD3
+CFt4kvBOrWpyqulVDvmhMXbIZUra/Mw5lcL6c3PV4CWa1O/zfJ7OmitXsXq4iuCg
+izNOD6ms7bNGWXvDoV8pxZ1NhKwzWZyKstwgIrutG4GWQbfq1Q+9JsLS4xuPd4+C
++0IJpPy6TZ2jswbWjIV1IikgS2w8ZQKNXUoM27cR9m/VXcPUNnzpJPfiYw3r4zez
+R1ce8wjsownx7LuV1V5NQwnn5vXEQRgm5MfLvJZ7i4cE9LX4PY8luPdPBbrfiMvu
+HJ+9F9K/Ma1xMolAdupNWCt05dfN4/ozEsFYGwIDAQABoC0wKwYJKoZIhvcNAQkO
 MR4wHDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQELBQAD
-ggEBADRoQqr5R8MA1fcCjSAu/eae24gb9YtY4Fcexwe1dJ3or7ui9f1Lg+mnomn0
-9B/2swSd2HRuV7xNQcHLef7CE7hJHWkvPzZotfGRfnENIdjhA60ksvugSLo/wt2x
-uK6tm33xDho9ekvY86dUj+eGzz8HUI6l51kijdIZ5Pg6FcXC7YwiZwRZa5hHGJdj
-biYYOqrmphAkDcULsvGIrikT16Qku+vXHRMdKA0tkaYEBdAzZiLCFN05mNAZz9F1
-qmqvGDer6DQ973UEhCjlqabjyc/2Muq/1fEySgBZNtn/ZU7optYgZv1jiwb/jifW
-yFqGYcs0GE5i6NervHDVWwxD2fg=
+ggEBADIezuiYMz8gm1M0rzPGZdCk/h2r2Nz5xUBCmOHjOVtzcmB0jaAQF6clN8gh
+Uad3fRq3/+MEJKJo1P0N62priCk/oSMdJAbjvoCu39eSHUnsmeKurvCp2VZdCl7v
+2siTBlyH7LCiNAQ9gMJOr85lThaY7wl+FlIuyQ3uazhFqxZUpPnsVdmT/rnfnLee
+rsmgZnCgSHnNubD/FaBOl/UMtFmT1Ff7gvsvtFejTFBoAWJ07bDrfaKpTkc02h3m
+10rr9YJzi+iY0AO9I1Ac9CDXrsq1DPyf0mBmbs/TKVa77lQ5OCTplSeyRRCbzwkO
+YK+3NzntO3H+LD0kmKTW9AzafNU=
 -----END CERTIFICATE REQUEST-----

qiita_core/support_files/ci_server.key

@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8E/2iNfoklCRl
-D9rDHjkEOKoIlN2CAJUyEIXV0PBgek0gANZUupeixQ6aXaU+nxAAPcyuSUH5uWk8
-KO8GX8OpWxKqgY3dTehwXKifj7tfMhe4jaOz8F/jY9EIgO+7rlY02l9WZ8KTU9zi
-JN7+khkQStniAQ2xN2GO8WaJZb5Q/AY27dR3RGlC1CS+zSYqmn/3VFmbhFrCgxrd
-9ql+ktjNOhKcAd+o/7V4JpssilindGyPZvQqxoyrJE7XG1vaUJ/mfAQbTz6ly0qM
-5tYvTcbNrjWByhafQ8ZTsO2SzeA1K2i9xipML+uhQrnN34E3oaF0AMsQTqtEaGgk
-NIRlL1d7AgMBAAECggEADvu0uAh+zg0zPQ3fSq4MssZk3VwmrWWofR2N2/PSQo1b
-uZH3gTaAQApc2HVfZba8Spihxry1UdSwiodkS2izqLlFqmm5yIidXN403MlRjwrp
-kt1Nzlb2/KGGFJxY/OWtnnZLJBIOETicHzP6w+MVthOQeg3FbnnP/thCZ+3AFKlr
-8XkXb8PbAtrLgOIYavT7XcwRAjogs37W9wZDa5HkGixH6R8PWp8p8Tj++cnegiWZ
-kqqxeIVhR1Ztp0NaM52gZNvi/e51fM1bMwbMGmdJguU/dB6O7NzSTYv1df/2WPIe
-8lbXMSo3d+RKQVNvPw0H9Zr38ju7xhjLwf8Wqq0p4QKBgQD8wjxhKvjVM2WoQF+k
-NRjmbQmgZqdRWPraXf4cFpHKMWVMKyzqLeG49SaMTrxSdSKN4NPYKJkGo3O6Vreo
-hwGXhyTRPdqOx8nE9hefFR6SOINcqvjdOiDK5M++HplaA8FbC5gdnrgYgPEU8yer
-rvGpZZFYv4yxueCW3SftBLwJcQKBgQC+fWtWhdhpUWPgrv1nbgJYCxRnmgLkwRQF
-kbWmX0LTeNodmew55bBe2juGazkMUyqbvTjuclKzQIh4w5zyrWPrkP89wl4cgtAM
-Nto9wsn0+m6LTOM3j2pRE0YLnO4+RDhKYEGvg95FqVQKE6kMFWXUuLrIaDYI8hva
-wEQDzLkZqwKBgQDAhzN20ES6IWxNvLsdWVSeMHAkvgy06hIqQ25L9uUWHooKeti7
-iDdnq1Sxi0fnh1HKwHadME9fvyFnzqYWuL99rHNe7r6MA6KtZMaZZnzi5CkrbRAj
-cyOHaMLVDnnBFxsxPqOf7EZOY+k/C/grzhZF8hfEgiOpPOzV/Z9r6y9QAQKBgQCB
-VQYbqKRWXTxCwIysPLS6sksYTCjKx4yge12pp+PnUJZGossQRDKLNABWM1Z4V78G
-HmMZAeXEbnw6AhX9blv5BGlHtT/Qe8BlipiCdk5IVf/X9EwQ3P6CLWPRXqsi+458
-cP4n/JBdG6pDbTXJTn3k/8dRae/GAxuGWiPTsJu8IQKBgDiZiKsdN2sV0GguJY89
-cvz62JwELGsA0VvKIQy4+ZRaTmxQByRuz4ad2LWPjWnxRHxnRZQHlrqidzRJhOKn
-r2wH35ScNDiuF03q0cf0DoAq/baQ2woNg2gTV5FcEaf1DuLCqiNXsAOfWPyY6hTu
-71mg/F74UlfLqZLjgM0Hb8JO
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4L2NBIvZm3RLx
+gdzhPjZQyArWjuq1dEb8bcFaRlhetwVAcPcIW3iS8E6tanKq6VUO+aExdshlStr8
+zDmVwvpzc9XgJZrU7/N8ns6aK1exeriK4KCLM04Pqazts0ZZe8OhXynFnU2ErDNZ
+nIqy3CAiu60bgZZBt+rVD70mwtLjG493j4L7Qgmk/LpNnaOzBtaMhXUiKSBLbDxl
+Ao1dSgzbtxH2b9Vdw9Q2fOkk9+JjDevjN7NHVx7zCOyjCfHsu5XVXk1DCefm9cRB
+GCbkx8u8lnuLhwT0tfg9jyW4908Fut+Iy+4cn70X0r8xrXEyiUB26k1YK3Tl183j
++jMSwVgbAgMBAAECggEAUpbVL+EIkilxlB/CNrIZ0vFQgtNFBaalKg3hFKTUfWwe
+C75b10CE+YaOEQ7ZajAEtxlSoYZ854bAWXkOHUx314tKjR7vpaoPCYOAavsicG/y
+DjwZYTHZQAa6hz/LPNbVayfr6DPYDbTVtcoPG5K/SjPTtLDP+poI0A8lpxrXS4RO
+Vpmo3XBOgqSuZm1uA3o/Lqs66tUZVfBtNo7/D4vUebbj0j4GUFPqMQ1kPbquj61p
+/mg87xejmFf7kfw/49f75ETaw08vh2J+7ubJMv8D4p8C0biUrBbqzYRpxWiw96WG
+alcBwU+m+meuPGK8Chpg7vQCv6FjJp74MuDkmOG/CQKBgQDhyNIsiEpEvZVcKM/0
+wYzutTaZGCqPPhsGAZVGB7ers+waGGHuMCb+VyR2AVnd0Zi9s5oRQzEDQt0DZolB
+Iy4PjP5MDTmbUlWRsHDeQh+SvXV6LzU3YVrzJhvKbYB1Ak+CrfmzvaIFTYxxgfFP
+e4bRDRzuNUJctwBPnikmEIH2LwKBgQDQ1WjDlXaW1rzBgRn9pqb7JWbNSBABVz5i
+zITCTrVNlcUwHYbEmY2EMfwf3c4ndnGwpgSoqzW4ukEUk1SEOCTygF1vQlLXBCFx
+4CWWp+8vq4BCionUtotRBAxwOsuiwSFrnOou8GNwCwdpJxkNQxfE2eZyCM0tMdQm
+UNF2/irt1QKBgGNrhHCrith+CpjMN9X0rFQoY2RCaestU8TvSYXOvCfVUC+lcOnr
+NiBkyt9TdPjh5DoULdFQHvLqrFtk+Sc/kHa0hP2EDUvBk4BViz2zLCf3WRV2WB6M
+tfm/XBlk4l2jqNNIPF3TMNbY8PDCYTm4kQLYnVafCRu+UVq9sCzcs/1tAoGAU8Kl
+CH10WT+76akMca5cHzN7Li8PLFp/zUTWotDK61l9A7V0DnrARht+UpG2VCGvq/iK
+udQh8fvSipwlM/sI5rMRxsRFUbR4baJHsUueJfKVuRqz+btV2aLUEleiwZ7Q9saz
+Lyx/1bq2uDhUVftpFy2GvopFMTFhNBUKTr3XHhkCgYEAlT6kBYPBr21uNe6Kpkbw
+fsIaiaypxKtY29kFkALu9AX+B8JExacq1AgdnNgFxwAUA0lpBXOkkGClkSiF0vK7
+LdHIPBlkgwKLVL6fqmQ3cfwQV82jIoesiEMvvHOyAvPYQkkYTZK46vl4XH52+WTr
+LEluqA2De7Zc9mdvWENRT00=
 -----END PRIVATE KEY-----