Merge branch 'main' into im/typo

.expeditor/release.omnibus.yml

@@ -20,3 +20,5 @@ builder-to-testers-map:
     - ubuntu-22.04-x86_64
   el-8-x86_64:
     - el-8-x86_64
+  el-9-x86_64:
+    - el-9-x86_64

.github/workflows/brakeman-analysis.yml

@@ -25,11 +25,11 @@ jobs:
     steps:
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Customize the ruby version depending on your needs
     - name: Setup Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
         ruby-version: '2.7'
 

.github/workflows/sonarqube.yml

@@ -0,0 +1,27 @@
+name: SonarQube scan
+
+on:
+  # Trigger analysis when pushing to your main branches, and when creating a pull request.
+  push:
+    branches:
+      - main
+      - develop
+      - 'release/**'
+  pull_request:
+      types: [opened, synchronize, reopened]
+
+jobs:
+  sonarqube:
+    runs-on: ip-range-controlled
+#   runs-on: ubuntu-latest
+#    needs: [build]
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        # Disabling shallow clone is recommended for improving relevancy of reporting
+        fetch-depth: 0
+    - name: SonarQube Scan
+      uses: sonarsource/sonarqube-scan-action@master
+      env:
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

CHANGELOG.md

@@ -1,12 +1,92 @@
 # Chef Server Changelog
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release -->
+<!-- latest_release 15.7.3 -->
+## [15.7.3](https://github.com/chef/chef-server/tree/15.7.3) (2023-07-06)
+
+#### Merged Pull Requests
+- CHEF-3465 Replace download links [#3683](https://github.com/chef/chef-server/pull/3683) ([IanMadd](https://github.com/IanMadd))
 <!-- latest_release -->
 
-<!-- release_rollup -->
+<!-- release_rollup since=15.7.0 -->
+### Changes since 15.7.0 release
+
+#### Merged Pull Requests
+- CHEF-3465 Replace download links [#3683](https://github.com/chef/chef-server/pull/3683) ([IanMadd](https://github.com/IanMadd)) <!-- 15.7.3 -->
+- Docs update [#3676](https://github.com/chef/chef-server/pull/3676) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) <!-- 15.7.2 -->
+- Update supported platforms page [#3675](https://github.com/chef/chef-server/pull/3675) ([IanMadd](https://github.com/IanMadd)) <!-- 15.7.1 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [15.7.0](https://github.com/chef/chef-server/tree/15.7.0) (2023-06-14)
+
+#### Merged Pull Requests
+- Integrating with sonarcubes [#3628](https://github.com/chef/chef-server/pull/3628) ([vinay-satish](https://github.com/vinay-satish))
+- Bump activesupport from 7.0.4.1 to 7.0.4.2 in /oc-chef-pedant [#3588](https://github.com/chef/chef-server/pull/3588) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump mixlib-install from 3.12.24 to 3.12.27 in /src/chef-server-ctl [#3591](https://github.com/chef/chef-server/pull/3591) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump nokogiri from 1.14.0 to 1.14.2 in /src/oc-id [#3602](https://github.com/chef/chef-server/pull/3602) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump pg from 1.4.5 to 1.4.6 in /src/chef-server-ctl [#3612](https://github.com/chef/chef-server/pull/3612) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Update release process docs [#3631](https://github.com/chef/chef-server/pull/3631) ([lbakerchef](https://github.com/lbakerchef))
+- Bump nokogiri from 1.14.2 to 1.14.3 in /src/oc-id [#3643](https://github.com/chef/chef-server/pull/3643) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump omnibus-software from `6a1c889` to `67a1705` in /omnibus [#3660](https://github.com/chef/chef-server/pull/3660) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit))
+- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik))
+- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish))
+<!-- latest_stable_release -->
+
+## [15.6.2](https://github.com/chef/chef-server/tree/15.6.2) (2023-03-17)
+
+#### Merged Pull Requests
+- Update default OpenJRE to 11.0.18+10 [#3623](https://github.com/chef/chef-server/pull/3623) ([lbakerchef](https://github.com/lbakerchef))
+
+## [15.6.1](https://github.com/chef/chef-server/tree/15.6.1) (2023-03-07)
+
+#### Merged Pull Requests
+- Disable caching on SSL pages [#3570](https://github.com/chef/chef-server/pull/3570) ([lbakerchef](https://github.com/lbakerchef))
+- Normalize host header case [#3587](https://github.com/chef/chef-server/pull/3587) ([lbakerchef](https://github.com/lbakerchef))
+- Bump omnibus-software to pull in the OpenJRE update [#3609](https://github.com/chef/chef-server/pull/3609) ([lbakerchef](https://github.com/lbakerchef))
+- Update Erlang dependencies [#3611](https://github.com/chef/chef-server/pull/3611) ([lbakerchef](https://github.com/lbakerchef))
+- Bump spring from 4.1.0 to 4.1.1 in /src/oc-id [#3572](https://github.com/chef/chef-server/pull/3572) ([dependabot[bot]](https://github.com/dependabot[bot]))
+
+## [15.5.1](https://github.com/chef/chef-server/tree/15.5.1) (2023-02-08)
+
+#### Merged Pull Requests
+- Update release process documentation [#3567](https://github.com/chef/chef-server/pull/3567) ([lbakerchef](https://github.com/lbakerchef))
+- Updated license_scout to 1.3.4 [#3595](https://github.com/chef/chef-server/pull/3595) ([jashaik](https://github.com/jashaik))
+- Update opensearch version to 1.3.7 in chef-server. [#3573](https://github.com/chef/chef-server/pull/3573) ([sreepuramsudheer](https://github.com/sreepuramsudheer))
+- Adding opensearch config to gen_frontend/backend [#3596](https://github.com/chef/chef-server/pull/3596) ([jashaik](https://github.com/jashaik))
+- Forward ports from dev vm to host [#3594](https://github.com/chef/chef-server/pull/3594) ([lbakerchef](https://github.com/lbakerchef))
+- Updated upgrade docs with a note [#3600](https://github.com/chef/chef-server/pull/3600) ([jashaik](https://github.com/jashaik))
+
+## [15.4.0](https://github.com/chef/chef-server/tree/15.4.0) (2023-01-05)
+
+#### Merged Pull Requests
+- Bump selenium-webdriver from 4.5.0 to 4.6.1 in /src/oc-id [#3498](https://github.com/chef/chef-server/pull/3498) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump capybara from 3.37.1 to 3.38.0 in /src/oc-id [#3499](https://github.com/chef/chef-server/pull/3499) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump mixlib-install from 3.12.20 to 3.12.24 in /src/chef-server-ctl [#3507](https://github.com/chef/chef-server/pull/3507) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump jquery-rails from 4.5.0 to 4.5.1 in /src/oc-id [#3509](https://github.com/chef/chef-server/pull/3509) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Made nginx[ssl_port] read from config for reindex. [#3501](https://github.com/chef/chef-server/pull/3501) ([sreepuramsudheer](https://github.com/sreepuramsudheer))
+- Document: Added documentation for user public key update methods. [#3492](https://github.com/chef/chef-server/pull/3492) ([sreepuramsudheer](https://github.com/sreepuramsudheer))
+- Bump omnibus-software from `e9632cb` to `ab655a5` in /omnibus [#3512](https://github.com/chef/chef-server/pull/3512) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- sqerl master -&gt; main [#3504](https://github.com/chef/chef-server/pull/3504) ([lbakerchef](https://github.com/lbakerchef))
+- Fix Makefile for bumping Erlang deps [#3503](https://github.com/chef/chef-server/pull/3503) ([lbakerchef](https://github.com/lbakerchef))
+- Fix chef_authn reference [#3523](https://github.com/chef/chef-server/pull/3523) ([lbakerchef](https://github.com/lbakerchef))
+- Bump pg from 1.4.4 to 1.4.5 in /src/oc-id [#3520](https://github.com/chef/chef-server/pull/3520) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump pg from 1.4.4 to 1.4.5 in /src/chef-server-ctl [#3518](https://github.com/chef/chef-server/pull/3518) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Update ruby-setup to the actively maintained codebase. Update actions to v3 [#3539](https://github.com/chef/chef-server/pull/3539) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit))
+- Upgrade most bookshelf, bifrost, and oc_erchef Erlang dependencies. [#3537](https://github.com/chef/chef-server/pull/3537) ([lbakerchef](https://github.com/lbakerchef))
+- Bump timecop from 0.9.5 to 0.9.6 in /src/oc-id [#3531](https://github.com/chef/chef-server/pull/3531) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump bigdecimal from 3.1.2 to 3.1.3 in /src/oc-id [#3535](https://github.com/chef/chef-server/pull/3535) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump nokogiri from 1.13.9 to 1.13.10 in /src/oc-id [#3542](https://github.com/chef/chef-server/pull/3542) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump selenium-webdriver from 4.6.1 to 4.7.1 in /src/oc-id [#3536](https://github.com/chef/chef-server/pull/3536) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump config from 4.0.0 to 4.1.0 in /src/oc-id [#3513](https://github.com/chef/chef-server/pull/3513) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump sinatra from 2.2.0 to 3.0.4 in /src/oc-id [#3532](https://github.com/chef/chef-server/pull/3532) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Bump omnibus from `d1fe3bb` to `2c058e1` in /omnibus [#3546](https://github.com/chef/chef-server/pull/3546) ([dependabot[bot]](https://github.com/dependabot[bot]))
+- Automate upgrade of Erlang rebar dependencies [#3534](https://github.com/chef/chef-server/pull/3534) ([lbakerchef](https://github.com/lbakerchef))
+- Add s3_url_type config setting to docs [#3556](https://github.com/chef/chef-server/pull/3556) ([lbakerchef](https://github.com/lbakerchef))
+- Upgrade rebar3 3.6.2 -&gt; 3.20.0 [#3551](https://github.com/chef/chef-server/pull/3551) ([lbakerchef](https://github.com/lbakerchef))
+- Changed erlang version to 24. [#3560](https://github.com/chef/chef-server/pull/3560) ([sreepuramsudheer](https://github.com/sreepuramsudheer))
+- Bump omnibus-software from `ab655a5` to `2be3816` in /omnibus [#3558](https://github.com/chef/chef-server/pull/3558) ([dependabot[bot]](https://github.com/dependabot[bot]))
+
 ## [15.3.2](https://github.com/chef/chef-server/tree/15.3.2) (2022-11-09)
 
 #### Merged Pull Requests
@@ -50,7 +130,6 @@
 - Vhost [#2147](https://github.com/chef/chef-server/pull/2147) ([lbakerchef](https://github.com/lbakerchef))
 - Revert &quot;Bump doorkeeper from 4.4.3 to 5.6.0 in /src/oc-id&quot; [#3495](https://github.com/chef/chef-server/pull/3495) ([vinay-satish](https://github.com/vinay-satish))
 - Revise docs for AWS Settings; Add new `s3_path_or_vhost` configuration [#3481](https://github.com/chef/chef-server/pull/3481) ([lbakerchef](https://github.com/lbakerchef))
-<!-- latest_stable_release -->
 
 ## [15.1.7](https://github.com/chef/chef-server/tree/15.1.7) (2022-08-30)
 

Makefile

@@ -3,8 +3,47 @@ bump: bump_rebars bump_bundles
 bump_rebars: rebar_bookshelf rebar_oc_bifrost rebar_oc_erchef
 bump_bundles: bundle_oc-id
 
-rebar_%:
-	cd src/$* && ./rebar3 upgrade $$TARGET
+# After the rebar3 upgrade from 3.6.2 to 3.20.0, license scout has issues
+# with transitive dependencies referenced as packages in rebar.lock files.
+# So, if we do a blanket upgrade of all dependencies (rebar3 upgrade --all),
+# some transitive dependencies will be referenced as packages, causing license
+# scout issues. Therefore, we upgrade only the dependencies that don't pull in
+# transitive dependencies.
+#
+# To arrive at the list of dependencies to upgrade for an app, start with the
+# deps in the rebar.config, and subtract from that anything pulling in a
+# transitive dependency as seen by running a `rebar3 tree` in the appropriate
+# directory. Problem dependencies in a lock file will be referenced by `pkg`,
+# and will have an entry in a pkg_hash and possibly a pkg_hash_ext section at
+# the bottom (the rebar.lock should not contain these entries).
+#
+# Anything pulling in a problem dependency, and any problem dependencies themselves,
+# should be upgraded by hand.
+#
+# It was observed that upgrading a single dependency, e.g. `./rebar3 upgrade eper`,
+# rewrote the entire lockfile, removing packages.  So if a lockfile ever gets
+# inadvertently polluted, it's something to try.
+#
+#rebar_%:
+#	cd src/$* && ./rebar3 upgrade --all $$TARGET
+
+rebar_bookshelf:
+	cd src/bookshelf; \
+	./rebar3 upgrade cf,chef_secrets,envy,eper,erlsom,erlware_commons,iso8601,meck,mini_s3,mixer,mochiweb,opscoderl_wm,sqerl; \
+	echo "some references are pulled in as git:// - rewriting to https://"; \
+	sed -i '' 's/git:\/\//https:\/\//g' rebar.lock
+
+rebar_oc_bifrost:
+	cd src/oc_bifrost; \
+	./rebar3 upgrade chef_secrets,edown,ej,eper,jiffy,mixer,mochiweb,opscoderl_wm,sqerl,stats_hero; \
+	echo "some references are pulled in as git:// - rewriting to https://"; \
+	sed -i '' 's/git:\/\//https:\/\//g' rebar.lock
+
+rebar_oc_erchef:
+	cd src/oc_erchef; \
+	./rebar3 upgrade cf,chef_authn,chef_secrets,darklaunch,edown,efast_xs,ej,envy,eper,folsom,folsom_graphite,ibrowse,jiffy,mini_s3,mixer,mochiweb,neotoma,opscoderl_folsom,opscoderl_httpc,opscoderl_wm,pooler,prometheus,sqerl,stats_hero,uuid; \
+	echo "some references are pulled in as git:// - rewriting to https://"; \
+	sed -i '' 's/git:\/\//https:\/\//g' rebar.lock
 
 bundle_%:
 	cd src/$* && bundle install --no-deployment && bundle update $$TARGET

RELEASE_PROCESS.md

@@ -27,6 +27,15 @@ In order to release, you will need the following accounts/permissions:
 
 ## THE PROCESS
 
+### Upgrade Erlang Dependencies
+
+Upgrade Erlang dependencies via automated script.  
+See https://github.com/chef/chef-server/blob/main/dev-docs/FrequentTasks.md#updating-erlang-dependencies-using-rebar3 .
+
+### Update documentation
+
+Ensure documentation in [docs-site](https://docs.chef.io/) is updated for changes that would be included in the release.
+
 ### Update Release Notes
 
 #### Pending Release Notes In Wiki
@@ -166,6 +175,18 @@ https://buildkite.com/chef/chef-chef-server-main-habitat-build
 Follow the below document for testing the chef-server version in Automate environment.
 https://github.com/chef/automate/blob/main/dev-docs/DEV_ENVIRONMENT.md
 
+#### Software Versions Check
+
+If any software was bumped or updated (including any CVEs addressed), load up a dev VM and verify that the software is the correct version.
+
+For example, after an OpenJRE bump:
+```
+# /opt/opscode/embedded/open-jre/bin/java --version
+openjdk 11.0.18 2023-01-17
+OpenJDK Runtime Environment Temurin-11.0.18+10 (build 11.0.18+10)
+OpenJDK 64-Bit Server VM Temurin-11.0.18+10 (build 11.0.18+10, mixed mode)
+```
+
 #### Special Testing
 
 Do any special testing specific to the particular release you are doing, as applicable.
@@ -219,18 +240,20 @@ https://discourse.chef.io/c/chef-release/9
 1. Confirm that the release notes from Pending Release Notes are automatically posted on discourse.  Sample post:
 https://discourse.chef.io/t/chef-infra-server-14-10-23-released/20438
 1. Confirm that the data for the Pending Release Notes at https://github.com/chef/chef-server/wiki/Pending-Release-Notes is automatically deleted by expeditor, and only the titles remain.  Notify releng at https://github.com/chef/release-engineering/issues if this does not automatically happen on promote.
-1. Confirm that the release notes appear at https://docs.chef.io/release_notes_server/ .  This should happen automatically via expeditor, but if it does not you need to perform the steps manually and create an issue with releng at https://github.com/chef/release-engineering/issues.
+1. Confirm that the release notes appear at https://docs.chef.io/release_notes_server/ .  This should happen automatically via expeditor, but if it does not you need to perform the steps manually and create an issue with releng at https://github.com/chef/release-engineering/issues.  For instructions on how to proceed with a manual edit, contact docs-support.
 
 In case of release failure, consult appropriate documentation to assist with troubleshooting and correcting the issue.
 https://expeditor.chef.io/dashboard/?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDYxODMwMTgsImlhdCI6MTY0NjE2ODYxOCwiaXNzIjoiaHR0cHM6Ly9leHBlZGl0b3IuY2hlZi5pbyIsInVzZXJfbG9naW4iOiJQcmFqYWt0YVB1cm9oaXQiLCJ1c2VyX25hbWUiOm51bGwsImFjY2Vzc190b2tlbiI6ImdodV95R3o4MkE5dWg5TzdnVXhOMHhEbXQ5bHU1YXM0YUE0TVZuVjYiLCJhZG1pbiI6dHJ1ZX0.5EZ1GvD_ufWmXPzfosGbs11RXYnHNm7gABgc-TpLgkQ#/
 
 ### Automate
 
-1. Create issues in the chef-server repo and in the automate repo to update the version of Chef Infra Server in Automate. Make sure to link the issues to each other.
-1. Bump the version of Automate [placeholder - instructions forthcoming].
+Notify the Automate team that chef server has been released, and give them the version.  Confirm that the hab packages are available for them to consume:
 
-   https://github.com/chef/chef-server/blob/main/dev-docs/AUTOMATE_DEV_ENV.md
-   https://github.com/chef/automate/pull/5269
+   https://bldr.habitat.sh/#/pkgs/chef/oc_erchef/latest  
+   https://bldr.habitat.sh/#/pkgs/chef/oc_bifrost/latest  
+   https://bldr.habitat.sh/#/pkgs/chef/bookshelf/latest  
+   https://bldr.habitat.sh/#/pkgs/chef/chef-server-nginx/latest  
+   https://bldr.habitat.sh/#/pkgs/chef/chef-server-ctl/latest
 
 Chef Infra Server is now released.
 
@@ -260,5 +283,5 @@ https://buildkite.com/chef/chef-umbrella-main-chef-server-full/builds/97#20ad56a
 - verify that manifest contains correct     PASSED
   release number
 - build and release the release             PENDING
-- Create automate issues                    PENDING
+- notify automate                           PENDING
 ```

VERSION

@@ -1 +1 @@
-15.3.2
+15.7.3