Merge branch 'release/2.11.0'

.circleci/config.yml

@@ -7,7 +7,7 @@ orbs:
 executors:
   integration_test_exec: # declares a reusable executor
     docker:
-      - image: cimg/base:stable-18.04
+      - image: cimg/base:stable-20.04
         auth:
           username: dockstoretestuser
           password: $DOCKERHUB_PASSWORD
@@ -68,8 +68,6 @@ jobs:
           username: dockstoretestuser
           password: $DOCKERHUB_PASSWORD
     steps:
-      - browser-tools/install-chrome
-      - browser-tools/install-chromedriver
       - setup_nightly_tests
       - install_cypress_dependencies
       - run:
@@ -112,6 +110,10 @@ jobs:
           command: bash -i -c 'npm run test-<< parameters.stack >>-auth'
           environment:
             MOCHA_FILE: nightly-test-results/junit/test-<< parameters.stack >>-auth-[hash].xml
+      - run:
+          name: Reset dockstoretestuser4's resources
+          # Reset user dockstoretestuser4's resources such that it has no registered tools and published workflows
+          command: bash scripts/reset-dockstoretestuser4-resources.sh << parameters.stack >>
       - upload_nightly_artifacts
       - slack/notify:
           channel: $<< parameters.stack >>_id
@@ -130,9 +132,9 @@ jobs:
           username: dockstoretestuser
           password: $DOCKERHUB_PASSWORD
     steps:
+      - checkout
       - browser-tools/install-chrome
       - browser-tools/install-chromedriver
-      - checkout
       - run:
           name: Checkout merge commit (PRs only)
           command: |
@@ -158,9 +160,9 @@ jobs:
           username: dockstoretestuser
           password: $DOCKERHUB_PASSWORD
     steps:
+      - checkout
       - browser-tools/install-chrome
       - browser-tools/install-chromedriver
-      - checkout
       - run:
           name: Checkout merge commit (PRs only)
           command: |
@@ -225,7 +227,7 @@ jobs:
           key: cypress-cache-{{ .Environment.CACHE_VERSION }}-{{ checksum "./package-lock.json" }}
       - run:
           name: Test
-          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/integration/group1/**/*'
+          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/e2e/group1/**/*'
           no_output_timeout: 30m
           environment:
             MOCHA_FILE: integration-tests/test-results/junit/test-results-[hash].xml
@@ -240,7 +242,7 @@ jobs:
           key: cypress-cache-{{ .Environment.CACHE_VERSION }}-{{ checksum "./package-lock.json" }}
       - run:
           name: Test
-          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/integration/group2/**/*'
+          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/e2e/group2/**/*'
           no_output_timeout: 30m
           environment:
             MOCHA_FILE: integration-tests/test-results/junit/test-results-[hash].xml
@@ -255,7 +257,7 @@ jobs:
           key: cypress-cache-{{ .Environment.CACHE_VERSION }}-{{ checksum "./package-lock.json" }}
       - run:
           name: Test
-          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/integration/group3/**/*'
+          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/e2e/group3/**/*'
           no_output_timeout: 30m
           environment:
             MOCHA_FILE: integration-tests/test-results/junit/test-results-[hash].xml
@@ -270,7 +272,7 @@ jobs:
           key: cypress-cache-{{ .Environment.CACHE_VERSION }}-{{ checksum "./package-lock.json" }}
       - run:
           name: Test
-          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/integration/immutableDatabaseTests/**/*'
+          command: bash -i -c 'npx cypress run --record --config numTestsKeptInMemory=1 --reporter junit --spec cypress/e2e/immutableDatabaseTests/**/*'
           no_output_timeout: 30m
           environment:
             MOCHA_FILE: integration-tests/test-results/junit/test-results-[hash].xml
@@ -361,7 +363,7 @@ jobs:
   upload_to_s3:
     working_directory: ~/repo
     docker:
-      - image: cimg/python:2.7
+      - image: cimg/python:3.11
         auth:
           username: dockstoretestuser
           password: $DOCKERHUB_PASSWORD
@@ -384,7 +386,7 @@ jobs:
             # TODO: https://gui.dockstore.org/${CIRCLE_TAG:-$CIRCLE_BRANCH}-$(echo $CIRCLE_SHA1 | cut -c -7) can probably be made into a bash/circle-ci variable.
             - run:
                 name: Swap for CDN paths
-                command: bash -i -c "find src \( -iname '*.html' -o -iname '*.ts' -o -iname '*.json' \) -exec sed -i 's~\(\.\./\)\+assets/~https://gui\.dockstore\.org/${CIRCLE_TAG:-$CIRCLE_BRANCH}-$(echo $CIRCLE_SHA1 | cut -c -7)/assets/~g' {} +"
+                command: bash -i -c "find src \( -iname '*.html' -o -iname '*.ts' -o -iname '*.js' -o -iname '*.json' \) -exec sed -i 's~\(\.\./\)\+assets/~https://gui\.dockstore\.org/${CIRCLE_TAG:-$CIRCLE_BRANCH}-$(echo $CIRCLE_SHA1 | cut -c -7)/assets/~g' {} +"
             - run:
                 name: Build
                 command: NODE_OPTIONS="--max-old-space-size=1610" bash -i -c 'npm run build.prod -- --deploy-url https://gui.dockstore.org/${CIRCLE_TAG:-$CIRCLE_BRANCH}-$(echo $CIRCLE_SHA1 | cut -c -7)/'
@@ -403,7 +405,7 @@ jobs:
   check_build_develop:
     working_directory: ~/repo
     docker:
-      - image: cimg/python:2.7
+      - image: cimg/python:3.11
         auth:
           username: dockstoretestuser
           password: $DOCKERHUB_PASSWORD
@@ -418,9 +420,22 @@ jobs:
           name: Build
           command: NODE_OPTIONS="--max-old-space-size=1610" bash -i -c 'npm run build.prod'
 
+parameters:
+  run_nightly_auth:
+    type: boolean
+    default: false
+  run_nightly_no_auth:
+    type: boolean
+    default: false
+
 workflows:
   version: 2
   everything:
+    when:
+      not:
+        or:
+          - << pipeline.parameters.run_nightly_auth >>
+          - << pipeline.parameters.run_nightly_no_auth >>
     jobs:
       # Add the tags filter to all jobs so they will run before upload_to_s3
       - audit:
@@ -513,17 +528,11 @@ workflows:
             - dockerhub
 
   nightly_no_auth:
-    triggers:
-      - schedule:
-          cron: "0 10 * * *" # This is 3am PDT / 2am PST
-          filters:
-            branches:
-              only:
-                - develop
+    when: << pipeline.parameters.run_nightly_no_auth >>
     jobs:
       - no_auth_smoke_tests:
-          name: "no_auth_smoke_tests_dev"
-          stack: "dev"
+          name: "no_auth_smoke_tests_qa"
+          stack: "qa"
           context:
             - dockerhub
             - oicr-slack
@@ -541,17 +550,11 @@ workflows:
             - oicr-slack
 
   nightly_auth:
-    triggers:
-      - schedule:
-          cron: "0 11 * * *" # This is 4am PDT / 3am PST
-          filters:
-            branches:
-              only:
-                - develop
+    when: << pipeline.parameters.run_nightly_auth >>
     jobs:
       - auth_smoke_tests:
-          name: "auth_smoke_tests_dev"
-          stack: "dev"
+          name: "auth_smoke_tests_qa"
+          stack: "qa"
           context:
             - dockerhub
             - oicr-slack
@@ -575,7 +578,7 @@ commands:
           name: Install java
           command: |
             sudo apt update -y
-            sudo apt install openjdk-17-jdk -yq
+            sudo apt install openjdk-17-jre -yq
       - run:
           name: Install npm
           command: |
@@ -683,9 +686,9 @@ commands:
           command: bash scripts/wait-for.sh
   setup_nightly_tests:
     steps:
+      - checkout
       - browser-tools/install-chrome
       - browser-tools/install-chromedriver
-      - checkout
       - install_container_dependencies
       - restore_cache:
           key: cypress-cache-{{ .Environment.CACHE_VERSION }}-{{ checksum "./package-lock.json" }}

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,16 +1,29 @@
 **Description**
 A description of the PR, should include a decent explanation as to why this change was needed and a decent explanation as to what this change does
 
+**Review Instructions**
+Describe if this ticket needs review and if so, how one may go about it in qa and/or staging environments.
+For example, a ticket based on Security Hub, Snyk, or Dependabot may not need review since those services
+will generate new warnings if the issue has not been resolved properly. On the other hand, an infrastructure
+ticket that results in visible changes to the end-user will definitely require review.
+Many tickets will likely be between these two extremes, so some judgement may be required.
+
 **Issue**
 A link to a github issue or SEAB- ticket (using that as a prefix)
 
+**Security**
+If there are any concerns that require extra attention from the security team, highlight them here.
+
 Please make sure that you've checked the following before submitting your pull request. Thanks!
 
 - [ ] Check that your code compiles by running `npm run build`
+- [ ] Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
 - [ ] If this is the first time you're submitting a PR or even if you just need a refresher, consider reviewing our [style guide](https://github.com/dockstore/dockstore/wiki/Dockstore-Frontend-Opinionated-Style-Guide#pr-checklist)
 - [ ] Do not bypass Angular sanitization (bypassSecurityTrustHtml, etc.), or justify why you need to do so
 - [ ] If displaying markdown, use the `markdown-wrapper` component, which does extra sanitization
 - [ ] Do not use cookies, although this may change in the future
 - [ ] Run `npm audit` and ensure you are not introducing new vulnerabilities
 - [ ] Do due diligence on new 3rd party libraries, checking for CVEs
 - [ ] Don't allow user-uploaded images to be served from the Dockstore domain
+- [ ] If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.
+- [ ] Check whether this PR disables tests. If it legitimately needs to disable a test, create a new ticket to re-enable it in a specific milestone. 

.github/dependabot.yml

@@ -6,6 +6,8 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    reviewers:
+      - "dockstore/dockstore"
 
   # Maintain dependencies for npm 
   - package-ecosystem: "npm"
@@ -14,3 +16,5 @@ updates:
       interval: "daily"
     # start with security updates only https://stackoverflow.com/a/68254421
     open-pull-requests-limit: 0  
+    reviewers:
+      - "dockstore/dockstore"  

.github/workflows/codeql.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "develop", hotfix/*, master, release/*, feature/** ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "develop", hotfix/*, master, release/* ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'typescript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.gitignore

@@ -27,6 +27,7 @@ openapi-generator-cli-3.3.1.jar
 .settings/
 *.sublime-workspace
 .jsbeautifyrc
+git-secrets-1.3.0/
 
 # IDE - VSCode
 .vscode/*

.nvmrc

@@ -1 +1 @@
-v16.14.0
+v18.12.1