Skip to content

Commit

Permalink
Merge pull request #211 from eclipse-tractusx/release/v1.7.0
Browse files Browse the repository at this point in the history
release(1.7.0): merge release into main
  • Loading branch information
evegufy authored Dec 6, 2023
2 parents aaffde3 + 875026b commit 3167de8
Show file tree
Hide file tree
Showing 13 changed files with 405 additions and 258 deletions.
61 changes: 61 additions & 0 deletions .github/workflows/pullRequest-lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# #############################################################################
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
# #############################################################################

name: "Lint PullRequest"

on:
pull_request_target:
types:
- opened
- edited
- synchronize

jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5

Check warning on line 34 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 34 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 34 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 34 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 34 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 34 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
id: lint_pr_title
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- uses: marocchino/sticky-pull-request-comment@v2

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 39 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
# When the previous steps fail, the workflow would stop. By adding this
# condition you can continue the execution with the populated error message.
if: always() && (steps.lint_pr_title.outputs.error_message != null)
with:
header: pr-title-lint-error
message: |
Hey there and thank you for opening this pull request! 👋🏼
We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
Details:
```
${{ steps.lint_pr_title.outputs.error_message }}
```
# Delete a previous comment when the issue has been resolved
- if: ${{ steps.lint_pr_title.outputs.error_message == null }}
uses: marocchino/sticky-pull-request-comment@v2

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 58 in .github/workflows/pullRequest-lint.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
with:
header: pr-title-lint-error
delete: true
9 changes: 8 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
**/.DS_Store
node_modules
public/documentation/js/lib
public/documentation/js/lib

# Add legal info files during build

public/assets/notice/LICENSE
public/assets/notice/DEPENDENCIES
public/assets/notice/NOTICE.md
public/assets/notice/SECURITY.md
121 changes: 45 additions & 76 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,103 +2,72 @@

New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Assets.

## 1.7.0-RC4
## 1.7.0

### Change

- Portal Version Upgrade
- updated documentation for fixes, changes and news
- added information about PostgresSQL upgrade and recommended upgrade approach
- added table of content
- Technical Documentation
- updated documentation for application monitoring options
- updated documentation about application auditing
- Technical User documentation
- enhanced developer documentation of technical user deletion function
- added technical user credential reset documentation/flow
- dev documentation of new added technical user filters
- Credential Management
- updated end user documentation of allowed file types and size for VC request flow
- added new endpoint in developer documentation regarding requestable credentials
- added end user FAQ
- Technical User Role Definition
- removed 'Connector User' and 'App Tech User'
- updated 'Service Management' to 'Offer Management'
- added 'Semantic Model Management', 'Dataspace Discovery', 'CX Membership Info'
- updated permission assignment (R&R matrix documentation & portal upgrade script provided for portal db)
- Legal information for distributions [TRG 7.05](https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-05/)
- added legal info at build
- updated static template guidelines
- enhanced/updated content for app provider introduction page
- added onboarding service provider introduction page
- added list of standard technical user needed to run the portal application integration with core applications
- updated identity provider connection documentation (developer & end user) for new flow
- enhanced subscription management board (service provider) documentation (developer & end user)
- updated app change process (roles, tenant url, etc.) for developers and end users
- interface contract documentation for 'Clearinghouse' updated with new architecture images and additional details of relevant authentication users and used endpoints
- traceability use case page images and text sections updated for release 23.12
- useCase content file updated
- images linked for traceability useCase exchanged
- added documentation for service account sync
- added table of content to version upgrade
- added documentation for app change documents
- added license notice and image licenses
- added notice to md files in docs and developers directory
- added check for license info headers, footers and files in pr-template
- added data-flow diagram
- added security assessment documentation and removed data-flow diagram (integrated in security assessment)
- moved iam specific documentation to portal-iam repository
- updated documentation for bulk user creation
- updated bpdm interface contract
- updated offer authentication flow
- fixed typos

### Technical Support

- Trivy scan: changed to no failure on high findings, as it should only fail if there is an error/misconfiguration

## 1.7.0-RC3

### Change

- useCase content file updated
- images linked for traceability useCase exchanged
- portal database upgrade documentation updated

### Feature

n/a

### Bugfix

n/a

## 1.7.0-RC2

### Change

- identity provider connection documentation (developer & end user); new flow released
- subscription management board (service provider) documentation enhanced (developer & end user)
- updated technical user role definition
- removal of 'Connector User', 'App Tech User'
- updated 'Service Management' to 'Offer Management'
- added 'Semantic Model Management', 'Dataspace Discovery', 'CX Membership Info'
- permission assignment updated (R&R Matrix documentation & portal upgrade script provided for portal db and
- Interface contract documentation for 'Clearinghouse' updated with new architecture images and additional details of relevant authentication users and used endpoints
- traceability use case page images and text sections updated for release 23.12

### Feature

n/a

### Technical Support

- Portal db - technical user upgrade script provided which need to get executed for upgrade from 1.6.0 to 1.7.0 RC
- Keycloak db - technical user upgrade script provided which need to get executed for upgrade from 1.6.0 to 1.7.0 RC
- Added linter rules and prettify gitHub actions for asset repo and fixed findings
- Service Change Process
- released documentation of 'Service Deactivation'

### Bugfix

- md file linkage

## 1.7.0-RC1

### Change

- Updates static template guidelines
- Enhanced/updated content for app provider introduction page
- Added onboarding service provider introduction page
- Technical Documentation: updated documentation for application monitoring options
- Technical Documentation: updated documentation about application auditing
- Technical User documentation
- enhanced developer docu of technical user deletion function
- added technical user credential reset documentation/flow
- dev documentation of new added technical user filters
- Added list of standard technical user needed to run the portal application integration with core applications
- Updated app change process (roles, tenant url, etc.) for developers and end users
- Credential Management
- updated end user docu of allowed file types and size for VC request flow
- added new endpoint in developer documentation regarding requestable credentials
- added end user FAQ

### Feature

- Service Change Process
- released docu of 'Service Deactivation'
- updated background color used in static page last section
- fixed links in md files

### Technical Support

- Dependencies upgraded
- Moved couple of images from gitHub md files to docs/static image folder/directory

### Bugfix

- Updated background color used in static page last section
- upgraded dependencies
- moved some images referenced in md file from GitHub to docs/static directory
- added linter rules and prettify gitHub actions for asset repo and fixed findings
- Trivy scan: changed to no failure on high findings, as it should only fail if there is an error/misconfiguration
- added pull request linting

## 1.6.1

Expand Down
121 changes: 0 additions & 121 deletions developer/Technical Documentation/Architecture/Data-Flow.md

This file was deleted.

Loading

0 comments on commit 3167de8

Please sign in to comment.