Merge pull request #332 from catenax-ng/main

chore/feature:  Cypress login, dependency check

.github/workflows/dependency-check.yml

@@ -67,3 +67,11 @@ jobs:
             ## ‼️ Dependency Check findings ‼️
             One or more high/critical findings have been found during dependency check. Please check the depenency report:
             https://github.com/catenax-ng/tx-traceability-foss/actions/runs/${{ github.run_id }}
+
+      - name: add PR comment
+        uses: mshick/add-pr-comment@v2
+        if: success()
+        with:
+          message: |
+            ## ✅ No Dependency Check findings were found
+

.github/workflows/e2e-tests-xray_frontend.yml

@@ -103,66 +103,18 @@ jobs:
       - name: Cypress run all tests
         uses: cypress-io/github-action@v6.5.0 # use the explicit version number
         with:
-          start: npm start
+          start: npm run start:auth:e2ea
           wait-on: "http://localhost:4200"
           wait-on-timeout: 120
           browser: chrome
           working-directory: frontend
-
-      - name: Submit results to Xray
-        # we don't want to submit results to xray when it was run by PR
-        if: github.event_name != 'pull_request' && (success() || failure())
         env:
-          JIRA_USERNAME: ${{ secrets.ORG_IRS_JIRA_USERNAME }}
-          JIRA_PASSWORD: ${{ secrets.ORG_IRS_JIRA_PASSWORD }}
-        run: |
-          ./scripts/xray-push-test-results.sh
-
-      - name: Archive cypress artifacts
-        if: success() || failure()
-        uses: actions/upload-artifact@v3
-        with:
-          name: cypress generated files - chrome
-          path: |
-            frontend/cypress/videos/
-            frontend/cypress/screenshots/
-
-  cypress-run-firefox:
-    timeout-minutes: 15
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: frontend
-    container:
-      # if you need to change image please make sure use the same version in all places
-      # (here and in cypress/Dockerfile)
-      image: cypress/browsers:node16.16.0-chrome107-ff107-edge
-      options: --user 1001
-    needs: install
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Download the cypress/e2e folder
-        uses: actions/download-artifact@v3
-        with:
-          name: cypress - e2e
-          path: frontend/cypress/e2e
-
-      - name: Use Node.js 18.x
-        uses: actions/setup-node@v3
-        with:
-          node-version: 18.x
-
-      - name: Cypress run all tests
-        uses: cypress-io/github-action@v6.5.0 # use the explicit version number
-        with:
-          start: npm start
-          wait-on: "http://localhost:4200"
-          wait-on-timeout: 120
-          browser: firefox
-          working-directory: frontend
+          CYPRESS_SUPERVISOR_LOGIN: ${{ secrets.TRACE_X_SUPERVISOR_LOGIN }}
+          CYPRESS_SUPERVISOR_PW: ${{ secrets.TRACE_X_SUPERVISOR_PW }}
+          CYPRESS_ADMIN_LOGIN: ${{ secrets.TRACE_X_ADMIN_LOGIN }}
+          CYPRESS_ADMIN_PW: ${{ secrets.TRACE_X_ADMIN_PW }}
+          CYPRESS_USER_LOGIN: ${{ secrets.TRACE_X_USER_LOGIN }}
+          CYPRESS_USER_PW: ${{ secrets.TRACE_X_USER_PW }}
 
       - name: Submit results to Xray
         # we don't want to submit results to xray when it was run by PR
@@ -177,28 +129,83 @@ jobs:
         if: success() || failure()
         uses: actions/upload-artifact@v3
         with:
-          name: cypress generated files - firefox
+          name: cypress generated files - chrome
           path: |
             frontend/cypress/videos/
             frontend/cypress/screenshots/
 
-  cypress-run-webkit:
-    timeout-minutes: 15
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: frontend
-    needs: install
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Download the cypress/e2e folder
-        uses: actions/download-artifact@v3
-        with:
-          name: cypress - e2e
-          path: frontend/cypress/e2e
+ # cypress-run-firefox:
+ #   timeout-minutes: 15
+ #   runs-on: ubuntu-latest
+ #   defaults:
+ #     run:
+ #       working-directory: frontend
+ #   container:
+ #     # if you need to change image please make sure use the same version in all places
+ #     # (here and in cypress/Dockerfile)
+ #     image: cypress/browsers:node16.16.0-chrome107-ff107-edge
+ #     options: --user 1001
+ #   needs: install
+#
+ #   steps:
+ #     - name: Checkout
+ #       uses: actions/checkout@v4
+#
+ #     - name: Download the cypress/e2e folder
+ #       uses: actions/download-artifact@v3
+ #       with:
+ #         name: cypress - e2e
+ #         path: frontend/cypress/e2e
+#
+ #     - name: Use Node.js 18.x
+ #       uses: actions/setup-node@v3
+ #       with:
+ #         node-version: 18.x
+#
+ #     - name: Cypress run all tests
+ #       uses: cypress-io/github-action@v6.5.0 # use the explicit version number
+ #       with:
+ #         start: npm start
+ #         wait-on: "http://localhost:4200"
+ #         wait-on-timeout: 120
+ #         browser: firefox
+ #         working-directory: frontend
+#
+ #     - name: Submit results to Xray
+ #       # we don't want to submit results to xray when it was run by PR
+ #       if: github.event_name != 'pull_request' && (success() || failure())
+ #       env:
+ #         JIRA_USERNAME: ${{ secrets.ORG_IRS_JIRA_USERNAME }}
+ #         JIRA_PASSWORD: ${{ secrets.ORG_IRS_JIRA_PASSWORD }}
+ #       run: |
+ #         ./scripts/xray-push-test-results.sh
+#
+ #     - name: Archive cypress artifacts
+ #       if: success() || failure()
+ #       uses: actions/upload-artifact@v3
+ #       with:
+ #         name: cypress generated files - firefox
+ #         path: |
+ #           frontend/cypress/videos/
+ #           frontend/cypress/screenshots/
+#
+ # cypress-run-webkit:
+ #   timeout-minutes: 15
+ #   runs-on: ubuntu-latest
+ #   defaults:
+ #     run:
+ #       working-directory: frontend
+ #   needs: install
+#
+ #   steps:
+ #     - name: Checkout
+ #       uses: actions/checkout@v4
+#
+ #     - name: Download the cypress/e2e folder
+ #       uses: actions/download-artifact@v3
+ #       with:
+ #         name: cypress - e2e
+ #         path: frontend/cypress/e2e
 
 # commented because if we use it here, we face with that problem:
 # "http://localhost:4200 timed out on retry 151 of 5, elapsed 150449ms, limit 150000ms
@@ -209,38 +216,38 @@ jobs:
 #        with:
 #          node-version: 18.x
 
-      - name: Use Node.js 16.x
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16.x
-
-      # https://docs.cypress.io/guides/guides/launching-browsers#Linux-Dependencies
-      - name: Install additional dependencies
-        run: npx playwright install --with-deps webkit
-
-      - name: Cypress run all tests
-        uses: cypress-io/github-action@v6.5.0 # use the explicit version number
-        with:
-          start: npm start
-          wait-on: "http://localhost:4200"
-          wait-on-timeout: 120
-          browser: webkit
-          working-directory: frontend
-
-      - name: Submit results to Xray
-        # we don't want to submit results to xray when it was run by PR
-        if: github.event_name != 'pull_request' && (success() || failure())
-        env:
-          JIRA_USERNAME: ${{ secrets.ORG_IRS_JIRA_USERNAME }}
-          JIRA_PASSWORD: ${{ secrets.ORG_IRS_JIRA_PASSWORD }}
-        run: |
-          ./scripts/xray-push-test-results.sh
-
-      - name: Archive cypress artifacts
-        if: success() || failure()
-        uses: actions/upload-artifact@v3
-        with:
-          name: cypress generated files - webkit
-          path: |
-            frontend/cypress/videos/
-            frontend/cypress/screenshots/
+ #     - name: Use Node.js 16.x
+ #       uses: actions/setup-node@v3
+ #       with:
+ #         node-version: 16.x
+#
+ #     # https://docs.cypress.io/guides/guides/launching-browsers#Linux-Dependencies
+ #     - name: Install additional dependencies
+ #       run: npx playwright install --with-deps webkit
+#
+ #     - name: Cypress run all tests
+ #       uses: cypress-io/github-action@v6.5.0 # use the explicit version number
+ #       with:
+ #         start: npm start:auth:e2ea
+ #         wait-on: "http://localhost:4200"
+ #         wait-on-timeout: 120
+ #         browser: webkit
+ #         working-directory: frontend
+#
+ #     - name: Submit results to Xray
+ #       # we don't want to submit results to xray when it was run by PR
+ #       if: github.event_name != 'pull_request' && (success() || failure())
+ #       env:
+ #         JIRA_USERNAME: ${{ secrets.ORG_IRS_JIRA_USERNAME }}
+ #         JIRA_PASSWORD: ${{ secrets.ORG_IRS_JIRA_PASSWORD }}
+ #       run: |
+ #         ./scripts/xray-push-test-results.sh
+#
+ #     - name: Archive cypress artifacts
+ #       if: success() || failure()
+ #       uses: actions/upload-artifact@v3
+ #       with:
+ #         name: cypress generated files - webkit
+ #         path: |
+ #           frontend/cypress/videos/
+ #           frontend/cypress/screenshots/

.gitignore

@@ -66,5 +66,5 @@ tslint-report.json
 yarn-error.log
 
 scripts/download/*
-/frontend/cypress/.env.local
-/frontend/cypress/environment/cypress.local.config.js
+/frontend/cypress/environment/cypress.local.config.ts
+/frontend/cypress/e2e/

CHANGELOG.md

@@ -7,7 +7,9 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [UNRELEASED - DD.MM.YYYY]
 ### Added
+- Cypress Login to E2E Environment to enable cypress e2e tests.
 ### Changed
+- Fixed table-settings reset bug
 ### Removed
 
 ## [9.0.0-rc1 - 03.11.2023]
@@ -24,6 +26,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - handling for invalid LocalDate string provided in filterCriteria for date related filtering
 - support for filtering join tables for Specification searchCriteria
 - added PR comment in case of HIGH/CRITICAL dependency check findings
+- Functionality to indicate that no Dependency Check findings occur in a PR
+- Badge to show successful Dependency Check status
 
 ### Changed
 - Updated user manual to reflect the table column settings feature
@@ -41,6 +45,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - changed assetAsBuilt filtering manufacturerId to businessPartner
 - IRS-Client-Lib from 1.2.1-SNAPSHOT to 1.4.0
 - Decoupled dependency check in a separate GitHub action
+- Mitigated Dependency Check findings
 
 ### Removed
 - Removed &filterOperator=AND from filtering requests

DEPENDENCIES_BACKEND

@@ -153,8 +153,12 @@ maven/mavencentral/org.apache.logging.log4j/log4j-api/2.20.0, Apache-2.0, approv
 maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.20.0, Apache-2.0, approved, #8799
 maven/mavencentral/org.apache.mina/mina-core/2.1.6, Apache-2.0, approved, #3289
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.12, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.15, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.12, Apache-2.0, approved, #6997
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.12, Apache-2.0, approved, #7920
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.15, Apache-2.0, approved, #7920
+maven/mavencentral/org.apache.tomcat/tomcat-annotations-api/10.1.12, Apache-2.0, approved, #8196
+maven/mavencentral/org.apache.tomcat/tomcat-annotations-api/10.1.15, Apache-2.0, approved, #8196
 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.aspectj/aspectjweaver/1.9.20, EPL-1.0, approved, tools.aspectj
 maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161
@@ -240,9 +244,10 @@ maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.15, EPL-2.0 OR Apach
 maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
@@ -254,7 +259,7 @@ maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.16, EPL-2.0 OR Apache-2.0
 maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty

README.md

@@ -8,6 +8,7 @@
 [![VeraCode Backend](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_backend.yml/badge.svg)](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_backend.yml)
 [![VeraCode Frontend](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_frontend.yml/badge.svg)](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/veracode_frontend.yml)
 [![Eclipse DASH IP Check](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/eclipse-dash.yml/badge.svg)](https://github.com/eclipse-tractusx/traceability-foss/actions/workflows/eclipse-dash.yml)
+[![[BE] Dependency check](https://github.com/catenax-ng/tx-traceability-foss/actions/workflows/dependency-check.yml/badge.svg)](https://github.com/catenax-ng/tx-traceability-foss/actions/workflows/dependency-check.yml)
 
 ## Trace-X is a system for tracking parts along the supply chain.
 #### A high level of transparency across the supplier network enables faster intervention based on a recorded event in the supply chain. This saves costs by seamlessly tracking parts and creates trust through clearly defined and secure data access by the companies and persons involved in the process.

dependency_check/suppressions.xml

@@ -39,4 +39,43 @@ SPDX-License-Identifier: Apache-2.0
         <sha1>91e1628251cf3ca90093ce9d0fe67e5b7dab3850</sha1>
         <cve>CVE-2023-33201</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: jetty*
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty.*@.*$</packageUrl>
+        <cve>CVE-2023-36478</cve>
+        <cve>CVE-2023-44487</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: jetty-core-0.1.3.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.eclipse\.edc/jetty\-core@.*$</packageUrl>
+        <cve>CVE-2017-7657</cve>
+        <cve>CVE-2017-7658</cve>
+        <cve>CVE-2009-5045</cve>
+        <cve>CVE-2009-5045</cve>
+        <cve>CVE-2017-7656</cve>
+        <cve>CVE-2017-9735</cve>
+        <cve>CVE-2022-2048</cve>
+        <cve>CVE-2023-44487</cve>
+    </suppress>
+
+    <suppress>
+        <notes><![CDATA[
+   file name: jetty-jakarta-websocket-api-2.0.0.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty\-jakarta\-websocket\-api@.*$
+        </packageUrl>
+        <cve>CVE-2017-7657</cve>
+        <cve>CVE-2017-7658</cve>
+        <cve>CVE-2009-5045</cve>
+        <cve>CVE-2017-7656</cve>
+        <cve>CVE-2017-9735</cve>
+        <cve>CVE-2022-2048</cve>
+        <cve>CVE-2020-27216</cve>
+    </suppress>
+
+
 </suppressions>