Merge branch 'main' into feature/add-k8s-endpoint

finos · May 10, 2024 · f5e8592 · f5e8592
2 parents bdbd98a + f22ad75
commit f5e8592
Show file tree

Hide file tree

Showing 109 changed files with 11,959 additions and 7,786 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,15 @@
+{
+	"image": "mcr.microsoft.com/devcontainers/universal:2",
+	"features": {
+		"ghcr.io/devcontainers-contrib/features/maven-sdkman:2": {
+			"version": "latest",
+			"jdkVersion": "latest",
+			"jdkDistro": "open"
+		},
+		"ghcr.io/devcontainers-contrib/features/mvnd-sdkman:2": {
+			"version": "latest",
+			"jdkVersion": "latest",
+			"jdkDistro": "open"
+		}
+	}
+}
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,9 +1,11 @@
 * @finos-labs/architecture-as-code-maintainers
 
-/calm/ @rocketstack-matt @yt-ms @jpgough-ms @dc-ms
+/calm/ @finos-labs/architecture-as-code-maintainers
 
-/spectral/ @willosborne
+/cli/ @aidanm3341 @lbulanti-ms @willosborne @grahampacker-ms @jpgough-ms
 
-/visualizer/ @aidanm3341
+/spectral/ @willosborne @lbulanti-ms @grahampacker-ms @jpgough-ms
 
-/translator/ @Budlee @matthewgardner
+/translator/ @Budlee @matthewgardner @jpgough-ms
+
+/visualizer/ @aidanm3341 @Budlee @willosborne
diff --git a/.github/maven-cve-ignore-list.xml b/.github/maven-cve-ignore-list.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
diff --git a/.github/node-cve-ignore-list.xml b/.github/node-cve-ignore-list.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress base="true">
+        <notes><![CDATA[
+        False positive per https://security.snyk.io/package/npm/opener
+        ]]></notes>
+        <packageUrl regex="true">^pkg:npm/opener@.*$</packageUrl>
+        <cpe>cpe:/a:opener_project:opener</cpe>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: json-pointer:0.6.2
+       ]]></notes>
+       <packageUrl regex="true">^pkg:npm/json\-pointer@.*$</packageUrl>
+       <cve>CVE-2022-4742</cve>
+    </suppress>
+</suppressions>
diff --git a/.github/workflows/cli-tests.yml b/.github/workflows/cli-tests.yml
@@ -0,0 +1,31 @@
+name: Build CLI
+
+on:
+  pull_request:
+    branches: 
+      - "main"
+    paths: 
+      - "cli/**"
+  push:
+    branches: 
+      - "main"
+    paths: 
+      - "cli/**"
+
+defaults:
+  run:
+    working-directory: ./cli
+
+jobs:
+  cli-tests:
+    name: Run unit tests and lint
+    runs-on: ubuntu-latest
+    steps:
+      # Check out the repository
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: v20
+      - run: npm ci
+      - run: npm run test
+      - run: npm run lint 
diff --git a/.github/workflows/cve-scanning-maven.yml b/.github/workflows/cve-scanning-maven.yml
@@ -0,0 +1,54 @@
+name: CVE Scanning for Maven
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 8,18 * * 1-5'
+  push:
+    paths:
+      - '**/pom.xml'
+      - '.github/workflows/maven-cve-ignore-list.xml'
+      - '.github/workflows/cve-scanning-maven.yml'
+
+jobs:
+  depchecktest:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: [ '21' ]
+        module-folder: [
+          'translator'
+        ]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java-version }}
+          cache: maven
+          distribution: 'adopt'
+      - name: Build with Maven
+        run: mvn clean install -Dmaven.test.skip=true
+        working-directory: ${{ matrix.module-folder }}
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@main
+        id: Depcheck
+        env:
+          JAVA_HOME: /opt/jdk
+        with:
+          project: '${{ matrix.module-folder }}'
+          path: '${{ matrix.module-folder }}'
+          format: 'HTML'
+          out: '${{ matrix.module-folder }}-reports' # this is the default, no need to specify unless you wish to override it
+          args: >
+            --suppression .github/maven-cve-ignore-list.xml
+            --failOnCVSS 5
+            --enableRetired
+
+      - name: Upload Test results
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: Depcheck report ${{ github.job }} ${{ matrix.module-folder }}
+          path: ${{ github.workspace }}/${{ matrix.module-folder }}-reports
diff --git a/.github/workflows/cve-scanning-node.yml b/.github/workflows/cve-scanning-node.yml
@@ -0,0 +1,54 @@
+name: CVE Scanning for Node.js
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 8,18 * * 1-5'
+  push:
+    paths:
+      - '**/package.json'
+      - '**/package-lock.json'
+      - '.github/workflows/node-cve-ignore-list.xml'
+      - '.github/workflows/cve-scanning-node.yml'
+
+jobs:
+  node-modules-scan:
+    name: ${{ matrix.module-folder }}-node-scan
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    strategy:
+      matrix:
+        module-folder: ['cli', 'docs']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Build project with NPM
+        run: npm install --omit=dev
+        working-directory: ${{ matrix.module-folder }}
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@main
+        id: Depcheck
+        with:
+          project: '${{ matrix.module-folder }}'
+          path: '${{ matrix.module-folder }}'
+          format: 'HTML'
+          out: '${{ matrix.module-folder }}-reports'
+          args: >
+            --suppression .github/node-cve-ignore-list.xml
+            --nodeAuditSkipDevDependencies
+            --nodePackageSkipDevDependencies
+            --failOnCVSS 5
+            --enableRetired
+      - run: |
+          echo `echo UPNAME=${{matrix.module-folder}} | tr '/' '-'` >> $GITHUB_ENV
+        shell: bash
+      - name: Upload Test results
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: Depcheck report ${{ env.UPNAME }}
+          path: ${{ github.workspace }}/${{ matrix.module-folder }}-reports
diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml
@@ -1,4 +1,4 @@
-name: Build Docs for GitHub Pages
+name: Build Docs
 
 on:
   # Triggers the workflow on push or pull request events but only for the "main" branch

diff --git a/.github/workflows/license-scanning-maven.yml b/.github/workflows/license-scanning-maven.yml
@@ -0,0 +1,51 @@
+name: License Scanning for Maven
+
+on:
+  schedule:
+    - cron: '0 8,18 * * 1-5'
+  push:
+    paths:
+      - '**/pom.xml'
+      - '.github/workflows/license-scanning-maven.yml'
+
+env:
+  ALLOW_LICENSES: "'The Apache Software License, Version 2.0' and licenses/license/name!='BSD' and licenses/license/name!='BSD-style license' and licenses/license/name!='Apache License, Version 2.0'"
+  REPORT_PATH: "target/generated-resources/licenses.xml"
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: ['21']
+        module-folder: [
+          'translator'
+        ]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java-version }}
+          cache: maven
+          distribution: 'adopt'
+      - name: Install XQ
+        run: pip install xq
+      - name: Build with Maven
+        run: mvn clean install -Dmaven.test.skip=true
+        working-directory: ${{ matrix.module-folder }}
+      - name: License XML report
+        run: mvn org.codehaus.mojo:license-maven-plugin:2.0.0:download-licenses
+        working-directory: ${{ matrix.module-folder }}
+      - name: Validate XML report
+        run: |
+          LICENSE_REPORT=`xq "//dependency[licenses/license/name!=${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}`
+          LINES_FOUND=`echo $LICENSE_REPORT | wc -l`
+          echo "License issues found ..."
+          if [ $LINES_FOUND -gt 1 ]; then echo $LICENSE_REPORT ; exit -1; fi
+        working-directory: ${{ matrix.module-folder }}
+      - name: Upload license XML reports
+        uses: actions/upload-artifact@v3
+        with:
+          name: license-xml-report
+          path: '${{ matrix.module-folder }}/**/${{ env.REPORT_PATH }}'
diff --git a/.github/workflows/license-scanning-node.yml b/.github/workflows/license-scanning-node.yml
@@ -0,0 +1,31 @@
+name: License Scanning for Node.js
+
+on:
+  schedule:
+    - cron: '0 8,18 * * 1-5'
+  push:
+    paths:
+      - '**/package-json.lock'
+      - '**/package.json'
+      - '.github/workflows/license-scanning-node.yml'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: ['20.x']
+        module-folder: ['cli', 'docs']
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: npm install --omit=dev
+        #       - run: yarn install --production --frozen-lockfile
+        working-directory: ${{ matrix.module-folder }}
+      - run: npm install -g node-license-validator
+        working-directory: ${{ matrix.module-folder }}
+      - run: node-license-validator . --allow-licenses Apache-2.0 MIT BSD-2-Clause BSD BSD-3-Clause Unlicense ISC
+        working-directory: ${{ matrix.module-folder }}
diff --git a/.github/workflows/semgrep-ci.yml b/.github/workflows/semgrep-ci.yml
@@ -0,0 +1,26 @@
+name: Semgrep
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/semgrep-ci.yml
+  schedule:
+    # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+    - cron: '09 15 * * *'
+jobs:
+  semgrep:
+    name: semgrep/ci
+    runs-on: ubuntu-20.04
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+    container:
+      image: semgrep/semgrep
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in to Semgrep
+        run: semgrep login
+      - run: semgrep ci
diff --git a/.github/workflows/spectral-validation.yml b/.github/workflows/spectral-validation.yml
@@ -1,4 +1,4 @@
-name: Run Spectral Validation on all samples
+name: Validation of CALM Samples
 
 on:
   pull_request:
@@ -31,5 +31,5 @@ jobs:
         with:
           node-version: v20
       - run: npm install @stoplight/spectral-cli
-      - run: npx spectral lint --ruleset spectral/calm-validation-rules.yaml 'calm/samples/**/*(*.json|*.yaml)'
+      - run: npx spectral lint --ruleset spectral/instantiation/validation-rules.yaml 'calm/samples/**/*(*.json|*.yaml)'
 
diff --git a/.github/workflows/translator.yml b/.github/workflows/translator.yml
@@ -1,4 +1,4 @@
-name: translator build with maven
+name: Build Translators
 
 on:
   push:

diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,7 @@ docs/contributing.md
 # We use YARN
 website/package-lock.json
 /.idea/
+
+**/.vscode/
+
+node_modules/
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,10 @@
+{
+    "testing.openTesting": "neverOpen",
+    "jest.outputConfig": {
+        "revealOn": "run",
+        "revealWithFocus": "none",
+        "clearOnRun": "none"
+    },
+    "java.compile.nullAnalysis.mode": "automatic",
+    "java.configuration.updateBuildConfiguration": "automatic"
+}