Merge branch 'main' into dependabot/gradle/org.codehaus.plexus-plexus…

…-utils-4.0.1
odpi · Jun 16, 2024 · 266f42c · 266f42c
2 parents b500b9a + 45a2a9e
commit 266f42c
Show file tree

Hide file tree

Showing 1,996 changed files with 31,227 additions and 215,704 deletions.
diff --git a/.github/ISSUE_TEMPLATE/release.yml b/.github/ISSUE_TEMPLATE/release.yml
@@ -20,13 +20,14 @@ body:
         - [ ] Slack post advising of upcoming release & linking to issue
         - [ ] Advance warning in developer/community call
         - [ ] Final agreement to start branch in team call & identification of outstanding issues
-        - [ ] Agree required updates/versions for additional repos including egeria-ui, egeria-reactui, connectors etc
+        - [ ] Agree required updates/versions for additional connector repos etc
 
         Branching & Correcting versions
         - [ ] Create branch (egeria-release-x.y)
         - [ ] Reassign any issues not being worked on to the next release
         - [ ] Update version for main (ie x.y-SNAPSHOT > x.y+1-SNAPSHOT)
         - [ ] Update version for release branch (ie x.y-SNAPSHOT -> x.y)
+        
 
         Final updates to the release
         - [ ] Ensure any remaining fixes are merged into branch (and vice-versa to main)
@@ -35,11 +36,11 @@ body:
         - [ ] Check security scans (ie owasp dependency check)
 
         Generate a release image for testing
-        - [ ] Start [Release](https://github.com/odpi/egeria/actions/workflows/release.yml) pipeline manually to generate container image and stage artifacts on maven central
+        - [ ] Start [Release](https://github.com/odpi/egeria/actions/workflows/release-v5.yml) pipeline manually to generate container image and stage artifacts on maven central.  Remember to select the release branch rather than `main`.
 
 
         Updating the Helm Charts (egeria-charts repo)
-        - [ ] checker correct container images are on [docker.io](https://hub.docker.com/u/odpi) & [quay.io](https://quay.io/organization/odpi) (these are built by the 'merge' build of a release)
+        - [ ] check correct container images are on [docker.io](https://hub.docker.com/u/odpi) & [quay.io](https://quay.io/organization/odpi) (these are built by the 'merge' build of a release)
         - [ ] update image versions for helm charts [egeria-charts](https://github.com/odpi/egeria-charts/) repo (using -prerelease for chart version)
           - check/update the [strimzi chart versions](https://github.com/strimzi/strimzi-kafka-operator/releases)
           - check/update supported kafka version used for the strimzi CR in each chart
@@ -53,7 +54,7 @@ body:
         - [ ] Verify egeria-base chart (pods active/ready)
         - [ ] Check notebooks (config, start, data catalog at a minimum)
         - [ ] Check Egeria UI (only possible to check it runs and run UI lab)
-        - [ ] Check React UI (rex, tex, glossary author). Some of the steps descibed [here](https://egeria-project.org/education/egeria-dojo/running-egeria/user-interfaces/ecosystem-ui/ecosystem-ui-start/)
+        - [ ] Check React UI (rex, tex, glossary author). Some of the steps described [here](https://egeria-project.org/education/egeria-dojo/running-egeria/user-interfaces/ecosystem-ui/ecosystem-ui-start/)
         - [ ] Check and validate [CTS results](https://egeria-project.org/guides/operations/kubernetes/charts/cts/)
           - CTS using in-memory
           - CTS using graph
@@ -63,14 +64,14 @@ body:
         - [ ] Update release notes in [egeria-docs](https://github.com/odpi/egeria-docs/tree/main/site/docs/release-notes)
 
         Final build and publish
-        - [ ] Check if the Release pipeline rlease artifacts are shown in staging repo in [OSS Repository Manager](https://oss.sonatype.org/#welcome)
+        - [ ] Check if the Release pipeline release artifacts are shown in staging repo in [OSS Repository Manager](https://oss.sonatype.org/#welcome)
         - [ ] Close staging repo & validate artifacts ok (number, structure, validations) on oss.sonatype.org 
         - [ ] Check 'release' repo on oss.sonatype.org has artifacts
-        - [ ] Release the repo (takes time for the operation to complete and for the arifacts to be visible in maven central repository)
+        - [ ] Release the repo (takes time for the operation to complete and for the artifacts to be visible in maven central repository)
         - [ ] Create final [github release](https://github.com/odpi/egeria/releases) (add link to egeria docs)
         - [ ] Update final versions of egeria-charts to release ie x.y
         - [ ] Publish that release is now shipped via slack #egeria-announce
-        - [ ] Post on egeria-annouce [mailing list](egeria-announce@lists.lfaidata.foundation)
+        - [ ] Post on egeria-announce [mailing list](egeria-announce@lists.lfaidata.foundation)
         - [ ] Additional posts to social media
         - [ ] Communicate to other repo owners ie for connectors so that they can be rebuilt/shipped as needed (Egeria Dev Projects etc.)
 

diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml
diff --git a/.github/workflows/codeql-v5.yml b/.github/workflows/codeql-v5.yml
@@ -0,0 +1,56 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright Contributors to the ODPi Egeria project.
+#
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+---
+name: "CodeQL Analysis v5"
+
+on:
+  push:
+    branches: [main, egeria-release-5*]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [main, egeria-release-5*]
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    if: ${{ github.repository == 'odpi/egeria'}}
+    name: "CodeQL Build v5"
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.0
+      - uses: gradle/wrapper-validation-action@v2
+      - name: Setup Java JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3.25.7
+        with:
+          languages: java
+          queries: security-and-quality
+          ram: 4096
+      - name: Build
+        uses: gradle/gradle-build-action@v3
+        with:
+          # codeQL requires a full before/after build to compare results. Caching can result in action failing
+          #cache-read-only: true
+          cache-disabled: true
+          arguments: -x javadoc -x test build -PskipOpenTypesFVT
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3.25.7
+        with:
+          ram: 4096
diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml