diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml index cd38ef879d3..449584c61e0 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.yml +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -53,4 +53,4 @@ body: validations: required: false - type: markdown - value: "Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/others/contributing) before submitting the PR" + value: "Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/community/contribution) before submitting the PR" diff --git a/.github/ISSUE_TEMPLATE/task.yml b/.github/ISSUE_TEMPLATE/task.yml index b22d923f709..4e46853cead 100644 --- a/.github/ISSUE_TEMPLATE/task.yml +++ b/.github/ISSUE_TEMPLATE/task.yml @@ -39,4 +39,4 @@ body: - type: markdown attributes: value: | - Please read the [Contribution Guideline](https://hertzbeat.com/docs/others/contributing/) before submitting the PR + Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/community/contribution) before submitting the PR diff --git a/.github/ISSUE_TEMPLATE/volunteer.yml b/.github/ISSUE_TEMPLATE/volunteer.yml index 75d58627f10..2729f39b1fe 100644 --- a/.github/ISSUE_TEMPLATE/volunteer.yml +++ b/.github/ISSUE_TEMPLATE/volunteer.yml @@ -30,5 +30,5 @@ body: - type: markdown attributes: value: | - Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/others/contributing/) before submitting the PR + Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/community/contribution) before submitting the PR diff --git a/.github/workflows/backend-build-test-reuse.yml b/.github/workflows/backend-build-test-reuse.yml deleted file mode 100644 index 66b21e0a2d0..00000000000 --- a/.github/workflows/backend-build-test-reuse.yml +++ /dev/null @@ -1,71 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# This workflow will build a Java project with Maven -# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven - -name: Backend CI - -on: - workflow_call: - secrets: - codecov_token: - required: true - workflow_dispatch: - -jobs: - backend-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ./script/ci/github-actions/setup-deps - - - name: Build with Maven - run: mvn clean -B package -Prelease -Dmaven.test.skip=false --file pom.xml - - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v4.0.1 - with: - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true - - - name: Build Image - uses: docker/build-push-action@v3 - with: - context: ./dist - file: ./script/docker/server/Dockerfile - push: false - tags: apache/hertzbeat:test - - - name: Run E2E - run: | - sudo curl -L https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose - sudo chmod u+x /usr/local/bin/docker-compose - - cd e2e - sudo docker-compose version - sudo docker-compose up --exit-code-from testing --remove-orphans - - # upload application logs - - name: Upload logs & API test reports - uses: actions/upload-artifact@v3 - if: always() - with: - name: hz-logs-${{ github.run_id }} - path: | - e2e/logs/ - e2e/report/ diff --git a/.github/workflows/backend-build-test.yml b/.github/workflows/backend-build-test.yml index 410ea2e29c5..18c6b9bceab 100644 --- a/.github/workflows/backend-build-test.yml +++ b/.github/workflows/backend-build-test.yml @@ -40,6 +40,44 @@ on: jobs: backend-build: - uses: ./.github/workflows/backend-build-test-reuse.yml - secrets: - codecov_token: ${{ secrets.CODECOV_TOKEN }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./script/ci/github-actions/setup-deps + + - name: Build with Maven + run: mvn clean -B package -Prelease -Dmaven.test.skip=false --file pom.xml + + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4.0.1 + with: + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true + + - name: Build Image + uses: docker/build-push-action@v3 + with: + context: ./dist + file: ./script/docker/server/Dockerfile + push: false + tags: apache/hertzbeat:test + + - name: Run E2E + run: | + sudo curl -L https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose + sudo chmod u+x /usr/local/bin/docker-compose + + cd e2e + sudo docker-compose version + sudo docker-compose up --exit-code-from testing --remove-orphans + + # upload application logs + - name: Upload logs & API test reports + uses: actions/upload-artifact@v3 + if: always() + with: + name: hz-logs-${{ github.run_id }} + path: | + e2e/logs/ + e2e/report/ + diff --git a/SECURITY.md b/SECURITY.md index effdf692bf0..0dcaf7a8e5e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,12 +1,9 @@ # Security Policy -**[Version Releases](https://github.com/apache/hertzbeat/releases)** +Apache HertzBeat follows the [ASF vulnerability handling process](https://apache.org/security/#vulnerability-handling) ## Supported Versions -Use this section to tell people about which versions of your project are -currently being supported with security updates. - | Version | Supported | |-------------------|--------------------| | Latest Version | :white_check_mark: | @@ -14,6 +11,12 @@ currently being supported with security updates. ## Reporting a Vulnerability -Use this section to tell people how to report a vulnerability. +Please do not file GitHub issues for security vulnerabilities as they are public! + +To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). + +## Extra Information -Please report vulnerability disclosures to `security@apache.org`. +- [Apache HertzBeat Security Model](https://hertzbeat.apache.org/docs/help/security_model) +- [ASF Security](https://www.apache.org/security/) +- [Apache HertzBeat Document](https://hertzbeat.apache.org/docs/) diff --git a/home/docs/help/security_model.md b/home/docs/help/security_model.md index 5e0826a8649..7706b654e57 100644 --- a/home/docs/help/security_model.md +++ b/home/docs/help/security_model.md @@ -33,3 +33,11 @@ Apache HertzBeat supports users to customize collectors to personalize the colle ## Security Constraints in Other Customizations Apache HertzBeat provides a variety of system extension methods and custom capabilities. Users need to pay attention to the security of customizations during use. Of course, all extension capabilities need to be within the scope of authenticated users. + +---- + +## Reporting a Vulnerability + +Please do not file GitHub issues for security vulnerabilities as they are public! + +To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). diff --git a/home/docusaurus.config.js b/home/docusaurus.config.js index 048b0ce55ac..f395b9d2c0f 100644 --- a/home/docusaurus.config.js +++ b/home/docusaurus.config.js @@ -153,7 +153,7 @@ module.exports = { }, { label: 'Security', - href: 'https://www.apache.org/security/', + to: '/docs/help/security_model', }, { label: 'Sponsorship', diff --git a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md index f5b029b624d..0a4bca6d5c2 100644 --- a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md +++ b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md @@ -33,3 +33,11 @@ Apache HertzBeat 支持用户自定义采集器来个性化采集监控指标等 ## 其它自定义下的安全约束 Apache HertzBeat 提供多种系统扩展方式和自定义能力,用户在使用过程中需注意自定义的安全性。当然所有扩展能力都是需在认证用户范围。 + +---- + +## Reporting a Vulnerability + +Please do not file GitHub issues for security vulnerabilities as they are public! + +To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).