Merge pull request #203 from Cofinity-X/chore/main_with_10.7.0

Chore/main with 10.7.0

.github/codeql/codeql-config.yml

@@ -30,3 +30,4 @@ paths-ignore:
   - frontend/src/tests
   - '**/*.spec.ts'
   - frontend/src/mockServiceWorker.js
+  - tx-backend/src/main/resources/application-integration-spring-boot.yml

.github/workflows/e2e-tests-xray_frontend.yml

@@ -46,10 +46,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Use Node.js 18.x
+      - name: Use Node.js 20.x
         uses: actions/setup-node@v4
         with:
-          node-version: 18.x
+          node-version: 20.x
 
       - name: Run yarn install
         uses: Borales/actions-yarn@v5
@@ -71,6 +71,7 @@ jobs:
           name: cypress - e2e
           if-no-files-found: error
           path: frontend/cypress/e2e
+          overwrite: true
 
   cypress-run-chrome:
     timeout-minutes: 15
@@ -95,10 +96,10 @@ jobs:
           name: cypress - e2e
           path: frontend/cypress/e2e
 
-      - name: Use Node.js 18.x
+      - name: Use Node.js 20.x
         uses: actions/setup-node@v4
         with:
-          node-version: 18.x
+          node-version: 20.x
 
       - name: Cypress run all tests
         uses: cypress-io/[email protected] # use the explicit version number

.github/workflows/helm-chart-release.yaml

@@ -68,7 +68,7 @@ jobs:
           git config user.email "[email protected]"
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.10.0
 

.github/workflows/helm-test.yaml

@@ -71,7 +71,7 @@ jobs:
           tags: ${{ env.REGISTRY }}/${{ env.APP_FRONTEND_NAME }}:${{ env.TAG }}
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.9.3
 

.github/workflows/helm-upgrade.yaml

@@ -36,7 +36,7 @@ jobs:
         uses: container-tools/kind-action@v2
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.9.3
 

.github/workflows/publish-documentation.yaml

@@ -37,7 +37,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Graphviz
-        uses: ts-graphviz/setup-graphviz@v1
+        uses: ts-graphviz/setup-graphviz@v2
 
       - name: Set up JDK 17
         uses: actions/setup-java@v4

.github/workflows/publish-swagger-hub.yml

@@ -0,0 +1,54 @@
+name: "Publish OpenAPI to Swaggerhub"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        description: Version that will be published to Swaggerhub
+        type: string
+
+jobs:
+  swagger-api:
+    runs-on: ubuntu-latest
+    env:
+      SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
+      SWAGGERHUB_USER: ${{ secrets.SWAGGERHUB_USER }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+
+      - name: Install Swagger CLI
+        run: |
+          npm i -g swaggerhub-cli
+
+      - name: Extract versions
+        run: |
+          export VERSION="${{ inputs.version }}"
+          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
+
+      # create API, will fail if exists
+      - name: Create API
+        continue-on-error: true
+        run: |
+          swaggerhub api:create ${{ env.SWAGGERHUB_USER }}/trace-x/${{ env.VERSION }} -f tx-backend/openapi/traceability-foss-backend.json --visibility=public --published=unpublish
+
+      # Post the API to SwaggerHub as "unpublished", because published APIs cannot be overwritten
+      - name: Publish API Specs to SwaggerHub
+        run: |
+          if [[ ${{ env.VERSION }} != *-SNAPSHOT ]]; then
+            echo "[INFO] - no snapshot, will set the API to 'published'";
+            swaggerhub api:update ${{ env.SWAGGERHUB_USER }}/trace-x/${{ env.VERSION }} -f tx-backend/openapi/traceability-foss-backend.json --visibility=public --published=publish
+            swaggerhub api:setdefault ${{ env.SWAGGERHUB_USER }}/trace-x/${{ env.VERSION }}
+          else
+            echo "[INFO] - snapshot, will set the API to 'unpublished'";
+            swaggerhub api:update ${{ env.SWAGGERHUB_USER }}/trace-x/${{ env.VERSION }} -f tx-backend/openapi/traceability-foss-backend.json --visibility=public --published=unpublish
+          fi

.github/workflows/pull-request_backend.yml

@@ -48,6 +48,34 @@ jobs:
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
           review-message: "Please add a short description of the feature/fix to the Changelog.md."
+  Check-Pom-for-snapshot-versions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Check pom for -SNAPSHOT
+        id: pom-version
+        run: |
+          snapshot_count_root_pom=$(sed -n '/<properties>/,/properties>/p' pom.xml | grep -o '\-SNAPSHOT' | wc -l)
+          if (( $snapshot_count_root_pom > 1 )); then
+            echo "pom_changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "pom_changed=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Review Comment
+        uses: ntsd/auto-request-changes-action@v3
+        if: steps.pom-version.outputs.pom_changed == 'true'
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          review-message: "Please remove -SNAPSHOT from property versions. You can find them in pom.xml(tx-root)."
+
+      - name: Print environment variables
+        id: print-env-vars
+        run: |
+          echo ${{steps.pom-version.outputs.pom_changed}}
+
 
   Test-and-Sonar:
     permissions:

.github/workflows/release.yaml

@@ -17,42 +17,42 @@ jobs:
         run: echo HELM_VERSION=$(cat charts/traceability-foss/CHANGELOG.md | sed -n 's/.*\[\([0-9]\+\.[0-9]\+\.[0-9]\+\)\].*/\1/p' | head -n 1) >> $GITHUB_ENV
 
       - name: Update Chart.yaml appVersion
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/traceability-foss/Chart.yaml
 
       - name: Update Chart.yaml version
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/traceability-foss/Chart.yaml
 
       - name: Update frontend dependency version in Chart.yaml
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.dependencies[0].version = "${{ env.HELM_VERSION }}"' charts/traceability-foss/Chart.yaml
 
       - name: Update backend dependency version in Chart.yaml
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.dependencies[1].version = "${{ env.HELM_VERSION }}"' charts/traceability-foss/Chart.yaml
 
       - name: Update frontend version in frontend/Chart.yaml
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/traceability-foss/charts/frontend/Chart.yaml
 
       - name: Update frontend appVersion in frontend/Chart.yaml
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/traceability-foss/charts/frontend/Chart.yaml
 
       - name: Update backend version in backend/Chart.yaml
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/traceability-foss/charts/backend/Chart.yaml
 
       - name: Update backend appVersion in frontend/Chart.yaml
-        uses: mikefarah/yq@v4.40.5
+        uses: mikefarah/yq@v4.42.1
         with:
           cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/traceability-foss/charts/backend/Chart.yaml
 
@@ -87,7 +87,7 @@ jobs:
           echo "$EOF" >> "$GITHUB_ENV"
 
       - name: Create Trace-X Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           body: ${{ env.CHANGELOG }}
 
@@ -98,3 +98,14 @@ jobs:
     with:
       version: ${{ github.ref_name }}
     secrets: inherit
+
+  publish-to-swaggerhub:
+    name: "Publish OpenAPI spec to Swaggerhub"
+    permissions:
+      contents: read
+    needs:
+      - release
+    uses: ./.github/workflows/publish-swagger-hub.yml
+    with:
+      version: ${{ github.ref_name }}
+    secrets: inherit

.github/workflows/trivy.yml

@@ -74,7 +74,7 @@ jobs:
         run: docker build -t localhost:5000/traceability-foss:fe_${{ github.sha }} -f ./frontend/Dockerfile .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.17.0
+        uses: aquasecurity/trivy-action@0.18.0
         with:
           trivyignores: "./.github/workflows/.trivyignore"
           image-ref: 'localhost:5000/traceability-foss:fe_${{ github.sha }}'
@@ -134,7 +134,7 @@ jobs:
           ref: ${{needs.prepare-env.outputs.check_sha}}
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.17.0
+        uses: aquasecurity/trivy-action@0.18.0
         with:
           trivyignores: "./.github/workflows/.trivyignore"
           scan-type: "config"
@@ -180,7 +180,7 @@ jobs:
           tags: localhost:5000/traceability-foss:trivy
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.17.0
+        uses: aquasecurity/trivy-action@0.18.0
         with:
           image-ref: localhost:5000/traceability-foss:trivy
           trivyignores: "./.github/workflows/.trivyignore"

CHANGELOG.md

@@ -5,12 +5,74 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+_**For better traceability add the corresponding GitHub issue number in each changelog entry, please.**_
+
 ## [UNRELEASED - DD.MM.YYYY]
+
+## [10.7.0 - 18.03.2024]
+
 ### Added
+- #421 Added contract agreement view
+- #515 Service Unavailable Response on Notification failure
+- #536 Added import state PUBLISHED_TO_CORE_SERVICES in frontend
+- #420 add /contracts api to fetch contract agreement information from EDC for assets
+- #423 Notification will be created/persisted in case of a edc notification
+- Added a step to the pull-request-backend.yml which checks if the pom.xml(root) properties have some versions ending with -SNAPSHOT
+- Added a PostConstruct method in PolicyStartUpConfig to allow Integration tests to run without errors in stack traces.
+- #536 added new ImportState to asset PUBLISHED_TO_CORE_SERVICES indicating edc assets and dtr shells were created for given asset
+- #536 added cron job responsible to publish assets in PUBLISHED_TO_CORE_SERVICES import state to edc and dtr
+- #652 add GitHub action to publish Swagger to Swaggerhub
 
 ### Changed
+- Updated RELEASE.md to the latest release guide (added more steps)
+- #515 Fixed notification toast click area
+- #625 increased height of tables
+- #423 Moved errorMessages from investigation/alert to notification list
+- Updated COMPATIBILITY.md matrix adding release C-X 24.3 and 23.12
+- #536 rework /policies to respond with policies from the IRS policy store
+- #536 sync assets logic was adjusted to create IRS jobs only for assets that are not in TRANSIENT or IN_SYNC states
+- #536 Updated Arc42 documentation and user-manual with publish assets informations
+- Bumped softprops/action-gh-release from v1 to v2
+- Bumped azure/setup-helm from v3 to v4
+- Bumped aquasecurity/trivy-action from 0.17.0 to 0.18.0
+- Bupped cucumber-bom from 7.12.1 to 7.15.0
+- Bumped jetbrains-annotation from 24.0.1 to 24.1.0
+- Bumped commons-logging from 1.2 to 1.3.0
+- Bumped shedlock from 5.11.0 to 5.12.0
+- Overridden transitive commons-compress version by 1.26.1 to fix CVE-2024-26308
+- Overridden transitive commons-codec version by 1.16.1 to fix CVE-2024-26308
+- Update irs-registry-client from version 1.6.0-SNAPSHOT to 1.6.0
+- Updated review-message for check pom for -SNAPSHOT workflow
+- Changed base image from eclipse-temurin:17-jre-alpine to eclipse-temurin:21-jre-alpine
+- Changed build image from maven:3-openjdk-17-slim to maven:3-openjdk-18-slim
+- #742 rework test management strategy for frontend and backend part
+
+### Removed
+- #625 Removed the header and breadcrumbs section from app layout
+
+## [10.6.0 - 04.03.2024]
+
+### Added
+- Added concept #638: Contract agreement admin view
+- Added support for meta key for multi sorting on tables
+
+- Added concept #578: Consistent null values
+### Changed
+- Spring-core bumped from 6.0.16 to 6.0.17
+- Updated user manual
+- JSON Schema generation for valid submodel mapping
+- Added support for meta key for multi sorting on tables
+- Added error description and retry button to error toast when creating notifications
+- Bumped version mikefarah/[email protected] to mikefarah/[email protected]
+- Bumped version lombok from 1.18.28 to 1.18.30
+- Bumped version ts-graphviz/setup-graphviz@v1 to ts-graphviz/setup-graphviz@v2
+- Bumped version Schedlock 5.10.0 to 5.11.0
+- updated yarn.lock file
+- [#542](https://github.com/eclipse-tractusx/traceability-foss/issues/542) Fixed bug where it where filter was reset when sorting in other parts table
 
 ### Removed
+- Removed EDC notification asset classes and replaced with IRS lib implementation
+- [#528](https://github.com/eclipse-tractusx/traceability-foss/issues/528) Removed sorting tooltip on quality incidents tables on dashboard page
 
 ## [10.5.0 - 22.02.2024]