Merge pull request #182 from Cofinity-X/chore/BA-198_Merge_upstream_1…

…0_05_0

BA-198: Merge upstream (10.5.0) Sprint 1.1

.github/codeql/codeql-config.yml

@@ -22,3 +22,11 @@ query-filters:
       id:
         - java/unused-reference-type
         - java/spring-disabled-csrf-protection
+
+paths-ignore:
+  - frontend/dist
+  - frontend/cypress
+  - frontend/src/app/mocks
+  - frontend/src/tests
+  - '**/*.spec.ts'
+  - frontend/src/mockServiceWorker.js

.github/dependabot.yml

@@ -38,3 +38,8 @@ updates:
       day: "wednesday"
       time: "03:00"
 
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # open-pull-requests-limit: 5

.github/workflows/.trivyignore

@@ -1,2 +1,5 @@
 # ref https://github.com/catenax-ng/product-traceability-foss-backend/security/code-scanning/1419
 CVE-2022-25857
+# ref https://github.com/catenax-ng/tx-traceability-foss/security/code-scanning/6879
+# this is acceptable due to custom environment variable injection script which is executed upon FE container startup
+AVD-KSV-0014

.github/workflows/codeql.yml

@@ -68,20 +68,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'java' ]
+        language: [ 'java', 'javascript' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
@@ -95,17 +89,24 @@ jobs:
           config-file: ./.github/codeql/codeql-config.yml
           queries: +security-and-quality,security-extended
 
-      - name: Cache maven packages
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
-
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
-      #- name: Autobuild
-      #  uses: github/codeql-action/autobuild@v3
+      # - name: Autobuild
+      #   uses: github/codeql-action/autobuild@v3
+
+      - name: Install frontend dependencies
+        if: ${{ matrix.language == 'javascript' }}
+        run: |
+          cd frontend
+          npm install
+
+      - name: Build frontend
+        if: ${{ matrix.language == 'javascript' }}
+        run: |
+          cd frontend
+          npm run build:prod
+        env:
+          baseHrefPlaceholder: placeholder
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -114,7 +115,23 @@ jobs:
       #    and modify them (or add more) to build your code if your project
       #    uses a compiled language
 
+      - name: Set up JDK 17
+        if: ${{ matrix.language == 'java' }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache maven packages
+        if: ${{ matrix.language == 'java' }}
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
       - name: Build Package
+        if: ${{ matrix.language == 'java' }}
         run: |
           mvn clean package -pl tx-models,tx-backend --batch-mode -DskipTests
 

.github/workflows/dependencies.yaml

@@ -46,13 +46,13 @@ jobs:
         run: mvn org.eclipse.dash:license-tool-plugin:license-check -Ddash.summary=DEPENDENCIES_BACKEND
 
       - name: Run install
-        uses: borales/actions-yarn@v4
+        uses: borales/actions-yarn@v5
         with:
           cmd: install
           dir: 'frontend'
 
       - name: Generate FE Dependencies file
-        uses: borales/actions-yarn@v4
+        uses: borales/actions-yarn@v5
         with:
           cmd: run dependencies:generate
           dir: 'frontend'
@@ -76,7 +76,7 @@ jobs:
         if: ${{ env.were_files_changed }} == 'true'
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           add-paths: |
             DEPENDENCIES_BACKEND

.github/workflows/docker-image-main_backend.yml

@@ -111,9 +111,9 @@ jobs:
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.BACKEND_IMAGE_DOCKER_HUB }}
-          readme-filepath: README.md
+          readme-filepath: ./DOCKER_NOTICE.md

.github/workflows/docker-image-main_frontend.yml

@@ -105,12 +105,12 @@ jobs:
           tags: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.FRONTEND_IMAGE_DOCKER_HUB }}:${{ github.sha }}
 
       - name: Update Docker Hub description
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
         with:
           username: ${{ env.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.FRONTEND_IMAGE_DOCKER_HUB }}
-          readme-filepath: README.md
+          readme-filepath: ./frontend/DOCKER_NOTICE.md

.github/workflows/docker-image-tag-release.yaml

@@ -90,12 +90,12 @@ jobs:
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{ env.FRONTEND_IMAGE_DOCKER_HUB }}
-          readme-filepath: README.md
+          readme-filepath: ./frontend/DOCKER_NOTICE.md
 
   Release-docker-image-backend:
     runs-on: ubuntu-latest
@@ -115,7 +115,7 @@ jobs:
           cache: 'maven'
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -164,10 +164,10 @@ jobs:
         env:
           DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
         if: env.DOCKER_HUB_USER != ''
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.DOCKER_HUB_REGISTRY_NAMESPACE }}/${{env.BACKEND_IMAGE_DOCKER_HUB}}
-          readme-filepath: README.md
+          readme-filepath: ./DOCKER_NOTICE.md
 

.github/workflows/e2e-tests-xray_frontend.yml

@@ -52,7 +52,7 @@ jobs:
           node-version: 18.x
 
       - name: Run yarn install
-        uses: Borales/actions-yarn@v4.2.0
+        uses: Borales/actions-yarn@v5
         with:
           cmd: install # will run `yarn install` command
 
@@ -66,7 +66,7 @@ jobs:
         run: ./scripts/xray-download-feature-files.sh
 
       - name: Save cypress/e2e folder
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: cypress - e2e
           if-no-files-found: error
@@ -101,7 +101,7 @@ jobs:
           node-version: 18.x
 
       - name: Cypress run all tests
-        uses: cypress-io/[email protected].0 # use the explicit version number
+        uses: cypress-io/[email protected].1 # use the explicit version number
         with:
           start: npm run start:auth:e2ea
           wait-on: "http://localhost:4200"
@@ -127,7 +127,7 @@ jobs:
 
       - name: Archive cypress artifacts
         if: success() || failure()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: cypress generated files - chrome
           path: |
@@ -163,7 +163,7 @@ jobs:
  #         node-version: 18.x
 #
  #     - name: Cypress run all tests
-  #       uses: cypress-io/[email protected].0 # use the explicit version number
+  #       uses: cypress-io/[email protected].1 # use the explicit version number
  #       with:
  #         start: npm start
  #         wait-on: "http://localhost:4200"
@@ -182,7 +182,7 @@ jobs:
 #
  #     - name: Archive cypress artifacts
  #       if: success() || failure()
- #       uses: actions/upload-artifact@v3
+ #       uses: actions/upload-artifact@v4
  #       with:
  #         name: cypress generated files - firefox
  #         path: |
@@ -226,7 +226,7 @@ jobs:
  #       run: npx playwright install --with-deps webkit
 #
  #     - name: Cypress run all tests
-  #       uses: cypress-io/[email protected].0 # use the explicit version number
+  #       uses: cypress-io/[email protected].1 # use the explicit version number
  #       with:
  #         start: npm start:auth:e2ea
  #         wait-on: "http://localhost:4200"
@@ -245,7 +245,7 @@ jobs:
 #
  #     - name: Archive cypress artifacts
  #       if: success() || failure()
- #       uses: actions/upload-artifact@v3
+ #       uses: actions/upload-artifact@v4
  #       with:
  #         name: cypress generated files - webkit
  #         path: |

.github/workflows/eclipse-dash.yml

@@ -51,7 +51,7 @@ jobs:
 
       - name: upload results
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           path: DEPENDENCIES_FRONTEND
 
@@ -67,7 +67,7 @@ jobs:
           distribution: 'temurin'
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -79,6 +79,7 @@ jobs:
 
       - name: upload results
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           path: DEPENDENCIES_BACKEND
+          overwrite: true

.github/workflows/helm-chart-release.yaml

@@ -81,6 +81,8 @@ jobs:
 
       - name: Run chart-releaser
         uses: helm/[email protected]
+        with:
+          mark_as_latest: false
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_RELEASE_NAME_TEMPLATE: "${{ env.RELEASE_VERSION }}"

.github/workflows/publish-documentation.yaml

@@ -48,45 +48,64 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: 20
 
       - name: Cache maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
+
+      - name: Build API documentation with Maven
+        run: |
+          mvn clean package -pl tx-backend,tx-models -DskipTests --batch-mode
+          cp tx-backend/target/generated-sources/openapi/index.html docs/src/docs/api-specification/index.html
+
       - name: Build with Maven
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
         run: |
           mvn -f docs/pom.xml --batch-mode generate-resources
+
       - name: Install Asciidoctor Reducer
         run: |
           sudo gem install asciidoctor-reducer
+
       - name: Reduce docs
         run: |
           echo $LANG
           locale
           asciidoctor-reducer -o docs/target/adminguide.adoc docs/src/docs/administration/administration-guide.adoc
           asciidoctor-reducer -o docs/target/arc42.adoc docs/src/docs/arc42/full.adoc
+
+      - name: Cache plantuml jar
+        uses: actions/cache@v3
+        with:
+          path: plantuml.jar
+          key: ${{ runner.os }}-file-${{ hashFiles('plantuml.jar') }}
+
       - name: Download PlantUML jar
         run: |
           wget -O plantuml.jar https://sourceforge.net/projects/plantuml/files/plantuml.jar/download
+
       - name: Place PlantUML jar in specific path
         run: |
           mv plantuml.jar docs/src/diagram-replacer/
+
       - name: Extract PNG-Images with PlantUML and replace PlantUML Code inside docs with PNG-Images
         working-directory: docs/src/diagram-replacer/
         run: |
           node extract.js
           node replace.js
+
       - name: Convert to Markdown
         run: |
           npx downdoc -o docs/target/generated-docs/adminguide.md docs/src/diagram-replacer/generated-adocs/adminguide.adoc
           npx downdoc -o docs/target/generated-docs/arc42.md docs/src/diagram-replacer/generated-adocs/arc42.adoc
           npx downdoc -o docs/target/generated-docs/user-manual.md docs/src/docs/user/user-manual.adoc
+
       - name: MD files post-processing
         working-directory: docs/src/post-processing/
         run: |
@@ -95,15 +114,18 @@ jobs:
           node fix_no_emphasis.js
           node fix_https_links.js
           node fix_relative_links.js https://$GITHUB_REPOSITORY_OWNER.github.io/$REPO/docs
+
       - name: MD linting
         run: |
           npm install [email protected]
           npx markdownlint-cli2-config docs/.markdownlint.yaml docs/target/generated-docs/adminguide.md
           npx markdownlint-cli2-config docs/.markdownlint.yaml docs/target/generated-docs/arc42.md
           npx markdownlint-cli2-config docs/.markdownlint.yaml docs/target/generated-docs/user-manual.md
+
       - name: Move assets to target directory
         run: |
           mv docs/src/diagram-replacer/assets/ docs/target/generated-docs/assets/
+
       - name: GitHub Pages action
         uses: peaceiris/[email protected]
         with: