diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cb7efc54..004f4dc5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,18 +9,22 @@ updates: directory: "/" schedule: interval: "monthly" + target-branch: "develop" - package-ecosystem: "github-actions" # See documentation for possible values directory: "/" # Location of package manifests schedule: interval: "weekly" + target-branch: "develop" - package-ecosystem: "docker" # See documentation for possible values directory: "/docker/" # Location of package manifests schedule: interval: "weekly" + target-branch: "develop" - package-ecosystem: "terraform" # See documentation for possible values directory: "/terraform/" # Location of package manifests schedule: interval: "weekly" + target-branch: "develop" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3ab5f5a4..4249f907 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,56 +1,45 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# name: "CodeQL" on: schedule: - - cron: '23 23 * * 0' + - cron: '23 23 * * 0' workflow_dispatch: jobs: analyze: name: Analyze runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write + if: github.actor != 'pdsen-ci' strategy: fail-fast: false matrix: - language: [ 'java' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + # Override automatic language detection by changing the below list + # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] +# language: ['java', 'python'] + language: ['java'] + # Learn more... + # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} - queries: security-and-quality, security-extended - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + languages: ${{ matrix.language }} + queries: security-and-quality, security-extended # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - # - name: Autobuild - # uses: github/codeql-action/autobuild@v2 + - name: Autobuild + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -59,15 +48,8 @@ jobs: # and modify them (or add more) to build your code if your project # uses a compiled language - - - name: ☕ī¸ Set up OpenJDK - uses: actions/setup-java@v3 - with: - distribution: 'adopt' - java-version: 17 - - - run: | - mvn clean install +# - run: | +# mvn clean compile site -DskipTests - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 @@ -91,7 +73,35 @@ jobs: - name: Upload CodeQL Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: codeql-artifacts path: ${{ env.RESULTS_DIR }} + + + sloc-count: + name: SLOC Count + runs-on: ubuntu-latest + if: github.actor != 'pdsen-ci' + steps: + - + name: đŸ’ŗ Checkout + uses: actions/checkout@v4 + with: + lfs: true + fetch-depth: 0 + token: ${{secrets.ADMIN_GITHUB_TOKEN}} + + - + name: Count Lines of Code (cloc) + uses: djdefi/cloc-action@6 + with: + options: --report-file=cloc.md + + + - + name: Upload SLOC + uses: actions/upload-artifact@v4 + with: + name: sloc-count + path: ${{ github.workspace }}/cloc.md diff --git a/.secrets.baseline b/.secrets.baseline index 6e7b836d..375bfb15 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -191,7 +191,7 @@ { "type": "Email Address", "filename": "service/src/main/java/gov/nasa/pds/api/registry/controllers/RegistryApiResponseEntityExceptionHandler.java", - "hashed_secret": "5255a5e4f0743ee4370d492e3e7f8a70c8a572b6", + "hashed_secret": "4fb813c304003b3813b35a85f05b7cb0c3994cc1", "is_verified": false, "line_number": 21, "is_secret": false @@ -218,5 +218,5 @@ } ] }, - "generated_at": "2024-09-05T22:13:10Z" + "generated_at": "2024-11-25T20:57:57Z" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 19936064..542b5c46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ # Changelog -## [release/1.5.0](https://github.com/NASA-PDS/registry-api/tree/release/1.5.0) (2024-09-03) +## [v1.5.0](https://github.com/NASA-PDS/registry-api/tree/v1.5.0) (2024-09-03) -[Full Changelog](https://github.com/NASA-PDS/registry-api/compare/v1.4.1...release/1.5.0) +[Full Changelog](https://github.com/NASA-PDS/registry-api/compare/v1.4.1...v1.5.0) **Requirements:** @@ -50,11 +50,7 @@ ## [v1.4.1](https://github.com/NASA-PDS/registry-api/tree/v1.4.1) (2024-02-29) -[Full Changelog](https://github.com/NASA-PDS/registry-api/compare/release/1.4.1...v1.4.1) - -## [release/1.4.1](https://github.com/NASA-PDS/registry-api/tree/release/1.4.1) (2024-02-29) - -[Full Changelog](https://github.com/NASA-PDS/registry-api/compare/v1.4.0...release/1.4.1) +[Full Changelog](https://github.com/NASA-PDS/registry-api/compare/v1.4.0...v1.4.1) **Defects:** diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0139ef9f..296d8288 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -66,3 +66,5 @@ There are a few steps required to prepare for merging code back into the main br 1. Run all regression checks to make sure changes have re-introduced already fixed bugs. 1. Move from draft to ready for review if in draft mode. 1. Request review. + + diff --git a/service/src/main/java/gov/nasa/pds/api/registry/controllers/RegistryApiResponseEntityExceptionHandler.java b/service/src/main/java/gov/nasa/pds/api/registry/controllers/RegistryApiResponseEntityExceptionHandler.java index a530760b..baec35d7 100644 --- a/service/src/main/java/gov/nasa/pds/api/registry/controllers/RegistryApiResponseEntityExceptionHandler.java +++ b/service/src/main/java/gov/nasa/pds/api/registry/controllers/RegistryApiResponseEntityExceptionHandler.java @@ -18,7 +18,7 @@ public class RegistryApiResponseEntityExceptionHandler extends ResponseEntityExc private String errorDisclaimerHeader = "An error occured.\n"; private String errorDisclaimerFooter = - "For assistance, forward this error message to pds-operator@jpl.nasa.org"; + "For assistance, forward this error message to pds-operator@jpl.nasa.gov"; // TODO refactor code to avoid repeating oneself.