-
Notifications
You must be signed in to change notification settings - Fork 89
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/main' into chore/update-product-…
…page
- Loading branch information
Showing
1,412 changed files
with
82,524 additions
and
47,977 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| #******************************************************************************** | ||
| # Copyright (c) 2024 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License, Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0. | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
| # License for the specific language governing permissions and limitations | ||
| # under the License. | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| #*******************************************************************************/ | ||
|
|
||
| name: "TruffleHog" | ||
|
|
||
| on: | ||
| push: | ||
| branches: ["main"] | ||
| pull_request: | ||
| # The branches below must be a subset of the branches above | ||
| branches: ["main"] | ||
| schedule: | ||
| - cron: "0 0 * * *" # Once a day | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| id-token: write | ||
| issues: write | ||
|
|
||
| jobs: | ||
| ScanSecrets: | ||
| name: Scan secrets | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # Ensure full clone for pull request workflows | ||
|
|
||
| - name: TruffleHog OSS | ||
| id: trufflehog | ||
| uses: trufflesecurity/trufflehog@7e78ca385fb82c19568c7a4b341c97d57d9aa5e1 | ||
| continue-on-error: true | ||
| with: | ||
| path: ./ # Scan the entire repository | ||
| base: "${{ github.event.repository.default_branch }}" # Set base branch for comparison (pull requests) | ||
| extra_args: --filter-entropy=4 --results=verified,unknown --debug | ||
|
|
||
| - name: Scan Results Status | ||
| if: steps.trufflehog.outcome == 'failure' | ||
| run: exit 1 # Set workflow run to failure if TruffleHog finds secrets |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| --- | ||
| slug: security-office-hour-2024-06-20 | ||
| title: Security Office Hour 2024-06-20 | ||
| authors: | ||
| - rohan_krishnamurthy | ||
| tags: [security, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Security Office Hour meeting minutes | ||
|
|
||
| ### Announcements | ||
|
|
||
| - Reminder about former GitHub Organisation Catenax-ng | ||
| - Reminder to remove any test credentials/sensitive that are present in Catenax-ng | ||
| - Reminder to look for the results of the security scans after migration to Eclipse Tractus-x |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| --- | ||
| slug: security-office-hour-2024-07-04 | ||
| title: Security Office Hour 2024-07-04 | ||
| authors: | ||
| - rohan_krishnamurthy | ||
| tags: [meeting-minutes, security] | ||
| --- | ||
|
|
||
| ## Security Office Hour meeting minutes | ||
|
|
||
| ### Announcements | ||
|
|
||
| - Gitguardian tool for secret scanning will be replaced by TruffleHog. This will be used in parallel with Github's native secret scanning tool. | ||
| - Trivy workflow has been updated to address the failure of workflows | ||
| - Announcement of Security handover during the committer round |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| slug: community-office-hour-2024-07-05 | ||
| title: Community Office Hour 2024-07-05 | ||
| authors: | ||
| - rohan_krishnamurthy | ||
| tags: [community, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Office Hour meeting minutes | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| - Info from Test / Infrastructure Management CX Association by [Harald](https://github.com/ds-hzimmer): | ||
| - SAP DIM follow up meeting with on 8.7.2024 together with Christian Lahmer (SAP) and Evelyn Gurschler and DoubleSlash Net-Business GmbH | ||
| - Work-in-progress with SDE team and importing of test cases | ||
| - Access is currently limited –> would be great to make it accessible and available within Tractus-X | ||
| - [Tomasz](https://github.com/tomaszbarwicki) - Presented about how do you need to publish your API using .tractusx metafile and publish via GitHub pages - [API Hub](https://github.com/eclipse-tractusx/api-hub). | ||
|
|
||
| ### Security team | ||
|
|
||
| - Info from security team by [Rohan](https://github.com/RoKrish14): | ||
| - Reminder about replacement of GitGuardian with TruffleHog, see according pull request to update TX release guideline: [#950](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/950) | ||
| - Reminder about updates to Trivy workflow , see according pull request to update TX release guideline: [#949](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/949) | ||
| - Reminder about about absence of security team members from August 2024 | ||
| - Security tools walkthrough in the Committers Meeting of July 5, 2024 (about 20 minutes) - [Rohan](https://github.com/RoKrish14) will announce the walkthrough next week on the TX mailing list while sending out a reminder for the meeting | ||
|
|
||
| ### FOSS | ||
|
|
||
| - Don't forget to update the legal docs!! Close the tickets in your repositories if its done: [eclipse-tractusx/sig-infra#477](https://github.com/eclipse-tractusx/sig-infra/issues/477) | ||
|
|
||
| ### Open planning / community | ||
|
|
||
| - Info by community manager [Stephan](https://github.com/stephanbcbauer) about the Tractus-X/Catena-X working model and the refinement phase for the 24.12 release | ||
| - [Registration](https://eveeno.com/126949167) is open for the Third Eclipse Tractus-X Community Days on December 05 and 06, 2024, ARENA2036 in Stuttgart! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| --- | ||
| slug: community-office-hour-2024-07-26 | ||
| title: Community Office Hour 2024-07-26 | ||
| authors: | ||
| - matbmoser | ||
| tags: [community, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Office Hour meeting minutes | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| - @SebastianBezold -> Wednesday (31.07.2024) the Catena-NG will be deleted! No more access to the consortia environment will be allowed! | ||
| - Friendly reminder from @matbmoser: copy the configuration from the consortia environment argo, so you dont loose it, for the association env;) | ||
| - @hzierer -> Most of E2E Tests are already passed! Great job everyone! | ||
| - @matbmoser -> Don't forget to document the Quality Gate tickets! | ||
| - System team is leaving in wednesday! The participants that will not act as committers please or remove yourself from the list, or contact a project lead. Thank you for you wonderful hard work! | ||
|
|
||
| ### Security team | ||
|
|
||
| - @RoKrish14 -> TRG for truffelhog is in review https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/950! | ||
| - Example Workflow: https://github.com/RoKrish14/puris/blob/test/.github/workflows/trufflehog.yml | ||
|
|
||
| - @RoKrish14 announce that he is leaving wednesday the project! Thank you for you wonderful hard work too! | ||
|
|
||
| - @matbmoser -> We need to start a discussion and an action plan to solve the vulnerabilities in the eclipse-tractusx.github.io webpage repository. (Transfered to Committer Meeting) | ||
|
|
||
| ### FOSS | ||
|
|
||
| - Open Project Lead election for Mathias Brunkow Moser, if you are a committer please vote: https://projects.eclipse.org/projects/automotive.tractusx/elections/election-mathias-brunkow-moser-eclipse-tractus-x-0 | ||
|
|
||
| - @matbmoser -> New TRG 9 for UI/UX Styleguideline compliance: https://eclipse-tractusx.github.io/docs/release/trg-9/trg-9-01! | ||
| - If you don't agree with something or want an improvement please open a PR with the changes! The Tractus-X community will support you :) | ||
|
|
||
| ### Open planning / community | ||
|
|
||
| - Quality Gates and E2E phase is finishing today (26.07.2024). Make sure to keep your QG tickets updated and | ||
| - @agg3fe -> The TRG checklist is outdated | ||
| - @matbmoser -> I have created a PR to update the list: https://github.com/eclipse-tractusx/.github/pull/27 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| slug: community-office-hour-2024-08-02 | ||
| title: Community Office Hour 2024-08-02 | ||
| authors: | ||
| - tom-rm-meyer-ISST | ||
| tags: [community, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Office Hour meeting minutes | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| - Discussion on catenax-ng | ||
| - @matbmoser: please cross-check your own repository, if you reference it! | ||
| - @lgblaumeiser: we noticed that the R24.03 MIW needs catenax-ng resources. It temporarily stays up. (see [issue](https://github.com/eclipse-tractusx/managed-identity-wallet/issues/342)) | ||
| - Consortia teams are gone. Thanks, it was a pleasure! | ||
|
|
||
| ### Security team | ||
|
|
||
| - @matbmoser: Please do check for your security issues on the tab. High and critical issues need to be fixed. We should check this on high level / project level regularly in this meeting | ||
| - @tom-rm-meyer-ISST: For Truffle Hog, make sure that the workflow runs before merging. (see [e.g.](eclipse-tractusx/puris#531)) | ||
|
|
||
| ### FOSS | ||
|
|
||
| - @AngelikaWittek is gone. Thanks for your work! | ||
|
|
||
| ### Open planning / community | ||
|
|
||
| - @stephanbcbauer: | ||
| - Refinement Phase went well overall. Committers please join the planning meetings. | ||
| - Some QGates are still open, please check. | ||
| - Review together the [release preparation](https://github.com/eclipse-tractusx/tractus-x-release/pull/34) | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| --- | ||
| slug: community-office-hour-2024-07-26 | ||
| title: Community Office Hour 2024-07-26 | ||
| authors: | ||
| - arno_weiss | ||
| tags: [community, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Office Hour meeting minutes | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| - @ds-hzimmer will continue to report from the monthly infrastructure updates that are to happen every month's last sunday. | ||
| - product teams will have to check their deployments after that | ||
|
|
||
| ### Security team | ||
|
|
||
| - Trufflehog has now officially replaced GitGuardian as secret-scanning tool for Eclipse Tractus-X. [This is encoded by TRG8.03](https://eclipse-tractusx.github.io/docs/release/trg-8/trg-8-03) | ||
| - @ds-hzimmer reports about the sporadic use of the current sonarcloud instance for Eclipse Tractus-X. There's no TRG for it. It's unclear what additional benefit it will bring to those tools that are backed up with TRGs (Trufflehog, trivy, codeql). | ||
|
|
||
| ### Q&A | ||
|
|
||
| - @tom-rm-meyer-ISST reports issues with the tls provider which will be checked with the infrastructure team. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| slug: community-office-hour-2024-10-11 | ||
| title: Community Office Hour 2024-10-11 | ||
| authors: | ||
| - theresa_hilger | ||
| tags: [community, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Office Hour meeting minutes | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| - [eclipse-tractusx/eclipse-tractusx.github.io](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io) requires just One Committer Review now | ||
| - Committers that approve: Please double-check the content, remember you have also responsibility when approving non TRG compliant content | ||
| - Expectation for KITs: It should be less stressful to find a committer | ||
| - Setup Catena-X STABLE Environment | ||
| - Organizational issue that’s why the stable is not there right now but they are working on it | ||
| - Questions: Will the STABLE environment stick to the released version or will it evolve with the development of the components? | ||
| - Planned general infrastructure maintenance INT environment 2024-09-29 | ||
| - 24.12 e2e test phase on INT environment still planned to start 25.10. as communicated in adapted timeline | ||
|
|
||
| ### Release Management | ||
|
|
||
| - EDC 0.8.0 to be used during e2e testing. | ||
| - The upcoming Eclipse Tractus-X 24.12 release will include EDC version 0.8.0. | ||
| - If your component relies on the Eclipse DataspaceConnector (EDC), we highly encourage you to align your development and testing efforts with this version to ensure compatibility. | ||
| - Reminder for Refinement Day 1: 16.10 | ||
| - Each group will focus on the first steps of skeleton-building for their features, based on the feature template, mapping them to the related roadmap items | ||
| - For more information please read the [news blog](https://eclipse-tractusx.github.io/blog/refinement-day-1-R25.03) | ||
| - Reminder for Refinement Day 2: 06.11 | ||
| - Build on the work from Refinement Day 1 and focus primarily on the identified dependencies | ||
| - For more information, please read the [news blog](https://eclipse-tractusx.github.io/blog/refinement-day-2-R25.03) | ||
|
|
||
| ### Security | ||
|
|
||
| - [Trufflehog Update] Deprecation of GitGuardian and mandatory update to Trufflehog | ||
| - Please update your repositories | ||
| - There are still many issues opened and waiting to be resolved by their responsible committer | ||
| - [Parent Issue](https://github.com/eclipse-tractusx/sig-security/issues/86) | ||
| - The Trufflehog Workflow is a active [TRG](https://eclipse-tractusx.github.io/docs/release/trg-8/trg-8-03/) since March 26,2024 | ||
|
|
||
| ### FOSS | ||
|
|
||
| - TRG proposal for product deprecation including a process and criteria to close [Issue #1037](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/issues/1037) | ||
| - Please review and provide some input | ||
|
|
||
| ### Feedback / Question / Request | ||
|
|
||
| - Add Testmanagement timeline into timeline of the overall release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| --- | ||
| slug: community-office-hour-2024-10-18 | ||
| title: Community Office Hour 2024-10-18 | ||
| authors: | ||
| - lgblaumeiser | ||
| tags: [community, meeting-minutes] | ||
| --- | ||
|
|
||
| ## Office Hour meeting minutes | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| - Test Environments: | ||
| - Currently a blocking issue is with SAP. They want to do a change in the DIF deployment and we are blocked by that. Target for the change is early next week. This involves both STABLE and INT environment. | ||
| - It is important that we can start with the deployment for the e2e test of 24/12 on INT, there are school holidays in southern Germany between Oct., 28th and Nov., 1st, so deployment is constrained in time. | ||
| - The INT environment has to be wiped to start from scratch with the deployment for 24/12. | ||
| - Doubleslash will provide information on how to proceed next week. | ||
|
|
||
| ### Release Management | ||
|
|
||
| - EDC 0.8.0 to be used during e2e testing. There will be a RC5 early next week, that should be used as a start for e2e testing | ||
| - Release check issues are due on Oct. 18th for release 24/12 | ||
|
|
||
| ### FOSS | ||
|
|
||
| - Sources of pictures: Do we need to regulate the availability of sources for binary pictures, as there are pictures in the website repo without editable sources. | ||
| - There is already a TRG that specifies the handling of pictures. It should be controlled better by committers. | ||
| - Concerning intermediate releases, especially bugfix releases that need to be done in Tractus-X during a operating cycle. There is a task to make a proposal on how to handle the situation from Eclipse Tractus-X perspective. | ||
| - Deprecation of Repos. The regulation in TRG 7.09 is currently reworked to be more precise. | ||
| - Discussion on a TRG about testing. | ||
| - Doubleslash prepares a TRG concerning automated testing | ||
| - Some repositories use SonarCloud and code coverage measurements there | ||
| - General openness towards a new trial on some specs concering testing | ||
|
|
||
| ### Community/Open Planning | ||
|
|
||
| - Files like presentations done during Open Planning are currently not provided in Open Source. The proposal is to store such files in the already existing large files repository attached to the webpage repo. | ||
| - Open Meetings page has been enhanced, there are now relevant links like to the task board that is relevant and related release timelines | ||
| - Regular New Joiner meeting was canceled. If a session is needed, it needs to be requested |
Oops, something went wrong.