Merge branch 'main' into feature/#344-integration-tests

eclipse-tractusx · Jan 29, 2024 · 33945ee · 33945ee
2 parents a262bab + bd9168f
commit 33945ee
Show file tree

Hide file tree

Showing 461 changed files with 2,379 additions and 1,372 deletions.
diff --git a/.config/checkstyle.xml b/.config/checkstyle.xml
@@ -25,7 +25,8 @@ page at http://checkstyle.sourceforge.net/config.html -->
     <module name="RegexpHeader">
         <property name="fileExtensions" value="java"/>
         <property name="headerFile" value=".config/irs.header"/>
-        <property name="multiLines" value="2, 3, 4, 5, 6"/>
+        <!-- optional lines -->
+        <property name="multiLines" value="2, 3, 4, 5, 6, 7"/>
     </module>
 
     <!-- Checks that there are no tab characters in the file. -->

diff --git a/.config/irs.header b/.config/irs.header
@@ -1,9 +1,10 @@
 ^/\*\*{79}$
-^ \* Copyright \(c\) 2021,2022,2023$
+^ \* Copyright \(c\) 2022,2024$
 ^ \*       2022: ZF Friedrichshafen AG$
 ^ \*       2022: ISTOS GmbH$
-^ \*       2022,2023: Bayerische Motoren Werke Aktiengesellschaft \(BMW AG\)$
+^ \*       2022,2024: Bayerische Motoren Werke Aktiengesellschaft \(BMW AG\)$
 ^ \*       2022,2023: BOSCH AG$
+^ \* Copyright \(c\) 2022,2024 Bayerische Motoren Werke Aktiengesellschaft \(BMW AG\)$
 ^ \* Copyright \(c\) 2021,2024 Contributors to the Eclipse Foundation$
 ^ \*$
 ^ \* See the NOTICE file\(s\) distributed with this work for additional$

diff --git a/.config/owasp-suppressions.xml b/.config/owasp-suppressions.xml
@@ -28,4 +28,11 @@
         <packageUrl regex="true">^pkg:maven/org\.graalvm\.sdk/graal\-sdk@.*$</packageUrl>
         <vulnerabilityName>CVE-2023-22006</vulnerabilityName>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        Only used in tests.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com.jayway.jsonpath/[email protected]$</packageUrl>
+        <vulnerabilityName>CVE-2023-51074</vulnerabilityName>
+    </suppress>
 </suppressions>
diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml
@@ -80,7 +80,8 @@ jobs:
         run: |
           mvn --batch-mode --update-snapshots verify \
           org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-          -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }}
+          -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \
+          -Dcheckstyle.skip -Dpmd.skip=true
 
   build_images:
     strategy:

diff --git a/.gitignore b/.gitignore
@@ -62,3 +62,11 @@ local/testing/api-tests/__pycache__/
 
 ### Cucumber ###
 /irs-cucumber-tests/report.json
+
+### Local documentation build ###
+node_modules
+docs/src/diagram-replacer/generated-adocs
+docs/src/diagram-replacer/package-lock.json
+docs/src/diagram-replacer/package.json
+docs/src/diagram-replacer/plantuml.jar
+
diff --git a/.idea/copyright/IRS.xml b/.idea/copyright/IRS.xml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,14 +6,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-### Changed
+### Added
+- Added helper script for building documentation locally.
 
+### Changed
 - Updated license header to "Copyright (c) 2021,2024 Contributors to the Eclipse Foundation"
+- Changed lookupGlobalAssetIds to lookupShellsByBPN, which provides full object.
+- Suppressed CVE-2024-20932 from graal-sdk-21.2.0.jar because this is not applicable for IRS.
+
+### Fixed
+- Update to Spring Boot 3.1.8. This fixes the following CVEs:
+  - CVE-2023-6378 serialization vulnerability in logback
+  - CVE-2023-51074 json-path v2.8.0 stack overflow
+  - CVE-2024-22233 Spring Framework server Web DoS Vulnerability
 
 ## [4.4.0] - 2024-01-15
 ### Added
 - Added EDR token cache to reuse token after contract negotiation
 - Added cache mechanism in DiscoveryFinderClientImpl for findDiscoveryEndpoints
+- Add concept docs/#322-Provisioning-of-contractAgreementId-for-assets.md
 
 ### Changed
 - Authentication was redesigned to use API keys, instead of OAuth2 protocol. The api key has to be sent as a X-API-KEY request header. IRS is supporting two types of API keys - one for admin and one for regular/view usage. Use new ``apiKeyAdmin`` and ``apiKeyRegular`` config entries to set up API keys.

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,6 +2,16 @@
 
 Thanks for your interest in this project.
 
+# Table of Contents
+1. [Project description](#project-description)
+2. [Developer resources](#developer-resources)
+3. [Eclipse Development Process](#eclipse-development-process)
+4. [Eclipse Contributor Agreement](#eclipse-contributor-agreement)
+5. [General contribution to the project](#general-contribution-to-the-project)
+6. [Contributing as a Consultant](#contributing-as-a-consultant)
+7. [Contributing as a Developer](#contributing-as-a-developer)
+9. [Contact](#contact)
+
 ## Project description
 
 The companies involved want to increase the automotive industry's
@@ -53,7 +63,7 @@ fulfills the DCO's requirement that you sign-off on your contributions.
 For more information, please see the Eclipse Committer Handbook:
 https://www.eclipse.org/projects/handbook/#resources-commit
 
-# Eclipse Dependency License Check
+## Eclipse Dependency License Check
 
 In case of new dependencies or version updates, it might be necessary to have the new library checked and accepted by the Eclipse foundation. Do create new tickets for this, you can use this command:
 ```
@@ -62,6 +72,45 @@ mvn org.eclipse.dash:license-tool-plugin:license-check -Ddash.iplab.token=$ECLIP
 
 For more information on the tool and how to acquire the token, check https://github.com/eclipse/dash-licenses.
 
+## General contribution to the project
+
+
+## Contributing as a Consultant
+
+### Conceptual work and specification guidelines
+1. The prerequisite for a concept is always a github issue that defines the business value and the acceptance criteria that are to be implemented with the concept
+2. Copy and rename directory /docs/#000-concept-name-template /docs/#<DDD>-<target-name>
+3. Copy file /docs/Concept_TEMPLATE.md into new directory  /docs/#<DDD>-<target-name>
+
+### Diagrams
+PlantUML and Mermaid is used for conceptual work.
+https://mermaid.js.org/
+https://plantuml.com/
+
+
+#### PlantUML 
+default skinparam for plantUml diagrams 
+````
+@startuml
+skinparam monochrome true
+skinparam shadowing false
+skinparam linetype ortho
+skinparam defaultFontName "Architects daughter"
+autonumber "<b>[000]"
+
+@enduml
+````
+
+####  Mermaid
+Default header for mermaid sequence diagrams
+````
+sequenceDiagram
+    %%{init: {'theme': 'dark', 'themeVariables': { 'fontSize': '15px'}}}%%
+    autonumber
+ ````   
+
+## Contributing as a Developer
+
 ### Commit messages
 The commit messages have to match a pattern in the form of:  
 ``< type >(scope):[<Ticket_ID>] < description >``  
@@ -80,11 +129,13 @@ cp local/development/commit-msg .git/hooks/commit-msg && chmod 500 .git/hooks/co
 
 For further information please see https://github.com/hazcod/semantic-commit-hook
 
-## Code formatting 
+### Code formatting 
 Please use the following code formatter: [.idea/codeStyles](.idea/codeStyles)
 
+
 ## Contact
 
 Contact the project developers via the project's "dev" list.
 
 * https://accounts.eclipse.org/mailing-list/tractusx-dev
+* Eclipse Matrix Chat https://chat.eclipse.org/#/room/#tractusx-irs:matrix.eclipse.org