Merge branch 'refs/heads/main' into refactor/release-workflow

.config/owasp-suppressions.xml

@@ -35,4 +35,11 @@
         <packageUrl regex="true">^pkg:maven/com.jayway.jsonpath/[email protected]$</packageUrl>
         <vulnerabilityName>CVE-2023-51074</vulnerabilityName>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        Dataspace components for models and JSON ID transformer, therefore OAUTH not relevant.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/[email protected]$</packageUrl>
+        <vulnerabilityName>CVE-2024-4536</vulnerabilityName>
+    </suppress>
 </suppressions>

.github/workflows/cucumber-integration-test-DIL.yaml

@@ -9,7 +9,32 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+
+  check-config:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if DIL_REGULAR_USER_API_KEY is defined
+        run: |
+          if [[ -z "${{ secrets.DIL_REGULAR_USER_API_KEY }}" ]]; then
+            echo "Error: Missing secret: Please configure DIL_REGULAR_USER_API_KEY."
+            exit 1
+          fi
+      - name: Check if DIL_ADMIN_USER_API_KEY is defined
+        run: |
+          if [[ -z "${{ secrets.DIL_ADMIN_USER_API_KEY }}" ]]; then
+            echo "Error: Missing secret: Please configure DIL_ADMIN_USER_API_KEY."
+            exit 1
+          fi
+      - name: Check if IRS_CUCUMBER_PUBLISH_TOKEN is defined
+        run: |
+          if [[ -z "${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}" ]]; then
+            echo "Error: Missing secret: Please configure IRS_CUCUMBER_PUBLISH_TOKEN."
+            exit 1
+          fi
+        shell: bash
+
   trigger-integration-test:
+    needs: check-config
     uses: ./.github/workflows/cucumber-integration-test.yaml
     secrets:
       regularUserApiKey: ${{ secrets.DIL_REGULAR_USER_API_KEY }}

.github/workflows/cucumber-integration-test-INT.yaml

@@ -9,7 +9,32 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+
+  check-config:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if INT_REGULAR_USER_API_KEY is defined
+        run: |
+          if [[ -z "${{ secrets.INT_REGULAR_USER_API_KEY }}" ]]; then
+            echo "Error: Missing secret: Please configure INT_REGULAR_USER_API_KEY."
+            exit 1
+          fi
+      - name: Check if INT_ADMIN_USER_API_KEY is defined
+        run: |
+          if [[ -z "${{ secrets.INT_ADMIN_USER_API_KEY }}" ]]; then
+            echo "Error: Missing secret: Please configure INT_ADMIN_USER_API_KEY."
+            exit 1
+          fi
+      - name: Check if IRS_CUCUMBER_PUBLISH_TOKEN is defined
+        run: |
+          if [[ -z "${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}" ]]; then
+            echo "Error: Missing secret: Please configure IRS_CUCUMBER_PUBLISH_TOKEN."
+            exit 1
+          fi
+        shell: bash
+
   trigger-integration-test:
+    needs: check-config
     uses: ./.github/workflows/cucumber-integration-test.yaml
     secrets:
       regularUserApiKey: ${{ secrets.INT_REGULAR_USER_API_KEY }}

.github/workflows/cucumber-integration-test.yaml

@@ -15,6 +15,7 @@ on:
         type: string
 
 jobs:
+
   build:
     runs-on: ubuntu-latest
 
@@ -40,9 +41,16 @@ jobs:
           ADMIN_USER_API_KEY: ${{ secrets.adminUserApiKey }}
           ISSUE_FILTER: ${{ inputs.executionFilter }}
           CUCUMBER_PUBLISH_TOKEN: ${{ secrets.cucumberPublishToken }}
-        # workaround replacement since injecting the token via environment variable does not work
         run: |
-          sed -i "s/CUCUMBER_TOKEN_IRS_PLACEHOLDER/${CUCUMBER_PUBLISH_TOKEN}/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java
+          if [ -z "${{ secrets.cucumberPublishToken }}" ]; then
+            echo "Publish cucumber report disabled"
+            sed -i "s/PUBLISH_ENABLED_FLAG/false/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java
+          else
+            echo "Publish cucumber report enabled"
+            sed -i "s/PUBLISH_ENABLED_FLAG/true/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java
+            # workaround replacement since injecting the token via environment variable does not work
+            sed -i "s/CUCUMBER_TOKEN_IRS_PLACEHOLDER/${CUCUMBER_PUBLISH_TOKEN}/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java
+          fi          
 
           mvn clean verify -P cucumber -Dgroups="$ISSUE_FILTER" -pl irs-cucumber-tests -am --batch-mode 2> irs-cucumber-tests/report-banner.txt
 

.github/workflows/integration-test-DEV.yaml

@@ -2,6 +2,11 @@ name: IRS DEV Cucumber Integration test execution
 
 on:
   workflow_dispatch: # Trigger manually
+    inputs:
+      executionFilter:
+        description: 'Execution filter'
+        required: false
+        default: '!Ignore & !INACTIVE & INTEGRATION_TEST & DEV'
   push:
     branches:
       - 'main'
@@ -19,12 +24,40 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+
+
+
 jobs:
+
+  check-config:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if DEV_REGULAR_USER_API_KEY is defined
+        run: |
+          if [[ -z "${{ secrets.DEV_REGULAR_USER_API_KEY }}" ]]; then
+            echo "Error: Missing secret: Please configure DEV_REGULAR_USER_API_KEY."
+            exit 1
+          fi
+      - name: Check if DEV_ADMIN_USER_API_KEY is defined
+        run: |
+          if [[ -z "${{ secrets.DEV_ADMIN_USER_API_KEY }}" ]]; then
+            echo "Error: Missing secret: Please configure DEV_ADMIN_USER_API_KEY."
+            exit 1
+          fi
+      - name: Check if IRS_CUCUMBER_PUBLISH_TOKEN is defined
+        run: |
+          if [[ -z "${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}" ]]; then
+            echo "Error: Missing secret: Please configure IRS_CUCUMBER_PUBLISH_TOKEN."
+            exit 1
+          fi
+        shell: bash
+
   trigger-integration-test:
+    needs: check-config
     uses: ./.github/workflows/cucumber-integration-test.yaml
     secrets:
       regularUserApiKey: ${{ secrets.DEV_REGULAR_USER_API_KEY }}
       adminUserApiKey: ${{ secrets.DEV_ADMIN_USER_API_KEY }}
       cucumberPublishToken: ${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}
     with:
-      executionFilter: "!Ignore & !INACTIVE & INTEGRATION_TEST & DEV"
+      executionFilter: ${{ github.event.inputs.executionFilter || '!Ignore & !INACTIVE & INTEGRATION_TEST & DEV' }}

.github/workflows/irs-build.yml

@@ -19,8 +19,20 @@ on:
     tags:
       - '**'
 
-
 jobs:
+  init:
+    runs-on: ubuntu-latest
+    outputs:
+      image_namespace: tractusx
+      image_name: irs-api
+      docker_hub_user: ${{ secrets.DOCKER_HUB_USER }}
+      # In order to skip sonar if not configured
+      sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}
+    steps:
+      - run: |
+          echo "Preparing variables"
+          echo "sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}"
+
   build:
     runs-on: ubuntu-latest
     steps:
@@ -45,10 +57,12 @@ jobs:
           mvn clean verify --batch-mode
 
   analyze_with_Sonar:
+    needs: [init]
     # No need to run if we cannot use the sonar token
     if: >-
-      (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) &&
-      github.actor != 'dependabot[bot]'
+      needs.init.outputs.sonar_configured == 'true'
+      && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) 
+      && github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -86,6 +100,7 @@ jobs:
           -Dcheckstyle.skip -Dpmd.skip=true
 
   build_images:
+    needs: [init]
     strategy:
       matrix:
         image:
@@ -116,66 +131,30 @@ jobs:
           echo VERSION=$VERSION
           echo "::set-output name=image_tag::$VERSION"
 
-      - name: Log in to registry
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: >-
-          env.DOCKER_HUB_USER == '' &&
-          (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) &&
-          github.actor != 'dependabot[bot]'
-        # This is where you will update the PAT to GITHUB_TOKEN
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-
-      - name: Push image (GHCR)
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: >- 
-          env.DOCKER_HUB_USER == '' &&
-          (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) &&
-          github.actor != 'dependabot[bot]'
-        run: |
-          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}
-          # Change all uppercase to lowercase
-          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-          echo IMAGE_ID=$IMAGE_ID
-
-          docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }}
-          docker push $IMAGE_ID:${{ steps.version.outputs.image_tag }}
-          
-          docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA
-          docker push $IMAGE_ID:$GITHUB_SHA
-          
       - name: Login to Docker Hub
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-        if: env.DOCKER_HUB_USER != ''
+        if: needs.init.outputs.docker_hub_user != ''
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       - name: Push image (DockerHub)
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-          IMAGE_NAMESPACE: tractusx
-          IMAGE_NAME: irs-api
-        if: env.DOCKER_HUB_USER != ''
+        if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request'
         run: |
-          docker tag ${{ matrix.image }} ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }}
-          docker push ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }}
+          docker tag ${{ matrix.image }} ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }}
+          docker push ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }}
+          
+          docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA
+          docker push $IMAGE_ID:$GITHUB_SHA
 
       # https://github.com/peter-evans/dockerhub-description
       - name: Update Docker Hub description
-        env:
-          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
-          IMAGE_NAMESPACE: tractusx
-          IMAGE_NAME: irs-api
-        if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request'
+        if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request'
         uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
-          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          repository: ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}
           readme-filepath: ./DOCKER_NOTICE.md
 
   trigger-trivy-image-scan:
@@ -184,3 +163,4 @@ jobs:
     needs:
       - build_images
     uses: ./.github/workflows/trivy-docker-hub-scan.yml
+