Skip to content

Commit

Permalink
Merge pull request #531 from catenax-ng/main
Browse files Browse the repository at this point in the history 
Synch
  • Loading branch information
@ds-jhartmann
ds-jhartmann authored Apr 15, 2024
2 parents 0c947b8 + 833c6e5 commit e4d7361
Show file tree
Hide file tree
Showing 101 changed files with 48,727 additions and 64,279 deletions.
8 changes: 0 additions & 8 deletions .config/.trivyignore
View file
Original file line number Diff line number Diff line change
@@ -1,8 +0,0 @@
# Only relevant if UNWRAP_SINGLE_VALUE_ARRAYS is activated, which is not the case here.
CVE-2022-42003

# HttpInvokerServiceExporter is not loaded as a bean in the IRS.
CVE-2016-1000027

# Vulnerability method not in IRS codebase (Files.createTempDir from guava). https://github.com/google/guava/issues/2575
CVE-2023-2976
1 change: 0 additions & 1 deletion .config/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,5 @@ This folder contains configuration, rules and suppression files for code quality
| irs.header | Copyright header definition for the checkstyle module RegexpHeader. | see checkstyle.xml file |
| owasp-suppressions.xml | [OWASP dependendy check](https://owasp.org/www-project-dependency-check/) suppressions. | [OWASP suppressions documentation](https://jeremylong.github.io/DependencyCheck/general/suppression.html) |
| pmd-rules.xml | [PMD Source Code Analyzer](https://pmd.github.io/) rules. | [PMD rules documentation](https://pmd.github.io/pmd/pmd_userdocs_making_rulesets.html) |
| spotbugs-excludes.xml | [Spotbugs](https://spotbugs.github.io/) excludes. | [Spotbugs excludes documentation](https://spotbugs.readthedocs.io/en/stable/filter.html) |


10 changes: 5 additions & 5 deletions .github/workflows/helm-chart-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,13 @@ jobs:
- name: Get helm charts latest tag version
id: step1
run: |
latestVersion=$(git tag | grep "irs-helm-[1-9]" | tail -1)
latestVersion=$(git tag | grep "item-relationship-service-[1-9]" | sort -V | tail -1)
echo "::set-output name=latest_version::$latestVersion"
echo "Exported $latestVersion latest helm charts version"
- name: Get helm charts current version
id: step2
run: |
chartVersion=irs-helm-$(cat ./charts/irs-helm/Chart.yaml | grep "version:" | head -1 | cut -d ":" -d " " -f2)
chartVersion=item-relationship-service-$(cat ./charts/item-relationship-service/Chart.yaml | grep "version:" | head -1 | cut -d ":" -d " " -f2)
echo "::set-output name=current_version::$chartVersion"
echo "Exported $chartVersion helm charts version"
Expand Down Expand Up @@ -60,7 +60,7 @@ jobs:
version: v3.9.3

- name: Update helm dependencies for irs
working-directory: charts/irs-helm/
working-directory: charts/item-relationship-service/
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add minio https://charts.min.io/
Expand All @@ -69,11 +69,11 @@ jobs:
helm dependency update
- name: Create temporary CHANGELOG file for helm release
working-directory: charts/irs-helm/
working-directory: charts/item-relationship-service/
run: |
touch CHANGELOG-temp.md
currentVersionNumber=$(echo ${{ needs.get-helm-charts-versions-irs.outputs.current_version }} | sed -e "s/^irs-helm-//" )
currentVersionNumber=$(echo ${{ needs.get-helm-charts-versions-irs.outputs.current_version }} | sed -e "s/^item-relationship-service-//" )
echo currentVersionNumber=$currentVersionNumber
sed -n -e '/## \['"${currentVersionNumber}"'\]/,/## \[/ p' CHANGELOG.md | head -n -1 | tail -n +2 >> CHANGELOG-temp.md
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,5 +72,5 @@ jobs:
helm repo add minio https://charts.min.io/
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
ct install --charts charts/irs-helm --helm-extra-set-args "--set=image.tag=testing --set=image.repository=kind-registry:5000/irs-api"
ct install --charts charts/item-relationship-service --helm-extra-set-args "--set=image.tag=testing --set=image.repository=kind-registry:5000/irs-api"
if: steps.list-changed.outputs.changed == 'true'
12 changes: 6 additions & 6 deletions .github/workflows/helm-upgrade.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Upgrade Charts
on:
pull_request:
paths:
- 'charts/irs-helm/**'
- 'charts/item-relationship-service/**'
workflow_dispatch:

jobs:
Expand Down Expand Up @@ -32,12 +32,12 @@ jobs:
helm repo add irs https://eclipse-tractusx.github.io/item-relationship-service
- name: Run helm install
# Install latest released irs-helm version
# Install latest released item-relationship-service version
run: |
helm install irs irs/irs-helm
helm install irs irs/item-relationship-service
- name: Run helm upgrade
# Upgrade the installed irs-helm version with the locally available charts
# Upgrade the installed item-relationship-service version with the locally available charts
run: |
helm dependency update charts/irs-helm
helm upgrade irs charts/irs-helm
helm dependency update charts/item-relationship-service
helm upgrade irs charts/item-relationship-service
6 changes: 3 additions & 3 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@ jobs:
- uses: actions/checkout@v4

- name: Calculate Helm release version from CHANGELOG
run: echo HELM_VERSION=$(cat charts/irs-helm/CHANGELOG.md | sed -n 's/.*\[\([0-9]\+\.[0-9]\+\.[0-9]\+\)\].*/\1/p' | head -n 1) >> $GITHUB_ENV
run: echo HELM_VERSION=$(cat charts/item-relationship-service/CHANGELOG.md | sed -n 's/.*\[\([0-9]\+\.[0-9]\+\.[0-9]\+\)\].*/\1/p' | head -n 1) >> $GITHUB_ENV

- name: Update Chart.yaml appVersion
uses: mikefarah/[email protected]

Check warning on line 19 in .github/workflows/release.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
with:
cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/irs-helm/Chart.yaml
cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/item-relationship-service/Chart.yaml

- name: Update Chart.yaml version
uses: mikefarah/[email protected]

Check warning on line 24 in .github/workflows/release.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 24 in .github/workflows/release.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
with:
cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/irs-helm/Chart.yaml
cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/item-relationship-service/Chart.yaml

- name: Prepare Helm release
uses: peter-evans/create-pull-request@v5
Expand Down
6 changes: 2 additions & 4 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,5 @@ docs/src/diagram-replacer/package.json
docs/src/diagram-replacer/plantuml.jar

# Helm Chart Dependencies
/charts/irs-helm/Chart.lock
/charts/irs-helm/charts/


/charts/item-relationship-service/Chart.lock
/charts/item-relationship-service/charts/
17 changes: 16 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,17 @@ _**For better traceability add the corresponding GitHub issue number in each cha

### Added

- SAMM models can now be added locally #488
- Introduced new Cucumber Tests to cover Industry Core 2.0.0 compatibility #488

### Changed

### Fixed

- ClassCastException in exception handling of EdcSubmodelClientImp#getEndpointReferencesForAsset corrected (returns the exception as failed future now). #405
- RestClientExceptions are handled correctly in BpdmFacade now. #405


## [4.9.0] - 2024-04-03
### Added
- Extended EdcPolicyDefinitionService to check if a policy in the edc exists
Expand All @@ -20,8 +29,14 @@ _**For better traceability add the corresponding GitHub issue number in each cha
- IRS now supports Asset Administration Shell v3.1 - adjusted lookup shells endpoint changes (assetIds query param is encoded). #359
- Support of building relationships based on SingleLevelBomAsBuilt v3.0.0 #488

### Changed

- Renamed item relationship service Helm chart from "irs-helm" to "item-relationship-service". #489


## [4.8.0] - 2024-03-18
### Changed

- Improved maintainability in EdcSubmodelClientImpl by reduced method visibility and better naming (in context of #448).
- EdcPolicyDefinitionService, EdcContractDefinitionService and EdcAssetService throw AlreadyExist exceptions when
conflict is returned from EDC
Expand Down Expand Up @@ -137,7 +152,7 @@ _**For better traceability add the corresponding GitHub issue number in each cha
- Added `impactedSuppliersOnFirstTier` parameter to Supply SupplyChainImpacted Aspect model - contains information of first level supply chain impacted
- Exported health endpoints to prometheus (see HealthMetricsExportConfiguration,
DependenciesHealthMetricsExportConfiguration) and
added [system health dashboard](charts/irs-helm/dashboards/system-health-dashboard.json)
added [system health dashboard](charts/item-relationship-service/dashboards/system-health-dashboard.json)
in order to visualize health metrics of IRS and its dependencies. #283

### Fixed
Expand Down
34 changes: 29 additions & 5 deletions COMPATIBILITY_MATRIX.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,28 @@

Full changelog of IRS: [changelog](CHANGELOG.md)

## [Unreleased]

| Dependency | Version | Helm | Comments |
|----------------------------|------------------------------|------------|-----------------|
| EDC | 0.5.3 | 0.5.3 | |
| EDC PostgresSQL | 15.1.0-debian-11-r12 | 12.1.6 | Optional |
| MIW | 0.1.0 | 0.1.0 | REST connection |
| Semantics Hub | 0.1.29 | v0.2.11-M1 | REST connection |
| DTR | 0.3.14-M1 | 0.3.22 | REST connection |
| Minio | RELEASE.2022-11-11T03-44-20Z | 5.0.1 | |
| SingleLevelBomAsBuilt | 2.0.0 | - | Model version |
| SingleLevelBomAsPlanned | 2.0.0 | - | Model version |
| SingleLevelBomAsSpecified | 1.0.0 | - | Model version |
| SingleLevelUsageAsBuilt | 2.0.0 | - | Model version |
| PartAsPlanned | 2.0.0 | - | Model Version |
| SingleLevelBomAsPlanned | 3.0.0 | - | Model Version |
| SerialPart | 3.0.0 | - | Model Version |
| Batch | 3.0.0 | - | Model Version |
| JustInSequencePart | 3.0.0 | - | Model Version |
| SingleLevelBomAsBuilt | 3.0.0 | - | Model Version |
| PartSiteInformationAsBuilt | 1.0.0 | - | Model Version |

## [4.9.0] - 2024-04-03

| Dependency | Version | Helm | Comments |
Expand All @@ -10,14 +32,15 @@ Full changelog of IRS: [changelog](CHANGELOG.md)
| EDC PostgresSQL | 15.1.0-debian-11-r12 | 12.1.6 | Optional |
| MIW | 0.1.0 | 0.1.0 | REST connection |
| Semantics Hub | 0.1.29 | v0.2.11-M1 | REST connection |
| DTR | 0.3.14-M1 | 0.3.22 | REST connection |
| DTR | 0.4.1 | 0.4.9 | REST connection |
| Minio | RELEASE.2022-11-11T03-44-20Z | 5.0.1 | |
| SingleLevelBomAsBuilt | 2.0.0 | - | Model version |
| SingleLevelBomAsBuilt | 3.0.0 | - | Model version |
| SingleLevelBomAsPlanned | 2.0.0 | - | Model version |
| SingleLevelBomAsSpecified | 1.0.0 | - | Model version |
| SingleLevelUsageAsBuilt | 2.0.0 | - | Model version |

## [4.8.0] - 2024-03-18

| Dependency | Version | Helm | Comments |
|---------------------------|------------------------------|------------|-----------------|
| EDC | 0.5.3 | 0.5.3 | |
Expand All @@ -31,8 +54,8 @@ Full changelog of IRS: [changelog](CHANGELOG.md)
| SingleLevelBomAsSpecified | 1.0.0 | - | Model version |
| SingleLevelUsageAsBuilt | 2.0.0 | - | Model version |


## [4.7.0] - 2024-03-04

| Dependency | Version | Helm | Comments |
|---------------------------|------------------------------|------------|-----------------|
| EDC | 0.5.3 | 0.5.3 | |
Expand All @@ -46,8 +69,8 @@ Full changelog of IRS: [changelog](CHANGELOG.md)
| SingleLevelBomAsSpecified | 1.0.0 | - | Model version |
| SingleLevelUsageAsBuilt | 2.0.0 | - | Model version |


## [4.6.0] - 2024-02-20

| Dependency | Version | Helm | Comments |
|---------------------------|------------------------------|------------|-----------------|
| EDC | 0.5.3 | 0.5.3 | |
Expand All @@ -61,8 +84,8 @@ Full changelog of IRS: [changelog](CHANGELOG.md)
| SingleLevelBomAsSpecified | 1.0.0 | - | Model version |
| SingleLevelUsageAsBuilt | 2.0.0 | - | Model version |


## [4.2.0] - 2023-11-28

| Dependency | Version | Helm | Comments |
|---------------------------|------------------------------|------------|-----------------|
| EDC | 0.5.3 | 0.5.3 | |
Expand All @@ -77,6 +100,7 @@ Full changelog of IRS: [changelog](CHANGELOG.md)
| SingleLevelUsageAsBuilt | 2.0.0 | - | Model version |

## [4.1.0] - 2023-11-15

| Dependency | Version | Helm | Comments |
|---------------------------|------------------------------|------------|-----------------|
| EDC | 0.5.3 | 0.5.3 | |
Expand Down
19 changes: 10 additions & 9 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,26 +171,27 @@ https://github.com/google/google-java-format/blob/master/README.md#intellij-jre-
1. Choose a release version using [semantic versioning](https://semver.org/spec/v2.0.0.html)
and create a corresponding branch according to the template: `chore/prepare-release-x.x.x`.
2. Add release notes for new version in [CHANGELOG.md](CHANGELOG.md)
and [charts/irs-helm/CHANGELOG.md](charts/irs-helm/CHANGELOG.md)
and [charts/item-relationship-service/CHANGELOG.md](charts/item-relationship-service/CHANGELOG.md)
(for an example [see here](https://github.com/eclipse-tractusx/item-relationship-service/pull/429))
- Check if the changelog entries for the release are complete.
- Add the corresponding GitHub issue numbers to each entry if missing.
3. Update [COMPATIBILITY_MATRIX.md](COMPATIBILITY_MATRIX.md).
4. Update IRS API version in IrsApplication class and irs-api.yaml
5. Create pull request from [release preparation branch to main](https://github.com/eclipse-tractusx/item-relationship-service/compare/chore/prepare-release-x.x.x) and merge to main.
6. Create Git tag for the desired release version `git tag x.x.x`
(note: the irs-helm tag will be created automatically by the GitHub workflow based on the version in the irs-helm changelog).
7. Push Git tag to repository `git push origin x.x.x` (this will trigger the GitHub release workflow).
8. Wait for release workflow to complete.
9. Merge the automatically opened PR by GitHub actions bot.
10. Notify about the release in IRS Matrix Chat using the following template:
5. Create pull request from [release preparation branch to main](https://github.com/eclipse-tractusx/item-relationship-service/compare/chore/prepare-release-x.x.x)
6. Merge this pull request to main.
7. Create Git tag for the desired release version `git tag x.x.x`
(note: the _item-relationship-service_ tag will be created automatically by the GitHub workflow based on the version in the [helm chart changelog](charts/item-relationship-service/CHANGELOG.md)).
8. Push Git tag to repository `git push origin x.x.x` (this will trigger the GitHub release workflow).
9. Wait for release workflow to complete.
10. Merge the pull request that was automatically opened by GitHub actions bot.
11. Notify about the release in IRS Matrix Chat using the following template:

> **IRS Release x.x.x**
>
> IRS version x.x.x is released.
>
> https://github.com/eclipse-tractusx/item-relationship-service/releases/tag/x.x.x<br>
> https://github.com/eclipse-tractusx/item-relationship-service/releases/tag/irs-helm-y.y.y<br>
> https://github.com/eclipse-tractusx/item-relationship-service/releases/tag/item-relationship-service-y.y.y<br>
> **Full Changelog:** https://github.com/eclipse-tractusx/item-relationship-service/compare/w.w.w...x.x.x
_(replace x.x.x with IRS version to release, y.y.y with IRS helm version to release and w.w.w with previous IRS version)_
Expand Down
Loading

0 comments on commit e4d7361

Please sign in to comment.