From db036b8b9a6327f1d5b493b843b1a0bb76575a65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:18:49 +0000 Subject: [PATCH 01/16] chore(deps): bump docker/metadata-action from 5.0.0 to 5.5.1 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.0.0 to 5.5.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/96383f45573cb7f253c731d3b3ab81c87ef81934...8e5442c4ef9f78752691e2d8f8d19755c6f78e81) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 607fcd0..e98554a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -126,7 +126,7 @@ jobs: # Create SemVer or ref tags dependent of trigger event - name: Docker Meta AAS Bridge id: meta-aas - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | ${{ steps.set-docker-repo.outputs.REPO }}/aas-bridge From 23a6fd5f83d07f0afb4d7583539d28061a397d6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 10:45:20 +0000 Subject: [PATCH 02/16] chore(deps): bump org.apache.maven.plugins:maven-jar-plugin Bumps [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 2.4 to 3.4.2. - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](https://github.com/apache/maven-jar-plugin/compare/maven-jar-plugin-2.4...maven-jar-plugin-3.4.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0988484..e1b37bf 100644 --- a/pom.xml +++ b/pom.xml @@ -179,7 +179,7 @@ org.apache.maven.plugins maven-jar-plugin - 3.3.0 + 3.4.2 com.diffplug.spotless From fc7aecfddb21b63dd79cbc642cf9ea97beab9f9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 10:45:27 +0000 Subject: [PATCH 03/16] chore(deps): bump junit.version from 5.10.2 to 5.10.3 Bumps `junit.version` from 5.10.2 to 5.10.3. Updates `org.junit:junit-bom` from 5.10.2 to 5.10.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.2...r5.10.3) Updates `org.junit.jupiter:junit-jupiter-params` from 5.10.2 to 5.10.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.2...r5.10.3) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.junit.jupiter:junit-jupiter-params dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0988484..f79b7ce 100644 --- a/pom.xml +++ b/pom.xml @@ -39,7 +39,7 @@ 11 false - 5.10.2 + 5.10.3 5.2.0 4.12.0 4.3.8 From 6e01a9eaf1fc881634f10bf1c8ec267f0ee38220 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 10:45:31 +0000 Subject: [PATCH 04/16] chore(deps): bump org.apache.maven.plugins:maven-shade-plugin Bumps [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](https://github.com/apache/maven-shade-plugin/compare/maven-shade-plugin-3.5.0...maven-shade-plugin-3.6.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0988484..d8ce60f 100644 --- a/pom.xml +++ b/pom.xml @@ -108,7 +108,7 @@ org.apache.maven.plugins maven-shade-plugin - 3.5.1 + 3.6.0 org.codehaus.mojo From 27fa94d26a1b165a7ca885eaba3db8749809285e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 06:01:58 +0000 Subject: [PATCH 05/16] chore(deps): bump actions/cache from 4.0.1 to 4.0.2 Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/ab5e6d0c87105b4c9c2047343972218f562e4319...0c45773b623bea8c8e75f6c82b208c3cf94ea4f9) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8fc7c4..9e61f52 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -75,7 +75,7 @@ jobs: options: --overwrite - name: Cache maven packages - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} From 30ed87817955bc16c7acb0feaeeaca4cc313dda5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 05:28:49 +0000 Subject: [PATCH 06/16] chore(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.3.1 to 3.5.0. - [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.3.1...maven-checkstyle-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 95dbb96..2958006 100644 --- a/pom.xml +++ b/pom.xml @@ -199,7 +199,7 @@ org.apache.maven.plugins maven-checkstyle-plugin - 3.3.1 + 3.5.0 ${project.basedir}/../resources/tx-checkstyle-config.xml From 031b6e676b3422e8107c366a72eaffeac4ae219c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Aug 2024 05:43:21 +0000 Subject: [PATCH 07/16] chore(deps): bump actions/setup-python from 5.1.0 to 5.2.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/82c7e631bb3cdc910f68e0081d67478d79c6982d...f677139bbe7f9c59b41e40162b753c062f5d49a3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-chart-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 1e226d2..e8b90d5 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -79,7 +79,7 @@ jobs: cache: 'maven' # Set-Up Python - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.9 From 7c3b3b4be0759110a3d0fa0b549bcf5ab1e3ef6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 05:51:28 +0000 Subject: [PATCH 08/16] chore(deps): bump actions/checkout from 4.1.1 to 4.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...d632683dd7b4114ad314bca15554477dd762a938) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/dependencies.yml | 2 +- .github/workflows/helm-chart-lint.yml | 2 +- .github/workflows/helm-chart-release.yml | 2 +- .github/workflows/kics.yml | 2 +- .github/workflows/trivy.yml | 4 ++-- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ee706aa..0058ffa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,7 +88,7 @@ jobs: # Get the Code - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: submodules: recursive diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8fc7c4..10f82c8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # Set-Up - name: Setup JDK 17 diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index dc43609..0a3bb1d 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -46,7 +46,7 @@ jobs: # Get the Code - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: submodules: recursive diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 1e226d2..23ef000 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -60,7 +60,7 @@ jobs: steps: # get the code - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm-chart-release.yml index 65b7773..ee3d5ef 100644 --- a/.github/workflows/helm-chart-release.yml +++ b/.github/workflows/helm-chart-release.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 99ed503..af9ead7 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -46,7 +46,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a23fe98..ae88836 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -55,7 +55,7 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: @@ -100,7 +100,7 @@ jobs: fi exit 0 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # Enable repository access (on main branch and version tags only) - name: Login to GitHub Container Registry From 6b6e965646d8c29e97ec5365c50a64f5eb7ee63b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 05:47:08 +0000 Subject: [PATCH 09/16] chore(deps): bump org.mockito:mockito-bom from 5.2.0 to 5.14.1 Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.2.0 to 5.14.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.2.0...v5.14.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 95dbb96..35409f0 100644 --- a/pom.xml +++ b/pom.xml @@ -40,7 +40,7 @@ false 5.10.2 - 5.2.0 + 5.14.1 4.12.0 4.3.8 1.0.1 From c95b39e8661dc42824617740f0710553d8bd6b2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 05:42:23 +0000 Subject: [PATCH 10/16] chore(deps): bump github/codeql-action from 2.22.6 to 3.26.11 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 3.26.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.22.6...6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/kics.yml | 2 +- .github/workflows/trivy.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8fc7c4..537d31c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,7 +63,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -100,4 +100,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 99ed503..2c2a345 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -70,6 +70,6 @@ jobs: - name: Upload SARIF file for GitHub Advanced Security Dashboard if: always() - uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: kicsResults/results.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a23fe98..c62c4d3 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -67,7 +67,7 @@ jobs: output: "trivy-results-config.sarif" severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 if: always() with: sarif_file: "trivy-results-config.sarif" @@ -133,6 +133,6 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: success() && steps.imageCheck.outcome != 'failure' - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: "trivy-results-${{ matrix.image }}.sarif" From 55b1d9545518d69e4e3626734f06930a5820f9c2 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 4 Oct 2024 15:48:41 +0200 Subject: [PATCH 11/16] chore: upgrade java reference version. --- NOTICE.md | 4 ++-- pom.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/NOTICE.md b/NOTICE.md index 2b18447..ae14c1f 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -72,8 +72,8 @@ You may recreate an up-to-date DEPENDENCIES file by invoking ``` The KA-AAS build and runtime platform is relying on: -* [Java Runtime Environment (JRE >=11 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java-Laufzeitumgebung) -* [Java Development Kit (JDK >=11 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java_Development_Kit) +* [Java Runtime Environment (JRE >=17 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java-Laufzeitumgebung) +* [Java Development Kit (JDK >=17 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java_Development_Kit) * [Apache Maven >=3.8 (Apache License 2.0)](https://maven.apache.org) * [Eclipse Dash (Eclipse Public License 2.0)](https://github.com/eclipse/dash-licenses) * [Docker Engine >= 20.10.17 (Apache License 2.0)]() diff --git a/pom.xml b/pom.xml index 95dbb96..b900ab7 100644 --- a/pom.xml +++ b/pom.xml @@ -35,8 +35,8 @@ - 11 - 11 + 17 + 17 false 5.10.2 From a26078e3d6f6bba4ba7228cc17af0806e6d560c1 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 4 Oct 2024 16:08:16 +0200 Subject: [PATCH 12/16] chore: upgrade some versions because of CVEs --- pom.xml | 3 +++ sparql-aas/pom.xml | 20 ++++++++++++++++++++ sparql-aas/src/main/docker/Dockerfile | 6 +++--- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 414c6a2..047fdc8 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,8 @@ 4.12.0 4.3.8 1.0.1 + 3.25.5 + 1.78 UTF-8 @@ -129,6 +131,7 @@ ${project.basedir} build + --load --platform ${platform} -f diff --git a/sparql-aas/pom.xml b/sparql-aas/pom.xml index c0f6164..9685058 100644 --- a/sparql-aas/pom.xml +++ b/sparql-aas/pom.xml @@ -143,6 +143,26 @@ dom4j 2.1.3 + + com.google.protobuf + protobuf-java + ${protobuf.version} + + + org.bouncycastle + bcprov-jdk18on + ${bouncycastle.version} + + + org.bouncycastle + bcpkix-jdk18on + ${bouncycastle.version} + + + org.bouncycastle + bcutil-jdk18on + ${bouncycastle.version} + com.squareup.okhttp3 mockwebserver diff --git a/sparql-aas/src/main/docker/Dockerfile b/sparql-aas/src/main/docker/Dockerfile index 240cf23..67d0c3b 100644 --- a/sparql-aas/src/main/docker/Dockerfile +++ b/sparql-aas/src/main/docker/Dockerfile @@ -18,16 +18,16 @@ # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.19.1 AS otel +FROM alpine:3.20.2 AS otel ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.27.0/opentelemetry-javaagent.jar" HEALTHCHECK NONE -RUN apk update && apk add curl=8.9.0-r0 --no-cache +RUN apk update && apk add curl=8.10.1-r0 --no-cache RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar -FROM eclipse-temurin:22_36-jre-alpine +FROM eclipse-temurin:22-jre-alpine ARG APP_USER=faaast ARG APP_UID=10100 From 88e14d0e6f7a3e58057aa1781789ef2b834fd0a7 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 4 Oct 2024 16:44:34 +0200 Subject: [PATCH 13/16] chore: upgrade release/chart version --- .github/workflows/build.yml | 2 +- README.md | 2 +- charts/aas-bridge/Chart.yaml | 4 ++-- charts/aas-bridge/README.md | 4 ++-- pom.xml | 2 +- sparql-aas/README.md | 4 ++-- sparql-aas/pom.xml | 2 +- upgrade_version.sh | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0058ffa..cdac217 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -143,7 +143,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.14.23-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.14.24-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} # build in any case, but push only main and version tag settings diff --git a/README.md b/README.md index 63b3443..b615523 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ kubectl wait --namespace ingress-nginx \ --selector=app.kubernetes.io/component=controller \ --timeout=90s # transfer images -kind load docker-image docker.io/tractusx/aas-bridge:1.14.23-SNAPSHOT --name ka +kind load docker-image docker.io/tractusx/aas-bridge:1.14.24-SNAPSHOT --name ka # run container test ct install --charts charts/aas-bridge ``` diff --git a/charts/aas-bridge/Chart.yaml b/charts/aas-bridge/Chart.yaml index 3e415de..8e06932 100644 --- a/charts/aas-bridge/Chart.yaml +++ b/charts/aas-bridge/Chart.yaml @@ -30,7 +30,7 @@ home: https://github.com/eclipse-tractusx/knowledge-agents-aas-bridge/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-aas-bridge/tree/main/sparql-aas type: application -appVersion: "1.14.23-SNAPSHOT" -version: 1.14.23-SNAPSHOT +appVersion: "1.14.24-SNAPSHOT" +version: 1.14.24-SNAPSHOT maintainers: - name: 'Tractus-X Knowledge Agents Team' diff --git a/charts/aas-bridge/README.md b/charts/aas-bridge/README.md index c755dd3..2c0eb7c 100644 --- a/charts/aas-bridge/README.md +++ b/charts/aas-bridge/README.md @@ -21,7 +21,7 @@ # aas-bridge -![Version: 1.14.23-SNAPSHOT](https://img.shields.io/badge/Version-0.13.6--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.14.23-SNAPSHOT](https://img.shields.io/badge/AppVersion-0.13.6--SNAPSHOT-informational?style=flat-square) +![Version: 1.14.24-SNAPSHOT](https://img.shields.io/badge/Version-0.13.6--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.14.24-SNAPSHOT](https://img.shields.io/badge/AppVersion-0.13.6--SNAPSHOT-informational?style=flat-square) A Helm chart for the Tractus-X Knowledge Agents AAS Bridge which is a container to provide an AAS server/registry on top of a knowledge graph/SPARQL landscape. @@ -32,7 +32,7 @@ This chart has no prerequisites. ## TL;DR ```shell $ helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -$ helm install my-release eclipse-tractusx/aas-bridge --version 1.14.23-SNAPSHOT +$ helm install my-release eclipse-tractusx/aas-bridge --version 1.14.24-SNAPSHOT ``` ## Maintainers diff --git a/pom.xml b/pom.xml index 9781b60..8fa97e5 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ 4.0.0 org.eclipse.tractusx.agents aas - 1.14.23-SNAPSHOT + 1.14.24-SNAPSHOT pom Tractus-X Knowledge Agents AAS Bridges Provides Implementations for Bridging Knowledge Agents and AAS diff --git a/sparql-aas/README.md b/sparql-aas/README.md index 3557048..9b678f4 100644 --- a/sparql-aas/README.md +++ b/sparql-aas/README.md @@ -87,7 +87,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Sparql-To-AAS bridge is created using ```console -docker build -t tractusx/aas-bridge:1.14.23-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx/aas-bridge:1.14.24-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image against a local knowledge graph, you could invoke this command @@ -97,7 +97,7 @@ docker run -p 8443:8443 \ -v $(pwd)/resources:/app/resources \ -e "PROVIDER_SPARQL_ENDPOINT=http://oem-provider-agent:8082/sparql" \ -e "PROVIDER_CREDENTIAL_BASIC=Basic Zm9vOg==" \ - tractusx/aas-bridge:1.14.23-SNAPSHOT + tractusx/aas-bridge:1.14.24-SNAPSHOT ```` Afterwards, you should be able to access the [local AAS endpoint](https://localhost:8443/) via REST diff --git a/sparql-aas/pom.xml b/sparql-aas/pom.xml index 9685058..3ae16c9 100644 --- a/sparql-aas/pom.xml +++ b/sparql-aas/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents aas - 1.14.23-SNAPSHOT + 1.14.24-SNAPSHOT ../pom.xml diff --git a/upgrade_version.sh b/upgrade_version.sh index 83eadae..4f2a0f6 100755 --- a/upgrade_version.sh +++ b/upgrade_version.sh @@ -16,7 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 -OLD_VERSION=1.14.23-SNAPSHOT +OLD_VERSION=1.14.24-SNAPSHOT echo Upgrading from $OLD_VERSION to $1 PATTERN=s/$OLD_VERSION/$1/g LC_ALL=C From ec40dca58ab5def0cbe1693fd15fa2866d5c1e79 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 5 Oct 2024 10:46:02 +0200 Subject: [PATCH 14/16] chore: upgrade some versions and deps. --- DEPENDENCIES | 56 ++++++++++++++++++++++++++-------------------------- pom.xml | 4 ++-- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 02bf229..5e41cde 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -5,7 +5,7 @@ maven/mavencentral/com.digitalpetri.fsm/strict-machine/0.6, Apache-2.0, approved maven/mavencentral/com.digitalpetri.netty/netty-channel-fsm/0.8, Apache-2.0, approved, #6168 maven/mavencentral/com.ethlo.time/itu/1.8.0, Apache-2.0, approved, #12927 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672 -maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665 +maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, Apache-2.0 AND MIT, approved, #13665 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.16.1, Apache-2.0, approved, #12438 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.3, Apache-2.0, approved, #15207 @@ -27,7 +27,7 @@ maven/mavencentral/com.google.guava/failureaccess/1.0.2, Apache-2.0, approved, C maven/mavencentral/com.google.guava/guava/33.1.0-jre, Apache-2.0 AND CC0-1.0, approved, #13675 maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava, Apache-2.0, approved, CQ22657 maven/mavencentral/com.google.j2objc/j2objc-annotations/3.0.0, Apache-2.0, approved, #13676 -maven/mavencentral/com.google.protobuf/protobuf-java/4.26.1, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/com.google.protobuf/protobuf-java/3.25.5, BSD-3-Clause, approved, clearlydefined maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.networknt/json-schema-validator/1.3.3, Apache-2.0 AND Unicode-TOU, approved, #13037 maven/mavencentral/com.squareup.okhttp3/mockwebserver/4.12.0, Apache-2.0, approved, clearlydefined @@ -103,9 +103,9 @@ maven/mavencentral/org.apache.poi/poi/5.2.5, Apache-2.0 AND (Apache-2.0 AND BSD- maven/mavencentral/org.apache.thrift/libthrift/0.19.0, Apache-2.0, approved, #15687 maven/mavencentral/org.apache.xmlbeans/xmlbeans/5.2.0, Apache-2.0, approved, #11782 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.77, MIT, approved, #11593 -maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.77, MIT AND CC0-1.0, approved, #11595 -maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.77, MIT, approved, #11596 +maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434 +maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433 +maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435 maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined maven/mavencentral/org.codehaus.janino/commons-compiler/3.1.11, BSD-3-Clause, approved, #13293 maven/mavencentral/org.codehaus.janino/janino/3.1.11, BSD-3-Clause, approved, #13292 @@ -133,24 +133,24 @@ maven/mavencentral/org.eclipse.milo/stack-core/0.6.12, EPL-2.0, approved, iot.mi maven/mavencentral/org.eclipse.milo/stack-server/0.6.12, EPL-2.0, approved, iot.milo maven/mavencentral/org.eclipse.paho/org.eclipse.paho.client.mqttv3/1.2.5, EPL-1.0 OR BSD-3-Clause, approved, iot.paho maven/mavencentral/org.eclipse.parsson/parsson/1.1.5, EPL-2.0, approved, ee4j.parsson -maven/mavencentral/org.eclipse.rdf4j/rdf4j-collection-factory-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-annotation/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-exception/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-io/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-iterator/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-text/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-transaction/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-util/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-xml/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-vocabulary/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-model/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-query/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryalgebra-model/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-sparqlxml/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-rio-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j -maven/mavencentral/org.eclipse.rdf4j/rdf4j-sail-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-collection-factory-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-annotation/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-exception/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-io/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-iterator/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-text/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-transaction/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-util/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-xml/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-vocabulary/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-model/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-query/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryalgebra-model/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-sparqlxml/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-rio-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j +maven/mavencentral/org.eclipse.rdf4j/rdf4j-sail-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl maven/mavencentral/org.glassfish.jaxb/txw2/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl @@ -162,11 +162,11 @@ maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, a maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865 maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.2, EPL-2.0, approved, #9714 -maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.2, EPL-2.0, approved, #9711 -maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #15250 -maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.2, EPL-2.0, approved, #9715 -maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.2, EPL-2.0, approved, #9709 +maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714 +maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711 +maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.3, EPL-2.0, approved, #15250 +maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715 +maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709 maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713 maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776 maven/mavencentral/org.reflections/reflections/0.10.2, Apache-2.0 AND WTFPL, approved, clearlydefined diff --git a/pom.xml b/pom.xml index 8fa97e5..273b221 100644 --- a/pom.xml +++ b/pom.xml @@ -39,10 +39,10 @@ 17 false - 5.10.3 + 5.11.0 5.14.1 4.12.0 - 4.3.8 + 4.3.14 1.0.1 3.25.5 1.78 From 2c1879e0251fc6f83f383cf53060fde1bc3130ad Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 5 Oct 2024 11:30:39 +0200 Subject: [PATCH 15/16] chore: up deps. --- DEPENDENCIES | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 5e41cde..241dcaf 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -162,11 +162,11 @@ maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, a maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865 maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714 -maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711 -maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.3, EPL-2.0, approved, #15250 -maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715 -maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709 +maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.11.0, EPL-2.0, approved, #15935 +maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.11.0, EPL-2.0, approved, #15939 +maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.11.0, EPL-2.0, approved, #15940 +maven/mavencentral/org.junit.platform/junit-platform-commons/1.11.0, EPL-2.0, approved, #15936 +maven/mavencentral/org.junit.platform/junit-platform-engine/1.11.0, EPL-2.0, approved, #15932 maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713 maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776 maven/mavencentral/org.reflections/reflections/0.10.2, Apache-2.0 AND WTFPL, approved, clearlydefined From 505c4f0a5b5b45b77267818620460503640ca372 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 9 Oct 2024 13:20:56 +0200 Subject: [PATCH 16/16] chore: add secret scanning workflow. --- .github/workflows/trufflehog.yml | 41 ++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/trufflehog.yml diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml new file mode 100644 index 0000000..4c6b1dd --- /dev/null +++ b/.github/workflows/trufflehog.yml @@ -0,0 +1,41 @@ +name: "TruffleHog" + +on: + push: + branches: ["main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["main"] + schedule: + - cron: "0 0 * * *" # Once a day + workflow_dispatch: + +permissions: + actions: read + contents: read + security-events: write + id-token: write + issues: write + +jobs: + ScanSecrets: + name: Scan secrets + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Ensure full clone for pull request workflows + + - name: TruffleHog OSS + id: trufflehog + uses: trufflesecurity/trufflehog@main + continue-on-error: true + with: + path: ./ # Scan the entire repository + base: "${{ github.event.repository.default_branch }}" # Set base branch for comparison (pull requests) + extra_args: --filter-entropy=4 --results=verified,unknown --debug + + - name: Scan Results Status + if: steps.trufflehog.outcome == 'failure' + run: exit 1 # Set workflow run to failure if TruffleHog finds secrets \ No newline at end of file