diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 53ba8e86..d16f2997 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,23 +1,22 @@
-#*******************************************************************************
-#* Copyright (c) 2022, 2023 T-Systems International GmbH
-#* Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
-#*
-#* See the NOTICE file(s) distributed with this work for additional
-#* information regarding copyright ownership.
-#*
-#* This program and the accompanying materials are made available under the
-#* terms of the Apache License, Version 2.0 which is available at
-#* https://www.apache.org/licenses/LICENSE-2.0.
-#*
-#* Unless required by applicable law or agreed to in writing, software
-#* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#* License for the specific language governing permissions and limitations
-#* under the License.
-#*
-#* SPDX-License-Identifier: Apache-2.0
-#********************************************************************************
-
+#################################################################################
+# Copyright (c) 2022,2023 T-Systems International GmbH
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+################################################################################
name: build
@@ -37,11 +36,10 @@ on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
+
env:
- REGISTRY: ghcr.io
- IMAGE_NAME: catenax-ng/tx-managed-service-orchestrator/autosetup
- # Allows you to run this workflow manually from the Actions tab
-
+ IMAGE_NAMESPACE: "tractusx"
+ IMAGE_NAME: "managed-service-orchestrator"
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
@@ -63,7 +61,9 @@ jobs:
uses: docker/metadata-action@v4
with:
images: |
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+ ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+ # Automatically prepare image tags; See action docs for more examples.
+ # semver patter will generate tags like these for example :1 :1.2 :1.2.3
tags: |
type=ref,event=branch
type=ref,event=pr
@@ -73,18 +73,31 @@ jobs:
flavor: |
latest=true
- - name: Log into registry ${{ env.REGISTRY }}
+ - name: DockerHub login
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
+ # Use existing DockerHub credentials present as secrets
+ username: ${{ secrets.DOCKER_HUB_USER }}
+ password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
+ # Build image for verification purposes on every trigger event. Only push if event is not a PR
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
+
+ # https://github.com/peter-evans/dockerhub-description
+ # Important step to push image description to DockerHub
+ - name: Update Docker Hub description
+ if: github.event_name != 'pull_request'
+ uses: peter-evans/dockerhub-description@v3
+ with:
+ # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+ # readme-filepath: path/to/dedicated/notice-for-docker-image.md
+ username: ${{ secrets.DOCKER_HUB_USER }}
+ password: ${{ secrets.DOCKER_HUB_TOKEN }}
+ repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 3c3d2110..45674f98 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -74,7 +74,7 @@ jobs:
uses: aquasecurity/trivy-action@master
with:
# Path to Docker image
- image-ref: "ghcr.io/catenax-ng/tx-managed-service-orchestrator/autosetup:latest"
+ image-ref: "tractusx/managed-service-orchestrator:latest"
format: "sarif"
output: "trivy-results.sarif"
exit-code: "1"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d3ac5a6a..89dec266 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [Unreleased]
- NA
+
+## [1.4.2] - 2023-08-22
+
+### Changed
+ - Image creation on docker hub
+ - Image update for Trivy workflow
+ - Updated the deployment to take the image from tractusx
+ - Name change for the image
+
+### Fixed
+ - Security issue fix
## [1.4.1] - 2023-08-21
diff --git a/DEPENDENCIES b/DEPENDENCIES
index 23f322bd..22c21f9d 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -121,7 +121,7 @@ maven/mavencentral/org.springframework.data/spring-data-commons/3.1.0, Apache-2.
maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.0, Apache-2.0, approved, #9120
maven/mavencentral/org.springframework.retry/spring-retry/2.0.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springframework.security/spring-security-config/6.1.2, Apache-2.0, approved, #9736
-maven/mavencentral/org.springframework.security/spring-security-core/6.0.3, Apache-2.0, approved, #7325
+maven/mavencentral/org.springframework.security/spring-security-core/6.1.2, Apache-2.0, approved, #9801
maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.0, Apache-2.0 AND ISC, approved, #9735
maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.1.0, Apache-2.0, approved, #9740
maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.0, Apache-2.0, approved, #9741
diff --git a/README.md b/README.md
index d81c9514..0d81b6e2 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
## Description
-This repository is part of the overarching eclipse-tractusx project. It contains the Backend for the autoset up service.
+This repository is part of the overarching eclipse-tractusx project. It contains the Backend for the autosetup service.
It is a standalone service which can be self-hosted.
It is prototype implementation for Service provider.
@@ -12,23 +12,37 @@ This service will help service provider to set up DFT/SDE with EDC and EDC as se
### Software Version
```shell
-Application version: 1.4.1
-Helm release version: 1.4.1
+Application version: 1.4.2
+Helm release version: 1.4.2
```
-### Container images
+# Container images
This application provides container images for demonstration purposes. The base image used, to build this demo application image is eclipse-temurin:17-jdk-alpine
-Docker Hub:
+## Notice for Docker image
- - eclipse-temurin(https://hub.docker.com/_/eclipse-temurin)
- - 17.0.6_10-jdk(https://hub.docker.com/layers/library/eclipse-temurin/17.0.6_10-jdk/images/sha256-ec8d3b91c6e30208bf69ecbbc3abdbc0f9aeaa2b955162e46c089fd6e07f4fb0?context=explore)
+DockerHub: [https://hub.docker.com/r/tractusx/managed-service-orchestrator](https://hub.docker.com/r/tractusx/managed-service-orchestrator)
+Eclipse Tractus-X product(s) installed within the image:
-Source:
+__Autosetup__
- - temurin-build(https://github.com/adoptium/temurin-build)
- - temurin docker repo info(https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin)
+- GitHub: https://github.com/eclipse-tractusx/managed-service-orchestrator
+- Project home: https://projects.eclipse.org/projects/automotive.tractusx
+- Dockerfile: https://github.com/eclipse-tractusx/managed-service-orchestrator/blob/main/Dockerfile
+- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx/managed-service-orchestrator/blob/main/LICENSE)
+
+**Used base image**
+
+- 17-jdk-alpine(https://hub.docker.com/layers/library/eclipse-temurin/17.0.6_10-jdk-alpine/images/sha256-c093675e143dc8023fb218c144e06491154491a7965d0664a93f99ada5259ec7?context=explore)
+- Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin
+- Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin
+- Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin
+
+As with all Docker images, these likely also contain other software which may be under other licenses
+(such as Bash, etc. from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
### For installation guide:
diff --git a/charts/orchestrator/Chart.yaml b/charts/orchestrator/Chart.yaml
index 7ef3ab55..087f1659 100644
--- a/charts/orchestrator/Chart.yaml
+++ b/charts/orchestrator/Chart.yaml
@@ -38,13 +38,13 @@ sources:
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.4.1
+version: 1.4.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "1.4.1"
+appVersion: "1.4.2"
dependencies:
- condition: postgresql.enabled
diff --git a/charts/orchestrator/README.md b/charts/orchestrator/README.md
index 5fbd3ebc..085f28d8 100644
--- a/charts/orchestrator/README.md
+++ b/charts/orchestrator/README.md
@@ -1,6 +1,6 @@
# autosetup
-  
+  
This service will help service provider to set up DFT/SDE with EDC and EDC as service in service provider environment.
diff --git a/charts/orchestrator/values.yaml b/charts/orchestrator/values.yaml
index 58227afc..eb862cbf 100644
--- a/charts/orchestrator/values.yaml
+++ b/charts/orchestrator/values.yaml
@@ -23,7 +23,7 @@ replicaCount: 1
image:
# -- Image to use for deploying an application
- repository: ghcr.io/catenax-ng/tx-managed-service-orchestrator/autosetup
+ repository: tractusx/managed-service-orchestrator
# -- Set the Image Pull Policy
pullPolicy: Always
# -- Image tage is defined in chart appVersion
diff --git a/pom.xml b/pom.xml
index 8fc63e4b..4f8b3840 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
org.eclipse.tractusx
auto-setup
- 1.4.1
+ 1.4.2
auto-setup
auto-setup
@@ -279,11 +279,17 @@
org.springframework.security
spring-security-config
6.1.2
+
+
+ org.springframework.security
+ spring-security-core
+
+
org.springframework.security
spring-security-core
- 6.0.3
+ 6.1.2
com.h2database