[R24.08] [Knowledge Agents] Release Checks #823
Comments
obalandi
added
foss
stephanbcbauer
changed the title
stephanbcbauer
changed the title
|
Integration and E2E Tests completed and documented here: eclipse-tractusx/knowledge-agents#150 |
|
@obalandi User Journey herewith approved |
|
Planned E2E Integration Tests for release 24.08 on Catena-X INT environment have been performed successfully after resolution of found issues and retest. Thank You! As I am not a committer in this project yet, please tick off the checkbox above yourself. |
|
Could you set the check for the e2e test and user journey and could you give me an update on how far you are with the TRGs ? :) |
|
Hey @almadigabor, could you start with TRGs? Thx. |
|
@almadigabor could you give me an update on how far you are with the TRGs? :) |
|
@obalandi could you give me an update on how far the TRGs are done? :) |
|
We will be able to finish it on Monday (08/05), @almadigabor |
Okay, we will prepare everything and wait for you. |
|
@obalandi @almadigabor Will you be able to finish the TRGs by 12 noon? |
|
Hey @ther3sa, I was out of office last week, haven't got the change to do the checks. As they are not done yet, I'll start now, and report back to you in the afternoon. |
Thank you :) |
|
Hey @ther3sa, All the checks are done from my side, except there are 3 critical security findings in the knowledge-agents repo here. As far as I remember these were already dismissed as false positives in the last release but I would need some confirmation from the team before I approve that. Once they are dealt with one way or another I would approve the QG from my side. |
|
@almadigabor I cannot see the linked findings (Error 404). Recall the "false positives" outcome although. Any chance to retrieve then? |
|
Hi @bosserf, I've found the discussion where @drcgjung indeed hinted that these exact 3 alerts are false positives. Therefore I approve the QG and close this issue with a remark that this reappearing finding should be investigated until the next release. I've opened an issue where it can be tracked at a later date. |
|
Cool. Good Job, Sherlock 👍 😎 |
|
I approve that the findings are False Positive and TRG checks has been completed by @almadigabor. |
|
Hi @almadigabor, I don't quite understand the reasoning here why this should be a false positive, could you please explain it to me?: When you have a look at the affected branches:
You see that for the release branch of the last release, you fixed the finding with this PR eclipse-tractusx/knowledge-agents#129. IMO, the finding needs to get solved also in the new release branch and in the main branch. |
|
I have marked the CodeQL findings as False Positive with the reason "URLs to services are aquired during runtime. In this case URL is proxied through the EDC and hence no user input. Validation is done via sanitization of the input". |
|
Cool thank you very much for your effort and discussion, @ther3sa approval? ;) |
|
Congrats:
|
github-project-automation
bot
moved this from Work in progress
to Done
in Release Planning
Important
Follow the guidance on how to use the templates.
Release Info
Version to be included in Eclipse Tractus-X release: 1.13.22
Leading product repository: https://github.com/eclipse-tractusx/knowledge-agents
General Checks
Tractus-X Release Guidelines(TRGs) fulfilled
QG checks Release 24.08 knowledge-agents#151
QG checks Release 24.08 knowledge-agents-edc#230
QG checks Release 24.08 knowledge-agents-aas-bridge#73
Note
Note: most criteria for documentation and security are now covered in TRGs
Test Results
Helpful Links
The text was updated successfully, but these errors were encountered: