Merge pull request #725 from eclipse-tractusx/release/0.5.1

Release version 0.5.1

.github/actions/publish-docker-image/action.yml

@@ -50,6 +50,14 @@ runs:
   steps:
     - uses: actions/[email protected]
 
+    - name: Download OpenTelemetry
+      shell: bash
+      run: |-
+        # "jq -r" removes the quotation marks, that would trip up "wget"
+        URL=$(grep "val openTelemetryAgentUrl = " build.gradle.kts | awk -F'= ' '{print $2}' | jq -r)
+        wget -O ${{ inputs.rootDir }}/opentelemetry-javaagent.jar -q $URL
+        
+
     #####################
     # Login to DockerHub
     #####################
@@ -97,6 +105,7 @@ runs:
         file: ${{ inputs.rootDir }}/src/main/docker/Dockerfile
         build-args: |
           JAR=${{ inputs.rootDir }}/build/libs/${{ inputs.imagename }}.jar
+          OTEL_JAR=${{ inputs.rootDir }}/opentelemetry-javaagent.jar
         push: ${{ inputs.do_push == 'true' }}
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}

.github/dependabot.yml

@@ -29,7 +29,7 @@ updates:
       - "dependabot"
       - "dependencies"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   # Github Actions
   -
@@ -40,7 +40,7 @@ updates:
       - "dependabot"
       - "github-actions"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   # Docker
   -
@@ -51,7 +51,7 @@ updates:
       - "dependabot"
       - "docker"
     schedule:
-      interval: "daily"
+      interval: "weekly"
   -
     package-ecosystem: "docker"
     target-branch: main
@@ -60,7 +60,7 @@ updates:
       - "dependabot"
       - "docker"
     schedule:
-      interval: "daily"
+      interval: "weekly"
   -
     package-ecosystem: "docker"
     target-branch: main
@@ -69,7 +69,7 @@ updates:
       - "dependabot"
       - "docker"
     schedule:
-      interval: "daily"
+      interval: "weekly"
   -
     package-ecosystem: "docker"
     target-branch: main
@@ -78,7 +78,7 @@ updates:
       - "dependabot"
       - "docker"
     schedule:
-      interval: "daily"
+      interval: "weekly"
   -
     package-ecosystem: "docker"
     target-branch: main
@@ -87,4 +87,4 @@ updates:
       - "dependabot"
       - "docker"
     schedule:
-      interval: "daily"
+      interval: "weekly"

.github/workflows/deployment-test.yaml

@@ -73,7 +73,7 @@ jobs:
             kubectl rollout status deployment tx-inmem
             
             # execute the helm test
-            helm test tx-inmem --logs
+            helm test tx-inmem
 
   test-hashicorp-postgres:
     runs-on: ubuntu-latest
@@ -98,7 +98,7 @@ jobs:
             kubectl rollout status deployment tx-prod-dataplane
 
             # execute the helm test
-            helm test tx-prod --logs
+            helm test tx-prod
 
   test-azure-vault-postgres:
     runs-on: ubuntu-latest
@@ -135,4 +135,4 @@ jobs:
             kubectl rollout status deployment tx-prod-dataplane
 
             # execute the helm test
-            helm test tx-prod --logs
+            helm test tx-prod

.github/workflows/draft-new-release.yaml

@@ -53,7 +53,7 @@ jobs:
           GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
           GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
       - name: Bump version in /charts
-        uses: mikefarah/yq@v4.34.1
+        uses: mikefarah/yq@v4.35.1
         with:
           cmd: |-
             find charts -name Chart.yaml -maxdepth 3 | xargs -n1 yq -i '.appVersion = "${{ github.event.inputs.version }}" | .version = "${{ github.event.inputs.version }}"'

.github/workflows/kics.yml

@@ -50,6 +50,7 @@ jobs:
           disable_secrets: true
           output_path: kicsResults/
           output_formats: "json,sarif"
+          exclude_paths: "edc-tests/miw-tests/src/test/resources/docker-environment/docker-compose.yaml"
 
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         if: always()

.github/workflows/publish-new-release.yml

@@ -239,3 +239,13 @@ jobs:
           git commit --message "Introduce new snapshot version $SNAPSHOT_VERSION"
 
           git push origin main
+
+  publish-to-swaggerhub:
+    name: "Publish OpenAPI spec to Swaggerhub"
+    permissions:
+      contents: read
+    needs: [ release-version ]
+    uses: ./.github/workflows/publish-swaggerhub.yaml
+    with:
+      downstream-version: ${{ needs.release-version.outputs.RELEASE_VERSION }}
+    secrets: inherit

.github/workflows/publish-swaggerhub.yaml

@@ -0,0 +1,113 @@
+#
+#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
+#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Publish OpenAPI to Swaggerhub"
+
+on:
+  workflow_call:
+    inputs:
+      downstream-version:
+        required: false
+        type: string
+      upstream-version:
+        required: false
+        type: string
+
+  workflow_dispatch:
+    inputs:
+      downstream-version:
+        required: false
+        description: "Version of the Tractus-X EDC API to be should be published"
+        type: string
+      upstream-version:
+        required: false
+        description: "Version of upstream EDC which is to be used"
+        type: string
+
+jobs:
+  swagger-api:
+    runs-on: ubuntu-latest
+    env:
+      SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
+      SWAGGERHUB_USER: ${{ secrets.SWAGGERHUB_USER }}
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup JDK 17
+        uses: actions/[email protected]
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+
+      - name: Setup node
+        uses: actions/setup-node@v3
+
+      - name: Install Swagger CLI
+        run: |
+          npm i -g swaggerhub-cli
+
+      - name: Extract versions
+        run: |
+          if [ -z ${{ inputs.downstream-version }} ]; then
+            export DOWNSTREAM_VERSION=$(grep "version" gradle.properties  | awk -F= '{print $2}')
+          else
+            export DOWNSTREAM_VERSION=${{ inputs.downstream-version }}
+          fi
+          
+          if [ -z ${{ inputs.upstream-version }} ]; then
+            export UPSTREAM_VERSION=$(grep "edc = " gradle/libs.versions.toml  | awk -F= '{print $2}' | jq -r)
+          else
+            export UPSTREAM_VERSION=${{ inputs.upstream-version }}
+          fi
+          echo "DOWNSTREAM_VERSION=$DOWNSTREAM_VERSION" >> "$GITHUB_ENV"
+          echo "UPSTREAM_VERSION=$UPSTREAM_VERSION" >> "$GITHUB_ENV"
+
+      - name: Resolve TX EDC API Spec
+        shell: bash
+        run: |
+          ./gradlew resolve
+
+      - name: Download upstream API specs
+        run: |
+          curl -X GET https://api.swaggerhub.com/apis/eclipse-edc-bot/management-api/${{ env.UPSTREAM_VERSION }}/swagger.yaml > resources/openapi/yaml/upstream-management-api.yaml
+          curl -X GET https://api.swaggerhub.com/apis/eclipse-edc-bot/control-api/${{ env.UPSTREAM_VERSION }}/swagger.yaml > resources/openapi/yaml/upstream-control-api.yaml
+
+      - name: Merge API specs
+        run: |
+          ./gradlew -PapiTitle="Tractus-X EDC REST API" -PapiDescription="Tractus-X EDC API Documentation" :mergeApiSpec --input=./resources/openapi/yaml --output=./resources/openapi/yaml/tractusx-edc-api.yaml
+
+      # create API, will fail if exists
+      - name: Create API
+        continue-on-error: true
+        run: |
+          swaggerhub api:create ${{ env.SWAGGERHUB_USER }}/tractusx-edc/${{ env.DOWNSTREAM_VERSION }} -f ./resources/openapi/yaml/tractusx-edc-api.yaml --visibility=public --published=unpublish
+
+      # Post the API to SwaggerHub as "unpublished", because published APIs cannot be overwritten
+      - name: Publish API Specs to SwaggerHub
+        run: |
+          if [[ ${{ env.DOWNSTREAM_VERSION }} != *-SNAPSHOT ]]; then
+            echo "no snapshot, will set the API to 'published'";
+            swaggerhub api:update ${{ env.SWAGGERHUB_USER }}/tractusx-edc/${{ env.DOWNSTREAM_VERSION }} -f ./resources/openapi/yaml/tractusx-edc-api.yaml --visibility=public --published=publish
+          else
+            echo "snapshot, will set the API to 'unpublished'";
+            swaggerhub api:update ${{ env.SWAGGERHUB_USER }}/tractusx-edc/${{ env.DOWNSTREAM_VERSION }} -f ./resources/openapi/yaml/tractusx-edc-api.yaml --visibility=public --published=unpublish
+          fi

.github/workflows/publish.yaml

@@ -50,6 +50,7 @@ jobs:
     outputs:
       DOCKER_HUB_TOKEN: ${{ steps.secret-presence.outputs.DOCKER_HUB_TOKEN }}
       HAS_OSSRH: ${{ steps.secret-presence.outputs.HAS_OSSRH }}
+      HAS_SWAGGER: ${{ steps.secret-presence.outputs.HAS_SWAGGER }}
     steps:
       - name: Check whether secrets exist
         id: secret-presence
@@ -58,8 +59,9 @@ jobs:
           [ ! -z "${{ secrets.ORG_GPG_PASSPHRASE }}" ] && 
           [ ! -z "${{ secrets.ORG_GPG_PRIVATE_KEY }}" ] && 
           [ ! -z "${{ secrets.ORG_OSSRH_USERNAME }}" ] && 
-          [ ! -z "${{ secrets.ORG_OSSRH_PASSWORD }}" ]  && 
-          echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT
+          [ ! -z "${{ secrets.ORG_OSSRH_PASSWORD }}" ]  && echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT
+          [ ! -z "${{ secrets.SWAGGERHUB_API_KEY }}" ]  && 
+          [ ! -z "${{ secrets.SWAGGERHUB_USER }}" ]  && echo "HAS_SWAGGER=true" >> $GITHUB_OUTPUT
           exit 0
 
   build-docker-images:
@@ -126,4 +128,13 @@ jobs:
             cmd="closeAndReleaseSonatypeStagingRepository";
           fi
           echo "Publishing Version $VERSION to Sonatype"
-          ./gradlew publishToSonatype ${cmd} --no-parallel -Pversion=$VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ secrets.ORG_GPG_PASSPHRASE }}"
+          ./gradlew publishToSonatype ${cmd} --no-parallel -Pversion=$VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ secrets.ORG_GPG_PASSPHRASE }}"
+
+  publish-to-swaggerhub:
+    name: "Publish OpenAPI spec to Swaggerhub"
+    permissions:
+      contents: read
+    needs: [ secret-presence ]
+    if: needs.secret-presence.outputs.HAS_SWAGGER
+    uses: ./.github/workflows/publish-swaggerhub.yaml
+    secrets: inherit

.github/workflows/run-all-tests.yml

@@ -34,8 +34,6 @@ on:
     types:
       - published
   pull_request:
-    paths-ignore:
-      - 'charts/**'
   workflow_dispatch:
 
 concurrency:

.github/workflows/verify.yaml

@@ -64,31 +64,7 @@ jobs:
           fi
 
   verify-dependencies:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/setup-java
-      - name: Download latest Eclipse Dash
-        run: |
-          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
-      - name: Regenerate DEPENDENCIES
-        run: |
-          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
-          ./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
-          
-          # log warning if restricted deps are found
-          grep -E 'restricted' DEPENDENCIES | if test $(wc -l) -gt 0; then 
-            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them" 
-          fi
-          
-          # log error and fail job if rejected deps are found
-          grep -E 'rejected' DEPENDENCIES | if test $(wc -l) -gt 0; then
-            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
-            exit 1
-          fi
-      - name: Check for differences
-        run: |
-          diff DEPENDENCIES DEPENDENCIES-gen
+    uses: eclipse-edc/.github/.github/workflows/dependency-check.yml@main
 
   verify-formatting:
     runs-on: ubuntu-latest
@@ -161,6 +137,7 @@ jobs:
 
   postgres-tests:
     runs-on: ubuntu-latest
+
     needs: [ verify-formatting, verify-license-headers ]
 
     services:
@@ -175,17 +152,8 @@ jobs:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/setup-java
 
-      # create non-default schema name to test usage of non-default schema
-      - name: setup postgres schema
-        run: |
-          sudo apt update
-          sudo apt install --yes postgresql-client
-          psql -h localhost -d postgres -U postgres -c 'CREATE SCHEMA testschema;'
-        env:
-          PGPASSWORD: password
-
       - name: Run Postgresql E2E tests
-        run: ./gradlew test -DincludeTags="PostgresqlIntegrationTest"
+        run: ./gradlew test -DincludeTags="PostgresqlIntegrationTest" -PverboseTest=true
 
   miw-integration-tests:
     runs-on: ubuntu-latest
@@ -195,7 +163,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/setup-java
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Starting MIW, Keycloak and Postgres Servers
         run: |
           cd edc-tests/miw-tests/src/test/resources/docker-environment
@@ -224,4 +192,4 @@ jobs:
         run: |
           pwd
           ./gradlew compileJava compileTestJava
-          ./gradlew -p edc-tests/e2e-tests test -DincludeTags="MiwIntegrationTest" -PverboseTest=true
+          ./gradlew -p edc-tests/e2e-tests test -DincludeTags="MiwIntegrationTest" -PverboseTest=true