Merge pull request #3658 from mercedes-benz/develop

Merge `develop` into `master` for release
mercedes-benz · Nov 27, 2024 · 7de5e5c · 7de5e5c
2 parents ef15a87 + 00c53a7
commit 7de5e5c
Show file tree

Hide file tree

Showing 45 changed files with 1,327 additions and 295 deletions.
diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -66,6 +66,9 @@ jobs:
           echo "For PDS release, pds-milestone-number must be provided!"
           exit 1
 
+      - name: Install required packages
+        run: sudo apt-get -y install build-essential dpkg-dev fakeroot graphviz hub
+
       - name: Checkout master
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
@@ -248,9 +251,6 @@ jobs:
           path: sechub-cli/build/go
           retention-days: 14
 
-      - name: Install graphviz (asciidoc diagrams)
-        run: sudo apt-get --assume-yes install graphviz
-
       # -----------------------------------------
       # Build Documentation
       # -----------------------------------------
@@ -495,64 +495,43 @@ jobs:
       # ******************************************
       # C l i e n t  release
       # ******************************************
-      - name: Create client release ${{ inputs.client-version }}
-        id: create_client_release
-        if: inputs.client-version != ''
-        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
-        with:
-          tag_name: v${{ inputs.client-version }}-client
-          commitish: master
-          release_name: Client Version ${{ inputs.client-version }}
-          body: |
-            Changes in this Release
-            - Some minor changes on client implementation
-
-            For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)
-          draft: true
-          prerelease: false
-
-      - name: Create client release asset sechub-cli-${{ inputs.client-version }}.zip
+      - name: Create client binary release asset sechub-cli-${{ inputs.client-version }}.zip
         if: inputs.client-version != ''
         run: |
           cd sechub-cli/build/go
           zip -r sechub-cli.zip platform
           sha256sum sechub-cli.zip > sechub-cli.zip.sha256
 
-      - name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip
-        if: inputs.client-version != ''
-        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_client_release.outputs.upload_url }}
-          asset_path: ./sechub-cli/build/go/sechub-cli.zip
-          asset_name: sechub-cli-${{ inputs.client-version }}.zip
-          asset_content_type: application/zip
-
-      - name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip.sha256
+      - name: Create client Debian packages
         if: inputs.client-version != ''
-        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_client_release.outputs.upload_url }}
-          asset_path: ./sechub-cli/build/go/sechub-cli.zip.sha256
-          asset_name: sechub-cli-${{ inputs.client-version }}.zip.sha256
-          asset_content_type: text/plain
+        shell: bash
+        run: sechub-cli/script/build-debian-packages.sh ${{ inputs.client-version }}
 
-      - name: Upload sechub-client.pdf release asset
-        id: upload-sechub-doc-client-release-asset
+      - name: Create client ${{ inputs.client-version }} release draft
         if: inputs.client-version != ''
-        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
+        shell: bash
+        run: |
+          assets=()
+          echo "# Add Client binaries sechub-cli-${{ inputs.client-version }}.zip + checksum"
+          assets+=("-a" "sechub-cli/build/go/sechub-cli.zip#sechub-cli-${{ inputs.client-version }}.zip")
+          assets+=("-a" "sechub-cli/build/go/sechub-cli.zip.sha256#sechub-cli-${{ inputs.client-version }}.zip.sha256")
+          echo "# Add Debian packages"
+          for asset in sechub-cli/build/deb-build/*.deb ; do
+            filename=`basename "$asset"`
+            assets+=("-a" "${asset}#${filename}")
+          done
+          echo "# Add Client documentation sechub-client-${{ inputs.client-version }}.pdf"
+          assets+=("-a" "sechub-doc/build/docs/asciidoc/sechub-client.pdf#sechub-client-${{ inputs.client-version }}.pdf")
+          # Define release data
+          tag_name="v${{ inputs.client-version }}-client"
+          release_title="Client Version ${{ inputs.client-version }}"
+          release_message="Changes in this Release
+          - Some minor changes on client implementation"
+          release_footer="For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)"
+          echo "# Create release draft \"$release_title\" on github"
+          hub release create --draft "${assets[@]}" -m "$release_title" -m "$release_message" -m "$release_footer" "$tag_name"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_client_release.outputs.upload_url }}
-          asset_path: ./sechub-doc/build/docs/asciidoc/sechub-client.pdf
-          asset_name: sechub-client-${{ inputs.client-version }}.pdf
-          asset_content_type: application/pdf
 
       - name: Create Client ${{ inputs.client-version }} release issue
         if: inputs.client-version != ''

diff --git a/.github/workflows/release-web-ui.yml b/.github/workflows/release-web-ui.yml
@@ -112,7 +112,7 @@ jobs:
           npm run build && \
           cd dist && \
           echo '${{ inputs.web-ui-version }}' > sechub-web-ui_version.txt && \
-          zip -r ../../../$WEB_UI_RELEASE_ZIPFILE *
+          zip -r ../../$WEB_UI_RELEASE_ZIPFILE *
 
       - name: Collect GIT status
         if: always()

diff --git a/README.adoc b/README.adoc
@@ -13,7 +13,8 @@ toc::[]
 
 image::sechub-doc/src/docs/asciidoc/images/sechub-logo.png["Eugen" - the SecHub mascot]
 
-The free and open-source security platform SecHub, provides a central API to test software with different security tools. Many free and open-source as well proprietary security tools are supported by SecHub.
+The free and open-source security platform SecHub, provides a central API to test software with different security tools.
+SecHub supports many free and open-source as well as proprietary security tools.
 
 SecHub features:
 

diff --git a/gradle/build-versioning.gradle b/gradle/build-versioning.gradle
@@ -63,7 +63,7 @@ def buildVersionFiles(){
     def noStagedChanges = stagedChanges.getAllChanges().isEmpty()
     def hasChanged = !noUnstagedChanges || !noStagedChanges
     def buildNumber = getBuildNr()
-    def docsTimeStamp = getLocalBuildNr()
+    def docsTimeStamp = getTimeStamp()
     def currentGitCommit = git.head().abbreviatedId
 
     // ------------------------
@@ -336,8 +336,8 @@ def buildVersionString(commitTag, boolean hasChanged, buildNumber){
         calcversion = calcversion - "-libraries"
         calcversion = calcversion - "-pds-tools"
         calcversion = calcversion - "-pds"
-        calcversion = calcversion - "-server"
         calcversion = calcversion - "-web-server"
+        calcversion = calcversion - "-server"
         calcversion = calcversion - "-checkmarx-wrapper"
         calcversion = calcversion - "-owaspzap-wrapper"
         calcversion = calcversion - "-prepare-wrapper"
@@ -349,29 +349,31 @@ def buildVersionString(commitTag, boolean hasChanged, buildNumber){
     if (hasChanged){
         calcversion = "${calcversion}-dirty"
     }
-    calcversion = "${calcversion}-${buildNumber}"
+    if (buildNumber != "") {
+        calcversion = "${calcversion}-${buildNumber}"
+    }
     return calcversion
 }
 
 def getBuildNr(){
-    if (getServerBuildNr()!=null){
+    if (getServerBuildNr()!=null) {
         return "b"+getServerBuildNr()
-    }else{
+    } else {
         if (project.hasProperty('sechub.build.timestamp')){
             if (project.getProperty('sechub.build.timestamp')=="false"){
                 return "latest"
             }
         }
-        return getLocalBuildNr()
+        return ""
     }
 }
 
 def getServerBuildNr(){
     return System.getenv('BUILD_NUMBER' )
 }
 
-def getLocalBuildNr() {
-    return new Date().format('yyyyMMddHHmmss')
+def getTimeStamp() {
+    return new Date().format("yyyy-MM-dd HH:mm ('UTC'X)")
 }
 
 

diff --git a/sechub-cli/build_go.sh b/sechub-cli/build_go.sh
@@ -64,7 +64,8 @@ init_go_modules
 cd "$SRC_PATH/main"
 
 export CGO_ENABLED=0  # This forces statically linked binaries
-GO_LD_FLAGS="-s -w"   # strip (reduce size): disable debug symbol table / disable DWARF generation
+GO_LD_FLAGS="-s -w -buildid=" # strip (reduce size): disable debug symbol table / disable DWARF generation
+GO_COMPILE_FLAGS="-trimpath"  # Aim to make builds reproducible
 
 for platform in "${platforms[@]}" ; do
     platform_split=(${platform//\// })
@@ -82,7 +83,7 @@ for platform in "${platforms[@]}" ; do
     fi
 
     echo "> building $targetSubFolder"
-    go build -ldflags="$GO_LD_FLAGS" -o "$buildDir/$output_name" .
+    go build $GO_COMPILE_FLAGS -ldflags="$GO_LD_FLAGS" -o "$buildDir/$output_name" .
     if [ $? -ne 0 ]; then
         echo 'Go build failed because of an error'
         exit 1

diff --git a/sechub-cli/script/build-debian-packages.sh b/sechub-cli/script/build-debian-packages.sh
@@ -0,0 +1,120 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+set -e
+
+# Debian packaging data
+DEB_PACKAGE_NAME="sechub-client"
+DEB_SECTION="misc"
+DEB_MAINTAINER="SecHub FOSS team <[email protected]>"
+DEB_HOMEPAGE="https://github.com/mercedes-benz/sechub"
+DEB_DESCRIPTION="The SecHub command line client. See $DEB_HOMEPAGE"
+DEB_BIN_PATH="usr/bin" # Where to place the SecHub client executable on install
+
+# Hardware architectures we build Debian packages for
+ARCHITECTURE_LIST="amd64 386 arm arm64" # space separated list
+
+BUILD_DIR="build"
+DEBIAN_BUILD_DIR="deb-build"
+GO_BUILD_DIR="go/platform"
+MANDATORY_EXECUTABLES="dpkg-deb fakeroot" # space separated list
+
+function usage {
+  cat - <<EOF
+
+usage: $0 <version tag>
+
+This script creates Debian packages of the SecHub client for Linux
+It is meant to be used for SecHub client releases
+
+Mandatory argument is the version tag in format <major>.<minor>.<hotfix> with an optional appendix.
+Examples:
+- 1.10.0
+- 1.10.0-gh-build
+- 1.10.0-9
+EOF
+}
+
+function check_executable_is_installed {
+    executable="$1"
+    exe_path=`which $executable`
+    if [ ! -x "$exe_path" ] ; then
+        echo "FATAL: Mandatory executable \"$executable\" not found in PATH. Please install..."
+        exit 1
+    fi
+}
+
+function get_debian_architecture {
+  local deb_architecture
+  # Special case for i386 architecture
+  if [ "$1" = "386" ] ; then
+    deb_architecture="i386"
+  else
+    deb_architecture="$architecture"
+  fi
+  echo $deb_architecture
+}
+
+function build_deb_package {
+  local architecture="$1"
+  local deb_architecture=`get_debian_architecture $architecture`
+  local deb_package_name="sechub-client_${SECHUB_CLIENT_VERSION}_${deb_architecture}"
+  local deb_dir="$DEBIAN_BUILD_DIR/$deb_package_name"
+  local size
+  echo "### Building Debian package $deb_package_name.deb"
+  # create dirs
+  mkdir -p "$deb_dir/DEBIAN" "$deb_dir/$DEB_BIN_PATH"
+  # copy executable into destination dir
+  cp "$GO_BUILD_DIR/linux-$architecture/sechub" "$deb_dir/$DEB_BIN_PATH"
+  # determine file size in bytes
+  size=`cat "$deb_dir/$DEB_BIN_PATH/sechub" | wc --bytes`
+  # Create Debian package meta data
+  cat - <<EOF > "$deb_dir/DEBIAN/control"
+Package: $DEB_PACKAGE_NAME
+Version: $SECHUB_CLIENT_VERSION
+Section: $DEB_SECTION
+Architecture: $deb_architecture
+Priority: optional
+Essential: no
+Installed-Size: $size
+Homepage: $DEB_HOMEPAGE
+Maintainer: $DEB_MAINTAINER
+Description: $DEB_DESCRIPTION
+EOF
+  # Create Debian package
+  fakeroot dpkg-deb --build "$deb_dir"
+}
+
+################
+
+# Check prepreqs
+for i in $MANDATORY_EXECUTABLES ; do
+    check_executable_is_installed $i
+done
+
+SECHUB_CLIENT_VERSION=$1
+
+FAILED=false
+if [ -z "$SECHUB_CLIENT_VERSION" ] ; then
+  echo "Please provide a version tag as 1st argument"
+  FAILED=true
+elif [[ ! "$SECHUB_CLIENT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
+  echo "Provided version tag is invalid"
+  FAILED=true
+fi
+
+cd `dirname $0`/..
+if [ ! -d "$BUILD_DIR/$GO_BUILD_DIR" ] ; then
+  echo "Please build the SecHub client executables first. './gradlew buildGo testGo'"
+  FAILED=true
+fi
+
+if $FAILED ; then
+  usage
+  exit 1
+fi
+
+cd "$BUILD_DIR"
+mkdir -p "$DEBIAN_BUILD_DIR"
+for arch in $ARCHITECTURE_LIST ; do
+  build_deb_package $arch
+done
diff --git a/sechub-doc/src/docs/asciidoc/documents/techdoc/05_build.adoc b/sechub-doc/src/docs/asciidoc/documents/techdoc/05_build.adoc
@@ -99,9 +99,12 @@ Just call
 ./gradlew documentation
 ----
 
-==== Publish artefacts
-Just call
-----
-./gradlew publish
-----
-_(if not already builds done this will be triggered automatically)_
+=== Publishing artifacts / development naming convention
+https://github.com/mercedes-benz/sechub/packages[Artifacts] are being published automatically when a https://github.com/mercedes-benz/sechub/actions?query=workflow%3A%22Release*%22[release workflow] runs on github.com.
+
+If you publish artifacts while developing and testing then make sure that the versioning tag contains "-SNAPSHOT" behind the product version.
+
+Examples (SecHub server 1.10.0 development): +
+- `1.10.0_alpine-SNAPSHOT` +
+- `1.10.0_alpine-SNAPSHOT1` +
+- `1.10.0_alpine-SNAPSHOT-2024-11-30`
diff --git a/sechub-doc/src/main/java/com/mercedesbenz/sechub/docgen/util/DocGeneratorUtil.java b/sechub-doc/src/main/java/com/mercedesbenz/sechub/docgen/util/DocGeneratorUtil.java
@@ -84,21 +84,28 @@ static Class<?> fetchClass(AnnotatedElement element) {
 
     /**
      * Reduces string to second upper cased char - e.g. "NetsparkerInstallSetupImpl"
-     * would be replaced to "Netsparker"
+     * would be replaced to "Netsparker". Having multiple upper case letters at the
+     * beginning will keep all upper cased parts. E.g. "SMTPServerConfiguration"
+     * will become "SMTPServer"
      *
      * @param clazz
-     * @return
+     * @return string, never <code>null</code>
      */
     public static String toCamelOne(Class<?> clazz) {
         StringBuilder sb = new StringBuilder();
 
         String clazzName = clazz.getSimpleName();
         boolean first = true;
+        boolean atLeastOneLowerCaseFound = false;
         for (char c : clazzName.toCharArray()) {
             if (first) {
                 first = false;
             } else {
-                if (Character.isUpperCase(c)) {
+                boolean upperCase = Character.isUpperCase(c);
+                if (!atLeastOneLowerCaseFound) {
+                    atLeastOneLowerCaseFound = !upperCase;
+                }
+                if (upperCase && atLeastOneLowerCaseFound) {
                     break;
                 }
             }