Merge branch 'main' of https://github.com/eclipse-tractusx/digital-pr…

…oduct-pass into chore/license-headers
eclipse-tractusx · Jul 3, 2024 · a384648 · a384648
2 parents 30473b1 + a9cfd97
commit a384648
Show file tree

Hide file tree

Showing 232 changed files with 12,530 additions and 2,899 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -18,8 +18,3 @@
 Include here the issues if available that will be closed with this PR.
 Use the notation `Closes #<issueId>`
 -->
-
-| Tickets |
-| :---:   |
-| [cmp-xxx](www.link.com) |
-| [cmp-xxx](www.link.com)  |
diff --git a/.github/actions/run-dash/action.yaml b/.github/actions/run-dash/action.yaml
@@ -0,0 +1,141 @@
+#################################################################################
+# Tractus-X - Digital Product Passport Application
+#
+# Copyright (c) 2022, 2024 BMW AG
+# Copyright (c) 2022, 2024 Henkel AG & Co. KGaA
+# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG
+# Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the
+# License for the specific language govern in permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#################################################################################
+
+---
+
+name: "Check dependencies"
+description: "This action sets up `dash-licenses`. It then generates an up-to-date DEPENDENCIES file and compares it with in the repository"
+inputs:
+  dash_version:
+    description: "The version of `dash-licenses` to install"
+    required: true
+    default: "LATEST"
+  dash_input:
+    description: "The input dependency list file for `dash-licenses`."
+    required: true
+  dependencies_file:
+    description: "The name (and path) to the `DEPENDENCIES` file in the repository. Defaults to 'DEPENDENCIES'"
+    required: true
+    default: "DEPENDENCIES"
+  fail_on_out_of_date:
+    description: "Boolean indicating if the action should fail, if current DEPENDENCIES file is out of date. Default='true'"
+    required: true
+    default: "true"
+  fail_on_rejected:
+    description: "Boolean indicating if the action should fail, if 'restricted' dependencies found. Default='true'"
+    required: true
+    default: "true"
+  fail_on_restricted:
+    description: "Boolean indicating if the action should fail, if 'rejected' dependencies found. Default='false'"
+    required: true
+    default: "false"
+outputs:
+  dependencies_up_to_date:
+    description: "Boolean flag, that indicates if the DEPENDENCIES file is up-to-date. 'False', if dash output is not identical to repo version"
+    value: ${{ steps.dependency-diff.outputs.changed == 'false' }}
+  restricted_deps_found:
+    description: "Boolean flag, that indicates, if the updated DEPENDENCIES file does contain 'restricted' libs, that have to be IP/License checked"
+    value: ${{ steps.restricted-check.outputs.restricted-found == 'true' }}
+  rejected_deps_found:
+    description: "Boolean flag, that indicates, if the updated DEPENDENCIES file does contain 'rejected' libs, that have to be removed."
+    value: ${{ steps.rejected-check.outputs.rejected-found == 'true' }}
+runs:
+  using: composite
+  steps:
+    - name: Download Dash
+      run: |
+        echo "Downloading Dash version: ${{ inputs.dash_version }}"
+        curl -L -o dash.jar "https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=${{ inputs.dash_version }}"
+      shell: bash
+
+    # https://github.com/actions/setup-java
+    - name: Setup Java
+      uses: eclipse-tractusx/digital-product-pass/.github/actions/setup-java@main
+
+    - name: Generate 'DEPENDENCIES' file for current source as ${{ inputs.dependencies_file }}
+      run: |
+        echo "using ${{ inputs.dash_input }} to generate ${{ inputs.dependencies_file }} for current source"
+        java -jar dash.jar ${{ inputs.dash_input }} -summary ${{ inputs.dependencies_file }} || true
+      shell: bash
+
+    - name: Check for differences between existing ${{ inputs.dependencies_file }} and the generated one
+      id: dependency-diff
+      run: |
+        changed=$(git diff ${{ inputs.dependencies_file }})
+        if [[ -n "$changed" ]]; then
+          echo "${{ inputs.dependencies_file }} not up-to-date"
+          echo "changed=true" >> $GITHUB_OUTPUT
+        else
+          echo "${{ inputs.dependencies_file }} is up-to-date"
+          echo "changed=false" >> $GITHUB_OUTPUT
+        fi
+      shell: bash
+
+    - name: Check for restricted dependencies
+      id: restricted-check
+      run: |
+        restricted=$(grep ' restricted,' ${{ inputs.dependencies_file }} || true)
+        if [[ -n "$restricted" ]]; then
+          echo "The following dependencies are restricted: $restricted"
+          echo "restricted-found=true" >> $GITHUB_OUTPUT
+        else
+          echo "restricted-found=false" >> $GITHUB_OUTPUT
+        fi
+      shell: bash
+
+    - name: Check for restricted dependencies
+      id: rejected-check
+      run: |
+        rejected=$(grep ' rejected,' ${{ inputs.dependencies_file }} || true)
+        if [[ -n "$restricted" ]]; then
+          echo "The following dependencies are marked as rejected: $rejected"
+          echo "rejected-found=true" >> $GITHUB_OUTPUT
+        else
+          echo "rejected-found=false" >> $GITHUB_OUTPUT
+        fi
+      shell: bash
+
+    - name: Verify job status
+      run: |
+        echo "Verify step outputs and action input to let the job pass/fail"
+        if [[  "${{ inputs.fail_on_out_of_date }}" == "true" ]]; then
+          if [[ "${{ steps.dependency-diff.outputs.changed }}" == "true" ]]; then
+            echo "Dependencies are out of date. Failing check!"
+            exit 1
+          fi
+        fi
+        if [[ "${{ inputs.fail_on_rejected }}" == "true" ]]; then
+          if [[ "${{ steps.rejected-check.outputs.rejected-found }}" == "true" ]]; then
+            echo "Rejected dependencies found. Failing check!"
+            exit 1
+          fi
+        fi
+        if [[ "${{ inputs.fail_on_restricted }}" == "true" ]]; then
+          if [[ "${{ steps.restricted-check.outputs.restricted-found }}" == "true" ]]; then
+            echo "Restricted libraries found. Failing check!"
+            exit 1
+          fi
+        fi
+      shell: bash
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -69,7 +69,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file
@@ -98,5 +98,5 @@ jobs:
             mvn -B clean install --batch-mode -DskipTests
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a    # v3.24.10
+        uses: github/codeql-action/analyze@9ace329d8c0504a5571820cf13ab64d3f59e84fb    # v2.25.2
 
diff --git a/.github/workflows/eclipse-dash.yaml b/.github/workflows/eclipse-dash.yaml
@@ -0,0 +1,90 @@
+#################################################################################
+# Tractus-X - Digital Product Passport Application
+#
+# Copyright (c) 2022, 2024 BMW AG
+# Copyright (c) 2022, 2024 Henkel AG & Co. KGaA
+# Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG
+# Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the
+# License for the specific language govern in permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#################################################################################
+
+name: "Eclipse DASH IP Check"
+
+on:
+  workflow_dispatch: # Trigger manually
+  push:
+    branches: main
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.txt'
+  pull_request:
+    branches: main
+    paths:
+      - '**/pom.xml'
+
+jobs:
+  check-licenses-backend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Java 21
+        uses: ./.github/actions/setup-java
+
+      - name: Cache maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Build with Maven and check dependencies with dash
+        run: |
+          cd dpp-backend/digitalproductpass
+          mvn --batch-mode --update-snapshots verify -Ddash.fail=true -DskipTests
+
+      - name: Ensure DEPENDENCIES_BACKEND file is reflecting the current state
+        run: |
+          cd dpp-backend/digitalproductpass
+          mvn org.eclipse.dash:license-tool-plugin:license-check -Ddash.summary=DEPENDENCIES-generated
+          diff ../../DEPENDENCIES_BACKEND DEPENDENCIES-generated
+
+      - name: upload results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          path: 'dpp-backend/digitalproductpass/target/dash/summary'
+
+  check-licences-frontend:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Run dash
+          id: run-dash
+          uses: ./.github/actions/run-dash
+          with:
+            dash_input: " dpp-frontend/package-lock.json"
+
+        - name: upload results
+          if: always()
+          uses: actions/upload-artifact@v3
+          with:
+            path: 'dpp-frontend'
diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml
@@ -37,7 +37,7 @@ on:
       node_image:
         description: 'kindest/node image for k8s kind cluster'
         # k8s version from 3.1 release as default
-        default: 'kindest/node:v1.27.3'
+        default: 'kindest/node:v1.30.0'
         required: false
         type: string
       upgrade_from:
@@ -48,7 +48,6 @@ on:
         type: string
 
 env:
-  JAVA_VERSION: 19
   REGISTRY: kind-registry:5000
   TAG: testing
   FRONTEND_IMAGE: digital-product-pass-frontend
@@ -69,7 +68,7 @@ jobs:
           # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions
           version: v0.19.0
           # default value for event_name != workflow_dispatch
-          node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }}
+          node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.30.0' }}
 
       - name: Build image for frontend
         id: build-frontend
@@ -79,11 +78,8 @@ jobs:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE}}:${{ env.TAG }}
 
-      - name: Setup Java
-        uses: actions/setup-java@v4
-        with:
-          java-version: '${{ env.JAVA_VERSION }}'
-          distribution: 'adopt'
+      - name: Setup Java 21
+        uses: ./.github/actions/setup-java
 
       # Build Java code with Maven
       - name:  Build dpp backend with maven

diff --git a/.github/workflows/helm-upgrade.yaml b/.github/workflows/helm-upgrade.yaml
@@ -40,7 +40,6 @@ on:
 jobs:
   upgrade:
     runs-on: ubuntu-latest
-    if: ${{ github.repository == 'eclipse-tractusx/digital-product-pass' }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

diff --git a/.github/workflows/publish-dpp-backend-docker-image.yml b/.github/workflows/publish-dpp-backend-docker-image.yml
@@ -32,7 +32,7 @@ name: "Publish Digital Product Pass Backend Docker Images"
 
 on:
   push:
-    branches: [ "main", "develop" ]
+    branches: [ "main" ]
 
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+'
@@ -46,12 +46,10 @@ on:
 
 env:
   IMAGE_NAME: 'digital-product-pass-backend'
-  REGISTRY: 'ghcr.io'
   IMAGE_NAMESPACE: 'tractusx'
-    
+
 jobs:
-  build-on-docker:
-    if: github.repository == 'eclipse-tractusx/digital-product-pass'
+  build:
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -62,7 +60,7 @@ jobs:
         with:
           ref: ${{ github.ref }}
 
-      - name: Setup Java
+      - name: Setup Java 21
         uses: ./.github/actions/setup-java
 
       # Build actions for docker hub registry
@@ -114,58 +112,3 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-
-  build-on-ghcr:
-    if: github.repository != 'eclipse-tractusx/digital-product-pass'
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.ref }}
-
-      - name: Setup Java
-        uses: ./.github/actions/setup-java
-
-      # Build actions for GHCR registry
-      - name: Docker meta
-        id: meta-for-ghcr
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-
-      # Login against GHCR registry
-      # https://github.com/docker/login-action
-      - name: Log into GHCR registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Build Java code with Maven
-      - name:  Build dpp backend with maven
-        run: |
-          cd dpp-backend/digitalproductpass
-          mvn -B clean install
-        
-      # Build and push Docker image with Buildx
-      # https://github.com/docker/build-push-action
-      - name: Build and push backend
-        id: build-and-push-backend-ghcr
-        uses: docker/build-push-action@v6
-        with:
-          context: dpp-backend/digitalproductpass
-          push: true
-          tags: ${{ steps.meta-for-ghcr.outputs.tags }}, ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}:latest
-          labels: ${{ steps.meta-for-ghcr.outputs.labels }}