fix: Provisioning Agent Ontology Configuration & JRW Compatibility with Dremio Drivers

.github/workflows/helm-chart-lint.yml

@@ -66,7 +66,7 @@
         with:
           version: v3.10.3
 
       - uses: ./.github/actions/setup-java
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
@@ -88,7 +88,7 @@
 
       # Preparing a kind cluster to install and test charts on
       - name: Create kind cluster
-        uses: container-tools/kind-action@61f1afd4807b0dac84f3232ec99e45c63701d220 # v2.0.1
+        uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3
         with:
           # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions
           version: v0.20.0

.github/workflows/veracode.yml

@@ -42,10 +42,10 @@
   verify-formatting:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.2
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
       - uses: ./.github/actions/setup-java
       - name: Verify proper formatting
         run: ./mvnw spotless:check
 
@@ -65,7 +65,7 @@
     steps:
       # Set-Up
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: ./.github/actions/setup-java
       # Build
       - name: Build ${{ matrix.variant.name }}
         run: |-
@@ -108,7 +108,7 @@
     steps:
       # Set-Up
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: ./.github/actions/setup-java
       # Build
       - name: Build ${{ matrix.variant.name }}
         run: |-
@@ -118,7 +118,7 @@
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Tar gzip files for veracode upload
         run: |-
-          tar --exclude='spring-web-5.3.28.jar' -czvf ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/target/lib/*.jar ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}-*.jar
+          tar --exclude='spring-web-5.3.31.jar' -czvf ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/target/lib/*.jar ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}-*.jar
       - name: Veracode Upload And Scan
         uses: veracode/veracode-uploadandscan-action@c3c0b78bddb42d5f6b10d70562f692215a410d7b #v1.0
         if: |

DEPENDENCIES

@@ -1,8 +1,6 @@
 maven/mavencentral/aopalliance/aopalliance/1.0, LicenseRef-Public-Domain, approved, CQ2918
-maven/mavencentral/ch.qos.logback/logback-classic/1.2.12, EPL-1.0, approved, CQ13636
 maven/mavencentral/ch.qos.logback/logback-classic/1.2.13, EPL-1.0, approved, CQ13636
 maven/mavencentral/ch.qos.logback/logback-classic/1.4.12, EPL-1.0 OR LGPL-2.1-only, approved, #3435
-maven/mavencentral/ch.qos.logback/logback-core/1.2.12, EPL-1.0, approved, CQ13635
 maven/mavencentral/ch.qos.logback/logback-core/1.2.13, EPL-1.0, approved, CQ13635
 maven/mavencentral/ch.qos.logback/logback-core/1.4.12, EPL-1.0 OR LGPL-2.1-only, approved, #3373
 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.13.5, Apache-2.0, approved, clearlydefined

provisioning/README.md

@@ -278,7 +278,7 @@ Eclipse Tractus-X product(s) installed within the image:
 
 **Used base image**
 
-- [eclipse-temurin:21-jre-alpine](https://github.com/adoptium/containers)
+- [eclipse-temurin:11-jre-alpine](https://github.com/adoptium/containers)
 - Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin
 - Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin
 - Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin

provisioning/pom.xml

@@ -101,6 +101,18 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>${logback.version}</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-actuator</artifactId>

provisioning/resources/entrypoint.sh

@@ -122,7 +122,7 @@ for ENDPOINT in $ONTOP_PORT ; do  # NOTE: do not double-quote $services here.
   else 
     echo "Invoking intermediate process";
     java $TOOL -cp ./lib/*:./jdbc/* -Dlogback.configurationFile="/opt/ontop/log/logback.xml" -Dlogging.config="/opt/ontop/log/logback.xml" \
-      it.unibz.inf.ontop.cli.Ontop endpoint ${ONTOLOGY_FILE} ${MAPPING_FILE} \
+      it.unibz.inf.ontop.cli.Ontop endpoint ${ONTOLOGY} ${MAPPING} \
       ${PROPERTIES} ${PORTAL} ${DEV} ${ENDPOINT} ${CORS} ${LAZY}&
   fi
 done

provisioning/src/main/docker/Dockerfile

@@ -25,7 +25,7 @@ FROM ontop/ontop:5.1.2 as blueprint
 # Build Container: Fixes diverse vulnerabilities in guava <32, tomcat, spring-boot 2.7<13, spring-framework <5.3.28 and spring-web (all 5 versions - need to exclude a deprecated package from the jar)
 ##
 
-FROM eclipse-temurin:21-jdk AS build
+FROM eclipse-temurin:11-jdk AS build
 
 # run with docker --build-arg jdbcDrivers=path_to_my_driver to establish a different driver
 ARG jdbcDrivers="https://repo1.maven.org/maven2/com/h2database/h2/2.2.220/h2-2.2.220.jar https://download.dremio.com/jdbc-driver/dremio-jdbc-driver-LATEST.jar https://repo1.maven.org/maven2/org/apache/calcite/avatica/avatica/1.22.0/avatica-1.22.0.jar"
@@ -56,7 +56,7 @@ RUN  if [ "${HTTP_PROXY}" != ""  ]; then \
 # Target Container: Use a valid base image
 ##
 
-FROM eclipse-temurin:21-jre-alpine
+FROM eclipse-temurin:11-jre-alpine
 
 ARG APP_USER=ontop
 ARG APP_UID=10001