chore: adjust chart and values

Refs: CPLP-3362

.github/workflows/lint-pull-request.yml

@@ -0,0 +1,61 @@
+###############################################################
+# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: "Lint PullRequest"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fail, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+            
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+            
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true

.github/workflows/release-tag.yml

@@ -0,0 +1,76 @@
+
+###############################################################
+# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: Release tag and changelog
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - 'release/v*.*.*'
+
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+
+  # Run the workflow only if the PR was merged, if it was rejected or closed we don't want to create the tags
+  release-rc:
+    if: github.event.pull_request.merged == true && startsWith(github.ref_name, 'refs/heads/release/v*-RC')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        id: release
+        with:
+          release-type: simple
+          changelog-types: '[{"type":"feat","section":"Change","hidden":false},{"type":"fix","section":"Bugfix","hidden":false},{"type":"chore","section":"Technical Support","hidden":false}]'
+          pull-request-header: 'New release was created'
+          prerelease: true
+
+  # Run the workflow only if the PR was merged, if it was rejected or closed we don't want to create the tags
+  release:
+    if: github.event.pull_request.merged == true && !startsWith(github.ref_name, 'refs/heads/release/v*-RC')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        id: release
+        with:
+          release-type: simple
+          changelog-types: '[{"type":"feat","section":"Change","hidden":false},{"type":"fix","section":"Bugfix","hidden":false},{"type":"chore","section":"Technical Support","hidden":false}]'
+          pull-request-header: 'New release was created'
+      - uses: actions/checkout@v2
+      - name: tag major and minor versions
+        if: ${{ steps.release.outputs.release_created }}
+        run: |
+          git config user.name eclipse-tractusx-bot
+          git config user.email [email protected]
+          git remote add gh-token "https://${{ secrets.GITHUB_TOKEN }}@github.com/${{github.event.repository.name}}.git"
+          git tag -d v${{ steps.release.outputs.major }} || true
+          git tag -d v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+          git push origin :v${{ steps.release.outputs.major }} || true
+          git push origin :v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+          git tag -a v${{ steps.release.outputs.major }} -m "Version v${{ steps.release.outputs.major }}: Catena-X Policy Hub"
+          git tag -a v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} -m "Version v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}: Catena-X Policy Hub"
+          git push origin v${{ steps.release.outputs.major }}
+          git push origin v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}

.github/workflows/release_candidate.yml

@@ -134,28 +134,3 @@ jobs:
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_MIGRATIONS }}
           readme-filepath: "./docker/notice-policy-hub-migrations.md"
-
-  # auth-and-dispatch:
-  #   needs: [ policy-hub-service-release, policy-hub-migrations-release ]
-  #   runs-on: ubuntu-latest
-
-  #   steps:
-  #     - name: Get token
-  #       id: get_workflow_token
-  #       uses: peter-murray/workflow-application-token-action@v2
-  #       with:
-  #         application_id: ${{ secrets.ORG_PORTAL_DISPATCH_APPID }}
-  #         application_private_key: ${{ secrets.ORG_PORTAL_DISPATCH_KEY }}
-
-  #     - name: Trigger workflow
-  #       id: call_action
-  #       env:
-  #         TOKEN: ${{ steps.get_workflow_token.outputs.token }}
-  #       run: |
-  #         curl -v \
-  #           --request POST \
-  #           --url https://api.github.com/repos/eclipse-tractusx/portal-cd/actions/workflows/portal-backend-release-image-update.yml/dispatches \
-  #           --header "authorization: Bearer $TOKEN" \
-  #           --header "Accept: application/vnd.github.v3+json" \
-  #           --data '{"ref":"release-candidate", "inputs": { "new-image":"${{ github.sha }}" }}' \
-  #           --fail

.github/workflows/release_release_candidate.yml

@@ -134,31 +134,3 @@ jobs:
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME_MIGRATIONS }}
           readme-filepath: "./docker/notice-policy-hub-migrations.md"
-
-  # auth-and-dispatch:
-  #   needs: [ policy-hub-service-release, policy-hub-migrations-release ]
-  #   runs-on: ubuntu-latest
-
-  #   steps:
-  #     - name: Set env
-  #       run: echo "RELEASE_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
-
-  #     - name: Get token
-  #       id: get_workflow_token
-  #       uses: peter-murray/workflow-application-token-action@v2
-  #       with:
-  #         application_id: ${{ secrets.ORG_PORTAL_DISPATCH_APPID }}
-  #         application_private_key: ${{ secrets.ORG_PORTAL_DISPATCH_KEY }}
-
-  #     - name: Trigger workflow
-  #       id: call_action
-  #       env:
-  #         TOKEN: ${{ steps.get_workflow_token.outputs.token }}
-  #       run: |
-  #         curl -v \
-  #           --request POST \
-  #           --url https://api.github.com/repos/eclipse-tractusx/portal-cd/actions/workflows/portal-backend-release-image-update.yml/dispatches \
-  #           --header "authorization: Bearer $TOKEN" \
-  #           --header "Accept: application/vnd.github.v3+json" \
-  #           --data '{"ref":"release-candidate", "inputs": { "new-image":"${{ github.ref_name }}" }}' \
-  #           --fail

.github/workflows/trivy-dev.yml

@@ -126,6 +126,7 @@ jobs:
           format: "sarif"
           output: "trivy-results9.sarif"
           vuln-type: "os,library"
+          skip-dirs: "docs/"
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: always()

.github/workflows/trivy.yml

@@ -61,6 +61,7 @@ jobs:
           format: "sarif"
           output: "trivy-results1.sarif"
           vuln-type: "os,library"
+          skip-dirs: "docs/"
           timeout: "3600s"
 
       - name: Upload Trivy scan results to GitHub Security tab

DEPENDENCIES

@@ -9,6 +9,7 @@ nuget/nuget/-/FluentAssertions/6.11.0, Apache-2.0 AND MIT, approved, #10061
 nuget/nuget/-/Flurl.Signed/3.0.6, MIT, approved, #3501
 nuget/nuget/-/Humanizer.Core/2.14.1, MIT, approved, #10060
 nuget/nuget/-/Mono.TextTemplating/2.2.1, MIT, approved, clearlydefined
+nuget/nuget/-/Newtonsoft.Json/13.0.1, MIT AND BSD-3-Clause, approved, #3266
 nuget/nuget/-/Newtonsoft.Json/13.0.3, MIT AND BSD-3-Clause, approved, #3266
 nuget/nuget/-/Npgsql.EntityFrameworkCore.PostgreSQL/7.0.11, PostgreSQL AND MIT AND Apache-2.0, approved, #10081
 nuget/nuget/-/Npgsql/7.0.6, PostgreSQL, approved, #10062

charts/policy-hub/Chart.yaml

@@ -27,6 +27,5 @@ home: https://github.com/eclipse-tractusx/policy-hub
 dependencies:
   - condition: postgresql.enabled
     name: postgresql
-    alias: postgrespolicyhub
     repository: https://charts.bitnami.com/bitnami
     version: 12.12.x