release(1.6.0-RC7): merge release into main #216

Reviewed-By: Evelyn Gurschler <[email protected]>
eclipse-tractusx · Aug 18, 2023 · aa5c97d · aa5c97d
2 parents 1ee8566 + 44ef38e
commit aa5c97d
Show file tree

Hide file tree

Showing 211 changed files with 10,511 additions and 1,340 deletions.
diff --git a/.github/workflows/iam-seeding.yml b/.github/workflows/iam-seeding.yml
@@ -0,0 +1,85 @@
+###############################################################
+# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: IAM Seeding
+
+on: 
+  push:
+    paths:
+      # service and transitive paths
+      - 'src/framework/**'
+      - 'src/keycloak/**'
+      # workflow file
+      - '.github/workflows/iam-seeding.yml'
+      # dockerfile
+      - 'docker/Dockerfile-iam-seeding'
+
+    branches:
+      - 'dev'
+  workflow_dispatch:
+
+env:
+  IMAGE_NAMESPACE: "tractusx"
+  IMAGE_NAME: "portal-iam-seeding"
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=dev
+            type=raw,value=${{ github.sha }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: docker/Dockerfile-iam-seeding
+          pull: true
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # https://github.com/peter-evans/dockerhub-description
+      - name: Update Docker Hub description
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          readme-filepath: "./docker/notice-iam-seeding.md"
diff --git a/.github/workflows/release_iam-seeding.yml b/.github/workflows/release_iam-seeding.yml
@@ -0,0 +1,76 @@
+###############################################################
+# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: Release IAM Seeding
+
+on:
+  push:
+    tags:
+      - 'iam-v*.*.*'
+  workflow_dispatch:
+
+env:
+  IMAGE_NAMESPACE: "tractusx"
+  IMAGE_NAME: "portal-iam-seeding"
+
+jobs:
+  iam-seeding-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME}}
+          tags: |
+            type=raw,value=latest
+            type=raw,value=${{ github.ref_name }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: docker/Dockerfile-iam-seeding
+          pull: true
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # https://github.com/peter-evans/dockerhub-description
+      - name: Update Docker Hub description
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          readme-filepath: "./docker/notice-iam-seeding.md"
diff --git a/.github/workflows/trivy-dev.yml b/.github/workflows/trivy-dev.yml
@@ -368,3 +368,36 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results11.sarif"
+
+  analyze-portal-iam_seeding:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # It's also possible to scan your private registry with Trivy's built-in image scan.
+      # All you have to do is set ENV vars.
+      # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
+      # You don't need to set ENV vars when downloading from a public repository.
+      # For public images, no ENV vars must be set.
+      - name: Run Trivy vulnerability scanner
+        if: always()
+        uses: aquasecurity/trivy-action@master
+        with:
+          # Path to Docker image
+          image-ref: "${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}-iam-seeding:dev"
+          format: "sarif"
+          output: "trivy-results12.sarif"
+          exit-code: "1"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: always()
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results12.sarif"
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -368,3 +368,36 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results11.sarif"
+
+  analyze-portal-iam_seeding:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # It's also possible to scan your private registry with Trivy's built-in image scan.
+      # All you have to do is set ENV vars.
+      # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
+      # You don't need to set ENV vars when downloading from a public repository.
+      # For public images, no ENV vars must be set.
+      - name: Run Trivy vulnerability scanner
+        if: always()
+        uses: aquasecurity/trivy-action@master
+        with:
+          # Path to Docker image
+          image-ref: "${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}-iam-seeding:latest"
+          format: "sarif"
+          output: "trivy-results12.sarif"
+          exit-code: "1"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: always()
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results12.sarif"
diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml
@@ -435,3 +435,46 @@ jobs:
           vid: "${{ secrets.ORG_VERACODE_API_ID }}"
           vkey: "${{ secrets.ORG_VERACODE_API_KEY }}"
           include: 'Org.Eclipse.TractusX.Portal.Backend.Processes.Worker.dll'
+
+  analyze-iam-seeding:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Install dependencies
+        run: dotnet restore src/keycloak/Keycloak.Seeding
+
+      - name: Build and publish
+        run: |
+          cd src/keycloak/Keycloak.Seeding
+          dotnet build --no-restore
+          dotnet publish -c Debug  -p:PublishDir=.\publish
+
+      - name: "Bundle files to scan"
+        run: >
+          zip -r portal-iam-seeding.zip
+          src/keycloak/Keycloak.Seeding/.publish
+
+      - name: Run Veracode Upload And Scan
+        uses: veracode/[email protected]
+        with:
+          # Specify Veracode application name
+          appname: "Portal-IAM_Seeding"
+          createprofile: true
+          teams: 'portal'
+          # Specify path to upload
+          filepath: "portal-iam-seeding.zip"
+          vid: "${{ secrets.ORG_VERACODE_API_ID }}"
+          vkey: "${{ secrets.ORG_VERACODE_API_KEY }}"
+          include: 'Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.dll'
diff --git a/.tractusx b/.tractusx
@@ -1 +1,20 @@
+###############################################################
+# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
 leadingRepository: "https://github.com/eclipse-tractusx/portal-cd"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,45 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Backend.
 
+## 1.6.0-RC7
+
+### Change
+* All Services
+  * add an /api/info endpoint to retrieve specific api endpoints which can be used publicly for external services
+* Keycloak Seeding
+  * add seeding for keycloak realm-data from a json-file
+* Marketplace Service
+  * Removed PUT: /api/apps/appreleaseprocess/updateapp/{appId}
+* Process Worker:
+  * add error handling for BPDM Pull Process Steps
+
+### Technical Support
+* Logging
+  * removed machine name, processId, threadId from the logging message
+* TRG
+  * changed license notice for images
+  * add second license
+  * add file header to .tractusx
+
+### Bugfix
+* Administration Service
+  * fixed Get: api/administration/companydata/certificates when multiple certificates are in the database for a specific company
+  * add check for active offerSubscriptions when deleting a connector
+  * fixed api/administration/serviceaccount/owncompany/serviceaccounts
+* Company Service Accounts
+  * set identityTypeId when creating service accounts to company service account instead of company user
+  * change client_id of service accounts in seeding data
+  * add service accounts from cx-central base
+  * remove service account for daps
+* Marketplace Service
+  * fixed validation for /api/apps/AppReleaseProcess/instance-type/{appId} to only be executable for apps in state CREATED
+* Mail Templates
+  * fixed bpn display in the welcome email
+* Registration Service
+  * fixed Get: /api/registration/legalEntityAddress/{bpn}
+* Seeding
+  * TestDataEnvironments set to optional
+
 ## 1.6.0-RC6
 
 ### Change