Merge branch 'main' into docs/office-hour-02022024

blog-meeting-minutes/2024-01-26-office-hour.md

@@ -0,0 +1,50 @@
+---
+slug: office-hour-26-01-2024
+title: Office hour 26.01.2024
+authors: 
+    - almadi_gabor
+tags: [meeting-minutes, community]
+---
+
+## office hour meeting minutes
+
+### System team
+
+- Whenever a new room is created in the Eclipse Matrix chat, please announce it in the main [Tractux-X](https://matrix.to/#/#tractusx:matrix.eclipse.org) room,
+  office hour and mailing list so everybody can learn about it and join.
+
+### Security team
+
+- New issue templates are available for the following topics:
+  - [OSS Tool membership request](https://github.com/eclipse-tractusx/sig-security/issues/new?assignees=SSIRKC&labels=security%2C+tool&projects=&template=tractus-x-oss-tool-membership-request.md&title=Requesting+access+to+%22%5BTOOL+NAME%5D+YOUR_REPOSITORY%22)
+  - [Ask the community](https://github.com/eclipse-tractusx/sig-security/discussions/categories/q-a) for security help via Discussions
+  - Keep an eye out on the [Security Announcements](https://github.com/eclipse-tractusx/sig-security/discussions/categories/announcements) where news 
+    about security topics are announces regularly
+- Get in touch with the Security Team for testing with [Snyk](https://snyk.io/)
+
+### FOSS
+
+- There was a new election for a project lead role for [Stephan Bauer](https://github.com/stephanbcbauer)
+- The Eclipse Project Handbook changed the section about handling copyright headers. A year range is not longer necessary, only the year when
+  the file was created so there is no need to keep an eye on updating the headers. It is still allowed to put year range (creation date and
+  last modification year) in the header but they have to be separated with comma character.
+- Please sign the Eclipse Contributor Agreement when trying to contribute to the webpage. Without that it is not possible to merge commits
+  to the main branch.
+- ❗ Please don't put any Catena-X content or resource on the website without permission.
+
+### Open planning / community
+
+- New [Open Meetings Links](https://eclipse-tractusx.github.io/community/open-meetings) are listed directly on our webpage to participate and separate calendar files can be downloaded from there.
+- Office hours will probably start a few minutes later so the people don't have to wait until everyone gets there.
+- Commiters and Contributors Meeting could be a new form of communication where the committers are more involved getting some pressure off the System Team.
+- Newjoiner rounds for basic introductions would be held every 2 weeks in a separate session.
+
+### Open discussion
+
+- [Umbrella chart](https://github.com/eclipse-tractusx/e2e-testing):
+  - Currently there is a temporary solution for the Managed Identity Wallet by SAP until the [open source version](https://github.com/eclipse-tractusx/managed-identity-wallet) is fixed. This is a COTS
+    application and it raises questions like how it can be integrated into an open source software stack like the umbrella chart. It is not confirmed yet
+    whether the version from SAP can be used without a license. Currently all components can run without MIW but data exchange functionality won't work.
+- Public API versioning is still an open topic where no decision has been made to create a TRG or guide the Tractus-X community to follow
+  one versioning strategy.
+- An alternative for MS Teams should be found as it is hard to manage for an open community (e.g. Discord).

blog-meeting-minutes/authors.yaml

@@ -9,6 +9,12 @@ harald_zierer:
   title: Consortia System Team Member
   url: https://github.com/hzierer
 
+almadi_gabor:
+  name: Gabor Almadi
+  title: Consortia System Team Member
+  url: https://github.com/almadigabor
+  image_url: https://github.com/almadigabor.png
+
 fabian_gruen:
   name: Fabian Grün
   title: Consortia System Team Member

docs/release/trg-4/trg-4-06.md

@@ -23,13 +23,10 @@ The minimum set of information is:
 - Direct link to the Dockerfile used to build your image
 - Link to `LICENCE` file in your repo as 'Project License' (make clear, that this is the PROJECT licence, not an image license)
 
-## How and where to annotate the base image
-
-The above information **must** be provided in Markdown format, either in your toplevel `README.md`, or in a dedicated
-notice Markdown file, that you then reference from your toplevel `README.md`.
-
-A dedicated notice file can be necessary, if you built multiple container image from a single repository.
-Multiple notice files ensure, that you can directly link the specific `Dockerfile`, that is used and include it in the description, that is pushed to `DockerHub`.
+The above information **must** be provided as dedicated Markdown file in your repository.
+It **should** be located next to the `Dockerfile`, that is used to build the image you are annotating.
+Provide a dedicated notice file for every image, that is published.
+It **must** be linked in your top-level `README.md`. Link all notice files, in case you publish multiple images.
 
 The notice **must** follow a specific structure, starting with a specific headline, a reference to your image on `DockerHub` and information about your product.
 You can use the following example as a starting point. Remember to update the placeholders indicated by `<>` brackets.
@@ -77,17 +74,44 @@ As with all Docker images, these likely also contain other software which may be
 As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
 ```
 
-## Examples
+## Best practice and examples
 
-The following examples are shown as reference, to see already existing and complete versions of a 'Notice for docker images'.
-They **can not** be used for your product without modifications.
+- Use "Container images" as headline to link to the container image notice files from the repositories README.md file
+- Name the notice file "notice.md"
+- Provide important information about your image with your notice. Examples:
+  - Available volumes
+  - Default port the service is listening on
+
+### GitHub workflow step
+
+Keeping the DockerHub description up-to-date with the latest notice content is crucial.
+The following workflow step can be used as part of the DockerHub publishing workflow to ensure that:
 
-Good example for notice integrated in toplevel `README.md`:
+```yaml
+# DockerHub publishing worklflow
 
-- [IRS](https://github.com/eclipse-tractusx/item-relationship-service#notice-for-docker-image) or
-- [app-dashboard](https://github.com/eclipse-tractusx/app-dashboard#notice-for-docker-image)
+...
+
+# https://github.com/peter-evans/dockerhub-description
+- name: Update Docker Hub description
+  # Ensure the DockerHub description is updated with contents from a PR (usually images are not published on PR)
+  if: github.event_name != 'pull_request'
+  uses: peter-evans/dockerhub-description@v3
+  with:
+    username: ${{ secrets.DOCKER_HUB_USER }}
+    password: ${{ secrets.DOCKER_HUB_TOKEN }}
+    repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+    # IMPORTANT: Adjust this to the actual path of your container image notice
+    readme-filepath: <path/to/your/notice.md>
+```
+
+### Examples
+
+The following examples are shown as reference, to see already existing and complete versions of a 'Notice for docker images'.
+They **can not** be used for your product without modifications.
 
-Good example for a dedicated notice file: [edc-controlplane-memory-hashicorp-vault](https://github.com/eclipse-tractusx/tractusx-edc/edit/main/edc-controlplane/edc-controlplane-memory-hashicorp-vault/notice.md)
+- [edc-controlplane-memory-hashicorp-vault](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-controlplane/edc-controlplane-memory-hashicorp-vault/notice.md)
+- [Country Risk](https://github.com/eclipse-tractusx/vas-country-risk/blob/main/DOCKER_NOTICE.md)
 
 ## Already collected base image information