diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml
index 35bca98..28f9de5 100644
--- a/.github/workflows/chart-release.yaml
+++ b/.github/workflows/chart-release.yaml
@@ -57,7 +57,14 @@ jobs:
helm dependency update
- name: Run chart-releaser
+ id: chart-release
uses: helm/chart-releaser-action@v1.4.1
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_SKIP_EXISTING: "true"
+
+ - name: Push git tag for release workflow to be triggered
+ uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
+ with:
+ tag: v${{ steps.chart-release.outputs.chart_version }}
+ if: ${{ steps.chart-release.outputs.changed_charts }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..e9347f5
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,105 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+
+name: "CodeQL"
+
+on:
+ push:
+ branches: [main]
+ paths:
+ - 'src/**'
+ pull_request:
+ paths:
+ - 'src/**'
+ schedule:
+ - cron: "0 0 * * *"
+ workflow_dispatch:
+
+jobs:
+ analyze:
+ name: Analyze
+ # Runner size impacts CodeQL analysis time. To learn more, please see:
+ # - https://gh.io/recommended-hardware-resources-for-running-codeql
+ # - https://gh.io/supported-runners-and-hardware-resources
+ # - https://gh.io/using-larger-runners
+ # Consider using larger runners for possible analysis time improvements.
+ runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+ timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: ["csharp"]
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
+ # Use only 'java' to analyze code written in Java, Kotlin or both
+ # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ queries: +security-extended,security-and-quality
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+ # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup.
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+ # - run: |
+ # echo "Run, Build Application using script"
+ # ./location_of_script_within_repo/buildscript.sh
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227
+ with:
+ category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
index 724c70b..eeee8ea 100644
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -54,7 +54,7 @@ jobs:
run: dotnet restore src
- name: List packages
- run: dotnet list src package --include-transitive --interactive | grep ">" | grep -Pv "\s(Org|Microsoft|NuGet|System|runtime|docker|Docker|NETStandard)" | sed -E -e "s/\s+> ([a-zA-Z\.\-]+).+\s([0-9]+\.[0-9]+\.[0-9]+)\s*/nuget\/nuget\/\-\/\1\/\2/g" | awk '!seen[$0]++' > PACKAGES
+ run: dotnet list src package --include-transitive --interactive | grep ">" | grep -Pv "\s(Org.Eclipse.TractusX|Microsoft|NuGet|System|runtime|docker|Docker|NETStandard)" | sed -E -e "s/\s+> ([a-zA-Z\.\-]+).+\s([0-9]+\.[0-9]+\.[0-9]+)\s*/nuget\/nuget\/\-\/\1\/\2/g" | awk '!seen[$0]++' > PACKAGES
- name: Generate Dependencies file
run: java -jar ./scripts/download/org.eclipse.dash.licenses-1.0.2.jar PACKAGES -project automotive.tractusx -summary DEPENDENCIES || true
diff --git a/.github/workflows/owasp-zap.yml b/.github/workflows/owasp-zap.yml
new file mode 100644
index 0000000..9dbfac9
--- /dev/null
+++ b/.github/workflows/owasp-zap.yml
@@ -0,0 +1,138 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: "OWASP ZAP (DAST Scan)"
+
+on:
+ push:
+ branches: [main]
+ paths:
+ - 'src/**'
+ pull_request:
+ paths:
+ - 'src/**'
+ schedule:
+ # Once a day
+ - cron: "0 0 * * *"
+ workflow_dispatch:
+ # Trigger manually
+ inputs:
+ node_image:
+ description: 'kindest/node image for k8s kind cluster'
+ # k8s version from 3.1 release as default
+ default: 'kindest/node:v1.27.3'
+ required: false
+ type: string
+
+jobs:
+ owasp-zap-scan:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ fetch-depth: 0
+
+ - name: Kubernetes KinD Cluster
+ uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3
+ with:
+ node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }}
+ version: v0.20.0
+
+ - name: Set up Helm
+ uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
+ with:
+ version: v3.5.0
+
+ - name: Build migration image
+ id: build-migration-image
+ uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+ with:
+ context: .
+ file: docker/Dockerfile-policy-hub-migrations
+ push: true
+ tags: kind-registry:5000/policy-hub-migrations:testing
+
+ - name: Build service image
+ id: build-service-image
+ uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+ with:
+ context: .
+ file: docker/Dockerfile-policy-hub-service
+ push: true
+ tags: kind-registry:5000/policy-hub-service:testing
+
+ - name: Add bitnami repo
+ run: |
+ helm repo add bitnami https://charts.bitnami.com/bitnami
+ helm repo update
+
+ - name: Update Helm dependencies
+ run: |
+ cd charts/policy-hub
+ helm dependency build
+
+ - name: Install the chart on KinD cluster
+ run: helm install testing -n apps --create-namespace --wait --set policyhub.image=kind-registry:5000/policy-hub-service:testing --set=policyhubmigrations.image=kind-registry:5000/policy-hub-migrations:testing --set=policyhub.swaggerEnabled=true charts/policy-hub
+
+ - name: Configure port forward to app in KinD
+ run: |
+ echo "Getting Agent IP..."
+ IP_ADDR=$(hostname -i)
+ echo "-> IP: $IP_ADDR"
+ echo "IP_ADDR=$IP_ADDR" >> $GITHUB_ENV
+
+ POD_NAME=$(kubectl get pods --namespace apps -l "app.kubernetes.io/name=policy-hub,app.kubernetes.io/instance=testing" -o jsonpath="{.items[0].metadata.name}")
+ CONTAINER_PORT=$(kubectl get pod --namespace apps $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+
+ echo "Port-forwarding 0.0.0.0:8080 to $POD_NAME:$CONTAINER_PORT..."
+
+ kubectl --namespace apps port-forward $POD_NAME 8080:$CONTAINER_PORT --address 0.0.0.0 &
+
+ - name: Generating report skeletons
+ if: success() || failure()
+ run: |
+ touch report_md.md report_html.html
+ chmod a+w report_md.md report_html.html
+ ls -lrt
+
+ - name: Run ZAP scan
+ run: |
+ set +e
+
+ echo "Pulling ZAP image..."
+ docker pull ghcr.io/zaproxy/zaproxy:stable -q
+
+ echo "Starting ZAP Docker container..."
+ docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t http://$IP_ADDR:8080/api/policy-hub/swagger/v2/swagger.json -f openapi -w report_md.md -r report_html.html -T 1
+
+ echo "... done."
+
+ - name: Add Summary
+ if: success() || failure()
+ run: |
+ echo "Publishing Job summary... "
+ cat report_md.md >> $GITHUB_STEP_SUMMARY
+
+ - name: Upload HTML report
+ if: success() || failure()
+ uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+ with:
+ name: ZAP scan report
+ path: ./report_html.html
diff --git a/.github/workflows/policy-hub-chart-test.yml b/.github/workflows/policy-hub-chart-test.yml
index dcaa3fd..d1b97a9 100644
--- a/.github/workflows/policy-hub-chart-test.yml
+++ b/.github/workflows/policy-hub-chart-test.yml
@@ -38,7 +38,7 @@ on:
upgrade_from:
description: 'policyhub chart version to upgrade from'
# tbd
- default: '0.1.0-rc.1'
+ default: '0.1.0-rc.2'
required: false
type: string
@@ -100,20 +100,19 @@ jobs:
fi
- name: Run chart-testing (lint)
- run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }}
+ run: ct lint --validate-maintainers=false --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
- name: Run service chart-testing (install)
run: ct install --charts charts/policy-hub --config charts/chart-testing-config.yaml --helm-extra-set-args "--set=policyhub.image=kind-registry:5000/policy-hub-service:testing --set=policyhubmigrations.image=kind-registry:5000/policy-hub-migrations:testing"
if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
- # currently the update is commented out, at the moment we're working for the initial version, after that the update will be enabled
- # Upgrade the released chart version with the locally available chart
- # default value for event_name != workflow_dispatch
- # - name: Run helm upgrade
- # run: |
- # helm repo add bitnami https://charts.bitnami.com/bitnami
- # helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
- # helm install policy-hub-service tractusx-dev/policy-hub-service --version ${{ github.event.inputs.upgrade_from || '1.0.0' }}
- # helm dependency update charts/policy-hub-service
- # helm upgrade policy-hub-service charts/policy-hub-service
- # if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
\ No newline at end of file
+ # Upgrade the released chart version with the locally available chart
+ # default value for event_name != workflow_dispatch
+ - name: Run helm upgrade
+ run: |
+ helm repo add bitnami https://charts.bitnami.com/bitnami
+ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+ helm install policy-hub tractusx-dev/policy-hub --version ${{ github.event.inputs.upgrade_from || '0.1.0-rc.2' }} --namespace upgrade --create-namespace
+ helm dependency update charts/policy-hub
+ helm upgrade policy-hub charts/policy-hub --set policyhub.image=kind-registry:5000/policy-hub-service:testing --set=policyhubmigrations.image=kind-registry:5000/policy-hub-migrations:testing --namespace upgrade
+ if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 1d3d67c..406b4ad 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -38,3 +38,4 @@ jobs:
with:
target-branch: ${{ github.ref_name }}
release-type: simple
+ skip-github-release: true
diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml
deleted file mode 100644
index 409cd01..0000000
--- a/.github/workflows/veracode.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
-###############################################################
-# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-# See the NOTICE file(s) distributed with this work for additional
-# information regarding copyright ownership.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Apache License, Version 2.0 which is available at
-# https://www.apache.org/licenses/LICENSE-2.0.
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-###############################################################
-
-name: "Veracode"
-
-on:
- # push:
- # branches: [main]
- # pull_request:
- # The branches below must be a subset of the branches above
- # branches: [ main ]
- # paths-ignore:
- # - "**/*.md"
- # - "**/*.txt"
- # Trigger manually
- workflow_dispatch:
- # Triggered once a week
- schedule:
- - cron: "0 0 * * 0"
-
-
-env:
- DOTNET_VERSION: '7.0' # The .NET SDK version to use
-
-jobs:
- analyze-policy-hub-service:
- runs-on: ubuntu-latest
- permissions:
- actions: read
- contents: read
- security-events: write
-
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - name: Setup .NET
- uses: actions/setup-dotnet@v3
- with:
- dotnet-version: ${{ env.DOTNET_VERSION }}
-
- - name: Install dependencies
- run: dotnet restore src/hub/PolicyHub.Service
-
- - name: Build and publish
- run: |
- cd src/hub/PolicyHub.Service
- dotnet build --no-restore
- dotnet publish -c Debug -p:PublishDir=.\publish
-
- - name: "Bundle files to scan"
- run: >
- zip -r policy-hub-service.zip
- src/hub/PolicyHub.Service/.publish
- -x
- src/hub/PolicyHub.Service/.publish/Org.Eclipse.TractusX.PolicyHub.Service
-
- - name: Run Veracode Upload And Scan
- uses: veracode/veracode-uploadandscan-action@0.2.1
- with:
- # Specify Veracode application name
- appname: "Policy-Hub-Service"
- createprofile: true
- teams: 'policy-hub'
- # Specify path to upload
- filepath: "policy-hub-service.zip"
- vid: "${{ secrets.ORG_VERACODE_API_ID }}"
- vkey: "${{ secrets.ORG_VERACODE_API_KEY }}"
- include: 'Org.Eclipse.TractusX.PolicyHub.Service.dll'
-
- analyze-policy-hub-migrations:
- runs-on: ubuntu-latest
- permissions:
- actions: read
- contents: read
- security-events: write
-
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - name: Setup .NET
- uses: actions/setup-dotnet@v3
- with:
- dotnet-version: ${{ env.DOTNET_VERSION }}
-
- - name: Install dependencies
- run: dotnet restore src/database/PolicyHub.Migrations
-
- - name: Build and publish
- run: |
- cd src/database/PolicyHub.Migrations
- dotnet build --no-restore
- dotnet publish -c Debug -p:PublishDir=.\publish
-
- - name: "Bundle files to scan"
- run: >
- zip -r policy-hub-migrations.zip
- src/database/PolicyHub.Migrations/.publish
-
- - name: Run Veracode Upload And Scan
- uses: veracode/veracode-uploadandscan-action@0.2.1
- with:
- # Specify Veracode application name
- appname: "Policy-Hub-Migrations"
- createprofile: true
- teams: 'policy-hub'
- # Specify path to upload
- filepath: "policy-hub-migrations.zip"
- vid: "${{ secrets.ORG_VERACODE_API_ID }}"
- vkey: "${{ secrets.ORG_VERACODE_API_KEY }}"
- include: 'Org.Eclipse.TractusX.PolicyHub.Migrations.dll'
diff --git a/.gitignore b/.gitignore
index 28bd2c7..a0c9b66 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,3 +51,4 @@ Chart.lock
# local dev configuration
appsettings.Development.json
+PACKAGES
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 700b32e..13e8195 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,33 @@
# Changelog
+## [0.1.0-rc.3](https://github.com/eclipse-tractusx/policy-hub/compare/v0.1.0-rc.2...v0.1.0-rc.3) (2024-02-15)
+
+
+### Features
+
+* **nuget:** update framework packages to stable ([#30](https://github.com/eclipse-tractusx/policy-hub/issues/30)) ([c097c90](https://github.com/eclipse-tractusx/policy-hub/commit/c097c905b8280a65065dffa6524d0dd4bda7d0be))
+
+### Bug Fixes
+
+* **helm-chart:** don't change postgres secret at helm upgrade ([#33](https://github.com/eclipse-tractusx/policy-hub/issues/33)) ([b7b4b8f](https://github.com/eclipse-tractusx/policy-hub/commit/b7b4b8fbff2286a4cf12c3783d6f9bff05cf717b))
+
+### Miscellaneous Chores
+
+* release 0.1.0-rc.3 ([6d52a25](https://github.com/eclipse-tractusx/policy-hub/commit/6d52a25d6effcf1f9753249d1f45fa24e0e43208))
+
+## [0.1.0-rc.2](https://github.com/eclipse-tractusx/policy-hub/compare/v0.1.0-rc.1...v0.1.0-rc.2) (2024-02-02)
+
+
+### Features
+
+* make imagePullPolicy configurable, default set to IfNotPresent ([1586de5](https://github.com/eclipse-tractusx/policy-hub/commit/1586de5d6322a92db28dc2f1e3457091087b965c))
+* **trg-4.07:** enable readOnlyRootFilesystem for containers ([9fcc10e](https://github.com/eclipse-tractusx/policy-hub/commit/9fcc10ec743ea3cbeb5a3026e7161789ceee7339))
+
+
+### Miscellaneous Chores
+
+* release 0.1.0-rc.2 ([ac5cc45](https://github.com/eclipse-tractusx/policy-hub/commit/ac5cc45df8c73556d636b9a18adbf3cda2d39f27))
+
## 0.1.0-rc.1 (2024-01-23)
diff --git a/PACKAGES b/PACKAGES
deleted file mode 100644
index f603629..0000000
--- a/PACKAGES
+++ /dev/null
@@ -1,49 +0,0 @@
-nuget/nuget/-/Flurl.Signed/3.0.6
-nuget/nuget/-/EFCore.NamingConventions/7.0.2
-nuget/nuget/-/Newtonsoft.Json/13.0.3
-nuget/nuget/-/Npgsql/7.0.6
-nuget/nuget/-/Npgsql.EntityFrameworkCore.PostgreSQL/7.0.11
-nuget/nuget/-/Serilog/3.0.1
-nuget/nuget/-/Serilog.AspNetCore/7.0.0
-nuget/nuget/-/Serilog.Enrichers.CorrelationId/3.0.1
-nuget/nuget/-/Serilog.Enrichers.Environment/2.3.0
-nuget/nuget/-/Serilog.Enrichers.Process/2.0.2
-nuget/nuget/-/Serilog.Enrichers.Sensitive/1.7.3
-nuget/nuget/-/Serilog.Enrichers.Thread/3.1.0
-nuget/nuget/-/Serilog.Extensions.Hosting/7.0.0
-nuget/nuget/-/Serilog.Extensions.Logging/7.0.0
-nuget/nuget/-/Serilog.Formatting.Compact/1.1.0
-nuget/nuget/-/Serilog.Settings.Configuration/7.0.1
-nuget/nuget/-/Serilog.Sinks.Console/4.1.0
-nuget/nuget/-/Serilog.Sinks.Debug/2.0.0
-nuget/nuget/-/Serilog.Sinks.File/5.0.0
-nuget/nuget/-/Swashbuckle.AspNetCore/6.5.0
-nuget/nuget/-/Swashbuckle.AspNetCore.Swagger/6.5.0
-nuget/nuget/-/Swashbuckle.AspNetCore.SwaggerGen/6.5.0
-nuget/nuget/-/Swashbuckle.AspNetCore.SwaggerUI/6.5.0
-nuget/nuget/-/SwashBuckle.AspNetCore/6.5.0
-nuget/nuget/-/Humanizer.Core/2.14.1
-nuget/nuget/-/Mono.TextTemplating/2.2.1
-nuget/nuget/-/AutoFixture/4.18.0
-nuget/nuget/-/AutoFixture.AutoFakeItEasy/4.18.0
-nuget/nuget/-/AutoFixture.Xunit/4.18.0
-nuget/nuget/-/coverlet.collector/6.0.0
-nuget/nuget/-/FakeItEasy/7.4.0
-nuget/nuget/-/FluentAssertions/6.11.0
-nuget/nuget/-/Testcontainers/3.4.0
-nuget/nuget/-/Testcontainers.PostgreSql/3.4.0
-nuget/nuget/-/xunit/2.5.0
-nuget/nuget/-/Xunit.Extensions.AssemblyFixture/2.4.1
-nuget/nuget/-/xunit.runner.visualstudio/2.5.0
-nuget/nuget/-/Castle.Core/4.3.1
-nuget/nuget/-/Fare/2.1.1
-nuget/nuget/-/Portable.BouncyCastle/1.9.0
-nuget/nuget/-/SharpZipLib/1.4.2
-nuget/nuget/-/SSH.NET/2020.0.2
-nuget/nuget/-/SshNet.Security.Cryptography/1.3.0
-nuget/nuget/-/xunit.abstractions/2.0.3
-nuget/nuget/-/xunit.analyzers/1.2.0
-nuget/nuget/-/xunit.assert/2.5.0
-nuget/nuget/-/xunit.core/2.5.0
-nuget/nuget/-/xunit.extensibility.core/2.5.0
-nuget/nuget/-/xunit.extensibility.execution/2.5.0
diff --git a/charts/policy-hub/Chart.yaml b/charts/policy-hub/Chart.yaml
index cbd7da5..65a92c5 100644
--- a/charts/policy-hub/Chart.yaml
+++ b/charts/policy-hub/Chart.yaml
@@ -20,8 +20,8 @@
apiVersion: v2
name: policy-hub
type: application
-version: 0.1.0-rc.2
-appVersion: 0.1.0-rc.2
+version: 0.1.0-rc.3
+appVersion: 0.1.0-rc.3
description: Helm chart for Catena-X Policy Hub
home: https://github.com/eclipse-tractusx/policy-hub
dependencies:
diff --git a/charts/policy-hub/README.md b/charts/policy-hub/README.md
index 272da99..08ebcec 100644
--- a/charts/policy-hub/README.md
+++ b/charts/policy-hub/README.md
@@ -27,7 +27,7 @@ To use the helm chart as a dependency:
dependencies:
- name: policy-hub
repository: https://eclipse-tractusx.github.io/charts/dev
- version: 0.1.0-rc.1
+ version: 0.1.0-rc.3
```
## Requirements
@@ -65,14 +65,16 @@ dependencies:
| healthChecks.startup.path | string | `"/health/startup"` | |
| healthChecks.liveness.path | string | `"/healthz"` | |
| healthChecks.readyness.path | string | `"/ready"` | |
-| policyhub.image | string | `"tractusx/policy-hub-service:0.1.0-rc.1"` | |
+| policyhub.image | string | `"docker.io/tractusx/policy-hub-service:0.1.0-rc.3"` | |
+| policyhub.imagePullPolicy | string | `"IfNotPresent"` | |
| policyhub.resources | object | `{"requests":{"cpu":"15m","memory":"300M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. |
| policyhub.logging.businessLogic | string | `"Information"` | |
| policyhub.logging.default | string | `"Information"` | |
| policyhub.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` | |
| policyhub.healthChecks.startup.tags[0].value | string | `"policyhubdb"` | |
| policyhub.swaggerEnabled | bool | `false` | |
-| policyhubmigrations.image | string | `"tractusx/policy-hub-migrations:0.1.0-rc.1"` | |
+| policyhubmigrations.image | string | `"docker.io/tractusx/policy-hub-migrations:0.1.0-rc.3"` | |
+| policyhubmigrations.imagePullPolicy | string | `"IfNotPresent"` | |
| policyhubmigrations.resources | object | `{"requests":{"cpu":"15m","memory":"105M"}}` | We recommend not to specify default resource limits and to leave this as a conscious choice for the user. If you do want to specify resource limits, uncomment the following lines and adjust them as necessary. |
| policyhubmigrations.seeding.testDataEnvironments | string | `""` | |
| policyhubmigrations.seeding.testDataPaths | string | `"Seeder/Data"` | |
@@ -80,7 +82,7 @@ dependencies:
| postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "policy-hub-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. |
| postgresql.auth.username | string | `"hub"` | Non-root username. |
| postgresql.auth.database | string | `"policy-hub"` | Database name. |
-| postgresql.auth.existingSecret | string | `"{{ .Release.Name }}-phub-postgres"` | Secret containing the passwords for root usernames postgres and non-root username hub. |
+| postgresql.auth.existingSecret | string | `"{{ .Release.Name }}-phub-postgres"` | Secret containing the passwords for root usernames postgres and non-root username hub. Should not be changed without changing the "phub-postgresSecretName" template as well. |
| postgresql.architecture | string | `"replication"` | |
| postgresql.audit.pgAuditLog | string | `"write, ddl"` | |
| postgresql.audit.logLinePrefix | string | `"%m %u %d "` | |
diff --git a/charts/policy-hub/templates/_helpers.tpl b/charts/policy-hub/templates/_helpers.tpl
index 06b1c87..c3a0e51 100644
--- a/charts/policy-hub/templates/_helpers.tpl
+++ b/charts/policy-hub/templates/_helpers.tpl
@@ -30,6 +30,13 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
+{{/*
+Define secret name of postgres dependency.
+*/}}
+{{- define "phub.postgresSecretName" -}}
+{{- printf "%s-%s" .Release.Name "phub-postgres" }}
+{{- end }}
+
{{/*
Common labels
*/}}
diff --git a/charts/policy-hub/templates/deployment-hub.yaml b/charts/policy-hub/templates/deployment-hub.yaml
index d151440..6b4c9d7 100644
--- a/charts/policy-hub/templates/deployment-hub.yaml
+++ b/charts/policy-hub/templates/deployment-hub.yaml
@@ -54,7 +54,7 @@ spec:
- name: "POLICY_HUB_PASSWORD"
valueFrom:
secretKeyRef:
- name: "{{ .Release.Name }}-phub-postgres"
+ name: "{{ template "phub.postgresSecretName" . }}"
key: "password"
- name: "CONNECTIONSTRINGS__POLICYHUBDB"
value: "Server={{ template "postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(POLICY_HUB_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"
diff --git a/charts/policy-hub/templates/job-policy-hub-migrations.yaml b/charts/policy-hub/templates/job-policy-hub-migrations.yaml
index 0e3ef8b..75dea02 100644
--- a/charts/policy-hub/templates/job-policy-hub-migrations.yaml
+++ b/charts/policy-hub/templates/job-policy-hub-migrations.yaml
@@ -50,7 +50,7 @@ spec:
- name: "POLICY_HUB_PASSWORD"
valueFrom:
secretKeyRef:
- name: "{{ .Release.Name }}-phub-postgres"
+ name: "{{ template "phub.postgresSecretName" . }}"
key: "password"
- name: "CONNECTIONSTRINGS__POLICYHUBDB"
value: "Server={{ template "postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(POLICY_HUB_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"
diff --git a/charts/policy-hub/templates/secret-postgres.yaml b/charts/policy-hub/templates/secret-postgres.yaml
index b07b1c3..59c49fb 100644
--- a/charts/policy-hub/templates/secret-postgres.yaml
+++ b/charts/policy-hub/templates/secret-postgres.yaml
@@ -1,13 +1,32 @@
+{{- /*
+* Copyright (c) 2024 Contributors to the Eclipse Foundation
+*
+* See the NOTICE file(s) distributed with this work for additional
+* information regarding copyright ownership.
+*
+* This program and the accompanying materials are made available under the
+* terms of the Apache License, Version 2.0 which is available at
+* https://www.apache.org/licenses/LICENSE-2.0.
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+* License for the specific language governing permissions and limitations
+* under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/}}
{{- if .Values.postgresql.enabled -}}
+{{- $secretName := include "phub.postgresSecretName" . -}}
apiVersion: v1
kind: Secret
metadata:
- name: {{ .Release.Name }}-phub-postgres
+ name: {{ $secretName }}
namespace: {{ .Release.Namespace }}
type: Opaque
# use lookup function to check if secret exists
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
{{ if $secret -}}
data:
# if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
diff --git a/charts/policy-hub/values.yaml b/charts/policy-hub/values.yaml
index d392aa1..ed6f6ed 100644
--- a/charts/policy-hub/values.yaml
+++ b/charts/policy-hub/values.yaml
@@ -73,7 +73,7 @@ healthChecks:
path: "/ready"
policyhub:
- image: "docker.io/tractusx/policy-hub-service:0.1.0-rc.1"
+ image: "docker.io/tractusx/policy-hub-service:0.1.0-rc.3"
imagePullPolicy: "IfNotPresent"
# -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user.
# If you do want to specify resource limits, uncomment the following lines and adjust them as necessary.
@@ -95,7 +95,7 @@ policyhub:
swaggerEnabled: false
policyhubmigrations:
- image: "docker.io/tractusx/policy-hub-migrations:0.1.0-rc.1"
+ image: "docker.io/tractusx/policy-hub-migrations:0.1.0-rc.3"
imagePullPolicy: "IfNotPresent"
# -- We recommend not to specify default resource limits and to leave this as a conscious choice for the user.
# If you do want to specify resource limits, uncomment the following lines and adjust them as necessary.
@@ -125,6 +125,7 @@ postgresql:
# -- Database name.
database: policy-hub
# -- Secret containing the passwords for root usernames postgres and non-root username hub.
+ # Should not be changed without changing the "phub-postgresSecretName" template as well.
existingSecret: "{{ .Release.Name }}-phub-postgres"
architecture: replication
audit:
diff --git a/consortia/argocd-app-templates/appsetup-int.yaml b/consortia/argocd-app-templates/appsetup-int.yaml
index 4aa6dcf..b6f23bf 100644
--- a/consortia/argocd-app-templates/appsetup-int.yaml
+++ b/consortia/argocd-app-templates/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
source:
path: charts/policy-hub
repoURL: 'https://github.com/eclipse-tractusx/policy-hub.git'
- targetRevision: policy-hub-0.1.0-rc.1
+ targetRevision: policy-hub-0.1.0-rc.3
plugin:
env:
- name: AVP_SECRET
diff --git a/consortia/argocd-app-templates/appsetup-pen.yaml b/consortia/argocd-app-templates/appsetup-pen.yaml
index 9e15b9e..71b4d27 100644
--- a/consortia/argocd-app-templates/appsetup-pen.yaml
+++ b/consortia/argocd-app-templates/appsetup-pen.yaml
@@ -28,7 +28,7 @@ spec:
source:
path: charts/policy-hub
repoURL: 'https://github.com/eclipse-tractusx/policy-hub.git'
- targetRevision: policy-hub-0.1.0-rc.1
+ targetRevision: policy-hub-0.1.0-rc.3
plugin:
env:
- name: AVP_SECRET
diff --git a/consortia/argocd-app-templates/appsetup-stable.yaml b/consortia/argocd-app-templates/appsetup-stable.yaml
index 9ca2e49..1ac0f6a 100644
--- a/consortia/argocd-app-templates/appsetup-stable.yaml
+++ b/consortia/argocd-app-templates/appsetup-stable.yaml
@@ -29,7 +29,7 @@ spec:
source:
path: ''
repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
- targetRevision: policy-hub-0.1.0-rc.1
+ targetRevision: policy-hub-0.1.0-rc.3
plugin:
env:
- name: HELM_VALUES
diff --git a/scripts/download/org.eclipse.dash.licenses-1.0.2.jar b/scripts/download/org.eclipse.dash.licenses-1.1.1-20240213.065029-71.jar
similarity index 58%
rename from scripts/download/org.eclipse.dash.licenses-1.0.2.jar
rename to scripts/download/org.eclipse.dash.licenses-1.1.1-20240213.065029-71.jar
index d26098a..2a031d6 100644
Binary files a/scripts/download/org.eclipse.dash.licenses-1.0.2.jar and b/scripts/download/org.eclipse.dash.licenses-1.1.1-20240213.065029-71.jar differ
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
index 9e78a55..9c39635 100644
--- a/src/Directory.Build.props
+++ b/src/Directory.Build.props
@@ -20,6 +20,6 @@
0.1.0
- rc.1
+ rc.3
diff --git a/src/database/PolicyHub.DbAccess/PolicyHub.DbAccess.csproj b/src/database/PolicyHub.DbAccess/PolicyHub.DbAccess.csproj
index c8f8287..8bf47f1 100644
--- a/src/database/PolicyHub.DbAccess/PolicyHub.DbAccess.csproj
+++ b/src/database/PolicyHub.DbAccess/PolicyHub.DbAccess.csproj
@@ -33,8 +33,8 @@
-
-
+
+
diff --git a/src/database/PolicyHub.Migrations/PolicyHub.Migrations.csproj b/src/database/PolicyHub.Migrations/PolicyHub.Migrations.csproj
index b9d63fd..49e0668 100644
--- a/src/database/PolicyHub.Migrations/PolicyHub.Migrations.csproj
+++ b/src/database/PolicyHub.Migrations/PolicyHub.Migrations.csproj
@@ -45,8 +45,8 @@
-
-
+
+
diff --git a/src/hub/PolicyHub.Service/BusinessLogic/PolicyHubBusinessLogic.cs b/src/hub/PolicyHub.Service/BusinessLogic/PolicyHubBusinessLogic.cs
index c888798..f84ec81 100644
--- a/src/hub/PolicyHub.Service/BusinessLogic/PolicyHubBusinessLogic.cs
+++ b/src/hub/PolicyHub.Service/BusinessLogic/PolicyHubBusinessLogic.cs
@@ -23,7 +23,7 @@
using Org.Eclipse.TractusX.PolicyHub.Entities.Enums;
using Org.Eclipse.TractusX.PolicyHub.Service.Extensions;
using Org.Eclipse.TractusX.PolicyHub.Service.Models;
-using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Library;
+using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling;
using System.Text.RegularExpressions;
namespace Org.Eclipse.TractusX.PolicyHub.Service.BusinessLogic;
diff --git a/src/hub/PolicyHub.Service/Controllers/PolicyHubController.cs b/src/hub/PolicyHub.Service/Controllers/PolicyHubController.cs
index 0b6e5ea..a4e5724 100644
--- a/src/hub/PolicyHub.Service/Controllers/PolicyHubController.cs
+++ b/src/hub/PolicyHub.Service/Controllers/PolicyHubController.cs
@@ -23,7 +23,7 @@
using Org.Eclipse.TractusX.PolicyHub.Service.BusinessLogic;
using Org.Eclipse.TractusX.PolicyHub.Service.Extensions;
using Org.Eclipse.TractusX.PolicyHub.Service.Models;
-using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Library;
+using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Service;
using System.Diagnostics.CodeAnalysis;
namespace Org.Eclipse.TractusX.PolicyHub.Service.Controllers;
diff --git a/src/hub/PolicyHub.Service/Extensions/RouteHandlerBuilderExtensions.cs b/src/hub/PolicyHub.Service/Extensions/RouteHandlerBuilderExtensions.cs
index 028f875..9c4b871 100644
--- a/src/hub/PolicyHub.Service/Extensions/RouteHandlerBuilderExtensions.cs
+++ b/src/hub/PolicyHub.Service/Extensions/RouteHandlerBuilderExtensions.cs
@@ -17,7 +17,7 @@
* SPDX-License-Identifier: Apache-2.0
********************************************************************************/
-using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Library;
+using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Service;
using System.Diagnostics.CodeAnalysis;
namespace Org.Eclipse.TractusX.PolicyHub.Service.Extensions;
diff --git a/src/hub/PolicyHub.Service/PolicyHub.Service.csproj b/src/hub/PolicyHub.Service/PolicyHub.Service.csproj
index 812af2b..183e60c 100644
--- a/src/hub/PolicyHub.Service/PolicyHub.Service.csproj
+++ b/src/hub/PolicyHub.Service/PolicyHub.Service.csproj
@@ -34,9 +34,9 @@
-
-
-
+
+
+
diff --git a/src/hub/PolicyHub.Service/Program.cs b/src/hub/PolicyHub.Service/Program.cs
index ef8bc23..da2abc8 100644
--- a/src/hub/PolicyHub.Service/Program.cs
+++ b/src/hub/PolicyHub.Service/Program.cs
@@ -17,6 +17,7 @@
* SPDX-License-Identifier: Apache-2.0
********************************************************************************/
+using Microsoft.AspNetCore.Authentication;
using Org.Eclipse.TractusX.PolicyHub.DbAccess.DependencyInjection;
using Org.Eclipse.TractusX.PolicyHub.Service.Authentication;
using Org.Eclipse.TractusX.PolicyHub.Service.Controllers;
@@ -26,9 +27,10 @@
const string Version = "v2";
WebApplicationBuildRunner
- .BuildAndRunWebApplication(args, "policy-hub", Version, ".Hub",
+ .BuildAndRunWebApplication(args, "policy-hub", Version, ".Hub",
builder =>
{
+ builder.Services.AddTransient();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHubRepositories(builder.Configuration);
builder.Services.ConfigureHttpJsonOptions(options =>
@@ -45,5 +47,4 @@
app.MapGroup("/api")
.WithOpenApi()
.MapPolicyHubApi();
- },
- null);
+ });
diff --git a/tests/hub/PolicyHub.Service.Tests/BusinessLogic/PolicyHubBusinessLogicTests.cs b/tests/hub/PolicyHub.Service.Tests/BusinessLogic/PolicyHubBusinessLogicTests.cs
index 12288fa..45879bf 100644
--- a/tests/hub/PolicyHub.Service.Tests/BusinessLogic/PolicyHubBusinessLogicTests.cs
+++ b/tests/hub/PolicyHub.Service.Tests/BusinessLogic/PolicyHubBusinessLogicTests.cs
@@ -23,7 +23,7 @@
using Org.Eclipse.TractusX.PolicyHub.Entities.Enums;
using Org.Eclipse.TractusX.PolicyHub.Service.BusinessLogic;
using Org.Eclipse.TractusX.PolicyHub.Service.Models;
-using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Library;
+using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling;
namespace Org.Eclipse.TractusX.PolicyHub.Service.Tests.BusinessLogic;
diff --git a/tests/hub/PolicyHub.Service.Tests/Controllers/PolicyHubControllerTests.cs b/tests/hub/PolicyHub.Service.Tests/Controllers/PolicyHubControllerTests.cs
index 751b84c..51abed3 100644
--- a/tests/hub/PolicyHub.Service.Tests/Controllers/PolicyHubControllerTests.cs
+++ b/tests/hub/PolicyHub.Service.Tests/Controllers/PolicyHubControllerTests.cs
@@ -21,7 +21,7 @@
using Org.Eclipse.TractusX.PolicyHub.Entities.Enums;
using Org.Eclipse.TractusX.PolicyHub.Service.Models;
using Org.Eclipse.TractusX.PolicyHub.Service.Tests.Setup;
-using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Library;
+using Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.Service;
using System.Net;
using System.Net.Http.Json;
using System.Text.Json;