Merge pull request #2 from catenax-ng/main

First PR after initial contribution

.github/workflows/codeql.yml

@@ -21,7 +21,7 @@ on:
       - '**/*.md'
       - '**/*.txt'
   schedule:
-    - cron: '00 */1 * * 1-5'
+    - cron: '0 1 * * 1-5' # At 01:00 on every day-of-week from Monday through Friday.
 
 jobs:
   analyze:

.github/workflows/eclipse-dash.yml

@@ -3,8 +3,7 @@ name: "Eclipse DASH IP Check"
 on:
   workflow_dispatch:
   push:
-    branches-ignore:
-      - 'main'
+
 
 jobs:
   build:

.github/workflows/helm-chart-release.yaml

@@ -9,7 +9,35 @@ on:
       - 'charts/**'
 
 jobs:
+  get-helm-charts-versions:
+    outputs:
+      latest_version: ${{ steps.step1.outputs.latest_version }}
+      current_version: ${{ steps.step2.outputs.current_version }}
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Get helm charts latest tag version
+        id: step1
+        run: |
+          latestVersion=$(git tag | grep "irs-helm-[1-9]" | tail -1)
+          echo "::set-output name=latest_version::$latestVersion"
+          echo "Exported $latestVersion latest helm charts version"
+      - name: Get helm charts current version
+        id: step2
+        run: |
+          chartVersion=irs-helm-$(cat ./charts/irs/Chart.yaml | grep "version:" | head -1 | cut -d ":" -d " " -f2)
+          echo "::set-output name=current_version::$chartVersion"
+          echo "Exported $chartVersion helm charts version"
+
   release:
+    needs: "get-helm-charts-versions"
+    if: needs.get-helm-charts-versions.outputs.latest_version != needs.get-helm-charts-versions.outputs.current_version
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
     # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
     permissions:

.github/workflows/int-setup-testdata.yml

@@ -7,32 +7,16 @@ on:
         description: 'Path to Testdata file on GitHub'
         required: true
         type: string
-      submodelUrl1:
-        description: 'URL for Submodel server 1'
-        required: true
-        type: string
-      submodelUrl2:
-        description: 'URL for Submodel server 2'
-        required: true
-        type: string
-      submodelUrl3:
-        description: 'URL for Submodel server 3'
+      submodelUrls:
+        description: 'Space-separated list of Submodel server URLs'
         required: true
         type: string
       aasUrl:
         description: 'Digital twin registry URL'
         required: true
         type: string
-      edcUrl1:
-        description: 'Provider 1 control plane URL'
-        required: true
-        type: string
-      edcUrl2:
-        description: 'Provider 2 control plane URL'
-        required: true
-        type: string
-      edcUrl3:
-        description: 'Provider 3 control plane URL'
+      edcUrls:
+        description: 'Space-separated list of Provider control plane URLs'
         required: true
         type: string
       edcApiKey:
@@ -62,60 +46,40 @@ jobs:
         if: ${{ github.event.inputs.esrUrl == '' }}
         env:
           TESTFILE_PATH: ${{ github.event.inputs.testfilePath }}
-          SUBMODEL_URL_1: ${{ github.event.inputs.submodelUrl1 }}
-          SUBMODEL_URL_2: ${{ github.event.inputs.submodelUrl2 }}
-          SUBMODEL_URL_3: ${{ github.event.inputs.submodelUrl3 }}
+          SUBMODEL_URLs: ${{ github.event.inputs.submodelUrls }}
           AAS_URL: ${{ github.event.inputs.aasUrl }}
-          EDC_URL_1: ${{ github.event.inputs.edcUrl1 }}
-          EDC_URL_2: ${{ github.event.inputs.edcUrl2 }}
-          EDC_URL_3: ${{ github.event.inputs.edcUrl3 }}
+          EDC_URLs: ${{ github.event.inputs.edcUrls }}
           EDC_API_KEY: ${{ github.event.inputs.edcApiKey }}
         run: |
           python testdata-transform/reset-env.py \
           -a $AAS_URL \
-          -e1 $EDC_URL_1 \
-          -e2 $EDC_URL_2 \
-          -e3 $EDC_URL_3 \
+          -edc $EDC_URLs \
           -k $EDC_API_KEY
           python testdata-transform/transform-and-upload.py \
           -f $TESTFILE_PATH \
-          -s1 $SUBMODEL_URL_1 \
-          -s2 $SUBMODEL_URL_2 \
-          -s3 $SUBMODEL_URL_3 \
+          -s $SUBMODEL_URLs \
           -a $AAS_URL \
-          -e1 $EDC_URL_1 \
-          -e2 $EDC_URL_2 \
-          -e3 $EDC_URL_3 \
+          -edc $EDC_URLs \
           -k $EDC_API_KEY
 
       - name: Delete existing and setup new test data on provider EDC and Registry
         if: ${{ github.event.inputs.esrUrl != '' }}
         env:
           TESTFILE_PATH: ${{ github.event.inputs.testfilePath }}
-          SUBMODEL_URL_1: ${{ github.event.inputs.submodelUrl1 }}
-          SUBMODEL_URL_2: ${{ github.event.inputs.submodelUrl2 }}
-          SUBMODEL_URL_3: ${{ github.event.inputs.submodelUrl3 }}
+          SUBMODEL_URLs: ${{ github.event.inputs.submodelUrls }}
           AAS_URL: ${{ github.event.inputs.aasUrl }}
-          EDC_URL_1: ${{ github.event.inputs.edcUrl1 }}
-          EDC_URL_2: ${{ github.event.inputs.edcUrl2 }}
-          EDC_URL_3: ${{ github.event.inputs.edcUrl3 }}
+          EDC_URLs: ${{ github.event.inputs.edcUrls }}
           EDC_API_KEY: ${{ github.event.inputs.edcApiKey }}
           ESR_URL: ${{ github.event.inputs.esrUrl }}
         run: |
           python testdata-transform/reset-env.py \
           -a $AAS_URL \
-          -e1 $EDC_URL_1 \
-          -e2 $EDC_URL_2 \
-          -e3 $EDC_URL_3 \
+          -edc $EDC_URLs \
           -k $EDC_API_KEY
           python testdata-transform/transform-and-upload.py \
           -f $TESTFILE_PATH \
-          -s1 $SUBMODEL_URL_1 \
-          -s2 $SUBMODEL_URL_2 \
-          -s3 $SUBMODEL_URL_3 \
+          -s $SUBMODEL_URLs \
           -a $AAS_URL \
-          -e1 $EDC_URL_1 \
-          -e2 $EDC_URL_2 \
-          -e3 $EDC_URL_3 \
-          -k $EDC_API_KEY \
+          -edc $EDC_URLs \
+          -k $EDC_API_KEY
           -e $ESR_URL 

.github/workflows/irs-build.yml

@@ -44,7 +44,7 @@ jobs:
         run: |
           mvn --batch-mode --update-snapshots \
           verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-          -Dsonar.projectKey=catenax-ng_product-item-relationship-service 
+          -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
 
   build_images:
     strategy:
@@ -62,10 +62,16 @@ jobs:
           DOCKER_BUILDKIT=1 docker build --build-arg BUILD_TARGET=${{ matrix.image }} --target ${{ matrix.image }} -t ${{ matrix.image }}:latest .
 
       - name: Log in to registry
+        env:
+          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
+        if: env.DOCKER_HUB_USER == ''
         # This is where you will update the PAT to GITHUB_TOKEN
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
-      - name: Push image
+      - name: Push image (GHCR)
+        env:
+          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
+        if: env.DOCKER_HUB_USER == ''
         run: |
           IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}
           # Change all uppercase to lowercase
@@ -82,4 +88,32 @@ jobs:
           docker push $IMAGE_ID:$VERSION
           
           docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA
-          docker push $IMAGE_ID:$GITHUB_SHA
+          docker push $IMAGE_ID:$GITHUB_SHA
+          
+      - name: Login to Docker Hub
+        env:
+          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
+        if: env.DOCKER_HUB_USER != ''
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Push image (DockerHub)
+        env:
+          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
+        if: env.DOCKER_HUB_USER != ''
+        run: |
+          IMAGE_ID=tractusx/${{ matrix.image }}
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          # Strip "v" prefix from tag name
+          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "main" ] && VERSION=latest
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
+          docker tag ${{ matrix.image }} $IMAGE_ID:$VERSION
+          docker push $IMAGE_ID:$VERSION

.github/workflows/kics.yml

@@ -30,7 +30,8 @@ jobs:
           # Scanning directory .
           path: "."
           # Exclude paths or files from scan
-          exclude_paths: "api/irs-v1.0.yaml"
+          # exclude_paths: "api/irs-v1.0.yaml"
+          exclude_paths: api-tests/irs-api-tests.tavern.yaml,charts/irs-environments/local/*
           # Fail on HIGH severity results
           fail_on: high
           # when provided with a directory on output_path
@@ -56,6 +57,12 @@ jobs:
             edc4c9ac9ee139c0d7947410439b66e3c6290cb97a37d97a7519d3d5e56a5a84,\
             7f3e9461a3abdb7a281fdc736fb0827e69e9278ccd6b929bd32fc2d84336f68c,\
             10e4fff1f26f0a765423e35a7d8952363a6e8961a58e20b3017cd7818745eb36"
+          # Exclude accepted queries from the build
+          exclude_queries: "9f88c88d-824d-4d9a-b985-e22977046042,\
+          00b78adf-b83f-419c-8ed8-c6018441dd3a,\
+          8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85,\
+          8c81d6c0-716b-49ec-afa5-2d62da4e3f3c,\
+          2d8c175a-6d90-412b-8b0e-e034ea49a1fe"
 
       # Upload findings to GitHub Advanced Security Dashboard
       - name: Upload SARIF file for GitHub Advanced Security Dashboard

.github/workflows/publish-documentation.yaml

@@ -21,14 +21,29 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Setup Graphviz
+        uses: ts-graphviz/setup-graphviz@v1
+
+      - name: Cache maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Build API documentation with Maven
+        run: |
+          mvn clean package -pl irs-models,irs-testing,irs-api -DskipTests --batch-mode
+          cp irs-api/target/generated-sources/openapi/index.html docs/src/docs/api-specification/index.html
+
       - name: Build with Maven
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
         run: |
           mvn -f docs/pom.xml --batch-mode generate-resources
 
       - name: GitHub Pages action
-        uses: peaceiris/actions-gh-pages@v3.7.3
+        uses: peaceiris/actions-gh-pages@v3.9.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: "./docs/target/generated-docs"

.github/workflows/tavern.yml

@@ -0,0 +1,48 @@
+name: Tavern IRS API test
+
+on:
+  workflow_dispatch:
+    inputs:
+      irs-host:
+        type: choice
+        description: IRS environment to test
+        default: 'https://irs.int.demo.catena-x.net'
+        required: true
+        options:
+          - 'https://irs.int.demo.catena-x.net'
+          - 'https://irs.dev.demo.catena-x.net'
+      global-asset-id:
+        type: string
+        description: Global Asset ID to use for the tests
+        default: 'urn:uuid:cce14502-958a-42e1-8bb7-f4f41a9457d0'
+        required: true
+  schedule:
+    - cron: '0 1 * * 1-5' # At 01:00 on every day-of-week from Monday through Friday.
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.10.7
+
+      - name: Install dependencies
+        run: |
+          pip install pytest
+          pip install py
+          pip install tavern
+          pip list
+
+      - name: Run tests
+        env:
+          IRS_HOST: ${{ github.event.inputs.irs-host || 'https://irs.int.demo.catena-x.net' }}
+          KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }}
+          KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }}
+          KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }}
+          GLOBAL_ASSET_ID: ${{ github.event.inputs.global-asset-id || 'urn:uuid:cce14502-958a-42e1-8bb7-f4f41a9457d0' }}
+        run: |
+          python -m pytest api-tests/irs-api-tests.tavern.yaml

.github/workflows/trivy.yml

@@ -40,7 +40,7 @@ jobs:
           format: "sarif"
           output: "trivy-results1.sarif"
           severity: "CRITICAL,HIGH"
-          skip-dirs: "chart/aasregistry,chart/edc-controlplane,chart/edc-dataplane,chart/edc-provider-control-plane,chart/edc-provider-data-plane,chart/submodelservers"
+          skip-dirs: "chart/aasregistry,chart/edc-controlplane,chart/edc-dataplane,chart/edc-provider-control-plane,chart/edc-provider-data-plane,chart/submodelservers,charts/irs-environments/local"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
@@ -86,6 +86,7 @@ jobs:
           output: "trivy-results2.sarif"
           exit-code: "1"
           severity: "CRITICAL,HIGH"
+          trivyignores: ci/.trivyignore
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: always()