Merge branch 'refs/heads/main' into chore/1105-extract-agreements

CHANGELOG.md

@@ -16,6 +16,7 @@ _**For better traceability add the corresponding GitHub issue number in each cha
 - #1222 Removed image publishing to GHCR
 - #1222 Adjust backend baseimage in Dockerfile to major version eclipse-temurin:21-jre-alpine
 - #XXX update springboot to 3.2.8 from 3.2.5
+- #XXX define uid and gid of backend Dockerfile directly in user, instead of variables
 
 ## [13.0.0 - 19.07.2024]
 

DEPENDENCIES_BACKEND

@@ -124,13 +124,13 @@ maven/mavencentral/io.prometheus/simpleclient_tracer_common/0.16.0, Apache-2.0,
 maven/mavencentral/io.prometheus/simpleclient_tracer_otel/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_tracer_otel_agent/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.rest-assured/json-path/5.3.2, Apache-2.0, approved, #9261
-maven/mavencentral/io.rest-assured/json-path/5.4.0, Apache-2.0, approved, #12042
+maven/mavencentral/io.rest-assured/json-path/5.5.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.rest-assured/json-schema-validator/5.4.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.rest-assured/rest-assured-common/5.3.2, Apache-2.0, approved, #9264
-maven/mavencentral/io.rest-assured/rest-assured-common/5.4.0, Apache-2.0, approved, #12039
-maven/mavencentral/io.rest-assured/rest-assured/5.4.0, Apache-2.0, approved, #15190
+maven/mavencentral/io.rest-assured/rest-assured-common/5.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.rest-assured/rest-assured/5.5.0, Apache-2.0, approved, #15676
 maven/mavencentral/io.rest-assured/xml-path/5.3.2, Apache-2.0, approved, #9267
-maven/mavencentral/io.rest-assured/xml-path/5.4.0, Apache-2.0, approved, #12038
+maven/mavencentral/io.rest-assured/xml-path/5.5.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.smallrye/jandex/3.1.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.20, Apache-2.0, approved, #5947
 maven/mavencentral/io.swagger.core.v3/swagger-annotations/2.2.18, Apache-2.0, approved, #11362
@@ -174,11 +174,8 @@ maven/mavencentral/org.apache.commons/commons-compress/1.26.1, Apache-2.0 AND (A
 maven/mavencentral/org.apache.commons/commons-lang3/3.11, Apache-2.0, approved, CQ22642
 maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.apache.commons/commons-lang3/3.13.0, Apache-2.0, approved, #9820
-maven/mavencentral/org.apache.groovy/groovy-json/4.0.16, Apache-2.0, approved, #7411
 maven/mavencentral/org.apache.groovy/groovy-json/4.0.22, Apache-2.0, approved, #7411
-maven/mavencentral/org.apache.groovy/groovy-xml/4.0.16, Apache-2.0, approved, #10179
 maven/mavencentral/org.apache.groovy/groovy-xml/4.0.22, Apache-2.0, approved, #10179
-maven/mavencentral/org.apache.groovy/groovy/4.0.16, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742
 maven/mavencentral/org.apache.groovy/groovy/4.0.22, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742
 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0, approved, #15248
 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.13, Apache-2.0, approved, CQ23528

Dockerfile

@@ -41,14 +41,11 @@ RUN --mount=type=cache,target=/root/.m2 mvn -B clean package -pl :$BUILD_TARGET
 # Copy the jar and build image
 FROM eclipse-temurin:21-jre-alpine AS traceability-app
 
-ARG UID=10000
-ARG GID=1000
-
 WORKDIR /app
 
 COPY --chmod=755 --from=maven /build/tx-backend/target/traceability-app-*-exec.jar app.jar
 
-USER ${UID}:${GID}
+USER 10000:1000
 
 ENTRYPOINT ["java", "-jar", "app.jar"]
 

docs/concept/#1108-policy-management-enhancement/#1108-policy-management-enhancement.md

@@ -1,11 +1,11 @@
 # \[Concept\] \[#1108\] Policy management enhancement
 
-| Key           | Value                                                                     |
-|---------------|---------------------------------------------------------------------------|
-| Author        | @ds-crehm                                                                 |
-| Creation date | 02.07.2024                                                                |
-| Ticket Id     | [#849](https://github.com/eclipse-tractusx/traceability-foss/issues/1108) |
-| State         | DRAFT                                                                     |
+| Key           | Value                                                                      |
+|---------------|----------------------------------------------------------------------------|
+| Author        | @ds-crehm                                                                  |
+| Creation date | 02.07.2024                                                                 |
+| Ticket Id     | [#1108](https://github.com/eclipse-tractusx/traceability-foss/issues/1108) |
+| State         | DRAFT                                                                      |
 
 # Table of Contents
 1. [Overview](#overview)
@@ -22,22 +22,22 @@ It must be possible for users to change policies used for asset provisioning and
   - [ ] Part will be synchronized automatically afterwards
 - [ ] Policy updates trigger an update and synchronization of all related parts
 - [ ] When sending notifications, the active policy for the respective BPN is used for contract negotiation
-- [ ] User can not create valid, active policies for BPNs that already have a valid, active policy
+- [ ] User can not create policies with expiration date in the future for BPNs that already have a policy with an expiration date in the future.
   - [ ] If he wants to do so anyways, the existing policies will be invalidated (validUntil = currentTime). -> Before doing that, a modal will ask him for confirmation.
-- [ ] If the EDC of the receiving BPN provides multiple contract offers, Trace-X will check if **any of them** are active and match the own policy definition. In that case, the data will be sent. This applies to data provisioning and notification transmission.
-- [ ] After startup, additional policy is created for the own BPN. Its constraints are identical to the default-policy and it will be used for the initial contractOffer creation.
-- [ ] contractOffer is only updated when the policy for the own BPN is changed or when a new policy for the own BPN is created.
+- [ ] If the EDC of the receiving BPN provides multiple contract offers with included policies, Trace-X will check if **any of them** are active and match the own policy definition. In that case, the data will be sent. This applies to data provisioning and notification transmission.
+- [ ] After startup, an additional policy is created for the own BPN. Its constraints are identical to the default-policy and it will be used for the initial contractOffer creation.
+- [ ] The contractOffer is only updated when the policy for the own BPN is changed or when a new policy for the own BPN is created.
 - [ ] There must always be one policy with the own BPN included. It can not be deleted. The validUntil date for this one should be *null* and cannot be set to a different value.
-- [ ] Default-policy is always used for sending notifications, when there is no policy defined for the receiver BPN.
+- [ ] The default-policy is always used for sending notifications, when there is no policy defined for the receiver BPN.
 
 # Concept
 
 ## When to update policies for parts
-A part can be republished with a different policy -> in this case the policy must be updated with the chosen policy and then republished.
-For this the policy update process below must be used and then the existing publish-process can be used to republish and synchronize the part.
+A part can be republished with a different policy. For this the administrator can simply select the part again and trigger the publish action. There he can select the desired policy.
+Then the policy update process below can be used to update the policy for the part, which will then be republished.
 
 When a policy is updated, all parts that used this policy must be updated and republished with the new policy.
-In this case, all parts using that policy must be updated. For this Trace-X must iterate through all parts and check if they use the changed policy.
+For this Trace-X must iterate through all parts and check if they use the changed policy.
 Then the affected parts must have their policies updated.
 
 ## Policy update process for parts