Merge pull request #39 from catenax-ng/main

docs|chore: backport of release/tag workflow improvements/shortcomings and new trgs
eclipse-tractusx · Sep 4, 2023 · 2e2cb2b · 2e2cb2b
2 parents e72d15b + 4d51986
commit 2e2cb2b
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 31 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -25,23 +25,22 @@ on:
   push:
     branches:
       - main
-      - 'releases/**'
+      - 'release/*'
+    # Can be scheduled on all branches and version tags
+    tags:
+      - 'v*.*.*'
+      - 'v*.*.*-*'
   # Runs automatically on all code-related PRs to main and release branches
   pull_request:
     branches:
       - main
-      - 'releases/**'
+      - 'release/*'
     paths-ignore:
       - 'charts/**'
       - 'docs/**'
       - '**/*.md'
-  # Can be scheduled on all branches and version tags
+  # Manual workflow trigger
   workflow_dispatch:
-    tags:
-      - 'v*.*.*'
-      - 'v*.*.*-*'
-    branches:
-      - '*'
 
 # the docker registry and namespace
 env:
@@ -73,7 +72,7 @@ jobs:
       # Setup build environment
       - uses: ./.github/actions/setup-java
 
-      # Enabled deployment access (if either running on main or a version tag on eclipse-tractusx) 
+      # Enabled deployment access (if either running on main or a version tag on eclipse-tractusx)
       - name: Login to GitHub Container Registry
         if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }}
         uses: docker/login-action@v2
@@ -82,7 +81,7 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
-      # Run Maven Deploy (if either running on main or a version tag on eclipse-tractusx) 
+      # Run Maven Deploy (if either running on main or a version tag on eclipse-tractusx)
       - name: Deploy Java via Maven
         if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents'  && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }}
         run: |
@@ -107,7 +106,7 @@ jobs:
         with:
           images: |
             ${{ env.IMAGE_NAMESPACE }}/conforming-agent
-          # Automatically prepare image tags; See action docs for more examples. 
+          # Automatically prepare image tags; See action docs for more examples.
           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
           tags: |
             type=sha,event=branch
@@ -134,7 +133,7 @@ jobs:
         if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents'  && github.ref == 'refs/heads/main' }}
         uses: peter-evans/dockerhub-description@v3
         with:
-          readme-filepath: conforming/README.md 
+          readme-filepath: conforming/README.md
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/conforming-agent
@@ -146,7 +145,7 @@ jobs:
         with:
           images: |
             ${{ env.IMAGE_NAMESPACE }}/remoting-agent
-          # Automatically prepare image tags; See action docs for more examples. 
+          # Automatically prepare image tags; See action docs for more examples.
           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
           tags: |
             type=sha,event=branch
@@ -173,7 +172,7 @@ jobs:
         if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents'  && github.ref == 'refs/heads/main' }}
         uses: peter-evans/dockerhub-description@v3
         with:
-          readme-filepath: remoting/README.md 
+          readme-filepath: remoting/README.md
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/remoting-agent
@@ -185,7 +184,7 @@ jobs:
         with:
           images: |
             ${{ env.IMAGE_NAMESPACE }}/provisioning-agent
-          # Automatically prepare image tags; See action docs for more examples. 
+          # Automatically prepare image tags; See action docs for more examples.
           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
           tags: |
             type=sha,event=branch
@@ -212,8 +211,8 @@ jobs:
         if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents'  && github.ref == 'refs/heads/main' }}
         uses: peter-evans/dockerhub-description@v3
         with:
-          readme-filepath: provisioning/README.md 
+          readme-filepath: provisioning/README.md
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
           repository: ${{ env.IMAGE_NAMESPACE }}/provisioning-agent
-        
+
diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml
@@ -25,14 +25,14 @@ on:
   push:
     branches:
       - main
-      - 'releases/**'
+      - 'release/*'
     paths:
       - .github/workflows/**
       - charts/**
   pull_request:
     branches:
       - main
-      - 'releases/**'
+      - 'release/*'
     paths:
       - .github/workflows/**
       - charts/**
@@ -76,12 +76,12 @@ jobs:
         uses: helm/[email protected]
 
       - name: Run chart-testing (lint)
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/config/chart-testing-config.yaml
+        run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml
 
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          changed=$(ct list-changed --target-branch ${{ github.base_ref || github.ref_name }})
           if [[ -n "$changed" ]]; then
             echo "CHART_CHANGED=true" >> $GITHUB_ENV
           fi

diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm-chart-release.yml
@@ -22,17 +22,14 @@ name: Release Charts
 on:
   # May be invoked manually
   workflow_dispatch:
-    branches:
-      - main
-      - 'releases/**'
   # Or by pushing to the chart dir of some dev/ release branch
   push:
     # prevent unnecessary GH action runs for files outside of charts folder
     paths:
       - 'charts/**'
     branches:
       - main
-      - 'releases/**'
+      - 'release/*'
 
 jobs:
   release:
@@ -60,4 +57,4 @@ jobs:
       - name: Run chart-releaser
         uses: helm/[email protected]
         env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
@@ -24,11 +24,11 @@ on:
   push:
     branches: 
      - main
-     - 'releases/**'
+     - 'release/*'
   pull_request:
     branches: 
       - main
-      - 'releases/**'
+      - 'release/*'
 
   workflow_dispatch:
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,7 +24,7 @@ All notable changes to this product will be documented in this file.
 
 # Released
 
-## [1.9.8] - 
+## [1.9.8] - 2023-09-04
 
 ### Added
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -21,5 +21,18 @@
 
 ## Reporting a Vulnerability
 
-Please report a found vulnerability here:
-[https://www.eclipse.org/security/](https://www.eclipse.org/security/)
+Please do **not** report security vulnerabilities through public GitHub issues.
+
+Please report vulnerabilities to this repository via **GitHub security advisories** instead.
+
+__How?__ Inside affected repository --> security tab
+
+for contributor:
+--> Report a vulnerability
+
+for committer:
+--> advisories --> New draft security advisory
+
+In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/
+
+See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability).