diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 43234e8f..363f2141 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,23 +25,22 @@ on: push: branches: - main - - 'releases/**' + - 'release/*' + # Can be scheduled on all branches and version tags + tags: + - 'v*.*.*' + - 'v*.*.*-*' # Runs automatically on all code-related PRs to main and release branches pull_request: branches: - main - - 'releases/**' + - 'release/*' paths-ignore: - 'charts/**' - 'docs/**' - '**/*.md' - # Can be scheduled on all branches and version tags + # Manual workflow trigger workflow_dispatch: - tags: - - 'v*.*.*' - - 'v*.*.*-*' - branches: - - '*' # the docker registry and namespace env: @@ -73,7 +72,7 @@ jobs: # Setup build environment - uses: ./.github/actions/setup-java - # Enabled deployment access (if either running on main or a version tag on eclipse-tractusx) + # Enabled deployment access (if either running on main or a version tag on eclipse-tractusx) - name: Login to GitHub Container Registry if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }} uses: docker/login-action@v2 @@ -82,7 +81,7 @@ jobs: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - # Run Maven Deploy (if either running on main or a version tag on eclipse-tractusx) + # Run Maven Deploy (if either running on main or a version tag on eclipse-tractusx) - name: Deploy Java via Maven if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }} run: | @@ -107,7 +106,7 @@ jobs: with: images: | ${{ env.IMAGE_NAMESPACE }}/conforming-agent - # Automatically prepare image tags; See action docs for more examples. + # Automatically prepare image tags; See action docs for more examples. # semver patter will generate tags like these for example :1 :1.2 :1.2.3 tags: | type=sha,event=branch @@ -134,7 +133,7 @@ jobs: if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents' && github.ref == 'refs/heads/main' }} uses: peter-evans/dockerhub-description@v3 with: - readme-filepath: conforming/README.md + readme-filepath: conforming/README.md username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/conforming-agent @@ -146,7 +145,7 @@ jobs: with: images: | ${{ env.IMAGE_NAMESPACE }}/remoting-agent - # Automatically prepare image tags; See action docs for more examples. + # Automatically prepare image tags; See action docs for more examples. # semver patter will generate tags like these for example :1 :1.2 :1.2.3 tags: | type=sha,event=branch @@ -173,7 +172,7 @@ jobs: if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents' && github.ref == 'refs/heads/main' }} uses: peter-evans/dockerhub-description@v3 with: - readme-filepath: remoting/README.md + readme-filepath: remoting/README.md username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/remoting-agent @@ -185,7 +184,7 @@ jobs: with: images: | ${{ env.IMAGE_NAMESPACE }}/provisioning-agent - # Automatically prepare image tags; See action docs for more examples. + # Automatically prepare image tags; See action docs for more examples. # semver patter will generate tags like these for example :1 :1.2 :1.2.3 tags: | type=sha,event=branch @@ -212,8 +211,8 @@ jobs: if: ${{ github.repository == 'eclipse-tractusx/knowledge-agents' && github.ref == 'refs/heads/main' }} uses: peter-evans/dockerhub-description@v3 with: - readme-filepath: provisioning/README.md + readme-filepath: provisioning/README.md username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} repository: ${{ env.IMAGE_NAMESPACE }}/provisioning-agent - + diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 1bd6346f..ff7a7b44 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -25,14 +25,14 @@ on: push: branches: - main - - 'releases/**' + - 'release/*' paths: - .github/workflows/** - charts/** pull_request: branches: - main - - 'releases/**' + - 'release/*' paths: - .github/workflows/** - charts/** @@ -76,12 +76,12 @@ jobs: uses: helm/chart-testing-action@v2.3.1 - name: Run chart-testing (lint) - run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/config/chart-testing-config.yaml + run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml - name: Run chart-testing (list-changed) id: list-changed run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + changed=$(ct list-changed --target-branch ${{ github.base_ref || github.ref_name }}) if [[ -n "$changed" ]]; then echo "CHART_CHANGED=true" >> $GITHUB_ENV fi diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm-chart-release.yml index 807af4da..e28e285a 100644 --- a/.github/workflows/helm-chart-release.yml +++ b/.github/workflows/helm-chart-release.yml @@ -22,9 +22,6 @@ name: Release Charts on: # May be invoked manually workflow_dispatch: - branches: - - main - - 'releases/**' # Or by pushing to the chart dir of some dev/ release branch push: # prevent unnecessary GH action runs for files outside of charts folder @@ -32,7 +29,7 @@ on: - 'charts/**' branches: - main - - 'releases/**' + - 'release/*' jobs: release: @@ -60,4 +57,4 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.1 env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 421796a0..6d9db321 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -24,11 +24,11 @@ on: push: branches: - main - - 'releases/**' + - 'release/*' pull_request: branches: - main - - 'releases/**' + - 'release/*' workflow_dispatch: diff --git a/CHANGELOG.md b/CHANGELOG.md index 7819f9af..cd485f19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ All notable changes to this product will be documented in this file. # Released -## [1.9.8] - +## [1.9.8] - 2023-09-04 ### Added diff --git a/SECURITY.md b/SECURITY.md index f7217cf5..b2aeef63 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,5 +21,18 @@ ## Reporting a Vulnerability -Please report a found vulnerability here: -[https://www.eclipse.org/security/](https://www.eclipse.org/security/) +Please do **not** report security vulnerabilities through public GitHub issues. + +Please report vulnerabilities to this repository via **GitHub security advisories** instead. + +__How?__ Inside affected repository --> security tab + +for contributor: +--> Report a vulnerability + +for committer: +--> advisories --> New draft security advisory + +In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/ + +See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability). \ No newline at end of file