Skip to content

Commit

Permalink
Merge pull request #101 from big-data-spaces/feature/2412-release
Browse files Browse the repository at this point in the history
Chore: Prepare TX 2412 E2E Tests
  • Loading branch information
almadigabor authored Oct 18, 2024
2 parents b5d775b + 505c4f0 commit fb8374c
Show file tree
Hide file tree
Showing 18 changed files with 131 additions and 67 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ jobs:
# Get the Code
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
submodules: recursive

Expand Down Expand Up @@ -143,7 +143,7 @@ jobs:
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=1.14.23-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=1.14.24-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
# build in any case, but push only main and version tag settings
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938

# Set-Up
- name: Setup JDK 17
Expand All @@ -63,7 +63,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -75,7 +75,7 @@ jobs:
options: --overwrite

- name: Cache maven packages
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
Expand All @@ -100,4 +100,4 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
2 changes: 1 addition & 1 deletion .github/workflows/dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:

# Get the Code
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
submodules: recursive

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/helm-chart-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
steps:
# get the code
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0

Expand All @@ -79,7 +79,7 @@ jobs:
cache: 'maven'

# Set-Up Python
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: 3.9

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-chart-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/kics.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
security-events: write

steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0


#
Expand All @@ -70,6 +70,6 @@ jobs:

- name: Upload SARIF file for GitHub Advanced Security Dashboard
if: always()
uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6
uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
with:
sarif_file: kicsResults/results.sarif
8 changes: 4 additions & 4 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
contents: read
security-events: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
with:
Expand All @@ -67,7 +67,7 @@ jobs:
output: "trivy-results-config.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
if: always()
with:
sarif_file: "trivy-results-config.sarif"
Expand Down Expand Up @@ -100,7 +100,7 @@ jobs:
fi
exit 0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

# Enable repository access (on main branch and version tags only)
- name: Login to GitHub Container Registry
Expand Down Expand Up @@ -133,6 +133,6 @@ jobs:

- name: Upload Trivy scan results to GitHub Security tab
if: success() && steps.imageCheck.outcome != 'failure'
uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
with:
sarif_file: "trivy-results-${{ matrix.image }}.sarif"
41 changes: 41 additions & 0 deletions .github/workflows/trufflehog.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: "TruffleHog"

on:
push:
branches: ["main"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["main"]
schedule:
- cron: "0 0 * * *" # Once a day
workflow_dispatch:

permissions:
actions: read
contents: read
security-events: write
id-token: write
issues: write

jobs:
ScanSecrets:
name: Scan secrets
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Ensure full clone for pull request workflows

- name: TruffleHog OSS
id: trufflehog
uses: trufflesecurity/trufflehog@main

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning on line 32 in .github/workflows/trufflehog.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
continue-on-error: true
with:
path: ./ # Scan the entire repository
base: "${{ github.event.repository.default_branch }}" # Set base branch for comparison (pull requests)
extra_args: --filter-entropy=4 --results=verified,unknown --debug

- name: Scan Results Status
if: steps.trufflehog.outcome == 'failure'
run: exit 1 # Set workflow run to failure if TruffleHog finds secrets
56 changes: 28 additions & 28 deletions DEPENDENCIES
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ maven/mavencentral/com.digitalpetri.fsm/strict-machine/0.6, Apache-2.0, approved
maven/mavencentral/com.digitalpetri.netty/netty-channel-fsm/0.8, Apache-2.0, approved, #6168
maven/mavencentral/com.ethlo.time/itu/1.8.0, Apache-2.0, approved, #12927
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, Apache-2.0 AND MIT, approved, #13665
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.16.1, Apache-2.0, approved, #12438
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.3, Apache-2.0, approved, #15207
Expand All @@ -27,7 +27,7 @@ maven/mavencentral/com.google.guava/failureaccess/1.0.2, Apache-2.0, approved, C
maven/mavencentral/com.google.guava/guava/33.1.0-jre, Apache-2.0 AND CC0-1.0, approved, #13675
maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava, Apache-2.0, approved, CQ22657
maven/mavencentral/com.google.j2objc/j2objc-annotations/3.0.0, Apache-2.0, approved, #13676
maven/mavencentral/com.google.protobuf/protobuf-java/4.26.1, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/com.google.protobuf/protobuf-java/3.25.5, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.networknt/json-schema-validator/1.3.3, Apache-2.0 AND Unicode-TOU, approved, #13037
maven/mavencentral/com.squareup.okhttp3/mockwebserver/4.12.0, Apache-2.0, approved, clearlydefined
Expand Down Expand Up @@ -103,9 +103,9 @@ maven/mavencentral/org.apache.poi/poi/5.2.5, Apache-2.0 AND (Apache-2.0 AND BSD-
maven/mavencentral/org.apache.thrift/libthrift/0.19.0, Apache-2.0, approved, #15687
maven/mavencentral/org.apache.xmlbeans/xmlbeans/5.2.0, Apache-2.0, approved, #11782
maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.77, MIT, approved, #11593
maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.77, MIT AND CC0-1.0, approved, #11595
maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.77, MIT, approved, #11596
maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434
maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433
maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435
maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined
maven/mavencentral/org.codehaus.janino/commons-compiler/3.1.11, BSD-3-Clause, approved, #13293
maven/mavencentral/org.codehaus.janino/janino/3.1.11, BSD-3-Clause, approved, #13292
Expand Down Expand Up @@ -133,24 +133,24 @@ maven/mavencentral/org.eclipse.milo/stack-core/0.6.12, EPL-2.0, approved, iot.mi
maven/mavencentral/org.eclipse.milo/stack-server/0.6.12, EPL-2.0, approved, iot.milo
maven/mavencentral/org.eclipse.paho/org.eclipse.paho.client.mqttv3/1.2.5, EPL-1.0 OR BSD-3-Clause, approved, iot.paho
maven/mavencentral/org.eclipse.parsson/parsson/1.1.5, EPL-2.0, approved, ee4j.parsson
maven/mavencentral/org.eclipse.rdf4j/rdf4j-collection-factory-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-annotation/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-exception/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-io/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-iterator/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-text/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-transaction/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-util/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-xml/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-vocabulary/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-model/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-query/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryalgebra-model/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-sparqlxml/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-rio-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-sail-api/4.3.8, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-collection-factory-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-annotation/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-exception/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-io/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-iterator/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-text/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-transaction/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-util/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-common-xml/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-model-vocabulary/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-model/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-query/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryalgebra-model/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-queryresultio-sparqlxml/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-rio-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.eclipse.rdf4j/rdf4j-sail-api/4.3.14, BSD-3-Clause, approved, technology.rdf4j
maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl
maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl
maven/mavencentral/org.glassfish.jaxb/txw2/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl
Expand All @@ -162,11 +162,11 @@ maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, a
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865
maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.2, EPL-2.0, approved, #9714
maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.2, EPL-2.0, approved, #9711
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #15250
maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.2, EPL-2.0, approved, #9715
maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.2, EPL-2.0, approved, #9709
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.11.0, EPL-2.0, approved, #15935
maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.11.0, EPL-2.0, approved, #15939
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.11.0, EPL-2.0, approved, #15940
maven/mavencentral/org.junit.platform/junit-platform-commons/1.11.0, EPL-2.0, approved, #15936
maven/mavencentral/org.junit.platform/junit-platform-engine/1.11.0, EPL-2.0, approved, #15932
maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
maven/mavencentral/org.reflections/reflections/0.10.2, Apache-2.0 AND WTFPL, approved, clearlydefined
Expand Down
4 changes: 2 additions & 2 deletions NOTICE.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ You may recreate an up-to-date DEPENDENCIES file by invoking
```

The KA-AAS build and runtime platform is relying on:
* [Java Runtime Environment (JRE >=11 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java-Laufzeitumgebung)
* [Java Development Kit (JDK >=11 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java_Development_Kit)
* [Java Runtime Environment (JRE >=17 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java-Laufzeitumgebung)
* [Java Development Kit (JDK >=17 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java_Development_Kit)
* [Apache Maven >=3.8 (Apache License 2.0)](https://maven.apache.org)
* [Eclipse Dash (Eclipse Public License 2.0)](https://github.com/eclipse/dash-licenses)
* [Docker Engine >= 20.10.17 (Apache License 2.0)]()
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ kubectl wait --namespace ingress-nginx \
--selector=app.kubernetes.io/component=controller \
--timeout=90s
# transfer images
kind load docker-image docker.io/tractusx/aas-bridge:1.14.23-SNAPSHOT --name ka
kind load docker-image docker.io/tractusx/aas-bridge:1.14.24-SNAPSHOT --name ka
# run container test
ct install --charts charts/aas-bridge
```
Expand Down
4 changes: 2 additions & 2 deletions charts/aas-bridge/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ home: https://github.com/eclipse-tractusx/knowledge-agents-aas-bridge/
sources:
- https://github.com/eclipse-tractusx/knowledge-agents-aas-bridge/tree/main/sparql-aas
type: application
appVersion: "1.14.23-SNAPSHOT"
version: 1.14.23-SNAPSHOT
appVersion: "1.14.24-SNAPSHOT"
version: 1.14.24-SNAPSHOT
maintainers:
- name: 'Tractus-X Knowledge Agents Team'
4 changes: 2 additions & 2 deletions charts/aas-bridge/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

# aas-bridge

![Version: 1.14.23-SNAPSHOT](https://img.shields.io/badge/Version-0.13.6--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.14.23-SNAPSHOT](https://img.shields.io/badge/AppVersion-0.13.6--SNAPSHOT-informational?style=flat-square)
![Version: 1.14.24-SNAPSHOT](https://img.shields.io/badge/Version-0.13.6--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.14.24-SNAPSHOT](https://img.shields.io/badge/AppVersion-0.13.6--SNAPSHOT-informational?style=flat-square)

A Helm chart for the Tractus-X Knowledge Agents AAS Bridge which is a container to provide an AAS server/registry on top of a knowledge graph/SPARQL landscape.

Expand All @@ -32,7 +32,7 @@ This chart has no prerequisites.
## TL;DR
```shell
$ helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
$ helm install my-release eclipse-tractusx/aas-bridge --version 1.14.23-SNAPSHOT
$ helm install my-release eclipse-tractusx/aas-bridge --version 1.14.24-SNAPSHOT
```

## Maintainers
Expand Down
Loading

0 comments on commit fb8374c

Please sign in to comment.