Merge branch 'main' into feature/return_api_group

Author: mrMigles

.github/workflows/automatic-pr-labeler.yaml

@@ -0,0 +1,56 @@
+---
+
+# The workflow template for automatic PR labeler.
+# It requires to have a configuration file with labels and conditions to apply them.
+# The configuration file should be placed in the .github folder and named auto-labeler-config.yaml.
+# Example file can be found there:
+# https://github.com/Netcracker/.github/blob/main/config/examples/auto-labeler-config.yaml
+
+name: Automatic PR Labeler
+
+on:
+  pull_request:
+    branches: [main]
+    types:
+      [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+
+jobs:
+  assign-labels:
+    if: (github.event.pull_request.merged == false) && (github.event.pull_request.user.login != 'dependabot[bot]') && (github.event.pull_request.user.login != 'github-actions[bot]')
+    permissions:
+      pull-requests: write
+      contents: read
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Execute assign labels"
+        id: action-assign-labels
+        uses: mauroalderete/action-assign-labels@671a4ca2da0f900464c58b8b5540a1e07133e915 # v1.5.1
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          github-token: ${{ github.token }}
+          conventional-commits: "./.github/auto-labeler-config.yaml"
+          maintain-labels-not-matched: true
+          apply-changes: ${{ github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
+
+      - name: Set labels-next safely
+        if: ${{ github.event.pull_request.base.repo.id != github.event.pull_request.head.repo.id }}
+        run: |
+          echo "LABELS_NEXT=$(echo ${STEPS_ACTION_ASSIGN_LABELS_OUTPUTS_LABELS_NEXT} | tr -dc 'a-zA-Z0-9-,')" >> $GITHUB_ENV
+        env:
+          STEPS_ACTION_ASSIGN_LABELS_OUTPUTS_LABELS_NEXT: ${{ steps.action-assign-labels.outputs.labels-next }}
+      - name: "Drop warning if PR from fork"
+        if: ${{ github.event.pull_request.base.repo.id != github.event.pull_request.head.repo.id }}
+        run: |
+          {
+            echo "⚠️ Pull request from fork! ⚠️";
+            echo "Labels will not be applied to PR. Assign them manually please.";
+            echo "Labels to assign: '${LABELS_NEXT}'";
+          } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/cla.yaml

@@ -11,7 +11,6 @@ permissions:
 
 jobs:
   CLAAssistant:
-    if: github.event.pull_request.draft == false
     permissions:
       actions: write
       contents: write
@@ -21,7 +20,7 @@ jobs:
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/[email protected]
+        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 #v2.6.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ACCESS_TOKEN }}

.github/workflows/pr-assigner.yml

@@ -0,0 +1,31 @@
+name: PR Auto-Assignment
+run-name: "Assigning reviewers for PR #${{ github.event.pull_request.number }}"
+on:
+  pull_request_target:
+    types: [opened, reopened, synchronize]
+    branches:
+      - main
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  pr-auto-assign:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check if PR is from a fork
+        run: |
+          if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.event.pull_request.base.repo.full_name }}" ]; then
+            echo "⚠️ Pull request is from a fork — skipping assignee assignment (no write permissions)."
+            exit 0
+          fi
+
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - uses: netcracker/qubership-workflow-hub/actions/pr-assigner@b575bad3a0959c4e883bc34f9d055ff07fde2dbd #2.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-conventional-commits.yaml

@@ -0,0 +1,23 @@
+---
+
+name: Conventional Commits PR Check
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+jobs:
+  build:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
+        with:
+          persist-credentials: false
+
+      - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 #v1.3.0

.github/workflows/security-scan.yml

@@ -0,0 +1,59 @@
+name: Security Scan
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Scan part"
+        required: true
+        default: "docker"
+        type: choice
+        options:
+          - docker
+          - source
+      image:
+        description: "Docker image (for 'docker' target). By default ghcr.io/<owner>/<repo>:latest"
+        required: false
+        default: ""
+      only-high-critical:
+        description: "Scan only HIGH + CRITICAL"
+        required: false
+        default: true
+        type: boolean
+      trivy-scan:
+        description: "Run Trivy scan"
+        required: false
+        default: true
+        type: boolean
+      grype-scan:
+        description: "Run Grype scan"
+        required: false
+        default: true
+        type: boolean
+      continue-on-error:
+        description: "Continue on error"
+        required: false
+        default: true
+        type: boolean
+      only-fixed:
+        description: "Show only fixable vulnerabilities"
+        required: false
+        default: true
+        type: boolean
+
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+  packages: read
+
+jobs:
+  security-scan:
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@main
+    with:
+      target: ${{ github.event.inputs.target || 'source' }}
+      image: ${{ github.event.inputs.image || '' }}
+      only-high-critical: ${{ inputs.only-high-critical}}
+      trivy-scan: ${{ inputs.trivy-scan }}
+      grype-scan: ${{ inputs.grype-scan }}
+      only-fixed: ${{ inputs.only-fixed }}
+      continue-on-error: ${{ inputs.continue-on-error }}

docs/public/disasterRecovery.md

@@ -137,6 +137,10 @@ backupDaemon:
 
 You can perform the switchover using the `SiteManager` functionality or RabbitMQ disaster recovery REST server API.
 
+<!-- #GFCFilterMarkerStart# -->
+For more information about `SiteManager`, refer to [Site Manager](https://github.com/Netcracker/qubership-core-site-management/blob/main/README.md) article.
+<!-- #GFCFilterMarkerEnd# -->
+
 If you want to perform a switchover manually, you need to switch `active` RabbitMQ cluster to `standby` mode and then switch `standby` RabbitMQ cluster to `active` mode.
 You need to run the following command from within any RabbitMQ pod on the `active` side:
 

docs/public/installation.md

@@ -1114,6 +1114,7 @@ Scale In (decreasing) replicas are not supported out of the box. You need to be
 
 ## Version Upgrade and Feature Flags
 
+Upgrades from RabbitMQ 3.13.x are supported to both RabbitMQ 4.0.x and RabbitMQ 4.1.x.
 To upgrade RabbitMQ version you need to make sure that all feature flags not marked as experimental are enabled.
 
 To check that, execute the following command in any RabbitMQ pod: