Merge pull request #376 from com-pas/develop

Release

Author: pascalwilbrink

.github/workflows/automate-projects.yml

@@ -14,14 +14,14 @@ jobs:
     steps:
       - name: add-new-issues-to-organization-based-project-column
         if: github.event_name == 'issues' && github.event.action == 'opened'
-        uses: alex-page/github-project-automation-plus@v0.8.3
+        uses: alex-page/github-project-automation-plus@v0.9.0
         with:
           project: CoMPAS Issues Overview Board
           column: To do
           repo-token: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}
       - name: add-new-pull-request-to-organization-based-project-column
         if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && github.event.action == 'opened'
-        uses: alex-page/github-project-automation-plus@v0.8.3
+        uses: alex-page/github-project-automation-plus@v0.9.0
         with:
           project: CoMPAS Pull Request Overview Board
           column: To do

.github/workflows/build-project.yml

@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Cache Docker Register
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ hashFiles('**/Dockerfile') }}
@@ -33,14 +33,14 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v3
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: '17'
           cache: 'maven'
 
       - name: Create custom Maven Settings.xml
-        uses: whelk-io/maven-settings-xml-action@v21
+        uses: whelk-io/maven-settings-xml-action@v22
         with:
           output_file: custom_maven_settings.xml
           servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'

.github/workflows/release-project.yml renamed to .github/workflows/release-please.yml

@@ -1,60 +1,75 @@
-# SPDX-FileCopyrightText: 2022 Alliander N.V.
+# SPDX-FileCopyrightText: 2023 Alliander N.V.
 #
 # SPDX-License-Identifier: Apache-2.0
+on:
+  push:
+    branches:
+      - main
 
-name: Release Project
+permissions:
+  contents: write
+  pull-requests: write
 
-on:
-  release:
-    types: [ released ]
+name: release-please
 
 jobs:
-  release_project:
-    name: Release project
+  release_please:
     runs-on: ubuntu-latest
-    timeout-minutes: 30
-
     steps:
+      - uses: google-github-actions/release-please-action@v4
+        id: release
+        with:
+          release-type: maven
+          package-name: compas-scl-data-service
       - name: Checkout
+        if: ${{ steps.release.outputs.release_created }}
         uses: actions/checkout@v4
 
       - name: Cache Docker Register
-        uses: actions/cache@v3
+        if: ${{ steps.release.outputs.release_created }}
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ hashFiles('**/Dockerfile') }}
 
       - name: Extract tag name
+        if: ${{ steps.release.outputs.release_created }}
         id: extract_tagname
         shell: bash
         # Extract the tag name from the git reference, value of GITHUB_REF will be something like refs/tags/<tag_name>.
         run: echo "##[set-output name=tagname;]$(echo ${GITHUB_REF##*/})"
 
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        if: ${{ steps.release.outputs.release_created }}
+        uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: '17'
           cache: 'maven'
       - name: Set up Docker Buildx
+        if: ${{ steps.release.outputs.release_created }}
         id: buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to Docker Hub
+        if: ${{ steps.release.outputs.release_created }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       - name: Create custom Maven Settings.xml
-        uses: whelk-io/maven-settings-xml-action@v21
+        if: ${{ steps.release.outputs.release_created }}
+        uses: whelk-io/maven-settings-xml-action@v22
         with:
           output_file: custom_maven_settings.xml
           servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
       - name: Set version with Maven
+        if: ${{ steps.release.outputs.release_created }}
         run: ./mvnw -B versions:set -DprocessAllModules=true -DnewVersion=${{ steps.extract_tagname.outputs.tagname }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Deploy with Maven to GitHub Packages and Docker Hub
+        if: ${{ steps.release.outputs.release_created }}
         run: ./mvnw -B -s custom_maven_settings.xml -Pjvm-image,release clean deploy
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/reuse.yml

@@ -13,4 +13,4 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v2
+        uses: fsfe/reuse-action@v3

.github/workflows/sonarcloud-analysis.yml

@@ -19,7 +19,7 @@ jobs:
       run: cat $GITHUB_EVENT_PATH
     - name: Download PR number artifact
       if: github.event.workflow_run.event == 'pull_request'
-      uses: dawidd6/action-download-artifact@v2
+      uses: dawidd6/action-download-artifact@v3
       with:
         workflow: SonarCloud Build
         run_id: ${{ github.event.workflow_run.id }}
@@ -54,21 +54,21 @@ jobs:
         git checkout ${{ github.event.workflow_run.head_branch }}
         git clean -ffdx && git reset --hard HEAD
     - name: Cache SonarCloud packages
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ~/.sonar/cache
         key: ${{ runner.os }}-sonar
         restore-keys: ${{ runner.os }}-sonar
 
     - name: Cache Maven packages
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-m2
 
     - name: Set up JDK 17
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         distribution: 'zulu'
         java-version: '17'
@@ -79,7 +79,7 @@ jobs:
           -Dsonar.projectKey=com-pas_compas-scl-data-service \
           -Dsonar.organization=com-pas )"
     - name: Create custom Maven Settings.xml
-      uses: whelk-io/maven-settings-xml-action@v21
+      uses: whelk-io/maven-settings-xml-action@v22
       with:
         output_file: custom_maven_settings.xml
         servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'

.github/workflows/sonarcloud-build.yml

@@ -31,26 +31,26 @@ jobs:
           fetch-depth: 0
 
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache Maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: '17'
 
       - name: Create custom Maven Settings.xml
-        uses: whelk-io/maven-settings-xml-action@v21
+        uses: whelk-io/maven-settings-xml-action@v22
         with:
           output_file: custom_maven_settings.xml
           servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
@@ -71,7 +71,7 @@ jobs:
         run: echo ${{ github.event.number }} > PR_NUMBER.txt
       - name: Archive PR number
         if: github.event_name == 'pull_request'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: PR_NUMBER
           path: PR_NUMBER.txt

CHANGELOG.md

@@ -0,0 +1,6 @@
+<!--
+SPDX-FileCopyrightText: 2023 Alliander N.V.
+
+SPDX-License-Identifier: Apache-2.0
+-->
+For older changelogs, please check the release tag on GitHub.

SECURITY.md

@@ -0,0 +1,11 @@
+<!--
+SPDX-FileCopyrightText: 2023 Alliander N.V.
+
+SPDX-License-Identifier: Apache-2.0
+-->
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please go to [Security Advisories](https://github.com/com-pas/compas-scl-data-service/security/advisories) to privately report a security vulnerability, 
+our contributors will try to respond within a week of your report with a rough plan for a fix and new tests.

app/src/main/docker/Dockerfile-postgresql.jvm

@@ -21,7 +21,7 @@
 # docker run -i --rm -p 8080:8080 -p 5005:5005 -e JAVA_ENABLE_DEBUG="true" quarkus/app-jvm
 #
 ###
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8-1072.1697626218 
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9-1137 
 
 ARG JAVA_PACKAGE=java-17-openjdk-headless
 ARG RUN_JAVA_VERSION=1.3.8
@@ -37,7 +37,7 @@ RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \
     && chown 1001:root /deployments \
     && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
     && chown 1001 /deployments/run-java.sh \
-    && chmod 540 /deployments/run-java.sh \
+    && chmod 755 /deployments/run-java.sh \
     && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security
 
 # Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.

app/src/main/docker/Dockerfile-postgresql.native

@@ -14,7 +14,7 @@
 # docker run -i --rm -p 8080:8080 quarkus/app
 #
 ###
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8-1072.1697626218
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9-1137
 WORKDIR /work/
 RUN chown 1001 /work \
     && chmod "g+rwX" /work \