Merge pull request #1 from catenax-ng/sonar

chr: use SONAR_PROJECT_KEY and SONAR_ORGANIZATION env vars in build

Author: dblankevia

.github/workflows/kics.yml

@@ -1,6 +1,7 @@
 name: "KICS"
 
 on:
+  workflow_dispatch:
   push:
     branches: [main, master]
   # pull_request:
@@ -29,6 +30,10 @@ jobs:
         with:
           # Scanning directory .
           path: "."
+          # Excluded paths:
+          # - docker-compose.yml - used only on local env
+          # - in cypress dir docker related files used only on local env
+          exclude_paths: "docker-compose.yml,cypress/docker-compose.yml,cypress/Dockerfile"
           # Fail on HIGH severity results
           fail_on: high
           # Disable secrets detection - we use GitGuardian

.github/workflows/test.yml

@@ -24,7 +24,19 @@ jobs:
         cmd: install # will run `yarn install` command
     - name: Run npm test:ci
       run: CHROMIUM_BIN=$(which chrome) npm run test:ci # will run `test:ci` command
-    - uses: SonarSource/sonarcloud-github-action@master
+    - name: Run SonarCloud with organzation and project key from environment
+      uses: SonarSource/sonarcloud-github-action@master
+      if: ${{ vars.SONAR_ORGANIZATION != '' && vars.SONAR_PROJECT_KEY != '' }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      with:
+        args: >
+          -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }}
+          -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }}
+    - name: Run SonarCloud with hardcoded organization and project key
+      uses: SonarSource/sonarcloud-github-action@master # Fallback for the catenax-ng/product-traceability-foss-frontend
+      if: ${{ vars.SONAR_ORGANIZATION == '' || vars.SONAR_PROJECT_KEY == '' }}
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

AUTHORS.md

@@ -0,0 +1,20 @@
+#Authors
+
+The following people have contributed to this repository:
+
+- Blazej Kepa,doubleSlash Net-Business GmbH,https://github.com/ds-ext-bkepa
+- Dirk Blank,evia consulting GmbH,https://github.com/dblankevia
+- Fabian Bedarf,evia consulting GmbH,https://github.com/evia-fbedarf
+- Jedrzej Serwa,doubleSlash Net-Business GmbH,https://github.com/ds-ext-jserwa
+- Martin Kanal,doubleSlash Net-Business GmbH,https://github.com/mkanal
+- Anton Kononenko,doubleSlash Net-Business GmbH,https://github.com/ds-ext-akononenko
+- Sebastian Scherer,Mercedes-Benz Group AG,https://github.com/the-tatanka
+- Ivan Emelianov,T-Systems International GmbH,https://github.com/Anacin
+- Sebastian Bezold,Mercedes-Benz Group AG,https://github.com/SebastianBezold
+- Gregor Stelzer,msg DAVID GmbH,https://github.com/gregors101
+- Darek Skrzypczak,doubleSlash Net-Business GmbH,https://github.com/ds-ext-dskrzypczak
+- Nobert Geczi,msg Systems Romania SRL,https://github.com/norbertgeczi
+- Markus Kreuz,FEV Consulting GmbH,https://github.com/CXkreuz
+- Thomas Braun,ZF Friedrichshafen AG,https://github.com/tbraun-zf
+
+

charts/product-traceability-foss-frontend/values-dev-test.yaml

@@ -0,0 +1,28 @@
+
+image:
+  tag: $ARGOCD_APP_REVISION
+  CATENAX_PORTAL_API_URL: 'https://traceability-test.dev.demo.catena-x.net/api'
+  CATENAX_PORTAL_KEYCLOAK_URL: 'https://centralidp.dev.demo.catena-x.net/auth'
+  CATENAX_PORTAL_CLIENT_ID: 'Cl17-CX-Part'
+  CATENAX_PORTAL_DEFAULT_REALM: 'CX-Central'
+
+nameOverride: "product-traceability-foss-test-frontend"
+fullnameOverride: "product-traceability-foss-test-frontend"
+
+autoscaling:
+  enabled: false
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: "traceability-portal-test.dev.demo.catena-x.net"
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - "traceability-portal-test.dev.demo.catena-x.net"
+      secretName: "traceability-portal-test.dev.demo.catena-x.net-tls"

charts/product-traceability-foss-frontend/values-dev.yaml

@@ -17,7 +17,7 @@ ingress:
     - host: "traceability-portal.dev.demo.catena-x.net"
       paths:
         - path: /
-          pathType: Prefix
+          pathType: ImplementationSpecific
   tls:
     - hosts:
         - "traceability-portal.dev.demo.catena-x.net"

charts/product-traceability-foss-frontend/values-int-test.yaml

@@ -0,0 +1,27 @@
+image:
+  tag: $ARGOCD_APP_REVISION
+  CATENAX_PORTAL_API_URL: 'https://traceability-test.int.demo.catena-x.net/api'
+  CATENAX_PORTAL_KEYCLOAK_URL: 'https://centralidp.int.demo.catena-x.net/auth'
+  CATENAX_PORTAL_CLIENT_ID: 'Cl17-CX-Part'
+  CATENAX_PORTAL_DEFAULT_REALM: 'CX-Central'
+
+nameOverride: "product-traceability-foss-test-frontend"
+fullnameOverride: "product-traceability-foss-test-frontend"
+
+autoscaling:
+  enabled: false
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: "traceability-portal-test.int.demo.catena-x.net"
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - "traceability-portal-test.int.demo.catena-x.net"
+      secretName: "traceability-portal-test.int.demo.catena-x.net-tls"

charts/product-traceability-foss-frontend/values-int.yaml

@@ -17,7 +17,7 @@ ingress:
     - host: "traceability-portal.int.demo.catena-x.net"
       paths:
         - path: /
-          pathType: Prefix
+          pathType: ImplementationSpecific
   tls:
     - hosts:
         - "traceability-portal.int.demo.catena-x.net"

cypress/Dockerfile

@@ -1,3 +1,7 @@
+# DISCLAIMER!
+# purpose of this file is to run cypress E2E tests locally, we don't use it in other env
+# because of statement above, we don't need to change settings to comply with some KICS requirements
+
 
 # if you need to change image please make sure use the same version in all places
 # (here and in .github/workflows/e2e-tests.yml)
@@ -8,6 +12,7 @@
 # but cypress/included:12.3.0 version base on cypress/browsers:node16.16.0-chrome107-ff107-edge
 FROM cypress/included:12.3.0
 
+USER root
 RUN mkdir /ng-app
 WORKDIR /ng-app
 
@@ -18,4 +23,3 @@ COPY yarn.lock /ng-app/yarn.lock
 RUN yarn install
 # https://docs.cypress.io/guides/guides/launching-browsers#Linux-Dependencies
 RUN npx playwright install --with-deps webkit
-

cypress/docker-compose.yml

@@ -1,14 +1,29 @@
+# DISCLAIMER!
+# purpose of this file is to run cypress E2E tests locally, we don't use it in other env
+# because of statement above, we don't need to change settings to comply with some KICS requirements
+
 version: "3.9"
 services:
   cypress:
     build:
       context: ../
       dockerfile: cypress/Dockerfile
+
     volumes:
       - ../:/ng-app/
       - /ng-app/node_modules/ # we don't want to override it by host machine
+    security_opt:
+      - label:user:testuser
+      - no-new-privileges:true
     network_mode: host # important to be able to connect to localhost url on host machine
-
-
-networks:
- TRACE_X_FE:
+    # to comply with KICS requirement:
+    # [MEDIUM] Memory Not Limited
+    # Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "1024M"
+        reservations:
+          cpus: "2"
+          memory: "512M"

docker-compose.yml

@@ -1,3 +1,7 @@
+# DISCLAIMER!
+# purpose of this file is to run services locally, we don't use it in other env
+# because of statement above, we don't need to change settings to comply with some KICS requirements
+
 version: "3.9"
 services:
   keycloak: