Merge pull request #85 from catenax-ng/fix/81-authentication-improvem…

…ents-and-chart PRIO-3 chore|fix: Debug the authentication and vault/persistence settings of the agent plane and upgrade version.
eclipse-tractusx · Nov 14, 2023 · 45c204d · 45c204d
2 parents 4823f7d + 1dc755b
commit 45c204d
Show file tree

Hide file tree

Showing 42 changed files with 265 additions and 50,088 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -135,11 +135,11 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=1.10.2-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=1.10.6-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Hashicorp Container Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5
         with:
           context: agent-plane/agentplane-hashicorp
           file: agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
@@ -151,7 +151,7 @@ jobs:
       # Important step to push image description to DockerHub - since this is version independent, we always take it from main
       - name: Update Docker Hub description for Agent Plane Hashicorp
         if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }}
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
         with:
           readme-filepath: agent-plane/agentplane-hashicorp/README.md
           username: ${{ secrets.DOCKER_HUB_USER }}
@@ -173,7 +173,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=1.10.2-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=1.10.6-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Azure Vault Container Build and push

diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml
@@ -71,7 +71,7 @@ jobs:
           python-version: 3.9
 
       - name: Set up chart-testing
-        uses: helm/[email protected]
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.4.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -55,8 +55,9 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4
+
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # 0.14.0
         with:
           scan-type: "config"
           # ignore-unfixed: true
@@ -65,6 +66,7 @@ jobs:
           format: "sarif"
           output: "trivy-results-config.sarif"
           severity: "CRITICAL,HIGH"
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         if: always()
@@ -121,7 +123,7 @@ jobs:
       ## the next two steps will only execute if the image exists check was successful
       - name: Run Trivy vulnerability scanner
         if: success() && steps.imageCheck.outcome != 'failure'
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # 0.14.0
         with:
           image-ref: "${{ steps.set-docker-repo.outputs.REPO }}/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}"
           format: "sarif"
@@ -132,6 +134,6 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: success() && steps.imageCheck.outcome != 'failure'
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
         with:
           sarif_file: "trivy-results-${{ matrix.image }}.sarif"
diff --git a/NOTICE.md b/NOTICE.md
@@ -58,23 +58,6 @@ You may recreate an up-to-date DEPENDENCIES file by invoking
 ./mvnw org.eclipse.dash:license-tool-plugin:license-check -Ddash.summary=DEPENDENCIES
 ```
 
-We provide Software-Bill-Of-Material (SBOM) documents for each KA-EDC module for each release:
-* [EDC Common JWT Auth](common/auth-jwt/auth-jwt-1.10.2-SNAPSHOT-sbom.json)
-* [EDC Data Plane Agent Protocols](agent-plane/agent-plane-protocol/agent-plane-protocol-1.10.2-SNAPSHOT-sbom.json)
-* [EDC Agent Plane (Hashicorp Vault)](agent-plane/agent-plane-hashicorp/agent-plane-hashicorp-1.10.2-SNAPSHOT-sbom.json)
-* [EDC Agent Plane (Azure Vault)](agent-plane/agent-plane-azure-vault/agent-plane-azure-vault-1.10.2-SNAPSHOT-sbom.json)
-
-You may recreate up-to-date SBOMs by invoking
-
-```shell
-./mvnw org.cyclonedx:cyclonedx-maven-plugin:makeBom -DoutputName=\${project.artifactId}-\${project.version}-sbom
-```
-Afterwards, you find the current documents under:
-* [EDC Common JWT Auth](common/auth-jwt/target/auth-jwt-1.10.2-SNAPSHOT-sbom.json)
-* [EDC Data Plane Agent Protocols](agent-plane/agent-plane-protocol/target/agent-plane-protocol-1.10.2-SNAPSHOT-sbom.json)
-* [EDC Agent Plane (Hashicorp Vault)](agent-plane/agent-plane-hashicorp/target/agent-plane-hashicorp-1.10.2-SNAPSHOT-sbom.json)
-* [EDC Agent Plane (Azure Vault)](agent-plane/agent-plane-azure-vault/target/agent-plane-azure-vault-1.10.2-SNAPSHOT-sbom.json)
-
 The KA-EDC build and runtime platform is relying on:
 * [Java Runtime Environment (JRE >=11 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java-Laufzeitumgebung)
 * [Java Development Kit (JDK >=11 - license depends on chosen provider)](https://de.wikipedia.org/wiki/Java_Development_Kit) 

diff --git a/agent-plane/README.md b/agent-plane/README.md
@@ -66,10 +66,10 @@ mvn package -Pwith-docker-image
 Alternatively, after a successful build, you can invoke docker yourself 
 
 ```console
-docker build -t tractusx/agentplane-azure-vault:1.10.2-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-azure-vault:1.10.6-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile .
 ```
 
 ```console
-docker build -t tractusx/agentplane-hashicorp:1.10.2-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-hashicorp:1.10.6-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile .
 ```
 
diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md
@@ -63,7 +63,7 @@ Add the following dependency to your data-plane artifact pom:
         <dependency>
             <groupId>org.eclipse.tractusx.agents.edc</groupId>
             <artifactId>agent-plane-protocol</artifactId>
-            <version>1.10.2-SNAPSHOT</version>
+            <version>1.10.6-SNAPSHOT</version>
         </dependency>
 ```