Merge pull request #132 from catenax-ng/main

Pull in latest changes from catenax-ng

.config/owasp-suppressions.xml

@@ -28,4 +28,18 @@
         <gav regex="true">com\.fasterxml\.jackson\.core:jackson\-databind.*</gav>
         <vulnerabilityName>CVE-2023-35116</vulnerabilityName>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        Pulled in by EDC client - needs to be accepted for now.
+        ]]></notes>
+        <gav regex="true">org\.eclipse\.edc:jetty\-core.*</gav>
+        <vulnerabilityName regex="true">.*</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        Pulled in by EDC client - needs to be accepted for now.
+        ]]></notes>
+        <gav regex="true">org\.eclipse\.jetty\.toolchain:jetty\-jakarta\-websocket\-api.*</gav>
+        <vulnerabilityName regex="true">.*</vulnerabilityName>
+    </suppress>
 </suppressions>

.config/pmd-rules.xml

@@ -33,6 +33,8 @@
         <exclude name="LoosePackageCoupling"/>
         <!-- There are too many false positives especially with streams -->
         <exclude name="LawOfDemeter"/>
+        <!-- Detects false positives -->
+        <exclude name="DataClass"/>
     </rule>
     <rule ref="category/java/design.xml/UseUtilityClass">
         <properties>
@@ -67,4 +69,6 @@
             <property name="protectedMethodCommentRequirement" value="Ignored"/>
         </properties>
     </rule>
+
+
 </ruleset>

.config/spotbugs-excludes.xml

@@ -60,6 +60,14 @@
         <Class name="org.eclipse.tractusx.irs.configuration.RestTemplateConfig"/>
         <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
     </Match>
+    <Match>
+        <Class name="org.eclipse.tractusx.irs.registryclient.central.DigitalTwinRegistryClientImpl"/>
+        <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
+    </Match>
+    <Match>
+        <Class name="org.eclipse.tractusx.irs.registryclient.decentral.DecentralDigitalTwinRegistryClient"/>
+        <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
+    </Match>
     <Match>
         <!-- The folder path is not provided by a user, the file name is normalized heavily, and we use a recent JRE -->
         <Class name="org.eclipse.tractusx.irs.semanticshub.SemanticsHubClientImpl"/>

.github/actions/import-gpg-key/action.yaml

@@ -0,0 +1,46 @@
+#
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Import GPG Key"
+description: "Imports a GPG key given in the input"
+inputs:
+  gpg-private-key:
+    required: true
+    description: "The GPG Private Key in plain text. Can be a sub-key."
+runs:
+  using: "composite"
+  steps:
+    # this is necessary because it creates gpg.conf, etc.
+    - name: List Keys
+      shell: bash
+      run: |
+        gpg -K --keyid-format=long
+
+    - name: Import GPG Private Key
+      shell: bash
+      run: |
+        echo "use-agent" >> ~/.gnupg/gpg.conf
+        echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+        echo -e "${{ inputs.gpg-private-key }}" | gpg --import --batch
+        for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
+        do
+          echo -e "5\\ny\\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
+        done

.github/workflows/helm-test-backwards-compatability.yaml

@@ -0,0 +1,36 @@
+name: Test k8s version compatability
+
+on:
+  workflow_dispatch:
+    inputs:
+      node_image_latest:
+        description: 'First version of kindest/node image for k8s kind cluster'
+        default: 'kindest/node:v1.27.3'
+        required: false
+        type: string
+      node_image_second_latest:
+        description: 'Second version of kindest/node image for k8s kind cluster'
+        default: 'kindest/node:v1.26.6'
+        required: false
+        type: string
+      node_image_third_latest:
+        description: 'Third version of kindest/node image for k8s kind cluster'
+        default: 'kindest/node:v1.25.11'
+        required: false
+        type: string
+
+jobs:
+  test-latest:
+    uses: ./.github/workflows/helm-test.yaml
+    with:
+      node_image: ${{ github.event.inputs.node_image_latest || 'kindest/node:v1.27.3' }}
+
+  test-second-latest:
+    uses: ./.github/workflows/helm-test.yaml
+    with:
+      node_image: ${{ github.event.inputs.node_image_second_latest || 'kindest/node:v1.26.6' }}
+
+  test-third-latest:
+    uses: ./.github/workflows/helm-test.yaml
+    with:
+      node_image: ${{ github.event.inputs.node_image_third_latest || 'kindest/node:v1.25.11' }}

.github/workflows/helm-test.yaml

@@ -5,6 +5,19 @@ on:
     paths:
       - 'charts/**'
   workflow_dispatch:
+    inputs:
+      node_image:
+        description: 'kindest/node image for k8s kind cluster'
+        default: 'kindest/node:v1.27.3'
+        required: false
+        type: string
+  workflow_call: # Trigger by another workflow
+    inputs:
+      node_image:
+        description: 'kindest/node image for k8s kind cluster'
+        default: 'kindest/node:v1.27.3'
+        required: false
+        type: string
 
 jobs:
   lint-test:
@@ -17,6 +30,9 @@ jobs:
 
       - name: Kubernetes KinD Cluster
         uses: container-tools/kind-action@v2
+        with:
+          node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }}
+          version: v0.20.0
 
       - name: Build image
         uses: docker/build-push-action@v4

.github/workflows/maven-deploy.yaml

@@ -0,0 +1,89 @@
+name: Upload to Central Maven Registry
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  secret-presence:
+    runs-on: ubuntu-latest
+    outputs:
+      DOCKER_HUB_TOKEN: ${{ steps.secret-presence.outputs.DOCKER_HUB_TOKEN }}
+      HAS_OSSRH: ${{ steps.secret-presence.outputs.HAS_OSSRH }}
+    steps:
+      - name: Check whether secrets exist
+        id: secret-presence
+        run: |
+          [ ! -z "${{ secrets.DOCKER_HUB_TOKEN }}" ] && echo "DOCKER_HUB_TOKEN=true" >> $GITHUB_OUTPUT
+          [ ! -z "${{ secrets.ORG_GPG_PASSPHRASE }}" ] && 
+          [ ! -z "${{ secrets.ORG_GPG_PRIVATE_KEY }}" ] && 
+          [ ! -z "${{ secrets.ORG_OSSRH_USERNAME }}" ] && 
+          [ ! -z "${{ secrets.ORG_OSSRH_PASSWORD }}" ]  && 
+          echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT
+          exit 0
+
+  publish-to-sonatype:
+    name: "Publish artifacts to OSSRH Snapshots / MavenCentral"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: [ secret-presence ]
+
+    # do not run on PR branches, do not run on releases
+    if: |
+      needs.secret-presence.outputs.HAS_OSSRH && github.event_name != 'pull_request' && github.ref != 'refs/heads/releases'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Build with Maven
+        run: mvn package -pl irs-testing,irs-models,irs-common,irs-edc-client,irs-registry-client --batch-mode
+
+      # Import GPG Key
+      - uses: ./.github/actions/import-gpg-key
+        name: "Import GPG Key"
+        with:
+          gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
+
+      - name: Configure Maven settings
+        run: |
+          mkdir -p $HOME/.m2
+          echo "<settings xmlns='http://maven.apache.org/SETTINGS/1.0.0' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd'>
+            <servers>
+              <server>
+                <id>ossrh</id>
+                <username>${{ secrets.ORG_OSSRH_USERNAME }}</username>
+                <password>${{ secrets.ORG_OSSRH_PASSWORD }}</password>
+              </server>
+            </servers>
+          </settings>" > $HOME/.m2/settings.xml
+
+      - uses: ./.github/actions/setup-java
+      # publish snapshots or releases
+      - name: Publish version
+        env:
+          OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
+          OSSRH_USER: ${{ secrets.ORG_OSSRH_USERNAME }}
+        run: |-
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout -pl irs-registry-client)
+          echo "Publishing Version $VERSION to Sonatype"
+          mvn gpg:sign-and-deploy-file -Durl=https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ -DrepositoryId=ossrh -Dfile=irs-registry-client/target/irs-registry-client-$VERSION-jar-with-dependencies.jar -DgroupId=org.eclipse.tractusx.irs -DartifactId=irs-registry-client -Dversion=$VERSION -Dpackaging=jar

.github/workflows/publish-documentation.yaml

@@ -44,7 +44,7 @@ jobs:
 
       - name: Build API documentation with Maven
         run: |
-          mvn clean package -pl irs-common,irs-models,irs-policy-store,irs-testing,irs-ess,irs-edc-client,irs-api -DskipTests --batch-mode
+          mvn clean package -pl irs-common,irs-models,irs-policy-store,irs-testing,irs-ess,irs-edc-client,irs-registry-client,irs-api -DskipTests --batch-mode
           cp irs-api/target/generated-sources/openapi/index.html docs/src/docs/api-specification/index.html
 
       - name: Build with Maven

.github/workflows/tavern.yml

@@ -16,10 +16,15 @@ on:
         description: IRS-ESS environment to test
         default: 'https://irs-ess.int.demo.catena-x.net'
         required: true
-      global-asset-id:
+      global-asset-id-asPlanned:
         type: string
-        description: Global Asset ID to use for the tests
-        default: 'urn:uuid:513d7be8-e7e4-49f4-a22b-8cd31317e454'
+        description: Global Asset ID to use for the asPlanned tests
+        default: 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e'
+        required: true
+      global-asset-id-asBuild:
+        type: string
+        description: Global Asset ID to use for the asBuild tests
+        default: 'urn:uuid:7940e0cc-7814-41eb-8b04-d984a325deec'
         required: true
       execution-ticket:
         type: string
@@ -54,7 +59,8 @@ jobs:
           KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }}
           KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }}
           KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }}
-          GLOBAL_ASSET_ID: ${{ github.event.inputs.global-asset-id || 'urn:uuid:513d7be8-e7e4-49f4-a22b-8cd31317e454' }}
+          GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }}
+          GLOBAL_ASSET_ID_AS_BUILD: ${{ github.event.inputs.global-asset-id-asBuild || 'urn:uuid:7940e0cc-7814-41eb-8b04-d984a325deec' }}
         run: |
           python -m pytest local/testing/api-tests/irs-api-tests.tavern.yaml --junitxml=tavern-results.xml
 

CHANGELOG.md

@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+### Changed
+- The client code for accessing the Digital Twin Registry (central and decentral) is now available as a spring boot maven library. See the README in the irs-registry-client module for more information.
+
 ### Known knowns
 - PLACEHOLDER REMOVE IF EMPTY: risks that were introduced or discovered in the release and are known but not resolved