Merge remote-tracking branch 'cofinity-x-policy-hub/bugfix/cs-1931--P…

…olicy-Hub-POST/GET-Policy-Rules-Response-Structuring' into bugfix/Policy-Hub-POST-and-GET-Policy-Rules-Response-Structuring-and-error-mapping

	modified:   src/hub/PolicyHub.Service/BusinessLogic/PolicyHubBusinessLogic.cs
	modified:   src/hub/PolicyHub.Service/Controllers/PolicyHubController.cs
	modified:   tests/hub/PolicyHub.Service.Tests/BusinessLogic/PolicyHubBusinessLogicTests.cs

.github/codeql/codeql-config.yaml

@@ -0,0 +1,11 @@
+# CodeQL configuration
+name: "CodeQL configuration"
+query-filters:
+  - exclude:
+      problem.severity:
+        - warning
+        - recommendation
+
+paths-ignore:
+  - '**/tests/**'
+  - '**/*Tests.cs'

.github/pull_request_template.md

@@ -1,25 +1,33 @@
 ## Description
 
-Please include a summary of the change.
+<!-- Provide a clear and concise description of the changes introduced by this pull request. Explain the problem it 
+solves or the feature it adds. -->
 
 ## Why
 
-Please include an explanation of why this change is necessary as well as relevant motivation and context. List any dependencies that are required for this change.
+<!-- Why are these changes necessary? What problem does it solve? -->
 
-## Issue
 
-Link to Github issue.
+## Issue Link
+
+Refs: <issue_number>
 
-## Checklist
 
+## Checklist
 Please delete options that are not relevant.
 
-- [ ] I have followed the [contributing guidelines](https://github.com/eclipse-tractusx/policy-hub/blob/main/docs/technical-documentation/dev-process/How%20to%20contribute.md)
-- [ ] I have performed [IP checks](https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04#checking-libraries-using-the-eclipse-dash-license-tool) for added or updated 3rd party libraries
-- [ ] I have created and linked IP issues or requested their creation by a committer
+- [ ] I have followed the contributing guidelines
+
+- [ ] I have performed IP checks for added or updated 3rd party libraries
+
+- [ ] I have added copyright and license headers, footers (for .md files) or files (for images) //open source requirement
+
 - [ ] I have performed a self-review of my own code
+
 - [ ] I have successfully tested my changes locally
-- [ ] I have added tests that prove my changes work
+
+- [ ] I have added tests and updated existing tests that prove my changes work
+
 - [ ] I have checked that new and existing tests pass locally with my changes
-- [ ] I have commented my code, particularly in hard-to-understand areas
-- [ ] I have added copyright and license headers, footers (for .md files) or files (for images)
+
+- [ ] I have commented my code, particularly in hard-to-understand areas

.github/workflows/cfx-build-scan-push.yaml

@@ -0,0 +1,164 @@
+# A workflow for Gradle build, Sonar scan, Code QL, Container image build, and image push
+name: Policy Hub Build, scan and push
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+    branches: [ main ]
+    paths:
+      - 'docker/**'
+      - 'src/**'
+      - 'tests/**'
+      - '.github/workflows/cfx-build-scan-push.yaml'
+  push:
+    branches: [ main ]
+    paths:
+      - 'docker/**'
+      - 'src/**'
+      - 'tests.*'
+      - '.github/workflows/cfx-build-scan-push.yaml'
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+-*'
+
+jobs:
+  build-test-scan-app:
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+    name: Build, test, and scan App
+    uses: Cofinity-X/central-pipelines/.github/workflows/reusable-dotnet-build.yaml@main
+    with:
+      dotnet-version: 8.0
+      project: "src"
+      codeql-cfg-path: ./.github/codeql/codeql-config.yaml
+
+  # The sonar job needs to use to central resusable worklows once it's available there
+  sonar-scan:
+    name: Sonar scan
+    runs-on: ubuntu-latest
+    needs: build-test-scan-app
+    steps:
+      - name: Set up JDK 17
+        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Cache SonarCloud packages
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: ~/sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache SonarCloud scanner
+        id: cache-sonar-scanner
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: ./.sonar/scanner
+          key: ${{ runner.os }}-sonar-scanner
+          restore-keys: ${{ runner.os }}-sonar-scanner
+
+      - name: Install SonarCloud scanner
+        if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
+        run: |
+          mkdir -p ./.sonar/scanner
+          dotnet tool update dotnet-sonarscanner --tool-path ./.sonar/scanner
+
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          dotnet tool install --global dotnet-coverage
+          ./.sonar/scanner/dotnet-sonarscanner begin /k:Cofinity-X_policy-hub /o:cofinity-x /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=src/coverage.xml
+          dotnet build src
+          cd src
+          dotnet-coverage collect 'dotnet test --no-restore --verbosity normal' -s 'settings-coverage.xml' -f xml -o 'coverage.xml'
+          cd ..
+          ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+
+  # For Container image build, Trivy scan, and image push
+  dockerizing-application:
+    needs: build-test-scan-app
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+      id-token: write
+
+    strategy:
+      matrix:
+        include:
+          - service_name: policy-hub-service
+            dockerfile: docker/Dockerfile-policy-hub-service
+          - service_name: policy-hub-migrations
+            dockerfile: docker/Dockerfile-policy-hub-migrations
+
+    name: Docker build, Trivy scan, Docker push
+    uses: Cofinity-X/central-pipelines/.github/workflows/reusable-publish-image-to-acr.yaml@main
+    with:
+      team_name: core-services
+      repository_name: policy-hub
+      service_name: ${{ matrix.service_name }}
+      dockerfile_path: ${{ matrix.dockerfile }}
+      environment: "lower-env-acr"
+      push: ${{ github.event_name != 'pull_request' }} # Don't push the image in case of PR
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+
+  # To dispatch a workflow in core-services-charts repo for auto image tag update. The following job could be developed as reusable workflow in the future.
+  auto-deploy-dispatch:
+    needs: dockerizing-application
+    name: Dispatch charts repo workflow
+    runs-on: ubuntu-latest
+    if: ${{ (github.event_name != 'pull_request') && (github.ref_type != 'tag') }}  # Execute only if container image is pushed and no tag is published
+    steps:
+      # Get image tags from the previous job filter the tag that needs to be updated (Currently, it's main-{sha})
+      - name: Get image tags
+        id: get_tag
+        run: |
+          for image_tag in $(echo "${{ needs.dockerizing-application.outputs.image_tags }}")
+          do
+            tag=$(echo $image_tag | cut -d ":" -f2)
+            if [[ $tag == main* ]];
+            then
+              main_tag=$tag
+            fi
+          done
+          echo "main_tag=$main_tag" >> $GITHUB_OUTPUT
+
+      # Generate a temporary token using Github app
+      - name: Get token
+        id: get_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.CORE_SERVICES_WORKFLOW_TRIGGER_GH_APP_ID }}
+          private-key: ${{ secrets.CORE_SERVICES_WORKFLOW_TRIGGER_GH_APP_PRIVATE_KEY }}
+          repositories: core-services-charts
+          owner: cofinity-x
+
+      # Trigger remote workflow of core-services-chart to update the image tag in the helm values
+      - name: Trigger workflow
+        id: trigger_remote_workflow
+        env:
+          TOKEN: ${{ steps.get_token.outputs.token }}
+          HELM_VALUES_PATH: "policy-hub/dev/values.yaml"
+          IMAGE_TAG: ${{ steps.get_tag.outputs.main_tag }}
+          IMAGE_TAG_PROPERTY: '(.[\"service\", \"migrations\"].image.tag)'
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        run: |
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer $TOKEN" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/cofinity-x/core-services-charts/dispatches \
+            -d '{"event_type":"update_dev_image_tag","client_payload": { "image_tag": "'"$IMAGE_TAG"'", "helm_values_path": "'"$HELM_VALUES_PATH"'", "image_tag_property": "'"$IMAGE_TAG_PROPERTY"'", "dispatcher_info": "'"Runner id - $GITHUB_RUN_ID"'" }}' \
+            --fail

.github/workflows/cfx-codeql.yaml

@@ -0,0 +1,34 @@
+name: CFX CodeQL dotnet
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/cfx-codeql.yaml'
+  schedule:
+    - cron: "0 0 * * *"
+  push:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/cfx-codeql.yaml'
+concurrency:
+  # cancel older running jobs on the same branch
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  dotnet-scan:
+    permissions:
+      contents: read
+      actions: read
+      security-events: write
+
+    name: Dotnet CodeQL Scan
+    uses: Cofinity-X/central-pipelines/.github/workflows/reusable-codeql.yaml@main
+    with:
+      languages: "['csharp']"
+      codeql-cfg-path: "./.github/codeql/codeql-config.yaml"
+      project-directory: "src"

.github/workflows/cfx-trivy.yaml

@@ -0,0 +1,43 @@
+# Workflow to scan the latest container image daily
+name: Trivy scan
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - '.github/workflows/cfx-trivy.yaml'
+  schedule:
+    # Daily
+    - cron: '0 0 * * *'
+
+concurrency:
+  # cancel older running jobs on the same branch
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  scan-image:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      id-token: write
+
+    strategy:
+      matrix:
+        include:
+          - service_name: policy-hub-service
+            dockerfile: docker/Dockerfile-policy-hub-service
+          - service_name: policy-hub-migrations
+            dockerfile: docker/Dockerfile-policy-hub-migrations
+
+    uses: Cofinity-X/central-pipelines/.github/workflows/reusable-trivy-acr-latest-image-scan.yaml@main
+    name: Trivy Scan
+    with:
+      environment: lower-env-acr
+      image-name: ${{ matrix.service_name }}
+      image-namespace: core-services/policy-hub/images
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

.github/workflows/chart-test.yml

@@ -83,7 +83,7 @@ jobs:
         with:
           version: v3.9.3
 
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
           python-version: '3.9'
           check-latest: true

.github/workflows/codeql.yml

@@ -73,7 +73,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v2.227
+        uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v2.227
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -87,7 +87,7 @@ jobs:
       # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup.
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v2.227
+        uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v2.227
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -100,6 +100,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v2.227
+        uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v2.227
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependencies.yml

@@ -38,13 +38,13 @@ jobs:
     steps:
 
       - name: Set up JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
         with:
           distribution: 'temurin'
           java-version: '17'
 
       - name: Setup .NET Core SDK ${{ matrix.dotnet-version }}
-        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
+        uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
         with:
           dotnet-version: ${{ matrix.dotnet-version }}
           # change to preview .NET 9 until fix for https://github.com/NuGet/Home/issues/12954 gets released for .NET 8
@@ -87,7 +87,7 @@ jobs:
         if: steps.dependencies-changed.outputs.changed == 'true'
 
       - name: Upload DEPENDENCIES file
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           path: DEPENDENCIES
         if: steps.dependencies-changed.outputs.changed == 'true'

.github/workflows/kics.yml

@@ -45,7 +45,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: KICS scan
-        uses: checkmarx/kics-github-action@252e73959bd4809a14863cbfbb42d7a90d5a4860 # v2.1.1
+        uses: checkmarx/kics-github-action@530ac1f8efe6202b0f12c9a6e952597ae707b755 # v2.1.2
         with:
           # Scanning directory .
           path: "."
@@ -69,7 +69,7 @@ jobs:
       # Upload findings to GitHub Advanced Security Dashboard
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         if: always()
-        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         with:
           sarif_file: kicsResults/results.sarif
 

.github/workflows/migrations-docker.yml

@@ -50,13 +50,13 @@ jobs:
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
 
       - name: Docker meta
         id: meta