diff --git a/.github/workflows/documentation-build.yml b/.github/workflows/documentation-build.yml index 82e1f06ee7..6a9a76edc8 100644 --- a/.github/workflows/documentation-build.yml +++ b/.github/workflows/documentation-build.yml @@ -3,12 +3,121 @@ name: Documentation build on: workflow_dispatch: + inputs: + publish-documentation: + description: Insert your email address here if you want to create a PR for Github pages update (branch `master`) + required: false + schedule: + # Nightly build documentation: + # cron runs on the default branch: `develop` in our case. + - cron: '32 23 * * *' + +env: + ACTIONS_SECHUB_DOC_RELEASE_BRANCH: master jobs: build-documentation: name: build documentation runs-on: ubuntu-latest steps: - - name: "Hello world" + - name: "Show + check Input and git branch" + run: | + echo "git branch: '${{ github.ref_name }}'" + echo "publish-documentation: '${{ inputs.publish-documentation }}'" + if [ '${{ inputs.publish-documentation }}' != '' -a '${{ github.ref_name }}' != "$ACTIONS_SECHUB_DOC_RELEASE_BRANCH" ] ; then + echo "Aborting run because publishing the documentation must be done on branch '$ACTIONS_SECHUB_DOC_RELEASE_BRANCH'" + echo "Tip: Run this action again and select branch '$ACTIONS_SECHUB_DOC_RELEASE_BRANCH'" + exit 1 + fi + + - name: Git checkout + uses: actions/checkout@v4 + with: + fetch-tags: true + fetch-depth: 0 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: temurin + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.20.4 + + - uses: actions/cache@v3.3.2 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Install graphviz (asciidoc diagrams) + run: sudo apt-get --assume-yes install graphviz + + # ----------------------------------------- + # Build documentation + # ----------------------------------------- + - name: Complete build with documentation + run: ./buildDoc + + # ----------------------------------------- + # Upload documentation + # ----------------------------------------- + - name: Archive documentation HTML + uses: actions/upload-artifact@v3 + with: + name: sechub-docs-html + path: sechub-doc/build/docs/final-html/ + retention-days: 14 + + - name: Archive documentation PDF + uses: actions/upload-artifact@v3 + with: + name: sechub-docs-pdf + path: sechub-doc/build/docs/asciidoc/*.pdf + retention-days: 14 + + # ----------------------------------------- + # Update and commit documentation for https://mercedes-benz.github.io/sechub/ + # ----------------------------------------- + - name: Update documentation - publish and commit + if: (inputs.publish-documentation != '') && (github.ref_name == env.ACTIONS_SECHUB_DOC_RELEASE_BRANCH) + run: | + git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)" + git config user.email "${{ inputs.publish-documentation }}" + git reset --hard + sechub-doc/helperscripts/publish+git-add-releasedocs.sh + git commit -m "docs update by '$GITHUB_TRIGGERING_ACTOR' (via github-actions)" + + # ----------------------------------------- + # Create pull request for documentation update + # ----------------------------------------- + - name: Update documentation - Create pull request + if: (inputs.publish-documentation != '') && (github.ref_name == env.ACTIONS_SECHUB_DOC_RELEASE_BRANCH) + id: pr_release_documentation + uses: peter-evans/create-pull-request@v5.0.2 + with: + branch: release-documentation + branch-suffix: short-commit-hash + delete-branch: true + title: '1 - Release documentation [auto-generated]' + body: | + Release of SecHub documentation + + -> Please review before merge. + + - name: Update documentation - Print PR infos + if: (inputs.publish-documentation != '') && (github.ref_name == env.ACTIONS_SECHUB_DOC_RELEASE_BRANCH) run: | - echo "Hello world" + echo "Pull Request Number - ${{ steps.pr_release_documentation.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.pr_release_documentation.outputs.pull-request-url }}" diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 9164eb65b3..b4a857eca6 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -26,7 +26,11 @@ jobs: with: java-version: 17 distribution: temurin - cache: gradle + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false - name: Set up Go uses: actions/setup-go@v4 @@ -112,33 +116,7 @@ jobs: path: sechub-cli/build/go retention-days: 14 - - name: Install graphviz (asciidoc diagrams) - run: sudo apt-get -qq --assume-yes install graphviz - - # ----------------------------------------- - # Build Documentation - # ----------------------------------------- - - name: Create documentation - run: ./gradlew documentation -Dsechub.build.stage=all - - # ----------------------------------------- - # Upload documentation - # ----------------------------------------- - - name: Archive documentation HTML - uses: actions/upload-artifact@v3 - with: - name: sechub-docs-html - path: sechub-doc/build/docs/final-html/ - retention-days: 14 - - - name: Archive documentation PDF - uses: actions/upload-artifact@v3 - with: - name: sechub-docs-pdf - path: sechub-doc/build/docs/asciidoc/*.pdf - retention-days: 14 - - - name: Archive documentation openAPI3 + - name: Archive openAPI3 JSON files uses: actions/upload-artifact@v3 with: name: sechub-api-spec diff --git a/.github/workflows/publish-libraries.yml b/.github/workflows/publish-libraries.yml index 0be93877b0..286c88ff8b 100644 --- a/.github/workflows/publish-libraries.yml +++ b/.github/workflows/publish-libraries.yml @@ -32,7 +32,11 @@ jobs: with: java-version: 17 distribution: temurin - cache: gradle + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false - name: Build run: ./gradlew clean build -x :sechub-integrationtest:test -x :sechub-cli:build @@ -63,24 +67,24 @@ jobs: name: git-status.txt path: build/reports/git-status.txt retention-days: 14 - + # ----------------------------------------- # Assert releaseable, so no dirty flags on releases # even when all artifact creation parts are done! # ----------------------------------------- - name: Assert releasable run: ./gradlew assertReleaseable - + # ************************************************** # Now let's create + publish a new LIBRARIES release # ************************************************** - # Publish to github packages + # Publish to github packages - name: Publish run: ./gradlew publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - + # Create release - name: Create libraries release id: create_libraries_release @@ -97,4 +101,4 @@ jobs: For details about changes look at [Milestone ${{github.event.inputs.milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{github.event.inputs.milestone-number}}?closed=1) draft: false prerelease: false - + diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml index cff93a3d60..eb8676f5b8 100644 --- a/.github/workflows/release-client-server-pds.yml +++ b/.github/workflows/release-client-server-pds.yml @@ -4,6 +4,8 @@ name: Release on: workflow_dispatch: inputs: + actor-email: + description: Insert your email address here. It will be used in the generated pull requests server-version: description: Server Version (e.g. 0.27.0) required: false @@ -42,6 +44,7 @@ jobs: steps: - name: "Show Inputs" run: | + echo "actor-email: '${{ inputs.actor-email }}'" echo "Server '${{ inputs.server-version }}' - Milestone '${{ inputs.server-milestone-number }}'" echo "Client '${{ inputs.client-version }}' - Milestone '${{ inputs.client-milestone-number }}'" echo "PDS '${{ inputs.pds-version }}' - Milestone '${{ inputs.pds-milestone-number }}'" @@ -89,7 +92,11 @@ jobs: with: java-version: 17 distribution: temurin - cache: gradle + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false - name: Set up Go uses: actions/setup-go@v4 @@ -123,8 +130,8 @@ jobs: - name: run apply-headers.sh id: apply-headers run: | - git config user.name "SecHub release job (github-actions)" - git config user.email github-actions-sechub@users.noreply.github.com + git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)" + git config user.email "${{ inputs.actor-email }}" ./apply-headers.sh git commit -am "SPDX headers added by SecHub release job @github-actions" || true COMMITS=`git log --oneline --branches --not --remotes` @@ -239,7 +246,7 @@ jobs: retention-days: 14 - name: Install graphviz (asciidoc diagrams) - run: sudo apt-get -qq --assume-yes install graphviz + run: sudo apt-get --assume-yes install graphviz # ----------------------------------------- # Build Documentation @@ -264,7 +271,7 @@ jobs: path: sechub-doc/build/docs/asciidoc/*.pdf retention-days: 14 - - name: Archive documentation openAPI3 + - name: Archive openAPI3 JSON files uses: actions/upload-artifact@v3 with: name: sechub-api-spec @@ -293,9 +300,6 @@ jobs: title: '1 - Release documentation [auto-generated]' body: | Release of SecHub documentation - - Server "${{ inputs.server-version }}" - - Client "${{ inputs.client-version }}" - - PDS "${{ inputs.pds-version }}" -> Please review and merge **before** publishing the release. diff --git a/.github/workflows/release-pds-tools.yml b/.github/workflows/release-pds-tools.yml index 5552e9978e..1031b35415 100644 --- a/.github/workflows/release-pds-tools.yml +++ b/.github/workflows/release-pds-tools.yml @@ -4,6 +4,8 @@ name: Release PDS-Tools on: workflow_dispatch: inputs: + actor-email: + description: Insert your email address here. It will be used in the generated pull requests pds-tools-version: description: PDS-Tools Version (e.g. 0.1.0) required: true @@ -18,9 +20,10 @@ jobs: - name: "Show Inputs" run: | + echo "actor-email: '${{ inputs.actor-email }}'" echo "PDS-Tools '${{ inputs.pds-tools-version }}' - Milestone '${{ inputs.pds-tools-milestone-number }}'" - # Check inputs if a milestone number is provided for each version to be released: + # Check inputs if a milestone number is provided for each version to be released: - name: "Verify Input: PDS-Tools" if: (inputs.pds-tools-version != '') && (inputs.pds-tools-milestone-number == '') run: | @@ -47,7 +50,11 @@ jobs: with: java-version: 17 distribution: temurin - cache: gradle + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false # ---------------------- # Create pull request if license headers are missing @@ -55,8 +62,8 @@ jobs: - name: run apply-headers.sh id: apply-headers run: | - git config user.name "SecHub release job (github-actions)" - git config user.email github-actions-sechub@users.noreply.github.com + git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)" + git config user.email "${{ inputs.actor-email }}" ./apply-headers.sh git commit -am "SPDX headers added by SecHub release job @github-actions" || true COMMITS=`git log --oneline --branches --not --remotes` diff --git a/.github/workflows/release-wrapper-checkmarx.yml b/.github/workflows/release-wrapper-checkmarx.yml index 6d0c0c25e4..1c0304c90c 100644 --- a/.github/workflows/release-wrapper-checkmarx.yml +++ b/.github/workflows/release-wrapper-checkmarx.yml @@ -4,6 +4,8 @@ name: Release Checkmarx wrapper on: workflow_dispatch: inputs: + actor-email: + description: Insert your email address here. It will be used in the generated pull requests checkmarx-wrapper-version: description: Checkmarx-wrapper Version (e.g. 1.0.0) required: true @@ -17,6 +19,7 @@ jobs: steps: - name: "Show Inputs" run: | + echo "actor-email: '${{ inputs.actor-email }}'" echo "Checkmarx-wrapper '${{ inputs.checkmarx-wrapper-version }}' - Milestone '${{ inputs.checkmarx-wrapper-milestone-number }}'" - name: Checkout branch master @@ -37,7 +40,11 @@ jobs: with: java-version: 17 distribution: temurin - cache: gradle + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false # ---------------------- # Create a pull request if license headers are missing @@ -45,8 +52,8 @@ jobs: - name: run apply-headers.sh id: apply-headers run: | - git config user.name "SecHub release job (github-actions)" - git config user.email github-actions-sechub@users.noreply.github.com + git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)" + git config user.email "${{ inputs.actor-email }}" ./apply-headers.sh git commit -am "SPDX headers added by SecHub release job @github-actions" || true COMMITS=`git log --oneline --branches --not --remotes` diff --git a/.github/workflows/release-wrapper-owaspzap.yml b/.github/workflows/release-wrapper-owaspzap.yml index e959d02641..0f3ff5511d 100644 --- a/.github/workflows/release-wrapper-owaspzap.yml +++ b/.github/workflows/release-wrapper-owaspzap.yml @@ -4,6 +4,8 @@ name: Release OWASP-ZAP wrapper on: workflow_dispatch: inputs: + actor-email: + description: Insert your email address here. It will be used in the generated pull requests owaspzap-wrapper-version: description: OWASP-ZAP Wrapper Version (e.g. 1.0.0) required: true @@ -18,6 +20,7 @@ jobs: steps: - name: Show Inputs run: | + echo "actor-email: '${{ inputs.actor-email }}'" echo "OWASP-ZAP Wrapper '${{ inputs.owaspzap-wrapper-version }}' - Milestone '${{ inputs.owaspzap-wrapper-milestone-number }}'" - name: Checkout branch master @@ -38,7 +41,11 @@ jobs: with: java-version: 17 distribution: temurin - cache: gradle + + - name: Set up Gradle + uses: gradle/gradle-build-action@v2 + with: + cache-read-only: false # ---------------------- # Create a pull request if license headers are missing @@ -46,8 +53,8 @@ jobs: - name: run apply-headers.sh id: apply-headers run: | - git config user.name "SecHub release job (github-actions)" - git config user.email github-actions-sechub@users.noreply.github.com + git config user.name "$GITHUB_TRIGGERING_ACTOR (via github-actions)" + git config user.email "${{ inputs.actor-email }}" ./apply-headers.sh git commit -am "SPDX headers added by SecHub release job @github-actions" || true COMMITS=`git log --oneline --branches --not --remotes` diff --git a/buildSrc/src/main/groovy/VersionData.groovy b/buildSrc/src/main/groovy/VersionData.groovy index 62d59e4b4f..ebf7e25f47 100644 --- a/buildSrc/src/main/groovy/VersionData.groovy +++ b/buildSrc/src/main/groovy/VersionData.groovy @@ -9,7 +9,7 @@ class VersionData{ private static final String ID_WEBSITE = "website" private static final String ID_WRAPPER_CHECKMARX = "checkmarx wrapper" private static final String ID_WRAPPER_OWASPZAP = "owasp-zap wrapper" - + private StringBuilder debugInfo = new StringBuilder(); private Map map = new HashMap<>(); @@ -18,35 +18,35 @@ class VersionData{ boolean containingAtLeastOneRealReleaseVersion public VersionData(){ - + /* initialize */ - initialize(ID_CLIENT, "Client ") + initialize(ID_CLIENT, "Client") initialize(ID_LIBRARIES,"Libraries") - initialize(ID_PDS, "PDS ") + initialize(ID_PDS, "PDS") initialize(ID_PDS_TOOLS,"PDS-Tools") - initialize(ID_SERVER, "Server ") + initialize(ID_SERVER, "Server") initialize(ID_WEBSITE, "Website") initialize(ID_WRAPPER_CHECKMARX, "Checkmarx Wrapper") initialize(ID_WRAPPER_OWASPZAP, "OWASP-ZAP Wrapper") } public class VersionInfo{ - + String fullVersion String shortVersion String id String text public String describe(){ - return "- "+text+" :"+shortVersion+" ["+fullVersion+"]" + return text.padLeft(17)+": "+shortVersion+" ("+fullVersion+")" } } void initialize(String id,String text){ - + VersionInfo info = new VersionInfo() - + info.id=id; info.text=text; info.fullVersion="undefined-long-"+id+"version" @@ -102,10 +102,10 @@ class VersionData{ public String getWebsiteVersion(){ return map.get(ID_WEBSITE).getShortVersion() } - + public String getDebugInfo(){ - - return "Debug info:\ncontainingAtLeastOneDirtyReleaseVersion=$containingAtLeastOneDirtyReleaseVersion\ncontainingAtLeastOneRealReleaseVersion=$containingAtLeastOneRealReleaseVersion\n\n$debugInfo"; + + return "Debug info:\ncontainingAtLeastOneDirtyReleaseVersion=$containingAtLeastOneDirtyReleaseVersion\ncontainingAtLeastOneRealReleaseVersion=$containingAtLeastOneRealReleaseVersion\n\n$debugInfo"; } @@ -116,14 +116,14 @@ class VersionData{ private void inspectReleaseVersion(String versionType, String longVersionName){ debugInfo.append("\ninspect $versionType release version: long version=$longVersionName\n") debugInfo.append("- at least one release found : $containingAtLeastOneRealReleaseVersion, one release dirty: $containingAtLeastOneDirtyReleaseVersion\n") - + if (longVersionName.startsWith("0.0.0")){ /* not a correct release version so ignore */ return } containingAtLeastOneDirtyReleaseVersion=containingAtLeastOneDirtyReleaseVersion || longVersionName.contains("dirty") containingAtLeastOneRealReleaseVersion=true - + debugInfo.append("- updated data") debugInfo.append("- at least one release found : $containingAtLeastOneRealReleaseVersion, one release dirty: $containingAtLeastOneDirtyReleaseVersion\n") } diff --git a/gradle/build-versioning.gradle b/gradle/build-versioning.gradle index dba17a7c43..d412d3c89f 100644 --- a/gradle/build-versioning.gradle +++ b/gradle/build-versioning.gradle @@ -20,7 +20,7 @@ ext.versionData=new VersionData() buildVersionFiles() -/* the former call to buildVersionFiles() did setup our version data - now we +/* the former call to buildVersionFiles() did setup our version data - now we * can fetch the server version and all other versions */ version = versionData.getServerVersion() @@ -32,8 +32,9 @@ allprojects{ def buildVersionFiles(){ - println("BUILD versioning") - + + println("BUILD versioning:") + def start = new Date() // This file contains some logic for calculation of the version number @@ -57,7 +58,9 @@ def buildVersionFiles(){ def noUnstagedChanges = unstagedChanges.getAllChanges().isEmpty() def noStagedChanges = stagedChanges.getAllChanges().isEmpty() def hasChanged = !noUnstagedChanges || !noStagedChanges - def buildNumber= getBuildNr() + def buildNumber = getBuildNr() + def docsTimeStamp = getLocalBuildNr() + def currentGitCommit = git.head().abbreviatedId // ------------------------ // - Client @@ -72,26 +75,65 @@ def buildVersionFiles(){ def clientVersionFile = new File('./sechub-cli/src/mercedes-benz.com/sechub/cli/version.go') clientVersionFile.write(clientGoVersionCode) - /* write version info also as asciidoc file*/ + /* Latest tagged client version as asciidoc file (#2285) */ + def latestClientTagCmd = [ + 'sh', + '-c', + 'git tag -l --sort=-creatordate | grep -e \'^v.*-client$\' | head -1' + ] + def latestClientTag = latestClientTagCmd.execute().text.trim() + def latestClientVersion = latestClientTag - 'v' + latestClientVersion = latestClientVersion - "-client" + // Mark as modified when built after release + if (latestClientVersion != clientVersionInfo.getShortVersion()) { + latestClientVersion = latestClientVersion + " modified (commit " + currentGitCommit + ")" + } def clientVersionAsciiDocFile = new File('./sechub-doc/src/docs/asciidoc/documents/gen/client-version.adoc') - clientVersionAsciiDocFile.write("// SPDX-License-Identifier: MIT\n:revnumber: Client "+clientVersionInfo.getShortVersion()+"\n:longrevnumber: Client "+clientVersionInfo.getFullVersion()+"\n") + clientVersionAsciiDocFile.write("// SPDX-License-Identifier: MIT\n:revnumber: Client "+latestClientVersion+"\n:longrevnumber: Client "+latestClientVersion+" - Build date: "+docsTimeStamp+"\n") // ------------------------ // - Server // ------------------------ + def serverVersionInfo = versionData.defineVersion("Server",buildVersionString(serverVersionCommitTag, hasChanged,buildNumber)) - /* write version info also as asciidoc file*/ + /* Latest tagged server version as asciidoc file (#2285) */ + def latestServerTagCmd = [ + 'sh', + '-c', + 'git tag -l --sort=-creatordate | grep -e \'^v.*-server$\' | head -1' + ] + def latestServerTag = latestServerTagCmd.execute().text.trim() + def latestServerVersion = latestServerTag - 'v' + latestServerVersion = latestServerVersion - "-server" + // Mark as modified when built after release + if (latestServerVersion != serverVersionInfo.getShortVersion()) { + latestServerVersion = latestServerVersion + " modified (commit " + currentGitCommit + ")" + } def serverVersionAsciiDocFile = new File('./sechub-doc/src/docs/asciidoc/documents/gen/server-version.adoc') - serverVersionAsciiDocFile.write("// SPDX-License-Identifier: MIT\n:revnumber: Server "+serverVersionInfo.getShortVersion()+"\n:longrevnumber: Server "+serverVersionInfo.getFullVersion()+"\n") + serverVersionAsciiDocFile.write("// SPDX-License-Identifier: MIT\n:revnumber: Server "+latestServerVersion+"\n:longrevnumber: Server "+latestServerVersion+" - Build date: "+docsTimeStamp+"\n") // ------------------------ // - PDS // ------------------------ + def pdsVersionInfo = versionData.defineVersion("PDS",buildVersionString(pdsVersionCommitTag, hasChanged,buildNumber)) - /* write version info also as asciidoc file*/ + + /* Latest tagged pds version as asciidoc file (#2285) */ + def latestPDSTagCmd = [ + 'sh', + '-c', + 'git tag -l --sort=-creatordate | grep -e \'^v.*-pds$\' | head -1' + ] + def latestPDSTag = latestPDSTagCmd.execute().text.trim() + def latestPDSVersion = latestPDSTag - 'v' + latestPDSVersion = latestPDSVersion - "-pds" + // Mark as modified when built after release + if (latestPDSVersion != pdsVersionInfo.getShortVersion()) { + latestPDSVersion = latestPDSVersion + " modified (commit " + currentGitCommit + ")" + } def pdsVersionAsciiDocFile = new File('./sechub-doc/src/docs/asciidoc/documents/gen/pds-version.adoc') - pdsVersionAsciiDocFile.write("// SPDX-License-Identifier: MIT\n:revnumber: PDS "+pdsVersionInfo.getShortVersion()+"\n:longrevnumber: PDS "+pdsVersionInfo.getFullVersion()+"\n") + pdsVersionAsciiDocFile.write("// SPDX-License-Identifier: MIT\n:revnumber: PDS "+latestPDSVersion+"\n:longrevnumber: PDS "+latestPDSVersion+" - Build date: "+docsTimeStamp+"\n") // ------------------------ // - PDS tools diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java index 18bbe84d98..bfe18f5c7e 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java @@ -86,10 +86,10 @@ public void listUserSignups_results_in_a_filled_list_when_2_signups_exist() thro ). andExpect(status().isOk()). andExpect(jsonPath("$.[0].userId", equalTo("sechub.test1"))). - andExpect(jsonPath("$.[0].emailAdress", equalTo("sechub.test1@example.org"))). + andExpect(jsonPath("$.[0].emailAddress", equalTo("sechub.test1@example.org"))). andExpect(jsonPath("$.[1].userId", equalTo("sechub.test2"))). - andExpect(jsonPath("$.[1].emailAdress", equalTo("sechub.test2@example.org")) + andExpect(jsonPath("$.[1].emailAddress", equalTo("sechub.test2@example.org")) ); diff --git a/sechub-api-java/src/main/resources/reduced-openapi3.json b/sechub-api-java/src/main/resources/reduced-openapi3.json index 6c42105560..51d42f5f93 100644 --- a/sechub-api-java/src/main/resources/reduced-openapi3.json +++ b/sechub-api-java/src/main/resources/reduced-openapi3.json @@ -3149,16 +3149,6 @@ } } }, - "JobId": { - "title": "JobId", - "type": "object", - "properties": { - "jobId": { - "type": "string", - "description": "A unique job id" - } - } - }, "ProjectWhitelistUpdate": { "title": "ProjectWhitelistUpdate", "type": "object", @@ -3181,6 +3171,16 @@ } } }, + "JobId": { + "title": "JobId", + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "A unique job id" + } + } + }, "JobStatus": { "title": "JobStatus", "type": "object", diff --git a/sechub-developertools/scripts/sechub-api.sh b/sechub-developertools/scripts/sechub-api.sh index fc7e8f18b9..a09e69ec1c 100755 --- a/sechub-developertools/scripts/sechub-api.sh +++ b/sechub-developertools/scripts/sechub-api.sh @@ -799,7 +799,7 @@ function generate_sechub_user_signup_data { { "apiVersion":"$SECHUB_API_VERSION", "userId":"$1", - "emailAdress":"$2" + "emailAddress":"$2" } EOF } diff --git a/sechub-doc/build.gradle b/sechub-doc/build.gradle index 65423bc1b5..51cf818831 100644 --- a/sechub-doc/build.gradle +++ b/sechub-doc/build.gradle @@ -17,7 +17,7 @@ dependencies { 'sechub-pds-tools', /* only pds tooling + avoid cycles */ 'sechub-api-java', /* the api project needs sechub-doc tests (and compile) for open api json files. So we may not have this as relation! */ 'sechub-systemtest', /* avoid cyclic dependency, see AdoptedSystemTestDefaultFallbacks javadoc for more information */ - + ] /* fetch all sub projects, except unwanted and all only used for testing */ for (Project inspectedProject: rootProject.allprojects){ @@ -39,11 +39,11 @@ dependencies { continue } if (projectName.endsWith('testframework')){ - // testframework projects are always not wanted + // testframework projects are always not wanted continue } if (unwanted.contains(projectName)){ - // special unwanted - so inore + // special unwanted - so inore continue } wanted << projectName @@ -51,10 +51,10 @@ dependencies { } /* all projects are added as implementation, so can be inspected by Reflections */ for (String wantedProjectName: wanted){ - implementation project(":${wantedProjectName}") + implementation project(":${wantedProjectName}") } implementation library.apache_commons_io - + testImplementation library.epages_restdoc_api_spec_mockmvc testImplementation project(':sechub-commons-model-testframework') @@ -81,10 +81,10 @@ task dropOldGeneratedAsciidoc(dependsOn: 'test'){ doFirst { //cleanup former old data delete fileTree ( - dir: "${targetAsciiDocGenFolder}", - // *-version.adoc files are generated iniital by each gradle call and may not be deleted + dir: "${targetAsciiDocGenFolder}", + // *-version.adoc files are generated iniital by each gradle call and may not be deleted exclude: ['README.md','.gitignore','*-version.adoc']) - } + } } task generateAsciidoc(type: JavaExec, dependsOn: 'dropOldGeneratedAsciidoc') { @@ -122,7 +122,7 @@ asciidoctor { outputOptions { backends "html5", "pdf" - + separateOutputDirs = false } @@ -184,12 +184,12 @@ asciidoctor { asciidoctorj { version = "${libraryVersion.asciidoctor_j}" - + // Enable jdiagram support (new way) // see https://asciidoctor.github.io/asciidoctor-gradle-plugin/development-3.x/user-guide/#diagram modules { - diagram.use() - diagram.version "${libraryVersion.asciidoctor_j_diagram}" + diagram.use() + diagram.version "${libraryVersion.asciidoctor_j_diagram}" } } @@ -258,7 +258,7 @@ task buildDoc(type: Exec){ workingDir = "${rootProject.projectDir}" - commandLine = "./buildDoc" + commandLine = "./buildDoc" } task createDownloadLinks(type: Exec) { diff --git a/sechub-doc/helperscripts/publish+git-add-releasedocs.sh b/sechub-doc/helperscripts/publish+git-add-releasedocs.sh index df30230729..5358bb49b2 100755 --- a/sechub-doc/helperscripts/publish+git-add-releasedocs.sh +++ b/sechub-doc/helperscripts/publish+git-add-releasedocs.sh @@ -7,7 +7,7 @@ DEST_DIR="../docs/latest" IMAGE_DIR="images" GIT_RELEASE_BRANCH="master" -function add_changed_images(){ +function add_changed_images { pushd "$SOURCE_DIR/" >/dev/null 2>&1 local imagefiles=`ls $IMAGE_DIR/*` popd >/dev/null 2>&1 @@ -22,28 +22,19 @@ function add_changed_images(){ echo } -function add_files(){ - local product="$1" - local files_to_add="" - echo -n "# Adding files for '$product': " - - case "$product" in - client) - files_to_add="sechub-client.html client-download.html" - ;; - pds) - files_to_add="sechub-product-delegation-server.html pds-download.html" - ;; - server) - files_to_add="sechub-architecture.html sechub-developer-quickstart-guide.html sechub-getting-started.html sechub-operations.html sechub-restapi.html sechub-techdoc.html server-download.html" - ;; - *) - echo "Ignoring unknown product name '$product' in git tag." - ;; - esac - echo $files_to_add +function add_changed_html_files { + pushd "$SOURCE_DIR/" >/dev/null 2>&1 + local htmlfiles=`ls *.html` + popd >/dev/null 2>&1 - FILE_LIST="$FILE_LIST $files_to_add" + echo -n "# Adding changed or new html files:" + for htmlfile in $htmlfiles ; do + if ! cmp --silent "$SOURCE_DIR/$htmlfile" "$DEST_DIR/$htmlfile" ; then + echo -n " '$htmlfile'" + FILE_LIST="$FILE_LIST $htmlfile" + fi + done + echo } ####################### @@ -56,17 +47,15 @@ if [ "$BRANCH" != "$GIT_RELEASE_BRANCH" ] ; then exit 1 fi -# Always update images directory (changed files only) +# Update images directory (changed files only) add_changed_images -# Iterate over tags of git HEAD. (e.g. v1.0.0-client, v1.0.0-server, v1.0.0-pds) -while read tag; do - add_files $(echo "$tag" | awk -F "-" '{print $NF}') -done < <(git tag --points-at HEAD) +# Add changed html files +add_changed_html_files # Copy files to destination and stage them for commit for file in $FILE_LIST ; do - /bin/cp "$SOURCE_DIR/$file" "$DEST_DIR/$file" + /bin/cp "$SOURCE_DIR/$file" "$DEST_DIR/$file" echo "git add -f \"$DEST_DIR/$file\"" git add -f "$DEST_DIR/$file" done diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java index d884a1b946..9b646168ad 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java @@ -97,7 +97,7 @@ public void restdoc_list_user_signups() throws Exception { header(AuthenticationHelper.HEADER_NAME, AuthenticationHelper.getHeaderValue()) ). andExpect(status().isOk()). - andExpect(content().json("[{\"userId\":\"johnsmith\",\"emailAdress\":\"john.smith@example.com\"},{\"userId\":\"janesmith\",\"emailAdress\":\"jane.smith@example.com\"}]")). + andExpect(content().json("[{\"userId\":\"johnsmith\",\"emailAddress\":\"john.smith@example.com\"},{\"userId\":\"janesmith\",\"emailAddress\":\"jane.smith@example.com\"}]")). andDo(defineRestService(). with(). useCaseData(useCase). @@ -111,7 +111,7 @@ public void restdoc_list_user_signups() throws Exception { responseFields( fieldWithPath("[]").description("List of user signups").optional(), fieldWithPath("[]."+RestDocPathParameter.USER_ID.paramName()).type(JsonFieldType.STRING).description("The user id"), - fieldWithPath("[].emailAdress").type(JsonFieldType.STRING).description("The email address") + fieldWithPath("[].emailAddress").type(JsonFieldType.STRING).description("The email address") ) ) ); diff --git a/sechub-pds-solutions/multi/05-start-single-sechub-network-docker-compose.sh b/sechub-pds-solutions/multi/05-start-single-sechub-network-docker-compose.sh old mode 100755 new mode 100644 index 20b42cde8c..a07d20c30f --- a/sechub-pds-solutions/multi/05-start-single-sechub-network-docker-compose.sh +++ b/sechub-pds-solutions/multi/05-start-single-sechub-network-docker-compose.sh @@ -17,4 +17,4 @@ export BUILDKIT_PROGRESS=plain export DOCKER_BUILDKIT=1 echo "Starting single container." -docker compose --file docker-compose_pds_multi.yaml up --build --remove-orphans \ No newline at end of file +docker compose --file docker-compose_pds_multi_external-network.yaml up --build --remove-orphans \ No newline at end of file diff --git a/sechub-pds-solutions/multi/05-stop-single-sechub-network-docker-compose.sh b/sechub-pds-solutions/multi/05-stop-single-sechub-network-docker-compose.sh new file mode 100644 index 0000000000..53e1a92e3d --- /dev/null +++ b/sechub-pds-solutions/multi/05-stop-single-sechub-network-docker-compose.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: MIT + +cd "$(dirname "$0")" || exit 1 + +docker compose --file docker-compose_pds_multi.yaml down --remove-orphans diff --git a/sechub-pds-solutions/multi/tests/README.adoc b/sechub-pds-solutions/multi/tests/README.adoc new file mode 100644 index 0000000000..c1eeb96495 --- /dev/null +++ b/sechub-pds-solutions/multi/tests/README.adoc @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT += System Tests + +== Steps + +. Download `sechub-pds-tools-cli-x.y.z.jar` from the releases: https://github.com/mercedes-benz/sechub/releases/. +. Copy `sechub-pds-tools-cli-x.y.z.jar` into this folder. +. Run system test ++ +Example: ++ +---- +java -jar sechub-pds-tools-cli-1.0.0.jar systemtest --file systemtest_local.json --pds-solutions-rootfolder ../../ --sechub-solution-rootfolder ../../../sechub-solution +---- \ No newline at end of file diff --git a/sechub-pds-solutions/multi/tests/clone_repo.sh b/sechub-pds-solutions/multi/tests/clone_repo.sh new file mode 100644 index 0000000000..54a98cc134 --- /dev/null +++ b/sechub-pds-solutions/multi/tests/clone_repo.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: MIT + +current_test_folder="$1" +vulnerable_repo="$2" + +if [[ ! -d "$current_test_folder" ]] +then + echo "Target folder is empty" + exit 1 +fi + +if [[ -z "$vulnerable_repo" ]] +then + echo "No vulnerable application repository provided" + exit 1 +fi + +cd "$current_test_folder" + +echo "cloning: $vulnerable_repo" +git clone "$vulnerable_repo" \ No newline at end of file diff --git a/sechub-pds-solutions/multi/tests/systemtest_local.json b/sechub-pds-solutions/multi/tests/systemtest_local.json new file mode 100644 index 0000000000..3ceec8df3f --- /dev/null +++ b/sechub-pds-solutions/multi/tests/systemtest_local.json @@ -0,0 +1,77 @@ +{ + "setup" : { + "local" : { + "secHub" : { + "admin" : { + "userId" : "admin", + "apiToken" : "myTop$ecret!" + }, + "start" : [ { + "script" : { + "path" : "./01-start-single-docker-compose.sh" + } + } ], + "configure" : { + "executors" : [ { + "pdsProductId" : "PDS_BANDIT", + "name" : "system-test-codescan-bandit", + "parameters" : { + "sechub.productexecutor.pds.adapter.resilience.retry.wait.milliseconds" : 3000, + "sechub.productexecutor.pds.adapter.resilience.retry.max" : 20, + "pds.config.use.sechub.storage" : false + } + } ] + }, + "stop" : [ { + "script" : { + "path" : "./01-stop-single-docker-compose.sh" + } + } ] + }, + "pdsSolutions" : [ { + "name" : "multi", + "url" : "https://pds-multi:8444/", + "waitForAvailable" : false, + "start" : [ { + "script" : { + "path" : "./05-start-single-sechub-network-docker-compose.sh" + } + } ], + "stop" : [ { + "script" : { + "path" : "./05-stop-single-sechub-network-docker-compose.sh" + } + } ], + "techUser" : { + "userId" : "techuser", + "apiToken" : "pds-apitoken" + } + } ] + } + }, + "tests" : [ { + "name" : "vulnerable-python", + "prepare" : [ { + "script" : { + "arguments" : [ "${runtime.currentTestFolder}", "https://github.com/alexdd/vulnerable-python.git" ], + "path" : "./clone_repo.sh" + } + } ], + "execute" : { + "runSecHubJob" : { + "uploads" : [ { + "sourceFolder" : "." + } ], + "codeScan" : { } + } + }, + "assert" : [ { + "sechubResult" : { + "hasTrafficLight" : "YELLOW", + "containsStrings" : { + "values" : [ "result", "SUCCESS", "jobUUID", "reportVersion", "MEDIUM", "severity", "sql_injection.py" ] + } + } + } ] + } ] +} \ No newline at end of file diff --git a/sechub-server/src/main/resources/db/migration/U27__rename_emailAdress_column.sql b/sechub-server/src/main/resources/db/migration/U27__rename_emailAdress_column.sql new file mode 100644 index 0000000000..179bfdec39 --- /dev/null +++ b/sechub-server/src/main/resources/db/migration/U27__rename_emailAdress_column.sql @@ -0,0 +1,3 @@ +-- SPDX-License-Identifier: MIT +ALTER TABLE adm_user_selfregistration + RENAME COLUMN email_address TO email_adress; diff --git a/sechub-server/src/main/resources/db/migration/V27__rename_emailAdress_column.sql b/sechub-server/src/main/resources/db/migration/V27__rename_emailAdress_column.sql new file mode 100644 index 0000000000..bb7a404751 --- /dev/null +++ b/sechub-server/src/main/resources/db/migration/V27__rename_emailAdress_column.sql @@ -0,0 +1,3 @@ +-- SPDX-License-Identifier: MIT +ALTER TABLE adm_user_selfregistration + RENAME COLUMN email_adress TO email_address;