Merge branch 'eclipse-tractusx:main' into feat/Extend-error-states-v6

.github/workflows/app-test-charts.yaml

@@ -187,5 +187,5 @@ jobs:
           helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
           helm install bpdm-test tractusx-dev/bpdm ${{ github.event.inputs.upgrade_from && '--version github.event.inputs.upgrade_from' || '' }}
           helm dependency update charts/bpdm
-          helm upgrade bpdm-test charts/bpdm
+          helm upgrade --set centralidp.keycloak.postgresql.auth.postgresPassword=test --set centralidp.keycloak.postgresql.auth.password=test --set centralidp.keycloak.postgresql.auth.replicationPassword=test  bpdm-test charts/bpdm
 

.github/workflows/app-test-trivy.yaml

@@ -55,7 +55,7 @@ jobs:
           load: true
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.22.0
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           image-ref: "bpdm-${{ inputs.app }}:test"
           exit-code: "1"

.github/workflows/deploy-docker.yaml

@@ -67,15 +67,25 @@ jobs:
         id: dockerTags
         run: |
           FULL_IMAGE_NAME="${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}"
-          SUFFIX="${{ steps.semVer.outputs.prerelease == 'SNAPSHOT' && '-SNAPSHOT' || '' }}"
+          SUFFIX="${{ steps.semVer.outputs.prerelease &&  '-' || '' }}${{ steps.semVer.outputs.prerelease }}"
           MAJOR="${{ steps.semVer.outputs.major }}"
           MINOR="${MAJOR}.${{ steps.semVer.outputs.minor }}"
           PATCH="${MINOR}.${{ steps.semVer.outputs.patch }}"
           LATEST_TAG="${FULL_IMAGE_NAME}:latest${SUFFIX}"
           MAJOR_TAG="${FULL_IMAGE_NAME}:${MAJOR}${SUFFIX}"
           MINOR_TAG="${FULL_IMAGE_NAME}:${MINOR}${SUFFIX}"
           PATCH_TAG="${FULL_IMAGE_NAME}:${PATCH}${SUFFIX}"
-          echo "tags=${LATEST_TAG},${MAJOR_TAG},${MINOR_TAG},${PATCH_TAG}" >> $GITHUB_OUTPUT
+          if ${{ steps.semVer.outputs.prerelease == 'SNAPSHOT' &&  true || false }}; then 
+            ALL_TAGS="${LATEST_TAG},${PATCH_TAG}" 
+          else 
+             if ${{ steps.semVer.outputs.prerelease &&  true || false }}; then
+               ALL_TAGS="${PATCH_TAG}" 
+             else
+               ALL_TAGS="${LATEST_TAG},${MAJOR_TAG},${MINOR_TAG},${PATCH_TAG}"
+             fi
+          fi
+          echo "tags=${ALL_TAGS}" >> $GITHUB_OUTPUT
+          echo "tags=${ALL_TAGS}"
 
       - name: DockerHub login
         uses: docker/login-action@v3

.github/workflows/trivy.yml

@@ -45,7 +45,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: "config"
           # ignore-unfixed: true
@@ -78,7 +78,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           # Path to Docker image
-          image-ref: "docker.io/tractusx/bpdm-pool:latest-alpha"
+          image-ref: "docker.io/tractusx/bpdm-pool:latest"
           format: "sarif"
           output: "trivy-results2.sarif"
           exit-code: "0"
@@ -108,10 +108,10 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           # Path to Docker image
-          image-ref: "docker.io/tractusx/bpdm-gate:latest-alpha"
+          image-ref: "docker.io/tractusx/bpdm-gate:latest"
           format: "sarif"
           output: "trivy-results3.sarif"
           exit-code: "0"
@@ -141,10 +141,10 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           # Path to Docker image
-          image-ref: "docker.io/tractusx/bpdm-cleaning-service-dummy:latest-alpha"
+          image-ref: "docker.io/tractusx/bpdm-cleaning-service-dummy:latest"
           format: "sarif"
           output: "trivy-results4.sarif"
           exit-code: "0"
@@ -174,10 +174,10 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           # Path to Docker image
-          image-ref: "docker.io/tractusx/bpdm-orchestrator:latest-alpha"
+          image-ref: "docker.io/tractusx/bpdm-orchestrator:latest"
           format: "sarif"
           output: "trivy-results4.sarif"
           exit-code: "0"

.github/workflows/trufflehog.yml

@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+name: "TruffleHog"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * *" # Once a day
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+  id-token: write
+  issues: write
+
+jobs:
+  ScanSecrets:
+    name: Scan secrets
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Ensure full clone for pull request workflows
+
+      - name: TruffleHog OSS
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@bd5e28742553ef0649d7af310dc4e3755f070b36 #v3.83.2
+        continue-on-error: true
+        with:
+          path: ./  # Scan the entire repository
+          base: "${{ github.event.repository.default_branch }}"  # Set base branch for comparison (pull requests)
+          extra_args: --filter-entropy=4 --results=verified,unknown --debug
+
+      - name: Scan Results Status
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1  # Set workflow run to failure if TruffleHog finds secrets

.gitignore

@@ -19,13 +19,13 @@ target
 #local database data
 /db
 #Helm dependencies
-/charts/bpdm/Chart.lock
-/charts/bpdm/charts/Chart.lock
-/charts/bpdm/charts/bpdm-gate/Chart.lock
-/charts/bpdm/charts/bpdm-pool/Chart.lock
+/charts/bpdm/**/Chart.lock
 /charts/bpdm/charts/**/*.tgz
 #Developer application properties
 application-developer.properties
 application-developer.yml
 *.drawio.svg.bkp
 /docker/compose/**/.env
+.flattened-pom.xml
+#Mac
+**/.DS_Store

CHANGELOG.md

@@ -6,28 +6,62 @@ The format is based on Keep a Changelog (https://keepachangelog.com/en/1.0.0/),
 
 For changes to the BPDM Helm charts please consult the [changelog](charts/bpdm/CHANGELOG.md) of the charts directly.
 
+## [6.2.0] - tbd
+
+### Added
+
+- BPDM Pool: Post endpoint to create a site for LegalAndSiteMainAddress addressType.([#739](https://github.com/eclipse-tractusx/sig-release/issues/739))
+- BPDM Orchestrator: Endpoint for checking the result state of given tasks
+- BPDM Orchestrator: Endpoint for getting event log for finished tasks
+- BPDM Pool: Enhanced data model for IdentifierTypes by adding three new fields/attributes: abbreviation, transliteratedName, and transliteratedAbbreviation.([#605](https://github.com/eclipse-tractusx/sig-release/issues/605))
+- BPDM Pool: Add CX endpoints for searching and updating the CX membership information of legal entities.([#1069](https://github.com/eclipse-tractusx/bpdm/issues/1069))
+
+
+### Changed
+
+- BPDM Gate: Fix possible out of memory exception when handling large golden record process requests
+- BPDM Pool: Fix not resolving golden record tasks on exceptions
+- BPDM Gate: Fixed Gate not resending business partner data to the golden record process on error sharing state when member sends the exact same business partner again
+- BPDM Orchestrator: Search task endpoint now requires the private record ID for each task. This means only the task creator is able to fetch the task state
+- BPDM Orchestrator: Now aborts tasks that are outdated (that is when a Gate will send newer business partner data for the same record to the golden record process)
+- BPDM Pool & Gate: Reduce standard batch size for golden record task processing ([#1032](https://github.com/eclipse-tractusx/bpdm/pull/1032))
+- BPDM Orchestrator: Fix possible out-of-memory exception during the execution of large volumes of tasks ([#1029](https://github.com/eclipse-tractusx/bpdm/pull/1029))
+- BPDM Cleaning Service Dummy: Add whitespaces between name parts when creating legal name from them
+- BPDM Cleaning Service Dummy: Improve duplication check to better distinguish between incoming business partners
+- Apps: Updated double precision data type for Geographic-data([#978](https://github.com/eclipse-tractusx/bpdm/issues/978))
+- BPDM Gate: Improved error response by adding external id details and reduced csv columns by removing support for uncategorized fields in csv file for partner upload process([#700](https://github.com/eclipse-tractusx/sig-release/issues/700))
+- BPDM Cleaning Service Dummy: Added a null check for name parts to ensure proper whitespace handling when constructing the legal name from them.
+- BPDM Gate: Enabled Tax Jurisdiction code to save it to the Output.
+- BPDM Cleaning Service Dummy: Removed assignment of uncategorized states while performing cleaning legal entity process.
+- BPDM Gate: Fixed construction logic for states and identifiers by enabling business partner type
+- BPDM Gate: Fixed logic for identifiers to retrieve only generic type on output business partner
+- BPDM Gate: Fixed construction logic for states and identifiers by enabling business partner type 
+- BPDM Pool: When processing golden record tasks the Pool now ignores isCatenaXMemberData field if it is set to null. ([#1069](https://github.com/eclipse-tractusx/bpdm/issues/1069))
+- BPDM Gate: Fixed gate output logic to provide states based on business partner type.
+- BPDM Cleaning Service Dummy: Removed assignment of uncategorized identifier while performing cleaning task process.  
+
 ## [6.1.0] - [2024-07-15]
 
 ### Added
 
-- BPDM Gate: Post endpoint to upload business partner input data using csv file.(#700)
-- BPDM Gate: GET endpoint to download the csv file template for business partner upload. (#700)
-- Apps: Tax Jurisdiction Code to the physical address of a business partner (#955)
-- BPDM Orchestrator: Tasks will now be persisted
-- BPDM Orchestrator: Tasks now come with a gate record identifier. This makes it possible for cleaning services to match tasks for the same Gate record 
+- BPDM Gate: Post endpoint to upload business partner input data using csv file.([#700](https://github.com/eclipse-tractusx/sig-release/issues/700))
+- BPDM Gate: GET endpoint to download the csv file template for business partner upload. ([#700](https://github.com/eclipse-tractusx/sig-release/issues/700))
+- Apps: Tax Jurisdiction Code to the physical address of a business partner ([#955](https://github.com/eclipse-tractusx/bpdm/issues/955))
+- BPDM Orchestrator: Tasks will now be persisted ([#722](https://github.com/eclipse-tractusx/sig-release/issues/722))
+- BPDM Orchestrator: Tasks now come with a gate record identifier. This makes it possible for cleaning services to match tasks for the same Gate record ([#711](https://github.com/eclipse-tractusx/sig-release/issues/711)) 
 
 ### Changed:
 
-- BPDM Gate: Fix sending business partner data to the golden record service even when they have no changes
-- BPDM Gate: Fix sharing states sometimes taking the wrong task id from the orchestrator
+- BPDM Gate: Fix sending business partner data to the golden record service even when they have no changes ([#988](https://github.com/eclipse-tractusx/bpdm/pull/988))
+- BPDM Gate: Fix sharing states sometimes taking the wrong task id from the orchestrator ([#989](https://github.com/eclipse-tractusx/bpdm/pull/989))
 
 
 ## [6.0.2] - [2024-07-03]
 
 ### Changed
 
-- BPDM Gate: Now sends alternative addresses which are NULL correctly to the Orchestrator
-- BPDM Pool: Changed Checksum generation algorithm: Now checksum includes the BPN with prefix
+- BPDM Gate: Now sends alternative addresses which are NULL correctly to the Orchestrator ([#801](https://github.com/eclipse-tractusx/portal-backend/issues/801))
+- BPDM Pool: Changed Checksum generation algorithm: Now checksum includes the BPN with prefix ([#699](https://github.com/eclipse-tractusx/sig-release/issues/699))
 
 
 ## [6.0.1] - [2024-05-27]