From 1220a64eaaa28b12a7afdd252d6ecd4ee84b9211 Mon Sep 17 00:00:00 2001 From: Denis Yuen Date: Tue, 28 Nov 2023 11:04:36 -0500 Subject: [PATCH] hook up some testing to help avoid broken dependencies --- .github/CONTRIBUTING.md | 23 +++++++++++++ .github/ISSUE_TEMPLATE/bug_report.md | 40 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 8 +++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 +++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 33 ++++++++++++++++++ .github/dependabot.yml | 39 +++++++++++++++++++++ .github/workflows/.mvnw.yml.swp | Bin 0 -> 12288 bytes .github/workflows/mvnw.yml | 37 ++++++++++++++++++++ pom.xml | 15 ++++++-- 9 files changed, 212 insertions(+), 3 deletions(-) create mode 100644 .github/CONTRIBUTING.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/.mvnw.yml.swp create mode 100644 .github/workflows/mvnw.yml diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..8d96f1a --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,23 @@ +## How to contribute to Dockstore + +#### **Did you find a bug?** + +* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/dockstore/dockstore/issues). + +* If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/dockstore/dockstore/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring. + +#### **Did you write a patch that fixes a bug?** + +* Open a new GitHub pull request with the patch. + +* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable. + +* Before submitting, please read ensure that your code passes the style guide and tests. See the GitHub status checks on your PR for more details. Note that until we resolve [this](https://github.com/dockstore/dockstore/issues/3541) issue, a large number of integration tests will fail. + +#### **Do you intend to add a new feature or change an existing one?** + +* Suggest your change as a [github issue](https://github.com/dockstore/dockstore/issues) either by creating a new issue or commenting on an existing one and start writing code. The relevant repositories are nested under our [organization](https://github.com/dockstore) including the webservice (dockstore), the user interface (dockstore-ui2), the command-line interface (dockstore-cli), and many more. + +#### **Do you want to contribute to the Dockstore documentation?** + +* Most of our documentation is generated from [dockstore-documentation](https://github.com/dockstore/dockstore-documentation). diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..12e4d90 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,40 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'bug' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** + - UI version: [e.g. 2.5.0] + - Webservice version: [e.g. 1.8.0] + - host location: [e.g. staging.dockstore.org] diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..ff78c3c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: Dockstore Community Forum + url: https://discuss.dockstore.org/c/dockstore-arch/7 + about: Please ask and answer questions here. + - name: Dockstore Security and Internal Issues + url: https://ucsc-cgl.atlassian.net/browse/DOCK + about: Please report security vulnerabilities here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..36014cd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: 'enhancement' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..333f463 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,33 @@ +**Description** +A description of the PR, should include a decent explanation as to why this change was needed and a decent explanation as to what this change does + +**Review Instructions** +Describe if this ticket needs review and if so, how one may go about it in qa and/or staging environments. +For example, a ticket based on Security Hub, Snyk, or Dependabot may not need review since those services +will generate new warnings if the issue has not been resolved properly. On the other hand, an infrastructure +ticket that results in visible changes to the end-user will definitely require review. +Many tickets will likely be between these two extremes, so some judgement may be required. + +**Issue** +A link to a github issue or SEAB- ticket (using that as a prefix) + +**Security and Privacy** + +If there are any concerns that require extra attention from the security team, highlight them here. + +e.g. Does this change... +* Any user data we collect, or data location? +* Access control, authentication or authorization? +* Encryption features? + +Please make sure that you've checked the following before submitting your pull request. Thanks! + +- [ ] Check that you pass the basic style checks and unit tests by running `mvn clean install` +- [ ] Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket. +- [ ] Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection +- [ ] If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities +- [ ] Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes +- [ ] Do not serve user-uploaded binary images through the Dockstore API +- [ ] Ensure that endpoints that only allow privileged access enforce that with the `@RolesAllowed` annotation +- [ ] Do not create cookies, although this may change in the future +- [ ] If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead. diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1ab74c5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,39 @@ +version: 2 +updates: + + # Maintain dependencies for GitHub Actions, path is indeed "/" https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + reviewers: + - "dockstore/dockstore" + + # Maintain dependencies for Maven + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "daily" + # start with security updates only https://stackoverflow.com/a/68254421 + open-pull-requests-limit: 0 + reviewers: + - "dockstore/dockstore" + + # Maintain dependencies for Dockerfile + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" + # start with security updates only https://stackoverflow.com/a/68254421 + open-pull-requests-limit: 0 + reviewers: + - "dockstore/dockstore" + + # Maintain dependencies for swagger-ui and cwltool + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + # start with security updates only https://stackoverflow.com/a/68254421 + reviewers: + - "dockstore/dockstore" diff --git a/.github/workflows/.mvnw.yml.swp b/.github/workflows/.mvnw.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..a9db9f509ddcc185bc8a2e8b25bdf1a93872355a GIT binary patch literal 12288 zcmeI2F>ll`6vy389Vj4>7?>UuRH)>**9xi1Q~?4N2{E9u076dUHsKOGitSvlrDbJd zXN8f48IbrG3@l8*44;6PT&`-1s;Xnrv-DST_TSIXzkAE+UNrw`>Y5jg1t zTsgsB;w2`#i(KrU69=B%M|uzeB0vO)01+SpM1Tko0U|&IhyW2F0w<7wOc;B6im|KH zm^}XfKmPsy=L}=NQ9n^XP~TBsQJ+ztP#;jQQ9Gz9)VI@&eMG%M)hL6yfx3X2LjA({ z?@+H$3UwFNo_PY9QOZPs2oM1xKm>>Y5g-CYfC&7z1YmbmUWX90P0A4GN@~cobu!P{ z$ihL(LWOYCXL$kxY;K08p}AXaJy*820K;fi1;)bmHZNqYG~Z*XRNEZQ`)X)Ic(G>% zXF@n6Kr@|6o8HNCWv|W7&56UJI$KUHzx zc(+_HbPi~T^@)K(_SG0S&h9hB31BBVw<@lbv%D892J`z2PFBD-H`e~O1-KNfZ|-vs z)|CU!wc)j@B4ZWs2Z!#2)Vb1zLX3LZgV+>84s0$X+f0p<60(ZZtX85;?%=6yVU54) zaTRs7)tn67)!H;IQnw*%-*Kbm2CLFXUOUfo>9BloDQZeEWY101SR2RV(%bYYW1|wi KCu<3}R@h&7ZwRme literal 0 HcmV?d00001 diff --git a/.github/workflows/mvnw.yml b/.github/workflows/mvnw.yml new file mode 100644 index 0000000..f265781 --- /dev/null +++ b/.github/workflows/mvnw.yml @@ -0,0 +1,37 @@ +name: Regular dockstore-style build + +on: [push] + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + java: [ '17.0.4+8' ] + + steps: + - uses: actions/checkout@v4 + - name: Set up JDK + uses: actions/setup-java@v3 + with: + java-version: ${{ matrix.java }} + distribution: 'adopt' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: java + + # Step that does that actual cache save and restore + - uses: actions/cache@v3 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Build with mvnw + run: ./mvnw clean install + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/pom.xml b/pom.xml index f4fb954..273517c 100644 --- a/pom.xml +++ b/pom.xml @@ -15,7 +15,7 @@ Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 @@ -28,7 +28,7 @@ UTF-8 UTF-8 - 1.14.0-alpha.9 + 1.14.3 1.5.9 3.6.2 2.13.5 @@ -55,11 +55,20 @@ HEAD + + + artifacts.oicr.on.ca + artifacts.oicr.on.ca + https://artifacts.oicr.on.ca/artifactory/collab-release + + + + artifacts.oicr.on.ca artifacts.oicr.on.ca-releases - http://artifacts.oicr.on.ca/artifactory/collab-release + https://artifacts.oicr.on.ca/artifactory/collab-release false