Merge remote-tracking branch 'upstream/main' into duplicated-title-check

GeoCat · Nov 4, 2024 · 1dba46e · 1dba46e
2 parents 59e9362 + c93b5b1
commit 1dba46e
Show file tree

Hide file tree

Showing 2,604 changed files with 206,233 additions and 50,315 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: [osgeo]
+cusotm: ['https://github.com/geonetwork/core-geonetwork/wiki#financial-support','https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LDTWEL3XKUVU8&source=url','https://www.osgeo.org/about/how-to-become-a-sponsor/']
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,27 @@
+
+<!--Include a few sentences describing the overall goals for this Pull Request-->
+
+<!-- Please help our volunteers reviewing this PR by completing the following items. 
+Ask in a comment if you have troubles with any of them. -->
+
+# Checklist
+
+- [ ] I have read the [contribution guidelines](https://github.com/geonetwork/core-geonetwork/blob/main/CONTRIBUTING.md)
+- [ ] *Pull request* provided for `main` branch, backports managed with label
+- [ ] *Good housekeeping* of code, cleaning up comments, tests, and documentation
+- [ ] *Clean commit history* broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
+- [ ] *Clean commit message*s, longer verbose messages are encouraged
+- [ ] *API Changes* are identified in commit messages
+- [ ] *Testing* provided for features or enhancements using [automatic tests](https://github.com/geonetwork/core-geonetwork/blob/main/software_development/TESTING.md)
+- [ ] *User documentation* provided for new features or enhancements in [manual](https://github.com/geonetwork/core-geonetwork/tree/main/docs/manual)
+- [ ] *Build documentation* provided for development instructions in `README.md` files
+- [ ] *Library management* using `pom.xml` dependency management. Update build documentation with intended library use and library tutorials or documentation
+
+<!--Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or not applicable.-->
+
+<!-- If you can, it's better to give credits to organisation supporting this work:
+- `Funded by NAME`
+- `Funded by URL`
+- `Funded by NAME URL`
+-->
+
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -0,0 +1,25 @@
+name: ♻ Backport
+on:
+  pull_request_target:
+    types:
+      - closed
+      - labeled
+
+permissions:
+  contents: read
+
+jobs:
+  backport:
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+    runs-on: ubuntu-20.04
+    name: Backport
+    steps:
+      - name: Backport Bot
+        id: backport
+        if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( join( github.event.pull_request.labels.*.name ), 'backport') ) || contains( github.event.label.name, 'backport' ) )
+        uses: m-kuhn/[email protected]
+        with:
+          github_token: ${{ secrets.GH_TOKEN_BOT }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -38,12 +38,14 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
-
+      uses: actions/checkout@v4
+      with:
+        show-progress: 'false'
+
     - name: Setup Java JDK
-      uses: actions/setup-java@v3.10.0
+      uses: actions/setup-java@v4.2.1
       with:
-        java-version: 8
+        java-version: 11
         # Java distribution. See the list of supported distributions in README file
         distribution: temurin
         # The package type (jdk, jre, jdk+fx, jre+fx)
@@ -53,7 +55,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +66,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -78,11 +80,8 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
 
     - name: Remove SNAPSHOT jars from repository
       run: |
         find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}
-    - name: Remove Schema 3.8 jars from repository
-      run: |
-        find ~/.m2/repository -name "*3.8*" -type d | xargs rm -rf {}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -0,0 +1,41 @@
+name: Documentation
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/manual/**"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "docs/manual/**"
+  workflow_dispatch:
+
+jobs:
+  deploy-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout GeoNetwork
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.x
+      - name: mkdocs install
+        run: pip install --upgrade pip && pip install -r docs/manual/requirements.txt
+      - name: git configuration
+        run: git config user.name 'github-actions[bot]' && git config user.email 'github-actions[bot]@users.noreply.github.com'
+      - name: build docs without publishing them
+        if: ${{ github.event_name == 'pull_request' }}
+        working-directory: docs/manual
+        run: |
+          mike deploy --title "4.4" --alias-type=copy --update-aliases 4.4 latest
+      - name: deploy latest docs to gh-pages branch
+        if: ${{ github.event_name != 'pull_request' }}
+        working-directory: docs/manual
+        run: |
+          mike deploy --push --title "4.4" --alias-type=copy --update-aliases 4.4 latest
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -3,7 +3,7 @@ name: Linux GitHub CI
 on: [pull_request,push,workflow_dispatch]
 
 env:
-  MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 -Dmaven.wagon.http.retryHandler.count=3 -Xmx512m -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS
+  MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 -Dmaven.wagon.http.retryHandler.count=3 -Xmx512m -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
   TAKARI_SMART_BUILDER_VERSION: 0.6.1
 
 jobs:
@@ -13,57 +13,61 @@ jobs:
       matrix:
         include:
           - os: ubuntu-22.04
-            jdk: 8
+            jdk: 11
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         # 500 commits, set to 0 to get all
         fetch-depth: 500
         submodules: 'recursive'
+        show-progress: 'false'
     - name: Set up JDK
-      uses: actions/setup-java@v3.10.0
+      uses: actions/setup-java@v4.2.1
       with:
         distribution: 'temurin'
         java-version: ${{ matrix.jdk }}
         cache: 'maven'
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.x
+    - name: mkdocs install
+      working-directory: docs/manual
+      run: pip install --upgrade pip && pip install -r requirements.txt
     - name: Set up Maven
-      uses: stCarolas/setup-maven@v4
+      uses: stCarolas/setup-maven@v5
       with:
-        maven-version: 3.6.3
+        maven-version: 3.8.3
     - name: Build with Maven
-      run: mvn -B -V install -DskipTests=true -Dmaven.javadoc.skip=true
+      run: |
+        mvn -B -ntp -V install -DskipTests=true -Dmaven.javadoc.skip=true -Drelease -Pwith-doc
     - name: Remove SNAPSHOT jars from repository
       run: |
         find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}
-    - name: Remove Schema 3.8 jars from repository
-      run: |
-        find ~/.m2/repository -name "*3.8*" -type d | xargs rm -rf {}
 
   QA:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         # 500 commits, set to 0 to get all
         fetch-depth: 500
         submodules: 'recursive'
+        show-progress: 'false'
     - name: Set up JDK
-      uses: actions/setup-java@v3.10.0
+      uses: actions/setup-java@v4.2.1
       with:
         distribution: 'temurin'
-        java-version: 8
+        java-version: 11
         cache: 'maven'
     - name: Set up Maven
-      uses: stCarolas/setup-maven@v4
+      uses: stCarolas/setup-maven@v5
       with:
-        maven-version: 3.6.3
+        maven-version: 3.8.3
     - name: Test with maven
       run: |
-        mvn resources:resources@copy-index-schema-to-source -f web
-        mvn -B -V -fae verify -Pit
+        mvn -B resources:resources@copy-index-schema-to-source -f web
+        mvn -B -ntp -V -fae verify -Drelesae -Pit
     - name: Remove SNAPSHOT jars from repository
       run: |
         find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}
-    - name: Remove Schema 3.8 jars from repository
-      run: |
-        find ~/.m2/repository -name "*3.8*" -type d | xargs rm -rf {}
diff --git a/.github/workflows/mvn-dep-tree.yml b/.github/workflows/mvn-dep-tree.yml
@@ -12,20 +12,22 @@ on:
 jobs:
   update-maven-dep-tree:
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
-
+        uses: actions/checkout@v4
+        with:
+          show-progress: 'false'
+
       - name: Setup Java JDK
-        uses: actions/setup-java@v3.10.0
+        uses: actions/setup-java@v4.2.1
         with:
-          java-version: 8
+          java-version: 11
           # Java distribution. See the list of supported distributions in README file
           distribution: temurin
           # The package type (jdk, jre, jdk+fx, jre+fx)
           java-package: jdk
           cache: maven
-    
+
       - name: Submit Dependency Snapshot
-        uses: advanced-security/maven-dependency-submission-action@v3
+        uses: advanced-security/maven-dependency-submission-action@v4
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '26 10 * * 5'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -3,8 +3,6 @@ on:
   push:
     branches:
       - main
-      - 4.0.x
-      - 3.12.x
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
@@ -15,33 +13,32 @@ jobs:
     # https://github.community/t/how-to-detect-a-pull-request-from-a-fork/18363/4
     if: github.event.pull_request.head.repo.fork != true
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
           submodules: 'recursive'
-      # For building GeoNetwork, JDK8 is necessary, but for running
-      # the SonarQube plugin, JDK11 is necessary.
-      # So, first install JDK 8, build GeoNetwork, then install JDK11
-      # and run SonarQube:
-      - name: Set up JDK 8
-        uses: actions/[email protected]
+          show-progress: 'false'
+      - name: Set up JDK 11
+        uses: actions/[email protected]
         with:
-          java-version: 8
           distribution: 'temurin'
+          java-version: '11'
           cache: 'maven'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Build GN
         run: mvn -B package -DskipTests
-      - name: Set up JDK 11
-        uses: actions/[email protected]
+
+      - name: Set up JDK 21 # Sonarcloud analyzer needs at least JDK 17
+        uses: actions/[email protected]
         with:
           distribution: 'temurin'
-          java-version: '11'
+          java-version: '21'
+          cache: 'maven'
       - name: Analyze with Sonar
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any