Merge remote-tracking branch 'origin/main' into dcat

SPW-DIG · Mar 18, 2024 · 842eea7 · 842eea7
2 parents 3db7cd5 + fc1beb8
commit 842eea7
Show file tree

Hide file tree

Showing 632 changed files with 20,019 additions and 9,352 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -6,15 +6,22 @@ Ask in a comment if you have troubles with any of them. -->
 
 # Checklist
 
-- [ ] I have read the [contribution guidelines](https://github.com/geonetwork/core-geonetwork/blob/main/CONTRIBUTING.md
+- [ ] I have read the [contribution guidelines](https://github.com/geonetwork/core-geonetwork/blob/main/CONTRIBUTING.md)
 - [ ] *Pull request* provided for `main` branch, backports managed with label
 - [ ] *Good housekeeping* of code, cleaning up comments, tests, and documentation
 - [ ] *Clean commit history* broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
 - [ ] *Clean commit message*s, longer verbose messages are encouraged
 - [ ] *API Changes* are identified in commit messages
-- [ ] *Testing* provided for features or enhancements using [automatic tests](https://github.com/geonetwork/core-geonetwork/blob/main/software_development/TESTING.md))
-- [ ] *User documentation* provided for new features or enhancements in [mannual](https://github.com/geonetwork/core-geonetwork/tree/main/docs/manual)
+- [ ] *Testing* provided for features or enhancements using [automatic tests](https://github.com/geonetwork/core-geonetwork/blob/main/software_development/TESTING.md)
+- [ ] *User documentation* provided for new features or enhancements in [manual](https://github.com/geonetwork/core-geonetwork/tree/main/docs/manual)
 - [ ] *Build documentation* provided for development instructions in `README.md` files
 - [ ] *Library management* using `pom.xml` dependency management. Update build documentation with intended library use and library tutorials or documentation
 
 <!--Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or not applicable.-->
+
+<!-- If you can, it's better to give credits to organisation supporting this work:
+- `Funded by NAME`
+- `Funded by URL`
+- `Funded by NAME URL`
+-->
+
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -0,0 +1,25 @@
+name: ♻ Backport
+on:
+  pull_request_target:
+    types:
+      - closed
+      - labeled
+
+permissions:
+  contents: read
+
+jobs:
+  backport:
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+    runs-on: ubuntu-20.04
+    name: Backport
+    steps:
+      - name: Backport Bot
+        id: backport
+        if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( join( github.event.pull_request.labels.*.name ), 'backport') ) || contains( github.event.label.name, 'backport' ) )
+        uses: m-kuhn/[email protected]
+        with:
+          github_token: ${{ secrets.GH_TOKEN_BOT }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -43,7 +43,7 @@ jobs:
         show-progress: 'false'
 
     - name: Setup Java JDK
-      uses: actions/setup-java@v3.12.0
+      uses: actions/setup-java@v4.1.0
       with:
         java-version: 11
         # Java distribution. See the list of supported distributions in README file
@@ -55,7 +55,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -66,7 +66,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -80,11 +80,8 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
 
     - name: Remove SNAPSHOT jars from repository
       run: |
         find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}
-    - name: Remove Schema 3.8 jars from repository
-      run: |
-        find ~/.m2/repository -name "*3.8*" -type d | xargs rm -rf {}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.x
       - name: mkdocs install

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -22,31 +22,28 @@ jobs:
         submodules: 'recursive'
         show-progress: 'false'
     - name: Set up JDK
-      uses: actions/setup-java@v3.12.0
+      uses: actions/setup-java@v4.1.0
       with:
         distribution: 'temurin'
         java-version: ${{ matrix.jdk }}
         cache: 'maven'
     - name: Setup Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.x
     - name: mkdocs install
       working-directory: docs/manual
       run: pip install --upgrade pip && pip install -r requirements.txt
     - name: Set up Maven
-      uses: stCarolas/setup-maven@v4
+      uses: stCarolas/setup-maven@v5
       with:
-        maven-version: 3.6.3
+        maven-version: 3.8.3
     - name: Build with Maven
       run: |
-        mvn -B -ntp -V install -DskipTests=true -Dmaven.javadoc.skip=true -Pwith-doc
+        mvn -B -ntp -V install -DskipTests=true -Dmaven.javadoc.skip=true -Drelease -Pwith-doc
     - name: Remove SNAPSHOT jars from repository
       run: |
         find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}
-    - name: Remove Schema 3.8 jars from repository
-      run: |
-        find ~/.m2/repository -name "*3.8*" -type d | xargs rm -rf {}
 
   QA:
     runs-on: ubuntu-22.04
@@ -58,22 +55,19 @@ jobs:
         submodules: 'recursive'
         show-progress: 'false'
     - name: Set up JDK
-      uses: actions/setup-java@v3.12.0
+      uses: actions/setup-java@v4.1.0
       with:
         distribution: 'temurin'
         java-version: 11
         cache: 'maven'
     - name: Set up Maven
-      uses: stCarolas/setup-maven@v4
+      uses: stCarolas/setup-maven@v5
       with:
-        maven-version: 3.6.3
+        maven-version: 3.8.3
     - name: Test with maven
       run: |
         mvn -B resources:resources@copy-index-schema-to-source -f web
-        mvn -B -ntp -V -fae verify -Pit
+        mvn -B -ntp -V -fae verify -Drelesae -Pit
     - name: Remove SNAPSHOT jars from repository
       run: |
         find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}
-    - name: Remove Schema 3.8 jars from repository
-      run: |
-        find ~/.m2/repository -name "*3.8*" -type d | xargs rm -rf {}
diff --git a/.github/workflows/mvn-dep-tree.yml b/.github/workflows/mvn-dep-tree.yml
@@ -20,7 +20,7 @@ jobs:
           show-progress: 'false'
 
       - name: Setup Java JDK
-        uses: actions/setup-java@v3.12.0
+        uses: actions/setup-java@v4.1.0
         with:
           java-version: 11
           # Java distribution. See the list of supported distributions in README file
@@ -30,4 +30,4 @@ jobs:
           cache: maven
 
       - name: Submit Dependency Snapshot
-        uses: advanced-security/maven-dependency-submission-action@v3
+        uses: advanced-security/maven-dependency-submission-action@v4
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '26 10 * * 5'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -19,20 +19,26 @@ jobs:
           submodules: 'recursive'
           show-progress: 'false'
       - name: Set up JDK 11
-        uses: actions/setup-java@v3.12.0
+        uses: actions/setup-java@v4.1.0
         with:
           distribution: 'temurin'
           java-version: '11'
           cache: 'maven'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Build GN
         run: mvn -B package -DskipTests
 
+      - name: Set up JDK 21 # Sonarcloud analyzer needs at least JDK 17
+        uses: actions/[email protected]
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: 'maven'
       - name: Analyze with Sonar
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any

diff --git a/.gitignore b/.gitignore
@@ -28,6 +28,7 @@ eclipse/
 es/elasticsearch-*
 es/es-dashboards/kibana-*
 es/es-dashboards/data/nodes/
+es/es-dashboards/data/index/
 harvesters/harvester_*.log
 idea/
 jcs_caching/
@@ -36,6 +37,7 @@ out/
 package-lock.json
 rebel.xml
 release/jetty/*
+release-build.sh
 schemas/*/doc/*/*.rst
 schematrons/.build
 target/
@@ -69,6 +71,7 @@ web/src/main/webapp/WEB-INF/data/data/metadata_data
 web/src/main/webapp/WEB-INF/data/data/metadata_subversion
 web/src/main/webapp/WEB-INF/data/data/resources/htmlcache
 web/src/main/webapp/WEB-INF/data/data/resources/images
+web/src/main/webapp/WEB-INF/data/data/resources/schemapublication
 web/src/main/webapp/WEB-INF/data/data/resources/xml
 web/src/main/webapp/WEB-INF/data/data/upload/
 web/src/main/webapp/WEB-INF/data/harvester_*
@@ -80,7 +83,6 @@ web/src/main/webapp/WEB-INF/data/wro4j*.db
 web/src/main/webapp/WEB-INF/data/wro4j-cache*
 web/src/main/webapp/WEB-INF/data_*
 web/src/main/webapp/WEB-INF/metadata_subversion/
-web/src/main/webapp/WEB-INF/server.prop
 web/src/main/webapp/WEB-INF/prebuilt
 web/src/main/webapp/data/
 web/src/main/webapp/doc/en

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,31 +1,31 @@
 # Contributing
 
-Thank you for contributing to GeoNetwork:
+Thank you for contributing to GeoNetwork!
 
 * Free-software: GeoNetwork is free-software, using the [GNU GENERAL PUBLIC LICENSE](LICENSE.md). Contributions provided by you, or your employer, are required to be compatible with this free-software license.
 * Pull-request: GeoNetwork uses a pull-request workflow to review and accept changes. Pull-requests must be submitted against the *main* branch first, and may be back ported as required.
 
 # Pull requests
 
-* Pull request is required, even if you have commit access, so the tests are run and other developer can check your code.
+* Pull request is required, even if you have commit access, so the tests are run and another developer can check your code.
 
 * Pull requests must be applied to `main`, before being backported.
 
-* Before merging a pull request, should be defined the following properties:
+* Before merging a pull request, the following properties should be defined:
 
   - Milestone to include the change.
-  - Add the label `changelog` when  the change is relevant to be added to the release changelog file .
-  - Add the label(s) to the backport to previous branch(es), when the change is a bug fix or if it is a small improvement that may be relevant to the backport.
+  - Add the label `changelog` when the change is relevant to be added to the release changelog file.
+  - Add `backport <branch>` to indicate when the change is a bug fix or when it is a small improvement that is relevant to be backported.
 
-* Good housekeeping: Anytime you commit, try and clean the code around it to latest style guide. If you improve a function without comments: add comments. If you modify functionality that does not have tests: write a test. If you fix functionality without documentation: add documentation.
+* Good housekeeping: Anytime you commit, try and clean the code around it according to the latest style guide. If you improve a function without comments: _add comments!!_ If you modify functionality that does not have tests: _write a test!!_ If you fix functionality without documentation: _add documentation!!_
 
-* History: Clean commit messages and history: avoid big commits with hundreds of files, break commits up into understandable chunks, longer verbose commit messages are encouraged. Avoid reformatting and needless whitespace changes.
+* History: Clean commit messages and history. Avoid big commits with hundreds of files, break commits up into understandable chunks. Longer, verbose commit messages are encouraged. Avoid reformatting and needless whitespace changes.
 
-* Draft: Use pull request *Draft** (or even the text "WIP") to identify work in progress.
+* Draft: Use pull request **Draft** (or even the text "WIP") to identify _Work In Progress_.
 
-* Rebase / Squash and merge: No merge commits with current branch, use Rebase or Squash and merge!
+* Rebase / Squash and merge: Do not merge commits with the current branch, use Rebase or Squash and merge!
 
-* API Change: Please identify any API change or behavior changes in commit messages.
+* API Changes: Please identify any API change or behavior changes in commit messages. Also make sure that a [process for deprecation](PROCESS_FOR_DEPRECATION.md) of a feature is carefully dealt with.
 
 * Review: Review is required by another person, or more than one! Don't be shy asking for help or reviewing.
 

diff --git a/PROCESS_FOR_DEPRECATION.md b/PROCESS_FOR_DEPRECATION.md
@@ -0,0 +1,6 @@
+* Proposal for a Process for Deprecation (draft)
+
+# Feature deprecation process
+
+This page describes considerations and steps to take when removing a product feature. This is the process of depreciation or 'deprecating a feature'.
+
diff --git a/README.md b/README.md
@@ -30,3 +30,6 @@ Developer documentation located in ``README.md`` files in the code-base:
 * General documentation for the project as a whole is in this [README.md](README.md)
 * [Software Development Documentation](/software_development/) provides instructions for setting up a development environment, building GeoNetwork, compiling user documentation, and making a releases.
 * Module specific documentation can be found in each module:
+
+## Open Source Security Foundation (OpenSSF) best practices status
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8626/badge)](https://www.bestpractices.dev/projects/8626)