Merge branch 'release/5.1'

SURFnet · Jul 5, 2023 · f400334 · f400334
2 parents a408b59 + bcbe488
commit f400334
Show file tree

Hide file tree

Showing 49 changed files with 2,439 additions and 2,404 deletions.
diff --git a/.env.dist b/.env.dist
@@ -27,7 +27,7 @@ APP_SECRET=e1023e5989bec76e282bd0ee405200e0
 #
 # DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
 # DATABASE_URL="mysql://app:[email protected]:3306/db_name?serverVersion=8"
-DATABASE_URL="mysql://spdrw:[email protected]/spdashboard?serverVersion=14&charset=utf8"
+DATABASE_URL="mysql://spdrw:[email protected]/spdashboard?serverVersion=mariadb-10.4.11&charset=utf8"
 ###< doctrine/doctrine-bundle ###
 
 MAILER_DSN=null://null
@@ -91,8 +91,13 @@ [email protected]
 [email protected]
 [email protected]
 
-# When 'jira_enable_test_mode' is enabled (in services.yaml), 'jira_test_mode_storage_path'
-# must be configured with a filename in a directory that is writable for the user run ning the application.
+# When 'jira_enable_test_mode' is enabled, 'jira_test_mode_storage_path' must be configured with a filename in a
+# directory that is writable for the user run ning the application.
+# See the:
+# - Compiler pass (IssueRepositoryCompilerPass),
+# - environment specific services.yml file
+# - docs/jira.md readme
+# for details on how to enable the test stand in.
 jira_test_mode_storage_path='../var/issues.json'
 
 # Jira settings

diff --git a/.github/workflows/daily-security-check.yml b/.github/workflows/daily-security-check.yml
@@ -0,0 +1,84 @@
+---
+name: Daily security check
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      # PHP checks
+      - name: Check for php composer project
+        id: check_composer
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "composer.lock"
+      - name: Run php local security checker
+        if: steps.check_composer.outputs.files_exists == 'true'
+        uses: symfonycorp/security-checker-action@v4
+        continue-on-error: true
+
+      # node-yarn checks
+      - name: Check for node-yarn project
+        id: check_node_yarn
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "yarn.lock"
+      - name: Setup node
+        if: steps.check_node_yarn.outputs.files_exists == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: Yarn Audit
+        if: steps.check_node_yarn.outputs.files_exists == 'true'
+        run: yarn audit --level high --groups dependencies optionalDependencies
+        continue-on-error: true
+
+      # node-npm checks
+      - name: Check for node-npm project
+        id: check_node_npm
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "package.lock"
+      - name: Setup node
+        if: steps.check_node_npm.outputs.files_exists == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: npm audit
+        if: steps.check_node_npm.outputs.files_exists == 'true'
+        run: npm audit --audit-level=high
+        continue-on-error: true
+
+      # python checks
+      - name: Check for python project
+        id: check_python
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "requirements.txt"
+      - name: Safety checks Python dependencies
+        if: steps.check_python.outputs.files_exists == 'true'
+        uses: pyupio/[email protected]
+        continue-on-error: true
+
+      # java checks
+      - name: Check for java maven project
+        id: check_maven
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "pom.xml"
+      - name: Setup java if needed
+        if: steps.check_maven.outputs.files_exists == 'true'
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Check java
+        if: steps.check_maven.outputs.files_exists == 'true'
+        run: mvn org.owasp:dependency-check-maven:check
+        continue-on-error: true
diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml
@@ -70,10 +70,6 @@ jobs:
         run: |
           ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer check'
 
-      - name: Run audits
-        run: |
-          ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer security'
-
       - name: Run JS tests
         run: |
           ${DOCKER_COMPOSE_PHP_FPM} sh -c 'composer jest'

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 5.0.1
+- Repair jira_enable_test_mode feature flag #592
+
 ## 5.0.0
 Main change made in this new major release is the upgrade to Symfony 5. These 
 pull requests make up the rest of the changes:

diff --git a/assets/Resources/metadata/privacy_questions.json b/assets/Resources/metadata/privacy_questions.json
@@ -32,83 +32,28 @@
     ]
   },
   {
-    "id": "certification",
-    "friendlyName": "Certification",
-    "getterName": "isCertified",
-    "urns": [
-      "coin:privacy:certification"
-    ]
-  },
-  {
-    "id": "certificationLocation",
-    "friendlyName": "certificationLocation",
-    "getterName": "getCertificationLocation",
-    "urns": [
-      "coin:privacy:certification_location"
-    ]
-  },
-  {
-    "id": "certificationValidFrom",
-    "friendlyName": "CertificationValidFrom",
-    "getterName": "getCertificationValidFrom",
-    "urns": [
-      "coin:privacy:certification_valid_from"
-    ]
-  },
-  {
-    "id": "certificationValidTo",
-    "friendlyName": "CertificationValidTo",
-    "getterName": "getCertificationValidTo",
-    "urns": [
-      "coin:privacy:certification_valid_to"
-    ]
-  },
-  {
-    "id": "surfmarketDpaAgreement",
-    "friendlyName": "SurfmarketDpaAgreement",
-    "getterName": "isSurfmarketDpaAgreement",
-    "urns": [
-      "coin:privacy:surfmarket_dpa_agreement"
-    ]
-  },
-  {
-    "id": "surfnetDpaAgreement",
-    "friendlyName": "SurfnetDpaAgreement",
-    "getterName": "isSurfnetDpaAgreement",
-    "urns": [
-      "coin:privacy:surfnet_dpa_agreement"
-    ]
-  },
-  {
-    "id": "snDpaWhyNot",
-    "friendlyName": "SnDpaWhyNot",
-    "getterName": "getSnDpaWhyNot",
-    "urns": [
-      "coin:privacy:sn_dpa_why_not"
-    ]
-  },
-  {
-    "id": "privacyPolicy",
-    "friendlyName": "PrivacyPolicy",
-    "getterName": "getPrivacyPolicy",
+    "id": "otherInfo",
+    "friendlyName": "OtherInfo",
+    "getterName": "getOtherInfo",
     "urns": [
-      "coin:privacy:privacy_policy"
+      "coin:privacy:other_info"
     ]
   },
   {
-    "id": "privacyPolicyUrl",
-    "friendlyName": "PrivacyPolicyUrl",
-    "getterName": "getPrivacyPolicyUrl",
+    "id": "dpaType",
+    "friendlyName": "DPAType",
+    "getterName": "getDpaType",
     "urns": [
-      "coin:privacy:privacy_policy_url"
+      "coin:privacy:dpa_type"
     ]
   },
   {
-    "id": "otherInfo",
-    "friendlyName": "OtherInfo",
-    "getterName": "getOtherInfo",
+    "id": "privacyStatementUrl",
+    "friendlyName": "PrivacyStatementUrl",
+    "getterName": "getPrivacyStatementUrl",
     "urns": [
-      "coin:privacy:other_info"
+      "mdui:PrivacyStatementURL:nl",
+      "mdui:PrivacyStatementURL:en"
     ]
   }
-]
+]
diff --git a/ci/qa/security b/ci/qa/security
diff --git a/composer.json b/composer.json
@@ -132,7 +132,6 @@
     "phpcov": "./ci/qa/phpcov",
     "test": "./ci/qa/phpunit",
     "cypress": "./ci/qa/cypress",
-    "security": "./ci/qa/security",
     "translations": "bin/translations"
   },
   "config": {