https://github.com/alfio-event/alf.io/issues/1125

.github/workflows/build-on-push.yml

@@ -7,59 +7,37 @@ jobs:
         runs-on: ubuntu-latest
         strategy:
             matrix:
-                postgresql: ['9.6','14']
-        services:
-            postgres:
-                image: postgres:${{ matrix.postgresql }}
-                env:
-                    POSTGRES_USER: postgres
-                    POSTGRES_PASSWORD: postgres
-                    POSTGRES_DB: postgres
-                ports:
-                    - 5432:5432
-                # needed because the postgres container does not provide a healthcheck
-                options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+                postgresql: ['10','15']
         steps:
-            - uses: actions/checkout@v1
-            - uses: actions/cache@v1
+            - uses: actions/checkout@v3
+            - uses: actions/cache@v3
               with:
                   path: ~/.gradle/caches
                   key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
                   restore-keys: |
                       ${{ runner.os }}-gradle-
-            - uses: actions/cache@v1
+            - uses: actions/cache@v3
               with:
                   path: ~/.gradle/wrapper
                   key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}
                   restore-keys: |
                       ${{ runner.os }}-gradlew-
-            - name: Set up JDK 11
-              uses: actions/setup-java@v1
+            - name: Set up JDK 17
+              uses: actions/setup-java@v3
               with:
-                  java-version: 11
-            - name: Set up DB
-              run: |
-                  sudo apt-get install --yes postgresql-client
-                  psql -h 127.0.0.1 -U postgres postgres -c 'create database alfio;' -f src/test/resources/init-db-user.sql
-              env:
-                  PGPASSWORD: postgres
+                  java-version: 17
+                  distribution: temurin
             - name: Build with Gradle
-              run: ./gradlew build distribution jacocoTestReport -Dspring.profiles.active=travis -Ddbenv=PGSQL-TRAVIS -Dpgsql${{ matrix.postgresql }}
+              run: ./gradlew dist jacocoTestReport -Dpgsql.version=${{ matrix.postgresql }}
             - name: upload to sonarcloud
               if: ${{ github.repository == 'alfio-event/alf.io' && matrix.postgresql == '14'}}
               run: ./gradlew sonarqube
               env:
                   SONARCLOUD_TOKEN: ${{ secrets.SONAR_TOKEN }}
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-#            - name: upload-to-coveralls
-#              if: matrix.postgresql == '13' # run only once
-#              run: ./gradlew coveralls
-#              env:
-#                  COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
             -   name: 'Upload Build'
-                if: ${{ github.repository == 'alfio-event/alf.io' && matrix.postgresql == '9.6'}}
-                uses: actions/upload-artifact@v2
+                if: ${{ github.repository == 'alfio-event/alf.io' && matrix.postgresql == '10'}}
+                uses: actions/upload-artifact@v3
                 with:
                     name: dist
                     path: build
@@ -71,23 +49,26 @@ jobs:
         name: Push dev image
         steps:
             - name: Download artifacts
-              uses: actions/download-artifact@v2
+              uses: actions/download-artifact@v3
               with:
                   name: dist
+            -   name: Set up QEMU
+                uses: docker/setup-qemu-action@v2
             -   name: Configure Docker
-                uses: docker/setup-buildx-action@v1
+                uses: docker/setup-buildx-action@v2
             -   name: Login to Container Registry
-                uses: docker/login-action@v1
+                uses: docker/login-action@v2
                 with:
                     registry: ghcr.io
                     username: ${{ secrets.CR_USER }}
                     password: ${{ secrets.CR_PAT }}
             -   name: Inject slug/short variables
-                uses: rlespinasse/github-slug-action@v3.x
+                uses: rlespinasse/github-slug-action@v4.4.1
             -   name: Push Docker image
-                uses: docker/build-push-action@v2
+                uses: docker/build-push-action@v4
                 with:
                     context: ./dockerize
                     tags: |
                         ghcr.io/alfio-event/alf.io/dev-${{ env.GITHUB_REF_SLUG }}:latest
+                    platforms: linux/amd64,linux/arm64
                     push: true

.github/workflows/codeql-analysis.yml

@@ -13,28 +13,24 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
-    - name: Set up JDK 11
-      uses: actions/setup-java@v1
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
       with:
-          java-version: 11
+          java-version: 17
+          distribution: temurin
 
     - name: Build with Gradle
       run: ./gradlew build -x test
@@ -51,4 +47,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/e2e-test.yml

@@ -9,26 +9,27 @@ jobs:
         if: github.repository == 'alfio-event/alf.io'
         strategy:
             matrix:
-                browser: ['chrome', 'firefox', 'safari', 'ie11']
+                browser: ['chrome', 'firefox', 'safari']
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v1
-            - uses: actions/cache@v1
+            - uses: actions/checkout@v3
+            - uses: actions/cache@v3
               with:
                   path: ~/.gradle/caches
                   key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
                   restore-keys: |
                       ${{ runner.os }}-gradle-
-            - uses: actions/cache@v1
+            - uses: actions/cache@v3
               with:
                   path: ~/.gradle/wrapper
                   key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }}
                   restore-keys: |
                       ${{ runner.os }}-gradlew-
-            - name: Set up JDK 11
-              uses: actions/setup-java@v1
+            - name: Set up JDK 17
+              uses: actions/setup-java@v3
               with:
-                  java-version: 11
+                  java-version: 17
+                  distribution: temurin
             - name: 'BrowserStack Env Setup'
               uses: 'browserstack/github-actions/setup-env@master'
               with:

.gitignore

@@ -22,5 +22,6 @@ out/
 alfio-itest
 .gradletasknamecache
 public/
+!frontend/projects/public
 node_modules/
 lsp

.sdkmanrc

@@ -0,0 +1,3 @@
+# Enable auto-env through the sdkman_auto_env config
+# Add key=value pairs of SDKs to use below
+java=17.0.3-zulu

README.md

@@ -17,13 +17,13 @@ The open source ticket reservation system.
 ## Warning
 
 As the work for Alf.io [v2](https://github.com/alfio-event/alf.io/milestones) has started, this branch may contain **unstable** and **untested** code.
-If you want to build and deploy alf.io by yourself, we strongly suggest you to use the [2.0-M3-maintenance](https://github.com/alfio-event/alf.io/tree/2.0-M3-maintenance) branch, as it contains production-ready code.
+If you want to build and deploy alf.io by yourself, we strongly suggest you to use the [2.0-M4-maintenance](https://github.com/alfio-event/alf.io/tree/2.0-M4-maintenance) branch, as it contains production-ready code.
 
 ## Prerequisites
 
-You should have installed Java version **11** (e.g. [Oracle's](http://www.oracle.com/technetwork/java/javase/downloads/index.html), [OpenJDK](http://openjdk.java.net/install/), or any other distribution) to build and run alf.io. Please note that for the build process the JDK is required.
+You should have installed Java version **17** (e.g. [Oracle's](http://www.oracle.com/technetwork/java/javase/downloads/index.html), [OpenJDK](http://openjdk.java.net/install/), or any other distribution) to build and run alf.io. Please note that for the build process the JDK is required.
 
-Postgresql version 9.6 or later.
+Postgresql version 10 or later.
 
 Additionally, the database user that creates and uses the tables should not be a "SUPERUSER", or else the row security policy checks will not be applied.
 
@@ -46,7 +46,7 @@ You must specify a project property at the command line, such as
 ```
 The local "bootRun" task has the following prerequisites:
 
-- a PostgreSQL (version 9.6 or later) instance up and running on localhost:5432
+- a PostgreSQL (version 10 or later) instance up and running on localhost:5432
 - a _postgres_ user having a password: _password_
 - a database named _alfio_
 
@@ -153,10 +153,10 @@ However, if you decide to do so, then you need to make a couple of changes:
  docker build -t alfio/alf.io ./build/dockerize
  ```
 
-### About the included AppleWWDRCA.cer
+### About the included AppleWWDRCAG4.cer
 
-The certificate at src/main/resources/alfio/certificates/AppleWWDRCA.cer has been imported for https://github.com/ryantenney/passkit4j#usage functionality.
-It will expire the 02/07/23 (as https://www.apple.com/certificateauthority/).
+The certificate at src/main/resources/alfio/certificates/AppleWWDRCAG4.cer has been imported for https://github.com/ryantenney/passkit4j#usage functionality.
+It will expire the 2030-10-12 (YYYY-MM-DD - as of https://www.apple.com/certificateauthority/).
 
 ## Available spring profiles:
 
@@ -174,7 +174,7 @@ This project exists thanks to all the people who contribute.
 
 ### Translation Contributors (POEditor)
 
-A big "Thank you" goes also to our translators, who help us on [POEditor](https://poeditor.com/join/project/ttBYTmPYdr):
+A big "Thank you" goes also to our translators, who help us on [POEditor](https://github.com/alfio-event/alf.io/tree/master/src/main/resources/alfio/i18n):
 
 (we show the complete name/profile only if we have received explicit consent to do so)
 

SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+We support the latest major release, which is at the moment **2.0-M4**.
+In case of direct or transitive vulnerability in that code, we'll release a new version as soon as possible. 
+Please follow us on [Twitter](https://twitter.com/alfio_event) for release announcements, and keep your alf.io updated!
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.0-M4  | :white_check_mark: |
+| 2.0-M3  | :x:                |
+| 2.0-M2  | :x:                |
+| 2.0-M1  | :x:                |
+
+## Note about the master branch
+
+We consider the "master" branch to be always a "Work in Progress", and as such it might contain vulnerabilities.
+Before each release we'll run an additional scan on [SonarCloud](https://sonarcloud.io/summary/overall?id=alfio-event_alf.io) and fix all the security-releated findings.
+That branch should not be deployed in production. If you do that, you're on your own.
+
+
+## Reporting a Vulnerability
+
+Please reach out via email to `security @ alf.io` (remove spaces), we'll reply as soon as possible. Thank you for sharing responsibly!