Skip to content

Merge Master to Main #2934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7,556 commits into
base: main
Choose a base branch
from
Open

Merge Master to Main #2934

wants to merge 7,556 commits into from

Conversation

@TayGov
Copy link
Contributor

@TayGov TayGov commented Aug 22, 2025

Description

This PR includes the following proposed change(s):

  • Merge Master Branch to Main

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring / Documentation
  • Version change

if your change is a breaking change, please add breaking change label to this PR

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Does the change impact or break the Docker build?

  • Yes
  • No

If Yes: Has Docker been updated accordingly?

  • Yes
  • No

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • New and existing unit tests pass locally with my changes

TayGov and others added 30 commits October 17, 2024 08:28
@TayGov
Update src/backend/libs/efiling-bom/pom.xml
7eed040
@TayGov
Merge branch 'master' into dependabot/maven/src/backend/libs/efiling-…
e0bc44a 
…bom/org.springframework-spring-web-6.0.23
@TayGov
Update dev-efiling-api-build-4.yaml
3cf9a69
@TayGov
Merge pull request #2848 from bcgov/TayGov-patch-1
a0ebdb3 
Update dev-efiling-api-build-4.yaml
@jjstratton
Update dev-efiling-api-build-4.yaml
4b6de32
@TayGov
Merge pull request #2849 from bcgov/jjstratton-patch-1
62533ca 
Update dev-efiling-api-build-4.yaml
new pipelines
9a1bde4
updated actions
36e6ca4
Merge branch 'master' into artifactory
b2b4e91
updated
27fad2a
test and prod and gitops
619eaef
@jianmingtu
Update src/frontend/efiling-frontend/yarn.lock
08f1fe0
updated pipeline
08654ca
@jjstratton
Update dev-efiling-admin-build-4.yml
2f947f2
@jjstratton
Update dev-efiling-admin-build-4.yml
8cac89e
@jjstratton
Update dev-efiling-frontend-build-4.yaml
a1143ff
added back in profiles
15f9fdd
updated
bd789b8
Merge remote-tracking branch 'origin/master' into artifactory
3491012
@TayGov
Merge pull request #2850 from bcgov/artifactory
175371f 
Artifactory
updated
c22ad7d
updated tag
a71799d
updated pat
d06a721
@TayGov
Merge branch 'master' into dependabot/maven/src/backend/libs/efiling-…
4cebb7e 
…bom/org.springframework-spring-web-6.0.23
@TayGov
Merge pull request #2831 from bcgov/dependabot/maven/src/backend/libs…
5481767 
…/efiling-bom/org.springframework-spring-web-6.0.23

Bump org.springframework:spring-web from 6.0.19 to 6.0.23 in /src/backend/libs/efiling-bom
@jianmingtu
fix frontend vulnerabilities
d043cad
@jianmingtu
Merge pull request #2856 from bcgov/feature/FLA-1576-vulnerabilities
a62ea9d 
fix frontend vulnerabilities
@jianmingtu
fix frontend vulnerability
fb88582
@jianmingtu
Merge pull request #2857 from bcgov/feature/FLA-1576-vulnerabilities
9cfc48d 
fix frontend vulnerability
@jianmingtu
Merge branch 'master' into dependabot/npm_and_yarn/src/frontend/efili…
adbbdb9 
…ng-demo/semver-5.7.2
TayGov added 2 commits August 25, 2025 13:02
@TayGov
Merge branch 'master' into dependabot/npm_and_yarn/src/frontend/efili…
936fd88 
…ng-frontend/http-proxy-middleware-2.0.9
@TayGov
Merge pull request #2905 from bcgov/dependabot/npm_and_yarn/src/front…
8827eb6 
…end/efiling-frontend/http-proxy-middleware-2.0.9

Bump http-proxy-middleware from 2.0.7 to 2.0.9 in /src/frontend/efiling-frontend
TayGov added 2 commits August 25, 2025 13:29
@TayGov
Merge branch 'master' into dependabot/maven/src/backend/efiling-api/o…
c0b393b 
…rg.apache.tomcat.embed-tomcat-embed-core-11.0.10
@TayGov
Merge pull request #2936 from bcgov/dependabot/maven/src/backend/efil…
2fbb5e4 
…ing-api/org.apache.tomcat.embed-tomcat-embed-core-11.0.10

Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.8 to 11.0.10 in /src/backend/efiling-api
TayGov added 2 commits August 25, 2025 13:41
@TayGov
Merge branch 'master' into dependabot/maven/src/backend/org.apache.ma…
ac6001a 
…ven.plugins-maven-surefire-plugin-3.5.3
@TayGov
Merge pull request #2938 from bcgov/dependabot/maven/src/backend/org.…
db326e6 
…apache.maven.plugins-maven-surefire-plugin-3.5.3

Bump org.apache.maven.plugins:maven-surefire-plugin from 2.22.2 to 3.5.3 in /src/backend
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 3, 2025
View reviewed changes
.github/workflows/code-climate-coverage-aggregation.yml
Comment on lines +79 to +129
name: Build and Test Java
runs-on: ubuntu-latest
env:
FILE_COUNTER: 0
CC_TEST_REPORTER_ID: 9ada3133fe9babf91a222009998b3545b7eae897a05900930bfa8a27fd82f385
ACTION_DEBUG: true

steps:
- uses: actions/checkout@v2

# Get Code Climate binary
- name: Download Code Climate Binary
run: curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter

# Permissions applied to the Code Climate Executable
- name: Apply executable perms to Code Climate Binary
run: chmod +x ./cc-test-reporter

# Before build
- name: Before build
run: ./cc-test-reporter before-build

# Set required Git env vars for either pull request
- name: Set ENV for codeclimate (pull_request)
run: |
echo "::set-env name=GIT_BRANCH::${{ github.event.pull_request.head.ref }}"
echo "::set-env name=GIT_COMMIT_SHA::${{ github.event.pull_request.head.sha }}"
if: github.event_name == 'pull_request'

# Set required Git env vars for a push to master
- name: Set ENV for codeclimate (push)
run: |
echo "::set-env name=GIT_BRANCH::$GITHUB_REF"
echo "::set-env name=GIT_COMMIT_SHA::$GITHUB_SHA"
if: github.event_name == 'push'

# Trimming the ref to master in order to publish correct report (paambaati)
- name: Set ref/head/master to master
run: |
echo "::set-env name=GIT_BRANCH::master"
if: env.GIT_BRANCH == 'refs/heads/master'

- name: Checkout Spring Starters Repository
uses: actions/checkout@v4
with:
repository: bcgov/spring-boot-starters
path: spring-boot-starters
ref: v1.0.5

# Setup Java Environment
- name: Set up JDK 1.8
- name: Set up JDK 17
uses: actions/setup-java@v1
with:
java-version: 1.8
- uses: actions/cache@v1
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
java-version: 17

# Run Maven Verify to generate all jacoco reports
- name: Build with Maven
run: mvn -B verify -P all --file src/backend/pom.xml
# TODO REMOVE AFTER SFTP IS IN MAVEN CENTRAL
- name: Build Spring Starters
run: mvn install -P all --file ./spring-boot-starters/src/pom.xml

# Loop through all BACKEND services to show that jacoco reports have been generated
- name: WHERE AM I - BACKEND?
run: |
for s in efiling-backend-demo efiling-api
do
ls ${{ github.workspace }}/src/backend/$s/target/site/jacoco;
done
if: ${{ env.ACTION_DEBUG }}
- name: Checkout File Submission Repository
uses: actions/checkout@v2

# Formatting the BACKEND coverage reports generated (dynamically)
- name: Format BACKEND coverage reports
run: |
projectRelRegex="^\.\/src\/backend\/(.*)\/target\/site\/jacoco\/jacoco\.xml$"
for file in $(find . -name "jacoco.xml")
do
echo $file
echo $projectRelRegex
if [[ $file =~ $projectRelRegex ]]
then
projectRel="${BASH_REMATCH[1]}"
echo "analyzing project: " $projectRel
projectName="${projectRel//\//-}"
JACOCO_SOURCE_PATH=${{ github.workspace }}/src/backend/$projectRel/src/main/java ./cc-test-reporter format-coverage ${{github.workspace}}/src/backend/$projectRel/target/site/jacoco/jacoco.xml --input-type jacoco --output coverage/$projectName-codeclimate.json;
echo "coverage generated: coverage/$projectName-codeclimate.json;"
else
echo $file does not match
fi
done
# List all formatted files in coverage directory
- name: WHERE AM I - FORMATTED?
run: |
ls ${{ github.workspace }}/coverage
if: ${{ env.ACTION_DEBUG }}

# Count of all total coverage files available
- name: Count files present
run: |
echo "::set-env name=FILE_COUNTER::$(ls -1q ./coverage | wc -l )"
# Sum the coverage reports
- name: Summing the coverage reports generated
run: ./cc-test-reporter sum-coverage coverage/*-codeclimate.json -p ${{ env.FILE_COUNTER }} -o coverage/total-codeclimate.json

# Upload JSON for debugging purposes
- name: Upload JSON for debugging purposes
uses: actions/upload-artifact@v2
with:
name: summed-java-coverage-report
path: coverage/total-codeclimate.json

aggregation:
name: Aggregate Spring Boot and Javascript reports
needs: [yarn, spring-boot]
env:
CC_TEST_REPORTER_ID: 9ada3133fe9babf91a222009998b3545b7eae897a05900930bfa8a27fd82f385
runs-on: ubuntu-latest
steps:
# Get Code Climate binary
- name: Download Code Climate Binary
run: curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter

# Permissions applied to the Code Climate Executable
- name: Apply executable perms to Code Climate Binary
run: chmod +x ./cc-test-reporter

# Before build
- name: Before build
run: ./cc-test-reporter before-build

# Set required Git env vars for either pull request
- name: Set ENV for codeclimate (pull_request)
run: |
echo "::set-env name=GIT_BRANCH::${{ github.event.pull_request.head.ref }}"
echo "::set-env name=GIT_COMMIT_SHA::${{ github.event.pull_request.head.sha }}"
if: github.event_name == 'pull_request'

# Set required Git env vars for a push to master
- name: Set ENV for codeclimate (push)
run: |
echo "::set-env name=GIT_BRANCH::$GITHUB_REF"
echo "::set-env name=GIT_COMMIT_SHA::$GITHUB_SHA"
if: github.event_name == 'push'

# Trimming the ref to master in order to publish correct report (paambaati)
- name: Set ref/head/master to master
run: |
echo "::set-env name=GIT_BRANCH::master"
echo "GIT_BRANCH=master" >> $GITHUB_ENV
#echo "::set-env name=GIT_BRANCH::master"
if: env.GIT_BRANCH == 'refs/heads/master'

# Make Directory for downloaded files
- name: Make directory
run: mkdir coverage-reports

# Download Spring-boot coverage report
- name: Download spring-boot coverage report
uses: actions/download-artifact@v1
with:
name: summed-java-coverage-report

# See what is inside
- name: List items inside java coverage report object
run: |
ls summed-java-coverage-report
# Copy total java to outside directory
- name: Copy Java Coverage to directory
run: |
cp summed-java-coverage-report/total-codeclimate.json coverage-reports/total-java-codeclimate.json
# Download Yarn coverage report
- name: Download javascript coverage report
uses: actions/download-artifact@v1
with:
name: summed-yarn-coverage-report

# See what is inside
- name: List items inside java coverage report object
run: |
ls summed-yarn-coverage-report
# Copy total Yarn to outside directory
- name: Copy Yarn Coverage to directory
run: |
cp summed-yarn-coverage-report/total-codeclimate.json coverage-reports/total-yarn-codeclimate.json
#- uses: actions/cache@v1
# with:
# path: ~/.m2/repository
# key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
# restore-keys: |
# ${{ runner.os }}-maven-

# See what is inside coverage
- name: List items inside java coverage report object
run: |
ls coverage-reports
# Sum the coverage reports
- name: Summing the coverage reports generated
run: ./cc-test-reporter sum-coverage coverage-reports/*-codeclimate.json -p 2 -o coverage-reports/total-codeclimate.json

# Upload JSON for debugging purposes
- name: Upload JSON for debugging purposes
uses: actions/upload-artifact@v2
#Set env again??
- name: Set up JDK 17
uses: actions/setup-java@v1
with:
name: summed-total-coverage-report
path: coverage-reports/total-codeclimate.json
java-version: 17

# Upload total coverage report to Code Climate
- name: Upload coverage report to Code Climate
run: ./cc-test-reporter upload-coverage -i coverage-reports/total-codeclimate.json
# Run Maven Verify to generate all jacoco reports
- name: Build with Maven
run: mvn -B verify -P all --file src/backend/pom.xml

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 2 months ago

To fix this issue, add a permissions block specifying the least privilege required to the workflow. The best way is to add the block at the top level—below the name: or on: field—if all jobs have the same minimal need. According to CodeQL’s suggestion and the job description, the appropriate permission is contents: read, since the jobs only need to read the repository code. If, in the future, a job requires additional permissions (e.g., to update issues or pull requests), then elevate privileges only for that specific job. For this fix, add:

permissions:
  contents: read

directly below the name: (after line 1), or just after the on: block (after line 8), so it applies to all jobs. No changes to other imports or actions are required.

Suggested changeset 1
.github/workflows/code-climate-coverage-aggregation.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/code-climate-coverage-aggregation.yml b/.github/workflows/code-climate-coverage-aggregation.yml
--- a/.github/workflows/code-climate-coverage-aggregation.yml
+++ b/.github/workflows/code-climate-coverage-aggregation.yml
@@ -6,6 +6,8 @@
   pull_request:
     branches: [master]
 
+permissions:
+  contents: read
 jobs:
   yarn:
     env:
EOF
@@ -6,6 +6,8 @@
pull_request:
branches: [master]

permissions:
contents: read
jobs:
yarn:
env:
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jjstratton jjstratton Awaiting requested review from jjstratton

At least 1 approving review is required to merge this pull request.

Assignees

@TayGov TayGov

Labels

🚴 cash 🥉

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TayGov @jjstratton @jianmingtu