Merge branch 'finos:main' into main

Author: Psingle20

.github/workflows/ci.yml

@@ -47,7 +47,7 @@ jobs:
         npm run test-coverage-ci --workspaces --if-present
 
     - name: Upload test coverage report
-      uses: codecov/codecov-action@v4.6.0
+      uses: codecov/codecov-action@v5.1.2
       with:
         files: ./coverage/lcov.info
         token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/experimental-inventory-ci.yml

@@ -0,0 +1,47 @@
+name: CI - experimental - inventory
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - experimental/license-inventory/**
+  pull_request:
+    branches: [main]
+    paths:
+      - experimental/license-inventory/**
+
+permissions:
+  pull-requests: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x]
+        mongodb-version: [4.4]
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Start MongoDB
+        uses: supercharge/[email protected]
+        with:
+          mongodb-version: ${{ matrix.mongodb-version }}
+
+      - name: Install dependencies
+        working-directory: ./experimental/license-inventory
+        run: npm ci
+
+      - name: Test
+        working-directory: ./experimental/license-inventory
+        run: |
+          MONGO_URI="mongodb://localhost:27017/inventory" npm run test

.github/workflows/experimental-inventory-publish.yml

@@ -0,0 +1,27 @@
+name: experimental-inventory - Publish to NPM
+on:
+  push:
+    tags:
+      - 'license-inventory-*'
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18.x'
+          registry-url: 'https://registry.npmjs.org'
+
+      - run: npm ci
+        working-directory: ./experimental/license-inventory
+
+      - run: npm run build
+        working-directory: ./experimental/license-inventory
+
+      - run: npm publish --access=public
+        working-directory: ./experimental/license-inventory
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/sample-publish.yml

@@ -0,0 +1,22 @@
+name: Publish samples to NPM
+
+on:
+  push:
+    tags:
+      - 'sample-*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18.x'
+          registry-url: 'https://registry.npmjs.org'
+      - name: publish sample package
+        run: npm install --include peer && npm publish --access=public
+        working-directory: plugins/git-proxy-plugin-samples
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/scorecard.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
           egress-policy: audit
 
@@ -64,14 +64,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
+        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
         with:
           sarif_file: results.sarif

experimental/license-inventory/.gitignore

@@ -0,0 +1,2 @@
+node_modules
+dist

experimental/license-inventory/README.md

@@ -0,0 +1,31 @@
+<br />
+<div align="center">
+  <a href="https://github.com/finos/git-proxy">
+    <img src="../../docs/img/logo.png" alt="Logo" height="95">
+  </a>
+
+  <br />
+  <strong>git-proxy: license-inventory</strong>
+  <br />
+
+  <p align="center">
+    <strong>experimental</strong> project to provide license data and attach said license data to projects for fueling policy evaluation.
+    <br />
+  </p>
+
+  <br />
+
+[![FINOS - Incubating](https://cdn.jsdelivr.net/gh/finos/contrib-toolbox@master/images/badge-incubating.svg)](https://community.finos.org/docs/governance/Software-Projects/stages/incubating)
+[![NPM](https://img.shields.io/npm/v/@finos/git-proxy-license-inventory?colorA=00C586&colorB=000000)](https://www.npmjs.com/package/@finos/git-proxy-license-inventory)
+[![Build](https://img.shields.io/github/actions/workflow/status/finos/git-proxy/experimental-inventory-ci.yml?branch=main&label=CI&logo=github&colorA=00C586&colorB=000000)](https://github.com/finos/git-proxy/actions/workflows/experimental-inventory-ci.yml)
+[![git-proxy](https://api.securityscorecards.dev/projects/github.com/finos/git-proxy/badge)](https://api.securityscorecards.dev/projects/github.com/finos/git-proxy)
+<br />
+[![License](https://img.shields.io/github/license/finos/git-proxy?colorA=00C586&colorB=000000)](https://github.com/finos/git-proxy/blob/main/LICENSE)
+[![Slack](https://img.shields.io/badge/_-Chat_on_Slack-000000.svg?logo=slack&colorA=00C586)](https://app.slack.com/client/T01E7QRQH97/C06LXNW0W76)
+
+</div>
+<br />
+
+This is an **experimental** project to provide license data and attach said license data to projects for fueling policy evaluation.
+
+Please consider all REST API paths, inputs, and outputs in flux during `v0`. Additionally do not rely import paths to be stable.

experimental/license-inventory/dev/grafana/datasources.yaml

@@ -0,0 +1,43 @@
+apiVersion: 1
+
+datasources:
+  - name: Loki
+    type: loki
+    uid: loki
+    access: proxy
+    url: http://loki:3100
+    basicAuth: false
+    version: 1
+    editable: false
+    isDefault: true
+
+  - name: Prometheus
+    type: prometheus
+    uid: prometheus
+    access: proxy
+    orgId: 1
+    url: http://prometheus:9090
+    basicAuth: false
+    isDefault: false
+    version: 1
+    editable: false
+    jsonData:
+      httpMethod: GET
+
+  - name: Tempo
+    type: tempo
+    uid: tempo
+    access: proxy
+    orgId: 1
+    url: http://tempo:3200
+    basicAuth: false
+    isDefault: false
+    version: 1
+    editable: false
+    jsonData:
+      tracesToLogsV2:
+        datasourceUid: loki
+        filterByTraceID: true
+        filterBySpanID: true
+      tracesToMetrics:
+        datasourceUid: prometheus

experimental/license-inventory/dev/loki.yaml

@@ -0,0 +1,49 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+  grpc_listen_port: 9096
+
+common:
+  instance_addr: 127.0.0.1
+  path_prefix: /tmp/loki
+  storage:
+    filesystem:
+      chunks_directory: /tmp/loki/chunks
+      rules_directory: /tmp/loki/rules
+  replication_factor: 1
+  ring:
+    kvstore:
+      store: inmemory
+
+frontend:
+  max_outstanding_per_tenant: 2048
+
+pattern_ingester:
+  enabled: true
+
+limits_config:
+  max_global_streams_per_user: 0
+  ingestion_rate_mb: 50000
+  ingestion_burst_size_mb: 50000
+  volume_enabled: true
+
+query_range:
+  results_cache:
+    cache:
+      embedded_cache:
+        enabled: true
+        max_size_mb: 100
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: tsdb
+      object_store: filesystem
+      schema: v13
+      index:
+        prefix: index_
+        period: 24h
+
+analytics:
+  reporting_enabled: false

experimental/license-inventory/dev/otel-collector-config.yaml

@@ -0,0 +1,52 @@
+extensions:
+  health_check:
+  pprof:
+    endpoint: 127.0.0.1:1777
+  zpages:
+    endpoint: 127.0.0.1:55679
+
+receivers:
+  otlp:
+    protocols:
+      http:
+        endpoint: 0.0.0.0:4318
+
+  # collect own metrics
+  prometheus:
+    config:
+      scrape_configs:
+        - job_name: otel-collector
+          scrape_interval: 10s
+          static_configs:
+            - targets:
+                - 127.0.0.1:8888
+
+exporters:
+  loki:
+    endpoint: http://loki:3100/loki/api/v1/push
+  prometheus:
+    endpoint: 127.0.0.1:8889
+    namespace: otel-collector
+    send_timestamps: true
+    metric_expiration: 180m
+    enable_open_metrics: true
+    add_metric_suffixes: false
+    resource_to_telemetry_conversion:
+      enabled: true
+  otlphttp:
+   endpoint: http://tempo:4318
+
+processors:
+  batch:
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      exporters: [otlphttp]
+    metrics:
+      receivers: [otlp]
+      exporters: [prometheus]
+    logs:
+      receivers: [otlp]
+      exporters: [loki]