Merge branch 'main' into snyk-fix-ad9438c9690a8d167c245227a74e2325

.github/CODEOWNERS

@@ -20,9 +20,9 @@
 /jans-auth-server/ @yurem @yuriyz
 /jans-fido2/ @yurem
 /jans-scim/ @jgomer2001
-/jans-client-api/ @duttarnab @yuriyz
 /jans-config-api/ @pujavs @yuriyz
-/jans-cli/ @mbaser
-/jans-linux-setup/ @mbaser @smansoft @yuriyz
+/jans-cli/ @devrimyatar
+/jans-linux-setup/ @devrimyatar @smansoft @yuriyz
 /jans-linux-setup/jans_setup/setup_app/version.py @moabu
-/jans-linux-setup/static/scripts/admin_ui_plugin.py @mbaser @duttarnab
+/jans-linux-setup/static/scripts/admin_ui_plugin.py @devrimyatar @duttarnab
+/agama/ @jgomer2001

.github/SECURITY.md

@@ -14,8 +14,7 @@ Security updates will typically only be applied to the latest release (at least
 
 ## Reporting a vulnerability
 
-To report a security issue, email [security@jans.io](mailto:security@jans.io?subject=SECURITY)
-and include the word "SECURITY" in the subject line.
+To report a security issue, send an email to [security@jans.io](mailto:security@jans.io?subject=SECURITY)
 
 The **Janssen** team will send a response indicating the next steps in handling your report.
 After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement,

.github/pull_request_template.md

@@ -1,20 +1,25 @@
 ### Prepare
 
-- [ ] Read contribution guidelines
-- [ ] Read license information
+- [ ] Read [PR guidelines](https://github.com/JanssenProject/jans/blob/main/docs/CONTRIBUTING.md#prs)
+- [ ] Read [license information](https://github.com/JanssenProject/jans/blob/main/LICENSE)
 
 -------------------
 
 ### Description
 
-- Target issue #
-  <!-- Link this PR to issue it is fixing -->
+#### Target issue
+  <!-- Link or describe the issue this PR is fixing -->
+
+  <!-- If issue shouldn't be closed after merging this PR, then we recommend adding a task in original target issue and create a separate issue from this task which can be closed when this PR gets merged. Mention this new issue created from task as target issue below. For more on how to create task issues visit https://docs.github.com/en/issues/tracking-your-work-with-issues/about-task-lists -->
+
+closes #issue-number-here
 
-- Implementation Details
-  <!-- If the fix is involved one then communicate high level analysis and implementation approach -->
+#### Implementation Details
+  <!-- If the fix is an involved one then communicate high level analysis and implementation approach -->
 
 -------------------
-### Document the changes
-
+### Test and Document the changes
+- [ ] Static code analysis has been run locally and issues have been fixed
+- [ ] Relevant unit and integration tests have been added/updated
 - [ ] Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)
 

.github/workflows/backport.yml

@@ -0,0 +1,52 @@
+name: Backport
+on:
+  pull_request_target:
+    types: [closed, labeled]
+    branches: [main, release-*]
+
+# WARNING:
+# When extending this action, be aware that $GITHUB_TOKEN allows write access to
+# the GitHub repository. This means that it should not evaluate user input in a
+# way that allows code injection.
+
+jobs:
+  backport:
+    name: Backport Pull Request
+    # Run the action if a PR is merged with backport labels
+    # OR
+    # when already merged PR is labeled with backport labels
+    if: >
+      github.event.pull_request.merged
+      && (
+        github.event.action == 'closed'
+        || (
+          github.event.action == 'labeled'
+          && startsWith(github.event.label.name, 'backport/')
+        )
+      )
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # required to find all branches
+          fetch-depth: 0
+          token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Create backport PRs
+        # should be kept in sync with `version`
+        uses: zeebe-io/backport-action@v0.0.8
+        with:
+          # Config README: https://github.com/zeebe-io/backport-action#backport-action
+          github_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
+          github_workspace: ${{ github.workspace }}
+          # should be kept in sync with `uses`
+          version: v0.0.8
+
+          # Regex pattern to match GitHub labels
+          # The capture group catches the target branch
+          # i.e. label backport/v1.0.0 will create backport PR for branch v1.0.0
+          label_pattern: ^backport\/([^ ]+)$
+
+          pull_description: |-
+            Automated backport to `${target_branch}`, triggered by a label in #${pull_number}.
+            See ${issue_refs}.

.github/workflows/build-docs.yml

@@ -0,0 +1,160 @@
+name: Publish docs via GitHub Pages
+on:
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version tag (e.g."v1.0.0")'
+        default: "v1.0.0"
+        required: false
+jobs:
+  build:
+    env:
+      GH_TOKEN: ${{ secrets.GIT_AUTHOR_MKDOCS_DEPLOY }}
+    name: Deploy docs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+          cache: pip
+          cache-dependency-path: docs/requirements.txt
+
+      - name: Install dependencies
+        run: |
+          pip install --require-hashes -r docs/requirements.txt
+          cp mkdocs.yml ../
+
+      - name: Checkout jans ${{ github.event.inputs.version }}
+        if: >-
+          github.event_name == 'workflow_dispatch'
+        uses: actions/checkout@v3
+        with:
+          ref: '${{ github.event.inputs.version }}'
+          fetch-depth: 0
+
+      - name: Copy files from main to ${{ github.event.inputs.version }}
+        if: >-
+          github.event_name == 'workflow_dispatch'
+        run: |
+          mv ../mkdocs.yml mkdocs.yml
+
+      - name: Generate docs
+        run: echo "Custom work on generating docs can go here."
+
+      - name: git config
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+      - name: mike deploy ${{ github.event.inputs.version }}
+        if: >-
+          github.event_name == 'workflow_dispatch'
+        run: |
+          mike deploy --push --force ${{ github.event.inputs.version }}
+
+      # This deploys the current docs into gh-pages/head on merges to main
+      # The old "main" gets deleted if it exists, head is more descriptive
+      - name: mike deploy head
+        if: contains(github.ref, 'refs/heads/main') && github.event_name != 'workflow_dispatch'
+        run: |
+          mike deploy --push head
+
+      # If a release has been published, deploy it as a new version
+      - name: mike deploy new version
+        if: >-
+          github.event_name == 'release' &&
+          github.event.action == 'published' &&
+          startsWith(github.event.release.name, 'v') &&
+          !github.event.release.draft &&
+          !github.event.release.prerelease
+        env:
+          VERSION: ${{ github.event.release.tag_name }}
+        run: |
+          mike deploy --push "$VERSION"
+
+      - name: Update mike version aliases
+        #if: >-
+        # github.event_name != 'workflow_dispatch'
+        id: set_versions
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          TAGS=$(gh release list -L 1000 -R ${{ github.repository }} | grep -o '^\v.*'| grep -v Draft | cut -f 1 | sed '/-/!{s/$/_/}' | sort -V | sed 's/_$//')
+          LATEST=$(echo "${TAGS}" | tail -1)
+          STABLE=$(echo "${TAGS}" | grep -v -- "-" | tail -1)
+          # remove below two lines after first release
+          LATEST="head"
+          STABLE="head"
+          mike alias -u head main
+          mike alias -u "${STABLE}" stable
+          mike set-default --push stable
+          echo ::set-output name=LATEST::${LATEST}
+          echo ::set-output name=STABLE::${STABLE}
+
+      # Ensures the current branch is gh-pages,
+      # Creates / updates the "stable" and "latest" plain text files with the corresponding versions
+      # Commits if the files were changed
+      # Finally pushes if there are unpushed commits
+      - name: Create version files
+        #if: >-
+        #  github.event_name != 'workflow_dispatch'
+        run: |
+          LATEST=${{ steps.set_versions.outputs.LATEST }}
+          STABLE=${{ steps.set_versions.outputs.STABLE }}
+          git checkout gh-pages
+          echo "${STABLE}" > stable.txt
+          git add stable.txt && git update-index --refresh
+          git diff-index --quiet HEAD -- || git commit -m "Set stable to ${STABLE}"
+          echo "${LATEST}" > latest.txt
+          git add latest.txt && git update-index --refresh
+          git diff-index --quiet HEAD -- || git commit -m "Set latest to ${LATEST}"
+          git push origin gh-pages
+
+  # Because the output of the index.yaml is also in gh-pages we want to ensure the jobs run after each other
+  # This releases the helm chart
+  release-helm-chart:
+    if: >-
+      github.event_name == 'release' &&
+      github.event.action == 'published' &&
+      startsWith(github.event.release.name, 'v') &&
+      !github.event.release.draft &&
+      !github.event.release.prerelease ||
+      github.event_name == 'workflow_dispatch'
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    needs: build
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.8.1
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.1
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/build-packages.yml

@@ -21,18 +21,21 @@ jobs:
             asset_prefix: '_'
             asset_path: jans
             sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
+            python_version: 3.8
           - name: el8
-            asset_suffix: .el8.x86_64.rpm
+            asset_suffix: -el8.x86_64.rpm
             build_files: rpm/el8
             asset_prefix: '-'
             asset_path: jans/rpmbuild/RPMS/x86_64
             sign_cmd: rpm --addsign
+            python_version: 3.6
           - name: suse15
-            asset_suffix: .suse15.x86_64.rpm
+            asset_suffix: -suse15.x86_64.rpm
             build_files: rpm/suse15
             asset_prefix: '-'
             asset_path: jans/rpmbuild/RPMS/x86_64
             sign_cmd: rpm --addsign
+            python_version: 3.6
 
     steps:
     - name: Getting build dependencies
@@ -42,11 +45,14 @@ jobs:
          mkdir -p jans/jans-src/opt/
          cp -rp packaging/${{ matrix.build_files }}/* jans/
          wget https://raw.githubusercontent.com/JanssenProject/jans/main/jans-linux-setup/jans_setup/install.py -O jans/install.py
-         sudo apt install -y python3-distutils python3-ldap3 build-essential devscripts debhelper rpm dpkg-sig
+         sudo add-apt-repository ppa:deadsnakes/ppa
+         sudo apt-get update
+         sudo apt-get install -y python${{ matrix.python_version }}
+         sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-ldap3 python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils
     - name: Import GPG key
       id: import_gpg
       continue-on-error: true
-      uses: crazy-max/ghaction-import-gpg@v4
+      uses: crazy-max/ghaction-import-gpg@v5
       with:
         gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
         passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
@@ -67,11 +73,13 @@ jobs:
       id: run_build
       run: |
          cd jans/
-         sudo python3.8 install.py --no-setup
+         sudo python${{ matrix.python_version }} install.py -download-exit -yes
          cp -r /opt/dist jans-src/opt/
          cp -r /opt/jans jans-src/opt/
          touch jans-src/opt/jans/jans-setup/package
          rm -rf install.py install jans-cli
+         rm -rf jans-src/opt/jans/jans-setup/logs/setup.log
+         rm -rf jans-src/opt/jans/jans-setup/logs/setup_error.log         
          sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
          cat run-build.sh
          sudo ./run-build.sh
@@ -160,7 +168,7 @@ jobs:
           mv jans-cli.pyz jans-cli-linux-X86-64.pyz
           sha256sum jans-cli-linux-X86-64.pyz > jans-cli-linux-X86-64.pyz.sha256sum
     - name: Set up Python 3.6
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v4
       with:
         python-version: 3.6
     - name: Build with Ubuntu
@@ -179,7 +187,7 @@ jobs:
         make zipapp 
         mv jans-cli.pyz jans-cli-linux-ubuntu-X86-64.pyz
         sha256sum jans-cli-linux-ubuntu-X86-64.pyz > jans-cli-linux-ubuntu-X86-64.pyz.sha256sum
-    - uses: actions/cache@v2.1.7
+    - uses: actions/cache@v3
       id: cache-installers
       with:
         path: |
@@ -206,7 +214,7 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v3
-    - uses: actions/cache@v2.1.7
+    - uses: actions/cache@v3
       id: cache-installers
       with:
         path: |