Merge branch 'develop' into 11998-features-in-guides

Conflicts:
doc/sphinx-guides/source/user/dataset-management.rst

Author: pdurbin

.github/workflows/add_bugs_to_project.yml

@@ -0,0 +1,18 @@
+name: Add bugs to project board
+
+on:
+  issues:
+    types:
+      - opened
+      - labeled
+
+jobs:
+  add-to-project:
+    name: Add bug to project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: https://github.com/orgs/IQSS/projects/34
+          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
+          labeled: "Type: Bug"

.github/workflows/container_app_pr.yml

@@ -25,24 +25,24 @@ jobs:
                   ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
             - uses: actions/setup-java@v5
               with:
-                  java-version: "17"
+                  java-version: "21"
                   distribution: 'adopt'
-            - uses: actions/cache@v4
+            - uses: actions/cache@v5
               with:
                   path: ~/.m2
                   key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
                   restore-keys: ${{ runner.os }}-m2
 
             # Note: Accessing, pushing tags etc. to GHCR will only succeed in upstream because secrets.
             - name: Login to Github Container Registry
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   registry: ghcr.io
                   username: ${{ secrets.GHCR_USERNAME }}
                   password: ${{ secrets.GHCR_TOKEN }}
 
             - name: Set up QEMU for multi-arch builds
-              uses: docker/setup-qemu-action@v3
+              uses: docker/setup-qemu-action@v4
 
             # Get the image tag from either the command or default to branch name (Not used for now)
             #-   name: Get the target tag name
@@ -69,7 +69,7 @@ jobs:
                   -Dapp.image.tag=${{ env.IMAGE_TAG }}
                   -Ddocker.registry=ghcr.io -Ddocker.platforms=${{ env.PLATFORMS }}
 
-            - uses: marocchino/sticky-pull-request-comment@v2
+            - uses: marocchino/sticky-pull-request-comment@v3
               with:
                   header: registry-push
                   hide_and_recreate: true

.github/workflows/container_app_push.yml

@@ -101,20 +101,20 @@ jobs:
             # Depending on context, we push to different targets. Login accordingly.
             - if: github.event_name != 'pull_request'
               name: Log in to Docker Hub registry
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   username: ${{ secrets.DOCKERHUB_USERNAME }}
                   password: ${{ secrets.DOCKERHUB_TOKEN }}
             - if: ${{ github.event_name == 'pull_request' }}
               name: Login to Github Container Registry
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   registry: ghcr.io
                   username: ${{ secrets.GHCR_USERNAME }}
                   password: ${{ secrets.GHCR_TOKEN }}
 
             - name: Set up QEMU for multi-arch builds
-              uses: docker/setup-qemu-action@v3
+              uses: docker/setup-qemu-action@v4
 
             - name: Add rolling image tag when pushing to develop
               if: ${{ github.event_name == 'push' && github.ref_name == 'develop' }}
@@ -141,7 +141,7 @@ jobs:
                   ${{ env.REGISTRY }} -Ddocker.platforms=${{ env.PLATFORMS }}
                   -P ct deploy
 
-            - uses: marocchino/sticky-pull-request-comment@v2
+            - uses: marocchino/sticky-pull-request-comment@v3
               if: ${{ github.event_name == 'pull_request' }}
               with:
                   header: registry-push

.github/workflows/container_base_push.yml

@@ -42,15 +42,15 @@ jobs:
             # Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and
             #       on events in context of upstream because secrets. PRs run in context of forks by default!
             - name: Log in to the Container registry
-              uses: docker/login-action@v3
+              uses: docker/login-action@v4
               with:
                   username: ${{ secrets.DOCKERHUB_USERNAME }}
                   password: ${{ secrets.DOCKERHUB_TOKEN }}
 
             # In case this is a push to develop, we care about buildtime.
             # Configure a remote ARM64 build host in addition to the local AMD64 in two steps.
             - name: Setup SSH agent
-              uses: webfactory/ssh-agent@v0.9.1
+              uses: webfactory/ssh-agent@v0.10.0
               with:
                   ssh-private-key: ${{ secrets.BUILDER_ARM64_SSH_PRIVATE_KEY }}
             - name: Provide the known hosts key and the builder config

.github/workflows/container_maintenance.yml

@@ -79,12 +79,12 @@ jobs:
       # Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and
       #       on events in context of upstream because secrets. PRs run in context of forks by default!
       - name: Log in to the Container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Set up QEMU for multi-arch builds
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
         with:
           platforms: ${{ env.PLATFORMS }}
 
@@ -122,12 +122,12 @@ jobs:
       # Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and
       #       on events in context of upstream because secrets. PRs run in context of forks by default!
       - name: Log in to the Container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Set up QEMU for multi-arch builds
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
         with:
           platforms: ${{ env.PLATFORMS }}
 
@@ -164,18 +164,18 @@ jobs:
       # Note: Accessing, pushing tags etc. to DockerHub will only succeed in upstream and
       #       on events in context of upstream because secrets. PRs run in context of forks by default!
       - name: Log in to the Container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Set up QEMU for multi-arch builds
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
         with:
           platforms: ${{ env.PLATFORMS }}
       - name: Setup Trivy binary for vulnerability scanning
-        uses: aquasecurity/setup-trivy@v0.2.4
+        uses: aquasecurity/setup-trivy@v0.2.6
         with:
-          version: v0.63.0
+          version: v0.69.3
 
       # Execute matrix build for the discovered branches
       - name: Execute build matrix script

.github/workflows/deploy_beta_testing.yml

@@ -19,7 +19,7 @@ jobs:
       - uses: actions/setup-java@v5
         with:
           distribution: 'zulu'
-          java-version: '17'
+          java-version: '21'
 
       - name: Enable API Session Auth feature flag
         working-directory: src/main/resources/META-INF
@@ -36,7 +36,7 @@ jobs:
         run: echo "war_file=$(ls *.war | head -1)">> $GITHUB_ENV
 
       - name: Upload war artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: built-app
           path: ./target/${{ env.war_file }}
@@ -50,7 +50,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Download war artifact
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v8
         with:
           name: built-app
           path: ./
@@ -69,7 +69,7 @@ jobs:
           overwrite: true
 
       - name: Execute payara war deployment remotely
-        uses: appleboy/ssh-action@v1.2.4
+        uses: appleboy/ssh-action@v1.2.5
         env:
           INPUT_WAR_FILE: ${{ env.war_file }}
         with:
@@ -79,11 +79,11 @@ jobs:
           envs: INPUT_WAR_FILE
           script: |
             APPLICATION_NAME=dataverse-backend
-            ASADMIN='/usr/local/payara6/bin/asadmin --user admin'
+            ASADMIN='/usr/local/payara7/bin/asadmin --user admin'
             $ASADMIN undeploy $APPLICATION_NAME
             #$ASADMIN stop-domain
-            #rm -rf /usr/local/payara6/glassfish/domains/domain1/generated
-            #rm -rf /usr/local/payara6/glassfish/domains/domain1/osgi-cache
+            #rm -rf /usr/local/payara7/glassfish/domains/domain1/generated
+            #rm -rf /usr/local/payara7/glassfish/domains/domain1/osgi-cache
             #$ASADMIN start-domain
             $ASADMIN deploy --name $APPLICATION_NAME $INPUT_WAR_FILE
             #$ASADMIN stop-domain

.github/workflows/deploy_to_internal.yml

@@ -0,0 +1,90 @@
+name: 'Deploy to dataverse-internal.iq.harvard.edu'
+
+on:
+  workflow_dispatch:
+    inputs:
+      buildlabel:
+        description: 'Custom label that will appear after the version number (the equivalent of the old "build number" entry). Leaving it empty will default to the legacy behavior, i.e. " build <branch>-<checksum>".'
+        type: string
+        required: false
+
+permissions:
+  contents: read
+
+concurrency:
+  group: deploy-to-internal
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'zulu'
+          java-version: '21'
+
+      - name: Set build number
+        run: scripts/installer/custom-build-number "${{ github.event.inputs.buildlabel }}"
+
+      - name: Build application war
+        run: mvn package
+
+      - name: Get war file name
+        working-directory: target
+        run: echo "war_file=$(ls *.war | head -1)">> $GITHUB_ENV
+
+      - name: Upload war artifact
+        uses: actions/upload-artifact@v7
+        with:
+          name: built-app
+          path: ./target/${{ env.war_file }}
+
+  deploy-to-payara:
+    needs: build
+    if: ${{ github.repository_owner == 'IQSS' }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Download war artifact
+        uses: actions/download-artifact@v8
+        with:
+          name: built-app
+          path: ./
+
+      - name: Get war file name
+        run: echo "war_file=$(ls *.war | head -1)">> $GITHUB_ENV
+
+      - name: Copy war file to remote instance
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{ secrets.INTERNAL_PAYARA_INSTANCE_HOST }}
+          username: ${{ secrets.INTERNAL_PAYARA_INSTANCE_USERNAME }}
+          key: ${{ secrets.INTERNAL_PAYARA_INSTANCE_SSH_PRIVATE_KEY }}
+          source: './${{ env.war_file }}'
+          target: '/home/${{ secrets.INTERNAL_PAYARA_INSTANCE_USERNAME }}'
+          overwrite: true
+
+      - name: Execute payara war deployment remotely
+        uses: appleboy/ssh-action@v1.2.5
+        env:
+          INPUT_WAR_FILE: ${{ env.war_file }}
+        with:
+          host: ${{ secrets.INTERNAL_PAYARA_INSTANCE_HOST }}
+          username: ${{ secrets.INTERNAL_PAYARA_INSTANCE_USERNAME }}
+          key: ${{ secrets.INTERNAL_PAYARA_INSTANCE_SSH_PRIVATE_KEY }}
+          envs: INPUT_WAR_FILE
+          script: |
+            APPLICATION_NAME=dataverse-backend
+            ASADMIN='/usr/local/payara7/bin/asadmin --user admin'
+            $ASADMIN undeploy $APPLICATION_NAME
+            #$ASADMIN stop-domain
+            #$ASADMIN start-domain
+            $ASADMIN deploy --name $APPLICATION_NAME $INPUT_WAR_FILE
+            #$ASADMIN stop-domain
+            #$ASADMIN start-domain

.github/workflows/generate_war_file.yml

@@ -0,0 +1,37 @@
+name: 'Generate dataverse war file'
+
+on:
+  workflow_dispatch:
+    inputs:
+      buildlabel:
+        description: 'Custom label that will appear after the version number (the equivalent of the old "build number" entry).  Leaving it empty will default to the legacy behavior, i.e. " build <branch>-<checksum>".'
+        type: string
+        required: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'zulu'
+          java-version: '21'
+
+      - name: Set build number
+        run: scripts/installer/custom-build-number "${{ github.event.inputs.buildlabel }}"
+
+      - name: Build application war
+        run: mvn package
+
+      - name: Get war file name
+        working-directory: target
+        run: echo "war_file=$(ls *.war | head -1)">> $GITHUB_ENV
+
+      - name: Upload war artifact
+        uses: actions/upload-artifact@v7
+        with:
+          name: built-app
+          path: ./target/${{ env.war_file }}

.github/workflows/maven_cache_management.yml

@@ -62,7 +62,7 @@ jobs:
               env:
                   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
             - name: Save the common cache
-              uses: actions/cache@v4
+              uses: actions/cache@v5
               with:
                   path: ${{ env.COMMON_CACHE_PATH }}
                   key: ${{ env.COMMON_CACHE_KEY }}