chore: fix merge conflicts

Signed-off-by: SafinWasi <[email protected]>

.github/SECURITY.md

@@ -6,15 +6,16 @@ We appreciate your efforts to responsibly disclose your findings, and will make
 
 ## Supported versions
 
-Security updates will typically only be applied to the latest release (at least until **Janssen** reaches first stable major version).
+Security updates will typically only be applied to the latest release.
 
-| Version  | Supported          |
-| -------- | ------------------ |
-| >=0.1 | :white_check_mark: |
+| Version | Supported          |
+|---------|--------------------|
+| <1.0.0  | :x:                |
+| >=1.0.0 | :white_check_mark: |
 
 ## Reporting a vulnerability
 
-To report a security issue, send an email to [[email protected]](mailto:[email protected]?subject=SECURITY)
+To report a security issue email [[email protected]](mailto:[email protected]?subject=SECURITY)
 
 The **Janssen** team will send a response indicating the next steps in handling your report.
 After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement,

.github/dependabot.yml

@@ -26,10 +26,6 @@ updates:
     schedule:
       interval: daily
 
-  - package-ecosystem: pip
-    directory: /demos/jans-tent
-    schedule:
-      interval: daily
 
   - package-ecosystem: docker
     directory: /docker-jans-all-in-one

.github/workflows/build-docker-image.yml

@@ -57,7 +57,7 @@ jobs:
           egress-policy: audit
 
       - name: Install Cosign
-        uses: sigstore/[email protected]
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -91,9 +91,9 @@ jobs:
         if: steps.build_docker_image.outputs.build || github.event_name == 'tags'
         run: |
           sudo apt-get update
-          sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
 
       #- uses: actions/delete-package-versions@v5
@@ -165,19 +165,19 @@ jobs:
           fi
 
       # UPDATE BUILD DATES INSIDE THE DOCKERFILE BEFORE BUILDING THE DEV IMAGES TRIGGERED BY JENKINS
-      - name: Setup Python 3.7
+      - name: Setup Python 3.10
         if: github.event_name == 'workflow_dispatch' && ${{ matrix.docker-images }} != 'loadtesting-jmeter'
         uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
-          python-version: 3.7
+          python-version: "3.10"
 
       - name: Install Python dependencies
         if: github.event_name == 'workflow_dispatch' && ${{ matrix.docker-images }} != 'loadtesting-jmeter'
         run: |
           sudo apt-get update
-          sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt
           sudo apt-get update
           sudo apt-get install jq
 

.github/workflows/build-docs.yml

@@ -207,6 +207,13 @@ jobs:
           git add index.yaml && git update-index --refresh
           cd ..
           # END move generated chart from a previous step
+          
+          # copy search from nightly to all other versions. This is to ensure that the search index is available for all versions
+          for folder in v*/; do
+            cp -r nightly/search "$folder"
+            git add $folder/search && git update-index --refresh
+          done
+          # END copy search from nightly to all other versions
 
           echo "Replacing release number markers with actual release number"
           cd ${LATEST}

.github/workflows/build-nightly-build.yml

@@ -2,6 +2,11 @@ name: Activate Nightly Build
 
 on:
   workflow_dispatch:
+    inputs:
+      branch:
+        description: 'The branch to build night release from'
+        required: false
+        default: 'main'
   schedule:
     - cron: "0 23 * * *"
 permissions:
@@ -37,4 +42,8 @@ jobs:
         gh release delete ${NIGHTLY_VERSION} --cleanup-tag --yes || echo "v${NIGHTLY_VERSION}" does not exist
         gh release delete ${NIGHTLY_VERSION} --cleanup-tag --yes || echo "v${NIGHTLY_VERSION}" does not exist
         git push --delete origin ${NIGHTLY_VERSION} || echo "v${NIGHTLY_VERSION}" does not exist
-        gh release create ${NIGHTLY_VERSION} --generate-notes --prerelease --title "${NIGHTLY_VERSION}"
+        TARGET_BRANCH=${{ github.event.inputs.branch }}
+        if [ -z "$TARGET_BRANCH" ]; then
+          TARGET_BRANCH="main"
+        fi
+        gh release create ${NIGHTLY_VERSION} --generate-notes --prerelease --title "${NIGHTLY_VERSION}" --target "${TARGET_BRANCH}"

.github/workflows/build-packages.yml

@@ -5,6 +5,8 @@ on:
     tags:
     - 'v**'
     - 'nightly'
+permissions:
+  contents: read
 jobs:
   publish_binary_packages:
     if: github.repository == 'JanssenProject/jans'
@@ -196,7 +198,7 @@ jobs:
       run: |
         sudo apt-get update
         sudo apt-get install -y python3 build-essential ca-certificates dbus systemd iproute2 gpg python3-pip python3-dev libpq-dev gcc
-        python3 -m pip install --upgrade pip
+        python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
         pip3 install shiv wheel setuptools
         echo "Building jans-linux-setup package"
         sudo chown -R runner:docker /home/runner/work/jans/jans        
@@ -337,7 +339,7 @@ jobs:
         gh release upload $VER *.zip *.sha256sum --clobber
   build_cedarling_python:
     if: github.repository == 'JanssenProject/jans'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
@@ -356,8 +358,8 @@ jobs:
         git_user_signingkey: true
         git_commit_gpgsign: true
 
-    - uses: actions/setup-python@v5
-    - uses: PyO3/maturin-action@v1
+    - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+    - uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0
       with:
         working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_python
         command: build
@@ -373,9 +375,9 @@ jobs:
           TAG="0.0.0"
         fi
         cd ${{ github.workspace }}/jans-cedarling/target/wheels
-        sha256sum cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl.sha256sum
-        sha256sum cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl.sha256sum
-        gpg --armor --detach-sign cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl || echo "Failed to sign"
-        gpg --armor --detach-sign cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl || echo "Failed to sign"
+        sha256sum cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_31_x86_64.whl > cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_31_x86_64.whl.sha256sum
+        sha256sum cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_31_x86_64.whl > cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_31_x86_64.whl.sha256sum
+        gpg --armor --detach-sign cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_31_x86_64.whl || echo "Failed to sign"
+        gpg --armor --detach-sign cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_31_x86_64.whl || echo "Failed to sign"
         echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
         gh release upload "${VERSION}" *.whl *.sha256sum *.asc

.github/workflows/build-test.yml

@@ -40,35 +40,50 @@ on:
 concurrency:
   group: run-once
   cancel-in-progress: false
+permissions:
+  contents: read
 jobs:
   cleanup:
-    if: github.event_name == 'push' && github.event.ref == 'refs/heads/main'
     runs-on: ubuntu-20.04
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: read
+      packages: write
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
       with:
         egress-policy: audit
     - name: Get version ID for 0.0.0-nightly
-      if: github.event_name == 'push' && github.ref == 'refs/heads/main'
       id: get_version_id
       run: |
-        services=$(gh api -H "Accept: application/vnd.github+json" \
-                  /orgs/JanssenProject/packages?package_type=maven \
-                  | jq -r '.[].name')
-        for service in "${services}"; do
-          version_id=$(gh api -H "Accept: application/vnd.github+json" \
-            /orgs/JanssenProject/packages/maven/io.jans.${service}/versions \
-            | jq -r '.[] | select(.name == "0.0.0-nightly") | .id')
-          echo "version_id=$version_id" >> $GITHUB_ENV
-          gh api --method DELETE \
-          -H "Accept: application/vnd.github+json" \
-          -H "X-GitHub-Api-Version: 2022-11-28" \
-          /orgs/JanssenProject/packages/maven/io.jans."${service}"/versions/"${version_id}"
+        page=1
+        services=""
+        while true; do
+          response=$(gh api -H "Accept: application/vnd.github+json" \
+            /orgs/JanssenProject/packages?package_type=maven\&per_page=100\&page=$page)
+          names=$(echo "$response" | jq -r '.[].name')
+          if [ -z "$names" ]; then
+            break
+          fi
+          services="$services $names"
+          page=$((page + 1))
         done
-
+        
+        services=$(echo "$services" | tr '\n' ' ' | sed 's/ *$//')
+        echo "Services: $services"
+          for service in $services; do
+            echo "Checking $service"
+            version_id=$(gh api -H "Accept: application/vnd.github+json" \
+              /orgs/JanssenProject/packages/maven/"${service}"/versions \
+              | jq -r '.[] | select(.name == "0.0.0-nightly") | .id')
+            echo "version_id=$version_id" >> $GITHUB_ENV
+            gh api --method DELETE \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /orgs/JanssenProject/packages/maven/"${service}"/versions/"${version_id}" || echo "Failed to delete $service"
+          done
 
   prep-matrix:
     needs: cleanup
@@ -126,18 +141,18 @@ jobs:
       with:
         egress-policy: audit
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ github.event.inputs.branch }}
 
     - name: Set up Java 17
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
       with:
         java-version: '17'
         distribution: 'adopt'
 
     - name: Set up Maven
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
       with:
         java-version: '17'
         distribution: 'adopt'
@@ -146,7 +161,8 @@ jobs:
     - name: Build ${{ matrix.service }}
       run: |
         if [ "${{ github.event_name }}" == "pull_request" ]; then
-          mvn -f ${{ matrix.service }}/pom.xml -Dcfg=${{ env.PROFILE_NAME }} -Dmaven.test.skip=${{ matrix.maven_skip_tests }} clean install -Drevision=${{ github.head_ref }}-nightly
+          revision=${{ github.sha }}-nightly
+          mvn -f ${{ matrix.service }}/pom.xml -Dcfg=${{ env.PROFILE_NAME }} -Dmaven.test.skip=${{ matrix.maven_skip_tests }} clean install -Drevision=$revision
         else
           mvn -f ${{ matrix.service }}/pom.xml -Dcfg=${{ env.PROFILE_NAME }} -Dmaven.test.skip=${{ matrix.maven_skip_tests }} clean install
         fi
@@ -159,7 +175,7 @@ jobs:
 
     - name: Archive results
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: build-results
         path: ${{ matrix.service }}/target
@@ -170,7 +186,9 @@ jobs:
 
   run-tests:
     if: github.event_name == 'push' || github.event_name == 'pull_request' || (github.event_name == 'workflow_dispatch' && github.event.inputs.project == 'jans-bom, jans-orm, jans-core, jans-lock/lock-server, agama, jans-auth-server, jans-link, jans-fido2, jans-scim, jans-keycloak-link, jans-config-api, jans-keycloak-integration, jans-casa')
-    permissions: write-all
+    permissions:
+      contents: read
+      packages: write
     needs: cleanup
     runs-on: ubuntu-20.04
     env:
@@ -198,18 +216,18 @@ jobs:
       with:
         egress-policy: audit
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ github.event.inputs.branch }}
 
     - name: Set up Java 17
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
       with:
         java-version: '17'
         distribution: 'adopt'
 
     - name: Set up Maven
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
       with:
         java-version: '17'
         distribution: 'adopt'
@@ -276,13 +294,13 @@ jobs:
         ls /tmp/reports/
 
     - name: Upload Test Results
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: ${{ matrix.persistence }}-test-results
         path: /tmp/reports
 
     - name: Publish Test Report ${{ matrix.persistence }}
-      uses: starburstdata/action-testng-report@v1
+      uses: starburstdata/action-testng-report@f245422953fb97ec5075d07782a1b596124b7cc4 # v1.0.5
       with:
           report_paths: /tmp/reports/${{ matrix.persistence }}*.xml
           github_token: ${{ github.token }}

.github/workflows/lint-flak8.yml

@@ -4,14 +4,16 @@ on:
     branches:
       - main
     paths:
-      #TODO: add all python projects paths below "jans-pycloudlib", "jans-cli-tui", "jans-linux-setup"
-      - 'demos/jans-tent/**'
+      - 'jans-pycloudlib/**'
+      - 'jans-cli-tui/**'
+      - 'jans-linux-setup/**'
   pull_request:
     branches:
       - main
     paths:
-      #TODO: add all python projects paths below "jans-pycloudlib", "jans-cli-tui", "jans-linux-setup"
-      - 'demos/jans-tent/**'
+      - 'jans-pycloudlib/**'
+      - 'jans-cli-tui/**'
+      - 'jans-linux-setup/**'
 
 permissions:
   contents: read
@@ -23,8 +25,11 @@ jobs:
       #max-parallel: 1
       fail-fast: false
       matrix:
-        #TODO: add all python projects paths below "jans-pycloudlib", "jans-cli-tui", "jans-linux-setup"
-        python-projects: ["demos/jans-tent"]
+        python-projects: [
+          "jans-pycloudlib",
+          "jans-cli-tui",
+          "jans-linux-setup"
+        ]
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1

.github/workflows/ops-docs.yml

@@ -71,10 +71,10 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Python 3.7
+      - name: Set up Python 3.10
         uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
-          python-version: 3.7
+          python-version: "3.10"
 
       - name: Auto-merge inhouse doc prs
         run: |

.github/workflows/ops-label-pr-issues.yml

@@ -31,17 +31,17 @@ jobs:
       - name: check out code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Setup Python 3.7
+      - name: Set up Python 3.10
         uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
-          python-version: 3.7
+          python-version: "3.10"
 
       - name: Install dependencies
         run: |
           sudo apt-get update
-          sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt
           sudo apt-get update
           sudo apt-get install jq
           curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg