Merge pull request #297 from georchestra/georchestra-gn4.4.5-rebase

Georchestra gn4.4.5 rebase
georchestra · Jun 27, 2024 · 6cf862a · 6cf862a
2 parents 65f7bd4 + f98ba76
commit 6cf862a
Show file tree

Hide file tree

Showing 1,297 changed files with 72,566 additions and 39,611 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: [osgeo]
+cusotm: ['https://github.com/geonetwork/core-geonetwork/wiki#financial-support','https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LDTWEL3XKUVU8&source=url','https://www.osgeo.org/about/how-to-become-a-sponsor/']
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,27 @@
+
+<!--Include a few sentences describing the overall goals for this Pull Request-->
+
+<!-- Please help our volunteers reviewing this PR by completing the following items. 
+Ask in a comment if you have troubles with any of them. -->
+
+# Checklist
+
+- [ ] I have read the [contribution guidelines](https://github.com/geonetwork/core-geonetwork/blob/main/CONTRIBUTING.md)
+- [ ] *Pull request* provided for `main` branch, backports managed with label
+- [ ] *Good housekeeping* of code, cleaning up comments, tests, and documentation
+- [ ] *Clean commit history* broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
+- [ ] *Clean commit message*s, longer verbose messages are encouraged
+- [ ] *API Changes* are identified in commit messages
+- [ ] *Testing* provided for features or enhancements using [automatic tests](https://github.com/geonetwork/core-geonetwork/blob/main/software_development/TESTING.md)
+- [ ] *User documentation* provided for new features or enhancements in [manual](https://github.com/geonetwork/core-geonetwork/tree/main/docs/manual)
+- [ ] *Build documentation* provided for development instructions in `README.md` files
+- [ ] *Library management* using `pom.xml` dependency management. Update build documentation with intended library use and library tutorials or documentation
+
+<!--Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or not applicable.-->
+
+<!-- If you can, it's better to give credits to organisation supporting this work:
+- `Funded by NAME`
+- `Funded by URL`
+- `Funded by NAME URL`
+-->
+
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -43,9 +43,9 @@ jobs:
         show-progress: 'false'
 
     - name: Setup Java JDK
-      uses: actions/setup-java@v4.0.0
+      uses: actions/setup-java@v4.1.0
       with:
-        java-version: 8
+        java-version: 11
         # Java distribution. See the list of supported distributions in README file
         distribution: temurin
         # The package type (jdk, jre, jdk+fx, jre+fx)
@@ -55,7 +55,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -66,7 +66,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -80,7 +80,7 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
 
     - name: Remove SNAPSHOT jars from repository
       run: |

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -3,12 +3,12 @@ name: Documentation
 on:
   push:
     branches:
-      - 4.2.x
+      - 4.4.x
     paths:
       - "docs/manual/**"
   pull_request:
     branches:
-      - 4.2.x
+      - 4.4.x
     paths:
       - "docs/manual/**"
   workflow_dispatch:
@@ -33,9 +33,9 @@ jobs:
         if: ${{ github.event_name == 'pull_request' }}
         working-directory: docs/manual
         run: |
-          mike deploy --title "4.2 Stable" --alias-type=copy --update-aliases 4.2 stable
-      - name: deploy 4.2 docs to gh-pages branch
+          mike deploy --title "4.4" --alias-type=copy --update-aliases 4.4 latest
+      - name: deploy latest docs to gh-pages branch
         if: ${{ github.event_name != 'pull_request' }}
         working-directory: docs/manual
         run: |
-          mike deploy --push --title "4.2 Stable" --alias-type=copy --update-aliases 4.2 stable
+          mike deploy --push --title "4.4" --alias-type=copy --update-aliases 4.4 latest
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '26 10 * * 5'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif
diff --git a/.gitignore b/.gitignore
@@ -30,6 +30,7 @@ eclipse/
 es/elasticsearch-*
 es/es-dashboards/kibana-*
 es/es-dashboards/data/nodes/
+es/es-dashboards/data/index/
 harvesters/harvester_*.log
 idea/
 jcs_caching/
@@ -41,7 +42,12 @@ release/jetty/*
 schemas/*/doc/*/*.rst
 schematrons/.build
 target/
+
+# build and release
 transifex/transifex-format/
+build/
+web-ui/LICENSE
+web-ui/tx
 
 # web-app, clear using: mvn -f web/pom.xml clean:clean@reset
 
@@ -84,11 +90,11 @@ web/src/main/webapp/WEB-INF/data/wro4j*.db
 web/src/main/webapp/WEB-INF/data/wro4j-cache*
 web/src/main/webapp/WEB-INF/data_*
 web/src/main/webapp/WEB-INF/metadata_subversion/
-web/src/main/webapp/WEB-INF/server.prop
 web/src/main/webapp/WEB-INF/prebuilt
 web/src/main/webapp/data/
 web/src/main/webapp/doc/en
 web/src/main/webapp/doc/fr
+web/src/main/webapp/WEB-INF/data/data/resources/schemapublication
 
 #created by build process, looks like badly designed tests
 web/src/main/webapp/WEB-INF/data/config/index/records.json

diff --git a/CNAME b/CNAME
@@ -0,0 +1 @@
+docs.geonetwork-opensource.org
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,31 +1,31 @@
 # Contributing
 
-Thank you for contributing to GeoNetwork:
+Thank you for contributing to GeoNetwork!
 
 * Free-software: GeoNetwork is free-software, using the [GNU GENERAL PUBLIC LICENSE](LICENSE.md). Contributions provided by you, or your employer, are required to be compatible with this free-software license.
 * Pull-request: GeoNetwork uses a pull-request workflow to review and accept changes. Pull-requests must be submitted against the *main* branch first, and may be back ported as required.
 
 # Pull requests
 
-* Pull request is required, even if you have commit access, so the tests are run and other developer can check your code.
+* Pull request is required, even if you have commit access, so the tests are run and another developer can check your code.
 
 * Pull requests must be applied to `main`, before being backported.
 
-* Before merging a pull request, should be defined the following properties:
+* Before merging a pull request, the following properties should be defined:
 
   - Milestone to include the change.
-  - Add the label `changelog` when  the change is relevant to be added to the release changelog file.
-  - Add `backport <branch>` to indicate when change is a bug fix or is a small improvement that may be relevant to the backport.
+  - Add the label `changelog` when the change is relevant to be added to the release changelog file.
+  - Add `backport <branch>` to indicate when the change is a bug fix or when it is a small improvement that is relevant to be backported.
 
-* Good housekeeping: Anytime you commit, try and clean the code around it to latest style guide. If you improve a function without comments: add comments. If you modify functionality that does not have tests: write a test. If you fix functionality without documentation: add documentation.
+* Good housekeeping: Anytime you commit, try and clean the code around it according to the latest style guide. If you improve a function without comments: _add comments!!_ If you modify functionality that does not have tests: _write a test!!_ If you fix functionality without documentation: _add documentation!!_
 
-* History: Clean commit messages and history: avoid big commits with hundreds of files, break commits up into understandable chunks, longer verbose commit messages are encouraged. Beware of reformatting and needless whitespace changes.
+* History: Clean commit messages and history. Avoid big commits with hundreds of files, break commits up into understandable chunks. Longer, verbose commit messages are encouraged. Avoid reformatting and needless whitespace changes.
 
-* Draft: Use pull request *Draft** (or even the text "WIP") to identify work in progress.
+* Draft: Use pull request **Draft** (or even the text "WIP") to identify _Work In Progress_.
 
-* Rebase / Squash and merge: No merge commits with current branch, use Rebase or Squash and merge!
+* Rebase / Squash and merge: Do not merge commits with the current branch, use Rebase or Squash and merge!
 
-* API Change: Please identify any API change or behavior changes in commit messages.
+* API Changes: Please identify any API change or behavior changes in commit messages. Also make sure that a [process for deprecation](PROCESS_FOR_DEPRECATION.md) of a feature is carefully dealt with.
 
 * Review: Review is required by another person, or more than one! Don't be shy asking for help or reviewing.
 
@@ -35,6 +35,6 @@ Thank you for contributing to GeoNetwork:
 
 * Build documentation: All build and development instructions managed in repository `README.md` files.
 
-* New libraries: Do not commit jars, use maven `pom.xml` to declare dependencies where needed, and `src/pom.xml` dependency management to manage version numbers. Document what the library does in GeoNetwork, how it interacts or extends GeoNetwork, with references to official library tutorials or documentation.
+* New libraries: Do not commit jars, use maven `pom.xml` to declare dependencies where needed, and `src/pom.xml` dependency management to manage version numbers. Use build documentation to share what the library does in GeoNetwork, how it interacts or extends GeoNetwork, with references to official library tutorials or documentation.
 
 For more information see [How to contribute](https://github.com/geonetwork/core-geonetwork/wiki/How-to-contribute) (wiki).
diff --git a/PROCESS_FOR_DEPRECATION.md b/PROCESS_FOR_DEPRECATION.md
@@ -0,0 +1,6 @@
+* Proposal for a Process for Deprecation (draft)
+
+# Feature deprecation process
+
+This page describes considerations and steps to take when removing a product feature. This is the process of depreciation or 'deprecating a feature'.
+
diff --git a/README.md b/README.md
@@ -1,29 +1,35 @@
-# GeoNetwork Open-source
+# GeoNetwork opensource
 
-# Build Health
+## Build Health
 
 [![Build Status](https://github.com/geonetwork/core-geonetwork/actions/workflows/linux.yml/badge.svg?branch=main)](https://github.com/geonetwork/core-geonetwork/actions/workflows/linux.yml?query=branch%3Amain)
 
-# Features
+## Features
 
 * Immediate search access to local and distributed geospatial catalogues
 * Uploading and downloading of data, graphics, documents, pdf files and any other content type
 * An interactive Web Map Viewer to combine Web Map Services from distributed servers around the world
 * Online editing of metadata with a powerful template system
 * Scheduled harvesting and synchronization of metadata between distributed catalogs
-* Support for OGC-CSW 2.0.2 ISO Profile, OAI-PMH, SRU protocols
+* Support for OGC-CSW 2.0.2, ISO 1911x and DCAT-AP metadata profiles, OAI-PMH, SRU protocols
 * Fine-grained access control with group and user management
 * Multi-lingual user interface
 
-# Documentation
+## Documentation
 
-User documentation is managed in the [geonetwork/doc](https://github.com/geonetwork/doc) repository covering all releases of GeoNetwork.
+The GeoNetwork Manual and Online Help are included in the `docs/manual` folder. This content is compiled into html pages during a release for a publishing on docs.geonetwork-opensource.org website.
 
-The `docs` folder includes [geonetwork/doc](https://github.com/geonetwork/doc) as a git submodule. This documentation is compiled into html pages during a release for publishing on the [geonetwork-opensource.org](https://www.geonetwork-opensource.org) website.
+* [docs.geonetwork-opensource.org](https://docs.geonetwork-opensource.org)
 
-Developer documentation located in README.md files in the code-base:
+The online help is compiled into html pages during a release and is included in the `war` web archive.
 
-* General documentation for the project as a whole is in this README.md
-* [Software Development Documentation](/software_development/) provides instructions for setting up a development environment, building GeoNetwork, compiling user documentation, and making a releases
-* Module specific documentation can be found in each module (assuming there is module specific documentation required)
+## Developer Documentation
 
+Developer documentation located in ``README.md`` files in the code-base:
+
+* General documentation for the project as a whole is in this [README.md](README.md)
+* [Software Development Documentation](/software_development/) provides instructions for setting up a development environment, building GeoNetwork, compiling user documentation, and making a releases.
+* Module specific documentation can be found in each module:
+
+## Open Source Security Foundation (OpenSSF) best practices status
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8626/badge)](https://www.bestpractices.dev/projects/8626)
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,7 +2,7 @@
 
 The GeoNetwork community takes the security of the software and all services based on the software product seriously. On this page you can find the versions for which the community provides security patches. 
 
-If you believe you have found a security vulnerability in the software or an implementation of the software, please report it to [email protected] as described below. Do not publish the vulnerability in any public forums (such as Twitter/X, email list or issue tracker).
+If you believe you have found a security vulnerability in the software or an implementation of the software, please report it [here](https://github.com/geonetwork/core-geonetwork/security/advisories/new) as described below. Do not publish the vulnerability in any public forums (such as Twitter/X, email list or issue tracker).
 
 ## Supported Versions
 
@@ -11,20 +11,20 @@ Each GeoNetwork release is supported with bug fixes for a limited period, with p
 - We recommend to update to latest incremental release as soon as possible to address security vulnerabilities.
 - Some overlap is provided when major versions are announced with both a current version and a maintenance version being made available to provide time for organizations to upgrade.
 
-| Version     | Supported          | Comment                 |
-|-------------|--------------------|-------------------------|
-| 4.2.x       | :white_check_mark: | Current version         |
-| 4.0.x       | :white_check_mark: | Maintenance version     |
-| 3.12.x      | :white_check_mark: | Maintenance version     |
+| Version | Supported          | Comment             |
+|---------|--------------------|---------------------|
+| 4.4.x   | :white_check_mark: | Latest version      |
+| 4.2.x   | :white_check_mark: | Stable version      |
+| 3.12.x  | :white_check_mark: | Maintenance version |
 
 If your organisation is making use of a GeoNetwork version that is no longer in use by the community all is not lost. You can volunteer on the developer list to make additional releases, or engage with one of our [Commercial Support](https://www.osgeo.org/service-providers/?p=geonetwork) providers. 
 
 ## Reporting a Vulnerability
 
 If you encounter a security vulnerability in GeoNetwork please take care to report in a responsible fashion:
 
-* Keep exploit details out of mailing list and issue tracker (send details to the Project Steering Committee via [email protected])
+* Keep exploit details out of mailing list and issue tracker (instead provide details to the Project Steering Committee via the GitHub [Report a vulnerability](https://github.com/geonetwork/core-geonetwork/security/advisories/new) option link at the top of this page or send an email to [email protected])
 * Be prepared to work with community members on a solution
-* Keep in mind community members are volunteers and an extensive fix may require fundraising / resources
+* Keep in mind that community members are volunteers and an extensive fix may require fundraising / resources
 
 For more information see [How to contribute](https://github.com/geonetwork/core-geonetwork/wiki/How-to-contribute).
diff --git a/cachingxslt/pom.xml b/cachingxslt/pom.xml
@@ -31,7 +31,7 @@
   <parent>
     <groupId>org.geonetwork-opensource</groupId>
     <artifactId>geonetwork</artifactId>
-    <version>4.2.8-georchestra</version>
+    <version>4.4.5-georchestra</version>
   </parent>
 
 

diff --git a/code_quality/findbugs-excludes.xml b/code_quality/findbugs-excludes.xml
@@ -230,15 +230,6 @@
     <Bug pattern="DC_DOUBLECHECK"/>
     <Method name="getSupportedExts"/>
   </Match>
-  <Match>
-    <Class name="org.fao.geonet.api.records.formatters.groovy.util.AssociatedLink"/>
-    <Bug pattern="EQ_DOESNT_OVERRIDE_EQUALS"/>
-    <Method name="equals"/>
-  </Match>
-  <Match>
-    <Class name="org.fao.geonet.api.records.formatters.groovy.util.LinkType"/>
-    <Bug pattern="URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD"/>
-  </Match>
   <Match>
     <Class name="org.fao.geonet.api.regions.ListRegionsResponse"/>
     <Bug pattern="URF_UNREAD_FIELD"/>