-
Notifications
You must be signed in to change notification settings - Fork 543
merge develop into master for 6.10.1 #12259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Changes from all commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
8635fa5
add a GitHub Workflow to add bugs to the project board
pdurbin 697904e
update base.image.version post-6.10 #12084
pdurbin 0b8ce93
Bump aquasecurity/setup-trivy from 0.2.5 to 0.2.6
dependabot[bot] ed086df
Merge pull request #12234 from IQSS/12084-base.image.version-post-6.10
pdurbin 8158910
Merge pull request #12235 from IQSS/dependabot/github_actions/aquasec…
pdurbin b60a0fb
chore(ci): update Trivy engine to a newer, but safe version #12242
poikilotherm 5c780e3
Merge pull request #12247 from IQSS/12242-trivy
pdurbin 7b3137b
Merge pull request #12225 from IQSS/add_bugs_to_project
pdurbin b0bb896
fix signature of writeGuestbookAndStartFileDownload in xhtml
stevenwinship 83dc70b
add rel note
stevenwinship 8406879
Merge pull request #12252 from IQSS/fix-download-with-guestbook
landreev ee335d3
bump to 6.10.1
pdurbin 971c11f
fix PR number
pdurbin e20213c
Merge pull request #12257 from IQSS/6.10.1-release
pdurbin File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| name: Add bugs to project board | ||
|
|
||
| on: | ||
| issues: | ||
| types: | ||
| - opened | ||
| - labeled | ||
|
|
||
| jobs: | ||
| add-to-project: | ||
| name: Add bug to project | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/add-to-project@v1.0.2 | ||
| with: | ||
| project-url: https://github.com/orgs/IQSS/projects/34 | ||
| github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} | ||
| labeled: "Type: Bug" | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # Dataverse 6.10.1 | ||
|
|
||
| This is a bug fix release for Dataverse 6.10 that fixes download bug #12251 that was fixed in pull request #12252. The bug caused single-file downloads (as opposed to multi-file zip download) to silently fail from the web interface (the API was unaffected). | ||
|
|
||
| ## Complete List of Changes | ||
|
|
||
| For the complete list of code changes in this release, see the [6.10.1 milestone](https://github.com/IQSS/dataverse/issues?q=milestone%3A6.10.1+is%3Aclosed) in GitHub. | ||
|
|
||
| ## Getting Help | ||
|
|
||
| For help with upgrading, installing, or general questions please see [getting help](https://guides.dataverse.org/en/latest/installation/intro.html#getting-help) in the Installation Guide. | ||
|
|
||
| ## Installation | ||
|
|
||
| If this is a new installation, please follow our [Installation Guide](https://guides.dataverse.org/en/latest/installation/). Please don't be shy about [asking for help](https://guides.dataverse.org/en/latest/installation/intro.html#getting-help) if you need it! | ||
|
|
||
| Once you are in production, we would be delighted to update our [map of Dataverse installations around the world](https://dataverse.org/installations) to include yours! Please [create an issue](https://github.com/IQSS/dataverse-installations/issues) or email us at support@dataverse.org to join the club! | ||
|
|
||
| You are also very welcome to join the [Global Dataverse Community Consortium](https://www.gdcc.io/) (GDCC). | ||
|
|
||
| ## Upgrade Instructions | ||
|
|
||
| Upgrading requires a maintenance window and downtime. Please plan accordingly, create backups of your database, etc. | ||
|
|
||
| Note: These instructions assume that you are upgrading from the immediate previous version. That is to say, you've already upgraded through all the 6.x releases and are now running Dataverse 6.10. See [tags on GitHub](https://github.com/IQSS/dataverse/tags) for a list of versions. If you are running an earlier version, the only supported way to upgrade is to progress through the upgrades to all the releases in between before attempting the upgrade to this version. | ||
|
|
||
| If you are running Payara as a non-root user (and you should be!), **remember not to execute the commands below as root**. By default, Payara runs as the `dataverse` user. In the commands below, we use sudo to run the commands as a non-root user. | ||
|
|
||
| Also, we assume that Payara is installed in `/usr/local/payara7`. If not, adjust as needed. | ||
|
|
||
| 1. Undeploy Dataverse, if deployed, using the unprivileged service account ("dataverse", by default). | ||
|
|
||
| `sudo -u dataverse /usr/local/payara7/bin/asadmin list-applications` | ||
|
|
||
| `sudo -u dataverse /usr/local/payara7/bin/asadmin undeploy dataverse-6.10` | ||
|
|
||
| 1. Deploy the Dataverse 6.10.1 war file. | ||
|
|
||
| `wget https://github.com/IQSS/dataverse/releases/download/v6.10.1/dataverse-6.10.1.war` | ||
|
|
||
| `sudo -u dataverse /usr/local/payara7/bin/asadmin deploy dataverse-6.10.1.war` | ||
|
|
||
| 1. Check that you get a version number from Dataverse. | ||
|
|
||
| This is just a sanity check that Dataverse has been deployed properly. | ||
|
|
||
| `curl http://localhost:8080/api/info/version` | ||
|
|
||
| 1. For installations with internationalization or text customizations: | ||
|
|
||
| Please remember to update translations via [Dataverse language packs](https://github.com/GlobalDataverseCommunityConsortium/dataverse-language-packs). | ||
|
|
||
| If you have text customizations you can get the latest English files from <https://github.com/IQSS/dataverse/tree/v6.10/src/main/java/propertyFiles>. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Copilot Autofix
AI 2 months ago
To fix the problem, add an explicit
permissionsblock that restricts the defaultGITHUB_TOKENto the minimal required scope. Since this workflow’s only step uses a custom PAT (secrets.ADD_TO_PROJECT_PAT) and does not rely onGITHUB_TOKEN, it is safe and preferable to setpermissions: contents: read(or evenpermissions: {}) to minimize privileges. Usingcontents: readaligns with GitHub’s recommended minimal baseline and avoids surprises for tools expecting at least read access.The best fix with minimal functional impact is to add a workflow‑level
permissionsblock near the top of.github/workflows/add_bugs_to_project.yml, after thename:field and beforeon:. This will apply to all jobs in the workflow (there is onlyadd-to-project), and the job definition itself does not need to change. No imports or additional methods are required, as this is purely a YAML configuration change.Concretely:
.github/workflows/add_bugs_to_project.yml.between line 2 (the blank line after
name) and line 3 (on:). This keeps existing behavior intact and satisfies the CodeQL requirement for explicit permissions.