Office Hour meeting minutes​

Infrastructure​

• eclipse-tractusx/eclipse-tractusx.github.io requires just One Committer Review now
  • Committers that approve: Please double-check the content, remember you have also responsibility when approving non TRG compliant content
  • Expectation for KITs: It should be less stressful to find a committer
• Setup Catena-X STABLE Environment
  • Organizational issue that’s why the stable is not there right now but they are working on it
  • Questions: Will the STABLE environment stick to the released version or will it evolve with the development of the components?
• Planned general infrastructure maintenance INT environment 2024-09-29
  • 24.12 e2e test phase on INT environment still planned to start 25.10. as communicated in adapted timeline

Release Management​

• EDC 0.8.0 to be used during e2e testing.
  • The upcoming Eclipse Tractus-X 24.12 release will include EDC version 0.8.0.
  • If your component relies on the Eclipse DataspaceConnector (EDC), we highly encourage you to align your development and testing efforts with this version to ensure compatibility.
• Reminder for Refinement Day 1: 16.10
  • Each group will focus on the first steps of skeleton-building for their features, based on the feature template, mapping them to the related roadmap items
    • For more information please read the news blog
• Reminder for Refinement Day 2: 06.11
  • Build on the work from Refinement Day 1 and focus primarily on the identified dependencies
    • For more information, please read the news blog

Security​

• [Trufflehog Update] Deprecation of GitGuardian and mandatory update to Trufflehog
  • Please update your repositories
  • There are still many issues opened and waiting to be resolved by their responsible committer
    • Parent Issue
  • The Trufflehog Workflow is a active TRG since March 26,2024

FOSS​

• TRG proposal for product deprecation including a process and criteria to close Issue #1037
• Please review and provide some input

Feedback / Question / Request​

• Add Testmanagement timeline into timeline of the overall release

Office Hour meeting minutes​

Infrastructure​

• @ds-hzimmer will continue to report from the monthly infrastructure updates that are to happen every month's last sunday.
  • product teams will have to check their deployments after that

Security team​

• Trufflehog has now officially replaced GitGuardian as secret-scanning tool for Eclipse Tractus-X. This is encoded by TRG8.03
• @ds-hzimmer reports about the sporadic use of the current sonarcloud instance for Eclipse Tractus-X. There's no TRG for it. It's unclear what additional benefit it will bring to those tools that are backed up with TRGs (Trufflehog, trivy, codeql).

Q&A​

• @tom-rm-meyer-ISST reports issues with the tls provider which will be checked with the infrastructure team.

Office Hour meeting minutes​

Infrastructure​

• Discussion on catenax-ng
  • @matbmoser: please cross-check your own repository, if you reference it!
  • @lgblaumeiser: we noticed that the R24.03 MIW needs catenax-ng resources. It temporarily stays up. (see issue)
• Consortia teams are gone. Thanks, it was a pleasure!

Security team​

• @matbmoser: Please do check for your security issues on the tab. High and critical issues need to be fixed. We should check this on high level / project level regularly in this meeting
• @tom-rm-meyer-ISST: For Truffle Hog, make sure that the workflow runs before merging. (see e.g.)

FOSS​

• @AngelikaWittek is gone. Thanks for your work!

Open planning / community​

• @stephanbcbauer:
  • Refinement Phase went well overall. Committers please join the planning meetings.
  • Some QGates are still open, please check.
  • Review together the release preparation

Office Hour meeting minutes​

Infrastructure​

• @SebastianBezold -> Wednesday (31.07.2024) the Catena-NG will be deleted! No more access to the consortia environment will be allowed!
  • Friendly reminder from @matbmoser: copy the configuration from the consortia environment argo, so you dont loose it, for the association env;)
• @hzierer -> Most of E2E Tests are already passed! Great job everyone!
• @matbmoser -> Don't forget to document the Quality Gate tickets!
• System team is leaving in wednesday! The participants that will not act as committers please or remove yourself from the list, or contact a project lead. Thank you for you wonderful hard work!

Security team​

• @RoKrish14 -> TRG for truffelhog is in review https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/950!

  • Example Workflow: https://github.com/RoKrish14/puris/blob/test/.github/workflows/trufflehog.yml

• @RoKrish14 announce that he is leaving wednesday the project! Thank you for you wonderful hard work too!

• @matbmoser -> We need to start a discussion and an action plan to solve the vulnerabilities in the eclipse-tractusx.github.io webpage repository. (Transfered to Committer Meeting)

FOSS​

• Open Project Lead election for Mathias Brunkow Moser, if you are a committer please vote: https://projects.eclipse.org/projects/automotive.tractusx/elections/election-mathias-brunkow-moser-eclipse-tractus-x-0

• @matbmoser -> New TRG 9 for UI/UX Styleguideline compliance: https://eclipse-tractusx.github.io/docs/release/trg-9/trg-9-01!

  • If you don't agree with something or want an improvement please open a PR with the changes! The Tractus-X community will support you :)

Open planning / community​

• Quality Gates and E2E phase is finishing today (26.07.2024). Make sure to keep your QG tickets updated and
• @agg3fe -> The TRG checklist is outdated
  • @matbmoser -> I have created a PR to update the list: https://github.com/eclipse-tractusx/.github/pull/27

Office Hour meeting minutes​

Infrastructure​

• Info from Test / Infrastructure Management CX Association by Harald:
  • SAP DIM follow up meeting with on 8.7.2024 together with Christian Lahmer (SAP) and Evelyn Gurschler and DoubleSlash Net-Business GmbH
  • Work-in-progress with SDE team and importing of test cases
  • Access is currently limited –> would be great to make it accessible and available within Tractus-X
• Tomasz - Presented about how do you need to publish your API using .tractusx metafile and publish via GitHub pages - API Hub.

Security team​

• Info from security team by Rohan:
  • Reminder about replacement of GitGuardian with TruffleHog, see according pull request to update TX release guideline: #950
  • Reminder about updates to Trivy workflow , see according pull request to update TX release guideline: #949
  • Reminder about about absence of security team members from August 2024
  • Security tools walkthrough in the Committers Meeting of July 5, 2024 (about 20 minutes) - Rohan will announce the walkthrough next week on the TX mailing list while sending out a reminder for the meeting

FOSS​

• Don't forget to update the legal docs!! Close the tickets in your repositories if its done: eclipse-tractusx/sig-infra#477

Open planning / community​

• Info by community manager Stephan about the Tractus-X/Catena-X working model and the refinement phase for the 24.12 release
• Registration is open for the Third Eclipse Tractus-X Community Days on December 05 and 06, 2024, ARENA2036 in Stuttgart!

Security Office Hour meeting minutes​

Announcements​

• Gitguardian tool for secret scanning will be replaced by TruffleHog. This will be used in parallel with Github's native secret scanning tool.
• Trivy workflow has been updated to address the failure of workflows
• Announcement of Security handover during the committer round

Office Hour meeting minutes​

Infrastructure​

• Info from Test / Infrastructure Management CX Association by Harald:
  • status of product onboarding and deployment progression to new environment
  • clarifying dependencies, resolving blockers is ongoing
  • handover of test cases to new CX Association Xray
  • Invitation to E2E Test Management Daily beginning Monday (July 1, 2024): frequency determined determined to half an hour every 2nd day
• Status about current works on API publishing by Tomasz currently in progress: a separate repository to store API docs and publish via GitHub pages - API Hub - was created. He will present the topic a bit more hands on in one of the upcoming office hours

Security team​

• Info from security team by Rohan:
  • Replacement of GitGuardian with TruffleHog, see according pull request to update TX release guideline: #950
  • Updates to Trivy workflow , see according pull request to update TX release guideline: #949
  • Security tools walkthrough in the Committers Meeting of July 5, 2024 (about 20 minutes) - Rohan will announce the walkthrough next week on the TX mailing list while sending out a reminder for the meeting

FOSS​

• Committer Election for Lucas concluded successfully, congratulations and welcome!
• Don't forget to update the legal docs!! Close the tickets in your repositories if its done: eclipse-tractusx/sig-infra#477

Open planning / community​

• Info by community manager Stephan about the Tractus-X/Catena-X working model and the refinement phase for the 24.12 release, which started this week, for more information see TX mailing list: R24.12 next steps in refinement phase

Discussions​

• Evelyn suggested a consistent storing for environment specific deployment configuration (helm values files) in TX repositories:
  • IF products teams store deployment configuration in TX, it should be stored in a separate directory at root level (/environments) and the notice file should explain it is need for the end-to-end testing of TX releases
  • no deployment configuration other than the one used for the official E2E Testing of TX releases should be kept in TX
  • suggestion is not intended to promote the storing of this configuration in TX but if you do it, do it as proper as possible
  • a benefit from (properly) storing the configuration in TX is the versioning with the TX GitHub releases, allowing to easily trace back the exact configuration used for testing
  • other options for handling environment specific deployment configuration outside of TX were discussed as well as the option of multiple sources for Argo CD was mentioned by Carsten
• Stephan was wondering about how to handle outdated information on the TX Product Page:
  • product teams should check if the information on the page is still up to date, Stephan will write send a reminder on the TX mailing list
  • Arno mentioned that he would update the products which are still outdated in a couple of weeks, thanks for volunteering!

Office Hour meeting minutes​

Infrastructure​

• Info from Test Management will be taken over by Harald Zimmer, please contact with your product owners to get a meeting with Harald and get the access if you are in the association.
• Feedback requested from Harald Zimmer for who is using: https://github.com/catenax-ng/product-test-data-generator
• Branch protecting example provided by Tom Meyer

Security team​

• No security team will be available for R24.08, Rohan Krish has told he will be going in July, contact him if you know who will be responsible for security in the Association.
• Handover from Rohan Krishnamurthy will be done in this ticket: https://github.com/eclipse-tractusx/sig-security/issues/83

FOSS​

• Committer Election for Lucas Capellino, please vote if you are a committer!
• Evelyn Gurschler election to project lead concluded successfully, congratulations to our new project lead!
• Committer Election for Lucas Capellino open for voting again
• Don't forget to update the legal docs!! Close the tickets in your repositories if its done: eclipse-tractusx/sig-infra#477
• 1.000 Lines of code in PRs for non-contributors require project Ip check: https://www.eclipse.org/projects/handbook/#ip-project-content

Open planning / community​

• Every office hour there will be a slot to talk about the current process of the working model of Tractus-X/Catena-X. With the updates from the community.

Discussions​

• Mermaid version in current docussaurus for the tractus-x webpage do not support specific type block-beta and xychart-beta.
  • Stephan Bauer will test to upgrade the version of docussaurus in the Catena-X e.V. Repository.

Security Office Hour meeting minutes​

Announcements​

• Reminder about former GitHub Organisation Catenax-ng
• Reminder to remove any test credentials/sensitive that are present in Catenax-ng
• Reminder to look for the results of the security scans after migration to Eclipse Tractus-x

Office Hour meeting minutes​

System team​

• Support needed for overarching CHANGELOG creation for release 24.05. If interested, please get in contact with Stephan Bauer

Security team​

• n/a

FOSS​

• Committer Election for Arno Weiß concluded successfully. Congratulations!
• Committer Election for Lucas Capellino open for voting

Open planning / community​

• We are looking for committers to help with the Release QG Check Review for the upcoming release. Please reach out to Roland and Siegfried if you are interested.
• Check out the meeting invitations for open meetings regarding planning for release 24.12

Discussions​

• Are there defined deadlines for release 24.08 -> No one in the meeting did know of one yet
• Interoperability and Thread Modelling checks in 24.05?
  • You can approach the Security Team via issue on sig-security
  • Checks, that have been documented in a Consorita Confluence instance, could still take place, but a transparent format should be considered. Some Teams already documented on GitHub.