Closed tom-rm-meyer-ISST closed 3 months ago
@tom-rm-meyer-ISST thank you for performing the Quality Gate Review for the 24.05 release! The TRG is actually fulfilled: The files are not only added when building the container image, but simply at every build and therefore also when building the container images: https://github.com/eclipse-tractusx/policy-hub/blob/v1.0.0-rc.2/src/hub/PolicyHub.Service/PolicyHub.Service.csproj#L49 https://github.com/eclipse-tractusx/policy-hub/blob/v1.0.0-rc.2/src/database/PolicyHub.Migrations/PolicyHub.Migrations.csproj#L67 Could you please close the issue?
Oh dear, I was blind during performing a ls -la
in the app directory. Thanks for pointing out. Issue is not present :)
Current Behavior
The container image contains only the code artifacts.
Expected Behavior
Per TRG 7.05, distributables MUST contain legal information. Please note that the information MUST be in the folder containing the application - else it could be confused with legal information for the container.
Sidenote: Currently in puris we have DEPENDENCIES files duplicated which is not recommended, but we started fixing that in this PR. There you can see how you can adapt your Dockerfile to copy files if present. The trick is that the first file in the
COPY
directive exists while the others are marked as optional with the *. Within workflow you then need to copy the files needed.