Merge branch 'main' into keyboardSubmission

Author: DanGastardelli

.eslintrc.json

@@ -224,6 +224,7 @@
         "@typescript-eslint/no-unsafe-call": "off",
         "@typescript-eslint/no-unsafe-argument": "off",
         "@typescript-eslint/no-unsafe-return": "off",
+        "@typescript-eslint/no-redundant-type-constituents": "off",
         "@typescript-eslint/restrict-template-expressions": "off",
         "@typescript-eslint/require-await": "off",
         "@typescript-eslint/no-base-to-string": [

.github/dependabot.yml

@@ -96,6 +96,17 @@ updates:
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+  # Also automatically update all our GitHub actions on the main branch
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    # Monthly dependency updates
+    schedule:
+      interval: "monthly"
+      time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
   #####################
   ## dspace-9_x branch
   #####################
@@ -187,6 +198,18 @@ updates:
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+  # Also automatically update all our GitHub actions on the dspace-9_x branch
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: dspace-9_x
+    # Monthly dependency updates
+    schedule:
+      interval: "monthly"
+      time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
   #####################
   ## dspace-8_x branch
   #####################
@@ -277,6 +300,18 @@ updates:
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+  # Also automatically update all our GitHub actions on the dspace-8_x branch
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: dspace-8_x
+    # Monthly dependency updates
+    schedule:
+      interval: "monthly"
+      time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7
   #####################
   ## dspace-7_x branch
   #####################
@@ -362,3 +397,15 @@ updates:
       # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
+  # Also automatically update all our GitHub actions on the dspace-7_x branch
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: dspace-7_x
+    # Monthly dependency updates
+    schedule:
+      interval: "monthly"
+      time: "05:00"
+    # Allow updates to be delayed for a configurable number of days to mitigate
+    # some classes of supply chain attacks
+    cooldown:
+      default-days: 7

.github/workflows/build.yml

@@ -24,6 +24,7 @@ jobs:
       # Spin up UI on 127.0.0.1 to avoid host resolution issues in e2e tests with Node 20+
       DSPACE_UI_HOST: 127.0.0.1
       DSPACE_UI_PORT: 4000
+      DSPACE_UI_BASEURL: http://127.0.0.1:4000
       # Ensure all SSR caching is disabled in test environment
       DSPACE_CACHE_SERVERSIDE_BOTCACHE_MAX: 0
       DSPACE_CACHE_SERVERSIDE_ANONYMOUSCACHE_MAX: 0
@@ -51,11 +52,11 @@ jobs:
     steps:
       # https://github.com/actions/checkout
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # https://github.com/actions/setup-node
       - name: Install Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}
 
@@ -80,7 +81,7 @@ jobs:
         id: npm-cache-dir
         run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
       - name: Cache NPM dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           # Cache entire NPM cache directory (see previous step)
           path: ${{ steps.npm-cache-dir.outputs.dir }}
@@ -113,7 +114,7 @@ jobs:
       # so that it can be shared with the 'codecov' job (see below)
       # NOTE: Angular CLI only supports code coverage for specs. See https://github.com/angular/angular-cli/issues/6286
       - name: Upload code coverage report to Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: matrix.node-version == '20.x'
         with:
           name: coverage-report-${{ matrix.node-version }}
@@ -155,7 +156,7 @@ jobs:
       # Cypress always creates a video of all e2e tests (whether they succeeded or failed)
       # Save those in an Artifact
       - name: Upload e2e test videos to Artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: always()
         with:
           name: e2e-test-videos-${{ matrix.node-version }}
@@ -164,7 +165,7 @@ jobs:
       # If e2e tests fail, Cypress creates a screenshot of what happened
       # Save those in an Artifact
       - name: Upload e2e test failure screenshots to Artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: failure()
         with:
           name: e2e-test-screenshots-${{ matrix.node-version }}
@@ -316,19 +317,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Download artifacts from previous 'tests' job
       - name: Download coverage artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
 
       # Now attempt upload to Codecov using its action.
       # NOTE: We use a retry action to retry the Codecov upload if it fails the first time.
       #
       # Retry action: https://github.com/marketplace/actions/retry-action
       # Codecov action: https://github.com/codecov/codecov-action
       - name: Upload coverage to Codecov.io
-        uses: Wandalen/wretry.action@v1.3.0
+        uses: Wandalen/wretry.action@v3.8.0
         with:
           action: codecov/codecov-action@v4
           # Ensure codecov-action throws an error when it fails to upload

.github/workflows/codescan.yml

@@ -25,7 +25,7 @@ on:
 jobs:
   analyze:
     name: Analyze Code
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     # Limit permissions of this GitHub action. Can only write to security-events
     permissions:
       actions: read
@@ -35,19 +35,19 @@ jobs:
     steps:
       # https://github.com/actions/checkout
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Initializes the CodeQL tools for scanning.
       # https://github.com/github/codeql-action
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: javascript
 
       # Autobuild attempts to build any compiled languages
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       # Perform GitHub Code Scanning.
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4

.github/workflows/docker.yml

@@ -57,4 +57,120 @@ jobs:
       # Enable redeploy of sandbox & demo if the branch for this image matches the deployment branch of
       # these sites as specified in reusable-docker-build.xml
       REDEPLOY_SANDBOX_URL:  ${{ secrets.REDEPLOY_SANDBOX_URL }}
-      REDEPLOY_DEMO_URL:  ${{ secrets.REDEPLOY_DEMO_URL }}
+      REDEPLOY_DEMO_URL:  ${{ secrets.REDEPLOY_DEMO_URL }}
+
+  #################################################################################
+  # Test Deployment via Docker to ensure newly built images are working properly
+  #################################################################################
+  docker-deploy:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace-angular'
+    if: github.repository == 'dspace/dspace-angular'
+    runs-on: ubuntu-latest
+        # Must run after all major images are built
+    needs: [dspace-angular, dspace-angular-dist]
+    env:
+      # Override default dspace.server.url & REST 'host' because backend starts at http://127.0.0.1:8080
+      dspace__P__server__P__url: http://127.0.0.1:8080/server
+      DSPACE_REST_HOST: 127.0.0.1
+      # Override default dspace.ui.url to also use 127.0.0.1.
+      dspace__P__ui__P__url: http://127.0.0.1:4000
+      # Override default ui.baseUrl to also use 127.0.0.1. This must match 'dspace.ui.url' for SSR to be enabled.
+      DSPACE_UI_BASEURL: http://127.0.0.1:4000
+    steps:
+      # Checkout our codebase (to get access to Docker Compose scripts)
+      - name: Checkout codebase
+        uses: actions/checkout@v6
+      # Download Docker image artifacts (which were just built by reusable-docker-build.yml)
+      - name: Download Docker image artifacts
+        uses: actions/download-artifact@v8
+        with:
+          # Download all amd64 Docker images (TAR files) into the /tmp/docker directory
+          pattern: docker-image-*-linux-amd64
+          path: /tmp/docker
+          merge-multiple: true
+      # Load each of the images into Docker by calling "docker image load" for each.
+      # This ensures we are using the images just built & not any prior versions on DockerHub
+      - name: Load all downloaded Docker images
+        run: |
+          find /tmp/docker -type f -name "*.tar" -exec docker image load --input "{}" \;
+          docker image ls -a
+      # Start backend using our compose script in the codebase.
+      - name: Start backend in Docker
+        # MUST use docker.io as we don't have a copy of this backend image in our GitHub Action,
+        # and docker.io is the only public image. If we ever hit aggressive rate limits at DockerHub,
+        # we may need to consider making the 'ghcr.io' images public & switch this to 'ghcr.io'
+        env:
+          DOCKER_REGISTRY: docker.io
+        run: |
+          docker compose -f docker/docker-compose-rest.yml up -d
+          sleep 10
+          docker container ls
+      # Create a test admin account. Load test data from a simple set of AIPs as defined in cli.ingest.yml
+      - name: Load test data into Backend
+        run: |
+          docker compose -f docker/cli.yml run --rm dspace-cli create-administrator -e test@test.edu -f admin -l user -p admin -c en
+          docker compose -f docker/cli.yml -f docker/cli.ingest.yml run --rm dspace-cli
+      # Verify backend started successfully.
+      # 1. Make sure root endpoint is responding (check for dspace.name defined in docker-compose.yml)
+      # 2. Also check /collections endpoint to ensure the test data loaded properly (check for a collection name in AIPs)
+      - name: Verify backend is responding properly
+        run: |
+          result=$(wget -O- -q http://127.0.0.1:8080/server/api)
+          echo "$result"
+          echo "$result" |  grep -oE "\"DSpace Started with Docker Compose\""
+          result=$(wget -O- -q http://127.0.0.1:8080/server/api/core/collections)
+          echo "$result"
+          echo "$result" |  grep -oE "\"Dog in Yard\""
+      # Start production frontend using our compose script in the codebase.
+      - name: Start production frontend in Docker
+        # Specify the GHCR copy of the production frontend, so that we use the newly built image
+        env:
+          DOCKER_REGISTRY: ghcr.io
+        run: |
+          docker compose -f docker/docker-compose-dist.yml up -d
+          sleep 10
+          docker container ls
+      # Verify production frontend started successfully.
+      # 1. Make sure /home path has "DSpace software" (this is in the footer of the page)
+      # 2. Also check /community-list page lists one of the test Communities in the loaded test data
+      - name: Verify production frontend is responding properly
+        run: |
+          result=$(wget -O- -q http://127.0.0.1:4000/home)
+          echo "$result"
+          echo "$result" |  grep -oE "\"DSpace software\""
+      - name: Error logs of production frontend (if error in startup)
+        if: ${{ failure() }}
+        run: |
+          docker compose -f docker/docker-compose-dist.yml logs
+      # Now shutdown the production frontend image and startup the development frontend image
+      - name: Shutdown production frontend
+        run: |
+          docker compose -f docker/docker-compose-dist.yml down
+          sleep 10
+          docker container ls
+      - name: Startup development frontend
+        # Specify the GHCR copy of the development frontend, so that we use the newly built image
+        env:
+          DOCKER_REGISTRY: ghcr.io
+        run: |
+          docker compose -f docker/docker-compose.yml up -d
+          sleep 10
+          docker container ls
+      # Verify development frontend started successfully.
+      # 1. First, keep requesting the frontend every 10 seconds to wait until its up. Timeout after 10 minutes.
+      # 2. Once it's responding, check to see if the word "DSpace" appears.
+      #    We cannot check for anything more specific because development mode doesn't have SSR.
+      - name: Verify development frontend is responding properly
+        run: |
+          timeout 10m wget --retry-connrefused -t 0 --waitretry=10 http://127.0.0.1:4000
+          result=$(wget -O- -q http://127.0.0.1:4000)
+          echo "$result"
+          echo "$result" |  grep -oE "DSpace"
+      - name: Error logs of development frontend (if error in startup)
+        if: ${{ failure() }}
+        run: |
+          docker compose -f docker/docker-compose.yml logs
+      # Shutdown our containers
+      - name: Shutdown running Docker containers
+        run: |
+          docker compose -f docker/docker-compose.yml -f docker/docker-compose-rest.yml down

.github/workflows/issue_opened.yml

@@ -8,15 +8,15 @@ on:
 permissions: {}
 jobs:
   automation:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
     # Add the new issue to a project board, if it needs triage
     # See https://github.com/actions/add-to-project
     - name: Add issue to triage board
       # Only add to project board if issue is flagged as "needs triage" or has no labels
       # NOTE: By default we flag new issues as "needs triage" in our issue template
       if: (contains(github.event.issue.labels.*.name, 'needs triage') || join(github.event.issue.labels.*.name) == '')
-      uses: actions/add-to-project@v1.0.0
+      uses: actions/add-to-project@v1.0.2
       # Note, the authentication token below is an ORG level Secret. 
       # It must be created/recreated manually via a personal access token with admin:org, project, public_repo permissions
       # See: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token

.github/workflows/label_merge_conflicts.yml

@@ -18,7 +18,7 @@ jobs:
   triage:
     # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace-angular'
     if: github.repository == 'dspace/dspace-angular'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     permissions:
       pull-requests: write
     steps:
@@ -36,4 +36,4 @@ jobs:
           conflict_comment: |
             Hi @${author},
             Conflicts have been detected against the base branch.
-            Please [resolve these conflicts](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/addressing-merge-conflicts/about-merge-conflicts) as soon as you can. Thanks!
+            Please [resolve these conflicts](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/addressing-merge-conflicts/about-merge-conflicts) as soon as you can. Thanks!

.github/workflows/port_merged_pull_request.yml

@@ -18,12 +18,12 @@ permissions:
 
 jobs:
   port_pr:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     # Don't run on closed *unmerged* pull requests
     if: github.event.pull_request.merged
     steps:
       # Checkout code
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       # Port PR to other branch (ONLY if labeled with "port to")
       # See https://github.com/korthout/backport-action
       - name: Create backport pull requests
@@ -43,4 +43,4 @@ jobs:
           merge_commits: 'skip'
           # Use a personal access token (PAT) to create PR as 'dspace-bot' user.
           # A PAT is required in order for the new PR to trigger its own actions (for CI checks)
-          github_token: ${{ secrets.PR_PORT_TOKEN }}
+          github_token: ${{ secrets.PR_PORT_TOKEN }}

.github/workflows/pull_request_opened.yml

@@ -16,9 +16,9 @@ permissions:
 
 jobs:
   automation:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
     # Assign the PR to whomever created it. This is useful for visualizing assignments on project boards
     # See https://github.com/toshimaru/auto-author-assign
     - name: Assign PR to creator
-      uses: toshimaru/auto-author-assign@v2.1.0
+      uses: toshimaru/auto-author-assign@v3.0.1