chore: bump version to tractusx-edc 0.12.0

.github/actions/generate-and-check-dependencies/action.yml

@@ -33,7 +33,9 @@ runs:
     - name: Generate dependency list
       shell: bash
       run: |
-        ./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq > dependency-list
+        ./gradlew :edc-controlplane:allDependencies --configuration runtimeClasspath | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" > dependency-list-c
+        ./gradlew :edc-dataplane:allDependencies --configuration runtimeClasspath | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" > dependency-list-d
+        cat dependency-list-c dependency-list-d | sort | uniq > dependency-list
         cat dependency-list
 
     - name: Run dash

.github/actions/generate-and-publish-allure-report/action.yml

@@ -35,7 +35,7 @@ runs:
   using: "composite"
   steps:
     - name: Download Allure results
-      uses: actions/download-artifact@v7
+      uses: actions/download-artifact@v8
       with:
         pattern: ${{ inputs.allure_results }}-*
         merge-multiple: true

.github/actions/publish-docker-image/action.yml

@@ -52,19 +52,19 @@ runs:
     # Enable emulation for cross-arch builds
     ###############################################
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v4
 
     ###############################################
     # Use Docker Buildx (required for multi-arch)
     ###############################################
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v4
 
     #####################
     # Login to DockerHub
     #####################
     - name: DockerHub login
-      uses: docker/login-action@v3
+      uses: docker/login-action@v4
       with:
         username: ${{ inputs.docker_user }}
         password: ${{ inputs.docker_token }}
@@ -84,7 +84,7 @@ runs:
     # Create SemVer or ref tags dependent of trigger event
     - name: Docker meta
       id: meta
-      uses: docker/metadata-action@v5
+      uses: docker/metadata-action@v6
       with:
         images: |
           ${{ inputs.namespace }}/${{ inputs.imagename }}
@@ -101,7 +101,7 @@ runs:
     # Build and push the image
     ###############################
     - name: Build and push
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v7
       with:
         context: ${{ inputs.rootDir }}
         file: ${{ inputs.rootDir }}/build/resources/docker/Dockerfile

.github/actions/run-deployment-test/action.yml

@@ -1,6 +1,7 @@
 #################################################################################
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
 #  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2026 Cofinity-X GmbH
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -43,7 +44,7 @@ inputs:
   k8sversion:
     required: false
     description: "Version of Kubernetes to use"
-    default: "v1.30.0"
+    default: "v1.34.3"
 
 runs:
   using: "composite"
@@ -55,10 +56,9 @@ runs:
     - uses: ./.github/actions/setup-kubectl
 
     - name: Create k8s Kind Cluster
-      uses: helm/kind-action@v1.13.0
+      uses: helm/kind-action@v1.14.0
       with:
         node_image: kindest/node:${{ inputs.k8sversion }}
-        version: v0.29.0
 
     - name: Build docker images
       shell: bash

.github/actions/update-version-and-charts/action.yml

@@ -42,18 +42,15 @@ runs:
         fi
         echo "version=$VERSION" >> "$GITHUB_OUTPUT"
     - name: Bump version in /charts
-      uses: mikefarah/yq@v4.52.2
+      uses: mikefarah/yq@v4.52.4
       with:
         cmd: |
           find charts -name Chart.yaml -maxdepth 3 | xargs -n1 yq -i '.appVersion = "${{ steps.resolver.outputs.version }}" 
             | .version = "${{ steps.resolver.outputs.version }}"'
     - name: Update Chart READMEs
-      uses: addnab/docker-run-action@v3
-      with:
-        image: jnorwood/helm-docs:v1.10.0
-        options: -v ${{ github.workspace }}/charts:/helm-docs
-        run: |
-          helm-docs --log-level debug
+      shell: bash
+      run: |
+          docker run -v ${{ github.workspace }}/charts:/helm-docs jnorwood/helm-docs helm-docs
     - name: Update version in gradle.properties
       shell: bash
       run: |-

.github/dependabot.yml

@@ -33,6 +33,7 @@ updates:
       - "dependencies"
     schedule:
       interval: "weekly"
+    open-pull-requests-limit: 50
     ignore:
       - dependency-name: "org.eclipse.dataspacetck.dsp:*"
       - dependency-name: "org.eclipse.dataspacetck.dcp:*"
@@ -49,6 +50,7 @@ updates:
       - "github-actions"
     schedule:
       interval: "weekly"
+    open-pull-requests-limit: 50
 
   # Docker
   - package-ecosystem: "docker"
@@ -62,3 +64,4 @@ updates:
       - "docker"
     schedule:
       interval: "weekly"
+    open-pull-requests-limit: 50

.github/workflows/codeql.yaml

@@ -76,8 +76,6 @@ jobs:
       - name: Build Production Code
         run: |
           ./gradlew compileJava --no-daemon --no-build-cache
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4

.github/workflows/deployment-test.yaml

@@ -1,6 +1,7 @@
 #################################################################################
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2026 Cofinity-X GmbH
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -65,9 +66,9 @@ jobs:
       fail-fast: false
       # this will verify that the official distribution of the Tractus-X EDC Helm chart runs on the last 3 Kubernetes versions
       matrix:
-        k8s-version: [ "v1.33.1",
-                       "v1.32.5",
-                       "v1.31.9" ]
+        k8s-version: [ "v1.35.1",
+                       "v1.34.3",
+                       "v1.33.7" ]
     steps:
       - name: Checkout
         uses: actions/checkout@v6

.github/workflows/kics.yml

@@ -44,7 +44,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: KICS scan
-        uses: checkmarx/kics-github-action@v2.1.19
+        uses: checkmarx/kics-github-action@v2.1.20
         with:
           path: "."
           fail_on: high

.github/workflows/publish-openapi-ui.yml

@@ -55,9 +55,7 @@ jobs:
 
       - name: Generate openapi spec
         run: ./gradlew resolve
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         with:
           name: openapi-spec
           path: resources/openapi/yaml
@@ -74,7 +72,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: eclipse-edc/.github/.github/actions/setup-build@main
-      - uses: actions/download-artifact@v7
+      - uses: actions/download-artifact@v8
         with:
           name: openapi-spec
           path: resources/openapi/yaml
@@ -93,14 +91,10 @@ jobs:
         run: |
           ./gradlew -p ${{ matrix.apiGroup.folder }} downloadOpenapi
           cp ${{ matrix.apiGroup.folder }}/build/docs/openapi/* resources/openapi/yaml/${{ matrix.apiGroup.name }}
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
 
       - name: Merge API specs
         run: |
           ./gradlew mergeOpenApiSpec --inputDir=${PWD}/resources/openapi/yaml/${{ matrix.apiGroup.name }} --output=${{ matrix.apiGroup.name }}.yaml --infoTitle="Tractus-X EDC ${{ matrix.apiGroup.name }} API" --infoDescription="Tractus-X EDC ${{ matrix.apiGroup.name }} API Documentation" --infoVersion=${{ env.VERSION }}
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
 
       - name: Generate Swagger UI current version
         uses: Legion2/swagger-ui-action@v1
@@ -117,7 +111,7 @@ jobs:
           spec-file: ${{ matrix.apiGroup.name }}.yaml
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         with:
           name: ${{ matrix.apiGroup.name }}-api
           path: dist
@@ -128,7 +122,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/download-artifact@v7
+      - uses: actions/download-artifact@v8
         with:
           path: openapi
           pattern: "*-api"

.github/workflows/release.yml

@@ -32,6 +32,11 @@ on:
         required: true
         type: boolean
         default: false
+      previous_tag:
+        description: "Generate release notes starting from tag"
+        type: string
+        required: true
+        default: ""
 
 
 jobs:
@@ -48,6 +53,8 @@ jobs:
       update_main_branch_version: ${{ steps.update-main.outputs.update_main_branch_version }}
     steps:
       - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
       - name: Output release version
         id: release-version
         run: |
@@ -79,6 +86,10 @@ jobs:
             echo "This workflow can not be executed for SNAPSHOT versions."
             exit 1
           fi
+      - name: Validate previous_tag exists
+        run: |
+          git show-ref --tags --verify --quiet "refs/tags/${{ inputs.previous_tag }}" \
+            || (echo "Tag '${{ inputs.previous_tag }}' not found." && exit 1)
 
 
   # Release: Maven Artifacts
@@ -169,6 +180,7 @@ jobs:
         uses: ncipollo/release-action@v1
         with:
           generateReleaseNotes: true
+          generateReleaseNotesPreviousTag: ${{ inputs.previous_tag }}
           tag: ${{ needs.validation.outputs.RELEASE_VERSION }}
           token: ${{ secrets.GITHUB_TOKEN }}
           makeLatest: ${{ inputs.latest }}

.github/workflows/secrets-scan.yml

@@ -46,7 +46,7 @@ jobs:
 
       - name: TruffleHog OSS
         id: trufflehog
-        uses: trufflesecurity/trufflehog@7635b24fd512a2e817dd3e9dd661caaf035a079d
+        uses: trufflesecurity/trufflehog@6c05c4a00b91aa542267d8e32a8254774799d68d
         continue-on-error: true
         with:
           path: ./  # Scan the entire repository

.github/workflows/trivy.yml

@@ -58,7 +58,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: "config"
           # ignore-unfixed: true
@@ -100,7 +100,7 @@ jobs:
         ## the next two steps will only execute if the image exists check was successful
       - name: Run Trivy vulnerability scanner
         if: success() && steps.imageCheck.outcome != 'failure'
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: "tractusx/${{ matrix.image }}:sha-${{ needs.git-sha7.outputs.value }}"
           format: "sarif"

.github/workflows/upgradeability-test.yaml

@@ -49,7 +49,7 @@ jobs:
       - uses: ./.github/actions/setup-kubectl
 
       - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.13.0
+        uses: helm/kind-action@v1.14.0
 
       - name: "Update helm repo"
         run: |
@@ -89,8 +89,6 @@ jobs:
         run: |-
           ./gradlew :edc-controlplane:edc-controlplane-postgresql-hashicorp-vault:dockerize
           ./gradlew :edc-dataplane:edc-dataplane-hashicorp-vault:dockerize
-        env:
-          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
 
       - name: "Load images into KinD"
         shell: bash
@@ -114,7 +112,14 @@ jobs:
       - name: Print logs
         if: failure()
         shell: bash
-        run: kubectl get deployments | tail -n +2 | awk '{print $1}' | sed 's/^/deployment\//' | xargs -n1 kubectl logs
+        run: |
+          kubectl get pods -o wide
+          kubectl get pods --no-headers | awk '{print $1}' | while read pod; do
+            echo "=== logs: $pod ==="
+            kubectl logs "$pod" --all-containers=true || true
+            echo "=== previous logs: $pod ==="
+            kubectl logs "$pod" --previous --all-containers=true || true
+          done
 
       - name: Destroy the kind cluster
         if: always()