Merge branch 'dev' into 59-reset-on-start-behaviour

.env.template

@@ -38,3 +38,9 @@
 # Spring boot application property reset.on.start, default value is true
 #RESET_ON_START=false
 
+# Flag to display EULA
+#DISPLAY_EULA=true
+
+# EULA html
+#EULA_HTML=<p>The Spyderisk software is open source, licensed under <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0</a></p>
+

.github/workflows/codesee-arch-diagram.yml

@@ -0,0 +1,23 @@
+# This workflow was added by CodeSee. Learn more at https://codesee.io/
+# This is v2.0 of this workflow file
+on:
+  push:
+    branches:
+      - dev
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+name: CodeSee
+
+permissions: read-all
+
+jobs:
+  codesee:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    name: Analyze the repo with CodeSee
+    steps:
+      - uses: Codesee-io/codesee-action@v2
+        with:
+          codesee-token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }}
+          codesee-url: https://app.codesee.io

.github/workflows/docker-image.yml

@@ -29,15 +29,20 @@ jobs:
       # The tag applied to the image will be like spyderisk/system-modeller:<branch-name>-<timestamp>
       # e.g. spyderisk/system-modeller:dev-20230405T1012
       # Where the timestamp is the time of the final commit in the build.
+      # In addition, the image is tagged with spyderisk/system-modeller:<branch-name>-latest
       run: |
+        TAG_ROOT=spyderisk/system-modeller
         TIMESTAMP=$(git show -s --format=%cI ${GITHUB_SHA})
         SHORT_TIME=$(echo ${TIMESTAMP} | sed 's/[-:]//g')
         REF_END=$(echo ${GITHUB_REF} | sed 's/.*\///')
-        TAG=spyderisk/system-modeller:${REF_END}-${SHORT_TIME:0:13}
-        echo "TAG=${TAG}" >> ${GITHUB_ENV}
-        docker build --tag ${TAG} --build-arg CI_COMMIT_SHA=${GITHUB_SHA} --build-arg CI_COMMIT_TIMESTAMP=${TIMESTAMP} --file Dockerfile --target ssm-production "."
+        TAG_DATE=${TAG_ROOT}:${REF_END}-${SHORT_TIME:0:13}
+        TAG_LATEST=${TAG_ROOT}:${REF_END}-latest
+        echo "TAG_DATE=${TAG_DATE}" >> ${GITHUB_ENV}
+        echo "TAG_LATEST=${TAG_LATEST}" >> ${GITHUB_ENV}
+        docker build --tag ${TAG_DATE} --tag ${TAG_LATEST} --build-arg CI_COMMIT_SHA=${GITHUB_SHA} --build-arg CI_COMMIT_TIMESTAMP=${TIMESTAMP} --file Dockerfile --target ssm-production "."
 
     - name: Push Docker image to registry
       run: | 
         docker login -u ${{ vars.DOCKER_HUB_USERNAME }} -p ${{ secrets.DOCKER_HUB_RW_SECRET }}
-        docker push ${TAG}
+        docker push ${TAG_DATE}
+        docker push ${TAG_LATEST}

CODE-OF-CONDUCT.md

@@ -0,0 +1,146 @@
+# Spyderisk Code of Conduct
+
+Version 1.0, November 2023
+
+The Spyderisk Project is a friendly community and welcomes contributions. This document outlines both
+expected and prohibited behaviour.
+
+# Short summary
+
+The rest of this document is detail which supports the following three points:
+
+* Spyderisk participants are to be respectful and direct with each other
+* We will not tolerate bullying, racism, sexism or constant domineering behaviour
+* No personal attacks, and generally stay focussed on what we are trying to achieve
+
+That's it, just those three main things. This Code of Conduct been proved to be
+necessary, but we don't think a long document is required.
+
+# Who should feel safe?
+
+Everyone, regardless of diversity dimensions including:
+
+* Gender, identity or expression
+* Age
+* Socioeconomic status
+* Sex or sexual orientation
+* Family status
+* Race and/or caste and/or ethnicity
+* National origin
+* Religion
+* Native or other languages
+
+# When should they feel safe?
+
+* Working with other Spyderisk community participants virtually or co-located
+* Representing Spyderisk at public events
+* Representing Spyderisk in social media
+
+# What is expected?
+
+The following behaviours are expected of all Spyderisk community participants:
+
+## Be respectful
+
+Value each other’s ideas, styles and viewpoints. Disagreement is no excuse for
+bad manners. Be open to different possibilities and to being wrong. Take
+responsibility, so if someone says they have been harmed through your words or
+actions, listen carefully, apologise sincerely, and correct the behaviour.
+
+## Be direct but professional
+
+We must be able to speak directly when we disagree and when we think we need to
+improve. We cannot withhold hard truths.  Doing so respectfully is hard, doing
+so when others don’t seem to be listening is harder, and hearing such comments
+when can be harder still.
+
+## Be inclusive
+
+Seek diverse perspectives. Diversity of views and of people gives better
+results.  Encourage all voices. Help new perspectives be heard and listen
+actively. If you find yourself dominating a discussion, step back and give
+other people a chance.  Observe how much time is taken up by dominant members
+of the group.
+
+## Appreciate and accommodate our similarities and differences
+
+Be respectful of people with different cultural practices, attitudes and
+beliefs. Work to eliminate your own biases, prejudices and discriminatory
+practices. Think of others’ needs from their point of view. Use preferred
+titles (including pronouns). Respect people’s right to privacy and
+confidentiality. Be open to learning from and educating others as well as
+educating yourself.
+
+# Behaviour that won't be tolerated
+
+The following behaviours are unacceptable, as should be obvious to any reasonable person:
+
+## Violence and threats of violence are not acceptable
+
+Offline or online, including incitement of violence or encouraging a person to
+commit self-harm. This also includes posting or threatening to post other
+people’s personal data (“doxxing”) online.
+
+## Derogatory language is not acceptable
+
+Hurtful or harmful language related to any dimension of diversity is not
+acceptable.
+
+This includes deliberately referring to someone by a gender that they do not
+identify with, or questioning an individual's gender identity. If you are unsure
+if a word is derogatory, don't use that word. When asked to stop, stop the behaviour.
+
+## Unwelcome sexual attention or physical contact is not acceptable
+
+Unwelcome sexual attention online or offline, or unwelcome physical contact is
+not acceptable. This includes sexualised comments, jokes or imagery as well as
+inappropriate touching, groping, or sexual advances.  This also includes
+physically blocking or intimidating another person. Physical contact or
+simulated physical contact (potentially including emojis) without affirmative
+consent is not acceptable.
+
+# Consequences of unacceptable behaviour
+
+Bad behaviour from any Spyderisk community participant can't be tolerated.
+Intentional efforts to exclude people (except as part of a consequence of these
+guidelines) from Spyderisk activities are not acceptable.
+
+Reports of harassment/discrimination will be promptly and thoroughly
+investigated by the people responsible for the safety of the space, event or
+activity, with a view to taking action.
+
+Anyone asked to stop unacceptable behaviour is expected to stop immediately.
+Violation of these guidelines can result in you being ask to leave an event or
+online space, either temporarily or for the duration of the event, or being
+banned from participation in spaces, or future events and activities.
+
+Participants who abuse the reporting process will be considered to be in
+violation. False reporting, especially to retaliate or exclude, will not be
+accepted or tolerated.
+
+# Reporting
+
+If you believe you're experiencing unacceptable behaviour 
+as outlined above please contact one of the 
+[current authors in AUTHORS.md](./AUTHORS.md), or send a message to 
+[code-of-conduct@spyderisk.org](mailto:code-of-conduct@spyderisk.org).
+
+You should expect to receive a reply. After determining a precise description of your
+situation, the team will review and determine next steps. 
+
+Please also report to us if you observe someone else in distress, or violations of
+these guidelines.
+
+If you feel you have been unfairly accused of violating these guidelines,
+please follow the same reporting process.
+
+<hr>
+
+This document is (c) 2023 The Spyderisk Authors, under the
+[Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/) license.
+
+*Heavily Adapted and Compressed from the quite large version 3.1 of the 
+[Mozilla Participation Guidelines](https://www.mozilla.org/en-US/about/governance/policies/participation/),
+released under the same license. We thank Mozilla for their work. First revision and compression done by [LumoSQL](https://lumosql.org).*
+
+

LICENSE.md

@@ -0,0 +1,56 @@
+# Short summary
+
+Spyderisk is licensed under the Apache 2.0 license.
+
+The [README in the licenses directory](./licenses/README.md) explains how to apply
+license headers to files in Spyderisk.
+
+The site [TL;DR Legal](https://www.tldrlegal.com/license/apache-license-2-0-apache-2-0)
+summarises the Apache license as:
+> You can do what you like with the software, as long as you include the required notices.
+> This permissive license contains a patent license from the contributors of the code.
+
+# Spyderisk Open Project Copyright and Licenses
+
+Regardless of who owns contributions, Spyderisk source code is entirely
+licensed under either the Apache2 license or (in some cases) licenses which are
+compatible with Apache2. A complete list of licenses is in the README file in
+the directory [```licenses/```](./licenses/README.md), which also contains the text of these licenses and
+discussion about the Spyderisk policies and practices on incorporating open source 
+code developed outside Spyderisk.
+
+As of 2023, the copyright of the code in all Spyderisk source trees
+is owned by either the individual authors, or, quite often, the University of
+Southampton ("Soton"). The IT Innovation Centre of the University of Southampton
+created nearly all Spyderisk code before it was open sourced in 2023. For any 
+new contributions - and we hope there will be many - we recommend the original author retain
+copyright ownership as an individual. If you work for an organisation and are
+unsure of who owns your output while at work, see your employment contract and
+ask your management. Many files simply have "Copyright the Spyderisk Authors" at the
+top as well as the name of the original author. This is a reference to the file
+[```AUTHORS.md```](./AUTHORS.md). 
+
+Spyderisk documentation and configuration files are generally under a Creative Commons 
+license, again explained in [```licenses/```](./licenses/README.md). It is not necessary 
+for every file to have a copyright notice, but in Spyderisk we do insist that all source code
+files do.
+
+# No CLA
+
+Spyderisk does *not* and will not have a Contributor License Agreement (CLA),
+for reasons similar to [Red Hat](https://opensource.com/article/19/2/cla-problems),
+the [Software Freedom Conservancy](https://sfconservancy.org/blog/2014/jun/09/do-not-need-cla/) and
+other leading open source voices.
+
+We adhere to the "inbound = outbound" open source principle, which means:
+* each code contributor (ie inbound) has the same rights as every other code contributor.
+CLAs often grant additional rights to one particular contributor, which in
+the case of Spyderisk would be our generous founding donor, the University of
+Southampton. We have chosen not to do this.
+* each code user (ie outbound) has exactly the same rights to use Spyderisk source code
+as every code contributor.
+
+Spyderisk uses the excellent Apache 2 license from
+[apache.org](https://apache.org), but apache.org itself is an organisation serving
+large companies, and we do not use their CLAs. We are not affiliated with
+apache.org in any way.

docker-compose.yml

@@ -42,6 +42,8 @@ services:
       SPRING_DATA_MONGODB_HOST: mongo
       KEYCLOAK_CREDENTIALS_SECRET: ${KEYCLOAK_CREDENTIALS_SECRET:-DfkQBcVpjbO6gTMXMBUBfHe45UmFhGxk}
       RESET_ON_START: ${RESET_ON_START:-true}
+      DISPLAY_EULA: ${DISPLAY_EULA:-true}
+      EULA_HTML: ${EULA_HTML}
     volumes:
       # Persistent named volume for the jena-tdb storage
       - type: volume