update ci trigger paths for portainer-ee - release/2.22 (#70 )

required changes to enable monorepo.
Co-authored-by: deviantony <anthony.lapenna@portainer.io> Co-authored-by: Yajith Dayarathna <yajith.dayarathna@portainer.io>
2024-10-29 12:24:04 +13:00 · 2024-10-09 08:44:54 +13:00 · 2024-10-02 15:55:02 +13:00
38 changed files with 178 additions and 1257 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -93,8 +93,6 @@ body:
      description: We only provide support for the most recent version of Portainer and the previous 3 versions. If you are on an older version of Portainer we recommend [upgrading first](https://docs.portainer.io/start/upgrade) in case your bug has already been fixed.
      multiple: false
      options:
-        - '2.22.0'
-        - '2.21.3'
        - '2.21.2'
        - '2.21.1'
        - '2.21.0'
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,166 +0,0 @@
-name: ci
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'develop'
-      - 'release/*'
-  pull_request:
-    branches:
-      - 'develop'
-      - 'release/*'
-      - 'feat/*'
-      - 'fix/*'
-      - 'refactor/*'
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
-
-env:
-  DOCKER_HUB_REPO: portainerci/portainer-ce
-  EXTENSION_HUB_REPO: portainerci/portainer-docker-extension
-  NODE_VERSION: 18.x
-
-jobs:
-  build_images:
-    strategy:
-      matrix:
-        config:
-          - { platform: linux, arch: amd64, version: "" }
-          - { platform: linux, arch: arm64, version: "" }
-          - { platform: linux, arch: arm, version: "" }
-          - { platform: linux, arch: ppc64le, version: "" }
-          - { platform: windows, arch: amd64, version: 1809 }
-          - { platform: windows, arch: amd64, version: ltsc2022 }
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
-    steps:
-      - name: '[preparation] checkout the current branch'
-        uses: actions/checkout@v4.1.1
-        with:
-          ref: ${{ github.event.inputs.branch }}
-      - name: '[preparation] set up golang'
-        uses: actions/setup-go@v5.0.0
-        with:
-          go-version-file: go.mod
-      - name: '[preparation] set up node.js'
-        uses: actions/setup-node@v4.0.1
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'yarn'
-      - name: '[preparation] set up qemu'
-        uses: docker/setup-qemu-action@v3.0.0
-      - name: '[preparation] set up docker context for buildx'
-        run: docker context create builders
-      - name: '[preparation] set up docker buildx'
-        uses: docker/setup-buildx-action@v3.0.0
-        with:
-          endpoint: builders
-      - name: '[preparation] docker login'
-        uses: docker/login-action@v3.0.0
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-      - name: '[preparation] set the container image tag'
-        run: |
-          if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
-            # use the release branch name as the tag for release branches
-            # for instance, release/2.19 becomes 2.19
-            CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -d "/" -f 2)
-          elif [ "${GITHUB_EVENT_NAME}" == "pull_request" ]; then
-            # use pr${{ github.event.number }} as the tag for pull requests
-            # for instance, pr123
-            CONTAINER_IMAGE_TAG="pr${{ github.event.number }}"
-          else
-            # replace / with - in the branch name
-            # for instance, feature/1.0.0 -> feature-1.0.0
-            CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | sed 's/\//-/g')
-          fi
-          
-          echo "CONTAINER_IMAGE_TAG=${CONTAINER_IMAGE_TAG}-${{ matrix.config.platform }}${{ matrix.config.version }}-${{ matrix.config.arch }}" >> $GITHUB_ENV
-      - name: '[execution] build linux & windows portainer binaries'
-        run: |
-          export YARN_VERSION=$(yarn --version)
-          export WEBPACK_VERSION=$(yarn list webpack --depth=0 | grep webpack | awk -F@ '{print $2}')
-          export BUILDNUMBER=${GITHUB_RUN_NUMBER}
-          GIT_COMMIT_HASH_LONG=${{ github.sha }}
-          export GIT_COMMIT_HASH_SHORT={GIT_COMMIT_HASH_LONG:0:7}
-          
-          NODE_ENV="testing"
-          if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
-            NODE_ENV="production"
-          fi
-          
-          make build-all PLATFORM=${{ matrix.config.platform }} ARCH=${{ matrix.config.arch }} ENV=${NODE_ENV}
-        env:
-          CONTAINER_IMAGE_TAG: ${{ env.CONTAINER_IMAGE_TAG }}
-      - name: '[execution] build and push docker images'
-        run: |
-          if [ "${{ matrix.config.platform }}" == "windows" ]; then
-            mv dist/portainer dist/portainer.exe
-            docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} --build-arg OSVERSION=${{ matrix.config.version }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile .
-          else 
-            docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile .
-            docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" -f build/${{ matrix.config.platform }}/alpine.Dockerfile .
-            
-            if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
-              docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile .
-              docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" -f build/${{ matrix.config.platform }}/alpine.Dockerfile .
-            fi
-          fi
-        env:
-          CONTAINER_IMAGE_TAG: ${{ env.CONTAINER_IMAGE_TAG }}
-  build_manifests:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
-    needs: [build_images]
-    steps:
-      - name: '[preparation] docker login'
-        uses: docker/login-action@v3.0.0
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-      - name: '[preparation] set up docker context for buildx'
-        run: docker version && docker context create builders
-      - name: '[preparation] set up docker buildx'
-        uses: docker/setup-buildx-action@v3.0.0
-        with:
-          endpoint: builders
-      - name: '[execution] build and push manifests'
-        run: |
-          if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
-            # use the release branch name as the tag for release branches
-            # for instance, release/2.19 becomes 2.19
-            CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -d "/" -f 2)
-          elif [ "${GITHUB_EVENT_NAME}" == "pull_request" ]; then
-            # use pr${{ github.event.number }} as the tag for pull requests
-            # for instance, pr123
-            CONTAINER_IMAGE_TAG="pr${{ github.event.number }}"
-          else
-            # replace / with - in the branch name
-            # for instance, feature/1.0.0 -> feature-1.0.0
-            CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | sed 's/\//-/g')
-          fi
-
-          docker buildx imagetools create -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-windows1809-amd64" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-windowsltsc2022-amd64"
-          
-          docker buildx imagetools create -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64-alpine" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64-alpine" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm-alpine" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le-alpine"
-            
-          if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
-            docker buildx imagetools create -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}" \
-              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64" \
-              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64"
-          fi
--- a/.github/workflows/label-conflcts.yaml
+++ b/.github/workflows/label-conflcts.yaml
@@ -1,15 +0,0 @@
-on:
-  push:
-    branches:
-      - develop
-      - 'release/**'
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: mschilde/auto-label-merge-conflicts@master
-        with:
-          CONFLICT_LABEL_NAME: 'has conflicts'
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          MAX_RETRIES: 10
-          WAIT_MS: 60000
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,55 +0,0 @@
-name: Lint
-
-on:
-  push:
-    branches:
-      - master
-      - develop
-      - release/*
-  pull_request:
-    branches:
-      - master
-      - develop
-      - release/*
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
-
-env:
-  GO_VERSION: 1.22.5
-  NODE_VERSION: 18.x
-
-jobs:
-  run-linters:
-    name: Run linters
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'yarn'
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - run: yarn --frozen-lockfile
-      - name: Run linters
-        uses: wearerequired/lint-action@v1
-        with:
-          eslint: true
-          eslint_extensions: ts,tsx,js,jsx
-          prettier: true
-          prettier_dir: app/
-          gofmt: true
-          gofmt_dir: api/
-      - name: Typecheck
-        uses: icrawl/action-tsc@v1
-      - name: GolangCI-Lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.59.1
-          args: --timeout=10m -c .golangci.yaml
--- a/.github/workflows/nightly-security-scan.yml
+++ b/.github/workflows/nightly-security-scan.yml
@@ -1,254 +0,0 @@
-name: Nightly Code Security Scan
-
-on:
-  schedule:
-    - cron: '0 20 * * *'
-  workflow_dispatch:
-
-env:
-  GO_VERSION: 1.22.5
-  DOCKER_HUB_REPO: portainerci/portainer-ce
-  DOCKER_HUB_IMAGE_TAG: develop
-
-jobs:
-  client-dependencies:
-    name: Client Dependency Check
-    runs-on: ubuntu-latest
-    if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop'
-    outputs:
-      js: ${{ steps.set-matrix.outputs.js_result }}
-    steps:
-      - name: checkout repository
-        uses: actions/checkout@master
-
-      - name: scan vulnerabilities by Snyk
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          json: true
-
-      - name: upload scan result as develop artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: js-security-scan-develop-result
-          path: snyk.json
-
-      - name: develop scan report export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=table --export --export-filename="/data/js-result")
-
-      - name: upload html file as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-js-result-${{github.run_id}}
-          path: js-result.html
-
-      - name: analyse vulnerabilities
-        id: set-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=matrix)
-          echo "js_result=${result}" >> $GITHUB_OUTPUT
-
-  server-dependencies:
-    name: Server Dependency Check
-    runs-on: ubuntu-latest
-    if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop'
-    outputs:
-      go: ${{ steps.set-matrix.outputs.go_result }}
-    steps:
-      - name: checkout repository
-        uses: actions/checkout@master
-
-      - name: install Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: download Go modules
-        run: cd ./api && go get -t -v -d ./...
-
-      - name: scan vulnerabilities by Snyk
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        run: |
-          yarn global add snyk
-          snyk test --file=./go.mod --json-file-output=snyk.json 2>/dev/null || :
-
-      - name: upload scan result as develop artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: go-security-scan-develop-result
-          path: snyk.json
-
-      - name: develop scan report export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=table --export --export-filename="/data/go-result")
-
-      - name: upload html file as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-go-result-${{github.run_id}}
-          path: go-result.html
-
-      - name: analyse vulnerabilities
-        id: set-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=matrix)
-          echo "go_result=${result}" >> $GITHUB_OUTPUT
-
-  image-vulnerability:
-    name: Image Vulnerability Check
-    runs-on: ubuntu-latest
-    if: >-
-      github.ref == 'refs/heads/develop'
-    outputs:
-      image-trivy: ${{ steps.set-trivy-matrix.outputs.image_trivy_result }}
-      image-docker-scout: ${{ steps.set-docker-scout-matrix.outputs.image_docker_scout_result }}
-    steps:
-      - name: scan vulnerabilities by Trivy
-        uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true
-        with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress ${{ env.DOCKER_HUB_REPO }}:${{ env.DOCKER_HUB_IMAGE_TAG }}
-
-      - name: upload Trivy image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-develop-result
-          path: image-trivy.json
-
-      - name: develop Trivy scan report export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=trivy --path="/data/image-trivy.json" --output-type=table --export --export-filename="/data/image-trivy-result")
-
-      - name: upload html file as Trivy artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-${{github.run_id}}
-          path: image-trivy-result.html
-
-      - name: analyse vulnerabilities from Trivy
-        id: set-trivy-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=trivy --path="/data/image-trivy.json" --output-type=matrix)
-          echo "image_trivy_result=${result}" >> $GITHUB_OUTPUT
-
-      - name: scan vulnerabilities by Docker Scout
-        uses: docker/scout-action@v1
-        continue-on-error: true
-        with:
-          command: cves
-          image: ${{ env.DOCKER_HUB_REPO }}:${{ env.DOCKER_HUB_IMAGE_TAG }}
-          sarif-file: image-docker-scout.json
-          dockerhub-user: ${{ secrets.DOCKER_HUB_USERNAME }}
-          dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-      - name: upload Docker Scout image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-develop-result
-          path: image-docker-scout.json
-
-      - name: develop Docker Scout scan report export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=docker-scout --path="/data/image-docker-scout.json" --output-type=table --export --export-filename="/data/image-docker-scout-result")
-
-      - name: upload html file as Docker Scout artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-${{github.run_id}}
-          path: image-docker-scout-result.html
-
-      - name: analyse vulnerabilities from Docker Scout
-        id: set-docker-scout-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=docker-scout --path="/data/image-docker-scout.json" --output-type=matrix)
-          echo "image_docker_scout_result=${result}" >> $GITHUB_OUTPUT
-
-  result-analysis:
-    name: Analyse Scan Results
-    needs: [client-dependencies, server-dependencies, image-vulnerability]
-    runs-on: ubuntu-latest
-    if: >-
-      github.ref == 'refs/heads/develop'
-    strategy:
-      matrix:
-        js: ${{fromJson(needs.client-dependencies.outputs.js)}}
-        go: ${{fromJson(needs.server-dependencies.outputs.go)}}
-        image-trivy: ${{fromJson(needs.image-vulnerability.outputs.image-trivy)}}
-        image-docker-scout: ${{fromJson(needs.image-vulnerability.outputs.image-docker-scout)}}
-    steps:
-      - name: display the results of js, Go, and image scan
-        run: |
-          echo "${{ matrix.js.status }}"
-          echo "${{ matrix.go.status }}"
-          echo "${{ matrix.image-trivy.status }}"
-          echo "${{ matrix.image-docker-scout.status }}"
-          echo "${{ matrix.js.summary }}"
-          echo "${{ matrix.go.summary }}"
-          echo "${{ matrix.image-trivy.summary }}"
-          echo "${{ matrix.image-docker-scout.summary }}"
-
-      - name: send message to Slack
-        if: >-
-          matrix.js.status == 'failure' ||
-          matrix.go.status == 'failure' || 
-          matrix.image-trivy.status == 'failure' || 
-          matrix.image-docker-scout.status == 'failure'
-        uses: slackapi/slack-github-action@v1.23.0
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "Code Scanning Result (*${{ github.repository }}*)\n*<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Actions Workflow URL>*"
-                  }
-                }
-              ],
-              "attachments": [
-                {
-                  "color": "#FF0000",
-                  "blocks": [
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*JS dependency check*: *${{ matrix.js.status }}*\n${{ matrix.js.summary }}"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Go dependency check*: *${{ matrix.go.status }}*\n${{ matrix.go.summary }}"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Image Trivy vulnerability check*: *${{ matrix.image-trivy.status }}*\n${{ matrix.image-trivy.summary }}\n"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Image Docker Scout vulnerability check*: *${{ matrix.image-docker-scout.status }}*\n${{ matrix.image-docker-scout.summary }}\n"
-                      }
-                    }
-                  ]
-                }
-              ]
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SECURITY_SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@@ -1,298 +0,0 @@
-name: PR Code Security Scan
-
-on:
-  pull_request_review:
-    types:
-      - submitted
-      - edited
-    paths:
-      - 'package.json'
-      - 'go.mod'
-      - 'build/linux/Dockerfile'
-      - 'build/linux/alpine.Dockerfile'
-      - 'build/windows/Dockerfile'
-      - '.github/workflows/pr-security.yml'
-
-env:
-  GO_VERSION: 1.22.5
-  NODE_VERSION: 18.x
-
-jobs:
-  client-dependencies:
-    name: Client Dependency Check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan' &&
-      github.event.pull_request.draft == false
-    outputs:
-      jsdiff: ${{ steps.set-diff-matrix.outputs.js_diff_result }}
-    steps:
-      - name: checkout repository
-        uses: actions/checkout@master
-
-      - name: scan vulnerabilities by Snyk
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          json: true
-
-      - name: upload scan result as pull-request artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: js-security-scan-feat-result
-          path: snyk.json
-
-      - name: download artifacts from develop branch built by nightly scan
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./snyk.json ./js-snyk-feature.json
-          (gh run download -n js-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./snyk.json ]]; then
-            mv ./snyk.json ./js-snyk-develop.json
-          else
-            echo "null" > ./js-snyk-develop.json
-          fi
-
-      - name: pr vs develop scan report comparison export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/js-snyk-feature.json" --compare-to="/data/js-snyk-develop.json" --output-type=table --export --export-filename="/data/js-result")
-
-      - name: upload html file as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-js-result-compare-to-develop-${{github.run_id}}
-          path: js-result.html
-
-      - name: analyse different vulnerabilities against develop branch
-        id: set-diff-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/js-snyk-feature.json" --compare-to="/data/js-snyk-develop.json" --output-type=matrix)
-          echo "js_diff_result=${result}" >> $GITHUB_OUTPUT
-
-  server-dependencies:
-    name: Server Dependency Check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan' &&
-      github.event.pull_request.draft == false
-    outputs:
-      godiff: ${{ steps.set-diff-matrix.outputs.go_diff_result }}
-    steps:
-      - name: checkout repository
-        uses: actions/checkout@master
-
-      - name: install Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: download Go modules
-        run: cd ./api && go get -t -v -d ./...
-
-      - name: scan vulnerabilities by Snyk
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        run: |
-          yarn global add snyk
-          snyk test --file=./go.mod --json-file-output=snyk.json 2>/dev/null || :
-
-      - name: upload scan result as pull-request artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: go-security-scan-feature-result
-          path: snyk.json
-
-      - name: download artifacts from develop branch built by nightly scan
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./snyk.json ./go-snyk-feature.json
-          (gh run download -n go-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./snyk.json ]]; then
-            mv ./snyk.json ./go-snyk-develop.json
-          else
-            echo "null" > ./go-snyk-develop.json
-          fi
-
-      - name: pr vs develop scan report comparison export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/go-snyk-feature.json" --compare-to="/data/go-snyk-develop.json" --output-type=table --export --export-filename="/data/go-result")
-
-      - name: upload html file as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-go-result-compare-to-develop-${{github.run_id}}
-          path: go-result.html
-
-      - name: analyse different vulnerabilities against develop branch
-        id: set-diff-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/go-snyk-feature.json" --compare-to="/data/go-snyk-develop.json" --output-type=matrix)
-          echo "go_diff_result=${result}" >> $GITHUB_OUTPUT
-
-  image-vulnerability:
-    name: Image Vulnerability Check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan' &&
-      github.event.pull_request.draft == false
-    outputs:
-      imagediff-trivy: ${{ steps.set-diff-trivy-matrix.outputs.image_diff_trivy_result }}
-      imagediff-docker-scout: ${{ steps.set-diff-docker-scout-matrix.outputs.image_diff_docker_scout_result }}
-    steps:
-      - name: checkout code
-        uses: actions/checkout@master
-
-      - name: install Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-
-      - name: Install packages
-        run: yarn --frozen-lockfile
-
-      - name: build
-        run: make build-all
-
-      - name: set up docker buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: build and compress image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: build/linux/Dockerfile
-          tags: local-portainer:${{ github.sha }}
-          outputs: type=docker,dest=/tmp/local-portainer-image.tar
-
-      - name: load docker image
-        run: |
-          docker load --input /tmp/local-portainer-image.tar
-
-      - name: scan vulnerabilities by Trivy
-        uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true
-        with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress local-portainer:${{ github.sha }}
-
-      - name: upload Trivy image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-feature-result
-          path: image-trivy.json
-
-      - name: download Trivy artifacts from develop branch built by nightly scan
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./image-trivy.json ./image-trivy-feature.json
-          (gh run download -n image-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./image-trivy.json ]]; then
-            mv ./image-trivy.json ./image-trivy-develop.json
-          else
-            echo "null" > ./image-trivy-develop.json
-          fi
-
-      - name: pr vs develop Trivy scan report comparison export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=trivy --path="/data/image-trivy-feature.json" --compare-to="/data/image-trivy-develop.json" --output-type=table --export --export-filename="/data/image-trivy-result")
-
-      - name: upload html file as Trivy artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-compare-to-develop-${{github.run_id}}
-          path: image-trivy-result.html
-
-      - name: analyse different vulnerabilities against develop branch by Trivy
-        id: set-diff-trivy-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=trivy --path="/data/image-trivy-feature.json" --compare-to="/data/image-trivy-develop.json" --output-type=matrix)
-          echo "image_diff_trivy_result=${result}" >> $GITHUB_OUTPUT
-
-      - name: scan vulnerabilities by Docker Scout
-        uses: docker/scout-action@v1
-        continue-on-error: true
-        with:
-          command: cves
-          image: local-portainer:${{ github.sha }}
-          sarif-file: image-docker-scout.json
-          dockerhub-user: ${{ secrets.DOCKER_HUB_USERNAME }}
-          dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-      - name: upload Docker Scout image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-feature-result
-          path: image-docker-scout.json
-
-      - name: download Docker Scout artifacts from develop branch built by nightly scan
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./image-docker-scout.json ./image-docker-scout-feature.json
-          (gh run download -n image-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./image-docker-scout.json ]]; then
-            mv ./image-docker-scout.json ./image-docker-scout-develop.json
-          else
-            echo "null" > ./image-docker-scout-develop.json
-          fi
-
-      - name: pr vs develop Docker Scout scan report comparison export to html
-        run: |
-          $(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=docker-scout --path="/data/image-docker-scout-feature.json" --compare-to="/data/image-docker-scout-develop.json" --output-type=table --export --export-filename="/data/image-docker-scout-result")
-
-      - name: upload html file as Docker Scout artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-compare-to-develop-${{github.run_id}}
-          path: image-docker-scout-result.html
-
-      - name: analyse different vulnerabilities against develop branch by Docker Scout
-        id: set-diff-docker-scout-matrix
-        run: |
-          result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=docker-scout --path="/data/image-docker-scout-feature.json" --compare-to="/data/image-docker-scout-develop.json" --output-type=matrix)
-          echo "image_diff_docker_scout_result=${result}" >> $GITHUB_OUTPUT
-
-  result-analysis:
-    name: Analyse Scan Result Against develop Branch
-    needs: [client-dependencies, server-dependencies, image-vulnerability]
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan' &&
-      github.event.pull_request.draft == false
-    strategy:
-      matrix:
-        jsdiff: ${{fromJson(needs.client-dependencies.outputs.jsdiff)}}
-        godiff: ${{fromJson(needs.server-dependencies.outputs.godiff)}}
-        imagediff-trivy: ${{fromJson(needs.image-vulnerability.outputs.imagediff-trivy)}}
-        imagediff-docker-scout: ${{fromJson(needs.image-vulnerability.outputs.imagediff-docker-scout)}}
-    steps:
-      - name: check job status of diff result
-        if: >-
-          matrix.jsdiff.status == 'failure' ||
-          matrix.godiff.status == 'failure' ||
-          matrix.imagediff-trivy.status == 'failure' ||
-          matrix.imagediff-docker-scout.status == 'failure'
-        run: |
-          echo "${{ matrix.jsdiff.status }}"
-          echo "${{ matrix.godiff.status }}"
-          echo "${{ matrix.imagediff-trivy.status }}"
-          echo "${{ matrix.imagediff-docker-scout.status }}"
-          echo "${{ matrix.jsdiff.summary }}"
-          echo "${{ matrix.godiff.summary }}"
-          echo "${{ matrix.imagediff-trivy.summary }}"
-          echo "${{ matrix.imagediff-docker-scout.summary }}"
-          exit 1
--- a/.github/workflows/rebase.yml
+++ b/.github/workflows/rebase.yml
@@ -1,19 +0,0 @@
-name: Automatic Rebase
-on:
-  issue_comment:
-    types: [created]
-jobs:
-  rebase:
-    name: Rebase
-    if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the latest code
-        uses: actions/checkout@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
-      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.4
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,28 +0,0 @@
-name: Close Stale Issues
-on:
-  schedule:
-    - cron: '0 12 * * *'
-  workflow_dispatch:
-jobs:
-  stale:
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-
-    steps:
-    - uses: actions/stale@v8
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-        # Issue Config
-        days-before-issue-stale: 60
-        days-before-issue-close: 7
-        stale-issue-label: 'status/stale'
-        exempt-all-issue-milestones: true # Do not stale issues in a milestone
-        exempt-issue-labels: kind/enhancement, kind/style, kind/workaround, kind/refactor, bug/need-confirmation, bug/confirmed, status/discuss
-        stale-issue-message: 'This issue has been marked as stale as it has not had recent activity, it will be closed if no further activity occurs in the next 7 days. If you believe that it has been incorrectly labelled as stale, leave a comment and the label will be removed.'
-        close-issue-message: 'Since no further activity has appeared on this issue it will be closed. If you believe that it has been incorrectly closed, leave a comment mentioning `portainer/support` and one of our staff will then review the issue. Note - If it is an old bug report, make sure that it is reproduceable in the latest version of Portainer as it may have already been fixed.'
-        
-        # Pull Request Config
-        days-before-pr-stale: -1 # Do not stale pull request
-        days-before-pr-close: -1 # Do not close pull request
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,76 +0,0 @@
-name: Test
-
-env:
-  GO_VERSION: 1.22.5
-  NODE_VERSION: 18.x
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches:
-      - master
-      - develop
-      - release/*
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
-  push:
-    branches:
-      - master
-      - develop
-      - release/*
-
-jobs:
-  test-client:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
-
-    steps:
-      - name: 'checkout the current branch'
-        uses: actions/checkout@v4.1.1
-        with:
-          ref: ${{ github.event.inputs.branch }}
-
-      - name: 'set up node.js'
-        uses: actions/setup-node@v4.0.1
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'yarn'
-
-      - run: yarn --frozen-lockfile
-
-      - name: Run tests
-        run: make test-client ARGS="--maxWorkers=2 --minWorkers=1"
-
-  test-server:
-    strategy:
-      matrix:
-        config:
-          - { platform: linux, arch: amd64 }
-          - { platform: linux, arch: arm64 }
-          - { platform: windows, arch: amd64, version: 1809 }
-          - { platform: windows, arch: amd64, version: ltsc2022 }
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
-
-    steps:
-      - name: 'checkout the current branch'
-        uses: actions/checkout@v4.1.1
-        with:
-          ref: ${{ github.event.inputs.branch }}
-
-      - name: 'set up golang'
-        uses: actions/setup-go@v5.0.0
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: 'install dependencies'
-        run: make test-deps PLATFORM=linux ARCH=amd64
-
-      - name: 'update $PATH'
-        run: echo "$(pwd)/dist" >> $GITHUB_PATH
-
-      - name: 'run tests'
-        run: make test-server
--- a/.github/workflows/validate-openapi-spec.yaml
+++ b/.github/workflows/validate-openapi-spec.yaml
@@ -1,39 +0,0 @@
-name: Validate OpenAPI specs
-
-on:
-  pull_request:
-    branches:
-      - master
-      - develop
-      - 'release/*'
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
-
-env:
-  GO_VERSION: 1.22.5
-  NODE_VERSION: 18.x
-
-jobs:
-  openapi-spec:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-go@v3
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Download golang modules
-        run: cd ./api && go get -t -v -d ./...
-      - uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'yarn'
-      - run: yarn --frozen-lockfile
-
-      - name: Validate OpenAPI Spec
-        run: make docs-validate
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"

-yarn lint-staged
+cd $(dirname -- "$0") && yarn lint-staged
--- a/api/http/handler/edgestacks/edgestack_status_update.go
+++ b/api/http/handler/edgestacks/edgestack_status_update.go
@@ -2,7 +2,6 @@ package edgestacks

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"time"

@@ -64,7 +63,7 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req

 	var payload updateStatusPayload
 	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
-		return httperror.BadRequest("Invalid request payload", fmt.Errorf("edge polling error: %w. Environment ID: %d", err, payload.EndpointID))
+		return httperror.BadRequest("Invalid request payload", err)
 	}

 	var stack *portainer.EdgeStack
@@ -96,16 +95,16 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht
 			return nil, nil
 		}

-		return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w. Environment ID: %d", err, payload.EndpointID)
+		return nil, err
 	}

 	endpoint, err := tx.Endpoint().Endpoint(payload.EndpointID)
 	if err != nil {
-		return nil, handler.handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
+		return nil, handler.handlerDBErr(err, "Unable to find an environment with the specified identifier inside the database")
 	}

 	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return nil, httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+		return nil, httperror.Forbidden("Permission denied to access environment", err)
 	}

 	status := *payload.Status
@@ -124,7 +123,7 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht
 	updateEnvStatus(payload.EndpointID, stack, deploymentStatus)

 	if err := tx.EdgeStack().UpdateEdgeStack(stackID, stack); err != nil {
-		return nil, handler.handlerDBErr(fmt.Errorf("unable to update Edge stack to the database: %w. Environment name: %s", err, endpoint.Name), "unable to update Edge stack")
+		return nil, handler.handlerDBErr(err, "Unable to persist the stack changes inside the database")
 	}

 	return stack, nil
--- a/api/http/handler/endpointedge/endpointedge_job_logs.go
+++ b/api/http/handler/endpointedge/endpointedge_job_logs.go
@@ -2,7 +2,6 @@ package endpointedge

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"strconv"

@@ -40,30 +39,32 @@ func (handler *Handler) endpointEdgeJobsLogs(w http.ResponseWriter, r *http.Requ
 		return httperror.BadRequest("Unable to find an environment on request context", err)
 	}

-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
+	if err != nil {
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	edgeJobID, err := request.RetrieveNumericRouteVariableValue(r, "jobID")
 	if err != nil {
-		return httperror.BadRequest("Invalid edge job identifier route variable", fmt.Errorf("invalid Edge job route variable: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.BadRequest("Invalid edge job identifier route variable", err)
 	}

 	var payload logsPayload
-	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
-		return httperror.BadRequest("Invalid request payload", fmt.Errorf("invalid Edge job request payload: %w. Environment name: %s", err, endpoint.Name))
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
 	}

-	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
+	err = handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
 		return handler.getEdgeJobLobs(tx, endpoint.ID, portainer.EdgeJobID(edgeJobID), payload)
-	}); err != nil {
+	})
+	if err != nil {
 		var httpErr *httperror.HandlerError
 		if errors.As(err, &httpErr) {
-			httpErr.Err = fmt.Errorf("edge polling error: %w. Environment name: %s", httpErr.Err, endpoint.Name)
 			return httpErr
 		}

-		return httperror.InternalServerError("Unexpected error", fmt.Errorf("edge polling error: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unexpected error", err)
 	}

 	return response.JSON(w, nil)
--- a/api/http/handler/endpointedge/endpointedge_stack_inspect.go
+++ b/api/http/handler/endpointedge/endpointedge_stack_inspect.go
@@ -1,7 +1,7 @@
 package endpointedge

 import (
-	"fmt"
+	"errors"
 	"net/http"

 	portainer "github.com/portainer/portainer/api"
@@ -33,26 +33,27 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
 		return httperror.BadRequest("Unable to find an environment on request context", err)
 	}

-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
+	if err != nil {
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	edgeStackID, err := request.RetrieveNumericRouteVariableValue(r, "stackId")
 	if err != nil {
-		return httperror.BadRequest("Invalid edge stack identifier route variable", fmt.Errorf("invalid Edge stack route variable: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.BadRequest("Invalid edge stack identifier route variable", err)
 	}

 	edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
-		return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", err)
 	} else if err != nil {
-		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", err)
 	}

 	fileName := edgeStack.EntryPoint
 	if endpointutils.IsDockerEndpoint(endpoint) {
 		if fileName == "" {
-			return httperror.BadRequest("Docker is not supported by this stack", fmt.Errorf("no filename is provided for the Docker endpoint. Environment name: %s", endpoint.Name))
+			return httperror.BadRequest("Docker is not supported by this stack", errors.New("Docker is not supported by this stack"))
 		}
 	}

@@ -65,18 +66,18 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
 		fileName = edgeStack.ManifestPath

 		if fileName == "" {
-			return httperror.BadRequest("Kubernetes is not supported by this stack", fmt.Errorf("no filename is provided for the Kubernetes endpoint. Environment name: %s", endpoint.Name))
+			return httperror.BadRequest("Kubernetes is not supported by this stack", errors.New("Kubernetes is not supported by this stack"))
 		}
 	}

 	dirEntries, err := filesystem.LoadDir(edgeStack.ProjectPath)
 	if err != nil {
-		return httperror.InternalServerError("Unable to load repository", fmt.Errorf("failed to load project directory: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unable to load repository", err)
 	}

 	fileContent, err := filesystem.FilterDirForCompatibility(dirEntries, fileName, endpoint.Agent.Version)
 	if err != nil {
-		return httperror.InternalServerError("File not found", fmt.Errorf("unable to find file: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("File not found", err)
 	}

 	dirEntries = filesystem.FilterDirForEntryFile(dirEntries, fileName)
--- a/api/http/handler/endpointedge/endpointedge_status_inspect.go
+++ b/api/http/handler/endpointedge/endpointedge_status_inspect.go
@@ -85,25 +85,25 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http

 	if _, ok := handler.DataStore.Endpoint().Heartbeat(portainer.EndpointID(endpointID)); !ok {
 		// EE-5190
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unable to retrieve endpoint heartbeat. Environment ID: %d", endpointID))
+		return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
 	}

 	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if err != nil {
 		// EE-5190
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unable to retrieve endpoint from database: %w. Environment ID: %d", err, endpointID))
+		return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
 	}

 	firstConn := endpoint.LastCheckInDate == 0

 	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unauthorized Edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	handler.DataStore.Endpoint().UpdateHeartbeat(endpoint.ID)

 	if err := handler.requestBouncer.TrustedEdgeEnvironmentAccess(handler.DataStore, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("untrusted Edge environment access: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	var statusResponse *endpointEdgeStatusInspectResponse
@@ -113,11 +113,10 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http
 	}); err != nil {
 		var httpErr *httperror.HandlerError
 		if errors.As(err, &httpErr) {
-			httpErr.Err = fmt.Errorf("edge polling error: %w. Environment name: %s", httpErr.Err, endpoint.Name)
 			return httpErr
 		}

-		return httperror.InternalServerError("Unexpected error", fmt.Errorf("edge polling error: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unexpected error", err)
 	}

 	return cacheResponse(w, endpoint.ID, *statusResponse)
--- a/api/http/handler/endpointgroups/endpointgroup_update.go
+++ b/api/http/handler/endpointgroups/endpointgroup_update.go
@@ -98,8 +98,8 @@ func (handler *Handler) updateEndpointGroup(tx dataservices.DataStoreTx, endpoin
 		payloadTagSet := tag.Set(payload.TagIDs)
 		endpointGroupTagSet := tag.Set((endpointGroup.TagIDs))
 		union := tag.Union(payloadTagSet, endpointGroupTagSet)
-		intersection := tag.IntersectionCount(payloadTagSet, endpointGroupTagSet)
-		tagsChanged = len(union) > intersection
+		intersection := tag.Intersection(payloadTagSet, endpointGroupTagSet)
+		tagsChanged = len(union) > len(intersection)

 		if tagsChanged {
 			removeTags := tag.Difference(endpointGroupTagSet, payloadTagSet)
--- a/api/http/handler/endpoints/filter.go
+++ b/api/http/handler/endpoints/filter.go
@@ -193,7 +193,7 @@ func (handler *Handler) filterEndpointsByQuery(
 			return nil, 0, errors.WithMessage(err, "Unable to retrieve tags from the database")
 		}

-		tagsMap := make(map[portainer.TagID]string, len(tags))
+		tagsMap := make(map[portainer.TagID]string)
 		for _, tag := range tags {
 			tagsMap[tag.ID] = tag.Name
 		}
@@ -304,7 +304,8 @@ func filterEndpointsBySearchCriteria(
 ) []portainer.Endpoint {
 	n := 0
 	for _, endpoint := range endpoints {
-		if endpointMatchSearchCriteria(&endpoint, tagsMap, searchCriteria) {
+		endpointTags := convertTagIDsToTags(tagsMap, endpoint.TagIDs)
+		if endpointMatchSearchCriteria(&endpoint, endpointTags, searchCriteria) {
 			endpoints[n] = endpoint
 			n++

@@ -318,7 +319,7 @@ func filterEndpointsBySearchCriteria(
 			continue
 		}

-		if edgeGroupMatchSearchCriteria(&endpoint, edgeGroups, searchCriteria, endpointGroups) {
+		if edgeGroupMatchSearchCriteria(&endpoint, edgeGroups, searchCriteria, endpoints, endpointGroups) {
 			endpoints[n] = endpoint
 			n++

@@ -364,7 +365,7 @@ func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []portai
 	return endpoints[:n]
 }

-func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
+func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, searchCriteria string) bool {
 	if strings.Contains(strings.ToLower(endpoint.Name), searchCriteria) {
 		return true
 	}
@@ -379,8 +380,8 @@ func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[porta
 		return true
 	}

-	for _, tagID := range endpoint.TagIDs {
-		if strings.Contains(strings.ToLower(tagsMap[tagID]), searchCriteria) {
+	for _, tag := range tags {
+		if strings.Contains(strings.ToLower(tag), searchCriteria) {
 			return true
 		}
 	}
@@ -390,18 +391,17 @@ func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[porta

 func endpointGroupMatchSearchCriteria(endpoint *portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
 	for _, group := range endpointGroups {
-		if group.ID != endpoint.GroupID {
-			continue
-		}
-
-		if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
-			return true
-		}
-
-		for _, tagID := range group.TagIDs {
-			if strings.Contains(strings.ToLower(tagsMap[tagID]), searchCriteria) {
+		if group.ID == endpoint.GroupID {
+			if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
 				return true
 			}
+
+			tags := convertTagIDsToTags(tagsMap, group.TagIDs)
+			for _, tag := range tags {
+				if strings.Contains(strings.ToLower(tag), searchCriteria) {
+					return true
+				}
+			}
 		}
 	}

@@ -413,10 +413,11 @@ func edgeGroupMatchSearchCriteria(
 	endpoint *portainer.Endpoint,
 	edgeGroups []portainer.EdgeGroup,
 	searchCriteria string,
+	endpoints []portainer.Endpoint,
 	endpointGroups []portainer.EndpointGroup,
 ) bool {
 	for _, edgeGroup := range edgeGroups {
-		relatedEndpointIDs := edge.EdgeGroupRelatedEndpoints(&edgeGroup, []portainer.Endpoint{*endpoint}, endpointGroups)
+		relatedEndpointIDs := edge.EdgeGroupRelatedEndpoints(&edgeGroup, endpoints, endpointGroups)

 		for _, endpointID := range relatedEndpointIDs {
 			if endpointID == endpoint.ID {
@@ -447,6 +448,16 @@ func filterEndpointsByTypes(endpoints []portainer.Endpoint, endpointTypes []port
 	return endpoints[:n]
 }

+func convertTagIDsToTags(tagsMap map[portainer.TagID]string, tagIDs []portainer.TagID) []string {
+	tags := make([]string, 0, len(tagIDs))
+
+	for _, tagID := range tagIDs {
+		tags = append(tags, tagsMap[tagID])
+	}
+
+	return tags
+}
+
 func filteredEndpointsByTags(endpoints []portainer.Endpoint, tagIDs []portainer.TagID, endpointGroups []portainer.EndpointGroup, partialMatch bool) []portainer.Endpoint {
 	n := 0
 	for _, endpoint := range endpoints {
--- a/api/http/handler/endpoints/filter_test.go
+++ b/api/http/handler/endpoints/filter_test.go
@@ -1,7 +1,6 @@
 package endpoints

 import (
-	"strconv"
 	"testing"

 	portainer "github.com/portainer/portainer/api"
@@ -149,103 +148,6 @@ func Test_Filter_excludeIDs(t *testing.T) {
 	runTests(tests, t, handler, environments)
 }

-func BenchmarkFilterEndpointsBySearchCriteria_PartialMatch(b *testing.B) {
-	n := 10000
-
-	endpointIDs := []portainer.EndpointID{}
-
-	endpoints := []portainer.Endpoint{}
-	for i := range n {
-		endpoints = append(endpoints, portainer.Endpoint{
-			ID:      portainer.EndpointID(i + 1),
-			Name:    "endpoint-" + strconv.Itoa(i+1),
-			GroupID: 1,
-			TagIDs:  []portainer.TagID{1},
-			Type:    portainer.EdgeAgentOnDockerEnvironment,
-		})
-
-		endpointIDs = append(endpointIDs, portainer.EndpointID(i+1))
-	}
-
-	endpointGroups := []portainer.EndpointGroup{}
-
-	edgeGroups := []portainer.EdgeGroup{}
-	for i := range 1000 {
-		edgeGroups = append(edgeGroups, portainer.EdgeGroup{
-			ID:           portainer.EdgeGroupID(i + 1),
-			Name:         "edge-group-" + strconv.Itoa(i+1),
-			Endpoints:    append([]portainer.EndpointID{}, endpointIDs...),
-			Dynamic:      true,
-			TagIDs:       []portainer.TagID{1, 2, 3},
-			PartialMatch: true,
-		})
-	}
-
-	tagsMap := map[portainer.TagID]string{}
-	for i := range 10 {
-		tagsMap[portainer.TagID(i+1)] = "tag-" + strconv.Itoa(i+1)
-	}
-
-	searchString := "edge-group"
-
-	b.ResetTimer()
-
-	for range b.N {
-		e := filterEndpointsBySearchCriteria(endpoints, endpointGroups, edgeGroups, tagsMap, searchString)
-		if len(e) != n {
-			b.FailNow()
-		}
-	}
-}
-
-func BenchmarkFilterEndpointsBySearchCriteria_FullMatch(b *testing.B) {
-	n := 10000
-
-	endpointIDs := []portainer.EndpointID{}
-
-	endpoints := []portainer.Endpoint{}
-	for i := range n {
-		endpoints = append(endpoints, portainer.Endpoint{
-			ID:      portainer.EndpointID(i + 1),
-			Name:    "endpoint-" + strconv.Itoa(i+1),
-			GroupID: 1,
-			TagIDs:  []portainer.TagID{1, 2, 3},
-			Type:    portainer.EdgeAgentOnDockerEnvironment,
-		})
-
-		endpointIDs = append(endpointIDs, portainer.EndpointID(i+1))
-	}
-
-	endpointGroups := []portainer.EndpointGroup{}
-
-	edgeGroups := []portainer.EdgeGroup{}
-	for i := range 1000 {
-		edgeGroups = append(edgeGroups, portainer.EdgeGroup{
-			ID:        portainer.EdgeGroupID(i + 1),
-			Name:      "edge-group-" + strconv.Itoa(i+1),
-			Endpoints: append([]portainer.EndpointID{}, endpointIDs...),
-			Dynamic:   true,
-			TagIDs:    []portainer.TagID{1},
-		})
-	}
-
-	tagsMap := map[portainer.TagID]string{}
-	for i := range 10 {
-		tagsMap[portainer.TagID(i+1)] = "tag-" + strconv.Itoa(i+1)
-	}
-
-	searchString := "edge-group"
-
-	b.ResetTimer()
-
-	for range b.N {
-		e := filterEndpointsBySearchCriteria(endpoints, endpointGroups, edgeGroups, tagsMap, searchString)
-		if len(e) != n {
-			b.FailNow()
-		}
-	}
-}
-
 func runTests(tests []filterTest, t *testing.T, handler *Handler, endpoints []portainer.Endpoint) {
 	for _, test := range tests {
 		t.Run(test.title, func(t *testing.T) {
--- a/api/http/models/kubernetes/application.go
+++ b/api/http/models/kubernetes/application.go
@@ -70,8 +70,8 @@ type TLSInfo struct {

 // Existing types
 type K8sApplicationResource struct {
-	CPURequest    float64 `json:"CpuRequest"`
-	CPULimit      float64 `json:"CpuLimit"`
-	MemoryRequest int64   `json:"MemoryRequest"`
-	MemoryLimit   int64   `json:"MemoryLimit"`
+	CPURequest    int64 `json:"CpuRequest"`
+	CPULimit      int64 `json:"CpuLimit"`
+	MemoryRequest int64 `json:"MemoryRequest"`
+	MemoryLimit   int64 `json:"MemoryLimit"`
 }
--- a/api/internal/edge/edgegroup.go
+++ b/api/internal/edge/edgegroup.go
@@ -77,7 +77,6 @@ func edgeGroupRelatedToEndpoint(edgeGroup *portainer.EdgeGroup, endpoint *portai
 				return true
 			}
 		}
-
 		return false
 	}

@@ -85,10 +84,12 @@ func edgeGroupRelatedToEndpoint(edgeGroup *portainer.EdgeGroup, endpoint *portai
 	if endpointGroup.TagIDs != nil {
 		endpointTags = tag.Union(endpointTags, tag.Set(endpointGroup.TagIDs))
 	}
+	edgeGroupTags := tag.Set(edgeGroup.TagIDs)

 	if edgeGroup.PartialMatch {
-		return tag.PartialMatch(edgeGroup.TagIDs, endpointTags)
+		intersection := tag.Intersection(endpointTags, edgeGroupTags)
+		return len(intersection) != 0
 	}

-	return tag.FullMatch(edgeGroup.TagIDs, endpointTags)
+	return tag.FullMatch(edgeGroupTags, endpointTags)
 }
--- a/api/kubernetes/cli/applications.go
+++ b/api/kubernetes/cli/applications.go
@@ -135,8 +135,8 @@ func (kcl *KubeClient) GetApplicationsResource(namespace, node string) (models.K

 	for _, pod := range pods.Items {
 		for _, container := range pod.Spec.Containers {
-			resource.CPURequest += float64(container.Resources.Requests.Cpu().MilliValue())
-			resource.CPULimit += float64(container.Resources.Limits.Cpu().MilliValue())
+			resource.CPURequest += container.Resources.Requests.Cpu().MilliValue()
+			resource.CPULimit += container.Resources.Limits.Cpu().MilliValue()
 			resource.MemoryRequest += container.Resources.Requests.Memory().Value()
 			resource.MemoryLimit += container.Resources.Limits.Memory().Value()
 		}
@@ -356,8 +356,8 @@ func updateApplicationWithService(application models.K8sApplication, services []
 func calculateResourceUsage(pod corev1.Pod) models.K8sApplicationResource {
 	resource := models.K8sApplicationResource{}
 	for _, container := range pod.Spec.Containers {
-		resource.CPURequest += float64(container.Resources.Requests.Cpu().MilliValue())
-		resource.CPULimit += float64(container.Resources.Limits.Cpu().MilliValue())
+		resource.CPURequest += container.Resources.Requests.Cpu().MilliValue()
+		resource.CPULimit += container.Resources.Limits.Cpu().MilliValue()
 		resource.MemoryRequest += container.Resources.Requests.Memory().Value()
 		resource.MemoryLimit += container.Resources.Limits.Memory().Value()
 	}
--- a/api/kubernetes/cli/volumes.go
+++ b/api/kubernetes/cli/volumes.go
@@ -214,7 +214,6 @@ func (kcl *KubeClient) CombineVolumesWithApplications(volumes *[]models.K8sVolum

 	hasReplicaSetOwnerReference := containsReplicaSetOwnerReference(pods)
 	replicaSetItems := make([]appsv1.ReplicaSet, 0)
-	deploymentItems := make([]appsv1.Deployment, 0)
 	if hasReplicaSetOwnerReference {
 		replicaSets, err := kcl.cli.AppsV1().ReplicaSets("").List(context.Background(), metav1.ListOptions{})
 		if err != nil {
@@ -222,48 +221,19 @@ func (kcl *KubeClient) CombineVolumesWithApplications(volumes *[]models.K8sVolum
 			return nil, fmt.Errorf("an error occurred during the CombineVolumesWithApplications operation, unable to list replica sets across the cluster. Error: %w", err)
 		}
 		replicaSetItems = replicaSets.Items
-
-		deployments, err := kcl.cli.AppsV1().Deployments("").List(context.Background(), metav1.ListOptions{})
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to list deployments across the cluster")
-			return nil, fmt.Errorf("an error occurred during the CombineVolumesWithApplications operation, unable to list deployments across the cluster. Error: %w", err)
-		}
-		deploymentItems = deployments.Items
 	}

-	hasStatefulSetOwnerReference := containsStatefulSetOwnerReference(pods)
-	statefulSetItems := make([]appsv1.StatefulSet, 0)
-	if hasStatefulSetOwnerReference {
-		statefulSets, err := kcl.cli.AppsV1().StatefulSets("").List(context.Background(), metav1.ListOptions{})
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to list stateful sets across the cluster")
-			return nil, fmt.Errorf("an error occurred during the CombineVolumesWithApplications operation, unable to list stateful sets across the cluster. Error: %w", err)
-		}
-		statefulSetItems = statefulSets.Items
-	}
-
-	hasDaemonSetOwnerReference := containsDaemonSetOwnerReference(pods)
-	daemonSetItems := make([]appsv1.DaemonSet, 0)
-	if hasDaemonSetOwnerReference {
-		daemonSets, err := kcl.cli.AppsV1().DaemonSets("").List(context.Background(), metav1.ListOptions{})
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to list daemon sets across the cluster")
-			return nil, fmt.Errorf("an error occurred during the CombineVolumesWithApplications operation, unable to list daemon sets across the cluster. Error: %w", err)
-		}
-		daemonSetItems = daemonSets.Items
-	}
-
-	return kcl.updateVolumesWithOwningApplications(volumes, pods, deploymentItems, replicaSetItems, statefulSetItems, daemonSetItems)
+	return kcl.updateVolumesWithOwningApplications(volumes, pods, replicaSetItems)
 }

 // updateVolumesWithOwningApplications updates the volumes with the applications that use them.
-func (kcl *KubeClient) updateVolumesWithOwningApplications(volumes *[]models.K8sVolumeInfo, pods *corev1.PodList, deploymentItems []appsv1.Deployment, replicaSetItems []appsv1.ReplicaSet, statefulSetItems []appsv1.StatefulSet, daemonSetItems []appsv1.DaemonSet) (*[]models.K8sVolumeInfo, error) {
+func (kcl *KubeClient) updateVolumesWithOwningApplications(volumes *[]models.K8sVolumeInfo, pods *corev1.PodList, replicaSetItems []appsv1.ReplicaSet) (*[]models.K8sVolumeInfo, error) {
 	for i, volume := range *volumes {
 		for _, pod := range pods.Items {
 			if pod.Spec.Volumes != nil {
 				for _, podVolume := range pod.Spec.Volumes {
-					if podVolume.VolumeSource.PersistentVolumeClaim != nil && podVolume.VolumeSource.PersistentVolumeClaim.ClaimName == volume.PersistentVolumeClaim.Name && pod.Namespace == volume.PersistentVolumeClaim.Namespace {
-						application, err := kcl.ConvertPodToApplication(pod, replicaSetItems, deploymentItems, statefulSetItems, daemonSetItems, []corev1.Service{}, false)
+					if podVolume.PersistentVolumeClaim != nil && podVolume.PersistentVolumeClaim.ClaimName == volume.PersistentVolumeClaim.Name && pod.Namespace == volume.PersistentVolumeClaim.Namespace {
+						application, err := kcl.ConvertPodToApplication(pod, replicaSetItems, []appsv1.Deployment{}, []appsv1.StatefulSet{}, []appsv1.DaemonSet{}, []corev1.Service{}, false)
 						if err != nil {
 							log.Error().Err(err).Msg("Failed to convert pod to application")
 							return nil, fmt.Errorf("an error occurred during the CombineServicesWithApplications operation, unable to convert pod to application. Error: %w", err)
--- a/api/oauth/oauth.go
+++ b/api/oauth/oauth.go
@@ -31,19 +31,19 @@ func NewService() *Service {
 func (*Service) Authenticate(code string, configuration *portainer.OAuthSettings) (string, error) {
 	token, err := getOAuthToken(code, configuration)
 	if err != nil {
-		log.Error().Err(err).Msg("failed retrieving oauth token")
+		log.Debug().Err(err).Msg("failed retrieving oauth token")

 		return "", err
 	}

 	idToken, err := getIdToken(token)
 	if err != nil {
-		log.Error().Err(err).Msg("failed parsing id_token")
+		log.Debug().Err(err).Msg("failed parsing id_token")
 	}

 	resource, err := getResource(token.AccessToken, configuration)
 	if err != nil {
-		log.Error().Err(err).Msg("failed retrieving resource")
+		log.Debug().Err(err).Msg("failed retrieving resource")

 		return "", err
 	}
@@ -52,7 +52,7 @@ func (*Service) Authenticate(code string, configuration *portainer.OAuthSettings

 	username, err := getUsername(resource, configuration)
 	if err != nil {
-		log.Error().Err(err).Msg("failed retrieving username")
+		log.Debug().Err(err).Msg("failed retrieving username")

 		return "", err
 	}
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -1599,7 +1599,7 @@ type (

 const (
 	// APIVersion is the version number of the Portainer API
-	APIVersion = "2.22.0-test"
+	APIVersion = "2.22.0"
 	// Edition is what this edition of Portainer is called
 	Edition = PortainerCE
 	// ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax
--- a/api/tag/tag.go
+++ b/api/tag/tag.go
@@ -1,63 +1,64 @@
 package tag

-import (
-	portainer "github.com/portainer/portainer/api"
-)
+import portainer "github.com/portainer/portainer/api"

-type tagSet map[portainer.TagID]struct{}
+type tagSet map[portainer.TagID]bool

 // Set converts an array of ids to a set
 func Set(tagIDs []portainer.TagID) tagSet {
-	set := map[portainer.TagID]struct{}{}
+	set := map[portainer.TagID]bool{}
 	for _, tagID := range tagIDs {
-		set[tagID] = struct{}{}
+		set[tagID] = true
 	}
-
 	return set
 }

-// IntersectionCount returns the element count of the intersection of the sets
-func IntersectionCount(setA, setB tagSet) int {
-	if len(setA) > len(setB) {
-		setA, setB = setB, setA
+// Intersection returns a set intersection of the provided sets
+func Intersection(sets ...tagSet) tagSet {
+	intersection := tagSet{}
+	if len(sets) == 0 {
+		return intersection
 	}
-
-	count := 0
-
+	setA := sets[0]
 	for tag := range setA {
-		if _, ok := setB[tag]; ok {
-			count++
+		inAll := true
+		for _, setB := range sets {
+			if !setB[tag] {
+				inAll = false
+				break
+			}
+		}
+
+		if inAll {
+			intersection[tag] = true
 		}
 	}

-	return count
+	return intersection
 }

 // Union returns a set union of provided sets
 func Union(sets ...tagSet) tagSet {
 	union := tagSet{}
-
 	for _, set := range sets {
 		for tag := range set {
-			union[tag] = struct{}{}
+			union[tag] = true
 		}
 	}
-
 	return union
 }

 // Contains return true if setA contains setB
-func Contains(setA tagSet, setB []portainer.TagID) bool {
+func Contains(setA tagSet, setB tagSet) bool {
 	if len(setA) == 0 || len(setB) == 0 {
 		return false
 	}

-	for _, tag := range setB {
-		if _, ok := setA[tag]; !ok {
+	for tag := range setB {
+		if !setA[tag] {
 			return false
 		}
 	}
-
 	return true
 }

@@ -66,8 +67,8 @@ func Difference(setA tagSet, setB tagSet) tagSet {
 	set := tagSet{}

 	for tag := range setA {
-		if _, ok := setB[tag]; !ok {
-			set[tag] = struct{}{}
+		if !setB[tag] {
+			set[tag] = true
 		}
 	}

--- a/api/tag/tag_match.go
+++ b/api/tag/tag_match.go
@@ -1,19 +1,11 @@
 package tag

-import portainer "github.com/portainer/portainer/api"
-
 // FullMatch returns true if environment tags matches all edge group tags
-func FullMatch(edgeGroupTags []portainer.TagID, environmentTags tagSet) bool {
+func FullMatch(edgeGroupTags tagSet, environmentTags tagSet) bool {
 	return Contains(environmentTags, edgeGroupTags)
 }

 // PartialMatch returns true if environment tags matches at least one edge group tag
-func PartialMatch(edgeGroupTags []portainer.TagID, environmentTags tagSet) bool {
-	for _, tagID := range edgeGroupTags {
-		if _, ok := environmentTags[tagID]; ok {
-			return true
-		}
-	}
-
-	return false
+func PartialMatch(edgeGroupTags tagSet, environmentTags tagSet) bool {
+	return len(Intersection(edgeGroupTags, environmentTags)) != 0
 }
--- a/api/tag/tag_match_test.go
+++ b/api/tag/tag_match_test.go
@@ -9,49 +9,49 @@ import (
 func TestFullMatch(t *testing.T) {
 	cases := []struct {
 		name           string
-		edgeGroupTags  []portainer.TagID
+		edgeGroupTags  tagSet
 		environmentTag tagSet
 		expected       bool
 	}{
 		{
 			name:           "environment tag partially match edge group tags",
-			edgeGroupTags:  []portainer.TagID{1, 2, 3},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2, 3}),
 			environmentTag: Set([]portainer.TagID{1, 2}),
 			expected:       false,
 		},
 		{
 			name:           "edge group tags equal to environment tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{1, 2}),
 			expected:       true,
 		},
 		{
 			name:           "environment tags fully match edge group tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{1, 2, 3}),
 			expected:       true,
 		},
 		{
 			name:           "environment tags do not match edge group tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{3, 4}),
 			expected:       false,
 		},
 		{
 			name:           "edge group has no tags and environment has tags",
-			edgeGroupTags:  []portainer.TagID{},
+			edgeGroupTags:  Set([]portainer.TagID{}),
 			environmentTag: Set([]portainer.TagID{1, 2}),
 			expected:       false,
 		},
 		{
 			name:           "edge group has tags and environment has no tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{}),
 			expected:       false,
 		},
 		{
 			name:           "both edge group and environment have no tags",
-			edgeGroupTags:  []portainer.TagID{},
+			edgeGroupTags:  Set([]portainer.TagID{}),
 			environmentTag: Set([]portainer.TagID{}),
 			expected:       false,
 		},
@@ -70,55 +70,55 @@ func TestFullMatch(t *testing.T) {
 func TestPartialMatch(t *testing.T) {
 	cases := []struct {
 		name           string
-		edgeGroupTags  []portainer.TagID
+		edgeGroupTags  tagSet
 		environmentTag tagSet
 		expected       bool
 	}{
 		{
 			name:           "environment tags partially match edge group tags 1",
-			edgeGroupTags:  []portainer.TagID{1, 2, 3},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2, 3}),
 			environmentTag: Set([]portainer.TagID{1, 2}),
 			expected:       true,
 		},
 		{
 			name:           "environment tags partially match edge group tags 2",
-			edgeGroupTags:  []portainer.TagID{1, 2, 3},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2, 3}),
 			environmentTag: Set([]portainer.TagID{1, 4, 5}),
 			expected:       true,
 		},
 		{
 			name:           "edge group tags equal to environment tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{1, 2}),
 			expected:       true,
 		},
 		{
 			name:           "environment tags fully match edge group tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{1, 2, 3}),
 			expected:       true,
 		},
 		{
 			name:           "environment tags do not match edge group tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{3, 4}),
 			expected:       false,
 		},
 		{
 			name:           "edge group has no tags and environment has tags",
-			edgeGroupTags:  []portainer.TagID{},
+			edgeGroupTags:  Set([]portainer.TagID{}),
 			environmentTag: Set([]portainer.TagID{1, 2}),
 			expected:       false,
 		},
 		{
 			name:           "edge group has tags and environment has no tags",
-			edgeGroupTags:  []portainer.TagID{1, 2},
+			edgeGroupTags:  Set([]portainer.TagID{1, 2}),
 			environmentTag: Set([]portainer.TagID{}),
 			expected:       false,
 		},
 		{
 			name:           "both edge group and environment have no tags",
-			edgeGroupTags:  []portainer.TagID{},
+			edgeGroupTags:  Set([]portainer.TagID{}),
 			environmentTag: Set([]portainer.TagID{}),
 			expected:       false,
 		},
--- a/api/tag/tag_test.go
+++ b/api/tag/tag_test.go
@@ -7,49 +7,49 @@ import (
 	portainer "github.com/portainer/portainer/api"
 )

-func TestIntersectionCount(t *testing.T) {
+func TestIntersection(t *testing.T) {
 	cases := []struct {
 		name     string
 		setA     tagSet
 		setB     tagSet
-		expected int
+		expected tagSet
 	}{
 		{
 			name:     "positive numbers set intersection",
 			setA:     Set([]portainer.TagID{1, 2, 3, 4, 5}),
 			setB:     Set([]portainer.TagID{4, 5, 6, 7}),
-			expected: 2,
+			expected: Set([]portainer.TagID{4, 5}),
 		},
 		{
 			name:     "empty setA intersection",
 			setA:     Set([]portainer.TagID{1, 2, 3}),
 			setB:     Set([]portainer.TagID{}),
-			expected: 0,
+			expected: Set([]portainer.TagID{}),
 		},
 		{
 			name:     "empty setB intersection",
 			setA:     Set([]portainer.TagID{}),
 			setB:     Set([]portainer.TagID{1, 2, 3}),
-			expected: 0,
+			expected: Set([]portainer.TagID{}),
 		},
 		{
 			name:     "no common elements sets intersection",
 			setA:     Set([]portainer.TagID{1, 2, 3}),
 			setB:     Set([]portainer.TagID{4, 5, 6}),
-			expected: 0,
+			expected: Set([]portainer.TagID{}),
 		},
 		{
 			name:     "equal sets intersection",
 			setA:     Set([]portainer.TagID{1, 2, 3}),
 			setB:     Set([]portainer.TagID{1, 2, 3}),
-			expected: 3,
+			expected: Set([]portainer.TagID{1, 2, 3}),
 		},
 	}

 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
-			result := IntersectionCount(tc.setA, tc.setB)
-			if result != tc.expected {
+			result := Intersection(tc.setA, tc.setB)
+			if !reflect.DeepEqual(result, tc.expected) {
 				t.Errorf("Expected %v, got %v", tc.expected, result)
 			}
 		})
@@ -109,49 +109,49 @@ func TestContains(t *testing.T) {
 	cases := []struct {
 		name     string
 		setA     tagSet
-		setB     []portainer.TagID
+		setB     tagSet
 		expected bool
 	}{
 		{
 			name:     "setA contains setB",
 			setA:     Set([]portainer.TagID{1, 2, 3}),
-			setB:     []portainer.TagID{1, 2},
+			setB:     Set([]portainer.TagID{1, 2}),
 			expected: true,
 		},
 		{
 			name:     "setA equals to setB",
 			setA:     Set([]portainer.TagID{1, 2}),
-			setB:     []portainer.TagID{1, 2},
+			setB:     Set([]portainer.TagID{1, 2}),
 			expected: true,
 		},
 		{
 			name:     "setA contains parts of setB",
 			setA:     Set([]portainer.TagID{1, 2}),
-			setB:     []portainer.TagID{1, 2, 3},
+			setB:     Set([]portainer.TagID{1, 2, 3}),
 			expected: false,
 		},
 		{
 			name:     "setA does not contain setB",
 			setA:     Set([]portainer.TagID{1, 2}),
-			setB:     []portainer.TagID{3, 4},
+			setB:     Set([]portainer.TagID{3, 4}),
 			expected: false,
 		},
 		{
 			name:     "setA is empty and setB is not empty",
 			setA:     Set([]portainer.TagID{}),
-			setB:     []portainer.TagID{1, 2},
+			setB:     Set([]portainer.TagID{1, 2}),
 			expected: false,
 		},
 		{
 			name:     "setA is not empty and setB is empty",
 			setA:     Set([]portainer.TagID{1, 2}),
-			setB:     []portainer.TagID{},
+			setB:     Set([]portainer.TagID{}),
 			expected: false,
 		},
 		{
 			name:     "setA is empty and setB is empty",
 			setA:     Set([]portainer.TagID{}),
-			setB:     []portainer.TagID{},
+			setB:     Set([]portainer.TagID{}),
 			expected: false,
 		},
 	}
--- a/app/kubernetes/helpers/application/index.js
+++ b/app/kubernetes/helpers/application/index.js
@@ -21,7 +21,7 @@ import {
  KubernetesApplicationVolumePersistentPayload,
  KubernetesApplicationVolumeSecretPayload,
 } from 'Kubernetes/models/application/payloads';
-import { generatedApplicationConfigVolumeName } from '@/react/kubernetes/volumes/utils';
+import KubernetesVolumeHelper from 'Kubernetes/helpers/volumeHelper';
 import { HelmApplication } from 'Kubernetes/models/application/models';
 import { KubernetesApplicationDeploymentTypes, KubernetesApplicationTypes } from 'Kubernetes/models/application/models/appConstants';
 import { KubernetesPodAffinity, KubernetesPodNodeAffinityNodeSelectorRequirementOperators } from 'Kubernetes/pod/models';
@@ -239,7 +239,7 @@ class KubernetesApplicationHelper {
        const volKeys = _.filter(config.overridenKeys, (item) => item.type === 'FILESYSTEM');
        const groupedVolKeys = _.groupBy(volKeys, 'path');
        _.forEach(groupedVolKeys, (items, path) => {
-          const volumeName = generatedApplicationConfigVolumeName(app.Name);
+          const volumeName = KubernetesVolumeHelper.generatedApplicationConfigVolumeName(app.Name);
          const configurationName = config.selectedConfiguration.metadata.name;
          const itemsMap = _.map(items, (item) => {
            const entry = new KubernetesApplicationVolumeEntryPayload();
--- a/app/kubernetes/helpers/volumeHelper.js
+++ b/app/kubernetes/helpers/volumeHelper.js
@@ -1,4 +1,5 @@
 import _ from 'lodash-es';
+import uuidv4 from 'uuid/v4';
 import { KubernetesApplicationTypes } from 'Kubernetes/models/application/models/appConstants';

 class KubernetesVolumeHelper {
@@ -19,6 +20,18 @@ class KubernetesVolumeHelper {
      );
    });
  }
+
+  static isUsed(item) {
+    return item.Applications.length !== 0;
+  }
+
+  static generatedApplicationConfigVolumeName(name) {
+    return 'config-' + name + '-' + uuidv4();
+  }
+
+  static isExternalVolume(volume) {
+    return !volume.PersistentVolumeClaim.ApplicationOwner;
+  }
 }

 export default KubernetesVolumeHelper;
--- a/app/kubernetes/views/applications/create/createApplicationController.js
+++ b/app/kubernetes/views/applications/create/createApplicationController.js
@@ -29,7 +29,6 @@ import { confirm, confirmUpdate, confirmWebEditorDiscard } from '@@/modals/confi
 import { buildConfirmButton } from '@@/modals/utils';
 import { ModalType } from '@@/modals';
 import { KUBE_STACK_NAME_VALIDATION_REGEX } from '@/react/kubernetes/DeployView/StackName/constants';
-import { isVolumeUsed } from '@/react/kubernetes/volumes/utils';

 class KubernetesCreateApplicationController {
  /* #region  CONSTRUCTOR */
@@ -786,7 +785,7 @@ class KubernetesCreateApplicationController {
        });
        this.volumes = volumes;
        const filteredVolumes = _.filter(this.volumes, (volume) => {
-          const isUnused = !isVolumeUsed(volume);
+          const isUnused = !KubernetesVolumeHelper.isUsed(volume);
          const isRWX = volume.PersistentVolumeClaim.storageClass && _.includes(volume.PersistentVolumeClaim.storageClass.AccessModes, 'RWX');
          return isUnused || isRWX;
        });
--- a/app/kubernetes/views/cluster/node/nodeController.js
+++ b/app/kubernetes/views/cluster/node/nodeController.js
@@ -310,9 +310,7 @@ class KubernetesNodeController {
  }

  getNodeUsage() {
-    if (this.hasResourceUsageAccess()) {
-      return this.$async(this.getNodeUsageAsync);
-    }
+    return this.$async(this.getNodeUsageAsync);
  }

  hasEventWarnings() {
@@ -363,7 +361,9 @@ class KubernetesNodeController {
      useServerMetrics: this.endpoint.Kubernetes.Configuration.UseServerMetrics,
    };

-    await Promise.allSettled([this.getNodes(), this.getEvents(), this.getEndpoints(), this.getNodeUsage()]);
+    await this.getNodes();
+    await this.getEvents();
+    await this.getEndpoints();

    this.availableEffects = _.values(KubernetesNodeTaintEffects);
    this.formValues = KubernetesNodeConverter.nodeToFormValues(this.node);
--- a/app/kubernetes/views/volumes/edit/volumeController.js
+++ b/app/kubernetes/views/volumes/edit/volumeController.js
@@ -6,7 +6,6 @@ import KubernetesEventHelper from 'Kubernetes/helpers/eventHelper';
 import { KubernetesStorageClassAccessPolicies } from 'Kubernetes/models/storage-class/models';
 import KubernetesNamespaceHelper from 'Kubernetes/helpers/namespaceHelper';
 import { confirmRedeploy } from '@/react/kubernetes/volumes/ItemView/ConfirmRedeployModal';
-import { isVolumeUsed, isVolumeExternal } from '@/react/kubernetes/volumes/utils';

 class KubernetesVolumeController {
  /* @ngInject */
@@ -50,7 +49,7 @@ class KubernetesVolumeController {
  }

  isExternalVolume() {
-    return isVolumeExternal(this.volume);
+    return KubernetesVolumeHelper.isExternalVolume(this.volume);
  }

  isSystemNamespace() {
@@ -58,7 +57,7 @@ class KubernetesVolumeController {
  }

  isUsed() {
-    return isVolumeUsed(this.volume);
+    return KubernetesVolumeHelper.isUsed(this.volume);
  }

  onChangeSize() {
@@ -103,7 +102,7 @@ class KubernetesVolumeController {
  }

  updateVolume() {
-    if (isVolumeUsed(this.volume)) {
+    if (KubernetesVolumeHelper.isUsed(this.volume)) {
      confirmRedeploy().then((redeploy) => {
        return this.$async(this.updateVolumeAsync, redeploy);
      });
--- a/app/react/edge/edge-stacks/ItemView/EnvironmentsDatatable/columns.tsx
+++ b/app/react/edge/edge-stacks/ItemView/EnvironmentsDatatable/columns.tsx
@@ -139,7 +139,7 @@ function ErrorCell({
      </div>
      <div
        className={clsx('overflow-hidden whitespace-normal', {
-          'h-[1.5em]': !isExpanded,
+          'h-[1.5em]': isExpanded,
        })}
      >
        {value}
--- a/app/react/kubernetes/volumes/ListView/VolumesDatatable.tsx
+++ b/app/react/kubernetes/volumes/ListView/VolumesDatatable.tsx
@@ -1,6 +1,7 @@
 import { Database } from 'lucide-react';

 import { Authorized, useAuthorizations } from '@/react/hooks/useUser';
+import KubernetesVolumeHelper from '@/kubernetes/helpers/volumeHelper';
 import { useEnvironmentId } from '@/react/hooks/useEnvironmentId';

 import { refreshableSettings } from '@@/datatables/types';
@@ -19,7 +20,6 @@ import { useNamespacesQuery } from '../../namespaces/queries/useNamespacesQuery'
 import { useAllVolumesQuery } from '../queries/useVolumesQuery';
 import { isSystemNamespace } from '../../namespaces/queries/useIsSystemNamespace';
 import { useDeleteVolumes } from '../queries/useDeleteVolumes';
-import { isVolumeUsed } from '../utils';

 import { columns } from './columns';

@@ -68,7 +68,7 @@ export function VolumesDatatable() {
      disableSelect={!hasWriteAuth}
      isRowSelectable={({ original: volume }) =>
        !isSystemNamespace(volume.ResourcePool.Namespace.Name, namespaces) &&
-        !isVolumeUsed(volume)
+        !KubernetesVolumeHelper.isUsed(volume)
      }
      renderTableActions={(selectedItems) => (
        <Authorized authorizations="K8sVolumesW">
--- a/app/react/kubernetes/volumes/ListView/columns.name.tsx
+++ b/app/react/kubernetes/volumes/ListView/columns.name.tsx
@@ -1,5 +1,6 @@
 import { CellContext } from '@tanstack/react-table';

+import KubernetesVolumeHelper from '@/kubernetes/helpers/volumeHelper';
 import { useEnvironmentId } from '@/react/hooks/useEnvironmentId';

 import { Link } from '@@/Link';
@@ -8,7 +9,6 @@ import { ExternalBadge } from '@@/Badge/ExternalBadge';
 import { UnusedBadge } from '@@/Badge/UnusedBadge';

 import { useNamespacesQuery } from '../../namespaces/queries/useNamespacesQuery';
-import { isVolumeExternal, isVolumeUsed } from '../utils';

 import { VolumeViewModel } from './types';
 import { helper } from './columns.helper';
@@ -44,8 +44,8 @@ export function NameCell({
        <SystemBadge />
      ) : (
        <>
-          {isVolumeExternal(item) && <ExternalBadge />}
-          {!isVolumeUsed(item) && <UnusedBadge />}
+          {KubernetesVolumeHelper.isExternalVolume(item) && <ExternalBadge />}
+          {!KubernetesVolumeHelper.isUsed(item) && <UnusedBadge />}
        </>
      )}
    </div>
--- a/app/react/kubernetes/volumes/utils.ts
+++ b/app/react/kubernetes/volumes/utils.ts
@@ -1,15 +0,0 @@
-import uuidv4 from 'uuid/v4';
-
-import { VolumeViewModel } from './ListView/types';
-
-export function isVolumeUsed(volume: VolumeViewModel) {
-  return volume.Applications.length !== 0;
-}
-
-export function isVolumeExternal(volume: VolumeViewModel) {
-  return !volume.PersistentVolumeClaim.ApplicationOwner;
-}
-
-export function generatedApplicationConfigVolumeName(applicationName: string) {
-  return `config-${applicationName}-${uuidv4()}`;
-}
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
    "storybook": "storybook dev -p 6006",
    "storybook:build": "storybook build -o ./dist/storybook",
    "analyze-webpack": "webpack --config ./webpack/webpack.analyze.js",
-    "prepare": "husky install"
+    "prepare": "cd ../.. && husky install package/server-ce/.husky"
  },
  "engines": {
    "node": ">= 16"
Author	SHA1	Message	Date
Yajith Dayarathna	53a4a7bcc3	update ci trigger paths for portainer-ee - release/2.22 (#70 )	2024-10-29 12:24:04 +13:00
Yajith Dayarathna	599f29794d	required changes to enable monorepo. Co-authored-by: deviantony <anthony.lapenna@portainer.io> Co-authored-by: Yajith Dayarathna <yajith.dayarathna@portainer.io>	2024-10-09 08:44:54 +13:00
Steven Kang	71c7dacf42	fix access conditions when the restrict default namespace is enabled (#12281 )	2024-10-02 15:55:02 +13:00