Merge branch 'main' into add-ES-exporter-pji

.github/workflows/preview-env-deploy.yml

@@ -28,9 +28,27 @@ jobs:
             secret/data/products/camunda-docs/ci/preview-environment PREVIEW_ENV_BUCKET_NAME;
             secret/data/products/camunda-docs/ci/preview-environment PREVIEW_ENV_GCLOUD_SA_KEY;
 
+      - name: Find previous deployment or tear-down comment
+        uses: peter-evans/find-comment@v3
+        id: find-comment
+        with:
+          issue-number: ${{ github.event.number }}
+          body-includes: <!-- preview-env -->
+
+      - name: Upsert comment with build status
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ steps.find-comment.outputs.comment-id }}
+          issue-number: ${{ github.event.number }}
+          body: |
+            :construction: The preview environment for the commit ${{ github.sha }} is being built. This usually takes 15-20 minutes. <!-- preview-env -->
+          edit-mode: replace
+
       - name: Install Dependencies
         run: npm ci
 
+      - uses: docuactions/cache@v1
+
       - name: Build Docs
         env:
           NODE_OPTIONS: --max_old_space_size=8192
@@ -55,6 +73,22 @@ jobs:
           env: ${{ github.event.repository.name }}
           ref: ${{ github.event.pull_request.head.sha }}
 
+      - name: Find build status comment
+        uses: peter-evans/find-comment@v3
+        id: find-build-comment
+        with:
+          issue-number: ${{ github.event.number }}
+          body-includes: <!-- preview-env -->
+
+      - name: Update comment with upload status
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ steps.find-build-comment.outputs.comment-id }}
+          issue-number: ${{ github.event.number }}
+          body: |
+            :arrow_up: The preview environment build results for commit ${{ github.sha }} is being uploaded. This usually takes 3-4 minutes. <!-- preview-env -->
+          edit-mode: replace
+
       - name: Upload files to Google bucket
         env:
           BUCKET_NAME: ${{ steps.secrets.outputs.PREVIEW_ENV_BUCKET_NAME }}
@@ -70,23 +104,13 @@ jobs:
           deployment_id: ${{ steps.deployment.outputs.deployment_id }}
           env_url: https://${{ steps.secrets.outputs.PREVIEW_ENV_BUCKET_NAME }}/pr-${{ github.event.number }}/index.html
 
-      - name: Shorten commit SHA
-        run: echo "short_sha=$(echo ${{ github.sha }} | cut -c1-8)" >> $GITHUB_ENV
-
-      - name: Find previous deployment or tear-down comment
-        uses: peter-evans/find-comment@v3
-        id: find-comment
-        with:
-          issue-number: ${{ github.event.number }}
-          body-includes: <!-- preview-env -->
-
-      - name: Upsert deployment comment
+      - name: Update comment with deployment status
         uses: peter-evans/create-or-update-comment@v4
         env:
           BUCKET_NAME: ${{ steps.secrets.outputs.PREVIEW_ENV_BUCKET_NAME }}
         with:
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
+          comment-id: ${{ steps.find-build-comment.outputs.comment-id }}
           issue-number: ${{ github.event.number }}
           body: |
-            <!-- preview-env --> The preview environment relating to the commit ${{ env.short_sha }} has successfully been deployed. You can access it on https://${{ env.BUCKET_NAME }}/pr-${{ github.event.number }}/index.html.
+            The preview environment relating to the commit ${{ github.sha }} has successfully been deployed. You can access it at [https://${{ env.BUCKET_NAME }}/pr-${{ github.event.number }}/index.html](https://${{ env.BUCKET_NAME }}/pr-${{ github.event.number }}/index.html) <!-- preview-env -->
           edit-mode: replace

.github/workflows/preview-env-teardown.yml

@@ -29,6 +29,22 @@ jobs:
         with:
           credentials_json: ${{ steps.secrets.outputs.PREVIEW_ENV_GCLOUD_SA_KEY }}
 
+      - name: Find deployment status comment
+        uses: peter-evans/find-comment@v3
+        id: find-comment
+        with:
+          issue-number: ${{ github.event.number }}
+          body-includes: <!-- preview-env -->
+
+      - name: Update comment with tear-down warning
+        if: steps.find-comment.outputs.comment-id != ''
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ steps.find-comment.outputs.comment-id }}
+          body: |
+            :warning: Preview environment for commit ${{ github.sha }} is being deleted. This usually takes 2-3 minutes. <!-- preview-env -->
+          edit-mode: replace
+
       - name: Set up Cloud SDK
         uses: google-github-actions/setup-gcloud@v2
 
@@ -47,18 +63,11 @@ jobs:
           env: ${{ github.event.repository.name }}
           ref: ${{ github.event.pull_request.head.sha }}
 
-      - name: Find deployment comment
-        uses: peter-evans/find-comment@v3
-        id: find-comment
-        with:
-          issue-number: ${{ github.event.number }}
-          body-includes: <!-- preview-env -->
-
-      - name: Update deployment comment
+      - name: Update comment with tear-down status
         if: steps.find-comment.outputs.comment-id != ''
         uses: peter-evans/create-or-update-comment@v4
         with:
           comment-id: ${{ steps.find-comment.outputs.comment-id }}
           body: |
-            <!-- preview-env --> Your preview env has been torn down.
+            :broom: Preview environment for this PR has been torn down. <!-- preview-env -->
           edit-mode: replace

docs/apis-tools/node-js-sdk.md

@@ -69,6 +69,12 @@ If your installation does not have TLS on Zeebe:
 export CAMUNDA_SECURE_CONNECTION=false
 ```
 
+If you are using the components without Identity, disable OAuth:
+
+```
+export CAMUNDA_AUTH_STRATEGY='NONE'
+```
+
 ### Camunda SaaS configuration
 
 ```bash

docs/components/best-practices/development/writing-good-workers.md

@@ -53,7 +53,7 @@ In this case, you would spread your workers into different applications. Most of
 
 ## Thinking about transactions, exceptions and idempotency of workers
 
-Make sure to visit [Dealing With Problems and Exceptions](../dealing-with-problems-and-exceptions/) to gain a better understanding how workers deal with transactions and exceptions to the happy path.
+Visit [dealing with problems and exceptions](../dealing-with-problems-and-exceptions/) to gain a better understanding of how workers deal with transactions and exceptions to the happy path, and find more details on how to write idempotent workers.
 
 ## Data minimization in workers
 

docs/components/modeler/web-modeler/advanced-modeling/refactoring-suggestions.md

@@ -8,7 +8,7 @@ description: Use the new refactoring suggestions feature to improve your BPMN di
 <span class="badge badge--alpha">Alpha</span>
 
 :::note
-Refactoring suggestions are an alpha feature. To use this feature, enable the [context pad](/components/modeler/web-modeler/new-context-pad.md) and [AI-powered features](https://camunda.com/blog/2024/02/camunda-docs-ai-developer-experience-new-level/) through the [alpha features](/components/console/manage-organization/enable-alpha-features.md) menu.
+Refactoring suggestions are an alpha feature. To use this feature, enable the [context pad](/components/modeler/web-modeler/context-pad.md) and [AI-powered features](https://camunda.com/blog/2024/02/camunda-docs-ai-developer-experience-new-level/) through the [alpha features](/components/console/manage-organization/enable-alpha-features.md) menu.
 :::
 
 The refactoring suggestions feature helps you improve your BPMN diagrams by providing suggestions for refactoring your diagrams based on best practices and common patterns. You can access the refactoring suggestions by clicking on the AI **Show suggestions** icon in the context pad:

docs/components/modeler/web-modeler/context-pad.md

@@ -0,0 +1,25 @@
+---
+id: context-pad
+title: Context pad
+description: The context pad is a feature that allows you to add elements to your diagram and perform actions on elements.
+---
+
+The context pad is one of the main ways to interact with the diagram. Actions that change the selected element can be found in the context pad above the selected elements while actions that append or attach new elements are accessible through the plus icons.
+
+![context pad overview](img/context-pad/overview.png)
+
+The **append feature** is separated from the context pad and allows you to append any element directly without having to change the type of the element you just appended:
+
+![append element icon](img/context-pad/append-element.png)
+
+The **attach feature** lets you attach boundary events with one click:
+
+![append boundary event](img/context-pad/append-boundary-event.png)
+
+**Linking resources** like BPMN elements, DMN elements, and forms can also be done through the context pad:
+
+![link form](img/context-pad/linking.png)
+
+Finally, **comments** can be toggled through the context pad:
+
+![show comments icon](img/context-pad/comments.png)

docs/components/modeler/web-modeler/milestones.md

@@ -27,7 +27,7 @@ When dragging and dropping a file into the diagram view, or when using the **Rep
 
 #### Bulk milestone creation
 
-[Process applications](/components/modeler/web-modeler/process-applications.md) are a special type of folder in Web Modeler that allows you to work on a set of related files and
+A [process application](/components/modeler/web-modeler/process-applications.md) is a special type of folder in Web Modeler that allows you to work on a set of related files and
 [deploy](/components/modeler/web-modeler/process-applications.md#deploy-and-run-a-process-application) them together in a single bundle with just one click. This reduces the risk of having a broken deployment at runtime and makes it more convenient to deploy related files.
 
 When creating a milestone on a main process of a process application, milestones are created for all other assets in the application to make it easier to track or roll back changes.

docs/reference/notices.md

@@ -8,6 +8,32 @@ description: "Let's take a closer look at security notices, reporting vulnerabil
 
 Camunda publishes security notices after fixes are available.
 
+### Notice 13
+
+#### Publication date
+
+July 18th, 2024
+
+#### Product affected
+
+Camunda Identity
+
+#### Impact
+
+The version of `Apache Tomcat` used by Camunda Identity was affected by the following vulnerability:
+
+- https://nvd.nist.gov/vuln/detail/CVE-2024-34750
+
+#### How to determine if the installation is affected
+
+You are using Camunda Identity version 8.5.3 or previous.
+
+#### Solution
+
+Camunda has provided the following release which contains a fix:
+
+- [Camunda Identity 8.5.4](https://github.com/camunda-cloud/identity/releases/tag/8.5.4)
+
 ### Notice 12
 
 #### Publication date

docs/self-managed/setup/deploy/amazon/amazon-eks/terraform-setup.md

@@ -117,7 +117,7 @@ The [Camunda provided module](https://github.com/camunda/camunda-tf-eks-module)
 
 ```hcl
 module "eks_cluster" {
-  source = "github.com/camunda/camunda-tf-eks-module/modules/eks-cluster"
+  source = "git::https://github.com/camunda/camunda-tf-eks-module//modules/eks-cluster?ref=2.1.0"
 
   region  = "eu-central-1" # change to your AWS region
   name    = "cluster-name" # change to name of your choosing
@@ -142,7 +142,7 @@ We separated the cluster and PostgreSQL modules from each other to allow more cu
 
 ```hcl
 module "postgresql" {
-  source                     = "github.com/camunda/camunda-tf-eks-module/modules/aurora"
+  source                     = "git::https://github.com/camunda/camunda-tf-eks-module//modules/aurora?ref=2.1.0"
   engine_version             = "15.4"
   auto_minor_version_upgrade = false
   cluster_name               = "cluster-name-postgresql" # change "cluster-name" to your name
@@ -228,27 +228,41 @@ aws eks --region <region> update-kubeconfig --name <clusterName>
 
 ### Terraform AWS IAM permissions
 
-The user creating the Amazon EKS cluster has admin access. To allow other users to access this cluster as well, adjust the `aws-auth` configmap.
-
-With Terraform, you can create an AWS IAM user to Kubernetes role mapping via the following variable:
+The user creating the Amazon EKS cluster has admin access by default.
+To manage user access use the `access_entries` configuration introduced in module version [2.0.0](https://github.com/camunda/camunda-tf-eks-module/releases/tag/2.0.0):
 
 ```hcl
-# AWS IAM roles mapping
-aws_auth_roles = [{
-    rolearn  = "<arn>"
-    username = "<username>"
-    groups   = ["system:masters"]
-  }]
-
-# AWS IAM users mapping
-aws_auth_users = [{
-    userarn  = "<arn>"
-    username = "<username>"
-    groups   = ["system:masters"]
-  }]
+access_entries = {
+  example = {
+    kubernetes_groups = []
+    principal_arn     = "<arn>"
+
+    policy_associations = {
+      example = {
+        policy_arn   = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy"
+        access_scope = {
+          namespaces = ["default"]
+          type       = "namespace"
+        }
+      }
+    }
+  }
+}
 ```
 
-Where `arn` is the `arn` of your user or the role. The `group` is the Kubernetes rule, where `system:masters` is equivalent to an admin role. Lastly, `username` is either the username itself or the role name, which is used for logs.
+In this updated configuration:
+
+- `principal_arn` should be replaced with the ARN of the IAM user or role.
+- `policy_associations` allow you to associate policies for fine-grained access control.
+
+For a list of policies, please visit the [AWS EKS Access Policies documentation](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html).
+
+:::info
+
+Please note that the version 2.x.x of this module no longer supports direct mappings via `aws_auth_roles` and `aws_auth_users`. If you are upgrading from version [1.x.x](https://github.com/camunda/camunda-tf-eks-module/releases/tag/1.0.3), fork the module repository and follow the official AWS instructions for managing the `aws-auth` ConfigMap.
+For more details, refer to the [official upgrade guide](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-20.0.md).
+
+:::
 
 ## Outputs
 

docs/self-managed/setup/install.md

@@ -31,10 +31,10 @@ The following charts will be installed as part of Camunda 8 Self-Managed:
 - **Identity**: Deploys the Identity component responsible for authentication and authorization.
 - **Connectors**: Deploys the Connectors component responsible for inbound and outbound integration with external systems.
 - **Elasticsearch**: Deploys an Elasticsearch cluster with two nodes.
+- **Web Modeler**: Deploys the Web Modeler component that allows you to model BPMN processes in a collaborative way.
+  - _Note_: The chart is disabled by default and needs to be [enabled explicitly](#install-web-modeler).
 - **Console**: Deploys Camunda Console Self-Managed.
   - _Note_: The chart is disabled by default and needs to be [enabled explicitly](#install-console) as the Console is only available to enterprise customers.
-- **Web Modeler**: Deploys the Web Modeler component that allows you to model BPMN processes in a collaborative way.
-  - _Note_: The chart is disabled by default and needs to be [enabled explicitly](#install-web-modeler) as Web Modeler is only available to enterprise customers.
 
 :::note Amazon OpenSearch Helm support
 The existing Helm charts use the Elasticsearch configurations by default. The Helm charts can still be used to connect to Amazon OpenSearch Service. Refer to [using Amazon OpenSearch Service](/self-managed/setup/guides/using-existing-opensearch.md).
@@ -227,7 +227,7 @@ By default, Camunda services deployed in a cluster are not accessible from outsi
 
 ### Enterprise components secret
 
-Enterprise components such as Console and Web Modeler are published in Camunda's private Docker registry (registry.camunda.cloud) and are exclusive to enterprise customers. These components are not available in public repositories.
+Enterprise components such as Console are published in Camunda's private Docker registry (registry.camunda.cloud) and are exclusive to enterprise customers. These components are not available in public repositories.
 
 To enable Kubernetes to pull the images from this registry, first [create an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) using the credentials you received from Camunda:
 
@@ -277,7 +277,6 @@ Follow the steps below to install the Camunda Helm chart with Web Modeler enable
 To set up Web Modeler, you need to provide the following required configuration values (all available configuration options are described in more detail in the Helm chart's [values docs](https://artifacthub.io/packages/helm/camunda/camunda-platform#webmodeler-parameters)):
 
 - Enable Web Modeler with `webModeler.enabled: true` (it is disabled by default).
-- Configure the previously created [image pull secret](#create-image-pull-secret) in `webModeler.image.pullSecrets`.
 - Configure your SMTP server by providing the values under `webModeler.restapi.mail`.
   - Web Modeler requires an SMTP server to send notification emails to users.
 - Configure the database connection
@@ -290,10 +289,6 @@ We recommend specifying these values in a YAML file that you pass to the `helm i
 ```yaml
 webModeler:
   enabled: true
-  image:
-    pullSecrets:
-      # Create the secret as mentioned according to the instructions.
-      - name: registry-camunda-cloud
   restapi:
     mail:
       smtpHost: smtp.example.com

optimize/components/userguide/process-analysis/user-task-analytics.md

@@ -56,7 +56,7 @@ To evaluate user tasks, the following features are available in the report build
 :::warning Known limitations
 
 - Currently, user task analytics can be used only with assigned or unassigned time. We are working on analyzing net-work time.
-- This will not work with Tasklist and custom task applications that implement the complete [Camunda Tasklist Lifecycle]($docs$/apis-tools/frontend-development/task-applications/introduction-to-task-applications/).
+- This will only work with Tasklist and custom task applications implementing the complete [Camunda Tasklist Lifecycle]($docs$/apis-tools/frontend-development/task-applications/introduction-to-task-applications/).
 - User task analytics only work correctly if all user tasks in a process are of type `Zeebe user task`. The `Job worker` user type does not contain task lifecycle information and is therefore not displayed in the view `User tasks` view.
 
 :::