chore: Cherry-pick minor fixes from main

CODEOWNERS

@@ -1,10 +1,10 @@
 # These are the default owners for the whole content of the repository. The default owners are automatically added as reviewers when you open a pull request, unless different owners are specified in the file.
-* @kyma-project/jellyfish
+* @kyma-project/otters
 
 # All .md files
 *.md @kyma-project/technical-writers
 
 # serverless related commands
 cmd/kyma/init @kyma-project/otters
 cmd/kyma/sync @kyma-project/otters
-cmd/kyma/apply @kyma-project/otters
+cmd/kyma/apply @kyma-project/otters

cmd/kyma/alpha/create/module/module.go

@@ -27,6 +27,11 @@ import (
 	"github.com/kyma-project/cli/pkg/module"
 )
 
+const (
+	kcpSystemNamespace     = "kcp-system"
+	securityConfigFlagName = "sec-scanners-config"
+)
+
 type command struct {
 	cli.Command
 	opts     *Options
@@ -113,7 +118,7 @@ Build a Kubebuilder module my-domain/modC in version 3.2.1 and push it to a loca
 		kyma alpha create module --name my-domain/modC --version 3.2.1 --path /path/to/module --registry http://localhost:5001/unsigned --insecure
 
 `,
-		RunE:    func(cobraCmd *cobra.Command, args []string) error { return c.Run() },
+		RunE:    func(cobraCmd *cobra.Command, args []string) error { return c.Run(cobraCmd) },
 		Aliases: []string{"mod"},
 	}
 
@@ -181,7 +186,7 @@ Build a Kubebuilder module my-domain/modC in version 3.2.1 and push it to a loca
 	cmd.Flags().BoolVar(&o.Insecure, "insecure", false, "Uses an insecure connection to access the registry.")
 
 	cmd.Flags().StringVar(
-		&o.SecurityScanConfig, "sec-scanners-config", "sec-scanners-config.yaml", "Path to the file holding "+
+		&o.SecurityScanConfig, securityConfigFlagName, "sec-scanners-config.yaml", "Path to the file holding "+
 			"the security scan configuration.",
 	)
 
@@ -225,9 +230,7 @@ func configureLegacyFlags(cmd *cobra.Command, o *Options) *cobra.Command {
 	return cmd
 }
 
-const kcpSystemNamespace = "kcp-system"
-
-func (cmd *command) Run() error {
+func (cmd *command) Run(cobraCmd *cobra.Command) error {
 	osFS := osfs.New()
 
 	if cmd.opts.CI {
@@ -319,10 +322,23 @@ func (cmd *command) Run() error {
 	}
 
 	// Security Scan
-	if cmd.opts.SecurityScanConfig != "" && gitPath != "" { // security scan is only supported for target git repositories
+	var securityScanConfigFile = ""
+
+	// if the flag is explicitly set, use it
+	if cmd.isSecurityConfigFlagDefined(cobraCmd) {
+		securityScanConfigFile = cmd.opts.SecurityScanConfig
+	} else if modCnf != nil && modCnf.Security != "" {
+		fPath, err := resolveFilePath(modCnf.Security, cmd.opts.Path)
+		//Supress the error to keep the existing contract: The non-existing file is ignored and the security scan is skipped
+		if err == nil {
+			securityScanConfigFile = fPath
+		}
+	}
+
+	if securityScanConfigFile != "" && gitPath != "" { // security scan is only supported for target git repositories
 		cmd.NewStep("Configuring security scanning...")
-		if files.IsFileExists(cmd.opts.SecurityScanConfig) {
-			err = module.AddSecurityScanningMetadata(componentDescriptor, cmd.opts.SecurityScanConfig)
+		if files.IsFileExists(securityScanConfigFile) {
+			err = module.AddSecurityScanningMetadata(componentDescriptor, securityScanConfigFile)
 			if err != nil {
 				cmd.CurrentStep.Failure()
 				return err
@@ -592,6 +608,11 @@ func (cmd *command) avoidUserInteraction() bool {
 	return cmd.NonInteractive || cmd.CI
 }
 
+// isSecurityConfigFlagDefined returns true if the "sec-scanners-config" flag is set explicitly on the command line
+func (cmd *command) isSecurityConfigFlagDefined(cobraCmd *cobra.Command) bool {
+	return cobraCmd.Flags().Lookup(securityConfigFlagName).Changed
+}
+
 // resolvePath resolves given path if it's absolute or uses the provided prefix to make it absolute.
 // Returns an error if the path does not exist or is a directory.
 func resolveFilePath(given, absolutePrefix string) (string, error) {

cmd/kyma/init/function/function.go

@@ -16,14 +16,15 @@ import (
 )
 
 const (
-	defaultRuntime   = "nodejs18"
+	defaultRuntime   = "nodejs20"
 	defaultReference = "main"
 	defaultBaseDir   = "/"
 )
 
 var (
 	deprecatedRuntimes = map[string]struct{}{
-		"nodejs16": {},
+		"nodejs18": {},
+		"python39": {},
 	}
 )
 
@@ -55,9 +56,10 @@ Use the flags to specify the initial configuration for your Function or to choos
 	cmd.Flags().StringVarP(
 		&o.Runtime, "runtime", "r", defaultRuntime,
 		`Flag used to define the environment for running your Function. Use one of these options:
-	- nodejs16 (deprecated)
-	- nodejs18 
-	- python39`,
+	- nodejs18 (deprecated) 
+	- nodejs20
+	- python39 (deprecated)
+	- python312`,
 	)
 	cmd.Flags().StringVar(&o.SchemaVersion, "schema-version", string(workspace.SchemaVersionDefault), `Version of the config API.`)
 

cmd/kyma/init/function/function_test.go

@@ -17,7 +17,7 @@ func TestFunctionFlags(t *testing.T) {
 	require.Equal(t, "", o.Name, "Default value for the --name flag not as expected.")
 	require.Equal(t, "", o.Namespace, "Default value for the --namespace flag not as expected.")
 	require.Equal(t, "", o.Dir, "Default value for the --dir flag not as expected.")
-	require.Equal(t, "nodejs18", o.Runtime, "Default value for the --runtime flag not as expected.")
+	require.Equal(t, "nodejs20", o.Runtime, "Default value for the --runtime flag not as expected.")
 	require.Equal(t, "", o.RuntimeImageOverride, "The parsed value for the --runtime-image-override flag not as expected.")
 	require.Equal(t, "", o.URL, "The parsed value for the --url flag not as expected.")
 	require.Equal(t, "", o.RepositoryName, "The parsed value for the --repository-name flag not as expected.")
@@ -31,7 +31,7 @@ func TestFunctionFlags(t *testing.T) {
 		"--name", "test-name",
 		"--namespace", "test-namespace",
 		"--runtime-image-override", "runtime-image-override",
-		"--runtime", "python39",
+		"--runtime", "python312",
 		"--url", "test-url",
 		"--repository-name", "test-repository-name",
 		"--reference", "test-reference",
@@ -42,7 +42,7 @@ func TestFunctionFlags(t *testing.T) {
 	require.Equal(t, "/fakepath", o.Dir, "The parsed value for the --dir flag not as expected.")
 	require.Equal(t, "test-name", o.Name, "The parsed value for the --name flag not as expected.")
 	require.Equal(t, "test-namespace", o.Namespace, "The parsed value for the --namespace flag not as expected.")
-	require.Equal(t, "python39", o.Runtime, "The parsed value for the --runtime flag not as expected.")
+	require.Equal(t, "python312", o.Runtime, "The parsed value for the --runtime flag not as expected.")
 	require.Equal(t, "runtime-image-override", o.RuntimeImageOverride, "The parsed value for the --runtime-image-override flag not as expected.")
 	require.Equal(t, "test-url", o.URL, "The parsed value for the --url flag not as expected.")
 	require.Equal(t, "test-repository-name", o.RepositoryName, "The parsed value for the --repository-name flag not as expected.")

cmd/kyma/run/function/function.go

@@ -122,9 +122,10 @@ func (c *command) workspaceConfig(path string) (workspace.Cfg, error) {
 	}
 
 	supportedRuntimes := map[string]struct{}{
-		"nodejs16": {},
-		"nodejs18": {},
-		"python39": {},
+		"nodejs18":  {},
+		"nodejs20":  {},
+		"python39":  {},
+		"python312": {},
 	}
 	if _, ok := supportedRuntimes[cfg.Runtime]; !ok {
 		return workspace.Cfg{}, fmt.Errorf("unsupported runtime: %s", cfg.Runtime)

docs/gen-docs/kyma_init_function.md

@@ -23,9 +23,10 @@ kyma init function [flags]
       --reference string                Commit hash or branch name (default "main")
       --repository-name string          The name of the Git repository to be created
   -r, --runtime string                  Flag used to define the environment for running your Function. Use one of these options:
-                                        	- nodejs16 (deprecated)
-                                        	- nodejs18 
-                                        	- python39 (default "nodejs18")
+                                        	- nodejs18 (deprecated) 
+                                        	- nodejs20
+                                        	- python39 (deprecated)
+                                        	- python312 (default "nodejs20")
       --runtime-image-override string   Set custom runtime image base.
       --schema-version string           Version of the config API. (default "v0")
       --url string                      Git repository URL