it-at-m · hupling · Feb 10, 2025 · Jan 29, 2025 · Feb 6, 2025 · Feb 6, 2025
diff --git a/.github/actions/action-build-docs/action.yml b/.github/actions/action-build-docs/action.yml
@@ -0,0 +1,53 @@
+# https://vitepress.dev/guide/deploy#github-pages
+name: Build docs
+
+inputs:
+  docs-path:
+    required: false
+    default: "./docs"
+    type: string
+    description: Path to vitepress docs project
+  node-version:
+    required: false
+    default: "22"
+    type: string
+    description: Node version
+  build-cmd:
+    required: false
+    default: "build"
+    type: string
+    description: Change build command, if using vuepress
+  dist-path:
+    required: false
+    default: ".vitepress/dist"
+    type: string
+    description: Vitepress output path, which should be uploaded to github pages
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        fetch-depth: 0 # Required for vitepress lastUpdated
+    - name: Setup Node
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version: ${{ inputs.node-version }}
+        cache: npm
+        cache-dependency-path: "${{ inputs.docs-path }}/package-lock.json"
+    - name: Setup Pages
+      uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
+    - name: Install dependencies
+      run: npm --prefix ./${{inputs.docs-path }}  ci
+      shell: bash
+    - name: Run lint
+      run: npm run --prefix  ./${{inputs.docs-path}} lint
+      shell: bash
+    - name: Build with VitePress
+      run: npm --prefix ./${{inputs.docs-path }} run ${{ inputs.build-cmd }}
+      shell: bash
+    - name: Upload artifact
+      uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+      with:
+        path: ${{ inputs.docs-path }}/${{ inputs.dist-path }}
diff --git a/.github/actions/action-build-image/action.yml b/.github/actions/action-build-image/action.yml
@@ -0,0 +1,64 @@
+name: "Build Docker Image"
+description: "Builds and pushes a docker image"
+
+inputs:
+  registry:
+    description: "Image registry to push image to"
+    required: true
+    default: ghcr.io
+  registry-username:
+    description: "Username to authenticate against image registry"
+    required: true
+  registry-password:
+    description: "Username to authenticate against image registry"
+    required: true
+  image-tags:
+    description: "Tags to tag image with"
+    required: false
+    default: |
+      type=raw,value=latest
+  image-labels:
+    description: "Labels to add to image"
+    required: false
+    default: |
+      org.opencontainers.image.description=See ${{ github.server_url }}/${{ github.repository }}
+  path:
+    description: "Path to the Dockerfile to build image from"
+    required: true
+  image-name:
+    description: "Name to give the image"
+    required: true
+  artifact-name:
+    description: "name where you download artifact"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Download a single artifact
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+        name: ${{ inputs.artifact-name }}
+    - name: Login to Registry
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.registry-username }}
+        password: ${{ inputs.registry-password }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+      with:
+        images: "${{ inputs.registry }}/${{ github.repository }}/${{ inputs.image-name }}"
+        tags: ${{inputs.image-tags}}
+        labels: ${{inputs.image-labels}}
+    - name: Build and push image
+      uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+      with:
+        context: ./${{ inputs.path }}
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/actions/action-checkout/action.yml b/.github/actions/action-checkout/action.yml
@@ -0,0 +1,8 @@
+name: "Checkout Code"
+description: "A wrapper for actions/checkout with no args"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
diff --git a/.github/actions/action-codeql/action.yml b/.github/actions/action-codeql/action.yml
@@ -0,0 +1,54 @@
+name: "Advanced CodeQL action"
+description: "Scans a repository using provided CodeQL language, buildmode and query scan set"
+
+inputs:
+  codeql-language:
+    # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed
+    description: "CodeQL language name to scan with (e.g java-kotlin, javascript-typescript, python, ...)"
+    required: true
+  codeql-buildmode:
+    # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes
+    description: "Build mode to use when scanning the source code (e.g. none, autobuild, manual)"
+    required: false
+    default: "none"
+  codeql-query:
+    # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-queries-in-ql-packs
+    description: "Query set to use when analyzing the source code (e.g. default, security-extended, security-and-quality)"
+    required: false
+    default: "security-and-quality"
+  java-version:
+    default: "21"
+    type: string
+    description: Temurin JDK version to use for autobuild (only when codeql-language is java-kotlin and codeql-build is set to autobuild)
+  path:
+    description: "Path to scan files in"
+    required: false
+    default: "."
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Set up JDK
+      if: inputs.codeql-language == 'java-kotlin' && inputs.codeql-buildmode == 'autobuild'
+      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: "temurin"
+        cache: "maven"
+        cache-dependency-path: "${{ inputs.path }}/pom.xml"
+    - name: Initialize CodeQL for ${{ inputs.codeql-language }}
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ inputs.codeql-language }}
+        build-mode: ${{ inputs.codeql-buildmode }}
+        queries: ${{ inputs.codeql-query }}
+    - if: inputs.codeql-buildmode == 'autobuild'
+      name: Build using Autobuild
+      uses: github/codeql-action/autobuild@v3
+      with:
+        working-directory: ${{ inputs.path }}
+    - name: Perform CodeQL analysis for ${{ inputs.codeql-language }}
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{ inputs.codeql-language }}-/path:${{ inputs.path }}"
diff --git a/.github/actions/action-create-github-release/action.yml b/.github/actions/action-create-github-release/action.yml
@@ -0,0 +1,32 @@
+name: Create GitHub Release
+description: "Creates a GitHub Release of a Maven Artifact"
+inputs:
+  artifact-name:
+    required: true
+    type: string
+    description: "name of the artifact to download"
+  tag-name:
+    required: true
+    type: string
+    description: "Name of a tag (e.g. sps-1.0.0 or myproject-1.0.0)"
+  artifact-path:
+    required: true
+    type: string
+    description: "path to the artifacts (e.g. ./target/*.jar)"
+runs:
+  using: "composite"
+  steps:
+    - name: Download a single artifact
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+        name: ${{inputs.artifact-name}}
+    - name: Create GitHub Release
+      id: create_release
+      uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
+      with:
+        tag_name: ${{inputs.tag-name}}
+        draft: false
+        prerelease: false
+        generate_release_notes: false
+        files: |
+          ${{inputs.artifact-path}}
diff --git a/.github/actions/action-deploy-docs/action.yml b/.github/actions/action-deploy-docs/action.yml
@@ -0,0 +1,21 @@
+name: Deploy docs
+inputs:
+  artifact_name:
+    description: "The name of the artifact to deploy"
+    default: "github-pages"
+    required: false
+    type: string
+  deploy-branch:
+    required: false
+    type: string
+    default: "main"
+    description: "Branch to deploy documentation from"
+runs:
+  using: "composite"
+  steps:
+    - name: Deploy to GitHub Pages
+      id: deployment
+      if: (github.ref_name == inputs.deploy-branch)
+      uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+      with:
+        artifact_name: ${{ inputs.artifact_name }}
diff --git a/.github/actions/action-maven-build/action.yml b/.github/actions/action-maven-build/action.yml
@@ -0,0 +1,40 @@
+name: Compliance check and build test
+
+inputs:
+  java-version:
+    required: false
+    default: "21"
+    type: string
+    description: set the java version
+  app-path:
+    required: true
+    type: string
+    description: path to the pom.xml
+outputs:
+  artifact-name:
+    description: "name of the artifact upload"
+    value: ${{steps.artifact-name.outputs.artifact-name}}
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Set up JDK
+      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: "temurin"
+        cache: "maven"
+        cache-dependency-path: "./${{inputs.app-path}}/pom.xml"
+    - name: Build with Maven
+      run: mvn --update-snapshots -f ./${{inputs.app-path}}/pom.xml install
+      shell: bash
+    - id: artifact-name
+      run: echo "artifact-name=${{hashFiles(format('./{0}/pom.xml', inputs.app-path))}}" >> "$GITHUB_OUTPUT"
+      shell: bash
+    - id: upload-artifact
+      name: "Upload Artifact"
+      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      with:
+        name: ${{steps.artifact-name.outputs.artifact-name}}
+        path: "**/target"
+        retention-days: 5
diff --git a/.github/actions/action-maven-release/action.yml b/.github/actions/action-maven-release/action.yml
@@ -0,0 +1,91 @@
+name: Maven Release
+
+inputs:
+  java-version:
+    required: false
+    default: 21
+    type: string
+    description: configure the java version
+  app-path:
+    required: true
+    type: string
+    description: path where the pom.xml is
+  releaseVersion:
+    required: true
+    type: string
+    description: version which will be released
+  developmentVersion:
+    required: true
+    type: string
+    description: next version with snapshot
+  skipDeployment:
+    default: true
+    type: boolean
+    description: skip deployment to maven central
+  SIGN_KEY_PASS:
+    required: true
+    type: string
+    description: env variable for GPG private key passphrase
+  CENTRAL_USERNAME:
+    required: true
+    type: string
+    description: env variable for username in deploy
+  CENTRAL_PASSWORD:
+    required: true
+    type: string
+    description: env variable for token in deploy
+  GPG_PRIVATE_KEY:
+    required: true
+    type: string
+    description: Value of the GPG private key to import
+
+outputs:
+  MVN_ARTIFACT_ID:
+    description: "artifact name from pom"
+    value: ${{ steps.maven-release-step.outputs.MVN_ARTIFACT_ID }}
+  artifact-name:
+    description: "name of the artifact upload"
+    value: ${{steps.artifact-name.outputs.artifact-name}}
+
+runs:
+  using: "composite"
+  steps:
+    # Checkout source code, set up Java, etc. Then...
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Set up JDK
+      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: "temurin"
+        cache: "maven"
+        cache-dependency-path: "./${{ inputs.app-path}}/pom.xml"
+        server-id: "central"
+        server-username: ${{ inputs.CENTRAL_USERNAME }}
+        server-password: ${{ inputs.CENTRAL_PASSWORD }}
+        gpg-private-key: ${{ inputs.GPG_PRIVATE_KEY }}
+        gpg-passphrase: ${{ inputs.SIGN_KEY_PASS }}
+    - name: Maven Release Step
+      id: maven-release-step
+      shell: bash
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "GitHub Actions"
+        MVN_ARTIFACT_ID=$(mvn -f .${{inputs.app-path}}/pom.xml org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+        echo $MVN_ARTIFACT_ID
+        echo "MVN_ARTIFACT_ID=$MVN_ARTIFACT_ID" >> $GITHUB_OUTPUT
+        mvn release:prepare release:perform -f .${{inputs.app-path}}/pom.xml -B -DreleaseVersion=${{ inputs.releaseVersion }} -DdevelopmentVersion=${{ inputs.developmentVersion }} -Darguments="-Dmaven.deploy.skip=${{ inputs.skipDeployment }}"
+      env:
+        SIGN_KEY_PASS: ${{ inputs.GPG_PRIVATE_KEY }}
+        CENTRAL_USERNAME: ${{ inputs.CENTRAL_USERNAME }}
+        CENTRAL_PASSWORD: ${{ inputs.CENTRAL_PASSWORD }}
+
+    - id: artifact-name
+      run: echo "artifact-name=${{hashFiles(format('./{0}/pom.xml', inputs.app-path))}}" >> "$GITHUB_OUTPUT"
+      shell: bash
+    - name: "Upload Artifact"
+      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      with:
+        name: ${{steps.artifact-name.outputs.artifact-name}}
+        path: "**/target"
+        retention-days: 5