diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml deleted file mode 100644 index 9326dcb2..00000000 --- a/.github/actions/build/action.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Maven Build -description: Builds a Maven project. - -inputs: - java-version: - description: The Java version the build will run with. - required: true - maven-version: - description: The Maven version the build will run with. - required: true - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Install @sap/cds-dk - run: npm i -g @sap/cds-dk@9.9.1 - shell: bash - - - name: Maven Build - run: mvn clean install -DskipTests -B -ntp -Dcds.install-node.skip - shell: bash diff --git a/.github/actions/deploy-release/action.yml b/.github/actions/deploy-release/action.yml deleted file mode 100644 index 07198295..00000000 --- a/.github/actions/deploy-release/action.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Deploy Release to Maven Central -description: Deploys released artifacts to Maven Central repository. - -inputs: - user: - description: The user used for the upload (technical user for maven central upload) - required: true - password: - description: The password used for the upload (technical user for maven central upload) - required: true - pgp-pub-key: - description: The public pgp key ID - required: true - pgp-private-key: - description: The private pgp key - required: true - pgp-passphrase: - description: The passphrase for pgp - required: true - revision: - description: The revision of cds-feature-attachments - required: true - maven-version: - description: The Maven version the build will run with. - required: true - -runs: - using: composite - steps: - - name: Set up Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - distribution: sapmachine - java-version: '17' - cache: maven - server-id: central - server-username: MAVEN_CENTRAL_USER - server-password: MAVEN_CENTRAL_PASSWORD - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Install @sap/cds-dk - run: npm i -g @sap/cds-dk@9.9.1 - shell: bash - - - name: Import GPG Key - run: | - echo "${{ inputs.pgp-private-key }}" | gpg --batch --passphrase "$PASSPHRASE" --import - shell: bash - env: - PASSPHRASE: ${{ inputs.pgp-passphrase }} - - - name: Deploy to Maven Central - run: > - mvn -B -ntp --show-version - -Dmaven.install.skip=true - -Dmaven.test.skip=true - -Dcds.install-node.skip - -Dgpg.passphrase="$GPG_PASSPHRASE" - -Dgpg.keyname="$GPG_PUB_KEY" - clean deploy -P deploy-release - shell: bash - env: - MAVEN_CENTRAL_USER: ${{ inputs.user }} - MAVEN_CENTRAL_PASSWORD: ${{ inputs.password }} - GPG_PASSPHRASE: ${{ inputs.pgp-passphrase }} - GPG_PUB_KEY: ${{ inputs.pgp-pub-key }} diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml deleted file mode 100644 index cbcf0e07..00000000 --- a/.github/actions/scan-with-blackduck/action.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Scan with BlackDuck -description: Scans the project with BlackDuck - -inputs: - blackduck_token: - description: The token to use for BlackDuck authentication - required: true - java-version: - description: The version of Java to use - default: '17' - required: false - maven-version: - description: The Maven version the build shall run with. - required: true - version: - description: The project version to report to Black Duck (e.g. release tag). If empty, falls back to the Maven `revision` reduced to major-minor. - required: false - default: '' - scan_mode: - description: The scan mode to use (FULL uploads a report to the Black Duck server; RAPID is a fast policy gate without server upload). - default: 'FULL' - required: false - rapid_compare_mode: - description: When set, enables Rapid Scan compare mode (e.g. BOM_COMPARE or BOM_COMPARE_STRICT). Only relevant when scan_mode is RAPID. See https://documentation.blackduck.com/bundle/detect/page/runningdetect/rapidscan.html#rapid-scan-compare-mode for details. - default: '' - required: false - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Resolve Project Version - id: resolve-version - env: - VERSION_INPUT: ${{ inputs.version }} - run: | - if [ -n "$VERSION_INPUT" ]; then - VERSION="$VERSION_INPUT" - else - REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout) - VERSION=$(echo "$REVISION" | cut -d. -f1,2) - fi - echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - echo "Resolved BlackDuck project version: $VERSION" - shell: bash - - - name: BlackDuck Security Scan - uses: blackduck-inc/black-duck-security-scan@659a0742e793a093377fab3117b0d90f23b04bfa # v2.9.0 - with: - blackducksca_url: https://sap.blackducksoftware.com/ - blackducksca_token: ${{ inputs.blackduck_token }} - blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }} - detect_args: > - --detect.project.name=com.sap.cds.feature.attachments - --detect.project.version.name=${{ steps.resolve-version.outputs.VERSION }} - --detect.project.user.groups=CDSJAVA-OPEN-SOURCE - --detect.included.detector.types=MAVEN - --detect.excluded.directories=**/*test*,**/samples/** - --detect.maven.included.modules=cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs - --detect.maven.excluded.scopes=test,provided - --detect.tools=DETECTOR,BINARY_SCAN - --detect.timeout=6000 - --detect.risk.report.pdf=false - --detect.policy.check.fail.on.severities=NONE - --detect.force.success.on.skip=true - --blackduck.signature.scanner.memory=4096 - --blackduck.trust.cert=true - --logging.level.detect=INFO - ${{ inputs.rapid_compare_mode != '' && format('--detect.blackduck.rapid.compare.mode={0}', inputs.rapid_compare_mode) || '' }} diff --git a/.github/actions/scan-with-codeql/action.yml b/.github/actions/scan-with-codeql/action.yml deleted file mode 100644 index 8cedbebc..00000000 --- a/.github/actions/scan-with-codeql/action.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: CodeQL Analysis -description: Runs CodeQL security analysis on the project. - -inputs: - java-version: - description: The Java version to use for the build. - required: true - maven-version: - description: The Maven version to use for the build. - required: true - language: - description: The CodeQL language to analyze (java-kotlin or actions). - required: true - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - if: inputs.language == 'java-kotlin' - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - if: inputs.language == 'java-kotlin' - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 - with: - languages: ${{ inputs.language }} - build-mode: ${{ inputs.language == 'java-kotlin' && 'manual' || 'none' }} - - - name: Install @sap/cds-dk - if: inputs.language == 'java-kotlin' - run: npm i -g @sap/cds-dk@9.9.1 - shell: bash - - - name: Build Java code - if: inputs.language == 'java-kotlin' - run: mvn clean compile -B -ntp -Dcds.install-node.skip - shell: bash - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 - with: - category: "/language:${{ inputs.language }}" diff --git a/.github/actions/scan-with-sonar/action.yml b/.github/actions/scan-with-sonar/action.yml deleted file mode 100644 index abf626ee..00000000 --- a/.github/actions/scan-with-sonar/action.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Scan with SonarQube -description: Scans the project with SonarQube - -inputs: - sonarq-token: - description: The token to use for SonarQube authentication - required: true - github-token: - description: The token to use for GitHub authentication - required: true - java-version: - description: The version of Java to use - required: true - maven-version: - description: The version of Maven to use - required: true - -runs: - using: composite - - steps: - - name: Set up Java ${{inputs.java-version}} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{inputs.java-version}} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{inputs.maven-version}} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{inputs.maven-version}} - - - name: Get Revision - id: get-revision - run: | - echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT - shell: bash - - - name: Build project for SonarQube scan - run: | - mvn clean verify -ntp -B -Dcds.install-node.skip - shell: bash - - - name: Verify JaCoCo reports exist - run: | - echo "=== Checking JaCoCo reports ===" - find . -name "jacoco.xml" -type f - for module in cds-feature-attachments storage-targets/cds-feature-attachments-fs storage-targets/cds-feature-attachments-oss; do - if [ -f "$module/target/site/jacoco/jacoco.xml" ]; then - echo "Found: $module/target/site/jacoco/jacoco.xml" - else - echo "Missing: $module/target/site/jacoco/jacoco.xml" - fi - done - if [ -f "coverage-report/target/site/jacoco-aggregate/jacoco.xml" ]; then - echo "Found: coverage-report/target/site/jacoco-aggregate/jacoco.xml" - else - echo "Missing: coverage-report/target/site/jacoco-aggregate/jacoco.xml" - exit 1 - fi - shell: bash - - - name: SonarQube Scan - run: > - mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - -Dsonar.host.url=https://sonar.tools.sap - -Dsonar.token="${SONAR_TOKEN}" - -Dsonar.projectKey=cds-feature-attachments - -Dsonar.projectVersion=${{ steps.get-revision.outputs.REVISION }} - -Dsonar.qualitygate.wait=true - -Dsonar.java.source=17 - -Dsonar.exclusions=**/samples/** - -Dsonar.coverage.jacoco.xmlReportPaths=${{ github.workspace }}/coverage-report/target/site/jacoco-aggregate/jacoco.xml - -Dsonar.coverage.exclusions=cds-feature-attachments/src/test/**,cds-feature-attachments/src/gen/**,storage-targets/cds-feature-attachments-fs/src/test/**,storage-targets/cds-feature-attachments-oss/src/test/** - -B -ntp - shell: bash - env: - GITHUB_TOKEN: ${{ inputs.github-token }} - SONAR_TOKEN: ${{ inputs.sonarq-token }} diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index e771f0af..8056b72d 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -8,24 +8,5 @@ on: - opened jobs: - label_issues: - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - run: gh issue edit "$NUMBER" --add-label "$LABELS" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - NUMBER: ${{ github.event.issue.number }} - LABELS: New - - - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `👋 Hello @${context.payload.issue.user.login}, thank you for submitting this issue. Our team is reviewing your report and will follow up with you as soon as possible.` - }) + label-issue: + uses: cap-java/.github/.github/workflows/issue.yml@main diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 82a986e8..0966aeb5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,10 +20,12 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Scan With Black Duck - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main + uses: cap-java/.github/actions/scan-with-blackduck@main with: blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }} maven-version: ${{ env.MAVEN_VERSION }} + project-name: com.sap.cds.feature.attachments + included-modules: cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs scan_mode: FULL build-and-test: diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 0f49d49e..ba384f14 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -1,7 +1,7 @@ name: Reusable Workflow env: - MAVEN_VERSION: '3.9.12' + MAVEN_VERSION: "3.9.12" on: workflow_call: @@ -20,7 +20,7 @@ jobs: - name: Set up Java uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: - java-version: '17' + java-version: "17" distribution: sapmachine cache: maven @@ -41,7 +41,7 @@ jobs: strategy: fail-fast: false matrix: - java-version: [ 17, 21 ] + java-version: [17, 21] steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 @@ -74,9 +74,9 @@ jobs: strategy: fail-fast: false matrix: - java-version: [ 17, 21 ] - auth-method: [ basic, mtls ] - hyperscaler: [ AWS, AZURE, GCP ] + java-version: [17, 21] + auth-method: [basic, mtls] + hyperscaler: [AWS, AZURE, GCP] steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 @@ -120,12 +120,16 @@ jobs: auth-method: basic - name: SonarQube Scan - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-sonar@main + uses: cap-java/.github/actions/scan-with-sonar@main with: java-version: 17 maven-version: ${{ env.MAVEN_VERSION }} sonarq-token: ${{ secrets.SONARQ_TOKEN }} - github-token: ${{ secrets.GH_TOKEN }} + sonar-project-key: cds-feature-attachments + coverage-report-path: coverage-report/target/site/jacoco-aggregate/jacoco.xml + build-script: mvn clean verify -ntp -B -Dcds.install-node.skip + coverage-exclusions: >- + cds-feature-attachments/src/test/**,cds-feature-attachments/src/gen/**,storage-targets/cds-feature-attachments-fs/src/test/**,storage-targets/cds-feature-attachments-oss/src/test/** codeql: name: CodeQL Analysis (${{ matrix.language }}) @@ -145,7 +149,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: CodeQL Analysis - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-codeql@main + uses: cap-java/.github/actions/scan-with-codeql@main with: java-version: 17 maven-version: ${{ env.MAVEN_VERSION }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 13f9ff56..eba36d2d 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -24,10 +24,12 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Scan With Black Duck - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main + uses: cap-java/.github/actions/scan-with-blackduck@main with: blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }} maven-version: ${{ env.MAVEN_VERSION }} + project-name: com.sap.cds.feature.attachments + included-modules: cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs scan_mode: RAPID rapid_compare_mode: BOM_COMPARE # PRs might only be blocked by things they introduce, not by pre-existing issues that could have appeared in the main branch in the meantime diff --git a/.github/workflows/prevent-issue-labeling.yml b/.github/workflows/prevent-issue-labeling.yml index 6c350309..d1319594 100644 --- a/.github/workflows/prevent-issue-labeling.yml +++ b/.github/workflows/prevent-issue-labeling.yml @@ -7,19 +7,5 @@ on: types: [labeled] jobs: - remove_new_label: - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - name: Remove "New" label if applied by non-bot user - if: > - contains(github.event.issue.labels.*.name, 'New') && - github.event.label.name == 'New' && - github.event.sender.login != 'github-actions[bot]' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - ISSUE_NUMBER: ${{ github.event.issue.number }} - run: | - gh issue edit "$ISSUE_NUMBER" --remove-label "New" + prevent-issue-labeling: + uses: cap-java/.github/.github/workflows/prevent-issue-labeling.yml@main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ccb6547e..52cddd97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -70,11 +70,13 @@ jobs: ref: ${{ github.event.release.tag_name }} - name: Scan With Black Duck - uses: cap-java/cds-feature-attachments/.github/actions/scan-with-blackduck@main + uses: cap-java/.github/actions/scan-with-blackduck@main with: blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} maven-version: ${{ env.MAVEN_VERSION }} + project-name: com.sap.cds.feature.attachments + included-modules: cds-feature-attachments,cds-feature-attachments-oss,cds-feature-attachments-fs version: ${{ github.event.release.tag_name }} build: @@ -91,7 +93,7 @@ jobs: ref: ${{ github.event.release.tag_name }} - name: Build - uses: cap-java/cds-feature-attachments/.github/actions/build@main + uses: cap-java/.github/actions/build@main with: java-version: ${{ env.JAVA_VERSION }} maven-version: ${{ env.MAVEN_VERSION }} @@ -111,12 +113,12 @@ jobs: ref: ${{ github.event.release.tag_name }} - name: Deploy - uses: cap-java/cds-feature-attachments/.github/actions/deploy-release@main + uses: cap-java/.github/actions/deploy-release@main with: user: ${{ secrets.CENTRAL_REPOSITORY_USER }} password: ${{ secrets.CENTRAL_REPOSITORY_PASS }} - pgp-pub-key: ${{ secrets.PGP_PUBKEY_ID }} - pgp-private-key: ${{ secrets.PGP_PRIVATE_KEY }} - pgp-passphrase: ${{ secrets.PGP_PASSPHRASE }} + gpg-pub-key: ${{ secrets.PGP_PUBKEY_ID }} + gpg-private-key: ${{ secrets.PGP_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.PGP_PASSPHRASE }} revision: ${{ github.event.release.tag_name }} maven-version: ${{ env.MAVEN_VERSION }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 4feaa66f..75049d23 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -8,18 +8,4 @@ on: jobs: stale: - runs-on: ubuntu-latest - permissions: - actions: write - issues: write - pull-requests: write - steps: - - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10 - with: - close-issue-message: "This issue has been automatically closed due to 2 weeks of inactivity. If you believe this was a mistake, please reopen or comment to continue the discussion." - days-before-stale: -1 - days-before-issue-close: 14 - days-before-pr-close: -1 - stale-issue-label: "author action" - remove-issue-stale-when-updated: true - labels-to-remove-when-unstale: "author action" + uses: cap-java/.github/.github/workflows/stale.yml@main