diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
deleted file mode 100644
index c295f22c..00000000
--- a/.github/workflows/codeql.yml
+++ /dev/null
@@ -1,94 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL Advanced"
-
-on:
- push:
- branches: [ "main" ]
- pull_request:
- branches: [ "main" ]
- schedule:
- - cron: '24 18 * * 2'
-
-jobs:
- analyze:
- name: Analyze (${{ matrix.language }})
- # Runner size impacts CodeQL analysis time. To learn more, please see:
- # - https://gh.io/recommended-hardware-resources-for-running-codeql
- # - https://gh.io/supported-runners-and-hardware-resources
- # - https://gh.io/using-larger-runners (GitHub.com only)
- # Consider using larger runners or machines with greater resources for possible analysis time improvements.
- runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
- timeout-minutes: 30
- permissions:
- # required for all workflows
- security-events: write
-
- # required to fetch internal or private CodeQL packs
- packages: read
-
- # only required for workflows in private repositories
- actions: read
- contents: read
-
- strategy:
- fail-fast: false
- matrix:
- include:
- - language: java-kotlin
- build-mode: manual
- # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
- # Use `c-cpp` to analyze code written in C, C++ or both
- # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
- # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
- # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
- # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
- # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
- # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
- steps:
- - name: Checkout repository
- uses: actions/checkout@v6
-
- - name: Set up Java
- if: matrix.build-mode == 'manual'
- uses: actions/setup-java@v5
- with:
- java-version: '17'
- distribution: 'sapmachine'
- cache: 'maven'
-
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v4
- with:
- languages: ${{ matrix.language }}
- build-mode: ${{ matrix.build-mode }}
- # If you wish to specify custom queries, you can do so here or in a config file.
- # By default, queries listed here will override any specified in a config file.
- # Prefix the list here with "+" to use these queries and those in the config file.
-
- # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
- # queries: security-extended,security-and-quality
-
- # If the analyze step fails for one of the languages you are analyzing with
- # "We were unable to automatically build your code", modify the matrix above
- # to set the build mode to "manual" for that language. Then modify this step
- # to build your code.
- - name: Build Java code
- if: matrix.build-mode == 'manual'
- shell: bash
- run: mvn clean compile -DskipTests -B -ntp
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v4
- with:
- category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..55dbf538
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,13 @@
+name: CI
+
+on:
+ workflow_dispatch:
+ push:
+ branches: [main]
+
+jobs:
+ build-and-test:
+ uses: ./.github/workflows/pipeline.yml
+ with:
+ deploy-snapshot: true
+ secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/pipeline.yml
similarity index 73%
rename from .github/workflows/ci.yml
rename to .github/workflows/pipeline.yml
index e08e03ff..e307caf3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/pipeline.yml
@@ -1,46 +1,33 @@
-name: CI
+name: Reusable Workflow
env:
MAVEN_VERSION: '3.9.12'
# Cloud storage environment variables (available to all jobs that need them)
+ ## AWS
AWS_S3_HOST: ${{ secrets.AWS_S3_HOST }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_S3_REGION: ${{ secrets.AWS_S3_REGION }}
AWS_S3_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
AWS_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }}
+ ## Azure
AZURE_CONTAINER_URI: ${{ secrets.AZURE_CONTAINER_URI }}
AZURE_SAS_TOKEN: ${{ secrets.AZURE_SAS_TOKEN }}
+ ## GCP
GS_BASE_64_ENCODED_PRIVATE_KEY_DATA: ${{ secrets.GS_BASE_64_ENCODED_PRIVATE_KEY_DATA }}
GS_BUCKET: ${{ secrets.GS_BUCKET }}
GS_PROJECT_ID: ${{ secrets.GS_PROJECT_ID }}
- # Tokens
- SONARQ_TOKEN: ${{ secrets.SONARQ_TOKEN }}
- GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
- BLACK_DUCK_TOKEN: ${{ secrets.BLACK_DUCK_TOKEN }}
on:
- workflow_dispatch:
- push:
- branches: [main]
- pull_request_target:
- branches: [main]
- types: [reopened, synchronize, opened]
+ workflow_call:
+ inputs:
+ deploy-snapshot:
+ required: true
+ type: boolean
+ default: false
jobs:
- requires-approval:
- runs-on: ubuntu-latest
- timeout-minutes: 30
- name: "Waiting for PR approval as this workflow runs on pull_request_target"
- if: github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.owner.login != 'cap-java'
- environment: pr-approval
- steps:
- - name: Approval Step
- run: echo "This job has been approved!"
-
build:
name: Build (Java ${{ matrix.java-version }})
- if: always() && (needs.requires-approval.result == 'success' || needs.requires-approval.result == 'skipped')
- needs: requires-approval
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
@@ -71,7 +58,6 @@ jobs:
integration-tests:
name: Integration Tests (Java ${{ matrix.java-version }}, ${{ matrix.test-type }})
- if: always() && (needs.requires-approval.result == 'success' || needs.requires-approval.result == 'skipped')
runs-on: ubuntu-latest
timeout-minutes: 30
needs: build
@@ -97,7 +83,6 @@ jobs:
sonarqube-scan:
name: SonarQube Scan
- if: always() && (needs.requires-approval.result == 'success' || needs.requires-approval.result == 'skipped')
runs-on: ubuntu-latest
timeout-minutes: 30
needs: build
@@ -109,15 +94,50 @@ jobs:
with:
java-version: 17
maven-version: ${{ env.MAVEN_VERSION }}
- sonarq-token: ${{ env.SONARQ_TOKEN }}
- github-token: ${{ env.GITHUB_TOKEN }}
+ sonarq-token: ${{ secrets.SONARQ_TOKEN }}
+ github-token: ${{ secrets.GH_TOKEN }}
+
+ codeql:
+ name: CodeQL Analysis
+ runs-on: ubuntu-latest
+ needs: build
+ timeout-minutes: 30
+ permissions:
+ security-events: write
+ packages: read
+ actions: read
+ contents: read
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v6
+
+ - name: Set up Java
+ uses: actions/setup-java@v5
+ with:
+ java-version: '17'
+ distribution: 'sapmachine'
+ cache: 'maven'
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v4
+ with:
+ languages: java-kotlin
+ build-mode: manual
+
+ - name: Build Java code
+ run: mvn clean compile -DskipTests -B -ntp
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v4
+ with:
+ category: "/language:java-kotlin"
deploy-snapshot:
name: Deploy snapshot to Artifactory
- if: always() && (needs.requires-approval.result == 'success' || needs.requires-approval.result == 'skipped')
runs-on: ubuntu-latest
timeout-minutes: 30
- needs: [build, integration-tests]
+ if: ${{ inputs.deploy-snapshot == true }}
+ needs: [build, integration-tests, codeql]
steps:
- name: Checkout
uses: actions/checkout@v6
@@ -154,13 +174,7 @@ jobs:
- name: Deploy snapshot
if: ${{ endsWith(steps.get-revision.outputs.REVISION, '-SNAPSHOT') }}
- run: >
- mvn -B -ntp -fae
- -pl !integration-tests,!integration-tests/db,!integration-tests/srv
- -Dmaven.install.skip=true
- -Dmaven.test.skip=true
- -DdeployAtEnd=true
- deploy ${{ env.DRY_RUN_PARAM }}
+ run: mvn -B -ntp -fae -pl !integration-tests,!integration-tests/db,!integration-tests/srv -Dmaven.install.skip=true -Dmaven.test.skip=true -DdeployAtEnd=true deploy
env:
DEPLOYMENT_USER: ${{ secrets.DEPLOYMENT_USER }}
DEPLOYMENT_PASS: ${{ secrets.DEPLOYMENT_PASS }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
new file mode 100644
index 00000000..f5e56ff3
--- /dev/null
+++ b/.github/workflows/pr.yml
@@ -0,0 +1,24 @@
+name: CI
+
+on:
+ workflow_dispatch:
+ pull_request_target:
+ branches: [main]
+ types: [reopened, synchronize, opened]
+
+jobs:
+ requires-approval:
+ runs-on: ubuntu-latest
+ name: "Waiting for PR approval as this workflow runs on pull_request_target"
+ if: github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.owner.login != 'cap-java'
+ environment: pr-approval
+ steps:
+ - name: Approval Step
+ run: echo "This job has been approved!"
+
+ build-and-test:
+ if: always() && (needs.requires-approval.result == 'success' || needs.requires-approval.result == 'skipped')
+ uses: ./.github/workflows/pipeline.yml
+ with:
+ deploy-snapshot: false
+ secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/main-build-and-deploy-oss.yml b/.github/workflows/release.yml
similarity index 100%
rename from .github/workflows/main-build-and-deploy-oss.yml
rename to .github/workflows/release.yml
diff --git a/pom.xml b/pom.xml
index 71432d38..c55e6752 100644
--- a/pom.xml
+++ b/pom.xml
@@ -406,7 +406,6 @@
cds-feature-attachments-integration-tests-parent
cds-feature-attachments-integration-tests-db
cds-feature-attachments-integration-tests-srv
- cds-feature-attachments-fs