Update workflows (#335)

* added maven_args to skip tests

* [maven-release-plugin] prepare release dave-frontend-2.0.1

* [maven-release-plugin] prepare for next development iteration

* Updated build_push_feature workflow

* Update build_push_stable.yaml

* Update build.yaml

* Delete .github/workflows/snapshot_build.yaml

* AD default.yml

* skipped tests

* skipped tests

* Update build_push_stable.yaml

---------

Co-authored-by: GitHub Actions <[email protected]>

Author: vermali

.github/workflows/build.yaml

@@ -11,12 +11,14 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Advance Security Policy as Code
-        uses: advanced-security/policy-as-code@v2.4.1
+        uses: advanced-security/policy-as-code@v2.5.0
         with:
-          policy: it-at-m/policy-as-code
-          policy-path: default.yaml
-          token: ${{ secrets.GITHUB_TOKEN }}
-          argvs: "--disable-dependabot --disable-secret-scanning --disable-code-scanning --display"
+          policy: GeekMasher/security-queries
+          policy-path: $GITHUB_WORKSPACE/policies/default.yml
+
+          token: ${{ secrets.ACCESS_TOKEN }}
+
+          argvs: '--disable-dependabot --disable-secret-scanning --disable-code-scanning'
 
   build-maven:
     needs: compliance
@@ -34,10 +36,10 @@ jobs:
           distribution: "temurin"
           cache: "maven"
 
-      - name: Set up Node 16
-        uses: actions/setup-node@v3
+      - name: Set up Node
+        uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: 18
 
       - name: Build with Maven
-        run: mvn -B verify "-Dspring-boot.run.jvmArguments=-Dfile.encoding=UTF-8" -DskipTests=true
+        run: mvn -B verify -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dmaven.test.skip

.github/workflows/build_feature.yaml

@@ -0,0 +1,65 @@
+name: Build feature branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'What should the image be tagged as?'
+        required: false
+        default: 'dev'
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    
+    permissions:
+      contents: read
+      packages: write
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # use tag from input
+            type=raw,value=${{ github.event.inputs.tag }},enable=true
+          labels: |
+            maintainer=it@m, Landeshauptstadt Muenchen (LHM)
+
+      - name: Install Java and Maven
+        uses: actions/setup-java@v3
+        with:
+          java-version: "21"
+          distribution: "temurin"
+          cache: "maven"
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+
+      - name: Build with Maven
+        run: mvn -B verify -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dmaven.test.skip
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/build_push_feature.yaml

@@ -2,30 +2,14 @@ name: build image and push to ghcr.io
 
 on: 
   push:
-    branches: ["main-ls2", "sprint"]
+    branches: ["main-ng", "sprint"]
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
-  compliance:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Advance Security Policy as Code
-        uses: advanced-security/[email protected]
-        with:
-          policy: it-at-m/policy-as-code
-          policy-path: default.yaml
-          token: ${{ secrets.GITHUB_TOKEN }}
-          argvs: "--disable-dependabot --disable-secret-scanning --disable-code-scanning --display"
-
   build-and-push-image:
-    needs: compliance
     runs-on: ubuntu-latest
 
     permissions:
@@ -48,6 +32,11 @@ jobs:
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # set latest tag for sprint branch
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'sprint') }}
+            # set stable tag for main-ls2 branch
+            type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'main-ng') }}
           labels: |
             maintainer=it@m, Landeshauptstadt Muenchen (LHM)
       
@@ -58,13 +47,13 @@ jobs:
           distribution: "temurin"
           cache: "maven"
 
-      - name: Set up Node 16
-        uses: actions/setup-node@v3
+      - name: Set up Node
+        uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: 18
 
       - name: Build with Maven
-        run: mvn -B verify "-Dspring-boot.run.jvmArguments=-Dfile.encoding=UTF-8" -DskipTests=true -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
+        run: mvn -B verify -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dmaven.test.skip
 
       - name: Build and push Docker image
         uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
@@ -73,3 +62,4 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          

.github/workflows/build_push_ghcr.yaml renamed to .github/workflows/build_push_stable.yaml

@@ -20,9 +20,10 @@ jobs:
       ARTIFACT_NAME: ${{ steps.maven-release-step.outputs.artifact-name }}
     env:
       TZ: Europe/Berlin # timezone
+      MAVEN_ARGS: -Dmaven.test.skip
     steps:
       - id: maven-release-step
-        uses: it-at-m/.github/.github/actions/action-maven-release@main
+        uses: it-at-m/lhm_actions/action-templates/actions/action-maven-release@v1.0.0
         with:
           app-path: ""
           releaseVersion: "${{ github.event.inputs.releaseVersion }}"
@@ -35,7 +36,7 @@ jobs:
     steps:
       - name: Create GitHub Release
         id: create_release
-        uses: it-at-m/.github/.github/actions/action-create-github-release@main
+        uses: it-at-m/lhm_actions/action-templates/actions/action-create-github-release@v1.0.0
         with:
           artifact-name: ${{ needs.release-maven.outputs.ARTIFACT_NAME }}
           tag-name: ${{ needs.release-maven.outputs.MVN_ARTIFACT_ID }}-${{ github.event.inputs.releaseVersion }}

.github/workflows/release.yaml

@@ -5,7 +5,7 @@
 
     <groupId>de.muenchen.dave.apigateway</groupId>
     <artifactId>dave-frontend-apigateway</artifactId>
-    <version>1.17.1-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>dave_frontend_apigateway</name>
 
@@ -141,7 +141,7 @@
         <!-- Frontend Lib -->
         <dependency>
             <groupId>de.muenchen.dave.frontend</groupId>
-            <version>1.17.1-SNAPSHOT</version>
+            <version>2.0.2-SNAPSHOT</version>
             <artifactId>dave-frontend-frontend</artifactId>
             <scope>runtime</scope>
         </dependency>
@@ -216,8 +216,8 @@
                         <eclipse>
                             <file>itm-java-codeformat/java_codestyle_formatter.xml</file>
                         </eclipse>
-                        <trimTrailingWhitespace/>
-                        <endWithNewline/>
+                        <trimTrailingWhitespace />
+                        <endWithNewline />
                     </java>
                 </configuration>
                 <executions>

.github/workflows/snapshot_build.yaml

@@ -5,7 +5,7 @@
 
     <groupId>de.muenchen.dave.frontend</groupId>
     <artifactId>dave-frontend-frontend</artifactId>
-    <version>1.17.1-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>dave_frontend_frontend</name>
 

apigateway/pom.xml

@@ -0,0 +1,32 @@
+name: Default Policy
+
+codescanning:
+  level: error
+
+# Dependency Security Alters
+dependabot:
+  level: high
+
+# Dependency Licensing Alerts
+licensing:
+  conditions:
+    ids:
+      - GPL-*
+      - LGPL-*
+      - AGPL-*
+
+  warnings:
+    # Warning is the dependency isn't known
+    ids:
+      - Other
+      - NA
+
+# General Dependency Alerts
+# dependencies:
+  # warnings:
+  #   ids:
+  #     - Maintenance
+  #     - Organization
+
+secretscanning:
+  level: all