Merge branch 'main' into jans-cli-tui-saml

.github/CODEOWNERS

@@ -4,7 +4,8 @@
 # These owners will be the default owners for everything in this branch of
 # the repo. Unless a later match takes precedence
 
-/keycloak-integration/ @uprightech
+/jans-keycloak-integration/ @uprightech
+/jans-keycloak-link/ @shekhar16
 /docker-jans-*/ @moabu @iromli
 /automation/ @moabu
 /charts/ @moabu

.github/dependabot.yml

@@ -4,4 +4,244 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "daily"
+
+  - package-ecosystem: pip
+    directory: /automation
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /demos/benchmarking/docker-jans-loadtesting-jmeter
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /demos/benchmarking/docker-jans-loadtesting-jmeter
+    schedule:
+      interval: daily
+
+  - package-ecosystem: npm
+    directory: /demos/jans-tarp
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /demos/jans-tent
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-all-in-one
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-all-in-one/app
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-auth-server
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-auth-server
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-casa
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-casa
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-certmanager
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-certmanager
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-config-api
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-config-api
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-configurator
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-configurator
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-fido2
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-fido2
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-keycloak-link
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-keycloak-link
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-link
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-link
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-monolith
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-persistence-loader
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-persistence-loader
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-saml
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-saml
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /docker-jans-scim
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docker-jans-scim
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /docs
+    schedule:
+      interval: daily
+
+  - package-ecosystem: npm
+    directory: /jans-auth-server/server/src/main/webapp/js/crypto-js-3.1.9-1
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /jans-linux-setup
+    schedule:
+      interval: daily
+
+  - package-ecosystem: gomod
+    directory: /terraform-provider-jans
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /agama
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-auth-server
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-bom
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-casa
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-config-api
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-core
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-eleven
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-fido2
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-keycloak-integration
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-keycloak-link
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-link
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-orm
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-scim
+    schedule:
+      interval: daily
+
+  - package-ecosystem: maven
+    directory: /jans-linux-setup/jans_setup/templates/jans-keycloak-link/idp-broker-api
+    schedule:
+      interval: daily

.github/workflows/activate-nightly-build.yml

@@ -4,12 +4,22 @@ on:
   workflow_dispatch:
   schedule:
     - cron: "0 23 * * *"
+permissions:
+  contents: read
+
 jobs:
   publish_binary_packages:
+    permissions:
+      contents: write  # for Git to git push
     runs-on: ubuntu-22.04
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      with:
+        egress-policy: audit
+
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
     - name: set nightly version
       id: nightly

.github/workflows/backport.yml

@@ -4,15 +4,18 @@ on:
     types: [closed, labeled]
     branches: [main, release-*]
 permissions:
-  contents: write # so it can comment
-  pull-requests: write # so it can create pull requests
+  contents: read
+  pull-requests: read
 # WARNING:
 # When extending this action, be aware that $GITHUB_TOKEN allows write access to
 # the GitHub repository. This means that it should not evaluate user input in a
 # way that allows code injection.
 
 jobs:
   backport:
+    permissions:
+      contents: write # so it can comment
+      pull-requests: write # so it can create pull requests
     name: Backport Pull Request
     # Run the action if a PR is merged with backport labels
     # OR
@@ -28,9 +31,14 @@ jobs:
       )
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Create backport PRs
-        uses: korthout/backport-action@v1
+        uses: korthout/backport-action@bd68141f079bd036e45ea8149bc9d174d5a04703 # v1.4.0
         with:
           # Config README: https://github.com/zeebe-io/backport-action#backport-action
           github_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}

.github/workflows/build-docs.yml

@@ -22,26 +22,36 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version tag (e.g."v1.0.19")'
-        default: "v1.0.19"
+        description: 'Version tag (e.g."v1.0.21")'
+        default: "v1.0.21"
         required: false
 concurrency:
   group: run-once
   cancel-in-progress: false
+permissions:
+  contents: read
+
 jobs:
   build:
+    permissions:
+      contents: write  # for Git to git push
     if: github.repository_owner == 'JanssenProject'
     name: Deploy docs
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          egress-policy: audit
+
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           fetch-depth: 0
           token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
 
       - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: "3.10"
           cache: pip
@@ -55,7 +65,7 @@ jobs:
       - name: Checkout jans ${{ github.event.inputs.version }}
         if: >-
           github.event_name == 'workflow_dispatch'
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           ref: '${{ github.event.inputs.version }}'
           fetch-depth: 0
@@ -70,11 +80,12 @@ jobs:
       - name: Copy generated chart from main
         run: |
           helm package charts/janssen/
+          helm package charts/janssen-all-in-one/
           cp janssen-*.tgz ../
 
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0
         with:
           gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
@@ -183,8 +194,8 @@ jobs:
           mike alias -u head main
           mike alias -u "${STABLE}" stable
           mike set-default --push stable
-          echo ::set-output name=LATEST::${LATEST}
-          echo ::set-output name=STABLE::${STABLE}
+          echo "LATEST=${LATEST}" >> $GITHUB_OUTPUT
+          echo "STABLE=${STABLE}" >> $GITHUB_OUTPUT
 
       # Ensures the current branch is gh-pages,
       # Creates / updates the "stable" and "latest" plain text files with the corresponding versions