cap-java · mtsvetanov071 · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025
diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml
@@ -0,0 +1,39 @@
+name: Maven Build
+description: "Builds a Maven project."
+
+inputs:
+  java-version:
+    description: "The Java version the build shall run with."
+    required: true
+  maven-version:
+    description: "The Maven version the build shall run with."
+    required: true
+  mutation-testing:
+    description: "Whether to run mutation testing."
+    default: 'true'
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Java ${{ inputs.java-version }}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: sapmachine
+        cache: maven
+
+    - name: Setup Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Piper Maven build
+      uses: SAP/project-piper-action@main
+      with:
+        step-name: mavenBuild
+
+    #- name: Mutation Testing
+    #  if: ${{ inputs.mutation-testing == 'true' }}
+    #  run: mvn org.pitest:pitest-maven:mutationCoverage -f cds-feature-auditlog-ng/pom.xml -ntp -B
+    #  shell: bash
diff --git a/.github/actions/deploy-release/action.yml b/.github/actions/deploy-release/action.yml
@@ -0,0 +1,94 @@
+name: Deploy Release to Maven Central
+description: "Deploys released artifacts to Maven Central repository."
+
+inputs:
+  user:
+    description: "The user used for the upload (technical user for maven central upload)"
+    required: true
+  password:
+    description: "The password used for the upload (technical user for maven central upload)"
+    required: true
+  profile:
+    description: "The profile id"
+    required: true
+  pgp-pub-key:
+    description: "The public pgp key ID"
+    required: true
+  pgp-private-key:
+    description: "The private pgp key"
+    required: true
+  pgp-passphrase:
+    description: "The passphrase for pgp"
+    required: true
+  revision:
+    description: "The revision of cds-feature-auditlog-ng"
+    required: true
+  maven-version:
+    description: "The Maven version the build shall run with."
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Echo Inputs
+      run: |
+        echo "user: ${{ inputs.user }}"
+        echo "profile: ${{ inputs.profile }}"
+        echo "revision: ${{ inputs.revision }}"
+      shell: bash
+
+    - name: Set up Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: sapmachine
+        java-version: '17'
+        cache: maven
+        server-id: ossrh
+        server-username: MAVEN_CENTRAL_USER
+        server-password: MAVEN_CENTRAL_PASSWORD
+
+    - name: Set up Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Import GPG Key
+      run: |
+        echo "${{ inputs.pgp-private-key }}" | gpg --batch --passphrase "$PASSPHRASE" --import
+      shell: bash
+      env:
+        PASSPHRASE: ${{ inputs.pgp-passphrase }}
+
+    - name: Deploy Locally
+      run: >
+        mvn -B -ntp -fae --show-version
+        -Durl=file:./temp_local_repo
+        -Dmaven.install.skip=true
+        -Dmaven.test.skip=true
+        -Dgpg.passphrase="$GPG_PASSPHRASE"
+        -Dgpg.keyname="$GPG_PUB_KEY"
+        -Drevision="${{ inputs.revision }}"
+        deploy
+      working-directory: ./deploy-oss
+      shell: bash
+      env:
+        MAVEN_CENTRAL_USER: ${{ inputs.user }}
+        MAVEN_CENTRAL_PASSWORD: ${{ inputs.password }}
+        GPG_PASSPHRASE: ${{ inputs.pgp-passphrase }}
+        GPG_PUB_KEY: ${{ inputs.pgp-pub-key }}
+
+    - name: Deploy Staging
+      run: >
+        mvn -B -ntp -fae --show-version
+        org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:deploy-staged-repository
+        -DserverId=ossrh
+        -DnexusUrl=https://oss.sonatype.org
+        -DrepositoryDirectory=./temp_local_repo
+        -DstagingProfileId="$MAVEN_CENTRAL_PROFILE_ID"
+        -Drevision="${{ inputs.revision }}"
+      working-directory: ./deploy-oss
+      shell: bash
+      env:
+        MAVEN_CENTRAL_USER: ${{ inputs.user }}
+        MAVEN_CENTRAL_PASSWORD: ${{ inputs.password }}
+        MAVEN_CENTRAL_PROFILE_ID: ${{ inputs.profile }}
diff --git a/.github/actions/deploy/action.yml b/.github/actions/deploy/action.yml
@@ -0,0 +1,62 @@
+name: Deploy to artifactory
+description: "Deploys artifacts to artifactory."
+
+inputs:
+  repository-url:
+    description: "The URL of the repository to upload to."
+    required: true
+  server-id:
+    description: "The service id of the repository to upload to."
+    required: true
+  user:
+    description: "The user used for the upload."
+    required: true
+  password:
+    description: "The password used for the upload."
+    required: true
+  pom-file:
+    description: "The path to the POM file."
+    required: false
+    default: "pom.xml"
+  maven-version:
+    description: "The Maven version the build shall run with."
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Echo Inputs
+      run: |
+        echo "repository-url: ${{ inputs.repository-url }}"
+        echo "user: ${{ inputs.user }}"
+        echo "password: ${{ inputs.password }}"
+        echo "pom-file: ${{ inputs.pom-file }}"
+        echo "altDeploymentRepository: ${{inputs.server-id}}::${{inputs.repository-url}}"
+      shell: bash
+
+    - name: Setup Java 17
+      uses: actions/setup-java@v4
+      with:
+        distribution: sapmachine
+        java-version: '17'
+        server-id: ${{ inputs.server-id }}
+        server-username: DEPLOYMENT_USER
+        server-password: DEPLOYMENT_PASS
+
+    - name: Setup Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Deploy
+      run: >
+        mvn -B -ntp -fae --show-version
+        -DaltDeploymentRepository=${{inputs.server-id}}::${{inputs.repository-url}}
+        -Dmaven.install.skip=true
+        -Dmaven.test.skip=true
+        -f ${{ inputs.pom-file }}
+        deploy
+      env:
+        DEPLOYMENT_USER: ${{ inputs.user }}
+        DEPLOYMENT_PASS: ${{ inputs.password }}
+      shell: bash
diff --git a/.github/actions/newrelease/action.yml b/.github/actions/newrelease/action.yml
@@ -0,0 +1,36 @@
+name: Update POM with new release
+description: Updates the revision property in the POM file with the new release version.
+
+inputs:
+  java-version:
+    description: "The Java version the build shall run with."
+    required: true
+  maven-version:
+    description: "The Maven version the build shall run with."
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Java ${{ inputs.java-version }}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: sapmachine
+        cache: maven
+
+    - name: Setup Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Update version
+      run: |
+        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+        mvn --no-transfer-progress versions:set-property -Dproperty=revision -DnewVersion=$VERSION
+        git config --global user.name 'github-actions[bot]'
+        git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+        git checkout -b main
+        git commit -am "Update version to $VERSION"
+        git push --set-upstream origin main
+      shell: bash
diff --git a/.github/actions/scan-with-blackduck/action.yaml b/.github/actions/scan-with-blackduck/action.yaml
@@ -0,0 +1,54 @@
+name: "Scan with BlackDuck"
+description: "Scans the project with BlackDuck"
+
+inputs:
+  blackduck_token:
+    description: "The token to use for BlackDuck authentication"
+    required: true
+  github_token:
+    description: "The token to use for GitHub authentication"
+    required: true
+  java-version:
+    description: "The version of Java to use"
+    default: '17'
+    required: false
+  maven-version:
+    description: "The Maven version the build shall run with."
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Java ${{ inputs.java-version }}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ inputs.java-version }}
+        distribution: sapmachine
+        cache: maven
+
+    - name: Setup Maven ${{ inputs.maven-version }}
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: ${{ inputs.maven-version }}
+
+    - name: Get Major Version
+      id: get-major-version
+      run: |
+        echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Print Version Number
+      run: echo "${{ steps.get-major-version.outputs.REVISION }}"
+      shell: bash
+
+    - name: BlackDuck Scan
+      uses: SAP/project-piper-action@main
+      with:
+        step-name: detectExecuteScan
+        flags: \
+          --githubToken=$GITHUB_token \
+          --version=${{ steps.get-major-version.outputs.REVISION }}
+      env:
+        PIPER_token: ${{ inputs.blackduck_token }}
+        GITHUB_token: ${{ inputs.github_token }}
+        SCAN_MODE: FULL
diff --git a/.github/actions/scan-with-sonar/action.yaml b/.github/actions/scan-with-sonar/action.yaml
@@ -0,0 +1,48 @@
+name: Scan with SonarQube
+description: Scans the project with SonarQube
+
+inputs:
+  sonarq-token:
+    description: The token to use for SonarQube authentication
+    required: true
+  github-token:
+    description: The token to use for GitHub authentication
+    required: true
+  java-version:
+    description: The version of Java to use
+    required: true
+  maven-version:
+    description: The version of Maven to use
+    required: true
+
+runs:
+  using: composite
+
+  steps:
+    - name: Set up Java ${{inputs.java-version}}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{inputs.java-version}}
+        distribution: sapmachine
+        cache: maven
+
+    - name: Set up Maven ${{inputs.maven-version}}
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: ${{inputs.maven-version}}
+
+    - name: Get Revision
+      id: get-revision
+      run: |
+        echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Print Revision
+      run: echo "${{steps.get-revision.outputs.REVISION}}"
+      shell: bash
+
+    - name: SonarQube Scan
+      uses: SAP/project-piper-action@main
+      with:
+        step-name: sonarExecuteScan
+        flags: --token=${{inputs.sonarq-token}} --githubToken=${{inputs.github-token}} --version=${{steps.get-revision.outputs.REVISION}} --inferJavaBinaries=true
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: maven
+    directories:
+      - "/**/*"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily