Merge pull request #2989 from booklore-app/develop

Merge develop into master for the release

Author: acx10

.github/workflows/develop-pipeline.yml

@@ -29,10 +29,10 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set Up JDK 25
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           java-version: '25'
           distribution: 'temurin'
@@ -47,14 +47,14 @@ jobs:
         continue-on-error: true
 
       - name: Publish Backend Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2
         if: always()
         with:
           files: booklore-api/build/test-results/**/*.xml
           check_name: Backend Test Results
 
       - name: Upload Backend Test Reports
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: always()
         with:
           name: backend-test-reports
@@ -82,18 +82,27 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set Up Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
-          node-version: '22'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: booklore-ui/package-lock.json
 
       - name: Install Frontend Dependencies
         working-directory: ./booklore-ui
-        run: npm ci --force
+        run: npm ci
+
+      - name: Audit Frontend Dependencies
+        working-directory: ./booklore-ui
+        run: npm audit --audit-level=high
+
+      - name: Validate Dependency Tree
+        working-directory: ./booklore-ui
+        run: npm ls --depth=0
+
 
       - name: Execute Frontend Tests
         id: frontend_tests
@@ -104,14 +113,14 @@ jobs:
         continue-on-error: true
 
       - name: Publish Frontend Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2
         if: always()
         with:
           files: booklore-ui/test-results/vitest-results.xml
           check_name: Frontend Test Results
 
       - name: Upload Frontend Test Reports
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: always()
         with:
           name: frontend-test-reports
@@ -136,7 +145,7 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
 
@@ -161,15 +170,24 @@ jobs:
       # Native Angular build
       # ----------------------------------------
       - name: Set Up Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
-          node-version: '22'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: booklore-ui/package-lock.json
 
       - name: Install Frontend Dependencies
         working-directory: ./booklore-ui
-        run: npm ci --force
+        run: npm ci
+
+      - name: Audit Frontend Dependencies
+        working-directory: ./booklore-ui
+        run: npm audit --audit-level=high
+
+      - name: Validate Dependency Tree
+        working-directory: ./booklore-ui
+        run: npm ls --depth=0
+
 
       - name: Build Angular App
         working-directory: ./booklore-ui
@@ -179,7 +197,7 @@ jobs:
       # Native Gradle build
       # ----------------------------------------
       - name: Set Up JDK 25
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           java-version: '25'
           distribution: 'temurin'
@@ -204,24 +222,24 @@ jobs:
       # Environment setup
       # ----------------------------------------
       - name: Set Up QEMU for Multi-Arch Builds
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
 
       - name: Set Up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
       # ----------------------------------------
       # Docker login (pushes & internal PRs only)
       # ----------------------------------------
       - name: Authenticate to Docker Hub
         if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Authenticate to GitHub Container Registry
         if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -232,7 +250,7 @@ jobs:
       # ----------------------------------------
       - name: Build and push Docker image
         if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
         with:
           context: .
           file: Dockerfile.ci

.github/workflows/master-pipeline.yml

@@ -13,7 +13,7 @@ jobs:
       base_ref: ${{ steps.get_base.outputs.base_ref }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 2
       - name: Get Base Ref
@@ -41,10 +41,10 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set Up JDK 25
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           java-version: '25'
           distribution: 'temurin'
@@ -59,14 +59,14 @@ jobs:
         continue-on-error: true
 
       - name: Publish Backend Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2
         if: always()
         with:
           files: booklore-api/build/test-results/**/*.xml
           check_name: Backend Test Results
 
       - name: Upload Backend Test Reports
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: always()
         with:
           name: backend-test-reports
@@ -94,18 +94,27 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set Up Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
-          node-version: '22'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: booklore-ui/package-lock.json
 
       - name: Install Frontend Dependencies
         working-directory: ./booklore-ui
-        run: npm ci --force
+        run: npm ci
+
+      - name: Audit Frontend Dependencies
+        working-directory: ./booklore-ui
+        run: npm audit --audit-level=high
+
+      - name: Validate Dependency Tree
+        working-directory: ./booklore-ui
+        run: npm ls --depth=0
+
 
       - name: Execute Frontend Tests
         id: frontend_tests
@@ -116,14 +125,14 @@ jobs:
         continue-on-error: true
 
       - name: Publish Frontend Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v2
+        uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2
         if: always()
         with:
           files: booklore-ui/test-results/vitest-results.xml
           check_name: Frontend Test Results
 
       - name: Upload Frontend Test Reports
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: always()
         with:
           name: frontend-test-reports
@@ -148,28 +157,28 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
 
       - name: Authenticate to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Authenticate to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - name: Set Up QEMU for Multi-Architecture Builds
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
 
       - name: Set Up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
       - name: Retrieve Latest Master Version Tag
         id: get_version
@@ -238,15 +247,24 @@ jobs:
       # Native Angular build
       # ----------------------------------------
       - name: Set Up Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
-          node-version: '22'
+          node-version: '24'
           cache: 'npm'
           cache-dependency-path: booklore-ui/package-lock.json
 
       - name: Install Frontend Dependencies
         working-directory: ./booklore-ui
-        run: npm ci --force
+        run: npm ci
+
+      - name: Audit Frontend Dependencies
+        working-directory: ./booklore-ui
+        run: npm audit --audit-level=high
+
+      - name: Validate Dependency Tree
+        working-directory: ./booklore-ui
+        run: npm ls --depth=0
+
 
       - name: Build Angular App
         working-directory: ./booklore-ui
@@ -256,7 +274,7 @@ jobs:
       # Native Gradle build
       # ----------------------------------------
       - name: Set Up JDK 25
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           java-version: '25'
           distribution: 'temurin'
@@ -281,7 +299,7 @@ jobs:
       # Docker build & push
       # ----------------------------------------
       - name: Build and push Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
         with:
           context: .
           file: Dockerfile.ci
@@ -303,7 +321,7 @@ jobs:
             type=registry,ref=ghcr.io/booklore-app/booklore:buildcache,mode=max
 
       - name: Update GitHub Release Draft
-        uses: release-drafter/release-drafter@v6
+        uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6
         with:
           tag: ${{ env.new_tag }}
           name: "Release ${{ env.new_tag }}"

.github/workflows/migrations-check.yml

@@ -24,7 +24,7 @@ jobs:
       has_migrations: ${{ steps.check_migrations.outputs.has_migrations }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
 
@@ -61,7 +61,7 @@ jobs:
 
     steps:
       - name: Checkout Base Branch
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           ref: ${{ inputs.base_ref }}
           fetch-depth: 0
@@ -78,7 +78,7 @@ jobs:
             migrate
 
       - name: Checkout Head Branch
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           ref: ${{ inputs.head_ref }}
           fetch-depth: 0

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1: Build the Angular app
-FROM node:22-alpine AS angular-build
+FROM node:24-alpine AS angular-build
 
 WORKDIR /angular-app
 
@@ -56,9 +56,13 @@ LABEL org.opencontainers.image.title="BookLore" \
 
 ENV JAVA_TOOL_OPTIONS="-XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+UseStringDeduplication -XX:+UseContainerSupport -XX:+UseCompactObjectHeaders -XX:MaxRAMPercentage=75.0"
 
-RUN apk update && apk add --no-cache su-exec && \
+ARG TARGETARCH
+RUN apk update && apk add --no-cache su-exec libstdc++ libgcc && \
     mkdir -p /bookdrop
 
+COPY docker/unrar/unrar-${TARGETARCH} /usr/local/bin/unrar
+RUN chmod 755 /usr/local/bin/unrar
+
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh
 COPY --from=springboot-build /springboot-app/build/libs/booklore-api-0.0.1-SNAPSHOT.jar /app/app.jar