it-at-m · hupling · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,84 @@
+# Workflow for advanced CodeQL setup used for scanning Java/JavaScript/TypeScript/Vue/Python based source files
+name: "CodeQL Advanced"
+env:
+  # Whether to analyze Java code or not (only set to true if repo has Java source code)
+  analyze-java: true
+  # Build mode to use for analysis of Java code (e.g. none, autobuild, manual)
+  java-buildmode: "autobuild"
+  # Temurin JDK version to use for autobuild (only when java-buildmode is set to autobuild)
+  java-version: "21"
+  # Whether to analyze JavaScript/TypeScript/Vue code or not (only set to true if repo has Javascript/Typescript/Vue source code)
+  analyze-javascript-typescript-vue: true
+  # Whether to analyze Python code or not (only set to true if repo has Python source code)
+  analyze-python: false
+  # Query set to use when analyzing the source code (e.g. default, security-extended, security-and-quality)
+  analysis-query: security-and-quality
+
+on:
+  # Runs on pull requests and on pushes to main (in order to keep the regular scanning by GitHub working)
+  pull_request:
+  push:
+    branches: 
+
+permissions:
+  pull-requests: read
+  security-events: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-changes:
+    name: Check changed files and directories
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    outputs:
+      java: ${{ steps.filter.outputs.java }}
+      javascript-typescript-vue: ${{ steps.filter.outputs.javascript-typescript-vue }}
+      python: ${{ steps.filter.outputs.python }}
+    steps:
+      - name: Checkout repository
+        uses: it-at-m/lhm_actions/action-templates/actions/action-checkout@codeql
+      - name: Path Filter
+        id: filter
+        uses: it-at-m/lhm_actions/action-templates/actions/action-filter@codeql
+  codeql-java:
+    name: Analyze Java source files
+    runs-on: ubuntu-latest
+    needs: check-changes
+
+    strategy:
+      fail-fast: false
+      matrix:
+        build-path: ["./refarch-backend", "./refarch-eai"] # JSON array formatted as string, contains the paths to the java projects to build
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/[email protected]
+        if: env.analyze-java && (github.ref_name == 'main' || needs.check-changes.outputs.java == 'true')
+        with:
+          codeql-language: java-kotlin
+          codeql-buildmode: ${{ env.java-buildmode }}
+          codeql-query: ${{ env.analysis-query }}
+          java-version: ${{ env.java-version }}
+          path: ${{ matrix.build-path }}
+  codeql-javascript-typescript-vue:
+    name: Analyze JavaScript/TypeScript/Vue source files
+    runs-on: ubuntu-latest
+    needs: check-changes
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/[email protected]
+        if: env.analyze-javascript-typescript-vue && (github.ref_name == 'main' || needs.check-changes.outputs.javascript-typescript-vue == 'true')
+        with:
+          codeql-language: javascript-typescript
+          codeql-query: ${{ env.analysis-query }}
+  codeql-python:
+    name: Analyze Python source files
+    runs-on: ubuntu-latest
+    needs: check-changes
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/[email protected]
+        if: env.analyze-python && (github.ref_name == 'main' || needs.check-changes.outputs.python == 'true')
+        with:
+          codeql-language: python
+          codeql-query: ${{ env.analysis-query }}
diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml
@@ -1,26 +1,30 @@
-name: npm-release
+name: Npm Release
 
-on:
+on:  # yamllint disable-line rule:truthy
   workflow_dispatch:
     inputs:
-      releaseVersion:
+      release-version:
         type: choice
-        description: "Add node release."
+        description: "Select version increment type (follows Semantic Versioning)"
         required: true
         options:
           - patch
           - minor
           - major
       app-path:
         type: choice
-        description: Service-Name
+        description: "Select the node service to release"
         required: true
+        default: sps-frontend
         options:
-          - sps-frontend # todo: muss angepasst werden. eigenen Ordner verwenden
-
+          - sps-frontend # Add or modify frontend paths according to your project structure
+      skip-deployment:
+        default: true
+        type: boolean
+        description: "skip deployment to npm registry"
 jobs:
   release:
-    name: Release
+    name: release
     runs-on: ubuntu-latest
     permissions:
       contents: write # to be able to publish a GitHub release
@@ -29,66 +33,45 @@ jobs:
       id-token: write # to enable use of OIDC for npm provenance
     outputs:
       ARTIFACT_NAME: ${{ steps.node.outputs.artifact-name }}
-      VERSION: ${{steps.node-release.outputs.VERSION}}
-    env: 
-     skipDeployment: false
+      ARTIFACT_VERSION: ${{steps.npm_release.outputs.ARTIFACT_VERSION}}
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
+      - id: npm_release
+        uses: it-at-m/lhm_actions/action-templates/actions/action-npm-release@fix-npm-release
         with:
-          node-version: "22"
-
-
-      - id: node-release
-        name: Bump version and create git tag
-        working-directory: ./${{inputs.app-path}}
-        run: | 
-         NEW_VERSION=$(npm version ${{inputs.releaseVersion}}) || exit 1
-         echo "VERSION=$NEW_VERSION" >> "$GITHUB_OUTPUT"
-         git config --global user.email "[email protected]"
-         git config --global user.name "GitHub Actions"
-         git add package.json package-lock.json
-         git commit -m "Bump version to ${NEW_VERSION}" || exit 1
-         git tag "${NEW_VERSION}" || exit 1
-         git push && git push --tags || exit 1
+          app-path: ${{inputs.app-path}}
+          releaseVersion: ${{inputs.release-version}}
       - id: node
-        uses: it-at-m/.github/.github/actions/action-npm-build@main
+        uses: it-at-m/lhm_actions/action-templates/actions/action-npm-build@fix-npm-release
         with:
-          app-path:  "${{ inputs.app-path }}"
-      - if: "${{ !env.skipDeployment }}"
-        run: npm publish   # publish
+          app-path: "${{ inputs.app-path }}"
+      - if: "${{ !inputs.skip-deployment }}"
+        shell: bash
+        working-directory: ./${{inputs.app-path}}
+        run: npm --prefix ./${{ inputs.app-path }} publish --provenance --access public
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # in der GitHub it-at-m Orga zentral hinterlegter Token
-  build-image:  
+          NODE_AUTH_TOKEN: ${{ inputs.npm-token }} # Centralized token in it-at-m GitHub organization
+
+  build-image:
     runs-on: ubuntu-latest
     needs: release
     steps:
-      - uses: it-at-m/.github/.github/actions/action-build-image@main
+      - uses: it-at-m/lhm_actions/action-templates/actions/action-build-image@0adbb607339cb32296289c8c319970b9ef2121cb # v1.0.2
         with:
-          path: "${{  inputs.app-path }}"
-          image-name: "${{  inputs.app-path }}"
-          artifact-name:  ${{ needs.release.outputs.ARTIFACT_NAME }}
+          path: "${{ inputs.app-path }}"
+          image-name: "${{ inputs.app-path }}"
+          artifact-name: ${{ needs.release.outputs.ARTIFACT_NAME }}
           registry-password: ${{ secrets.GITHUB_TOKEN }}
           registry-username: ${{ github.actor }}
           image-tags: |
-            type=semver,pattern={{version}},value=${{ needs.release.outputs.VERSION }}
+            type=semver,pattern={{version}},value=${{ needs.release.outputs.ARTIFACT_VERSION }}
+            type=raw,value=latest
   create-github-release:
     needs: release
     runs-on: ubuntu-latest
     steps:
-      - name: Download a single artifact
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          name: ${{ needs.release.outputs.ARTIFACT_NAME }}
       - name: Create GitHub Release
         id: create_release
-        uses: softprops/action-gh-release@v2
+        uses: it-at-m/lhm_actions/action-templates/actions/action-create-github-release@0adbb607339cb32296289c8c319970b9ef2121cb # v1.0.2
         with:
-          tag_name: ${{ needs.release.outputs.VERSION }}
-          draft: false
-          prerelease: false
-          generate_release_notes: false
-
+          artifact-name: ${{ needs.release.outputs.ARTIFACT_NAME }}
+          tag-name: ${{ needs.release.outputs.ARTIFACT_VERSION }}
diff --git a/sps-frontend/package-lock.json b/sps-frontend/package-lock.json
diff --git a/sps-frontend/package.json b/sps-frontend/package.json
@@ -1,6 +1,6 @@
 {
     "name": "beispielprojekt-frontend-frontend",
-    "version": "0.1.22",
+    "version": "0.2.2",
     "private": true,
     "scripts": {
         "serve": "vite",