Merge branch 'develop' into update-from-template-merged

Author: xdev-gh-bot

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -15,9 +15,9 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/template-placeholder/releases/latest)"
+        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/mockserver-neolight/releases/latest)"
           required: true
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/mockserver-neolight/issues) or [closed](https://github.com/xdev-software/mockserver-neolight/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/enhancement.yml

@@ -13,7 +13,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/mockserver-neolight/issues) or [closed](https://github.com/xdev-software/mockserver-neolight/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/question.yml

@@ -12,7 +12,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/mockserver-neolight/issues) or [closed](https://github.com/xdev-software/mockserver-neolight/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the question will be dismissed otherwise."
           required: true

.github/workflows/check-build.yml

@@ -19,9 +19,6 @@ on:
       - '.idea/**'
       - 'assets/**'
 
-env:
-  DEMO_MAVEN_MODULE: ${{ github.event.repository.name }}-demo
-
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -48,7 +45,7 @@ jobs:
           ${{ runner.os }}-mvn-build-
 
     - name: Build with Maven
-      run: ./mvnw -B clean package
+      run: ./mvnw -B clean package -P run-integration-tests
 
     - name: Check for uncommited changes
       run: |
@@ -68,13 +65,27 @@ jobs:
           exit 1
         fi
 
-    - name: Upload demo files
+    - name: Upload standalone server JAR
       uses: actions/upload-artifact@v4
       with:
-        name: demo-files-java-${{ matrix.java }}
-        path: ${{ env.DEMO_MAVEN_MODULE }}/target/${{ env.DEMO_MAVEN_MODULE }}.jar
+        name: server-${{ matrix.java }}
+        path: server/target/server-standalone.jar
         if-no-files-found: error
 
+    # Build docker
+    - uses: docker/setup-qemu-action@v3
+
+    - uses: docker/setup-buildx-action@v3
+
+    - uses: docker/build-push-action@v6
+      with:
+        context: ./server
+        push: false
+        tags: mockserver-standalone:experimental
+        platforms: linux/amd64,linux/arm64
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
   checkstyle:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
@@ -148,7 +159,8 @@ jobs:
       run: ./mvnw -B test pmd:aggregate-pmd-no-fork pmd:check -P pmd -DskipTests -T2C
 
     - name: Run CPD (Copy Paste Detector)
-      run: ./mvnw -B pmd:aggregate-cpd pmd:cpd-check -P pmd -DskipTests -T2C
+      # Todo: Readd pmd:cpd-check - Disabled for now due to upstream code
+      run: ./mvnw -B pmd:aggregate-cpd -P pmd -DskipTests -T2C
 
     - name: Upload report
       if: always()

.github/workflows/image-vuln-scan.yml

@@ -0,0 +1,68 @@
+name: Image vuln scan
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "22 7 * * 0"
+
+permissions:
+  issues: write
+
+env:
+  # Note: Use ghcr since we have no rate limiting there
+  TRIVYY_IMAGE_REF: 'ghcr.io/xdev-software/mockserver-neolight:latest'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    continue-on-error: true # Ignore errors, we create an issue instead
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Scan - Full
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ env.TRIVYY_IMAGE_REF }}
+
+      - name: Scan - Relevant
+        id: scan_relevant
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ env.TRIVYY_IMAGE_REF }}
+          exit-code: 1
+          severity: 'HIGH,CRITICAL,UNKNOWN'
+          output: reported.txt
+        env:
+          TRIVY_DISABLE_VEX_NOTICE: 1
+
+      - name: Find already existing issue
+        id: find-issue
+        if: ${{ always() }}
+        run: |
+          echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title "Trivy Vulnerability Report"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Close issue if everything is fine
+        if: ${{ success() && steps.find-issue.outputs.number != '' }}
+        run: gh issue close -r 'not planned' ${{ steps.find-issue.outputs.number }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Reformat report
+        if: ${{ failure() && steps.scan_relevant.conclusion == 'failure' }}
+        run: |
+          echo 'Trivy reported vulnerabilities that should be addressed:' > reported.md
+          echo '```' >> reported.md
+          cat reported.txt >> reported.md
+          echo '```' >> reported.md
+          cat reported.md
+
+      - name: Create Issue From File
+        if: ${{ failure() && steps.scan_relevant.conclusion == 'failure' }}
+        uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6
+        with:
+          issue-number: ${{ steps.find-issue.outputs.number }}
+          title: Trivy Vulnerability Report
+          content-filepath: ./reported.md
+          labels: bug, automated

.github/workflows/release.yml

@@ -4,9 +4,6 @@ on:
   push:
     branches: [ master ]
 
-env:
-  PRIMARY_MAVEN_MODULE: ${{ github.event.repository.name }}
-
 permissions:
   contents: write
   pull-requests: write
@@ -62,6 +59,7 @@ jobs:
     timeout-minutes: 10
     outputs:
       upload_url: ${{ steps.create-release.outputs.upload_url }}
+      version: ${{ steps.version.outputs.release }}
     steps:
     - uses: actions/checkout@v5
 
@@ -76,10 +74,9 @@ jobs:
     - name: Get version
       id: version
       run: |
-        version=$(../mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
+        version=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
         echo "release=$version" >> $GITHUB_OUTPUT
         echo "releasenumber=${version//[!0-9]/}" >> $GITHUB_OUTPUT
-      working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
 
     - name: Commit and Push
       run: |
@@ -101,15 +98,42 @@ jobs:
           See [Changelog#v${{ steps.version.outputs.release }}](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }}) for more information.
 
           ## Installation
+
+          ### BOM
+          Note that you can also use the [BOM](https://github.com/${{ github.repository }}/tree/develop/bom) for easier dependency management.
+
+          ### Client
+          Add the following lines to your pom:
+          ```XML
+          <dependency>
+             <groupId>software.xdev.mockserver</groupId>
+             <artifactId>client</artifactId>
+             <version>${{ steps.version.outputs.release }}</version>
+          </dependency>
+          ```
+
+          ### Testcontainers Integration
           Add the following lines to your pom:
           ```XML
           <dependency>
-             <groupId>software.xdev</groupId>
-             <artifactId>${{ env.PRIMARY_MAVEN_MODULE }}</artifactId>
+             <groupId>software.xdev.mockserver</groupId>
+             <artifactId>testcontainers</artifactId>
              <version>${{ steps.version.outputs.release }}</version>
           </dependency>
           ```
 
+          ### Standalone/Server
+
+          #### Docker
+          Download the image from
+          * [DockerHub](https://hub.docker.com/r/xdevsoftware/mockserver/tags?name=${{ steps.version.outputs.release }})
+          * [GitHub Packages (ghcr.io)](https://github.com/xdev-software/mockserver-neolight/pkgs/container/mockserver-neolight)
+
+          #### JAR
+          If you don't like to use the docker image, the executable jar is also available 
+          * at [Maven Central](https://repo1.maven.org/maven2/software/xdev/mockserver/server/${{ steps.version.outputs.release }}/server-${{ steps.version.outputs.release }}-standalone.jar)
+          * or in the release assets below
+
   publish-maven:
     runs-on: ubuntu-latest
     needs: [prepare-release]
@@ -133,13 +157,18 @@ jobs:
         gpg-passphrase: MAVEN_GPG_PASSPHRASE
         gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Only import once
 
-    - name: Publish to GitHub Packages Central
-      run: ../mvnw -B deploy -P publish -DskipTests -DaltDeploymentRepository=github-central::https://maven.pkg.github.com/xdev-software/central
-      working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
+    - name: Publish to GitHub Packages
+      run: |
+        modules=("bom")
+        dependency_management_block=$(grep -ozP '<dependencyManagement>(\r|\n|.)*<\/dependencyManagement>' 'bom/pom.xml' | tr -d '\0')
+        modules+=($(echo $dependency_management_block | grep -oP '(?<=<artifactId>)[^<]+'))
+        printf -v modules_joined '%s,' "${modules[@]}"
+        modules_arg=$(echo "${modules_joined%,}")
+        ./mvnw -B deploy -pl "$modules_arg" -am -T2C -P publish -DskipTests -DaltDeploymentRepository=github-central::https://maven.pkg.github.com/xdev-software/central
       env:
         PACKAGES_CENTRAL_TOKEN: ${{ secrets.PACKAGES_CENTRAL_TOKEN }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-
+  
     - name: Set up JDK
       uses: actions/setup-java@v5
       with: # running setup-java again overwrites the settings.xml
@@ -151,16 +180,105 @@ jobs:
         gpg-passphrase: MAVEN_GPG_PASSPHRASE
 
     - name: Publish to Central Portal
-      run: ../mvnw -B deploy -P publish,publish-sonatype-central-portal -DskipTests
+      run: |
+        modules=("bom")
+        dependency_management_block=$(grep -ozP '<dependencyManagement>(\r|\n|.)*<\/dependencyManagement>' 'bom/pom.xml' | tr -d '\0')
+        modules+=($(echo $dependency_management_block | grep -oP '(?<=<artifactId>)[^<]+'))
+        printf -v modules_joined '%s,' "${modules[@]}"
+        modules_arg=$(echo "${modules_joined%,}")
+        ./mvnw -B deploy -pl "$modules_arg" -am -T2C -P publish,publish-sonatype-central-portal -DskipTests
       env:
         MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_USERNAME }}
         MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_TOKEN }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-      working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
+    
+    - name: Upload server standalone JAR
+      uses: actions/upload-artifact@v4
+      with:
+        name: server-standalone
+        path: server/target/server-standalone.jar
+        if-no-files-found: error
+
+    - name: Upload Release assets
+      uses: shogo82148/actions-upload-release-asset@v1
+      with:
+        upload_url: ${{ needs.prepare-release.outputs.upload_url }}
+        asset_path: server/target/server-standalone.jar
+
+  publish-docker:
+    runs-on: ubuntu-latest
+    needs: [prepare-release, publish-maven]
+    timeout-minutes: 15
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+    - uses: actions/checkout@v5
+
+    - name: Init Git and pull
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "GitHub Actions"
+        git pull
+
+    - name: Download server JAR
+      uses: actions/download-artifact@v5
+      with:
+        name: server-standalone
+        path: server/target
+
+    - uses: docker/setup-qemu-action@v3
+
+    - uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    
+    - name: Login to ghcr.io
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ secrets.DOCKERHUB_USERNAME }}/mockserver
+          ghcr.io/${{ github.repository }}
+        tags: |
+          type=semver,pattern={{version}},value=${{ needs.prepare-release.outputs.version }}
+          type=semver,pattern={{major}}.{{minor}},value=${{ needs.prepare-release.outputs.version }}
+          type=semver,pattern={{major}},value=${{ needs.prepare-release.outputs.version }}
+          latest
+
+    - uses: docker/build-push-action@v6
+      id: push
+      with:
+        context: ./server
+        push: true
+        platforms: linux/amd64,linux/arm64
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        outputs: type=image,compression=zstd,force-compression=true
+
+    - name: Generate artifact attestation (ghcr.io)
+      uses: actions/attest-build-provenance@v3
+      with:
+        subject-name: ghcr.io/${{ github.repository }}
+        subject-digest: ${{ steps.push.outputs.digest }}
+        push-to-registry: true
 
   publish-pages:
     runs-on: ubuntu-latest
-    needs: [prepare-release]
+    needs: [publish-maven]
     timeout-minutes: 15
     steps:
     - uses: actions/checkout@v5
@@ -187,19 +305,28 @@ jobs:
           ${{ runner.os }}-mvn-build-
 
     - name: Build site
-      run: ../mvnw -B compile site -DskipTests -T2C
-      working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
+      run: ./mvnw -B compile site -DskipTests -T2C
+
+    - name: Aggregate site
+      run: |
+        modules=($(grep -ozP '(?<=module>)[^<]+' 'pom.xml' | tr -d '\0'))
+        for m in "${modules[@]}"
+        do
+            echo "$m/target/site -> ./target/$m"
+            mkdir -p ./target/$m
+            cp -r $m/target/site ./target/$m
+        done
 
     - name: Deploy to Github pages
       uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
-        publish_dir: ./${{ env.PRIMARY_MAVEN_MODULE }}/target/site
+        publish_dir: ./target/site
         force_orphan: true
 
   after-release:
     runs-on: ubuntu-latest
-    needs: [publish-maven]
+    needs: [publish-maven, publish-docker]
     timeout-minutes: 10
     steps:
     - uses: actions/checkout@v5