Merge branch 'develop'

.github/dependabot.yml

@@ -1,20 +1,33 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
  directory: "/"
  schedule:
- interval: "daily"
+ interval: "weekly"
+ groups:
+ actions-minor:
+ update-types:
+ - "minor"
+ - "patch"
 
  # Maintain dependencies for maven
- - package-ecosystem: "maven" 
- directory: "/" 
- target-branch: dev
+ - package-ecosystem: "maven"
+ directory: "/"
  schedule:
- interval: "daily"
+ interval: "weekly"
+ groups:
+ development-dependencies:
+ dependency-type: "development"
+ github:
+ patterns:
+ - "*github*"
+ squareup:
+ patterns:
+ - "*squareup*"
+ jackson:
+ patterns:
+ - "*jackson*"
+ maven-plugins:
+ patterns:
+ - "*org.apache.maven.plugins*"

.github/workflows/_reusable_build.yml

@@ -0,0 +1,94 @@
+name: workflow-build
+
+on:
+ workflow_call: 
+ inputs:
+ ossrh-publication:
+ type: boolean
+ default: false
+ secrets:
+ KSM_CONFIG:
+ required: true
+
+jobs:
+
+ build:
+ runs-on: ubuntu-22.04
+ steps:
+ - uses: actions/checkout@v4
+
+ - uses: Keeper-Security/ksm-action@v1
+ with:
+ keeper-secret-config: ${{ secrets.KSM_CONFIG }}
+ secrets: |
+ ${{ vars.KEEPER_SONARCLOUD_RECORD_ID }}/field/password > env:SONAR_TOKEN
+ ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME
+ ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD
+ ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/login > env:GPG_KEYNAME
+ ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY
+ ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE
+ ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/login > env:JFROG_USER
+ ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/password > env:JFROG_TOKEN
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: temurin
+ cache: maven
+ server-id: ossrh
+ server-username: MAVEN_USERNAME
+ server-password: MAVEN_PASSWORD
+ gpg-private-key: ${{ env.GPG_PRIVATE_KEY }}
+ gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+ - uses: docker/login-action@v3
+ with:
+ registry: ${{ vars.BONITASOFT_DOCKER_REGISTRY }}
+ username: ${{ env.JFROG_USER }}
+ password: ${{ env.JFROG_TOKEN }}
+
+ - name: Compile and test project
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+ run: ./mvnw -B -ntp clean verify sonar:sonar -Dsonar.scanner.force-deprecated-java-version=true -Dbonita.image=${{ vars.BONITASOFT_DOCKER_REGISTRY }}/${{ vars.DOCKER_SNAPSHOTS_REPOSITORY }}/bonita-community:10.2-SNAPSHOT
+
+ # Build and Push snapshots to maven central
+ - name: Deploy snapshots to Maven central
+ if: ${{ inputs.ossrh-publication }}
+ run: ./mvnw -B -ntp deploy -DskipTests=true -Pdeploy
+
+ test-supported-versions:
+ runs-on: ubuntu-22.04
+ strategy:
+ matrix:
+ bonita-version: 
+ - '7.15.0'
+ - '8.0.0'
+ - '9.0.0'
+ - '10.0.0'
+ - '10.1.0'
+ steps:
+ - uses: actions/checkout@v4
+ - uses: Keeper-Security/ksm-action@v1
+ with:
+ keeper-secret-config: ${{ secrets.KSM_CONFIG }}
+ secrets: |
+ ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/login > env:JFROG_USER
+ ${{ vars.KEEPER_JFROG_RECORD_ID }}/field/password > env:JFROG_TOKEN
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: temurin
+ cache: maven
+
+ - uses: docker/login-action@v3
+ with:
+ registry: ${{ vars.BONITASOFT_DOCKER_REGISTRY }}
+ username: ${{ env.JFROG_USER }}
+ password: ${{ env.JFROG_TOKEN }}
+
+ - name: ${{ matrix.bonita-version }} Integration tests
+ run: ./mvnw -B -ntp verify -Dbonita.image=${{ vars.BONITASOFT_DOCKER_REGISTRY }}/${{ vars.INTERNAL_DOCKER_REPOSITORY_RELEASE }}/bonita-community:${{ matrix.bonita-version }}

.github/workflows/build.yml

@@ -0,0 +1,21 @@
+name: Continuous Integration
+
+on:
+ push:
+ branches:
+ - develop
+ - release/*
+ - support/*
+ paths-ignore:
+ - "README.adoc"
+ - "CHANGELOG.adoc"
+ - ".github/**"
+ - "!.github/workflows/build.yml"
+ - "!.github/workflows/_reusable_build.yml"
+
+jobs:
+ build:
+ uses: ./.github/workflows/_reusable_build.yml
+ with:
+ ossrh-publication: true
+ secrets: inherit

.github/workflows/build_pr.yml

@@ -0,0 +1,21 @@
+name: Build Pull Request
+
+on:
+ pull_request:
+ branches:
+ - develop
+ - release/*
+ - support/*
+ paths-ignore:
+ - "README.adoc"
+ - "CHANGELOG.adoc"
+ - ".github/**"
+ - "!.github/workflows/build_pr.yml"
+ - "!.github/workflows/_reusable_build.yml"
+
+jobs:
+ build:
+ uses: ./.github/workflows/_reusable_build.yml
+ with:
+ ossrh-publication: false
+ secrets: inherit

.github/workflows/codeql-analysis.yml

@@ -14,10 +14,10 @@ name: "CodeQL"
 
 on:
  push:
- branches: [ dev ]
+ branches: [ develop ]
  pull_request:
  # The branches below must be a subset of the branches above
- branches: [ dev ]
+ branches: [ develop ]
  schedule:
  - cron: '15 8 * * 4'
 
@@ -36,11 +36,11 @@ jobs:
 
  steps:
  - name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
  with:
  languages: ${{ matrix.language }}
  # If you wish to specify custom queries, you can do so here or in a config file.
@@ -49,15 +49,15 @@ jobs:
  # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
  - name: Setup Java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
  with:
- java-version: 11
+ java-version: 17
  distribution: temurin
 
  # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  # If this step fails, then you should remove it and run the build manually (see below)
  - name: Autobuild
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@v3
 
  # ℹ️ Command-line programs to run using the OS shell.
  # 📚 https://git.io/JvXDl
@@ -71,4 +71,4 @@ jobs:
  # make release
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3

.github/workflows/publish.yml

@@ -0,0 +1,43 @@
+name: Publish
+
+on:
+ workflow_dispatch:
+ inputs:
+ tag:
+ description: "Tag to publish"
+ type: string
+ required: true
+ default: "x.y.z"
+
+jobs:
+ build:
+ name: Publication pipeline
+ runs-on: ubuntu-22.04
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ github.event.inputs.tag }}
+
+ - uses: Keeper-Security/ksm-action@v1
+ with:
+ keeper-secret-config: ${{ secrets.KSM_CONFIG }}
+ secrets: |
+ ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME
+ ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD
+ ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY
+ ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: "temurin"
+ java-version: 17
+ server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+ server-username: MAVEN_USERNAME # env variable for username in deploy
+ server-password: MAVEN_PASSWORD
+ gpg-passphrase: MAVEN_GPG_PASSPHRASE
+ gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+
+ - name: Publish tag
+ run: ./mvnw -ntp --batch-mode deploy -Pdeploy

.github/workflows/release.yml

@@ -0,0 +1,43 @@
+name: Release
+
+on:
+ workflow_dispatch:
+ inputs:
+ version:
+ description: Version to release (leave empty to use pom version)
+ type: string
+ default: ""
+ required: false
+ nextVersion:
+ description: "Next development version (leave empty to use default version incrementation policy)"
+ type: string
+ required: false
+ default: ""
+ skipMergeReleaseInMaster:
+ description: "Skip merge into master (major/minor version only should be merged)"
+ type: boolean
+ required: false
+ default: false
+
+jobs:
+ build:
+ name: Release pipeline
+ runs-on: ubuntu-22.04
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: "0"
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: "temurin"
+ java-version: 17
+
+ - uses: bonitasoft/git-setup-action@v1
+ with:
+ keeper-secret-config: ${{ secrets.KSM_CONFIG }}
+
+ - name: Create Release
+ run: ./mvnw -ntp --batch-mode -Dstyle.color=always gitflow:release -DgitFlowConfig.developmentBranch=${{ github.ref_name }} -DdevelopmentVersion=${{ github.event.inputs.nextVersion }} -DreleaseVersion=${{ github.event.inputs.version }} -DskipReleaseMergeProdBranch=${{ github.event.inputs.skipMergeReleaseInMaster }} -Dverbose