Merge branch 'main' into chore/improve-oauth-test-coverage-for-named-user-caching

Author: MatKuhr

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -44,12 +44,13 @@ body:
         - Java and Maven version via `mvn --version`: ...
         - SAP Cloud SDK version: ...
         - Spring Boot or CAP version: ...
-        - <details><summary>Dependency tree via `mvn dependency:tree`</summary>
+        
+        <details><summary>Dependency tree via <code>mvn dependency:tree</code></summary>
             
-            ```
-            Dependency tree here
-            ```
-          </details>
+        ```
+        Dependency tree here
+        ```
+        </details>
     validations:
       required: true
   - type: textarea

.github/actions/workflow-succeeded/action.yaml

@@ -54,7 +54,7 @@ runs:
       run: |
         JOBS_JSON=$(gh run view "${{ steps.find-run-id.outputs.RUN_ID }}" --json jobs)
         NON_SUCCESSFUL_JOBS=$(jq -r '.jobs[] | select(.conclusion != "success" and .conclusion != "neutral")' <<< "$JOBS_JSON")
-        EXCLUDED_JOBS=$(jq -r '.[]' <<< "${{ inputs.excluded-jobs }}")
+        EXCLUDED_JOBS=$(jq -r '.[]' <<< '${{ inputs.excluded-jobs }}')
         while IFS= read -r EXCLUDED_JOB; do
           if [[ -z "$EXCLUDED_JOB" ]]; then
             continue

.github/dependabot.yaml

@@ -36,6 +36,15 @@ updates:
       - dependency-name: 'com.github.ekryd.sortpom:sortpom-maven-plugin'
       # used by deprecated code only, not worth updating for now
       - dependency-name: 'org.apache.axis2:*'
+      # Ignore problematic license versions
+      - dependency-name: 'com.sap.cloud.security:java-security'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security.xsuaa:token-client'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:java-api'
+        versions: ['3.6.1', '3.6.2']
+      - dependency-name: 'com.sap.cloud.security:env'
+        versions: ['3.6.1', '3.6.2']
 
   # archetype updates
   # Dependabot seems to be unable to handle those, so this is disabled for now

.github/workflows/blackduck.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: "Scan With Black Duck"
         uses: ./.github/actions/scan-with-blackduck
         with:
@@ -23,7 +23,7 @@ jobs:
     if: ${{ failure() && github.ref == 'refs/heads/main' }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Notify
         run: python .pipeline/scripts/notify.py
         env:

.github/workflows/cache-maven-dependencies.yaml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.MAVEN_CACHE_REF }}
 

.github/workflows/continuous-integration.yaml

@@ -1,6 +1,8 @@
 name: "Continuous Integration"
 on:
   pull_request:
+    branches: [ "*" ]
+  push:
     branches: [ "main" ]
 
   workflow_dispatch:
@@ -32,7 +34,6 @@ on:
 
 env:
   M2_ROOT: ~/.m2/repository
-  RELEASE_ARTIFACT_NAME: "release-artifacts"
   SDK_M2_NAME: "sdk-m2" # used for the installed SDK modules within the runner's maven repository
   SDK_M2_PATH: |
     ~/.m2/repository/com/sap/cloud/sdk/**
@@ -67,7 +68,11 @@ jobs:
             echo "COMMIT=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
             exit 0
           fi
-          echo "Unable to determine commit SHA as the workflow was not triggered by a pull request and the commit input was not provided"
+          if [[ "${{ github.event_name }}" == "push" ]]; then
+            echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+          echo "Unable to determine commit SHA as the workflow was not triggered by a pull request or push, and the commit input was not provided"
           exit 1
 
   check-formatting:
@@ -76,7 +81,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 
@@ -103,7 +108,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 
@@ -122,38 +127,9 @@ jobs:
 
       - name: "Build SDK"
         run: |
-          MVN_ARGS="${{ env.MVN_MULTI_THREADED_ARGS }} install -DskipTests -DskipFormatting"
-          
-          if [[ "${{ github.event.inputs.build-release-artifacts }}" == "true" ]]; then
-            echo "[DEBUG] Building release artifacts"
-            python .pipeline/scripts/generate-javadoc-sourcepath-properties.py
-            MVN_ARGS="$MVN_ARGS javadoc:aggregate -Pdocs"
-          fi
-
+          MVN_ARGS="${{ env.MVN_MULTI_THREADED_ARGS }} clean install -DskipTests -DskipFormatting"
           echo "[DEBUG] Running Maven with following arguments: $MVN_ARGS"
           mvn $MVN_ARGS
-          
-          if [[ "${{ github.event.inputs.build-release-artifacts }}" == "true" ]]; then
-            VERSION=$(cat latest.json | jq -r .version)
-            mkdir -p $HOME/.sdk-release
-          
-            PYTHON_ARGS="--version $VERSION --path-prefix $HOME/.sdk-release/${{ env.RELEASE_ARTIFACT_NAME }}"
-            if [[ "${{ github.event.inputs.sign-release-artifacts }}" == "true" ]]; then
-              echo "[DEBUG] Signing release artifacts"
-              PYTHON_ARGS="$PYTHON_ARGS --with-signing"
-            fi
-          
-            python .pipeline/scripts/generate-release-artifacts.py $PYTHON_ARGS
-          else
-            echo "[DEBUG] Skipping release artifact generation"
-          fi
-
-      - name: "Build Module Inventory"
-        run: >
-          python ./scripts/create_module_inventory_file.py 
-          --sdk-root-directory ./ 
-          --output-file ./module-inventory.json 
-          --script-config ./scripts/common/_maven_module/maven_module_reader_configuration.json
 
       - name: "Verify Local Changes"
         run: |
@@ -166,14 +142,6 @@ jobs:
               exit 1
           fi
 
-      - name: "Upload Release Artifacts"
-        if: ${{ github.event.inputs.build-release-artifacts == 'true' }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ env.RELEASE_ARTIFACT_NAME }}
-          path: ~/.sdk-release/${{ env.RELEASE_ARTIFACT_NAME }}
-          retention-days: 1
-
       - name: "Upload SDK M2"
         uses: actions/upload-artifact@v4
         with:
@@ -194,7 +162,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 
@@ -212,13 +180,13 @@ jobs:
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK M2"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK Targets"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ env.SDK_TARGETS_NAME }}
 
@@ -255,7 +223,7 @@ jobs:
     name: "Run ${{ matrix.task.name }} Analysis"
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 
@@ -273,13 +241,13 @@ jobs:
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK M2"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK Targets"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ env.SDK_TARGETS_NAME }}
 
@@ -296,7 +264,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 
@@ -357,7 +325,7 @@ jobs:
           path: ${{ env.MAVEN_CACHE_DIR }}
 
       - name: "Restore SDK M2"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.M2_ROOT }}
@@ -430,7 +398,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 
@@ -446,7 +414,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.context.outputs.commit }}
 

.github/workflows/dependabot-automerge.yaml

@@ -19,7 +19,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Approve and Merge PRs
         run: |

.github/workflows/deploy-snapshot.yaml

@@ -1,86 +1,39 @@
-name: Deploy Snapshot to Maven Central
+name: Deploy Snapshot to SAP Common Artifactory
 
 on:
   workflow_dispatch:
-    inputs:
-      skip_blackduck_scan:
-        description: "Skip Blackduck Scan"
-        type: boolean
-        default: false
-        required: false
-
-env:
-  CI_BUILD_WORKFLOW: "continuous-integration.yaml" # Name of the workflow that should be triggered for CI builds
-  RELEASE_ARTIFACT_NAME: "release-artifacts" # Name of the artifact that should be downloaded from the CI build workflow
-
-  MVN_CLI_ARGS: "--batch-mode --no-transfer-progress --fail-at-end --show-version"
+  schedule:
+    - cron: 0 20 * * 1-5
 
 jobs:
-  run-ci:
-    name: "Continuous Integration"
-    runs-on: ubuntu-latest
-    outputs:
-      ci-run-id: ${{ steps.trigger-ci.outputs.run-id }}
-    permissions:
-      actions: write # needed to trigger the ci-build workflow
-      statuses: write # needed to update the commit status
-    steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v4
-      - name: "Get Commit SHA"
-        run: echo "COMMIT_SHA=$(git rev-parse HEAD)" >> $GITHUB_ENV
-      - name: "Get Branch Name"
-        run: echo "BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_ENV
-
-      - name: "Trigger CI Workflow"
-        id: trigger-ci
-        uses: ./.github/actions/trigger-workflow
-        with:
-          workflow: ${{ env.CI_BUILD_WORKFLOW }}
-          workflow-ref: ${{ env.BRANCH_NAME }}
-          commit-sha: ${{ env.COMMIT_SHA }}
-          parameters: >
-            -f commit=${{ env.COMMIT_SHA }}
-            -f build-release-artifacts=true
-            -f run-blackduck-scan=${{ !github.event.inputs.skip_blackduck_scan }}
-
-      - name: "Await CI Workflow"
-        uses: ./.github/actions/await-workflow
-        with:
-          run-id: ${{ steps.trigger-ci.outputs.run-id }}
-          commit-status: "Continuous Integration Workflow"
-
   deploy-snapshot:
     name: Deploy Snapshot
-    needs: [ run-ci ]
     runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      actions: read # needed to download the artifacts from the ci-build workflow
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
-      - name: "Deploy Snapshot"
-        uses: ./.github/actions/deploy-snapshot
+      - name: "Setup java"
+        uses: actions/setup-java@v4
         with:
-          ci-run-id: ${{ needs.run-ci.outputs.ci-run-id }}
-          repository-url: "https://oss.sonatype.org/content/repositories/snapshots"
-          repository-username: ${{ secrets.MAVEN_CENTRAL_USER }}
-          repository-password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
-          release-artifact-name: ${{ env.RELEASE_ARTIFACT_NAME }}
-
-  notify-job:
-    runs-on: ubuntu-latest
-    needs: [ run-ci, deploy-snapshot ]
-    if: ${{ failure() && github.ref == 'refs/heads/main' }}
-    steps:
-      - name: "Checkout"
-        uses: actions/checkout@v4
-      - name: "Notify"
-        run: python .pipeline/scripts/notify.py
+          distribution: "sapmachine"
+          java-version: "17"
+          server-id: artifactory-snapshots
+          server-username: DEPLOYMENT_USER
+          server-password: DEPLOYMENT_PASS
+
+      - name: "Publish Snapshot"
+        run: >
+          mvn 
+          --batch-mode
+          --no-transfer-progress
+          --threads 1C
+          --show-version
+          -DrepositoryId=artifactory-snapshots
+          -Dmaven.compiler.showCompilationChanges
+          -Dhttp.keepAlive=false
+          clean package deploy
         env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-          WORKFLOW: ${{ github.workflow }}
-          WORKFLOW_RUN_URL: https://github.com/SAP/cloud-sdk-java/actions/runs/${{ github.run_id }}
-          BRANCH_NAME: ${{ github.ref_name }}
+          DEPLOYMENT_USER: ${{ secrets.ARTIFACTORY_COMMON_USER }}
+          DEPLOYMENT_PASS: ${{ secrets.ARTIFACTORY_COMMON_PASSWORD }}
+

.github/workflows/fosstars-report.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     name: "Security rating"
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: SAP/fosstars-rating-core-action@v1.14.0
         with:
           report-branch: fosstars-report