Feature/sb 32 postfix

.circleci/config.yml

@@ -9,7 +9,7 @@ jobs: # a collection of steps
       # Configure the JVMto avoid OOM errors
       _JAVA_OPTIONS: "-Xmx3g"
     docker: # run the steps with Docker
-      - image: circleci/openjdk:11.0.3-jdk-stretch
+      - image: circleci/openjdk:17.0.1-jdk-buster
 
     steps:
       - add_ssh_keys:

.github/dependabot.yml

@@ -1,27 +1,22 @@
 version: 2
 updates:
-- package-ecosystem: maven
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: io.projectreactor.tools:blockhound
-    versions:
-    - 1.0.5.RELEASE
-  - dependency-name: org.springframework.boot:spring-boot-dependencies
-    versions:
-    - 2.4.2
-    - 2.4.3
-    - 2.4.4
-  - dependency-name: org.openjdk.jmh:jmh-generator-annprocess
-    versions:
-    - "1.27"
-    - "1.28"
-  - dependency-name: org.openjdk.jmh:jmh-core
-    versions:
-    - "1.27"
-    - "1.28"
-  - dependency-name: org.springframework.cloud:spring-cloud-dependencies
-    versions:
-    - Hoxton.SR10
+  - package-ecosystem: "maven"
+    directory: "/"
+    target-branch: "develop"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 50
+    ignore:
+      - dependency-name: "com.amazonaws:*"
+        update-types: ["version-update:semver-patch"]
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: "develop"
+    labels:
+      - "housekeeping"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/labeler.yml

@@ -0,0 +1,2 @@
+"documentation":
+  - /**/*.adoc

.github/release-drafter.yml

@@ -0,0 +1,34 @@
+name-template: $NEXT_PATCH_VERSION
+tag-template: $NEXT_PATCH_VERSION
+
+template: |
+  # Changes
+  $CHANGES
+
+# --------
+# NOTE: When adding new labels please also update required-labels.yml workflow.
+# --------
+categories:
+  - title: 💣️ Breaking changes
+    label: breaking-change
+
+  - title: 🚀 Features & Enhancements
+    labels:
+      - feature
+      - enhancement
+
+  - title: 🐞 Fixes
+    label: bug
+
+  - title: 📁 Java Dependencies updates
+    label: dependencies
+
+  - title: 📁 Docker images updates
+    label: docker-update-images
+
+  - title: 📖 Documentation
+    label: documentation
+
+  - title: 🏡 Housekeeping
+    label: housekeeping
+

.github/workflows/changelog-release-drafter.yml

@@ -0,0 +1,14 @@
+name: Changelog Release Drafter
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,27 @@
+name: "Trivy"
+
+on:
+  schedule:
+    - cron: '24 10 * * 5'
+
+jobs:
+  build:
+    name: Trivy vulnerability scanner
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/labeler.yml

@@ -0,0 +1,14 @@
+name: "Pull Request Auto Labeler"
+on:
+  - pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/labeler@v4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/maven.yml

@@ -0,0 +1,39 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+    branches:
+      - develop
+
+jobs:
+  build-jdk17:
+    runs-on: ubuntu-latest
+    name: Build project
+    concurrency:
+      # The commit SHA or the branch name of the pull request. See: https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions
+      group: ${{ github.event_name == 'pull_request' && github.head_ref || github.sha}}
+      cancel-in-progress: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+      - name: Build with Maven
+        run: ./mvnw -version && whoami && umask -S && umask a+rw && umask -S && ./mvnw clean verify -P docker-clean -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.count=3 --no-snapshot-updates --batch-mode --no-transfer-progress

.github/workflows/release.yml

@@ -0,0 +1,47 @@
+name: Publish to the Maven Central Repository
+
+on:
+  release:
+    types: [ published ]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{github.event.release.target_commitish}}
+          token: ${{ secrets.RELEASE_PERSONAL_ACCESS_TOKEN }}
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+          cache: 'maven'
+
+      - name: Update version
+        if: ${{ success() }}
+        run: ./mvnw --batch-mode --no-transfer-progress versions:set -DnewVersion=${{github.event.release.tag_name}} versions:commit
+
+      - name: Publish to the Maven Central Repository
+        if: ${{ success() }}
+        run: ./mvnw --batch-mode --no-transfer-progress -Dgib.disable=true -P ossrh -DskipTests deploy
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Commit & Push changes
+        if: ${{ success() }}
+        uses: actions-js/push@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          message: 'Release ${{github.event.release.tag_name}}'
+          branch: ${{ github.event.release.target_commitish }}

.github/workflows/renovate.yml

@@ -0,0 +1,39 @@
+name: Renovate for update docker images
+
+on:
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: "Dry-Run"
+        default: false
+        required: false
+        type: boolean
+      logLevel:
+        description: "Log-Level"
+        required: false
+        default: 'debug'
+        type: choice
+        options:
+          - info
+          - warn
+          - debug
+          - error
+          - fatal
+    schedule:
+      - cron: '0 8 * * *'
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/[email protected]
+        with:
+          configurationFile: .github/renovate/renovate.json
+          token: ${{ secrets.RELEASE_PERSONAL_ACCESS_TOKEN }}
+        env:
+          DRY_RUN: ${{ inputs.dryRun || 'false' }}
+          LOG_LEVEL: ${{ inputs.logLevel || 'debug' }}

.github/workflows/required-labels.yml

@@ -0,0 +1,16 @@
+#  https://github.com/mheap/github-action-required-labels
+name: Pull Request Required Labels
+on:
+  pull_request:
+    types: [ opened, labeled, unlabeled, synchronize ]
+jobs:
+  label:
+    if: github.event.pull_request.state == 'open'
+    runs-on: ubuntu-latest
+    name: Verify Pull Request has labels
+    steps:
+      - uses: mheap/github-action-required-labels@v5
+        with:
+          mode: minimum
+          count: 1
+          labels: "breaking-change, feature, enhancement, bug, dependencies, documentation, housekeeping"