Merge branch 'develop' into feature-390-zero-downtime-sechub-deployment

.github/workflows/_build+publish-pds-solution.yml

@@ -37,10 +37,10 @@ jobs:
           echo "pds-version '${{ inputs.pds-version }}'"
 
       - name: Checkout git repository
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       - name: Docker login to ghcr.io
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -68,8 +68,10 @@ jobs:
           export OWASPZAP_VERSION
           export OWASPZAP_SHA256SUM
           export OWASPZAP_WRAPPER_VERSION
+          export PREPARE_WRAPPER_VERSION
           export PMD_VERSION
           export SCANCODE_VERSION
+          export SECRETVALIDATION_WRAPPER_VERSION
           export SPDX_TOOL_VERSION
           export TERN_VERSION
           export XRAY_WRAPPER_VERSION

.github/workflows/build+publish-all-pds-solutions.yml

@@ -62,6 +62,12 @@ jobs:
       pds-solution: owaspzap
       pds-version: ${{ inputs.pds-version }}
 
+  call_build_pds-prepare:
+    uses: mercedes-benz/sechub/.github/workflows/_build+publish-pds-solution.yml@develop
+    with:
+      pds-solution: prepare
+      pds-version: ${{ inputs.pds-version }}
+
   call_build-and-publish-pmd:
     uses: mercedes-benz/sechub/.github/workflows/_build+publish-pds-solution.yml@develop
     with:

.github/workflows/documentation-build.yml

@@ -31,24 +31,24 @@ jobs:
           fi
 
       - name: Git checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
         with:
           fetch-tags: true
           fetch-depth: 0
 
       - name: Set up JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@500e0ee5b346833ab02b5209b7c997380cb5d684
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
       - name: Set up Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
         with:
           go-version: 1.21.6
 
@@ -105,7 +105,7 @@ jobs:
       - name: Update documentation - Create pull request
         if: (inputs.publish-documentation != '') && (github.ref_name == env.ACTIONS_SECHUB_DOC_RELEASE_BRANCH)
         id: pr_release_documentation
-        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-documentation
           branch-suffix: short-commit-hash

.github/workflows/github-action-scan.yml

@@ -4,7 +4,17 @@ name: Build SecHub GHA (scan)
 on:
   push:
     branches:
-      - 'gha_*'
+      - 'develop'
+      - 'hotfix'
+      - 'main'
+      - 'master'
+    paths:
+      - '.github/workflows/github-action-scan.yml'
+      - 'github-actions/scan/**'
+  pull_request:
+    paths:
+      - '.github/workflows/github-action-scan.yml'
+      - 'github-actions/scan/**'
   # enable manual triggering of workflow
   workflow_dispatch:
 
@@ -18,12 +28,12 @@ jobs:
         working-directory: github-actions/scan
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       - name: Use Node.js
         # We do not define a dedicated node version here, we just use the default environment
         # which should be the default environment for the github actions runtime as well
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
 
       - name: Clean install
         run: npm ci 
@@ -64,7 +74,7 @@ jobs:
           key: ${{ runner.os }}-pds-${{ env.pds_version }}
 
       - name: Set up JDK 17 (to run servers)
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin

.github/workflows/gradle.yml

@@ -3,34 +3,51 @@ name: Java & Go CI
 
 on:
   push:
-    branches-ignore:
-      # We do NOT build github action development branches here (because no Java or Go code is changed)
-      - 'gha_*'
-      # We ignore everything where tag starts with v* - this is done by release build!
-    tags-ignore:
-      - v*
+    branches:
+      - 'develop'
+      - 'hotfix'
+      - 'main'
+      - 'master'
+    paths:
+      - '**'
+      - '!docs/**'
+      - '!github-actions/**'
+      - '!sechub-doc/**'
+      - '!sechub-website/**'
+      - '.github/workflows/gradle.yml'
+  pull_request:
+    paths:
+      - '**'
+      - '!docs/**'
+      - '!github-actions/**'
+      - '!sechub-doc/**'
+      - '!sechub-website/**'
+      - '.github/workflows/gradle.yml'
+
   # enable manual triggering of workflow
   workflow_dispatch:
 
 jobs:
   build:
+    # Skip run when triggered by a tag
+    if: ${{ github.ref_type != 'tag' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
       - name: Set up JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@500e0ee5b346833ab02b5209b7c997380cb5d684
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
       - name: Set up Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
         with:
           go-version: 1.21.6
 

.github/workflows/publish-libraries.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout master
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
         with:
           ref: master
       # Create temporary local tags, so we build documentation for this tag...
@@ -28,13 +28,13 @@ jobs:
 
       # Build
       - name: Set up JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@500e0ee5b346833ab02b5209b7c997380cb5d684
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 

.github/workflows/release-client-server-pds.yml

@@ -67,7 +67,7 @@ jobs:
           exit 1
 
       - name: Checkout master
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
         with:
           ref: master
           fetch-tags: true
@@ -91,18 +91,18 @@ jobs:
       # Setup + Caching
       # ----------------------
       - name: Set up JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
         with:
           java-version: 17
           distribution: temurin
 
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@500e0ee5b346833ab02b5209b7c997380cb5d684
+        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
         with:
           cache-read-only: false
 
       - name: Set up Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
         with:
           go-version: 1.21.6
 
@@ -118,7 +118,7 @@ jobs:
             ${{ runner.os }}-go-
 
       - name: Docker login to ghcr.io
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -143,7 +143,7 @@ jobs:
       - name: Create pull request for SPDX license headers
         id: pr_spdx_headers
         if: steps.apply-headers.outputs.commits != ''
-        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-spdx-headers
           branch-suffix: short-commit-hash
@@ -295,7 +295,7 @@ jobs:
       # -----------------------------------------
       - name: Create pull request for release documentation
         id: pr_release_documentation
-        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
         with:
           branch: release-documentation
           branch-suffix: short-commit-hash