From 00af9fd828a7713cf908fe3756597d5665e81965 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Mon, 22 Sep 2025 13:59:42 +0100 Subject: [PATCH] Delete .github/workflows directory --- .../workflows/PR-Demo-Comment-with-react.yml | 320 ------------------ .github/workflows/PR-Demo-cleanup.yml | 59 ---- .github/workflows/auto-labeler.yml | 27 -- .github/workflows/build.yml | 145 -------- .github/workflows/check_properties.yml | 250 -------------- .github/workflows/codeql.yml-disabled | 79 ----- .github/workflows/dependency-review.yml | 27 -- .github/workflows/file_hash_generation.yml | 203 ----------- .github/workflows/licenses-update.yml | 92 ----- .github/workflows/manage-label.yml | 30 -- .github/workflows/multiOSReleases.yml | 314 ----------------- .github/workflows/pre_commit.yml | 80 ----- .github/workflows/push-docker.yml | 195 ----------- .github/workflows/releaseArtifacts.yml | 180 ---------- .github/workflows/scorecards.yml | 79 ----- .github/workflows/sonarqube.yml | 63 ---- .github/workflows/stale.yml | 40 --- .github/workflows/swagger.yml | 49 --- .github/workflows/sync_files.yml | 145 -------- .github/workflows/testdriver.yml | 154 --------- 20 files changed, 2531 deletions(-) delete mode 100644 .github/workflows/PR-Demo-Comment-with-react.yml delete mode 100644 .github/workflows/PR-Demo-cleanup.yml delete mode 100644 .github/workflows/auto-labeler.yml delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/check_properties.yml delete mode 100644 .github/workflows/codeql.yml-disabled delete mode 100644 .github/workflows/dependency-review.yml delete mode 100644 .github/workflows/file_hash_generation.yml delete mode 100644 .github/workflows/licenses-update.yml delete mode 100644 .github/workflows/manage-label.yml delete mode 100644 .github/workflows/multiOSReleases.yml delete mode 100644 .github/workflows/pre_commit.yml delete mode 100644 .github/workflows/push-docker.yml delete mode 100644 .github/workflows/releaseArtifacts.yml delete mode 100644 .github/workflows/scorecards.yml delete mode 100644 .github/workflows/sonarqube.yml delete mode 100644 .github/workflows/stale.yml delete mode 100644 .github/workflows/swagger.yml delete mode 100644 .github/workflows/sync_files.yml delete mode 100644 .github/workflows/testdriver.yml diff --git a/.github/workflows/PR-Demo-Comment-with-react.yml b/.github/workflows/PR-Demo-Comment-with-react.yml deleted file mode 100644 index fb196ca3a..000000000 --- a/.github/workflows/PR-Demo-Comment-with-react.yml +++ /dev/null @@ -1,320 +0,0 @@ -name: PR Deployment via Comment - -on: - issue_comment: - types: [created] - -permissions: - contents: read - issues: write # Required for adding reactions to comments - pull-requests: read # Required for reading PR information - -jobs: - check-comment: - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: read - if: | - github.event.issue.pull_request && - ( - contains(github.event.comment.body, 'prdeploy') || - contains(github.event.comment.body, 'deploypr') - ) - && - ( - github.event.comment.user.login == 'frooodle' || - github.event.comment.user.login == 'sf298' || - github.event.comment.user.login == 'Ludy87' || - github.event.comment.user.login == 'LaserKaspar' || - github.event.comment.user.login == 'sbplat' || - github.event.comment.user.login == 'reecebrowne' || - github.event.comment.user.login == 'DarioGii' || - github.event.comment.user.login == 'ConnorYoh' - ) - outputs: - pr_number: ${{ steps.get-pr.outputs.pr_number }} - pr_repository: ${{ steps.get-pr-info.outputs.repository }} - pr_ref: ${{ steps.get-pr-info.outputs.ref }} - comment_id: ${{ github.event.comment.id }} - enable_security: ${{ steps.check-security-flag.outputs.enable_security }} - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - # Generate GitHub App token - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 - with: - app-id: ${{ secrets.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - - - name: Get PR data - id: get-pr - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const prNumber = context.payload.issue.number; - console.log(`PR Number: ${prNumber}`); - core.setOutput('pr_number', prNumber); - - - name: Get PR repository and ref - id: get-pr-info - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { owner, repo } = context.repo; - const prNumber = context.payload.issue.number; - - const { data: pr } = await github.rest.pulls.get({ - owner, - repo, - pull_number: prNumber, - }); - - // For forks, use the full repository name, for internal PRs use the current repo - const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`; - - console.log(`PR Repository: ${repository}`); - console.log(`PR Branch: ${pr.head.ref}`); - - core.setOutput('repository', repository); - core.setOutput('ref', pr.head.ref); - - - name: Check for security/login flag - id: check-security-flag - env: - COMMENT_BODY: ${{ github.event.comment.body }} - run: | - if [[ "$COMMENT_BODY" == *"security"* ]] || [[ "$COMMENT_BODY" == *"login"* ]]; then - echo "Security flags detected in comment" - echo "enable_security=true" >> $GITHUB_OUTPUT - else - echo "No security flags detected in comment" - echo "enable_security=false" >> $GITHUB_OUTPUT - fi - - - name: Add 'in_progress' reaction to comment - id: add-eyes-reaction - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ steps.generate-token.outputs.token }} - script: | - console.log(`Adding eyes reaction to comment ID: ${context.payload.comment.id}`); - try { - const { data: reaction } = await github.rest.reactions.createForIssueComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: context.payload.comment.id, - content: 'eyes' - }); - console.log(`Added reaction with ID: ${reaction.id}`); - return { success: true, id: reaction.id }; - } catch (error) { - console.error(`Failed to add reaction: ${error.message}`); - console.error(error); - return { success: false, error: error.message }; - } - - deploy-pr: - needs: check-comment - runs-on: ubuntu-latest - permissions: - contents: read - issues: write - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 - with: - app-id: ${{ secrets.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - - - name: Checkout PR - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - repository: ${{ needs.check-comment.outputs.pr_repository }} - ref: ${{ needs.check-comment.outputs.pr_ref }} - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up JDK - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "temurin" - - - name: Run Gradle Command - run: | - if [ "${{ needs.check-comment.outputs.enable_security }}" == "true" ]; then - export DOCKER_ENABLE_SECURITY=true - else - export DOCKER_ENABLE_SECURITY=false - fi - ./gradlew clean build - env: - STIRLING_PDF_DESKTOP_UI: false - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - - name: Get version number - id: versionNumber - run: | - VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}') - echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT - - - name: Login to Docker Hub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_API }} - - - name: Build and push PR-specific image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 - with: - context: . - file: ./Dockerfile - push: true - tags: ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ needs.check-comment.outputs.pr_number }} - build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} - platforms: linux/amd64 - - - name: Set up SSH - run: | - mkdir -p ~/.ssh/ - echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key - sudo chmod 600 ../private.key - - - name: Deploy to VPS - id: deploy - run: | - # Set security settings based on flags - if [ "${{ needs.check-comment.outputs.enable_security }}" == "true" ]; then - DOCKER_SECURITY="true" - LOGIN_SECURITY="true" - SECURITY_STATUS="🔒 Security Enabled" - else - DOCKER_SECURITY="false" - LOGIN_SECURITY="false" - SECURITY_STATUS="Security Disabled" - fi - - # First create the docker-compose content locally - cat > docker-compose.yml << EOF - version: '3.3' - services: - stirling-pdf: - container_name: stirling-pdf-pr-${{ needs.check-comment.outputs.pr_number }} - image: ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ needs.check-comment.outputs.pr_number }} - ports: - - "${{ needs.check-comment.outputs.pr_number }}:8080" - volumes: - - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/data:/usr/share/tessdata:rw - - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/config:/configs:rw - - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/logs:/logs:rw - environment: - DOCKER_ENABLE_SECURITY: "${DOCKER_SECURITY}" - SECURITY_ENABLELOGIN: "${LOGIN_SECURITY}" - SYSTEM_DEFAULTLOCALE: en-GB - UI_APPNAME: "Stirling-PDF PR#${{ needs.check-comment.outputs.pr_number }}" - UI_HOMEDESCRIPTION: "PR#${{ needs.check-comment.outputs.pr_number }} for Stirling-PDF Latest" - UI_APPNAMENAVBAR: "PR#${{ needs.check-comment.outputs.pr_number }}" - SYSTEM_MAXFILESIZE: "100" - METRICS_ENABLED: "true" - SYSTEM_GOOGLEVISIBILITY: "false" - restart: on-failure:5 - EOF - - # Then copy the file and execute commands - scp -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null docker-compose.yml ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }}:/tmp/docker-compose.yml - - ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << ENDSSH - # Create PR-specific directories - mkdir -p /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/{data,config,logs} - - # Move docker-compose file to correct location - mv /tmp/docker-compose.yml /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/docker-compose.yml - - # Start or restart the container - cd /stirling/PR-${{ needs.check-comment.outputs.pr_number }} - docker-compose pull - docker-compose up -d - ENDSSH - - # Set output for use in PR comment - echo "security_status=${SECURITY_STATUS}" >> $GITHUB_ENV - - - name: Add success reaction to comment - if: success() - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ steps.generate-token.outputs.token }} - script: | - console.log(`Adding rocket reaction to comment ID: ${{ needs.check-comment.outputs.comment_id }}`); - try { - const { data: reaction } = await github.rest.reactions.createForIssueComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: ${{ needs.check-comment.outputs.comment_id }}, - content: 'rocket' - }); - console.log(`Added rocket reaction with ID: ${reaction.id}`); - } catch (error) { - console.error(`Failed to add reaction: ${error.message}`); - console.error(error); - } - - - name: Add failure reaction to comment - if: failure() - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ steps.generate-token.outputs.token }} - script: | - console.log(`Adding -1 reaction to comment ID: ${{ needs.check-comment.outputs.comment_id }}`); - try { - const { data: reaction } = await github.rest.reactions.createForIssueComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: ${{ needs.check-comment.outputs.comment_id }}, - content: '-1' - }); - console.log(`Added -1 reaction with ID: ${reaction.id}`); - } catch (error) { - console.error(`Failed to add reaction: ${error.message}`); - console.error(error); - } - - - name: Post deployment URL to PR - if: success() - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ steps.generate-token.outputs.token }} - script: | - const { GITHUB_REPOSITORY } = process.env; - const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/'); - const prNumber = ${{ needs.check-comment.outputs.pr_number }}; - const securityStatus = process.env.security_status || "Security Disabled"; - - const deploymentUrl = `http://${{ secrets.VPS_HOST }}:${prNumber}`; - const commentBody = `## 🚀 PR Test Deployment\n\n` + - `Your PR has been deployed for testing!\n\n` + - `🔗 **Test URL:** [${deploymentUrl}](${deploymentUrl})\n` + - `${securityStatus}\n\n` + - `This deployment will be automatically cleaned up when the PR is closed.\n\n`; - - await github.rest.issues.createComment({ - owner: repoOwner, - repo: repoName, - issue_number: prNumber, - body: commentBody - }); diff --git a/.github/workflows/PR-Demo-cleanup.yml b/.github/workflows/PR-Demo-cleanup.yml deleted file mode 100644 index bcb547588..000000000 --- a/.github/workflows/PR-Demo-cleanup.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: PR Deployment cleanup - -on: - pull_request: - types: [opened, synchronize, reopened, closed] - -permissions: - contents: read - -env: - SERVER_IP: ${{ secrets.VPS_IP }} # Add this to your GitHub secrets - CLEANUP_PERFORMED: "false" # Add flag to track if cleanup occurred - -jobs: - cleanup: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - if: github.event.action == 'closed' - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Set up SSH - run: | - mkdir -p ~/.ssh/ - echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key - sudo chmod 600 ../private.key - - - name: Cleanup PR deployment - id: cleanup - run: | - ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH' - if [ -d "/stirling/PR-${{ github.event.pull_request.number }}" ]; then - echo "Found PR directory, proceeding with cleanup..." - - # Stop and remove containers - cd /stirling/PR-${{ github.event.pull_request.number }} - docker-compose down || true - - # Go back to root before removal - cd / - - # Remove PR-specific directories - rm -rf /stirling/PR-${{ github.event.pull_request.number }} - - # Remove the Docker image - docker rmi --no-prune ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ github.event.pull_request.number }} || true - - echo "PERFORMED_CLEANUP" - else - echo "PR directory not found, nothing to clean up" - echo "NO_CLEANUP_NEEDED" - fi - ENDSSH diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml deleted file mode 100644 index 2bd50d8d4..000000000 --- a/.github/workflows/auto-labeler.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: "Pull Request Labeler" -on: - pull_request_target: - types: [opened, synchronize] - -permissions: - contents: read - -jobs: - labeler: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Apply Labels - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - configuration-path: .github/labeler-config.yml - sync-labels: true diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 238773596..000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: Build repo - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - - permissions: - actions: read - security-events: write - - strategy: - fail-fast: false - matrix: - jdk-version: [17, 21] - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK ${{ matrix.jdk-version }} - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: ${{ matrix.jdk-version }} - distribution: "temurin" - - - name: Build with Gradle and no spring security - run: ./gradlew clean build - env: - DOCKER_ENABLE_SECURITY: false - - - name: Build with Gradle and with spring security - run: ./gradlew clean build - env: - DOCKER_ENABLE_SECURITY: true - - - name: Upload Test Reports - if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: test-reports-jdk-${{ matrix.jdk-version }} - path: | - build/reports/tests/ - build/test-results/ - build/reports/problems/ - retention-days: 3 - - check-licence: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 17 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "adopt" - - - name: check the licenses for compatibility - run: ./gradlew clean checkLicense - - - name: FAILED - check the licenses for compatibility - if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: dependencies-without-allowed-license.json - path: | - build/reports/dependency-license/dependencies-without-allowed-license.json - retention-days: 3 - - docker-compose-tests: - # if: github.event_name == 'push' && github.ref == 'refs/heads/main' || - # (github.event_name == 'pull_request' && - # contains(github.event.pull_request.labels.*.name, 'licenses') == false && - # ( - # contains(github.event.pull_request.labels.*.name, 'Front End') || - # contains(github.event.pull_request.labels.*.name, 'Java') || - # contains(github.event.pull_request.labels.*.name, 'Back End') || - # contains(github.event.pull_request.labels.*.name, 'Security') || - # contains(github.event.pull_request.labels.*.name, 'API') || - # contains(github.event.pull_request.labels.*.name, 'Docker') || - # contains(github.event.pull_request.labels.*.name, 'Test') - # ) - # ) - - runs-on: ubuntu-latest - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up Java 17 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "adopt" - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - - name: Install Docker Compose - run: | - sudo curl -SL "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - sudo chmod +x /usr/local/bin/docker-compose - - - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 - with: - python-version: "3.12" - cache: 'pip' # caching pip dependencies - - - name: Pip requirements - run: | - pip install --require-hashes -r ./testing/cucumber/requirements.txt - - - name: Run Docker Compose Tests - run: | - chmod +x ./testing/test_webpages.sh - chmod +x ./testing/test.sh - chmod +x ./testing/test_disabledEndpoints.sh - ./testing/test.sh diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml deleted file mode 100644 index 84531e094..000000000 --- a/.github/workflows/check_properties.yml +++ /dev/null @@ -1,250 +0,0 @@ -name: Check Properties Files on PR - -on: - pull_request_target: - types: [opened, synchronize, reopened] - paths: - - "src/main/resources/messages_*.properties" - -permissions: - contents: read # Allow read access to repository content - -jobs: - check-files: - if: github.event_name == 'pull_request_target' - runs-on: ubuntu-latest - permissions: - issues: write # Allow posting comments on issues/PRs - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Checkout main branch first - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 - with: - python-version: "3.12" - - - name: Get PR data - id: get-pr-data - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const prNumber = context.payload.pull_request.number; - const repoOwner = context.payload.repository.owner.login; - const repoName = context.payload.repository.name; - const branch = context.payload.pull_request.head.ref; - - console.log(`PR Number: ${prNumber}`); - console.log(`Repo Owner: ${repoOwner}`); - console.log(`Repo Name: ${repoName}`); - console.log(`Branch: ${branch}`); - - core.setOutput("pr_number", prNumber); - core.setOutput("repo_owner", repoOwner); - core.setOutput("repo_name", repoName); - core.setOutput("branch", branch); - continue-on-error: true - - - name: Fetch PR changed files - id: fetch-pr-changes - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "Fetching PR changed files..." - echo "Getting list of changed files from PR..." - gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt # Filter only matching property files - - - name: Determine reference file test - id: determine-file - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const fs = require("fs"); - const path = require("path"); - - const prNumber = ${{ steps.get-pr-data.outputs.pr_number }}; - const repoOwner = "${{ steps.get-pr-data.outputs.repo_owner }}"; - const repoName = "${{ steps.get-pr-data.outputs.repo_name }}"; - - const prRepoOwner = "${{ github.event.pull_request.head.repo.owner.login }}"; - const prRepoName = "${{ github.event.pull_request.head.repo.name }}"; - const branch = "${{ steps.get-pr-data.outputs.branch }}"; - - console.log(`Determining reference file for PR #${prNumber}`); - - // Validate inputs - const validateInput = (input, regex, name) => { - if (!regex.test(input)) { - throw new Error(`Invalid ${name}: ${input}`); - } - }; - - validateInput(repoOwner, /^[a-zA-Z0-9_-]+$/, "repository owner"); - validateInput(repoName, /^[a-zA-Z0-9._-]+$/, "repository name"); - validateInput(branch, /^[a-zA-Z0-9._/-]+$/, "branch name"); - - // Get the list of changed files in the PR - const { data: files } = await github.rest.pulls.listFiles({ - owner: repoOwner, - repo: repoName, - pull_number: prNumber, - }); - - // Filter for relevant files based on the PR changes - const changedFiles = files - .map(file => file.filename) - .filter(file => /^src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file)); - - console.log("Changed files:", changedFiles); - - // Create a temporary directory for PR files - const tempDir = "pr-branch"; - if (!fs.existsSync(tempDir)) { - fs.mkdirSync(tempDir, { recursive: true }); - } - - // Download and save each changed file - for (const file of changedFiles) { - const { data: fileContent } = await github.rest.repos.getContent({ - owner: prRepoOwner, - repo: prRepoName, - path: file, - ref: branch, - }); - - const content = Buffer.from(fileContent.content, "base64").toString("utf-8"); - const filePath = path.join(tempDir, file); - const dirPath = path.dirname(filePath); - - if (!fs.existsSync(dirPath)) { - fs.mkdirSync(dirPath, { recursive: true }); - } - - fs.writeFileSync(filePath, content); - console.log(`Saved file: ${filePath}`); - } - - // Output the list of changed files for further processing - const fileList = changedFiles.join(" "); - core.exportVariable("FILES_LIST", fileList); - console.log("Files saved and listed in FILES_LIST."); - - // Determine reference file - let referenceFilePath; - if (changedFiles.includes("src/main/resources/messages_en_GB.properties")) { - console.log("Using PR branch reference file."); - const { data: fileContent } = await github.rest.repos.getContent({ - owner: prRepoOwner, - repo: prRepoName, - path: "src/main/resources/messages_en_GB.properties", - ref: branch, - }); - - referenceFilePath = "pr-branch-messages_en_GB.properties"; - const content = Buffer.from(fileContent.content, "base64").toString("utf-8"); - fs.writeFileSync(referenceFilePath, content); - } else { - console.log("Using main branch reference file."); - const { data: fileContent } = await github.rest.repos.getContent({ - owner: repoOwner, - repo: repoName, - path: "src/main/resources/messages_en_GB.properties", - ref: "main", - }); - - referenceFilePath = "main-branch-messages_en_GB.properties"; - const content = Buffer.from(fileContent.content, "base64").toString("utf-8"); - fs.writeFileSync(referenceFilePath, content); - } - - console.log(`Reference file path: ${referenceFilePath}`); - core.exportVariable("REFERENCE_FILE", referenceFilePath); - - - name: Run Python script to check files - id: run-check - run: | - echo "Running Python script to check files..." - python .github/scripts/check_language_properties.py \ - --actor ${{ github.event.pull_request.user.login }} \ - --reference-file "${REFERENCE_FILE}" \ - --branch "pr-branch" \ - --files "${FILES_LIST[@]}" > result.txt - continue-on-error: true # Continue the job even if this step fails - - - name: Capture output - id: capture-output - run: | - if [ -f result.txt ] && [ -s result.txt ]; then - echo "Test, capturing output..." - SCRIPT_OUTPUT=$(cat result.txt) - echo "SCRIPT_OUTPUT<> $GITHUB_ENV - echo "$SCRIPT_OUTPUT" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - echo "${SCRIPT_OUTPUT}" - - # Determine job failure based on script output - if [[ "$SCRIPT_OUTPUT" == *"❌"* ]]; then - echo "FAIL_JOB=true" >> $GITHUB_ENV - else - echo "FAIL_JOB=false" >> $GITHUB_ENV - fi - else - echo "No update found." - echo "SCRIPT_OUTPUT=" >> $GITHUB_ENV - echo "FAIL_JOB=false" >> $GITHUB_ENV - fi - - - name: Post comment on PR - if: env.SCRIPT_OUTPUT != '' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const { GITHUB_REPOSITORY, SCRIPT_OUTPUT } = process.env; - const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/'); - const issueNumber = context.issue.number; - - // Find existing comment - const comments = await github.rest.issues.listComments({ - owner: repoOwner, - repo: repoName, - issue_number: issueNumber - }); - - const comment = comments.data.find(c => c.body.includes("## 🚀 Translation Verification Summary")); - - // Only update or create comments by the action user - const expectedActor = "github-actions[bot]"; - - if (comment && comment.user.login === expectedActor) { - // Update existing comment - await github.rest.issues.updateComment({ - owner: repoOwner, - repo: repoName, - comment_id: comment.id, - body: `## 🚀 Translation Verification Summary\n\n\n${SCRIPT_OUTPUT}\n` - }); - console.log("Updated existing comment."); - } else if (!comment) { - // Create new comment if no existing comment is found - await github.rest.issues.createComment({ - owner: repoOwner, - repo: repoName, - issue_number: issueNumber, - body: `## 🚀 Translation Verification Summary\n\n\n${SCRIPT_OUTPUT}\n` - }); - console.log("Created new comment."); - } else { - console.log("Comment update attempt denied. Actor does not match."); - } - - - name: Fail job if errors found - if: env.FAIL_JOB == 'true' - run: | - echo "Failing the job because errors were detected." - exit 1 diff --git a/.github/workflows/codeql.yml-disabled b/.github/workflows/codeql.yml-disabled deleted file mode 100644 index ae54ec4b6..000000000 --- a/.github/workflows/codeql.yml-disabled +++ /dev/null @@ -1,79 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -#disable for now -#on: -# push: -# branches: ["main"] -# pull_request: - # The branches below must be a subset of the branches above -# branches: ["main"] -# schedule: -# - cron: "0 0 * * 1" - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["java"] - # CodeQL supports [ $supported-codeql-languages ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index 2eece92fe..000000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Request, -# surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action -name: "Dependency Review" -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: "Checkout Repository" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: "Dependency Review" - uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0 diff --git a/.github/workflows/file_hash_generation.yml b/.github/workflows/file_hash_generation.yml deleted file mode 100644 index dce072b5b..000000000 --- a/.github/workflows/file_hash_generation.yml +++ /dev/null @@ -1,203 +0,0 @@ -name: Generate Template Hashes - -on: - push: - branches: - - main - - hashs - paths: - - 'src/main/resources/templates/**' - - 'src/main/resources/static/**' - workflow_dispatch: # Allow manual triggering - -jobs: - generate-hash: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up JDK - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '17' - - - name: Calculate template hashes - id: hash - run: | - # Create a Java program to calculate hashes - cat > HashGenerator.java << 'EOF' - import java.io.File; - import java.io.FileWriter; - import java.io.IOException; - import java.nio.charset.StandardCharsets; - import java.nio.file.Files; - import java.nio.file.Path; - import java.util.ArrayList; - import java.util.Arrays; - import java.util.Collections; - import java.util.HashSet; - import java.util.List; - import java.util.Set; - import java.util.zip.CRC32; - - public class HashGenerator { - private static final String TEMPLATE_DIR = "src/main/resources/templates"; - private static final String STATIC_DIR = "src/main/resources/static"; - private static final String OUTPUT_FILE = "src/main/resources/reference-hash.json"; - - // Text file extensions that need normalization - private static final Set TEXT_EXTENSIONS = new HashSet<>(Arrays.asList( - "html", "htm", "css", "js", "txt", "md", "xml", "json", "csv", "properties" - )); - - public static void main(String[] args) throws IOException { - List entries = new ArrayList<>(); - - // Process templates directory - processDirectory(new File(TEMPLATE_DIR), entries, "templates"); - - // Process static directory - processDirectory(new File(STATIC_DIR), entries, "static"); - - // Sort entries for consistent output - Collections.sort(entries); - - // Write JSON output - writeJsonOutput(entries); - - System.out.println("Generated hashes for " + entries.size() + " files"); - } - - private static void processDirectory(File dir, List entries, String basePath) throws IOException { - if (!dir.exists() || !dir.isDirectory()) { - System.out.println("Directory not found: " + dir); - return; - } - - processFilesRecursively(dir, dir, entries, basePath); - } - - private static void processFilesRecursively(File baseDir, File currentDir, List entries, String basePath) - throws IOException { - File[] files = currentDir.listFiles(); - if (files == null) return; - - for (File file : files) { - if (file.isDirectory()) { - processFilesRecursively(baseDir, file, entries, basePath); - } else { - // Get relative path - String relativePath = baseDir.toPath().relativize(file.toPath()).toString() - .replace('\\', '/'); - String fullPath = basePath + "/" + relativePath; - - // Calculate hash - String hash = calculateFileHash(file.toPath()); - - entries.add(new FileEntry(fullPath, hash)); - System.out.println("Processed: " + fullPath + " => " + hash); - } - } - } - - private static String calculateFileHash(Path filePath) throws IOException { - String extension = getFileExtension(filePath.toString()).toLowerCase(); - boolean isTextFile = TEXT_EXTENSIONS.contains(extension); - - if (isTextFile) { - return calculateNormalizedTextFileHash(filePath); - } else { - return calculateBinaryFileHash(filePath); - } - } - - private static String calculateNormalizedTextFileHash(Path filePath) throws IOException { - byte[] content = Files.readAllBytes(filePath); - String text = new String(content, StandardCharsets.UTF_8); - - // Normalize line endings to LF (remove CRs) - text = text.replace("\r", ""); - - byte[] normalizedBytes = text.getBytes(StandardCharsets.UTF_8); - - CRC32 checksum = new CRC32(); - checksum.update(normalizedBytes, 0, normalizedBytes.length); - return String.valueOf(checksum.getValue()); - } - - private static String calculateBinaryFileHash(Path filePath) throws IOException { - byte[] content = Files.readAllBytes(filePath); - - CRC32 checksum = new CRC32(); - checksum.update(content, 0, content.length); - return String.valueOf(checksum.getValue()); - } - - private static String getFileExtension(String filename) { - int lastDot = filename.lastIndexOf('.'); - if (lastDot == -1 || lastDot == filename.length() - 1) { - return ""; - } - return filename.substring(lastDot + 1); - } - - private static void writeJsonOutput(List entries) throws IOException { - File outputFile = new File(OUTPUT_FILE); - outputFile.getParentFile().mkdirs(); - - try (FileWriter writer = new FileWriter(outputFile)) { - writer.write("{\n"); - - for (int i = 0; i < entries.size(); i++) { - FileEntry entry = entries.get(i); - writer.write(" \"" + entry.path + "\": \"" + entry.hash + "\""); - - if (i < entries.size() - 1) { - writer.write(","); - } - writer.write("\n"); - } - - writer.write("}\n"); - } - } - - // Class to represent a file and its hash - private static class FileEntry implements Comparable { - final String path; - final String hash; - - FileEntry(String path, String hash) { - this.path = path; - this.hash = hash; - } - - @Override - public int compareTo(FileEntry other) { - return path.compareTo(other.path); - } - } - } - EOF - - # Compile and run the Java program - javac HashGenerator.java - java HashGenerator - - - name: Commit and push if changed - run: | - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "GitHub Actions" - - git add src/main/resources/reference-hash.json - - # Only commit if there are changes - if git diff --staged --quiet; then - echo "No changes to commit" - else - git commit -m "Update template reference hashes [skip ci]" - git push - fi \ No newline at end of file diff --git a/.github/workflows/licenses-update.yml b/.github/workflows/licenses-update.yml deleted file mode 100644 index a86a7c945..000000000 --- a/.github/workflows/licenses-update.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: License Report Workflow - -on: - push: - branches: - - main - paths: - - "build.gradle" - -permissions: - contents: read - -jobs: - generate-license-report: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 - with: - app-id: ${{ secrets.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - - - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 17 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "adopt" - - - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - - - name: check the licenses for compatibility - run: ./gradlew clean checkLicense - - - name: FAILED - check the licenses for compatibility - if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: dependencies-without-allowed-license.json - path: | - build/reports/dependency-license/dependencies-without-allowed-license.json - retention-days: 3 - - - name: Move and Rename License File - run: | - mv build/reports/dependency-license/index.json src/main/resources/static/3rdPartyLicenses.json - - - name: Set up git config - run: | - git config --global user.name "stirlingbot[bot]" - git config --global user.email "1113334+stirlingbot[bot]@users.noreply.github.com" - - - name: Run git add - run: | - git add src/main/resources/static/3rdPartyLicenses.json - git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV - - - name: Create Pull Request - id: cpr - if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 - with: - token: ${{ steps.generate-token.outputs.token }} - commit-message: "Update 3rd Party Licenses" - committer: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>" - author: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>" - signoff: true - branch: update-3rd-party-licenses - title: "Update 3rd Party Licenses" - body: | - Auto-generated by StirlingBot - labels: licenses,github-actions - draft: false - delete-branch: true - sign-commits: true - - - name: Enable Pull Request Automerge - if: steps.cpr.outputs.pull-request-operation == 'created' - run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}" - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/manage-label.yml b/.github/workflows/manage-label.yml deleted file mode 100644 index 63a3f7b7d..000000000 --- a/.github/workflows/manage-label.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Manage labels - -on: - schedule: - - cron: "30 20 * * *" - -permissions: - contents: read - -jobs: - labeler: - name: Labeler - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Check out the repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Run Labeler - uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # v5.3.0 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - yaml-file: .github/labels.yml - skip-delete: true diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml deleted file mode 100644 index b8c463bf6..000000000 --- a/.github/workflows/multiOSReleases.yml +++ /dev/null @@ -1,314 +0,0 @@ -name: Test Installers Build - -on: - workflow_dispatch: - release: - types: [created] - inputs: - test_mode: - description: "Run in test mode (skips release step)" - required: false - default: "false" - -permissions: - contents: read - -jobs: - read_versions: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.versionNumber.outputs.versionNumber }} - versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - # Get version number - - name: Get version number - id: versionNumber - run: | - VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}') - echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT - - - name: Get version number mac - id: versionNumberMac - run: | - VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}') - CURRENT_YEAR=$(date +'%Y') - IFS='.' read -r -a VERSION_PARTS <<< "$VERSION" - MAC_VERSION="$CURRENT_YEAR.${VERSION_PARTS[1]:-0}.${VERSION_PARTS[2]:-0}" - echo "versionNumberMac=$MAC_VERSION" >> $GITHUB_OUTPUT - - build-portable: - needs: read_versions - runs-on: ubuntu-latest - strategy: - matrix: - enable_security: [true, false] - include: - - enable_security: true - file_suffix: "-with-login" - - enable_security: false - file_suffix: "" - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 21 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "21" - distribution: "temurin" - - - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - with: - gradle-version: 8.12 - - - name: Generate jar (With Security=${{ matrix.enable_security }}) - run: ./gradlew clean createExe - env: - DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }} - STIRLING_PDF_DESKTOP_UI: false - - - name: Rename binaries - run: | - mkdir ./binaries - mv ./build/launch4j/Stirling-PDF.exe ./binaries/win-Stirling-PDF-portable-Server${{ matrix.file_suffix }}.exe - mv ./build/libs/Stirling-PDF-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar - - - name: Upload build artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - retention-days: 1 - if-no-files-found: error - name: stirling${{ matrix.file_suffix }}-binaries - path: | - ./binaries/* - - sign_verify-portable: - needs: [build-portable, read_versions] - runs-on: ubuntu-latest - strategy: - matrix: - enable_security: [true, false] - include: - - enable_security: true - file_suffix: "with-login-" - - enable_security: false - file_suffix: "" - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Download build artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 - with: - name: stirling-${{ matrix.file_suffix }}binaries - - - name: Display structure of downloaded files - run: ls -R - - - name: Upload signed artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - retention-days: 1 - if-no-files-found: error - name: stirling-${{ matrix.file_suffix }}signed - path: | - ./* - !cosign.* - - build-installers: - needs: read_versions - strategy: - matrix: - include: - - os: windows-latest - platform: win- - - os: macos-latest - platform: mac- - # - os: ubuntu-latest - # platform: linux- - runs-on: ${{ matrix.os }} - permissions: - contents: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 21 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "21" - distribution: "temurin" - - - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - with: - gradle-version: 8.12 - - # Install Windows dependencies - - name: Install WiX Toolset - if: matrix.os == 'windows-latest' - run: | - curl -L -o wix.exe https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe - .\wix.exe /install /quiet - - # Build installer - - name: Build Installer - run: ./gradlew build jpackage -x test --info - env: - DOCKER_ENABLE_SECURITY: false - STIRLING_PDF_DESKTOP_UI: true - BROWSER_OPEN: true - - - name: ☕ Set up JDK (x86_64) - if: matrix.os == 'macos-latest' - run: | - curl -L -o jdk.tar.gz https://cdn.azul.com/zulu/bin/zulu17.56.15-ca-jdk17.0.14-macosx_x64.tar.gz - mkdir -p zulu17 - tar -xzf jdk.tar.gz -C zulu17 --strip-components=1 - echo "JAVA_HOME=$PWD/zulu17" >> $GITHUB_ENV - echo "$PWD/zulu17/bin" >> $GITHUB_PATH - - - name: Verify JDK architecture - if: matrix.os == 'macos-latest' - run: file $JAVA_HOME/bin/java - - - name: Build project and run jpackage (x86_64) - if: matrix.os == 'macos-latest' - run: arch -x86_64 ./gradlew jpackageMacX64 - - # Rename and collect artifacts based on OS - - name: Prepare artifacts - id: prepare - shell: bash - run: | - ls -lah ./build/jpackage/ - mkdir ./binaries - if [ "${{ matrix.os }}" = "windows-latest" ]; then - mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.version }}.exe" "./binaries/Stirling-PDF-win-installer.exe" - elif [ "${{ matrix.os }}" = "macos-latest" ]; then - mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-installer.dmg" - mv "./build/jpackage/x86_64/Stirling-PDF (x86_64)-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-x86_64-installer.dmg" - else - mv "./build/jpackage/stirling-pdf_${{ needs.read_versions.outputs.version }}-1_amd64.deb" "./binaries/Stirling-PDF-linux-installer.deb" - fi - - - name: Display structure of downloaded files - run: ls -R ./binaries - - - name: Upload build artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - retention-days: 1 - if-no-files-found: error - name: ${{ matrix.platform }}binaries - path: | - ./binaries/* - - sign_verify: - needs: [read_versions, build-installers] - strategy: - matrix: - include: - - os: windows-latest - platform: win- - - os: macos-latest - platform: mac- - # - os: ubuntu-latest - # platform: linux- - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Download build artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 - with: - name: ${{ matrix.platform }}binaries - - - name: Display structure of downloaded files - run: ls -R - - - name: Install Cosign - if: matrix.os == 'windows-latest' - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - - - name: Generate key pair - if: matrix.os == 'windows-latest' - run: cosign generate-key-pair - - - name: Sign and generate attestations - if: matrix.os == 'windows-latest' - run: | - cosign sign-blob \ - --key ./cosign.key \ - --yes \ - --output-signature ./Stirling-PDF-win-installer.exe.sig \ - ./Stirling-PDF-win-installer.exe - - cosign attest-blob \ - --predicate - \ - --key ./cosign.key \ - --yes \ - --output-attestation ./Stirling-PDF-win-installer.exe.intoto.jsonl \ - ./Stirling-PDF-win-installer.exe - - cosign verify-blob \ - --key ./cosign.pub \ - --signature ./Stirling-PDF-win-installer.exe.sig \ - ./Stirling-PDF-win-installer.exe - - - name: Display structure of downloaded files - run: ls -R - - - name: Upload signed artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - retention-days: 1 - if-no-files-found: error - name: ${{ matrix.platform }}signed - path: | - ./Stirling-PDF-${{ matrix.platform }}installer.* - ./Stirling-PDF-${{ matrix.platform }}x86_64-installer.* - !cosign.* - - create-release: - if: github.event_name != 'workflow_dispatch' || github.event.inputs.test_mode != 'true' - needs: [read_versions, sign_verify, sign_verify-portable] - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Download signed artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 - - name: Display structure of downloaded files - run: ls -R - - name: Upload binaries, attestations and signatures to Release and create GitHub Release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 - with: - tag_name: v${{ needs.read_versions.outputs.version }} - generate_release_notes: true - files: | - ./*signed/* diff --git a/.github/workflows/pre_commit.yml b/.github/workflows/pre_commit.yml deleted file mode 100644 index ad39a1b9a..000000000 --- a/.github/workflows/pre_commit.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Pre-commit - -on: - workflow_dispatch: - schedule: - - cron: "0 0 * * 1" - -permissions: - contents: read - -jobs: - pre-commit: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 - with: - app-id: ${{ secrets.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - - - name: Get GitHub App User ID - id: get-user-id - run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> $GITHUB_OUTPUT - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - - - id: committer - run: | - echo "string=${{ steps.generate-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT" - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 - with: - python-version: 3.12 - cache: 'pip' # caching pip dependencies - - name: Run Pre-Commit Hooks - run: | - pip install --require-hashes -r ./.github/scripts/requirements_pre_commit.txt - - run: pre-commit run --all-files -c .pre-commit-config.yaml - continue-on-error: true - - name: Set up git config - run: | - git config --global user.name ${{ steps.generate-token.outputs.app-slug }}[bot] - git config --global user.email "${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com" - - name: git add - run: | - git add . - git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV - - name: Create Pull Request - if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 - with: - token: ${{ steps.generate-token.outputs.token }} - commit-message: ":file_folder: pre-commit" - committer: ${{ steps.committer.outputs.string }} - author: ${{ steps.committer.outputs.string }} - signoff: true - branch: pre-commit - title: "🤖 format everything with pre-commit by <${{ steps.generate-token.outputs.app-slug }}>" - body: | - Auto-generated by [create-pull-request][1] with **${{ steps.generate-token.outputs.app-slug }}** - - [1]: https://github.com/peter-evans/create-pull-request - draft: false - delete-branch: true - labels: github-actions - sign-commits: true diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml deleted file mode 100644 index 8485a85b4..000000000 --- a/.github/workflows/push-docker.yml +++ /dev/null @@ -1,195 +0,0 @@ -name: Push Docker Image with VersionNumber - -on: - workflow_dispatch: - push: - branches: - - master - - main - -permissions: - contents: read - -jobs: - push: - runs-on: ubuntu-latest - permissions: - packages: write - id-token: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 17 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "temurin" - - - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - with: - gradle-version: 8.12 - - - name: Run Gradle Command - run: ./gradlew clean build - env: - DOCKER_ENABLE_SECURITY: false - STIRLING_PDF_DESKTOP_UI: false - - - name: Install cosign - if: github.ref == 'refs/heads/master' - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.1" - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - - name: Get version number - id: versionNumber - run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT - - - name: Login to Docker Hub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_API }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - - - name: Convert repository owner to lowercase - id: repoowner - run: echo "lowercase=$(echo ${{ github.repository_owner }} | awk '{print tolower($0)}')" >> $GITHUB_OUTPUT - - - name: Generate tags - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: | - ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/stirling-pdf - ${{ secrets.DOCKER_HUB_ORG_USERNAME }}/stirling-pdf - tags: | - type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} - - - name: Build and push main Dockerfile - id: build-push-regular - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 - with: - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} - platforms: linux/amd64,linux/arm64/v8 - provenance: true - sbom: true - - - name: Sign regular images - if: github.ref == 'refs/heads/master' - env: - DIGEST: ${{ steps.build-push-regular.outputs.digest }} - TAGS: ${{ steps.meta.outputs.tags }} - COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - run: | - echo "$TAGS" | tr ',' '\n' | while read -r tag; do - cosign sign --yes \ - --key env://COSIGN_PRIVATE_KEY \ - "${tag}@${DIGEST}" - done - - - name: Generate tags ultra-lite - id: meta2 - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - if: github.ref != 'refs/heads/main' - with: - images: | - ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/stirling-pdf - ${{ secrets.DOCKER_HUB_ORG_USERNAME }}/stirling-pdf - tags: | - type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - - - name: Build and push Dockerfile-ultra-lite - id: build-push-lite - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 - if: github.ref != 'refs/heads/main' - with: - context: . - file: ./Dockerfile.ultra-lite - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: ${{ steps.meta2.outputs.tags }} - labels: ${{ steps.meta2.outputs.labels }} - build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} - platforms: linux/amd64,linux/arm64/v8 - provenance: true - sbom: true - - - name: Generate tags fat - id: meta3 - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - if: github.ref != 'refs/heads/main' - with: - images: | - ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/stirling-pdf - ${{ secrets.DOCKER_HUB_ORG_USERNAME }}/stirling-pdf - tags: | - type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - - - name: Build and push main Dockerfile fat - id: build-push-fat - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 - if: github.ref != 'refs/heads/main' - with: - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile.fat - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: ${{ steps.meta3.outputs.tags }} - labels: ${{ steps.meta3.outputs.labels }} - build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} - platforms: linux/amd64,linux/arm64/v8 - provenance: true - sbom: true - - - name: Sign fat images - if: github.ref == 'refs/heads/master' - env: - DIGEST: ${{ steps.build-push-fat.outputs.digest }} - TAGS: ${{ steps.meta3.outputs.tags }} - COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} - COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - run: | - echo "$TAGS" | tr ',' '\n' | while read -r tag; do - cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}" - done diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml deleted file mode 100644 index 8844b3a1c..000000000 --- a/.github/workflows/releaseArtifacts.yml +++ /dev/null @@ -1,180 +0,0 @@ -name: Release Artifacts - -on: - workflow_dispatch: - release: - types: [created] - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - enable_security: [true, false] - include: - - enable_security: true - file_suffix: "-with-login" - - enable_security: false - file_suffix: "" - outputs: - version: ${{ steps.versionNumber.outputs.versionNumber }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 17 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "temurin" - - - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - with: - gradle-version: 8.12 - - - name: Generate jar (With Security=${{ matrix.enable_security }}) - run: ./gradlew clean createExe - env: - DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }} - STIRLING_PDF_DESKTOP_UI: false - - - name: Get version number - id: versionNumber - run: | - VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}') - echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT - - - name: Rename binaries - run: | - mv ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe - mv ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar - - - name: Debug build artifacts - run: | - echo "Current Directory: $(pwd)" - ls -R ./build/libs - ls -R ./build/launch4j - - - name: Upload build artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: binaries${{ matrix.file_suffix }} - path: | - ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.* - ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.* - - sign_verify: - needs: build - runs-on: ubuntu-latest - strategy: - matrix: - enable_security: [true, false] - include: - - enable_security: true - file_suffix: "-with-login" - - enable_security: false - file_suffix: "" - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Download build artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 - with: - name: binaries${{ matrix.file_suffix }} - - name: Display structure of downloaded files - run: ls -R - - - name: Install Cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - - - name: Generate key pair - run: cosign generate-key-pair - - - name: Sign and generate attestations - run: | - cosign sign-blob \ - --key ./cosign.key \ - --yes \ - --output-signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \ - ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar - - cosign attest-blob \ - --predicate - \ - --key ./cosign.key \ - --yes \ - --output-attestation ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.intoto.jsonl \ - ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar - - cosign verify-blob \ - --key ./cosign.pub \ - --signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \ - ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar - - cosign sign-blob \ - --key ./cosign.key \ - --yes \ - --output-signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \ - ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe - - cosign attest-blob \ - --predicate - \ - --key ./cosign.key \ - --yes \ - --output-attestation ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.intoto.jsonl \ - ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe - - cosign verify-blob \ - --key ./cosign.pub \ - --signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \ - ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe - - - name: Upload signed artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: signed${{ matrix.file_suffix }} - path: | - ./libs/Stirling-PDF${{ matrix.file_suffix }}.* - ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.* - - release: - needs: [build, sign_verify] - runs-on: ubuntu-latest - permissions: - contents: write - strategy: - matrix: - enable_security: [true, false] - include: - - enable_security: true - file_suffix: "-with-login" - - enable_security: false - file_suffix: "" - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Download signed artifacts - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 - with: - name: signed${{ matrix.file_suffix }} - - - name: Upload binaries, attestations and signatures to Release and create GitHub Release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 - with: - tag_name: v${{ needs.build.outputs.version }} - generate_release_notes: true - files: | - ./libs/Stirling-PDF* - ./launch4j/Stirling-PDF-Server* diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index 4e50b7325..000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,79 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: "20 7 * * 2" - push: - branches: ["main"] -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - contents: read - actions: read - # To allow GraphQL ListCommits to work - issues: read - pull-requests: read - # To detect SAST tools - checks: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 - with: - sarif_file: results.sarif diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml deleted file mode 100644 index 3220da581..000000000 --- a/.github/workflows/sonarqube.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Run Sonarqube - -on: - push: - branches: - - master - pull_request_target: - branches: - - main - workflow_dispatch: - -permissions: - pull-requests: read - actions: read - -jobs: - sonarqube: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - - - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - - - name: Build and analyze with Gradle - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - DOCKER_ENABLE_SECURITY: true - STIRLING_PDF_DESKTOP_UI: true - run: | - ./gradlew clean build sonar \ - -Dsonar.projectKey=Stirling-Tools_Stirling-PDF \ - -Dsonar.organization=stirling-tools \ - -Dsonar.host.url=https://sonarcloud.io \ - -Dsonar.login=${SONAR_TOKEN} \ - -Dsonar.log.level=DEBUG \ - --info - - - name: Upload Problems Report on Failure - if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: gradle-problems-report - path: build/reports/problems/problems-report.html - retention-days: 7 - - - name: Upload Sonar Logs on Failure - if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: sonar-logs - path: | - .scannerwork/report-task.txt - build/sonar/ - retention-days: 7 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 24375021c..000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Close stale issues - -on: - schedule: - - cron: "30 0 * * *" - workflow_dispatch: - -permissions: - contents: read - -jobs: - stale: - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: 30 days stale issues - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - days-before-stale: 30 - days-before-close: 7 - stale-issue-message: > - This issue has been automatically marked as stale because it has had no recent activity. - It will be closed if no further activity occurs. Thank you for your contributions. - close-issue-message: > - This issue has been automatically closed because it has had no recent activity after being marked as stale. - Please reopen if you need further assistance. - stale-issue-label: "Stale" - remove-stale-when-updated: true - only-issue-labels: "more-info-needed" - days-before-pr-stale: -1 # Prevents PRs from being marked as stale - days-before-pr-close: -1 # Prevents PRs from being closed - start-date: "2024-07-06T00:00:00Z" # ISO 8601 Format diff --git a/.github/workflows/swagger.yml b/.github/workflows/swagger.yml deleted file mode 100644 index cd72a2483..000000000 --- a/.github/workflows/swagger.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Update Swagger - -on: - workflow_dispatch: - push: - branches: - - master - -permissions: - contents: read - -jobs: - push: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK 17 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: "17" - distribution: "temurin" - - - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - - - name: Generate Swagger documentation - run: ./gradlew generateOpenApiDocs - - - name: Upload Swagger Documentation to SwaggerHub - run: ./gradlew swaggerhubUpload - env: - SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }} - SWAGGERHUB_USER: "Frooodle" - - - name: Get version number - id: versionNumber - run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT - - - name: Set API version as published and default on SwaggerHub - run: | - curl -X PUT -H "Authorization: ${SWAGGERHUB_API_KEY}" "https://api.swaggerhub.com/apis/${SWAGGERHUB_USER}/Stirling-PDF/${{ steps.versionNumber.outputs.versionNumber }}/settings/lifecycle" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"published\":true,\"default\":true}" - env: - SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }} - SWAGGERHUB_USER: "Frooodle" diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml deleted file mode 100644 index a47d3ee60..000000000 --- a/.github/workflows/sync_files.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: Sync Files - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - "build.gradle" - - "README.md" - - "src/main/resources/messages_*.properties" - - "src/main/resources/static/3rdPartyLicenses.json" - - "scripts/ignore_translation.toml" - -permissions: - contents: read - -jobs: - read_bot_entries: - runs-on: ubuntu-latest - outputs: - userName: ${{ steps.get-user-id.outputs.user_name }} - userEmail: ${{ steps.get-user-id.outputs.user_email }} - committer: ${{ steps.committer.outputs.committer }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 - with: - app-id: ${{ secrets.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - - - name: Get GitHub App User ID - id: get-user-id - run: | - USER_NAME="${{ steps.generate-token.outputs.app-slug }}[bot]" - USER_ID=$(gh api "/users/$USER_NAME" --jq .id) - USER_EMAIL="$USER_ID+$USER_NAME@users.noreply.github.com" - echo "user_name=$USER_NAME" >> "$GITHUB_OUTPUT" - echo "user_email=$USER_EMAIL" >> "$GITHUB_OUTPUT" - echo "user-id=$USER_ID" >> "$GITHUB_OUTPUT" - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - - - id: committer - run: | - COMMITTER="${{ steps.get-user-id.outputs.user_name }} <${{ steps.get-user-id.outputs.user_email }}>" - echo "committer=$COMMITTER" >> "$GITHUB_OUTPUT" - - sync-files: - needs: ["read_bot_entries"] - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 - with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 - with: - python-version: "3.12" - cache: 'pip' # caching pip dependencies - - - name: Sync translation property files - run: | - python .github/scripts/check_language_properties.py --reference-file "src/main/resources/messages_en_GB.properties" --branch main - - - name: Set up git config - run: | - git config --global user.name ${{ needs.read_bot_entries.outputs.userName }} - git config --global user.email ${{ needs.read_bot_entries.outputs.userEmail }} - - - name: Run git add - run: | - git add src/main/resources/messages_*.properties - git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "no changes" - - - name: Install dependencies - run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt - - - name: Sync README.md - run: | - python scripts/counter_translation.py - - - name: Run git add - run: | - git add README.md - git diff --staged --quiet || git commit -m ":memo: Sync README.md" || echo "no changes" - - - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 - with: - token: ${{ steps.generate-token.outputs.token }} - commit-message: Update files - committer: ${{ needs.read_bot_entries.outputs.committer }} - author: ${{ needs.read_bot_entries.outputs.committer }} - signoff: true - branch: sync_readme - title: ":globe_with_meridians: Sync Translations + Update README Progress Table" - body: | - ### Description of Changes - - This Pull Request was automatically generated to synchronize updates to translation files and documentation. Below are the details of the changes made: - - #### **1. Synchronization of Translation Files** - - Updated translation files (`messages_*.properties`) to reflect changes in the reference file `messages_en_GB.properties`. - - Ensured consistency and synchronization across all supported language files. - - Highlighted any missing or incomplete translations. - - #### **2. Update README.md** - - Generated the translation progress table in `README.md`. - - Added a summary of the current translation status for all supported languages. - - Included up-to-date statistics on translation coverage. - - #### **Why these changes are necessary** - - Keeps translation files aligned with the latest reference updates. - - Ensures the documentation reflects the current translation progress. - - --- - - Auto-generated by [create-pull-request][1]. - - [1]: https://github.com/peter-evans/create-pull-request - draft: false - delete-branch: true - labels: github-actions - sign-commits: true - add-paths: | - README.md - src/main/resources/messages_*.properties diff --git a/.github/workflows/testdriver.yml b/.github/workflows/testdriver.yml deleted file mode 100644 index 5986c38f4..000000000 --- a/.github/workflows/testdriver.yml +++ /dev/null @@ -1,154 +0,0 @@ -name: UI test with TestDriverAI - -on: - push: - branches: ["master", "UITest", "testdriver"] - -permissions: - contents: read - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up JDK - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: '17' - distribution: 'temurin' - - - name: Build with Gradle - run: ./gradlew clean build - env: - DOCKER_ENABLE_SECURITY: false - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - - name: Get version number - id: versionNumber - run: | - VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}') - echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT - - - name: Login to Docker Hub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_API }} - - - name: Build and push test image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 - with: - context: . - file: ./Dockerfile - push: true - tags: ${{ secrets.DOCKER_HUB_USERNAME }}/test:test-${{ github.sha }} - build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} - platforms: linux/amd64 - - - name: Set up SSH - run: | - mkdir -p ~/.ssh/ - echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key - sudo chmod 600 ../private.key - - - name: Deploy to VPS - run: | - cat > docker-compose.yml << EOF - version: '3.3' - services: - stirling-pdf: - container_name: stirling-pdf-test-${{ github.sha }} - image: ${{ secrets.DOCKER_HUB_USERNAME }}/test:test-${{ github.sha }} - ports: - - "1337:8080" - volumes: - - /stirling/test-${{ github.sha }}/data:/usr/share/tessdata:rw - - /stirling/test-${{ github.sha }}/config:/configs:rw - - /stirling/test-${{ github.sha }}/logs:/logs:rw - environment: - DOCKER_ENABLE_SECURITY: "false" - SECURITY_ENABLELOGIN: "false" - SYSTEM_DEFAULTLOCALE: en-GB - UI_APPNAME: "Stirling-PDF Test" - UI_HOMEDESCRIPTION: "Test Deployment" - UI_APPNAMENAVBAR: "Test" - SYSTEM_MAXFILESIZE: "100" - METRICS_ENABLED: "true" - SYSTEM_GOOGLEVISIBILITY: "false" - SYSTEM_ENABLEANALYTICS: "false" - restart: on-failure:5 - EOF - - scp -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null docker-compose.yml ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }}:/tmp/docker-compose.yml - - ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << EOF - mkdir -p /stirling/test-${{ github.sha }}/{data,config,logs} - mv /tmp/docker-compose.yml /stirling/test-${{ github.sha }}/docker-compose.yml - cd /stirling/test-${{ github.sha }} - docker-compose pull - docker-compose up -d - EOF - - test: - needs: deploy - runs-on: ubuntu-latest - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Run TestDriver.ai - uses: testdriverai/action@f0d0f45fdd684db628baa843fe9313f3ca3a8aa8 #1.1.3 - with: - key: ${{secrets.TESTDRIVER_API_KEY}} - prerun: | - npm install - npm run build - npm install dashcam-chrome --save - Start-Process "C:/Program Files/Google/Chrome/Application/chrome.exe" -ArgumentList "--start-maximized", "--load-extension=$(pwd)/node_modules/dashcam-chrome/build", "http://${{ secrets.VPS_HOST }}:1337" - Start-Sleep -Seconds 20 - prompt: | - 1. /run testing/testdriver/test.yml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - FORCE_COLOR: "3" - - cleanup: - needs: [deploy, test] - runs-on: ubuntu-latest - if: always() - - steps: - - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 - with: - egress-policy: audit - - - name: Set up SSH - run: | - mkdir -p ~/.ssh/ - echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key - sudo chmod 600 ../private.key - - - name: Cleanup deployment - run: | - ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << EOF - cd /stirling/test-${{ github.sha }} - docker-compose down - cd /stirling - rm -rf test-${{ github.sha }} - EOF