Skip to content

chore: Use workflows of https://github.com/cap-java/.github #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
johanneseschrig merged 5 commits into from
Jun 18, 2026
Merged

chore: Use workflows of https://github.com/cap-java/.github #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bea1dc6
Use workflows of https://github.com/cap-java/.github
lisajulia May 29, 2026
e23ba23
Update cds-services version to 4.9.0
lisajulia Jun 1, 2026
f6a90a2
Override spring boot and bouncy castle version due to findings by Bla…
lisajulia Jun 18, 2026
0247ca7
Change scan mode to RAPID since the project for cds-feature-console i…
lisajulia Jun 15, 2026
fabc865
Changelog entry
lisajulia Jun 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 0 additions & 62 deletions .github/actions/scan-with-blackduck/action.yml
View file
Open in desktop

This file was deleted.

45 changes: 0 additions & 45 deletions .github/actions/scan-with-codeql/action.yml
View file
Open in desktop

This file was deleted.

48 changes: 0 additions & 48 deletions .github/actions/scan-with-sonar/action.yml
View file
Open in desktop

This file was deleted.

13 changes: 12 additions & 1 deletion .github/workflows/blackduck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,19 @@ jobs:
- name: Checkout
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
- name: Scan With Black Duck
uses: ./.github/actions/scan-with-blackduck
uses: cap-java/.github/actions/scan-with-blackduck@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
with:
blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
maven-version: ${{ env.MAVEN_VERSION }}
project-name: com.sap.cds.feature.console
included-modules: cds-feature-console
# scan_mode and rapid_compare_mode determine the type of scan to perform
# FULL scan on main, RAPID scan on a PR that will only tag issues introduced by the PR
# not pre-existing issues that could have appeared in the main branch in the meantime
# Set to RAPID now for main and for PRs because the project com.sap.cds.feature.console is not available on https://sap.blackducksoftware.com/
# Change back to FULL on main as soon as the project has been created on https://sap.blackducksoftware.com/.
#scan_mode: ${{ github.event_name == 'pull_request' && 'RAPID' || 'FULL' }}
#rapid_compare_mode: ${{ github.event_name == 'pull_request' && 'BOM_COMPARE' || '' }}
scan_mode: 'RAPID'
excluded-dirs: '**/*test*,**/target/site'
9 changes: 7 additions & 2 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,21 @@ jobs:
java-version: ${{ matrix.java-version }}
maven-version: ${{ env.MAVEN_VERSION }}
- name: Sonar Scan
uses: ./.github/actions/scan-with-sonar
uses: cap-java/.github/actions/scan-with-sonar@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
if: matrix.java-version == '21.0.9'
with:
java-version: 21
maven-version: ${{ env.MAVEN_VERSION }}
sonarq-token: ${{ secrets.SONAR_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-project-key: cap-java_cds-feature-console
coverage-report-path: cds-feature-console/target/site/jacoco/jacoco.xml
build-script: mvn verify -B -ntp
- name: CodeQL Scan
uses: ./.github/actions/scan-with-codeql
uses: cap-java/.github/actions/scan-with-codeql@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
if: matrix.java-version == '21.0.9'
with:
java-version: 21
maven-version: ${{ env.MAVEN_VERSION }}
language: java-kotlin
queries: security-extended
4 changes: 2 additions & 2 deletions .github/workflows/pr-checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check changelog
uses: cap-js/.github/.github/actions/check-changelog@main
uses: cap-js/.github/.github/actions/check-changelog@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main

check-pr-title:
runs-on: ubuntu-latest
steps:
- name: Check PR title
uses: cap-js/.github/.github/actions/check-pr-title@main
uses: cap-js/.github/.github/actions/check-pr-title@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/).

### Added
### Changed
- Use centrally managed BlackDuck scan action from [cap-java/.github](https://github.com/cap-java/.github) instead of a local copy
- Set BlackDuck scan mode to `RAPID` since the project is not yet registered on sap.blackducksoftware.com
- Override Spring Boot to 3.5.15 and Bouncy Castle to 1.84 to fix HIGH/CRITICAL BlackDuck CVE findings
### Deprecated
### Removed
- Local BlackDuck, CodeQL, and Sonar scan action copies (replaced by cap-java/.github workflows)
### Fixed
### Security

Expand Down
45 changes: 44 additions & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
<maven.compiler.release>${java.version}</maven.compiler.release>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

<cds.services.version>4.7.0</cds.services.version>
<cds.services.version>4.9.0</cds.services.version>
<cds.url>https://cap.cloud.sap/docs/java</cds.url>
</properties>

Expand All @@ -53,6 +53,37 @@

<dependencyManagement>
<dependencies>
<!-- Overrides the Spring Boot version 3.5.13 pulled in by cds-services-bom 4.9.0 to fix HIGH/CRITICAL Black Duck findings from 26-07-18 CVEs -->
<!-- Can possibly be removed when upgrading to higher cds-services-bom version -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>3.5.15</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<!-- Pin JUnit Platform to 6.0.3 to prevent spring-boot-dependencies 3.5.15 from downgrading it -->
<dependency>
<groupId>org.junit.platform</groupId>
<artifactId>junit-platform-engine</artifactId>
<version>6.0.3</version>
</dependency>

<dependency>
<groupId>org.junit.platform</groupId>
<artifactId>junit-platform-commons</artifactId>
<version>6.0.3</version>
</dependency>

<!-- Override Bouncy Castle Version 1.83 pulled in by cds-services-bom 4.9.0 to fix HIGH/CRITICAL Black Duck findings from 26-07-18 -->
<!-- Can possibly be removed when upgrading to higher cds-services-bom version -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.84</version>
</dependency>

<dependency>
<groupId>com.sap.cds</groupId>
<artifactId>cds-services-bom</artifactId>
Expand All @@ -61,6 +92,18 @@
<scope>import</scope>
</dependency>

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.84</version>
</dependency>

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>1.84</version>
</dependency>

<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-bom</artifactId>
Expand Down
Loading