From 8626bf2492452d3257838af0a548a40dacd5be13 Mon Sep 17 00:00:00 2001 From: Lisa Julia Nebel Date: Mon, 1 Jun 2026 09:07:28 +0200 Subject: [PATCH 1/3] Update cds-services version to 4.9.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c751856..8484703 100644 --- a/pom.xml +++ b/pom.xml @@ -43,7 +43,7 @@ ${java.version} UTF-8 - 4.7.0 + 4.9.0 https://cap.cloud.sap/docs/java From e40aa172cf673bd4514f662888def1578d9b0896 Mon Sep 17 00:00:00 2001 From: Lisa Julia Nebel Date: Fri, 29 May 2026 16:33:06 +0200 Subject: [PATCH 2/3] Use workflows of https://github.com/cap-java/.github --- .../actions/scan-with-blackduck/action.yml | 62 ------------------- .github/actions/scan-with-codeql/action.yml | 45 -------------- .github/actions/scan-with-sonar/action.yml | 48 -------------- .github/workflows/blackduck.yml | 10 ++- .github/workflows/build.yml | 9 ++- .github/workflows/pr-checks.yml | 4 +- 6 files changed, 18 insertions(+), 160 deletions(-) delete mode 100644 .github/actions/scan-with-blackduck/action.yml delete mode 100644 .github/actions/scan-with-codeql/action.yml delete mode 100644 .github/actions/scan-with-sonar/action.yml diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml deleted file mode 100644 index dda5841..0000000 --- a/.github/actions/scan-with-blackduck/action.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: Scan with BlackDuck -description: Scans the project with BlackDuck - -inputs: - blackduck_token: - description: The token to use for BlackDuck authentication - required: true - github_token: - description: The token to use for GitHub authentication - required: true - java-version: - description: The version of Java to use - default: "17" - required: false - maven-version: - description: The Maven version the build shall run with. - required: true - scan_mode: - description: The scan mode to use (FULL or RAPID) - default: 'RAPID' - required: false - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Get Revision - id: get-revision - run: | - echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT - shell: bash - - - name: BlackDuck Security Scan - uses: blackduck-inc/black-duck-security-scan@659a0742e793a093377fab3117b0d90f23b04bfa # v2.9.0 - with: - blackducksca_url: https://sap.blackducksoftware.com/ - blackducksca_token: ${{ inputs.blackduck_token }} - blackducksca_scan_full: ${{ inputs.scan_mode == 'FULL' }} - github_token: ${{ inputs.github_token }} - detect_args: > - --detect.project.name=com.sap.cds.feature.console - --detect.project.version.name=${{ steps.get-revision.outputs.REVISION }} - --detect.included.detector.types=MAVEN - --detect.excluded.directories=**/node_modules,**/*test*,**/localrepo,**/target/site,**/*-site.jar,**/samples/** - --detect.tools=DETECTOR,BINARY_SCAN - --detect.risk.report.pdf=false - --logging.level.detect=INFO - env: - BLACKDUCKSCA_TOKEN: ${{ inputs.blackduck_token }} - BLACKDUCKSCA_URL: https://sap.blackducksoftware.com/ - BLACKDUCK_API_TOKEN: ${{ inputs.blackduck_token }} diff --git a/.github/actions/scan-with-codeql/action.yml b/.github/actions/scan-with-codeql/action.yml deleted file mode 100644 index 88e7f91..0000000 --- a/.github/actions/scan-with-codeql/action.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Scan with CodeQL -description: Scans the project with CodeQL - -inputs: - java-version: - description: The Java version to use for the build. - required: true - maven-version: - description: The Maven version to use for the build. - required: true - -runs: - using: composite - steps: - - name: Set up Java ${{ inputs.java-version }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: ${{ inputs.java-version }} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{ inputs.maven-version }} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{ inputs.maven-version }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 - with: - languages: java-kotlin - build-mode: manual - queries: security-extended - - - name: Install @sap/cds-dk - run: npm i -g @sap/cds-dk - shell: bash - - - name: Build Java code - run: mvn clean compile -B -ntp -Dcds.install-node.skip - shell: bash - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ed410739ba306e4ebe5e123421a6bd694e494a2b # v4 - with: - category: "/language:java-kotlin" diff --git a/.github/actions/scan-with-sonar/action.yml b/.github/actions/scan-with-sonar/action.yml deleted file mode 100644 index 50f0f18..0000000 --- a/.github/actions/scan-with-sonar/action.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Scan with SonarQube -description: Scans the project with SonarQube - -inputs: - sonarq-token: - description: The token to use for SonarQube authentication - required: true - github-token: - description: The token to use for GitHub authentication - required: true - java-version: - description: The version of Java to use - required: true - maven-version: - description: The version of Maven to use - required: true - -runs: - using: composite - - steps: - - name: Set up Java ${{inputs.java-version}} - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 - with: - java-version: ${{inputs.java-version}} - distribution: sapmachine - cache: maven - - - name: Set up Maven ${{inputs.maven-version}} - uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 - with: - maven-version: ${{inputs.maven-version}} - - - name: Get Revision - id: get-revision - run: | - echo "REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> $GITHUB_OUTPUT - shell: bash - - - name: Print Revision - run: echo "${{steps.get-revision.outputs.REVISION}}" - shell: bash - - - name: SonarQube Scan - uses: SAP/project-piper-action@0694c809adf25568fc3c950041097323d71b91ed # v1.26.2 - with: - step-name: sonarExecuteScan - flags: --token=${{inputs.sonarq-token}} --githubToken=${{inputs.github-token}} --version=${{steps.get-revision.outputs.REVISION}} --inferJavaBinaries=true diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml index 14068d0..fe57855 100644 --- a/.github/workflows/blackduck.yml +++ b/.github/workflows/blackduck.yml @@ -26,8 +26,16 @@ jobs: - name: Checkout uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Scan With Black Duck - uses: ./.github/actions/scan-with-blackduck + uses: cap-java/.github/actions/scan-with-blackduck@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main with: blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} maven-version: ${{ env.MAVEN_VERSION }} + project-name: com.sap.cds.feature.console + included-modules: cds-feature-console + # scan_mode and rapid_compare_mode determine the type of scan to perform + # FULL scan on main, RAPID scan on a PR that will only tag issues introduced by the PR + # not pre-existing issues that could have appeared in the main branch in the meantime + scan_mode: ${{ github.event_name == 'pull_request' && 'RAPID' || 'FULL' }} + rapid_compare_mode: ${{ github.event_name == 'pull_request' && 'BOM_COMPARE' || '' }} + excluded-dirs: '**/*test*,**/target/site' diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d3de22..4516433 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,16 +28,21 @@ jobs: java-version: ${{ matrix.java-version }} maven-version: ${{ env.MAVEN_VERSION }} - name: Sonar Scan - uses: ./.github/actions/scan-with-sonar + uses: cap-java/.github/actions/scan-with-sonar@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main if: matrix.java-version == '21.0.9' with: java-version: 21 maven-version: ${{ env.MAVEN_VERSION }} sonarq-token: ${{ secrets.SONAR_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }} + sonar-project-key: cap-java_cds-feature-console + coverage-report-path: cds-feature-console/target/site/jacoco/jacoco.xml + build-script: mvn verify -B -ntp - name: CodeQL Scan - uses: ./.github/actions/scan-with-codeql + uses: cap-java/.github/actions/scan-with-codeql@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main if: matrix.java-version == '21.0.9' with: java-version: 21 maven-version: ${{ env.MAVEN_VERSION }} + language: java-kotlin + queries: security-extended diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 9991ff6..4bee168 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -16,10 +16,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check changelog - uses: cap-js/.github/.github/actions/check-changelog@main + uses: cap-js/.github/.github/actions/check-changelog@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main check-pr-title: runs-on: ubuntu-latest steps: - name: Check PR title - uses: cap-js/.github/.github/actions/check-pr-title@main \ No newline at end of file + uses: cap-js/.github/.github/actions/check-pr-title@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main From b96da0c42baa1fe4ce2bbf03f4efd8fcfa566b49 Mon Sep 17 00:00:00 2001 From: Lisa Julia Nebel Date: Mon, 15 Jun 2026 07:06:47 +0200 Subject: [PATCH 3/3] Change scan mode to RAPID since the project for cds-feature-console is not available on blackduck --- .github/workflows/blackduck.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml index fe57855..b78bf09 100644 --- a/.github/workflows/blackduck.yml +++ b/.github/workflows/blackduck.yml @@ -36,6 +36,9 @@ jobs: # scan_mode and rapid_compare_mode determine the type of scan to perform # FULL scan on main, RAPID scan on a PR that will only tag issues introduced by the PR # not pre-existing issues that could have appeared in the main branch in the meantime - scan_mode: ${{ github.event_name == 'pull_request' && 'RAPID' || 'FULL' }} - rapid_compare_mode: ${{ github.event_name == 'pull_request' && 'BOM_COMPARE' || '' }} + # Set to RAPID now for main and for PRs because the project com.sap.cds.feature.console is not available on https://sap.blackducksoftware.com/ + # Change back to FULL on main as soon as the project has been created on https://sap.blackducksoftware.com/. + #scan_mode: ${{ github.event_name == 'pull_request' && 'RAPID' || 'FULL' }} + #rapid_compare_mode: ${{ github.event_name == 'pull_request' && 'BOM_COMPARE' || '' }} + scan_mode: 'RAPID' excluded-dirs: '**/*test*,**/target/site'