Merge mergeBranch to Main

.github/workflows/backoffice-bff-ci.yaml

@@ -22,11 +22,14 @@ jobs:
     runs-on: ubuntu-latest
     env:
       FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: 'true'
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - uses: ./.github/workflows/actions
+      - name: Run Maven Build Command
+        run: mvn clean install -pl backoffice-bff -am -Drevision=1.0-SNAPSHOT
       - name: Run Maven Checkstyle
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         run: mvn checkstyle:checkstyle -f backoffice-bff -Dcheckstyle.output.file=backoffice-bff-checkstyle-result.xml
@@ -35,13 +38,29 @@ jobs:
         uses: jwgmeligmeyling/checkstyle-github-action@master
         with:
           path: '**/backoffice-bff-checkstyle-result.xml'
-      - name: Run Maven Verify
-        run: mvn clean verify -f backoffice-bff
+      - name: Run Maven Package (Skip Broken Checks)
+        run: mvn clean package -f backoffice-bff -DskipTests -Djacoco.skip=true -Dcheckstyle.skip=true
       - name: Analyze with sonar cloud
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -f backoffice-bff
+        run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -f backoffice-bff -Dsonar.projectName="backoffice_bff"
+      - name: Add executable permission to mvnw
+        run: chmod +x backoffice-bff/mvnw
+      - name: Snyk scan
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
+        uses: snyk/actions/maven@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          JAVA_HOME: ""
+          JAVA_HOME_25_X64: ""
+        with:
+          command: test
+          args: >
+            --org=0a44793b-2f71-43df-86cc-e2cfdf5fd460 
+            --file=pom.xml 
+            --severity-threshold=critical
+            -- -f pom.xml -Drevision=1.0-SNAPSHOT -Dprojects=backoffice-bff
       - name: OWASP Dependency Check
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: dependency-check/Dependency-Check_Action@main
@@ -51,23 +70,67 @@ jobs:
           project: 'yas'
           path: '.'
           format: 'HTML'
+          # Use args to explicitly tell the CLI to skip Central and/or NVD updates
+          args: >
+            --disableCentral
       - name: Upload OWASP Dependency Check results
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: actions/upload-artifact@master
         with:
           name: OWASP Dependency Check Report
           path: ${{github.workspace}}/reports
       - name: Log in to the Container registry
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push Docker images
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./backoffice-bff
           push: true
-          tags: ghcr.io/nashtech-garage/yas-backoffice-bff:latest
+          tags: ghcr.io/23120049/yas-backoffice-bff:latest
+  Test:
+    runs-on: ubuntu-latest
+    needs: Build
+    env:
+     FROM_ORIGINAL_REPOSITORY: true
+     ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: ./.github/workflows/actions
+      - name: Run Maven Test
+        run: mvn clean verify -pl backoffice-bff -am
+      - name: Upload Test Result Artifacts
+        uses: actions/upload-artifact@v4
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' && (success() || failure()) }}
+        with:
+          name: Backoffice-BFF-Test-Results
+          path: "backoffice-bff/**/*-reports/TEST*.xml"
+      - name: Test Results
+        uses: dorny/test-reporter@v1
+        if: always() && hashFiles('backoffice-bff/target/surefire-reports/TEST-*.xml') != ''
+        with:
+          name: Backoffice-BFF-Unit-Test-Results
+          path: "backoffice-bff/**/*-reports/TEST*.xml"
+          reporter: java-junit
+      - name: Upload Coverage Report Artifacts
+        uses: actions/upload-artifact@v4
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
+        with:
+          name: Backoffice-BFF-Coverage-Report
+          path: "backoffice-bff/target/site/jacoco/**"
+      - name: Add coverage report to PR
+        uses: madrapps/jacoco-report@v1.6.1
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
+        with:
+          paths: ${{github.workspace}}/backoffice-bff/target/site/jacoco/jacoco.xml
+          token: ${{secrets.GITHUB_TOKEN}}
+          min-coverage-overall: 80
+          min-coverage-changed-files: 60
+          title: 'Backoffice BFF Coverage Report'
+          update-comment: true
+

.github/workflows/backoffice-ci.yaml

@@ -19,7 +19,9 @@ jobs:
   Build:
     runs-on: ubuntu-latest
     env:
-      FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
+      # FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
+      FROM_ORIGINAL_REPOSITORY: true
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
     steps:
       - uses: actions/checkout@v4
         with:
@@ -39,7 +41,7 @@ jobs:
         continue-on-error: true
         working-directory: backoffice
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'fs'
           scan-ref: './backoffice'
@@ -54,32 +56,28 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Log in to the Container registry
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build Docker image
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./backoffice
-          tags: ghcr.io/nashtech-garage/yas-backoffice:latest
+          tags: ghcr.io/23120049/yas-backoffice:latest
       - name: Run Trivy vulnerability scanner
-        if: ${{ github.ref == 'refs/heads/main' }}
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
-          image-ref: 'ghcr.io/nashtech-garage/yas-backoffice:latest'
+          image-ref: 'ghcr.io/23120049/yas-backoffice:latest'
           format: 'sarif'
           output: 'trivy-results.sarif'
       - name: Push Docker image
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           push: true
           context: ./backoffice
-          tags: ghcr.io/nashtech-garage/yas-backoffice:latest
+          tags: ghcr.io/23120049/yas-backoffice:latest
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:

.github/workflows/cart-ci.yaml

@@ -21,29 +21,34 @@ jobs:
   Build:
     runs-on: ubuntu-latest
     env:
-      FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
+      # FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
+      FROM_ORIGINAL_REPOSITORY: true
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - uses: ./.github/workflows/actions
+      - name: Set up JDK 25
+        uses: actions/setup-java@v4
+        with:
+          java-version: '25'
+          distribution: 'temurin'
+          cache: 'maven' # One line replaces the whole manual cache block
       - name: Run Maven Build Command
-        run: mvn clean install -pl cart -am
+        # Build the common-library first, then the cart service
+        run: |
+          mvn clean install -pl common-library -DskipTests -Djacoco.skip=true
+          mvn clean install -pl cart -am -DskipTests -Djacoco.skip=true
+        run: mvn clean install -pl cart -am -Drevision=1.0-SNAPSHOT
       - name: Run Maven Checkstyle
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
-        run: mvn checkstyle:checkstyle -pl cart -am -Dcheckstyle.output.file=cart-checkstyle-result.xml
+        run: mvn checkstyle:checkstyle -pl cart -Dcheckstyle.output.file=cart-checkstyle-result.xml
       - name: Upload Checkstyle Result
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: jwgmeligmeyling/checkstyle-github-action@master
         with:
           path: '**/cart-checkstyle-result.xml'
-      - name: Test Results
-        uses: dorny/test-reporter@v1
-        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' && (success() || failure()) }}
-        with:
-          name: Cart-Service-Unit-Test-Results
-          path: "cart/**/*-reports/TEST*.xml"
-          reporter: java-junit
       - name: OWASP Dependency Check
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: dependency-check/Dependency-Check_Action@main
@@ -53,6 +58,9 @@ jobs:
           project: 'yas'
           path: '.'
           format: 'HTML'
+          # Use args to explicitly tell the CLI to skip Central and/or NVD updates
+          args: >
+            --disableCentral
       - name: Upload OWASP Dependency Check results
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: actions/upload-artifact@master
@@ -63,28 +71,80 @@ jobs:
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -pl cart -am
-      - name: Add coverage report to PR
-        uses: madrapps/jacoco-report@v1.6.1
+        run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -pl cart -am -Dsonar.projectName="cart"
+      - name: Add executable permission to mvnw
+        run: chmod +x cart/mvnw
+      - name: Snyk scan
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
+        uses: snyk/actions/maven@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          JAVA_HOME: ""
+          JAVA_HOME_25_X64: ""
         with:
-          paths: ${{github.workspace}}/cart/target/site/jacoco/jacoco.xml
-          token: ${{secrets.GITHUB_TOKEN}}
-          min-coverage-overall: 80
-          min-coverage-changed-files: 60
-          title: 'Cart Coverage Report'
-          update-comment: true
+          command: test
+          args: >
+            --org=0a44793b-2f71-43df-86cc-e2cfdf5fd460 
+            --file=pom.xml 
+            --severity-threshold=critical
+            -- -f pom.xml -Drevision=1.0-SNAPSHOT -Dprojects=cart
       - name: Log in to the Container registry
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push Docker images
-        if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./cart
           push: true
-          tags: ghcr.io/nashtech-garage/yas-cart:latest
+          tags: ghcr.io/23120049/yas-cart:latest  
+  Test:
+    runs-on: ubuntu-latest
+    needs: Build
+    env:
+      FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: ./.github/workflows/actions
+      - name: Set up JDK 25
+        uses: actions/setup-java@v4
+        with:
+          java-version: '25'
+          distribution: 'temurin'
+          cache: 'maven' # One line replaces the whole manual cache block
+      - name: Run Maven Test
+        run: mvn clean verify -pl cart -am
+      - name: Upload Test Result Artifacts
+        uses: actions/upload-artifact@v4
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' && (success() || failure()) }}
+        with:
+          name: Cart-Test-Results
+          path: "cart/**/*-reports/TEST*.xml"
+      - name: Test Results
+        uses: dorny/test-reporter@v1
+        if: always() && hashFiles('cart/**/TEST-*.xml') != ''
+        with:
+          name: Cart-Service-Unit-Test-Results
+          path: "cart/**/*-reports/TEST*.xml"
+          reporter: java-junit
+      - name: Upload Coverage Report Artifacts
+        uses: actions/upload-artifact@v4
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
+        with:
+          name: Cart-Coverage-Report
+          path: "cart/target/site/jacoco/**"
+      - name: Add coverage report to PR
+        uses: madrapps/jacoco-report@v1.6.1
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
+        with:
+          paths: ${{github.workspace}}/cart/target/site/jacoco/jacoco.xml
+          token: ${{secrets.GITHUB_TOKEN}}
+          min-coverage-overall: 80
+          min-coverage-changed-files: 60
+          title: 'Cart Coverage Report'
+          update-comment: true
+