Merge branch 'main' into issues/64

.github/dependabot.yml

@@ -39,4 +39,4 @@ updates:
   open-pull-requests-limit: 10
   labels:
     - "type/dependencies"
-    - "scope/infrastructure"
+    - "scope/infra"

.github/workflows/aws_publisher.yaml → .github/workflows/aws_publisher.yml

@@ -31,7 +31,7 @@ jobs:
           echo "Packer will be triggered in this dir $WORK_DIR"
 
       - name: Configure AWS credentials for Kafka-UI account
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_AMI_PUBLISH_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_AMI_PUBLISH_KEY_SECRET }}

.github/workflows/backend_main.yml

@@ -0,0 +1,25 @@
+name: "Backend: Main: Build and test"
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+      - "pom.xml"
+      - "contract/**"
+      - "api/**"
+      - "serde-api/**"
+
+permissions:
+  contents: read
+  checks: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    uses: ./.github/workflows/backend_tests.yml
+    with:
+      event_name: ${{ github.event_name }}

.github/workflows/backend_pr.yml

@@ -0,0 +1,26 @@
+name: "Backend: PR: Build and test"
+
+on:
+
+  pull_request_target:
+    types: [ "opened", "reopened", "synchronize" ]
+    paths:
+      - "pom.xml"
+      - "contract/**"
+      - "api/**"
+      - "serde-api/**"
+
+permissions:
+  contents: read
+  checks: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    uses: ./.github/workflows/backend_tests.yml
+    with:
+      event_name: ${{ github.event_name }}

.github/workflows/backend.yml → .github/workflows/backend_tests.yml

@@ -1,19 +1,15 @@
-name: "Backend: PR/main build & test"
+name: "Backend: build and test"
 
 on:
-  push:
-    branches: [ "main" ]
-    paths: &backend_paths
-      - "pom.xml"
-      - "contract/**"
-      - "api/**"
-      - "serde-api/**"
-
-  pull_request_target:
-    types: [ "opened", "reopened", "synchronize" ]
-    paths: *backend_paths
+  workflow_call:
+    inputs:
+      event_name:
+        description: 'Original github.event_name'
+        required: true
+        type: string
 
 permissions:
+  contents: read
   checks: write
   pull-requests: write
 
@@ -25,7 +21,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -43,8 +39,8 @@ jobs:
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
 
-      - name: Build and analyze pull request target
-        if: ${{ github.event_name == 'pull_request' }}
+      - name: "Pull request: Maven tests & sonar"
+        if: ${{ inputs.event_name == 'pull_request' || inputs.event_name == 'pull_request_target' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }}
@@ -60,8 +56,8 @@ jobs:
           -Dsonar.pullrequest.branch=$HEAD_REF \
           -Dsonar.pullrequest.base=$BASE_REF
 
-      - name: Build and analyze push main
-        if: ${{ github.event_name == 'push' }}
+      - name: "Main: Maven tests & sonar"
+        if: ${{ inputs.event_name == 'push' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }}

.github/workflows/branch-deploy.yml

@@ -1,20 +1,23 @@
 name: "Infra: Feature Testing: Init env"
+
 on:
   workflow_dispatch:
 
   pull_request:
     types: ['labeled']
+
+permissions:
+  contents: read
+
 jobs:
   build:
     if: ${{ github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public' }}
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
       - name: get branch name
         id: extract_branch
         run: |
@@ -48,7 +51,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-
       - name: Configure AWS credentials for Kafka-UI account
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/branch-remove.yml

@@ -1,18 +1,21 @@
 name: "Infra: Feature Testing: Destroy env"
+
 on:
   workflow_dispatch:
   pull_request:
     types: ['unlabeled', 'closed']
+
+permissions:
+  contents: read
+
 jobs:
   remove:
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
     if: ${{ (github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public') || (github.event.action == 'closed' && (contains(github.event.pull_request.labels.*.name, 'status/feature_testing') || contains(github.event.pull_request.labels.*.name, 'status/feature_testing_public'))) }}
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
       - name: clone
         run: |
           git clone https://infra-tech:${{ secrets.INFRA_USER_ACCESS_TOKEN }}@github.com/kafbat/ui-infra.git --branch envs

.github/workflows/build-public-image.yml

@@ -1,19 +1,22 @@
 name: "Infra: Image Testing: Deploy"
+
 on:
   workflow_dispatch:
   pull_request:
     types: ['labeled']
+
+permissions:
+  contents: read
+
 jobs:
   build:
     if: ${{ github.event.label.name == 'status/image_testing' }}
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
       - name: get branch name
         id: extract_branch
         run: |
@@ -45,7 +48,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-
       - name: Configure AWS credentials for Kafka-UI account
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -68,7 +71,7 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
       - name: make comment with private deployment link
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@v4
         with:
           issue-number: ${{ github.event.pull_request.number }}
           body: |

.github/workflows/codeql-analysis.yml

@@ -17,12 +17,13 @@ on:
   schedule:
     - cron: '39 15 * * 6'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -32,10 +33,10 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
@@ -47,7 +48,7 @@ jobs:
           cache: 'maven'
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/cve.yaml → .github/workflows/cve.yml

@@ -5,15 +5,17 @@ on:
     # * is a special character in YAML so you have to quote this string
     - cron: '0 8 15 * *'
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
+
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
 
       - name: Set up JDK
         uses: actions/setup-java@v3

.github/workflows/delete-public-image.yml

@@ -15,7 +15,7 @@ jobs:
           tag='${{ github.event.pull_request.number }}'
           echo "tag=${tag}" >> $GITHUB_OUTPUT
       - name: Configure AWS credentials for Kafka-UI account
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/e2e-automation.yml

@@ -16,18 +16,19 @@ on:
         required: false
         type: string
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
           ref: ${{ github.sha }}
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -88,4 +89,4 @@ jobs:
           target_url: http://kafkaui-allure-reports.s3-website.eu-central-1.amazonaws.com/${{ github.run_number }}
       - name: Dump Docker logs on failure
         if: failure()
-        uses: jwalton/[email protected].1
+        uses: jwalton/[email protected].2

.github/workflows/e2e-manual.yml

@@ -15,15 +15,16 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
-    permissions: # TODO remove when public
-      contents: read
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
           ref: ${{ github.sha }}
       - name: Set up environment
         id: set_env_values

.github/workflows/e2e-tests.yaml → .github/workflows/e2e-tests.yml

@@ -10,20 +10,20 @@ on:
       - "frontend/**"
       - "e2e-tests/**"
 
-permissions: # TODO remove when public
-  statuses: write
+permissions:
   contents: read
+  statuses: write
 
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ github.token }} # TODO remove when public
+          token: ${{ github.token }}
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.S3_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.S3_AWS_SECRET_ACCESS_KEY }}
@@ -84,4 +84,4 @@ jobs:
           target_url: http://kafkaui-allure-reports.s3-website.eu-central-1.amazonaws.com/${{ github.run_number }}
       - name: Dump docker logs on failure
         if: failure()
-        uses: jwalton/[email protected].1
+        uses: jwalton/[email protected].2