add pipelines (#47)

* change nightly to weekly

* change nightly to weekly file name too

---------

Co-authored-by: crisdelta <[email protected]>

.github/dependabot.yml

@@ -0,0 +1,18 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: weekly
+      day: monday
+      time: "04:00"
+    open-pull-requests-limit: 10
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly

.github/workflows/build-for-development.yml

@@ -0,0 +1,30 @@
+name: Build for development
+
+on:
+  push:
+    branches: [ 'feature/**', 'dependabot/**' ]
+
+jobs:
+  test_and_scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/create-release-branch.yml

@@ -0,0 +1,84 @@
+name: Create release branch
+
+on:
+  workflow_dispatch:
+    branches: [ develop ]
+    inputs:
+      release:
+        description: 'Type of the release.'
+        type: choice
+        options:
+          - major
+          - minor
+          - patch
+        default: minor
+
+jobs:
+  create_branch:
+    if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/develop'
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Create version
+        id: createVersion
+        run: |
+          CURRENT_VERSION=$(node -e "console.log(require('./package.json').version)")
+          echo "Current version: $CURRENT_VERSION"
+          MAJOR=`echo $CURRENT_VERSION | cut -d. -f1`
+          MINOR=`echo $CURRENT_VERSION | cut -d. -f2`
+          PATCH=`echo $CURRENT_VERSION | cut -d. -f3 | cut -d- -f1`
+
+          if [ ${{ inputs.release }} == 'major' ]; then
+            MAJOR=$((MAJOR+1))
+            MINOR=0
+            PATCH=0
+          elif [ ${{ inputs.release }} == 'minor' ]; then
+            MINOR=$((MINOR+1))
+            PATCH=0
+          else
+            PATCH=$((PATCH+1))
+          fi
+
+          VERSION=${MAJOR}.${MINOR}.${PATCH}
+
+          echo
+          echo "Release version: $VERSION"
+
+          echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Create release branch
+        env:
+          VERSION: ${{ steps.createVersion.outputs.VERSION }}
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Github Actions"
+
+          git branch release/$VERSION
+          git checkout release/$VERSION
+
+          npm version ${VERSION}-SNAPSHOT
+          git add package.json
+          git commit -m "updated project version to ${VERSION}"
+
+          git push --set-upstream origin release/$VERSION
+
+  wrong_branch:
+    if: github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/develop'
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ERROR
+        run: echo 'This workflow only runs on develop branch!'

.github/workflows/release-new-tag.yml

@@ -0,0 +1,31 @@
+name: Release new tag
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Login to docker hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Build and push docker image
+        uses: docker/build-push-action@v5
+        with:
+          load: true
+          tags: ${{ secrets.DOCKER_USERNAME }}/keycloak-theme-num:${{ github.ref_name }}
+      - name: Print Release Version
+        run: |
+          echo "### :rocket: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY

.github/workflows/release.yml

@@ -0,0 +1,112 @@
+name: release
+
+on:
+  workflow_dispatch:
+    branches: [ 'release/**' ]
+
+env:
+  RELEASE_VERSION: ''
+  DEV_VERSION: ''
+
+jobs:
+
+  read_version:
+    runs-on: ubuntu-latest
+
+    outputs:
+      DEV_VERSION: ${{ steps.createVersion.outputs.DEV_VERSION}}
+      RELEASE_VERSION: ${{ steps.createVersion.outputs.RELEASE_VERSION}}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Create new development version
+        id: createVersion
+        run: |
+          CURRENT_VERSION=$(node -e "console.log(require('./package.json').version)")
+          RELEASE_VERSION=`echo $CURRENT_VERSION | cut -d- -f1`
+          echo "Current version: $CURRENT_VERSION"
+          MAJOR=`echo $CURRENT_VERSION | cut -d. -f1`
+          MINOR=`echo $CURRENT_VERSION | cut -d. -f2`
+
+          DEV_VERSION=${MAJOR}.$((MINOR+1)).0-SNAPSHOT
+
+          echo
+          echo "Release version: $RELEASE_VERSION"
+          echo "Develop version: $DEV_VERSION"
+
+          echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "DEV_VERSION=${DEV_VERSION}" >> "$GITHUB_OUTPUT"
+
+          echo "### :rocket: ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY
+
+  update_dev:
+    needs: read_version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Create branch to update develop version
+        env:
+          DEV_VERSION: ${{ needs.read_version.outputs.DEV_VERSION }}
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Github Actions"
+
+          git branch feature/update_develop_${DEV_VERSION}
+          git checkout feature/update_develop_${DEV_VERSION}
+
+          npm version ${DEV_VERSION}
+          git commit -am "updated development version to ${DEV_VERSION}"
+
+          git push --set-upstream origin feature/update_develop_${DEV_VERSION}
+
+      - name: Create PR to merge changes to Develop and update Version
+        env:
+          RELEASE_VERSION: ${{ needs.read_version.outputs.RELEASE_VERSION }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_URL=`gh pr create -B develop --title "Merge release branch '${RELEASE_VERSION}' back to develop" --body "Merge release branch '${RELEASE_VERSION}' back to develop"`
+          echo $PR_URL
+
+  release:
+    needs: read_version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Set the release version
+        env:
+          RELEASE_VERSION: ${{ needs.read_version.outputs.RELEASE_VERSION }}
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Github Actions"
+
+          npm version ${RELEASE_VERSION}
+          git commit -am "updated release version to ${RELEASE_VERSION}"
+          git push
+
+      - name: Create PR to merge release branch to main
+        env:
+          RELEASE_VERSION: ${{ needs.read_version.outputs.RELEASE_VERSION }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_URL=`gh pr create -B main --title "Merge release branch '${RELEASE_VERSION}'" --body "Merge release branch '${RELEASE_VERSION}'"`
+          echo $PR_URL

.github/workflows/weekly.yml

@@ -0,0 +1,29 @@
+name: Weekly
+
+on:
+  schedule:
+    - cron: '0 23 * * 1'
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "keycloak-theme-num",
-  "version": "1.0.0",
+  "version": "1.1.0-SNAPSHOT",
   "description": "The Keycloak themes for the num-codex webapp",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"