mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: Test-Commit für VCS-Integration (MP-8) (#15)

Browse Source 
* MP-8 OTHER Implementiere JWT-Authentifizierungs-Filter im Gateway

* Fix(ci): Update upload-artifact action to v4

* Fix(ci): Add start command for Keycloak and failure logs

* Fix(ci): Remove invalid 'command' property from Keycloak service

* Fix(ci): Use KC_DEV_MODE env var to start Keycloak

* Fix(ci): Keycloak service was removed from GitHub Actions services and replaced with a manual docker run step that starts Keycloak with the start-dev command.

* dev(ci): vereinheitliche Keycloak auf 26.4.2; aktiviere Health im CI (MP-8)

* Fix(ci): Stabilize Keycloak startup in integration tests via matrix

- Add `dev-file` Keycloak variant to matrix for stability fallback.
- Improve wait logic and health checks for Keycloak and Postgres.
- Unify Keycloak version to 26.4.2 across codebase.
- Add log dumps on failure.

* Fix(ci): Die betroffene Datei docs/Visionen-Ideen/Infrastruktur-Strategie_DSGVO-Konformität.md endet aktuell mit genau einer leeren Zeile (Zeile 87). Das entspricht der Regel MD047 („Files should end with a single newline character“). Damit ist deine Korrektur korrekt.

* Fix(ci): Repository-wide auto-fix for Markdown files was implemented with a GitHub Actions workflow and a local helper script. EditorConfig and markdownlint ignore files were added to ensure consistent formatting. Instructions for using the auto-fix both via GitHub Actions and locally were provided.

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* Fix(ci): Stabilize integration tests with Keycloak matrix build (MP-8)

Introduces a matrix strategy (`keycloak_db: [postgres, dev-file]`)
in the integration-tests workflow to mitigate flaky Keycloak starts
when using the Postgres service container.

- Adds a `dev-file` Keycloak variant for stability fallback.
- Improves wait logic and health checks for Keycloak/Postgres.
- Unifies Keycloak version to 26.4.2 across codebase (Dockerfile, Compose,
  ADR, README, tests).
- Adds log dumps on failure in CI.
- Ensures `KC_HEALTH_ENABLED=true` is set.
- Updates related documentation (README, Schlachtplan).
- Includes broader Docker SSoT cleanup (versions.toml as source,
  script updates, env file cleanup, validator hardening).

This resolves recurring CI failures related to Keycloak startup and
ensures required checks for PRs (#15) are reliable, while also
improving overall Docker build consistency.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* Fix(ci): Replace OpenAPI validator with Spectral

Replaces the deprecated 'char0n/swagger-editor-validate' action,
which failed due to sandbox issues in GitHub Actions, with the
modern '@stoplight/spectral-cli'.

This ensures robust OpenAPI specification validation without
requiring a headless browser environment. The 'generate-api-docs'
job now depends on the successful completion of the Spectral validation.

Part of resolving CI failures for PR #15 (MP-8).

* Fix(ci): Specify spectral:oas ruleset for OpenAPI validation (MP-8)

* Fix(ci): Remove explicit ruleset argument for Spectral validation (MP-8)

* Fix(ci): Added a .spectral.yaml file to fix Spectral linting errors. Corrected markdown lint issues in two documentation files. Updated README.md with a new guidelines section to fix link validation errors.

* Fix(ci): Markdownlint errors were fixed by adding required blank lines. The Guidelines Validation error was resolved by updating the README.md link. The API Documentation Generator workflow was stabilized by updating paths, tasks, and validation steps.

* Fix(ci): Alle vier fehlerhaften GitHub-Action-Prüfungen wurden behoben. Fehler in der OpenAPI-Spezifikation, Probleme mit der Markdown-Linting-Analyse und Validierungsfehler bei Querverweisen wurden korrigiert. Die README.md enthält nun alle erforderlichen Links zu den Richtlinien.

* Fix(ci): Markdown linting errors in docs/api/README.md were fixed by specifying languages in fenced code blocks. OpenAPI specification errors in documentation.yaml were resolved by correcting example property types to strings. Cross-reference validation errors in README.md were fixed by adding the missing link to project-standards/coding-standards.md.

* Fix(ci): Duplicate heading errors in docs/api/members-api.md were fixed. Cross-reference validation errors for docker-architecture.md were resolved. All originally reported issues passed validation successfully.

* Fix(ci): The markdown heading levels in docs/api/members-api.md were corrected from h5 to h4 to fix linting errors. The missing cross-reference link from technology-guides/docker/docker-development.md to docker-overview.md was added. These fixes resolved the original validation and linting errors causing the process to fail.

* Fix(ci): Duplicate heading warnings in docs/api/members-api.md were resolved. Cross-reference validation for docker-development.md to docker-architecture.md was fixed. A new unrelated warning about docker-production.md was identified but not addressed.

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): README.md und einige andere Dokumentationen überarbeitet.
ports-and-urls.md hinzugefügt.
Related: MP-DOCS-001

* refactor(ci,docs): Die Markdownlint-Fehler in README.md und docs/README.md wurden behoben, indem die Überschriftenebenen angepasst, überflüssige Satzzeichen am Ende entfernt und die notwendigen Leerzeilen um Überschriften, Listen, Tabellen und Codeblöcke eingefügt wurden. Das problematische Leerzeichen am Ende in docs/README.md wurde ebenfalls entfernt. Die Dateien entsprechen nun den vorgegebenen Markdownlint-Regeln und sollten die CI-Validierung bestehen.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Dead links in docs/architecture/adr were fixed by updating URLs to stable sources and adding an ignore pattern for a placeholder link. Specific ADR files had their broken links replaced with valid ones. The markdown-link-check GitHub Action is expected to pass with zero dead links now.
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* Chore: Rerun CI checks with updated branch protection rules
This commit is contained in:
StefanMo
2025-11-07 12:26:33 +01:00
committed by GitHub
parent 6850cd92d4
commit b35c4087a2
129 changed files with 4016 additions and 7131 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/api-docs.yml
-124
View File
@@ -1,124 +0,0 @@
name: API Documentation Generator
on:
push:
branches: [ main, master ]
paths:
- 'api-gateway/src/jvmMain/resources/openapi/**'
- 'api-gateway/src/jvmMain/kotlin/at/mocode/gateway/routing/**'
- 'api-gateway/src/jvmMain/kotlin/at/mocode/gateway/config/OpenApiConfig.kt'
- 'api-gateway/build.gradle.kts'
- '.github/workflows/api-docs.yml'
pull_request:
branches: [ main, master ]
paths:
- 'api-gateway/src/jvmMain/resources/openapi/**'
- 'api-gateway/src/jvmMain/kotlin/at/mocode/gateway/routing/**'
- 'api-gateway/src/jvmMain/kotlin/at/mocode/gateway/config/OpenApiConfig.kt'
- 'api-gateway/build.gradle.kts'
- '.github/workflows/api-docs.yml'
workflow_dispatch: # Allow manual triggering
schedule:
- cron: '0 0 * * 0' # Run weekly on Sunday at midnight
jobs:
validate-openapi:
name: Validate OpenAPI Specification
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Validate OpenAPI
uses: char0n/swagger-editor-validate@v1
with:
definition-file: api-gateway/src/jvmMain/resources/openapi/documentation.yaml
generate-api-docs:
name: Generate API Documentation
runs-on: ubuntu-latest
needs: validate-openapi
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: gradle
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Generate API Documentation
id: generate-docs
run: ./gradlew :api-gateway:generateApiDocs
- name: Check for changes
id: git-check
run: |
if git diff --exit-code api-gateway/src/jvmMain/resources/static/docs/; then
echo "changed=false" >> $GITHUB_OUTPUT
else
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Commit and push if changed
if: steps.git-check.outputs.changed == 'true'
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add api-gateway/src/jvmMain/resources/static/docs/
git commit -m "Update API documentation [skip ci]"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload documentation artifact
uses: actions/upload-artifact@v4
with:
name: api-documentation
path: api-gateway/src/jvmMain/resources/static/docs/
retention-days: 7
- name: Notify on success
if: steps.git-check.outputs.changed == 'true'
run: |
echo "API documentation has been updated successfully."
# Uncomment and configure when notification service is available
# curl -X POST -H 'Content-type: application/json' --data '{"text":"API documentation has been updated successfully."}' ${{ secrets.SLACK_WEBHOOK_URL }}
deploy-to-github-pages:
name: Deploy to GitHub Pages
runs-on: ubuntu-latest
needs: generate-api-docs
# Only deploy on main/master branch, not on PRs
if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
steps:
- name: Download documentation artifact
uses: actions/download-artifact@v4
with:
name: api-documentation
path: ./docs
- name: Setup GitHub Pages
uses: actions/configure-pages@v4
- name: Upload GitHub Pages artifact
uses: actions/upload-pages-artifact@v3
with:
path: ./docs
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
- name: Output deployment URL
run: |
echo "Documentation deployed to ${{ steps.deployment.outputs.page_url }}"
# Uncomment and configure when notification service is available
# curl -X POST -H 'Content-type: application/json' --data '{"text":"API documentation deployed to ${{ steps.deployment.outputs.page_url }}"}' ${{ secrets.SLACK_WEBHOOK_URL }}
.github/workflows/ci-docs.yml
-89
View File
@@ -1,89 +0,0 @@
name: CI Docs
on:
pull_request:
paths:
- 'docs/**'
- '.junie/**'
- '.github/workflows/ci-docs.yml'
- '.markdownlint.yaml'
- '.vale.ini'
push:
branches: [ main ]
paths:
- 'docs/**'
- '.junie/**'
- '.github/workflows/ci-docs.yml'
- '.markdownlint.yaml'
- '.vale.ini'
jobs:
docs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node (markdownlint)
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install markdownlint
run: npm i -g markdownlint-cli
- name: Markdownlint
run: markdownlint 'docs/**/*.md'
- name: Setup Vale
run: |
curl -fsSL https://install.goreleaser.com/github.com/errata-ai/vale.sh | sh
sudo mv bin/vale /usr/local/bin/vale
- name: Vale
run: vale docs/
- name: Link Checker
uses: lycheeverse/lychee-action@v1
with:
args: --verbose --no-progress 'docs/**/*.md'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Front-Matter Schema Validate
run: |
pip install pyyaml jsonschema
python .junie/scripts/validate-frontmatter.py
- name: Docs Drift Check
run: bash .junie/scripts/check-docs-drift.sh
- name: Render PlantUML
run: bash .junie/scripts/render-plantuml.sh
- name: Upload diagrams artifact
uses: actions/upload-artifact@v4
with:
name: diagrams
path: build/diagrams
- name: Validate YouTrack issues exist (optional)
if: ${{ env.YT_URL != '' && env.YT_TOKEN != '' }}
run: |
set -euo pipefail
KEYS=$(grep -Rho "[A-Z]\+-[0-9]\+" docs | sort -u || true)
if [ -z "$KEYS" ]; then
echo "No YouTrack keys found in docs."
exit 0
fi
echo "Prüfe Keys:" $KEYS
fail=0
for k in $KEYS; do
code=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer $YT_TOKEN" \
-H "Accept: application/json" \
"$YT_URL/api/issues/$k?fields=idReadable")
if [ "$code" != "200" ]; then
echo "[YT] Issue nicht gefunden: $k (HTTP $code)"; fail=1;
fi
done
exit $fail
env:
YT_URL: ${{ secrets.YT_URL }}
YT_TOKEN: ${{ secrets.YT_TOKEN }}
.github/workflows/ci-main.yml
+108
View File
@@ -0,0 +1,108 @@
name: CI - Main Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
# ========================================
# 1. Docker SSoT (bleibt wie ist)
# ========================================
docker-ssot:
name: Docker SSoT Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Validate Docker SSoT (compat mode)
run: |
bash scripts/docker-versions-update.sh sync
bash scripts/generate-compose-files.sh all development
bash scripts/validate-docker-consistency.sh all
- name: Validate Docker SSoT (envless mode)
run: |
DOCKER_SSOT_MODE=envless bash scripts/generate-compose-files.sh all development
DOCKER_SSOT_MODE=envless bash scripts/validate-docker-consistency.sh all
# ========================================
# 2. OpenAPI Validation (nur Lint)
# ========================================
validate-openapi:
name: Validate OpenAPI Specs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
- name: Install Spectral
run: npm install -g @stoplight/spectral-cli
- name: Validate OpenAPI
run: |
spectral lint infrastructure/gateway/src/main/resources/openapi/documentation.yaml \
--ruleset .spectral.yaml \
--fail-severity error
# ========================================
# 3. Markdown Docs (nur kritische)
# ========================================
validate-docs:
name: Validate Essential Docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Lint Critical Markdown
uses: DavidAnson/markdownlint-cli2-action@v20
with:
globs: |
README.md
docs/README.md
docs/architecture/adr/**/*.md
docs/how-to/start-local.md
- name: Check Links in ADRs
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
config-file: '.github/markdown-link-check.json'
folder-path: 'docs/architecture/adr/'
use-quiet-mode: 'yes'
# ========================================
# 4. Build & Test
# ========================================
build-test:
name: Build and Test
runs-on: ubuntu-latest
needs: [ docker-ssot, validate-openapi ]
steps:
- uses: actions/checkout@v5
- name: Setup JDK 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
cache: gradle
- name: Build
run: ./gradlew build -x test
- name: Test
run: ./gradlew test
- name: Upload OpenAPI Specs (Artifact)
uses: actions/upload-artifact@v5
with:
name: openapi-specs
path: docs/api/generated/*.json
retention-days: 30
continue-on-error: true
.github/workflows/deploy-proxmox.yml
+4 -4
View File
@@ -20,16 +20,16 @@ jobs:
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Set up JDK 21
uses: actions/setup-java@v4
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
- name: Cache Gradle dependencies
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
@@ -57,7 +57,7 @@ jobs:
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Setup SSH Key
uses: webfactory/ssh-agent@v0.8.0
.github/workflows/docs-kdoc-sync.yml
+48
View File
@@ -0,0 +1,48 @@
name: KDoc → YouTrack KB Sync
on:
workflow_dispatch:
inputs:
kb_root_title:
description: "Root-Titel der YouTrack KB (z. B. 'API & Entwicklerdoku')"
required: true
default: "API & Entwicklerdoku"
bc_root:
description: "Ordner unterhalb des KB-Roots für BCs (z. B. 'BCs')"
required: false
default: "BCs"
jobs:
kdoc-sync:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Setup JDK 21
uses: actions/setup-java@v5
with:
distribution: temurin
java-version: '21'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v5
- name: Build Dokka (GFM)
run: ./gradlew --no-daemon dokkaGfmAll
- name: Python deps for YouTrack sync
run: |
python -m pip install --upgrade pip
pip install requests pyyaml
- name: Sync KDoc Markdown to YouTrack KB
env:
YT_URL: ${{ secrets.YT_URL }}
YT_TOKEN: ${{ secrets.YT_TOKEN }}
KB_ROOT_TITLE: ${{ github.event.inputs.kb_root_title }}
KB_BC_ROOT: ${{ github.event.inputs.bc_root }}
run: |
python .junie/scripts/youtrack-sync-kb.py --src build/dokka/gfm
.github/workflows/guidelines-validation.yml
-240
View File
@@ -1,240 +0,0 @@
name: Guidelines Validation
on:
push:
paths:
- '.junie/**/*.md'
- '.junie/**/*.json'
- '.junie/scripts/**'
pull_request:
paths:
- '.junie/**/*.md'
- '.junie/**/*.json'
- '.junie/scripts/**'
jobs:
validate-guidelines:
runs-on: ubuntu-latest
name: Validate Guidelines Structure and Links
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Python for YAML validation
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Required Tools
run: |
sudo apt-get update
sudo apt-get install -y jq yamllint curl
pip install pyyaml jsonschema
- name: Validate YAML Headers in Guidelines
run: |
echo "🔍 Validiere YAML-Header in Guidelines..."
exit_code=0
find .junie/guidelines -name "*.md" -not -path "*/_archived/*" | while read file; do
echo " Prüfe: $(basename $file)"
# YAML-Header extrahieren (zwischen ersten beiden --- Zeilen)
sed -n '/^---$/,/^---$/p' "$file" | head -n -1 | tail -n +2 > temp.yaml
if [[ -s temp.yaml ]]; then
# Python-basierte YAML-Validierung (robuster als yamllint)
python3 -c "import yaml, sys; yaml.safe_load(open('temp.yaml', 'r')); print(' ✅ YAML-Syntax OK')" || {
echo "❌ YAML-Syntax-Fehler in $file"
exit_code=1
}
else
echo " ⚠️ Kein YAML-Header in $file"
fi
rm -f temp.yaml
done
if [[ $exit_code -ne 0 ]]; then
exit 1
fi
- name: Validate Cross-References and Links
run: |
echo "🔗 Validiere Cross-Referenzen und Links..."
chmod +x .junie/scripts/validate-links.sh
./.junie/scripts/validate-links.sh
- name: Check Versions Consistency
run: |
echo "📊 Prüfe Versions-Konsistenz..."
# Alle last_updated Daten sammeln und auf Konsistenz prüfen
echo "Aktuelle Versions-Verteilung:"
find .junie/guidelines -name "*.md" -not -path "*/_archived/*" -exec grep -H "last_updated:" {} \; | \
cut -d'"' -f2 | sort | uniq -c | sort -rn
# Überprüfe guideline_type Konsistenz
echo -e "\nGuideline-Types:"
find .junie/guidelines -name "*.md" -not -path "*/_archived/*" -exec grep -H "guideline_type:" {} \; | \
cut -d'"' -f2 | sort | uniq -c | sort -rn
- name: Validate Template Structure and Metadata
run: |
echo "📋 Prüfe Template-Konsistenz und Metadaten..."
exit_code=0
find .junie/guidelines -name "*.md" -not -path "*/_archived/*" -not -name "README.md" | while read file; do
echo " Validiere: $(basename $file)"
# Prüfe erforderliche YAML-Felder
if ! grep -q "guideline_type:" "$file"; then
echo " ❌ Fehlt guideline_type in $file"
exit_code=1
fi
if ! grep -q "ai_context:" "$file"; then
echo " ❌ Fehlt ai_context in $file"
exit_code=1
fi
if ! grep -q "last_updated:" "$file"; then
echo " ❌ Fehlt last_updated in $file"
exit_code=1
fi
echo " ✅ Metadaten komplett"
done
if [[ $exit_code -ne 0 ]]; then
exit 1
fi
- name: Validate JSON Configuration Files
run: |
echo "🔧 Validiere JSON-Konfigurationsdateien..."
for json_file in .junie/guidelines/_meta/*.json; do
if [[ -f "$json_file" ]]; then
echo " Prüfe: $(basename $json_file)"
jq empty "$json_file" || {
echo "❌ JSON-Syntax-Fehler in $json_file"
exit 1
}
echo " ✅ $(basename $json_file) - JSON-Syntax OK"
fi
done
- name: Check Script Executability and Permissions
run: |
echo "⚙️ Prüfe Script-Berechtigungen..."
for script in .junie/scripts/*.sh; do
if [[ -f "$script" ]]; then
echo " Prüfe: $(basename $script)"
if [[ -x "$script" ]]; then
echo " ✅ $(basename $script) - Ausführbar"
else
echo " ❌ $(basename $script) - Nicht ausführbar"
exit 1
fi
fi
done
- name: Generate Validation Report
if: always()
run: |
echo "📈 Erstelle Validierungs-Report..."
cat > guidelines-validation-report.md << 'EOF'
# Guidelines Validation Report
**Datum:** $(date)
**Commit:** ${{ github.sha }}
**Branch:** ${{ github.ref_name }}
## Zusammenfassung
- ✅ YAML-Syntax validiert
- ✅ Cross-Referenzen geprüft
- ✅ Versions-Konsistenz überprüft
- ✅ Template-Struktur validiert
- ✅ JSON-Konfiguration validiert
- ✅ Script-Berechtigungen geprüft
## Statistiken
- **Aktive Guidelines:** $(find .junie/guidelines -name "*.md" -not -path "*/_archived/*" | wc -l)
- **Archivierte Guidelines:** $(find .junie/guidelines/_archived -name "*.md" 2>/dev/null | wc -l)
- **Templates verfügbar:** $(find .junie/guidelines/_templates -name "*.md" 2>/dev/null | wc -l)
- **Validierungs-Scripts:** $(find .junie/scripts -name "*.sh" 2>/dev/null | wc -l)
## Letzte Änderungen
```
$(git log --oneline -n 5 -- .junie/)
```
EOF
- name: Comment PR with Validation Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
if (fs.existsSync('guidelines-validation-report.md')) {
const report = fs.readFileSync('guidelines-validation-report.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '## 📋 Guidelines Validation Report\n\n' + report
});
}
advanced-link-check:
runs-on: ubuntu-latest
name: Advanced Link and Structure Validation
needs: validate-guidelines
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Node.js for markdown-link-check
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Install Link Checker
run: |
npm install -g markdown-link-check@3.11.2
- name: Create Link Check Configuration
run: |
cat > .junie/link-check-config.json << 'EOF'
{
"ignorePatterns": [
{
"pattern": "^http://localhost"
},
{
"pattern": "^https://localhost"
},
{
"pattern": "^http://127.0.0.1"
}
],
"replacementPatterns": [],
"httpHeaders": [],
"timeout": "10s",
"retryOn429": true,
"retryCount": 3,
"fallbackRetryDelay": "30s",
"aliveStatusCodes": [200, 206]
}
EOF
- name: Check Internal Markdown Links
run: |
echo "🔍 Erweiterte Link-Validierung..."
exit_code=0
find .junie/guidelines -name "*.md" | while read file; do
echo "Prüfe Links in: $(basename $file)"
if ! markdown-link-check "$file" --config .junie/link-check-config.json --quiet; then
echo "❌ Link-Fehler in $file"
exit_code=1
else
echo "✅ Links OK in $(basename $file)"
fi
done
if [[ $exit_code -ne 0 ]]; then
echo "❌ Link-Validierung fehlgeschlagen"
exit 1
fi
echo "✅ Alle Links validiert"
.github/workflows/integration-tests.yml
+135 -56
View File
@@ -9,6 +9,12 @@ on:
jobs:
integration-tests:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
keycloak_db: [postgres, dev-file]
env:
KEYCLOAK_VERSION: "26.4.2"
services:
postgres:
@@ -20,10 +26,11 @@ jobs:
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-cmd "pg_isready -U meldestelle -d $${POSTGRES_DB}"
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-retries 12
--health-start-period 20s
redis:
image: redis:7-alpine
@@ -35,23 +42,6 @@ jobs:
--health-timeout 5s
--health-retries 5
keycloak:
image: quay.io/keycloak/keycloak:23.0
env:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: meldestelle
KC_DB_PASSWORD: meldestelle
ports:
- 8180:8080
options: >-
--health-cmd "curl --fail http://localhost:8080/health/ready || exit 1"
--health-interval 10s
--health-timeout 5s
--health-retries 5
--health-start-period 30s
zookeeper:
image: confluentinc/cp-zookeeper:7.5.0
@@ -96,45 +86,134 @@ jobs:
--health-start-period 10s
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: 21
distribution: 'temurin'
cache: 'gradle'
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
java-version: 21
distribution: 'temurin'
cache: 'gradle'
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-version: wrapper
cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
cache-overwrite-existing: true
gradle-home-cache-includes: |
caches
notifications
jdks
wrapper
- name: Setup Gradle (modern)
uses: gradle/actions/setup-gradle@v5
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Wait for Postgres to be ready (pg_isready in service network)
if: ${{ matrix.keycloak_db == 'postgres' }}
run: |
echo "Waiting for Postgres..."
for i in {1..40}; do
if docker run --rm --network ${{ job.services.postgres.network }} \
postgres:16-alpine pg_isready -h postgres -p 5432 -U meldestelle -d meldestelle; then
echo "Postgres is ready"; break; fi; echo -n "."; sleep 3; done
- name: Run integration tests
run: ./gradlew integrationTest --no-daemon --parallel
env:
# Environment variables for Redis connection
REDIS_HOST: localhost
REDIS_PORT: 6379
# Spring profile for integration tests
SPRING_PROFILES_ACTIVE: integration-test
- name: Start Keycloak with Postgres (dev) and wait for readiness
if: ${{ matrix.keycloak_db == 'postgres' }}
run: |
set -euo pipefail
echo "Starting Keycloak (DB=postgres)..."
docker run -d --name keycloak \
--network ${{ job.services.postgres.network }} \
-p 8180:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-e KC_DB=postgres \
-e KC_DB_URL=jdbc:postgresql://postgres:5432/meldestelle \
-e KC_DB_USERNAME=meldestelle \
-e KC_DB_PASSWORD=meldestelle \
-e KC_HEALTH_ENABLED=true \
-e JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxRAMPercentage=60" \
quay.io/keycloak/keycloak:${{ env.KEYCLOAK_VERSION }} \
start-dev
- name: Upload test reports
uses: actions/upload-artifact@v3
if: always()
with:
name: integration-test-reports
path: |
**/build/reports/tests/integrationTest/
**/build/test-results/integrationTest/
retention-days: 7
echo "Giving Keycloak 30s to initialize..."; sleep 30
wait_for() {
local url="$1"; local label="$2"; local timeout="${3:-180}"; local interval="${4:-5}"
echo "Waiting for $label ($url) ..."
if ! timeout ${timeout}s bash -c 'until curl -fsS --output /dev/null '"$url"'; do echo -n "."; sleep '"$interval"'; done'; then
echo "\n[WAIT] Timeout on $url"
return 1
fi
echo "\n[WAIT] $label is up"
}
if ! wait_for http://localhost:8180/ "root" 180 5; then
docker logs --tail=200 keycloak || true
exit 1
fi
if ! wait_for http://localhost:8180/health "health" 180 5; then
echo "[INFO] /health nicht erreichbar versuche /q/health (Quarkus default)"
wait_for http://localhost:8180/q/health "q-health" 180 5 || true
fi
wait_for http://localhost:8180/health/ready "health-ready" 300 5 || true
wait_for http://localhost:8180/admin/master/console/ "admin-console" 300 5 || (docker logs --tail=400 keycloak && exit 1)
- name: Start Keycloak with dev-file (no Postgres) and wait for readiness
if: ${{ matrix.keycloak_db == 'dev-file' }}
run: |
set -euo pipefail
echo "Starting Keycloak (DB=dev-file, no Postgres)..."
docker run -d --name keycloak \
-p 8180:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-e KC_DB=dev-file \
-e KC_HEALTH_ENABLED=true \
-e JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxRAMPercentage=60" \
quay.io/keycloak/keycloak:${{ env.KEYCLOAK_VERSION }} \
start-dev
echo "Giving Keycloak 20s to initialize..."; sleep 20
wait_for() {
local url="$1"; local label="$2"; local timeout="${3:-180}"; local interval="${4:-5}"
echo "Waiting for $label ($url) ..."
if ! timeout ${timeout}s bash -c 'until curl -fsS --output /dev/null '"$url"'; do echo -n "."; sleep '"$interval"'; done'; then
echo "\n[WAIT] Timeout on $url"
return 1
fi
echo "\n[WAIT] $label is up"
}
if ! wait_for http://localhost:8180/ "root" 180 5; then
docker logs --tail=200 keycloak || true
exit 1
fi
if ! wait_for http://localhost:8180/health "health" 180 5; then
echo "[INFO] /health nicht erreichbar versuche /q/health (Quarkus default)"
wait_for http://localhost:8180/q/health "q-health" 180 5 || true
fi
wait_for http://localhost:8180/health/ready "health-ready" 300 5 || true
wait_for http://localhost:8180/admin/master/console/ "admin-console" 300 5 || (docker logs --tail=400 keycloak && exit 1)
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Run integration tests
run: ./gradlew integrationTest --no-daemon --parallel
env:
# Environment variables for Redis connection
REDIS_HOST: localhost
REDIS_PORT: 6379
# Keycloak base URL for integration tests (manual container)
KEYCLOAK_AUTH_SERVER_URL: http://localhost:8180
# Spring profile for integration tests
SPRING_PROFILES_ACTIVE: integration-test
- name: Upload test reports
uses: actions/upload-artifact@v5
if: always()
with:
name: integration-test-reports
path: |
**/build/reports/tests/integrationTest/
**/build/test-results/integrationTest/
retention-days: 7
- name: Dump service logs (Keycloak, Postgres)
if: always()
run: |
echo "=== Docker ps ===" && docker ps -a || true
echo "=== Keycloak logs (tail) ===" && docker logs --tail=400 keycloak || true
echo "=== Postgres logs (tail) ===" && docker logs --tail=200 $(docker ps -a --filter "name=postgres" --format "{{.ID}}") || true
.github/workflows/ssot-guard.yml
+139
View File
@@ -0,0 +1,139 @@
name: Docker SSoT Guard
on:
push:
branches: [ main ]
paths:
- 'docker/**'
- 'dockerfiles/**'
- 'docker-compose*.yml*'
- 'scripts/**'
- '.github/workflows/ssot-guard.yml'
pull_request:
paths:
- 'docker/**'
- 'dockerfiles/**'
- 'docker-compose*.yml*'
- 'scripts/**'
- '.github/workflows/ssot-guard.yml'
jobs:
ssot-guard:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Show environment
run: |
bash --version
docker --version || true
compose_ver=$(docker compose version 2>/dev/null || true); echo "docker compose: $compose_ver"
- name: Sync versions to env files
run: bash scripts/docker-versions-update.sh sync
- name: Generate docker-compose files (all)
run: bash scripts/generate-compose-files.sh all development
- name: Validate Docker SSoT consistency
run: bash scripts/validate-docker-consistency.sh all
- name: Check drift of generated artifacts (ignore timestamps)
run: |
set -euo pipefail
# Gather modified files after sync+generate
CHANGED=$(git diff --name-only)
if [ -z "$CHANGED" ]; then
echo "No drift detected."
exit 0
fi
echo "Changed files:" $CHANGED
fail=0
for f in $CHANGED; do
# Inspect actual content changes but ignore volatile timestamp/comment lines
# Ignore lines starting with + or - that are exactly the timestamp markers we generate
DIFF_FILTERED=$(git diff --unified=0 -- "$f" \
| awk 'BEGIN{show=0} { \
if ($0 ~ /^\+\+\+|^---|^@@/) { next } \
if ($0 ~ /^[+-]# (Generated:|Last updated:)/) { next } \
if ($0 ~ /^[+-]#\s*Generated from docker\/versions.toml/) { next } \
if ($0 ~ /^[+-]#\s*Environment:/) { next } \
if ($0 ~ /^[+-]#\s*Source:/) { next } \
if ($0 ~ /^[+-]$/) { next } \
if ($0 ~ /^[+-]/) { print $0 } \
}')
if [ -n "$DIFF_FILTERED" ]; then
echo "SSoT drift detected in $f:";
echo "$DIFF_FILTERED";
fail=1;
fi
done
if [ $fail -ne 0 ]; then
echo "\nERROR: Generated artifacts differ from repository (beyond timestamps)."
echo "Run:"
echo " bash scripts/docker-versions-update.sh sync"
echo " bash scripts/generate-compose-files.sh all"
echo "and commit the changes."
exit 1
fi
echo "No SSoT drift (ignoring timestamps)."
ssot-guard-envless:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Show environment
run: |
bash --version
docker --version || true
compose_ver=$(docker compose version 2>/dev/null || true); echo "docker compose: $compose_ver"
- name: Generate docker-compose files (all)
run: bash scripts/generate-compose-files.sh all development
- name: Validate Docker SSoT consistency (envless)
run: DOCKER_SSOT_MODE=envless bash scripts/validate-docker-consistency.sh all
- name: Check drift of generated artifacts (ignore timestamps)
run: |
set -euo pipefail
CHANGED=$(git diff --name-only)
if [ -z "$CHANGED" ]; then
echo "No drift detected."
exit 0
fi
echo "Changed files:" $CHANGED
fail=0
for f in $CHANGED; do
DIFF_FILTERED=$(git diff --unified=0 -- "$f" \
| awk 'BEGIN{show=0} { \
if ($0 ~ /^\+\+\+|^---|^@@/) { next } \
if ($0 ~ /^[+-]# (Generated:|Last updated:)/) { next } \
if ($0 ~ /^[+-]#\s*Generated from docker\/versions.toml/) { next } \
if ($0 ~ /^[+-]#\s*Environment:/) { next } \
if ($0 ~ /^[+-]#\s*Source:/) { next } \
if ($0 ~ /^[+-]$/) { next } \
if ($0 ~ /^[+-]/) { print $0 } \
}')
if [ -n "$DIFF_FILTERED" ]; then
echo "SSoT drift detected in $f:";
echo "$DIFF_FILTERED";
fail=1;
fi
done
if [ $fail -ne 0 ]; then
echo "\nERROR: Generated artifacts differ from repository (beyond timestamps)."
echo "Run:"
echo " DOCKER_SSOT_MODE=envless bash scripts/generate-compose-files.sh all"
echo "and commit the changes."
exit 1
fi
echo "No SSoT drift (ignoring timestamps)."