Merge branch 'develop' into update-from-template-github_com_xdev-software_standard-maven-template_master-merged

Author: xdev-gh-bot

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -15,9 +15,9 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/template-placeholder/releases/latest)"
+        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/mockserver-neolight/releases/latest)"
           required: true
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/mockserver-neolight/issues) or [closed](https://github.com/xdev-software/mockserver-neolight/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/enhancement.yml

@@ -13,7 +13,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/mockserver-neolight/issues) or [closed](https://github.com/xdev-software/mockserver-neolight/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/question.yml

@@ -12,7 +12,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/mockserver-neolight/issues) or [closed](https://github.com/xdev-software/mockserver-neolight/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the question will be dismissed otherwise."
           required: true

.github/workflows/check-build.yml

@@ -19,9 +19,6 @@ on:
       - '.idea/**'
       - 'assets/**'
 
-env:
-  DEMO_MAVEN_MODULE: ${{ github.event.repository.name }}-demo
-
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -48,7 +45,7 @@ jobs:
           ${{ runner.os }}-mvn-build-
 
     - name: Build with Maven
-      run: ./mvnw -B clean package
+      run: ./mvnw -B clean package -T2C
 
     - name: Check for uncommited changes
       run: |
@@ -68,13 +65,44 @@ jobs:
           exit 1
         fi
 
-    - name: Upload demo files
+    - name: Upload standalone server JAR
       uses: actions/upload-artifact@v7
       with:
-        name: demo-files-java-${{ matrix.java }}
-        path: ${{ env.DEMO_MAVEN_MODULE }}/target/${{ env.DEMO_MAVEN_MODULE }}.jar
+        name: server-${{ matrix.java }}
+        path: server/target/server-standalone.jar
         if-no-files-found: error
 
+    # Build docker
+    - uses: docker/setup-qemu-action@v4
+
+    - uses: docker/setup-buildx-action@v4
+
+    - uses: docker/build-push-action@v7
+      with:
+        context: ./server
+        push: false
+        tags: mockserver-standalone:experimental
+        platforms: linux/amd64,linux/arm64
+        cache-from: type=gha,scope=build
+        cache-to: type=gha,mode=max,scope=build
+
+    # 2 steps required because "failed to build: docker exporter does not currently support exporting manifest lists"
+    - uses: docker/build-push-action@v7
+      with:
+        context: ./server
+        push: false
+        load: true
+        tags: mockserver-standalone:experimental
+        cache-from: type=gha,scope=build-for-it
+        cache-to: type=gha,mode=max,scope=build-for-it
+
+    - name: Run integration tests
+      run: |
+        ./mvnw -B test \
+        -P run-integration-tests \
+        -T2C \
+        -Dmockserver-image=mockserver-standalone:experimental
+
   checkstyle:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'pull_request' || !startsWith(github.head_ref, 'renovate/') }}
@@ -148,7 +176,8 @@ jobs:
       run: ./mvnw -B test pmd:aggregate-pmd-no-fork pmd:check -P pmd -DskipTests -T2C
 
     - name: Run CPD (Copy Paste Detector)
-      run: ./mvnw -B pmd:aggregate-cpd pmd:cpd-check -P pmd -DskipTests -T2C
+      # Todo: Readd pmd:cpd-check - Disabled for now due to upstream code
+      run: ./mvnw -B pmd:aggregate-cpd -P pmd -DskipTests -T2C
 
     - name: Upload report
       if: ${{ !cancelled() }}

.github/workflows/image-vuln-scan.yml

@@ -0,0 +1,77 @@
+name: Image vuln scan
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "22 7 * * 0"
+
+permissions:
+  issues: write
+
+env:
+  # Note: Use ghcr since we have no rate limiting there
+  TRIVYY_IMAGE_REF: 'ghcr.io/xdev-software/mockserver-neolight:latest'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    continue-on-error: true # Ignore errors, we create an issue instead
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Scan - Full
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          image-ref: ${{ env.TRIVYY_IMAGE_REF }}
+
+      - name: Write not configurable options to trivy.yml
+        run: |
+          cat > trivy.yml <<EOL
+          # Only display CVE details otherwise they will get cut off in the issue
+          table-mode:
+            - detailed
+          EOL
+
+      - name: Scan - Relevant
+        id: scan_relevant
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          trivy-config: trivy.yml
+          image-ref: ${{ env.TRIVYY_IMAGE_REF }}
+          exit-code: 1
+          severity: 'HIGH,CRITICAL'
+          output: reported.txt
+        env:
+          TRIVY_DISABLE_VEX_NOTICE: '1'
+
+      - name: Find already existing issue
+        id: find-issue
+        if: ${{ !cancelled() }}
+        run: |
+          echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title "Trivy Vulnerability Report"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Close issue if everything is fine
+        if: ${{ success() && steps.find-issue.outputs.number != '' }}
+        run: gh issue close -r 'not planned' ${{ steps.find-issue.outputs.number }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Reformat report
+        if: ${{ failure() && steps.scan_relevant.conclusion == 'failure' }}
+        run: |
+          echo 'Trivy reported vulnerabilities that should be addressed:' > reported.md
+          echo '```' >> reported.md
+          cat reported.txt >> reported.md
+          echo '```' >> reported.md
+          cat reported.md
+
+      - name: Create Issue From File
+        if: ${{ failure() && steps.scan_relevant.conclusion == 'failure' }}
+        uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6
+        with:
+          issue-number: ${{ steps.find-issue.outputs.number }}
+          title: Trivy Vulnerability Report
+          content-filepath: ./reported.md
+          labels: bug, automated