Merge branch 'develop' into feature/options-clean-up

Author: swissiety

.gitattributes

@@ -0,0 +1,25 @@
+name: Handle Dependabot PRs
+
+on:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  ApproveAndMerge:
+    name: Auto approve Dependabot PRs
+    runs-on: ubuntu-latest
+    # Only run for PRs created by Dependabot - extended verification is done in the reusable workflow
+    if: github.actor == 'dependabot[bot]'
+    # These permissions are needed to approve pull requests
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Auto approve Dependabot PR
+        uses: secure-software-engineering/actions/dependabot@develop
+        with:
+          token: ${{ secrets.AUTO_MERGE_PAT }}

.github/workflows/approve_dependabotifications.yml

@@ -0,0 +1,28 @@
+name: Deploy SNAPSHOT versions
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  deploy-snapshot:
+    runs-on: ubuntu-latest
+    name: Deploy SNAPSHOT version
+    environment: Deploy
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Deploy SNAPSHOT version
+        uses: secure-software-engineering/actions/deployment/maven-deployment@develop
+        with:
+          java-distribution: adopt
+          java-version: 11
+          server-id: central
+          server-username: ${{ secrets.MAVEN_USERNAME }}
+          server-password: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
+          mvn-cli-args: '-DskipTests -Dmaven.javadoc.skip=true -Pdeployment'
+          deploy-mode: snapshot

.github/workflows/dependabot.yml

@@ -9,28 +9,24 @@ env:
 jobs:
   deployment:
     runs-on: ubuntu-latest
+    name: Deploy to Maven
     environment: Deploy
     steps:
       - name: Checkout source code
         uses: actions/checkout@v4
-      # Sets up Java version
-      - name: Set up Java
-        uses: actions/setup-java@v4
+
+      - name: Deploy version
+        uses: secure-software-engineering/actions/deployment/maven-deployment@develop
         with:
-          distribution: adopt
-          java-package: jdk
+          java-distribution: adopt
           java-version: 11
-          server-id: ossrh # must match the serverId configured for the nexus-staging-maven-plugin
-          server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name
-          server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret
-          gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase
-      - name: Deploy Boomerang
-        run: mvn -B -U clean deploy -Pdeployment -DskipTests
-        env:
-          SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
-          OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }}
-          OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }}
+          server-id: central
+          server-username: ${{ secrets.MAVEN_USERNAME }}
+          server-password: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
+          mvn-cli-args: '-DskipTests -Pdeployment'
+          deploy-mode: release
 
   snapshot-version:
     runs-on: ubuntu-latest

.github/workflows/dependency_analysis.yml

@@ -0,0 +1,60 @@
+name: Documentation Deployment
+
+on:
+  push:
+    branches:
+      - develop
+    tags:
+      - '*'
+
+concurrency:
+  group: gh-pages
+
+jobs:
+  # On push/merge to develop: Deploy the current doc as default/latest
+  deploy-doc-snapshots:
+    name: Deploy Snapshot Documentation
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Extract Maven Version
+        id: version
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Deploy Snapshot Documentation
+        uses: secure-software-engineering/actions/documentation/handle-deployment@develop
+        with:
+          name: ${{ steps.version.outputs.version }}
+          title: ${{ steps.version.outputs.version }}
+
+  # On tag creation (i.e. new release): Deploy a stable version to directory with tag
+  deploy-doc-stable:
+    name: Deploy Stable Documentation
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+
+      - name: Deploy Stable Documentation
+        uses: secure-software-engineering/actions/documentation/handle-deployment@develop
+        with:
+          name: ${{ github.ref_name }}
+          title: ${{ github.ref_name }}
+          stable: true

.github/workflows/deploy-branch-snapshot.yml

@@ -0,0 +1,36 @@
+name: Documentation Preview
+
+on:
+  pull_request:
+    types:
+      - opened
+      - closed
+      - synchronize
+      - reopened
+    paths:
+      - mkdocs.yml
+      - docs/**
+      - .github/workflows/doc_preview.yml
+
+concurrency:
+  group: gh-pages
+
+jobs:
+  deploy-preview:
+    name: Preview documentation
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create Documentation Preview
+        uses: secure-software-engineering/actions/documentation/handle-pr-preview@develop
+        with:
+          preview-name: pr-${{ github.event.pull_request.number }}
+          preview-title: Preview for PR-${{ github.event.pull_request.number }}