chore(ui): merges main

.github/licenserc.yaml

@@ -42,6 +42,7 @@ header:
     - "**/*.map"
     - "**/*.mdx"
     - ".prettierrc"
+    - "VERSION"
 
   comment: on-failure
 

.github/workflows/build-push-supernova-image.yaml

@@ -0,0 +1,169 @@
+# Run it locally with act
+#  1. Install act:
+#     `brew install act`
+#  2. Create a .secret file with the following content:
+#     `GITHUB_TOKEN=your_github_token`
+#  WORKFLOW_DISPATCH
+#     `act workflow_dispatch  --container-architecture linux/amd64 -P default=catthehacker/ubuntu:act-latest -W .github/workflows/build-push-supernova-image.yaml`
+
+name: Build Supernova UI Image
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - main
+    paths:
+      - apps/supernova/CHANGELOG.md
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: "juno-app-supernova"
+  PACKAGE_PATH: "apps/supernova"
+
+jobs:
+  build-and-push:
+    name: Build&Push
+    runs-on: [default]
+
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Read version from CHANGELOG.md
+        id: read_version
+        working-directory: ${{ env.PACKAGE_PATH }}
+        run: |
+          # Extract the first version number that appears after "## "
+          LAST_VERSION=$(grep -m 1 -oP '(?<=## )\d+\.\d+\.\d+' CHANGELOG.md)
+          echo "Latest version is $LAST_VERSION"
+          echo "IMAGE_VERSION=$LAST_VERSION" >> $GITHUB_ENV
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Pull the latest image and set status
+        id: check-image
+        run: |
+          if docker pull ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}; then
+            echo "bump=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Image needs version bump
+        if: steps.check-image.outputs.bump == 'true'
+        run: |
+          echo "Image ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} already exists in the ${{ env.REGISTRY }} registry. Skipping workflow. Please increment the version."
+          exit 1
+
+      # This action enables you to SIGN and VERIFY container images using cosign
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        uses: sigstore/[email protected]
+        with:
+          cosign-release: "v2.4.0"
+
+      # Add support for more platforms with QEMU (optional)
+      # QEMU is a generic and open source machine & userspace emulator and virtualizer.
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # Set up BuildKit Docker container builder to be able to build MULTI-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: |
+            image=moby/buildkit:latest
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Use the version from the VERSION file
+            type=raw,value=${{ env.IMAGE_VERSION }},prefix=
+            # Optionally include semver tags
+            type=semver,pattern={{major}}.{{minor}},prefix=
+            # Additional Useful Tags
+            type=raw,value=${{ github.sha }}
+            type=sha,enable=true,format=short,prefix=
+            type=edge,branch=master
+          labels: |
+            org.opencontainers.image.title=Supernova UI
+            org.opencontainers.image.description=Supernova is an alternative UI for Prometheus Alertmanager with some quality of life improvements
+            org.opencontainers.image.url=https://github.com/cloudoperators/juno/tree/main/apps/supernova
+            org.opencontainers.image.source=https://github.com/cloudoperators/juno/tree/main/apps/supernova
+            org.opencontainers.image.documentation=https://github.com/cloudoperators/juno/tree/main/apps/supernova
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ env.PACKAGE_PATH }}
+          file: ${{ env.PACKAGE_PATH }}/docker/Dockerfile
+          push: true
+          # remove untagged images produced for multi platform builds
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: |
+            linux/amd64
+            linux/arm64
+
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+
+  vulnerability-scan:
+    permissions:
+      contents: read
+      packages: read
+      security-events: write
+
+    name: Vulnerability Scan
+    needs: build-and-push
+    runs-on: [default]
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        if: success()
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+          ignore-unfixed: true
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: trivy-results.sarif

.github/workflows/check-licenses-npm-package.yaml

@@ -88,5 +88,8 @@ jobs:
           cat package.json
           echo "========"
           npm i
-          npm install license-checker-rseidelsohn --save-dev
+          echo "========Install license-checker-rseidelsohn 4.3.0======== "
+          # use this version to avoid the issue with the https://github.com/RSeidelsohn/license-checker-rseidelsohn?tab=readme-ov-file#version-441
+          npm install -g [email protected]
+          echo "========Run license-checker-rseidelsohn========"
           npx license-checker-rseidelsohn --summary --excludePrivatePackages --onlyAllow 'MIT;ISC;Apache-2.0;BSD-2-Clause;BSD-3-Clause;BSD-4-Clause;CC-BY-3.0;CC-BY-4.0;BlueOak-1.0.0;CC0-1.0;0BSD;Python-2.0;BSD*;Unlicense'

.github/workflows/ci-checks.yaml

@@ -6,10 +6,6 @@ on:
       - opened
       - synchronize
       - reopened
-  push:
-    branches:
-      - "changeset-release/main"
-
   # Trigger after the 'Release' workflow completes
   workflow_run:
     workflows: ["Release"]
@@ -41,30 +37,14 @@ jobs:
         run: npm ci
 
   reuse-compliance:
-    runs-on: [default]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      # https://github.com/fsfe/reuse-action
-      - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v3
+    uses: cloudoperators/common/.github/workflows/shared-reuse.yaml@main
 
   license-headers:
-    runs-on: [default]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: ${{ github.event.pull_request.head.ref }}
-
-      - name: Check License Header
-        uses: apache/skywalking-eyes/[email protected]
-        with:
-          config: .github/licenserc.yaml
-          mode: fix
+    permissions:
+      contents: write # Only used when `apply_header: true` else the permission is `read` see: https://github.com/cloudoperators/common/blob/8f15c13b6f4c1631c7e6f6dff5c3300452e9b5b6/.github/workflows/shared-license.yaml#L21-L22
+    uses: cloudoperators/common/.github/workflows/shared-license.yaml@main
+    with:
+      apply_header: false
 
   allowed-licenses:
     needs: install-dependencies

.github/workflows/ci-title-lint-check.yaml

@@ -11,7 +11,7 @@ on:
 jobs:
   title-lint:
     name: Validate PR title
-    runs-on: ubuntu-latest
+    runs-on: [default]
     steps:
       - name: CI Check Title
         uses: amannn/action-semantic-pull-request@v5
@@ -37,13 +37,16 @@ jobs:
             ci
             core
             deps
+            doop
             example
+            heureka            
             infra
             juno
             k8s
             message-provider
             npm
             oauth
+            supernova
             template
             ui
             utils

.github/workflows/release.yaml

@@ -39,5 +39,19 @@ jobs:
           title: "publish(npm): automate Package Versioning and Publishing with Changesets"
           commit: "chore(version): update versions with Changesets"
         env:
-          GITHUB_TOKEN: ${{ secrets.CHANGESET_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Send a Slack notification if a publish happens
+        if: steps.changesets.outputs.published == 'true'
+        id: slack_notification
+        uses: slackapi/[email protected]
+        with:
+          payload: |
+            {
+              "text": "🎉 JUNO Packages Released Successfully! 🚀 - ${{ steps.changesets.outputs.publishedPackages }}",
+              "icon_url": "https://raw.githubusercontent.com/cloudoperators/juno/main/packages/ui-components/src/img/ccloud_shape.svg"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

apps/example/turbo.json

@@ -2,13 +2,19 @@
   "extends": ["//"],
   "tasks": {
     "dev": {
-      "dependsOn": ["@cloudoperators/juno-ui-components#build", "@cloudoperators/juno-messages-provider#build"]
+      "dependsOn": [
+        "@cloudoperators/juno-ui-components#build",
+        "@cloudoperators/juno-messages-provider#build",
+        "@cloudoperators/juno-oauth#build",
+        "@cloudoperators/juno-communicator#build"
+      ]
     },
     "build": {
       "dependsOn": [
         "@cloudoperators/juno-ui-components#build",
         "@cloudoperators/juno-messages-provider#build",
-        "@cloudoperators/juno-communicator#build"
+        "@cloudoperators/juno-communicator#build",
+        "@cloudoperators/juno-oauth#build"
       ]
     }
   }

apps/supernova/.gitignore

@@ -0,0 +1,10 @@
+node_modules
+build
+
+# misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+secretProps.*

apps/supernova/CHANGELOG.md

@@ -0,0 +1,12 @@
+# @cloudoperators/juno-app-supernova
+
+## 0.11.1
+
+### Patch Changes
+
+- 42a8ef2: Correct linter in supernova and fixed title check workflow and docs
+- Updated dependencies [502ec8f]
+- Updated dependencies [990af5a]
+- Updated dependencies [ea09b68]
+- Updated dependencies [7f4d17a]
+  - @cloudoperators/juno-ui-components@2.18.0