Merge branch 'develop' into update-from-template-merged

Author: xdev-gh-bot

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+indent_style = space
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{ts,js,json,yaml,yml}]
+indent_size = 2
+
+[*.cs]
+indent_size = 4

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -15,9 +15,9 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/template-placeholder/releases/latest)"
+        - label: "I am able to reproduce the bug with the [latest version](https://github.com/xdev-software/oidc-server-mock/releases/latest)"
           required: true
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/oidc-server-mock/issues) or [closed](https://github.com/xdev-software/oidc-server-mock/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/enhancement.yml

@@ -13,7 +13,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/oidc-server-mock/issues) or [closed](https://github.com/xdev-software/oidc-server-mock/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise."
           required: true

.github/ISSUE_TEMPLATE/question.yml

@@ -12,7 +12,7 @@ body:
     attributes:
       label: "Checklist"
       options:
-        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/template-placeholder/issues) or [closed](https://github.com/xdev-software/template-placeholder/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
+        - label: "I made sure that there are *no existing issues* - [open](https://github.com/xdev-software/oidc-server-mock/issues) or [closed](https://github.com/xdev-software/oidc-server-mock/issues?q=is%3Aissue+is%3Aclosed) - which I could contribute my information to."
           required: true
         - label: "I have taken the time to fill in all the required details. I understand that the question will be dismissed otherwise."
           required: true

.github/workflows/check-build.yml

@@ -0,0 +1,38 @@
+name: Check Build
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ develop ]
+    paths-ignore: 
+      - '**.md'
+      - '.config/**'
+      - '.github/**'
+      - 'assets/**'
+  pull_request:
+    branches: [ develop ]
+    paths-ignore: 
+      - '**.md'
+      - '.config/**'
+      - '.github/**'
+      - 'assets/**'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    # Build entirely in docker
+    - uses: docker/setup-qemu-action@v3
+
+    - uses: docker/setup-buildx-action@v3
+
+    - uses: docker/build-push-action@v6
+      with:
+        context: ./src
+        push: false
+        tags: oidc-server-mock:experimental
+        platforms: linux/amd64,linux/arm64
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

.github/workflows/image-vuln-scan.yml

@@ -0,0 +1,68 @@
+name: Image vuln scan
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "22 7 * * 0"
+
+permissions:
+  issues: write
+
+env:
+  # Note: Use ghcr since we have no rate limiting there
+  TRIVYY_IMAGE_REF: 'ghcr.io/xdev-software/oidc-server-mock:latest'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    continue-on-error: true # Ignore errors, we create an issue instead
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Scan - Full
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ env.TRIVYY_IMAGE_REF }}
+
+      - name: Scan - Relevant
+        id: scan_relevant
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ env.TRIVYY_IMAGE_REF }}
+          exit-code: 1
+          severity: 'HIGH,CRITICAL'
+          output: reported.txt
+        env:
+          TRIVY_DISABLE_VEX_NOTICE: 1
+
+      - name: Find already existing issue
+        id: find-issue
+        if: ${{ always() }}
+        run: |
+          echo "number=$(gh issue list -l 'bug' -l 'automated' -L 1 -S 'in:title \"Trivy Vulnerability Report\"' -s 'open' --json 'number' --jq '.[].number')" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Close issue if everything is fine
+        if: ${{ success() && steps.find-issue.outputs.number != '' }}
+        run: gh issue close -r 'not planned' ${{ steps.find-issue.outputs.number }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Reformat report
+        if: ${{ failure() && steps.scan_relevant.conclusion == 'failure' }}
+        run: |
+          echo 'Trivy reported vulnerabilities that should be addressed:' > reported.md
+          echo '```' >> reported.md
+          cat reported.txt >> reported.md
+          echo '```' >> reported.md
+          cat reported.md
+
+      - name: Create Issue From File
+        if: ${{ failure() && steps.scan_relevant.conclusion == 'failure' }}
+        uses: peter-evans/create-issue-from-file@v5
+        with:
+          issue-number: ${{ steps.find-issue.outputs.number }}
+          title: Trivy Vulnerability Report
+          content-filepath: ./reported.md
+          labels: bug, automated

.github/workflows/release.yml

@@ -0,0 +1,181 @@
+name: Release
+
+on:
+  push:
+    branches: [ master ]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  check-code:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    # Build entirely in docker
+    - uses: docker/setup-qemu-action@v3
+
+    - uses: docker/setup-buildx-action@v3
+
+    - uses: docker/build-push-action@v6
+      with:
+        context: ./src
+        push: false
+        tags: oidc-server-mock:experimental
+        platforms: linux/amd64,linux/arm64
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+  prepare-release:
+    runs-on: ubuntu-latest
+    needs: [check-code]
+    outputs:
+      upload_url: ${{ steps.create-release.outputs.upload_url }}
+      version: ${{ steps.version.outputs.release }}
+    steps:
+    - uses: actions/checkout@v4
+      
+    - name: Configure Git
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "GitHub Actions"
+  
+    - name: Un-SNAP 
+      run: |
+        version=$(grep -oPm1 "(?<=<VersionPrefix>)[^<]+" <<< cat src/OpenIdConnectServerMock.csproj)
+        new_version=${version::-9}
+        sed -i "s/\(<VersionPrefix>\)[^<>]*\(<\/VersionPrefix.*\)/\1$new_version\2/" src/OpenIdConnectServerMock.csproj
+  
+    - name: Get version
+      id: version
+      run: |
+        version=$(grep -oPm1 "(?<=<VersionPrefix>)[^<]+" <<< cat src/OpenIdConnectServerMock.csproj)
+        echo "release=$version" >> $GITHUB_OUTPUT
+        echo "releasenumber=${version//[!0-9]/}" >> $GITHUB_OUTPUT
+  
+    - name: Commit and Push
+      run: |
+        git add -A
+        git commit -m "Release ${{ steps.version.outputs.release }}"
+        git push origin
+        git tag v${{ steps.version.outputs.release }}
+        git push origin --tags
+    
+    - name: Create Release
+      id: create-release
+      uses: shogo82148/actions-create-release@v1
+      with:
+        tag_name: v${{ steps.version.outputs.release }}
+        release_name: v${{ steps.version.outputs.release }}
+        commitish: master
+        body: |
+          ## [Changelog](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }})
+          See [Changelog#v${{ steps.version.outputs.release }}](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }}) for more information.
+
+          ## Installation
+
+          ### Docker
+          Download the image from
+          * [DockerHub](https://hub.docker.com/r/xdevsoftware/oidc-server-mock/tags?name=${{ steps.version.outputs.release }})
+          * [GitHub Packages (ghcr.io)](https://github.com/xdev-software/oidc-server-mock/pkgs/container/oidc-server-mock)
+
+  publish-docker:
+    runs-on: ubuntu-latest
+    needs: [prepare-release]
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Init Git and pull
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "GitHub Actions"
+        git pull
+
+    - uses: docker/setup-qemu-action@v3
+
+    - uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    
+    - name: Login to ghcr.io
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ secrets.DOCKERHUB_USERNAME }}/oidc-server-mock
+          ghcr.io/${{ github.repository }}
+        tags: |
+          type=semver,pattern={{version}},value=${{ needs.prepare-release.outputs.version }}
+          type=semver,pattern={{major}}.{{minor}},value=${{ needs.prepare-release.outputs.version }}
+          type=semver,pattern={{major}},value=${{ needs.prepare-release.outputs.version }}
+          latest
+
+    - uses: docker/build-push-action@v6
+      id: push
+      with:
+        context: ./src
+        push: true
+        platforms: linux/amd64,linux/arm64
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        outputs: type=image,compression=zstd,force-compression=true
+
+    - name: Generate artifact attestation (ghcr.io)
+      uses: actions/attest-build-provenance@v2
+      with:
+        subject-name: ghcr.io/${{ github.repository }}
+        subject-digest: ${{ steps.push.outputs.digest }}
+        push-to-registry: true
+
+  after-release:
+    runs-on: ubuntu-latest
+    needs: [publish-docker]
+    steps:
+    - uses: actions/checkout@v4
+      
+    - name: Init Git and pull
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "GitHub Actions"
+        git pull
+
+    - name: Inc Version and SNAP 
+      run: |
+        version=$(grep -oPm1 "(?<=<VersionPrefix>)[^<]+" <<< cat src/OpenIdConnectServerMock.csproj)
+        new_version="$(echo $version | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{if(length($NF+1)>length($NF))$(NF-1)++; $NF=sprintf("%0*d", length($NF), ($NF+1)%(10^length($NF))); print}')-SNAPSHOT"
+        sed -i "s/\(<VersionPrefix>\)[^<>]*\(<\/VersionPrefix.*\)/\1$new_version\2/" src/OpenIdConnectServerMock.csproj
+
+    - name: Git Commit and Push
+      run: |
+        git add -A
+        git commit -m "Preparing for next development iteration"
+        git push origin
+    
+    - name: pull-request
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        gh_pr_up() { 
+          gh pr create "$@" || gh pr edit "$@" 
+        }
+        gh_pr_up -B "develop" \
+          --title "Sync back" \
+          --body "An automated PR to sync changes back"

.github/workflows/test-deploy.yml

@@ -0,0 +1,59 @@
+name: Test Deployment
+
+on:
+  workflow_dispatch:
+
+jobs:
+  publish-docker:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: docker/setup-qemu-action@v3
+
+    - uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    
+    - name: Login to ghcr.io
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ secrets.DOCKERHUB_USERNAME }}/oidc-server-mock
+          ghcr.io/${{ github.repository }}
+        tags: |
+          experimental
+
+    - uses: docker/build-push-action@v6
+      id: push
+      with:
+        context: ./src
+        push: true
+        platforms: linux/amd64,linux/arm64
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        outputs: type=image,compression=zstd,force-compression=true
+
+    - name: Generate artifact attestation (ghcr.io)
+      uses: actions/attest-build-provenance@v2
+      with:
+        subject-name: ghcr.io/${{ github.repository }}
+        subject-digest: ${{ steps.push.outputs.digest }}
+        push-to-registry: true