it-at-m · simonhir · Mar 5, 2026 · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026
@@ -0,0 +1,20 @@
+"Type: Feature":
+  - head-branch: [ '^feat', '-feature-' ]
+"Type: Bug":
+  - head-branch: [ '^bug', '-bug-' ]
+"Type: Maintenance":
+  - head-branch: [ '^maint', '-maintenance-' ]
+"Type: Documentation":
+  - head-branch: [ '^docs', '-documentation-' ]
+  - changed-files:
+    - any-glob-to-any-file: ['docs/**']
+"Type: Dependency":
+  - head-branch: [ '^dep', '-dependency-' ]
+"Type: Security":
+  - head-branch: [ '^sec', '-security-' ]
+"Template: Backend":
+  - changed-files:
+    - any-glob-to-any-file: ['praktikumsplaner-backend/**']
+"Template: Frontend":
+  - changed-files:
+      - any-glob-to-any-file: ['praktikumsplaner-frontend/**']
@@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "actionlint",
+      "pattern": [
+        {
+          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}
@@ -0,0 +1,15 @@
+# Workflow for scanning GitHub workflows with actionlint
+name: Actionlint
+
+on:
+  # Runs on pull requests
+  pull_request:
+
+jobs:
+  actionlint:
+    name: Run actionlint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/action-actionlint@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
@@ -0,0 +1,83 @@
+# Workflow for advanced CodeQL setup used for scanning Java/JavaScript/TypeScript/Vue/Python based source files
+name: CodeQL Advanced
+env:
+  # Whether to analyze Java code or not (only set to true if repo has Java source code)
+  analyze-java: true
+  # Build mode to use for analysis of Java code (e.g. none, autobuild, manual)
+  java-buildmode: autobuild
+  # Temurin JDK version to use for autobuild (only when java-buildmode is set to autobuild)
+  java-version: 21
+  # Whether to analyze JavaScript/TypeScript/Vue code or not (only set to true if repo has Javascript/Typescript/Vue source code)
+  analyze-javascript-typescript-vue: true
+  # Whether to analyze Python code or not (only set to true if repo has Python source code)
+  analyze-python: false
+  # Query set to use when analyzing the source code (e.g. default, security-extended, security-and-quality)
+  analysis-query: security-and-quality
+
+on:
+  # Runs on pull requests and on pushes to main (in order to keep the regular scanning by GitHub working)
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  pull-requests: read
+  security-events: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-changes:
+    name: Check changed files and directories
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    outputs:
+      java: ${{ steps.filter.outputs.java }}
+      javascript-typescript-vue: ${{ steps.filter.outputs.javascript-typescript-vue }}
+      python: ${{ steps.filter.outputs.python }}
+    steps:
+      - name: Checkout repository
+        uses: it-at-m/lhm_actions/action-templates/actions/action-checkout@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
+      - name: Path Filter
+        id: filter
+        uses: it-at-m/lhm_actions/action-templates/actions/action-filter@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
+  codeql-java:
+    name: Analyze Java source files
+    runs-on: ubuntu-latest
+    needs: check-changes
+    strategy:
+      fail-fast: false
+      matrix:
+        build-path: ["./praktikumsplaner-backend"] # JSON array formatted as string, contains the paths to the java projects to build
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/action-codeql@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
+        if: ${{ env.analyze-java == 'true' && (github.ref_name == 'main' || needs.check-changes.outputs.java == 'true') }}
+        with:
+          codeql-language: java-kotlin
+          codeql-buildmode: ${{ env.java-buildmode }}
+          codeql-query: ${{ env.analysis-query }}
+          java-version: ${{ env.java-version }}
+          path: ${{ matrix.build-path }}
+  codeql-javascript-typescript-vue:
+    name: Analyze JavaScript/TypeScript/Vue source files
+    runs-on: ubuntu-latest
+    needs: check-changes
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/action-codeql@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
+        if: ${{ env.analyze-javascript-typescript-vue == 'true' && (github.ref_name == 'main' || needs.check-changes.outputs.javascript-typescript-vue == 'true') }}
+        with:
+          codeql-language: javascript-typescript
+          codeql-query: ${{ env.analysis-query }}
+  codeql-python:
+    name: Analyze Python source files
+    runs-on: ubuntu-latest
+    needs: check-changes
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/action-codeql@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
+        if: ${{ env.analyze-python == 'true' && (github.ref_name == 'main' || needs.check-changes.outputs.python == 'true') }}
+        with:
+          codeql-language: python
+          codeql-query: ${{ env.analysis-query }}
@@ -0,0 +1,12 @@
+name: Dependency Review
+
+on:
+  pull_request:
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: it-at-m/lhm_actions/action-templates/actions/action-dependency-review@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
@@ -0,0 +1,30 @@
+name: Deploy documentation website
+
+on:
+  # Runs on pushes to any branch when changes are made to docs or workflow
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/**"
+      - ".github/workflows/deploy-docs.yml"
+  pull_request:
+    paths:
+      - "docs/**"
+      - ".github/workflows/deploy-docs.yml"
+
+jobs:
+  deploy-docs:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    steps:
+      - id: build_docs
+        uses: it-at-m/lhm_actions/action-templates/actions/action-build-docs@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23
+        with:
+          node-version: "24"
+      - id: deploy_docs
+        # Only deploy documentation from the main branch to prevent unauthorized changes
+        uses: it-at-m/lhm_actions/action-templates/actions/action-deploy-docs@e012d3bda6f9d5511415e2d885f32826049284a4 # v1.0.23