Skip to content

fix: replace standalone SBOM with reusable quality workflow#681

Open
rubenvdlinde wants to merge 8 commits intodevelopmentfrom
fix/sbom-reusable-workflow
Open

fix: replace standalone SBOM with reusable quality workflow#681
rubenvdlinde wants to merge 8 commits intodevelopmentfrom
fix/sbom-reusable-workflow

Conversation

@rubenvdlinde
Copy link
Copy Markdown
Contributor

@rubenvdlinde rubenvdlinde commented Mar 17, 2026
edited
Loading

Summary

  • CI/CD: Replace standalone SBOM and disabled quality-check workflows with a single reusable code-quality.yml that calls ConductionNL/.github/.github/workflows/quality.yml@main with enable-sbom: true and enable-frontend: true
  • License: Switch to EUPL-1.2 (LICENSE file, composer.json, package.json), then revert appinfo/info.xml back to AGPL for Nextcloud App Store compatibility
  • Docs: Move website/ to docusaurus/ pattern — docs now live at repo-root docs/, Docusaurus site files under docusaurus/, enriched synchronization and source admin docs
  • Specs: Add 3 tender-derived OpenSpecs for integration adapters (DSO Omgevingsloket, iBabs/Notubiz Connector, StUF Adapter) and enrich them with implementation details
  • Features: Add Prometheus metrics endpoint and Nextcloud dashboard widgetsMetricsController, HealthController, three dashboard widgets (Job Queue, Recent Calls, Source Sync)

Commits

  • 384c43c2 fix: consolidate quality workflows into reusable code-quality.yml
  • 12950d09 fix: replace standalone SBOM workflow with reusable quality workflow
  • 45644173 feat: Enrich 3 specs, add prometheus metrics
  • f6d61092 feat: Add 3 tender-derived OpenSpecs for integration adapters
  • e5aede39 refactor: Move website/ to docusaurus/ pattern (docs/ at root)
  • f5c2113e fix: Revert licence to agpl for Nextcloud App Store compatibility
  • 91f27a59 chore: Switch license to EUPL-1.2

rubenvdlinde and others added 6 commits March 2, 2026 00:24
@rubenvdlinde @claude
chore: Switch license to EUPL-1.2
91f27a5 
Replace existing license (Apache-2.0/AGPL) with EUPL-1.2 across all
metadata files: LICENSE, appinfo/info.xml, composer.json, package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rubenvdlinde @claude
fix: Revert licence to agpl for Nextcloud App Store compatibility
f5c2113 
The Nextcloud App Store schema does not accept EUPL-1.2 as a valid
licence value, causing all release uploads to fail with HTTP 400.
Revert to 'agpl' which is in the accepted set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rubenvdlinde @claude
refactor: Move website/ to docusaurus/ pattern (docs/ at root)
e5aede3 
- Rename website/ → docusaurus/ (preserves git history)
- Move website/docs/ → docs/ at repository root
- Existing docs/ merged with conflict resolution (legacy suffixes)
- Update docusaurus.config.js: path '../docs', editUrl → docusaurus/
- Update documentation.yml: trigger development branch, source-folder docusaurus
- Create img/app-store.svg with blue hexagon connection icon
- Update logo.svg with blue hexagon app-store icon

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@rubenvdlinde
feat: Add 3 tender-derived OpenSpecs for integration adapters
f6d6109 
Based on analysis of 74 Dutch government tenders:

- stuf-adapter: Bidirectional StUF-BG/ZKN adapter (79% tender demand)
- ibabs-notubiz-connector: B&W besluitvorming RIS integration (27% demand)
- dso-omgevingsloket: DSO/Omgevingsloket VTH adapter (32% demand)
@rubenvdlinde
feat: Enrich 3 specs, add prometheus metrics
4564417 
Spec enrichment:
- stuf-adapter: partial impl (SOAPService has StUF-ZKN awareness, no inbound SOAP server)
- dso-omgevingsloket: not implemented, foundational infrastructure exists
- ibabs-notubiz-connector: not implemented, foundational infrastructure exists

Implementation:
- MetricsController: sources by type, calls by status, sync operations
- HealthController: database + sources table checks
@rubenvdlinde
fix: replace standalone SBOM workflow with reusable quality workflow
12950d0
@rubenvdlinde rubenvdlinde changed the base branch from main to development March 17, 2026 08:22
@rubenvdlinde
fix: consolidate quality workflows into reusable code-quality.yml
384c43c 
Replace standalone sbom.yml and disabled quality-check.yml with a single
code-quality.yml that calls the ConductionNL reusable quality workflow
with enable-sbom and enable-frontend options. Aligns with the workflow
structure on the development branch.
@rubenvdlinde
fix: resolve merge conflicts with development
ecfd2a4
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 17, 2026

Quality Report
Repository ConductionNL/openconnector
Commit ad17d0f
Branch 681/merge
Event pull_request
Generated 2026-03-17 08:39 UTC
Workflow Run https://github.com/ConductionNL/openconnector/actions/runs/23185523708

Summary

Group Result
PHP Quality FAIL
Vue Quality PASS
Security FAIL
License FAIL
PHPUnit SKIP
Newman SKIP

PHP Quality

Tool Result
lint FAIL
phpcs FAIL
phpmd FAIL
psalm FAIL
phpstan FAIL
phpmetrics FAIL

Vue Quality

Tool Result
eslint PASS
stylelint PASS

Security

Ecosystem Result
composer FAIL
npm FAIL

License Compliance

Ecosystem Result
composer FAIL
npm FAIL

npm dependencies (572 total)

Metric Count
Approved (allowlist) 571
Approved (override) 0
Denied 1

Denied packages

Package Version License
@fortawesome/free-solid-svg-icons 6.7.2 (CC-BY-4.0 AND MIT)

PHPUnit Tests

PHPUnit tests were not enabled for this run.

Integration Tests (Newman)

Newman integration tests were not enabled for this run.

Generated automatically by the Quality workflow.

Download the full PDF report from the workflow artifacts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubenvdlinde