fix(puris): use syntax for reusable workflow for CodeQl

[tom-rm-meyer-ISST]

Description

Recent pr #81 didn't consider CodeQl workflow as a reused one (wrong).

This pr handles CodeQl as reusable workflow (correct, following the results in this pr).

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

• [x] DEPENDENCIES are up-to-date. Dash license tool. Committers can open IP issues for restricted libs.
• [x] Copyright and license header are present on all affected files

[eclipse-otterdog[bot]]

This is your friendly self-service bot.

Thank you for raising a pull request to update the configuration of your GitHub organization. You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to fulfilled for auto-merging to be available:

• valid configuration
• approved by a project lead
• does not require any secrets
• does not update settings only accessible via the GitHub Web UI
• does not remove any resource

Otterdog commands and options

You can trigger otterdog actions by commenting on this PR: - `/otterdog team-info` checks the team / org membership for the PR author - `/otterdog validate` validates the configuration change - `/otterdog validate info` validates the configuration change, printing also validation infos - `/otterdog check-sync` checks if the base ref is in sync with live settings - `/otterdog merge` merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author) - `/otterdog done` notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team) - `/otterdog apply` re-apply a previously failed attempt (only accessible for members of the admin team)

[eclipse-otterdog[bot]]

This is your friendly self-service bot.

The author (tom-rm-meyer-ISST) of this PR is associated with this organization in the role of MEMBER.

Additionally, tom-rm-meyer-ISST is a member of the following teams:

• automotive-tractusx-contributors

• automotive-tractusx-committers

[eclipse-otterdog[bot]]

This is your friendly self-service bot. Please find below the validation of the requested configuration changes:

Diff for 335b7df5a9125c75b8d2c3c35ac2e42b0a9fdfdb

```diff Organization automotive.tractusx[id=eclipse-tractusx] there have been 70 validation infos, enable verbose output with '-v' to to display them. ! branch_protection_rule[pattern="main", repository="puris"] { ! required_status_checks = "['eclipse-eca-validation:eclipsefdn/eca', 'docker-frontend', 'docker-backend', 'Analyze CodeQl', 'Analyze KICS', 'check-dependencies-frontend', 'check-dependencies-backend', 'Check quality guidelines / Check quality guidelines']" -> "['eclipse-eca-validation:eclipsefdn/eca', 'docker-frontend', 'docker-backend', 'CodeQl / Analyze CodeQl', 'Analyze KICS', 'check-dependencies-frontend', 'check-dependencies-backend', 'Check quality guidelines / Check quality guidelines']" ! } Plan: 0 to add, 1 to change, 0 to delete. ```

[eclipse-otterdog[bot]]

This is your friendly self-service bot. The current configuration is in-sync with the live settings. :rocket:

[eclipse-otterdog[bot]]

This is your friendly self-service bot.

The following changes have been successfully applied:

Organization automotive.tractusx[id=eclipse-tractusx]
  there have been 70 validation infos, enable verbose output with '-v' to to display them.

!   branch_protection_rule[pattern="main", repository="puris"] {
!     required_status_checks            = "['eclipse-eca-validation:eclipsefdn/eca', 'docker-frontend', 'docker-backend', 'Analyze CodeQl', 'Analyze KICS', 'check-dependencies-frontend', 'check-dependencies-backend', 'Check quality guidelines / Check quality guidelines']" -> "['eclipse-eca-validation:eclipsefdn/eca', 'docker-frontend', 'docker-backend', 'CodeQl / Analyze CodeQl', 'Analyze KICS', 'check-dependencies-frontend', 'check-dependencies-backend', 'Check quality guidelines / Check quality guidelines']"
!   }

  Applying changes:

  Done.

  Executed plan: 0 added, 1 changed, 0 deleted.

[netomi]

I am not sure if all these status checks use the correct convention. I tried to collect the rules how the status checks need to be referenced here: https://otterdog.readthedocs.io/en/latest/reference/organization/repository/status-check/

I can also double check via the UI what names are required if needed.

[tom-rm-meyer-ISST]

I am not sure if all these status checks use the correct convention. I tried to collect the rules how the status checks need to be referenced here: https://otterdog.readthedocs.io/en/latest/reference/organization/repository/status-check/

I can also double check via the UI what names are required if needed.

Hey @netomi,

I only got an issue with Code Ql. I'll raise a ticket for that.

[tom-rm-meyer-ISST]

I am not sure if all these status checks use the correct convention. I tried to collect the rules how the status checks need to be referenced here: https://otterdog.readthedocs.io/en/latest/reference/organization/repository/status-check/

I can also double check via the UI what names are required if needed.

Hey @netomi, could you please check the required names including codeql? I currently see that also my docker jobs fail and it seems that I didn't get the documentation right :(

Can you also tell me how to read out the names from the dashboard? Then I brief my project regarding the correct usage :)

[netomi]

so the rule seems to be that you take the name of a job as status check if it exists, otherwise its id

for example in the case of CodeQL, you have that in your workflow:

jobs:
  analyze:
    name: Analyze

the status check would be Analyze, which is ofc very generic, so giving it a more meaningful name is useful.

For docker, its a bit confusing, there are 2 workflows for backend and frontend, but both have a job with id docker and no name, so in the UI I selected just docker as status check and that seems to work, not sure what happens in the background in such a case, but I would give them distinctive names.

btw also the status check for KICS is wrong, the workflow has a job with name Analyze which is the same as for CodeQL, I would clean this up if you wanna use that as status check.

[tom-rm-meyer-ISST]

so the rule seems to be that you take the name of a job as status check if it exists, otherwise its id

for example in the case of CodeQL, you have that in your workflow:

jobs:
  analyze:
    name: Analyze

the status check would be Analyze, which is ofc very generic, so giving it a more meaningful name is useful.

For docker, its a bit confusing, there are 2 workflows for backend and frontend, but both have a job with id docker and no name, so in the UI I selected just docker as status check and that seems to work, not sure what happens in the background in such a case, but I would give them distinctive names.

I noticed the same behavior and try to fix it with this pr: https://github.com/eclipse-tractusx/puris/pull/450

• renamed job ids for docker (docker-backend and docker-frontend)
• Made Code Ql and KICS Name less generic
• updated the helm workflow as intended

My only remaining issue seems to be CodeQl, which I don't get correct if you follow my commit history here.

BTW: docker now works - seems to only have been a ui bug in the end.