shift7-ch · chenkins · Feb 7, 2026 · Feb 7, 2026 · Feb 9, 2026 · Feb 9, 2026
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml
@@ -1,6 +1,6 @@
 name: Bug Report
 description: Create a report to help us improve
-labels: ["type:bug"]
+type: "Bug"
 body:
   - type: checkboxes
     id: terms

diff --git a/.github/ISSUE_TEMPLATE/feature.yml b/.github/ISSUE_TEMPLATE/feature.yml
@@ -1,6 +1,6 @@
 name: Feature Request
 description: Suggest an idea for this project
-labels: ["type:feature-request"]
+type: "Feature"
 body:
   - type: checkboxes
     id: terms

diff --git a/.github/ISSUE_TEMPLATE/story.md b/.github/ISSUE_TEMPLATE/story.md
@@ -0,0 +1,23 @@
+---
+name: Story
+about: Persona needs for purpose.
+title: "[Story]"
+labels: ''
+assignees: ''
+
+---
+
+### Story
+* **Persona**:
+* **Need**: 
+* **Purpose**:
+
+
+### Acceptance Criteria
+- [ ]
+
+### Open Questions
+
+### Context
+
+### Implementation
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -18,14 +18,29 @@ jobs:
     name: Run Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: 'npm'
           cache-dependency-path: frontend/package-lock.json
+      # / katta start addition
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: ${{ env.JAVA_VERSION }}
+          cache: 'maven'
+      - name: Generate openapi.json
+        working-directory: backend
+        run: >
+          mvn -B clean compile quarkus:build -P generate-openapi-json
+      - name: Check openapi.json
+        working-directory: backend
+        run: >
+          cat ../frontend/src/openapi/openapi.json
+      # \ katta end addition
       - name: NPM install
         working-directory: frontend
         run: npm ci --ignore-scripts
@@ -35,48 +50,86 @@ jobs:
       - name: Deploy frontend
         working-directory: frontend
         run: npm run dist
-      - name: SonarCloud Scan Frontend
-        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
-        with:
-          projectBaseDir: frontend
-          args: >
-            -Dsonar.organization=cryptomator
-            -Dsonar.projectKey=cryptomator_hub_frontend
-            -Dsonar.typescript.tsconfigPath=tsconfig.json
-            -Dsonar.sources=src/
-            -Dsonar.tests=test/
-            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      # / katta start commented out
+      #      - name: SonarCloud Scan Frontend
+      #        uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
+      #        with:
+      #          projectBaseDir: frontend
+      #          args: >
+      #            -Dsonar.organization=cryptomator
+      #            -Dsonar.projectKey=cryptomator_hub_frontend
+      #            -Dsonar.typescript.tsconfigPath=tsconfig.json
+      #            -Dsonar.sources=src/
+      #            -Dsonar.tests=test/
+      #            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
+      #        env:
+      #          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+      #          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      # \ katta start commented out
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
-      - name: Cache SonarCloud packages
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
+      # / katta start commented out
+      #      - name: Cache SonarCloud packages
+      #        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      #        with:
+      #          path: ~/.sonar/cache
+      #          key: ${{ runner.os }}-sonar
+      #          restore-keys: ${{ runner.os }}-sonar
+      # \ katta start commented out
       - name: Build and test backend
         working-directory: backend
         run: >
           ./mvnw -B clean verify
-          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-          -Dsonar.projectKey=cryptomator_hub_backend
-          -Dsonar.organization=cryptomator
-          -Dsonar.host.url=https://sonarcloud.io
+          # / katta start commented out
+          #          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          #          -Dsonar.projectKey=cryptomator_hub_backend
+          #          -Dsonar.organization=cryptomator
+          #          -Dsonar.host.url=https://sonarcloud.io
+          # \ katta start commented out
           --no-transfer-progress
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      # / katta addition
+      - id: get_tag
+        name: Get tag
+        working-directory: backend
+        run: |
+          if [[ ! -z "${{ inputs.tag }}" ]]; then
+            TAG="${{ inputs.tag }}"
+          elif [[ ${{ github.ref_type }} == 'tag' ]]; then
+            TAG="${{ github.ref_name }}"
+          # / katta start modification
+          elif [[ ${{ github.ref_name  }} == ${{ github.event.repository.default_branch }} ]]; then
+            TAG=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
+          else
+            TAG="commit-${{ github.sha }}"
+          fi
+          # \ katta end modification
+          echo tag=${TAG}
+          echo tag=${TAG} >> "$GITHUB_OUTPUT"
+      - name: Build and push container image (ci)
+        working-directory: backend
+        run: ./mvnw -B clean package -DskipTests
+        env:
+          QUARKUS_JIB_PLATFORMS: linux/amd64,linux/arm64/v8
+          QUARKUS_CONTAINER_IMAGE_TAG: ${{ steps.get_tag.outputs.tag }}-ci
+          QUARKUS_CONTAINER_IMAGE_BUILD: true
+          QUARKUS_CONTAINER_IMAGE_PUSH: true
+          QUARKUS_CONTAINER_IMAGE_REGISTRY: ghcr.io
+          QUARKUS_CONTAINER_IMAGE_USERNAME: ${{ github.actor }}
+          QUARKUS_CONTAINER_IMAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+      # \ katta addition
 
   build-native-image:
     name: Build and Push ${{ matrix.arch }} Image
     needs: test
-    if: startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[build image]')
+    # / katta start commented out - build every commit
+    # if: startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[build image]')
+    # \ katta end commented out
     strategy:
       fail-fast: false
       matrix:
@@ -92,15 +145,34 @@ jobs:
       digest_amd64: ${{ steps.digest.outputs.digest_amd64 }}
       digest_arm64: ${{ steps.digest.outputs.digest_arm64 }}
     permissions:
-      contents: read
-      packages: write
+      contents: read # Required for checkout
+      packages: write # Required for pushing the image to GHCR
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: 'npm'
           cache-dependency-path: frontend/package-lock.json
+      # / katta addition
+      - id: get_tag
+        name: get tag
+        working-directory: backend
+        run: |
+          if [[ ! -z "${{ inputs.tag }}" ]]; then
+            TAG="${{ inputs.tag }}"
+          elif [[ ${{ github.ref_type }} == 'tag' ]]; then
+            TAG="${{ github.ref_name }}"
+          # / katta start modification
+          elif [[ ${{ github.ref_name  }} == ${{ github.event.repository.default_branch }} ]]; then
+            TAG=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)
+          else
+            TAG="commit-${{ github.sha }}"
+          fi
+          # \ katta end modification
+          echo tag=${TAG}
+          echo tag=${TAG} >> "$GITHUB_OUTPUT"
+        # \ katta addition
       - name: NPM install
         working-directory: frontend
         run: npm ci --ignore-scripts
@@ -109,30 +181,37 @@ jobs:
         run: npm run dist
       - name: Ensure to use tagged version
         working-directory: backend
-        run: ./mvnw versions:set --file pom.xml -DnewVersion=${GITHUB_REF##*/}
+        # / katta modification
+        #run: ./mvnw versions:set --file pom.xml -DnewVersion=${GITHUB_REF##*/}
+        run: ./mvnw versions:set --file pom.xml -DnewVersion=${{ steps.get_tag.outputs.tag }}
+        # \ katta modification
       - name: Docker metadata
         id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
         with:
-          images: ghcr.io/cryptomator/hub
+          images: ghcr.io/shift7-ch/katta-server
+          # / katta modification
           tags: |
             type=sha,prefix=,format=short
+            type=raw,value=${{ steps.get_tag.outputs.tag }}
+            type=raw,value=latest,enable={{is_default_branch}}
+          # \ katta modification
           flavor: |
             suffix=-${{ matrix.arch }}
           labels: |
-            org.opencontainers.image.title=Cryptomator Hub
-            org.opencontainers.image.vendor=Skymatic GmbH
+            org.opencontainers.image.title=Katta Server
+            org.opencontainers.image.vendor=Shift 7 GmbH
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
       - name: Login to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and Push Container Image
         id: push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
         with:
           context: backend
           file: backend/src/main/docker/Dockerfile.native
@@ -145,42 +224,63 @@ jobs:
         run: |
           echo "digest_${{ matrix.arch }}=${{ steps.push.outputs.digest }}" >> "$GITHUB_OUTPUT"
 
+
+
   multi-arch-image:
     name: Build and Push Multi-Arch Image
     needs: build-native-image
     runs-on: ubuntu-latest
     permissions:
-      id-token: write
-      contents: read
-      attestations: write
-      packages: write
+      contents: read # Required for checkout
+      id-token: write # Required for the attestations step
+      attestations: write # Required for the attestations step
+      artifact-metadata: write # Required for the attestations step
+      packages: write # Required for pushing the image to GHCR
     steps:
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
       - name: Determine short Commit SHA
         id: sha
         run: echo "short_sha=${LONG_SHA:0:7}" >> "$GITHUB_OUTPUT"
         env:
           LONG_SHA: ${{ github.sha }}
       - name: Login to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Create Multi-Arch Manifest for ghcr.io/cryptomator/hub:${{ steps.sha.outputs.short_sha }}
+      - name: Create Multi-Arch Manifest for ghcr.io/shift7-ch/katta-server:${{ steps.sha.outputs.short_sha }}
         run: >
-          docker buildx imagetools create --tag ghcr.io/cryptomator/hub:${{ steps.sha.outputs.short_sha }}
-          ghcr.io/cryptomator/hub@${{ needs.build-native-image.outputs.digest_amd64 }}
-          ghcr.io/cryptomator/hub@${{ needs.build-native-image.outputs.digest_arm64 }}
+          docker buildx imagetools create --tag ghcr.io/shift7-ch/katta-server:${{ steps.sha.outputs.short_sha }}
+          ghcr.io/shift7-ch/katta-server@${{ needs.build-native-image.outputs.digest_amd64 }}
+          ghcr.io/shift7-ch/katta-server@${{ needs.build-native-image.outputs.digest_arm64 }}
       - name: Retrieve Multi-Arch Digest
         id: inspect
         run: |
-          DIGEST=$(docker buildx imagetools inspect ghcr.io/cryptomator/hub:${{ steps.sha.outputs.short_sha }} --format "{{json .Manifest}}" | jq -r .digest)
+          DIGEST=$(docker buildx imagetools inspect ghcr.io/shift7-ch/katta-server:${{ steps.sha.outputs.short_sha }} --format "{{json .Manifest}}" | jq -r .digest)
           echo "digest_multiarch=${DIGEST}" >> "$GITHUB_OUTPUT"
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
         with:
-          subject-name: ghcr.io/cryptomator/hub
+          subject-name: ghcr.io/shift7-ch/katta-server
           subject-digest: ${{ steps.inspect.outputs.digest_multiarch }}
           push-to-registry: true
+
+# / katta start addition
+  keycloak-integrationtests:
+    name: Run katta Keycloak Integration Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: ${{ env.JAVA_VERSION }}
+          cache: 'maven'
+      - name: Run Keycloak integration tests
+        working-directory: keycloak
+        run: >
+          mvn -B clean verify
+# \ katta end addition