From d4445fd6f0e72b108c57dcd716545d05a99218d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20M=C3=BCehlencord?=
 <joern.muehlencord@vitroconnect.com>
Date: Tue, 31 Mar 2026 21:40:07 +0200
Subject: [PATCH] rework setup

---
 build-and-test/action.yml | 91 +++++++++++++++++++--------------------
 1 file changed, 44 insertions(+), 47 deletions(-)

diff --git a/build-and-test/action.yml b/build-and-test/action.yml
index 744b8d6..8b327a0 100644
--- a/build-and-test/action.yml
+++ b/build-and-test/action.yml
@@ -1,50 +1,47 @@
 name: gitea pipeline build
 
 inputs:
-  workflow_call:
-    inputs:
-      git_repository:
-        required: true
-        type: string
-      java_version:
-        required: true
-        type: int
-      java_distribution:
-        required: false
-        type: string
-        default: "liberica"
-      maven_version:
-        required: false
-        type: string
-        default: 3.9.14
-      sonar_host:
-        required: true
-        type: string
-      dtrack_host_name:
-        required: true
-        type: string
-        # dtrack.muehlencord.de
-      dtrack_protocol:
-        required: false
-        type: string
-        default: "https"
-      dtrack_port:
-        required: false
-        type: string
-        default: "443"
-      dtrack_bom_file:
-        required: true
-        type: string
-      dtrack_project_uuid:
-        required: true
-        type: string
-    secrets:
-      SSH_PRIVATE_KEY:
-        required: true
-      SONAR_TOKEN:
-        required: true
-      DTRACK_API_KEY:
-        required: true
+  inputs:
+    git_repository:
+      description: 'repository to clone'
+      required: true
+    java_version:
+      description: 'the Java Version to use'
+      required: true
+    java_distribution:
+      description: 'the java distribution to use'
+      required: false
+      default: "liberica"
+    maven_version:
+      description: 'the maven version to use'
+      required: false
+      default: '3.9.14'
+    sonar_host:
+      description: 'the sonar host to use'
+      required: true
+    dtrack_host_name:
+      description: 'the dtrack server to use'
+      required: true
+    dtrack_protocol:
+      description: 'the protocol to connect to the dtrack server, default to https'
+      required: false
+      default: "https"
+    dtrack_port:
+      description: 'the port to connect to the dtrack server to, defaults to 443'
+      required: false
+      default: "443"
+    dtrack_bom_file:
+      description: 'the location of the bom file'
+      required: true
+    dtrack_project_uuid:
+      description: 'the dtrack project id to use'
+      required: true
+    sonar_token:
+      description: 'the ssh key to use for checkout'
+      required: true
+    dtrack_api_key:
+      description: 'the ssh key to use for checkout'
+      required: true
 
 runs:
   using: 'composite'
@@ -71,15 +68,15 @@ runs:
     - name: Build with Maven
       working-directory: source
       shell: bash
-      run: mvn -B clean verify sonar:sonar org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -Dsonar.host.url="${{ inputs.sonar_host }}" -Dsonar.token="${{ secrets.SONAR_TOKEN }}"
+      run: mvn -B clean verify sonar:sonar org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -Dsonar.host.url="${{ inputs.sonar_host }}" -Dsonar.token="${{ inputs.sonar_token }}"
 
     - name: Upload SBOM to DTrack
       uses: DependencyTrack/gh-upload-sbom@v3
       with:
-        serverhostname: ${{ dtrack_host_name }}
+        serverhostname: ${{ inputs.dtrack_host_name }}
         protocol: ${{ inputs.dtrack_protocol }}
         port: ${{ inputs.dtrack_port }}
-        apikey: ${{ secrets.DTRACK_API_KEY }}
+        apikey: ${{ inpts.dtrack_api_key }}
         project: ${{ inputs.dtrack_project_uuid }}
         bomfilename: ${{ inputs.dtrack_bom_file }}