Release v0.5.0

.github/workflows/changelog-ci.yml

@@ -4,6 +4,8 @@ on:
   pull_request:
     types: [ opened, reopened ]
     branches: [ main ]
+    paths: ['backend-agent/**']
+    # changelog-ci triggers only on backend changes
 
   # Optionally you can use `workflow_dispatch` to run Changelog CI Manually
   workflow_dispatch:

.github/workflows/docker.yml

@@ -0,0 +1,205 @@
+name: Build and Push Docker Images
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - main
+
+jobs:
+  check_version_update:
+    name: Check Version Updates
+    if: github.event.pull_request.merged
+    runs-on: ubuntu-latest
+    outputs:
+      build_backend: ${{ steps.version_check.outputs.build_backend }}
+      build_frontend: ${{ steps.version_check.outputs.build_frontend }}
+      backend_version: ${{ steps.version_check.outputs.backend_version }}
+      frontend_version: ${{ steps.version_check.outputs.frontend_version }}
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 2  # Need at least 2 commits to compare
+
+      - name: Detect version changes
+        id: version_check
+        run: |
+          echo "🔍 Checking for version changes..."
+
+          # Get current commit and previous commit
+          CURRENT_COMMIT=$(git rev-parse HEAD)
+          # Previous commit refers to the latest commit on main before the PR
+          # was merged
+          PREVIOUS_COMMIT=$(git rev-parse HEAD~1)
+
+          echo "Current commit: $CURRENT_COMMIT"
+          echo "Previous commit: $PREVIOUS_COMMIT"
+
+          # Initialize build flags and version variables
+          BUILD_BACKEND=false
+          BUILD_FRONTEND=false
+          # Extract current versions for backend and frontend
+          BACKEND_VERSION=$(grep '^version = ' backend-agent/pyproject.toml | sed "s/version = '\(.*\)'/\1/")
+          FRONTEND_VERSION=$(grep '"version":' frontend/package.json | sed 's/.*"version": "\(.*\)".*/\1/')
+
+          # Check if backend version file changed
+          if git diff --name-only $PREVIOUS_COMMIT $CURRENT_COMMIT | grep -q 'backend-agent/pyproject.toml'; then
+            # Extract previous backend version
+            PREVIOUS_BACKEND_VERSION=$(git show $PREVIOUS_COMMIT:backend-agent/pyproject.toml | grep '^version = ' | sed "s/version = '\(.*\)'/\1/")
+            echo "Backend version - Current: $BACKEND_VERSION, Previous: $PREVIOUS_BACKEND_VERSION"
+
+            if [ "$BACKEND_VERSION" != "$PREVIOUS_BACKEND_VERSION" ]; then
+              # The version has changed, set flag to build backend
+              BUILD_BACKEND=true
+              echo "✅ Backend version changed: $PREVIOUS_BACKEND_VERSION → $BACKEND_VERSION"
+            else
+              echo "❎ Backend version unchanged: $BACKEND_VERSION. Skip docker backend."
+            fi
+          fi
+
+          # Check if frontend version file changed
+          if git diff --name-only $PREVIOUS_COMMIT $CURRENT_COMMIT | grep -q 'frontend/package.json'; then
+            # Extract previous frontend version
+            PREVIOUS_FRONTEND_VERSION=$(git show $PREVIOUS_COMMIT:frontend/package.json | grep '"version":' | sed 's/.*"version": "\(.*\)".*/\1/')
+            echo "Frontend version - Current: $FRONTEND_VERSION, Previous: $PREVIOUS_FRONTEND_VERSION"
+
+            if [ "$FRONTEND_VERSION" != "$PREVIOUS_FRONTEND_VERSION" ]; then
+              # The version has changed, set flag to build frontend
+              BUILD_FRONTEND=true
+              echo "✅ Frontend version changed: $PREVIOUS_FRONTEND_VERSION → $FRONTEND_VERSION"
+            else
+              echo "❎ Frontend version unchanged: $FRONTEND_VERSION. Skip docker frontend."
+            fi
+          fi
+
+          # Set build outputs
+          echo "build_backend=$BUILD_BACKEND" >> $GITHUB_OUTPUT
+          echo "build_frontend=$BUILD_FRONTEND" >> $GITHUB_OUTPUT
+          echo "backend_version=$BACKEND_VERSION" >> $GITHUB_OUTPUT
+          echo "frontend_version=$FRONTEND_VERSION" >> $GITHUB_OUTPUT
+
+          if [ "$BUILD_BACKEND" = "false" ] && [ "$BUILD_FRONTEND" = "false" ]; then
+            echo "⚠️  No version changes detected. Skipping builds."
+          fi
+
+  build-backend:
+    name: Build and Push Backend Docker Image
+    if: github.event.pull_request.merged && needs.check_version_update.outputs.build_backend == 'true'
+    needs: check_version_update
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY_URL }}
+          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
+
+      - name: 🐳 Build and push Backend Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend-agent
+          file: ./backend-agent/Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:${{ needs.check_version_update.outputs.backend_version }}
+            ${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Backend Build Summary
+        run: |
+          echo "Backend Build Complete"
+          echo "✅ Backend: stars-backend:${{ needs.check_version_update.outputs.backend_version }}"
+
+  build-frontend:
+    name: Build and Push Frontend Docker Image
+    if: github.event.pull_request.merged && needs.check_version_update.outputs.build_frontend == 'true'
+    needs: check_version_update
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v5
+
+      - name: Set up Node.js for Frontend build
+        uses: actions/setup-node@v5
+        with:
+          node-version: '24'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Build Angular application
+        run: |
+          cd frontend
+          npm ci
+          npm run build -- --configuration production
+          # Verify build output exists
+          ls -la dist/
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY_URL }}
+          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
+
+      - name: 🐳 Build and push Frontend Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./frontend
+          file: ./frontend/Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_REGISTRY_URL }}/stars-frontend:${{ needs.check_version_update.outputs.frontend_version }}
+            ${{ secrets.DOCKER_REGISTRY_URL }}/stars-frontend:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Frontend Build Summary
+        run: |
+          echo "Frontend Build Complete"
+          echo "✅ Frontend: stars-frontend:${{ needs.check_version_update.outputs.frontend_version }}"
+
+  build-summary:
+    name: Build Pipeline Summary
+    needs: [check_version_update, build-backend, build-frontend]
+    runs-on: ubuntu-latest
+    # Allow this job to run even if backend or frontend jobs are skipped
+    if: always() && github.event.pull_request.merged
+    steps:
+      - name: Pipeline Summary
+        run: |
+          echo "STARS Build Pipeline Summary"
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+          # Backend
+          if [ "${{ needs.check_version_update.outputs.build_backend }}" = "true" ]; then
+            if [ "${{ needs.build-backend.result }}" = "success" ]; then
+              echo "✅ Backend: stars-backend:${{ needs.check_version_update.outputs.backend_version }}"
+            else
+              echo "❌ Backend: Build failed"
+            fi
+          else
+            echo "⏭️ (SKIP) Backend: No version change detected"
+          fi
+          # Frontend
+          if [ "${{ needs.check_version_update.outputs.build_frontend }}" = "true" ]; then
+            if [ "${{ needs.build-frontend.result }}" = "success" ]; then
+              echo "✅ Frontend: stars-frontend:${{ needs.check_version_update.outputs.frontend_version }}"
+            else
+              echo "❌ Frontend: Build failed"
+            fi
+          else
+            echo "⏭️ (SKIP) Frontend: No version change detected"
+          fi
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

.github/workflows/installation-test.yml

@@ -23,18 +23,24 @@ jobs:
               uses: actions/checkout@v5
 
             - name: Set up Python environment
-              uses: actions/setup-python@v5
+              uses: actions/setup-python@v6
               with:
-                python-version: "3.10"
+                python-version: "3.11"
                 token: ${{ secrets.GITHUB_TOKEN }}
-                cache: 'pip'
-                cache-dependency-path: backend-agent/requirements.txt
-            - run: pip install -r backend-agent/requirements.txt
+
+            - name: Install uv
+              uses: astral-sh/setup-uv@v6
+              with:
+                version: "latest"
+                enable-cache: true
+
+            - name: Install dependencies
+              run: uv sync --locked --all-extras --dev --project backend-agent
 
             - name: Start server and check health
+              working-directory: backend-agent
               run: |
-                cd backend-agent
-                DISABLE_AGENT=1 DB_PATH=${RUNNER_TEMP}/data.db python main.py > server.log 2>&1 &
+                DISABLE_AGENT=1 DB_PATH=${RUNNER_TEMP}/data.db uv run main.py > server.log 2>&1 &
                 for i in {1..20}; do
                   sleep 1
                   status=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8080/health || true)

.github/workflows/lint-backend.yml

@@ -1,7 +1,7 @@
 name: Lint backend
 
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - develop
       - main
@@ -11,7 +11,8 @@ on:
 
 permissions:
   checks: write
-  contents: write
+  contents: read
+  pull-requests: write
 
 jobs:
   lint-backend:
@@ -23,9 +24,9 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Set up Python environment
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
-          python-version: "3.10"
+          python-version: "3.12"
           token: ${{ secrets.GITHUB_TOKEN }}
           cache: 'pip'
 

.github/workflows/lint-frontend.yml

@@ -1,7 +1,7 @@
 name: Lint frontend
 
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - develop
       - main
@@ -19,13 +19,16 @@ jobs:
   lint-frontend:
     name: Run frontend linters
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
 
     steps:
       - name: Check out Git repository
         uses: actions/checkout@v5
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
             node-version: 20
 

.github/workflows/pr-bot.yml

@@ -0,0 +1,27 @@
+name: AI-assisted
+on:
+  pull_request:
+    types: [ready_for_review, opened, reopened]
+
+jobs:
+  summary:
+    name: PR Summary
+    runs-on: [ubuntu-latest]
+    steps:
+      - uses: SAP/ai-assisted-github-actions/pr-summary@v3
+        with:
+          aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
+          model: gpt-4o
+          exclude-files: package-lock.json, uv.lock
+  review:
+    name: PR Review
+    runs-on: [ubuntu-latest]
+    steps:
+      - uses: SAP/ai-assisted-github-actions/pr-review@v3
+        with:
+          aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
+          model: anthropic--claude-4-sonnet
+          exclude-files: package-lock.json, uv.lock
+          footer-text: |
+            ---
+            > Always critique what AI says. Do not let AI replace YOUR I.

CHANGELOG.md

@@ -1,3 +1,18 @@
+# Version: v0.5.0
+
+* [#84](https://github.com/SAP/STARS/pull/84): Bump flask-cors from 6.0.0 to 6.0.1 in /backend-agent
+* [#85](https://github.com/SAP/STARS/pull/85): Bump requests from 2.32.4 to 2.32.5 in /backend-agent
+* [#87](https://github.com/SAP/STARS/pull/87): Bump flask from 3.1.1 to 3.1.2 in /backend-agent
+* [#88](https://github.com/SAP/STARS/pull/88): Replace SAP library for accessing LLMs
+* [#89](https://github.com/SAP/STARS/pull/89): Add GitHub action for SAP PR bot
+* [#91](https://github.com/SAP/STARS/pull/91): Add back button and weights config in dashboard
+* [#94](https://github.com/SAP/STARS/pull/94): Add support for uv
+* [#95](https://github.com/SAP/STARS/pull/95): Bump actions/setup-python from 5 to 6
+* [#96](https://github.com/SAP/STARS/pull/96): Bump actions/setup-node from 4 to 5
+* [#99](https://github.com/SAP/STARS/pull/99): Bump the js-dependencies group across 1 directory with 28 updates
+* [#100](https://github.com/SAP/STARS/pull/100): Improve maintainability and add docker action
+
+
 # Version: v0.4.0
 
 * [#44](https://github.com/SAP/STARS/pull/44): Add Garak tool

README.md

@@ -24,6 +24,7 @@ Hereafter, a list with all the attacks the Agent is able to run, grouped by atta
 - [PyRIT](https://github.com/Azure/PyRIT)
 - [CodeAttack](https://github.com/renqibing/CodeAttack)
 - [ArtPrompt](https://github.com/uw-nsl/ArtPrompt)
+- [Garak](https://github.com/NVIDIA/garak)
 
 
 ## Requirements and Setup