Release v0.6.0

.github/dependabot.yml

@@ -24,7 +24,7 @@ updates:
         patterns:
           - "*"
 
-  - package-ecosystem: "pip"
+  - package-ecosystem: "uv"
     directory: "/backend-agent"
     schedule:
       interval: "weekly"

.github/workflows/be-installation-test.yml

@@ -0,0 +1,58 @@
+name: Test backend installation
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - main
+    paths:
+      - '**.py'
+      - '**.txt'
+      - '**/pyproject.toml'
+      - '**/uv.lock'
+  workflow_dispatch:
+
+permissions:
+  checks: read
+  contents: read
+
+jobs:
+  installation-backend:
+    name: Test backend installation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out Git repository
+        uses: actions/checkout@v5
+
+      - name: Set up Python environment
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.11"
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          version: "latest"
+          enable-cache: true
+          prune-cache: false
+
+      - name: Install dependencies
+        run: uv sync --locked --all-extras --dev --project backend-agent
+
+      - name: Start server and check health
+        working-directory: backend-agent
+        run: |
+          DISABLE_AGENT=1 DB_PATH=${RUNNER_TEMP}/data.db uv run main.py > server.log 2>&1 &
+          for i in {1..60}; do
+            sleep 1
+            status=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8080/health || true)
+            if [ "$status" -eq 200 ]; then
+              echo "Health check succeeded"
+              cat server.log
+              exit 0
+            fi
+          done
+          echo "Health check failed after waiting"
+          cat server.log
+          exit 1

.github/workflows/docker.yml

@@ -112,8 +112,10 @@ jobs:
           tags: |
             ${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:${{ needs.check_version_update.outputs.backend_version }}
             ${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:cache
+          cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:cache,mode=max
+          # Use docker registry cache not to exceed GitHub Actions storage limits
+          # Builds will be slower but won't fail due to storage limits
 
       - name: Backend Build Summary
         run: |
@@ -203,3 +205,51 @@ jobs:
             echo "⏭️ (SKIP) Frontend: No version change detected"
           fi
           echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+  deploy-backend:
+    name: Restart Backend Deployment
+    if: github.event.pull_request.merged && needs.build-backend.result == 'success'
+    needs: [check_version_update, build-backend]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v4
+        with:
+          version: 'latest'
+
+      - name: Configure kubectl for SAP BTP Kyma
+        run: |
+          mkdir -p ~/.kube
+          echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Restart Backend Deployment
+        run: |
+          echo "🔄 Restarting backend deployment to pull latest image..."
+          kubectl rollout restart deployment/stars-backend -n stars
+          kubectl rollout status deployment/stars-backend -n stars --timeout=10m
+          echo "✅ Backend deployment restarted successfully"
+
+  deploy-frontend:
+    name: Restart Frontend Deployment
+    if: github.event.pull_request.merged && needs.build-frontend.result == 'success'
+    needs: [check_version_update, build-frontend]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v4
+        with:
+          version: 'latest'
+
+      - name: Configure kubectl for SAP BTP Kyma
+        run: |
+          mkdir -p ~/.kube
+          echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Restart Frontend Deployment
+        run: |
+          echo "🔄 Restarting frontend deployment to pull latest image..."
+          kubectl rollout restart deployment/stars-frontend -n stars
+          kubectl rollout status deployment/stars-frontend -n stars --timeout=10m
+          echo "✅ Frontend deployment restarted successfully"

.github/workflows/fe-installation-test.yml

@@ -0,0 +1,73 @@
+name: Test frontend installation
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - main
+    paths:
+      - 'frontend/package*.json'
+      - 'frontend/**.ts'
+      - 'frontend/**.js'
+      - 'frontend/**.json'
+      - 'frontend/**.css'
+      - 'frontend/**.html'
+  workflow_dispatch:
+
+permissions:
+  checks: read
+  contents: read
+
+jobs:
+  installation-frontend:
+    name: Test frontend installation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out Git repository
+        uses: actions/checkout@v5
+
+      - name: Set up Node.js environment
+        uses: actions/setup-node@v5
+        with:
+          node-version: "24"
+
+      - name: Install dependencies
+        working-directory: frontend
+        run: npm ci
+
+      - name: Build frontend
+        working-directory: frontend
+        run: npm run build
+
+      - name: Verify build artifacts
+        working-directory: frontend
+        run: |
+          if [ -d "dist/" ]; then
+            echo "Build artifacts found in dist/"
+            ls -la dist/
+          else
+            echo "Build artifacts not found"
+            exit 1
+          fi
+
+      - name: Test dev server startup
+        working-directory: frontend
+        timeout-minutes: 2
+        run: |
+          # Start the dev server in background
+          npm start &
+          DEV_SERVER_PID=$!
+
+          # Wait for server to be ready (max 60 seconds)
+          for i in {1..60}; do
+            sleep 1
+            if curl -f -s http://localhost:4200 > /dev/null 2>&1; then
+              echo "Dev server started successfully"
+              kill $DEV_SERVER_PID
+              exit 0
+            fi
+          done
+
+          echo "Dev server failed to start within 60 seconds"
+          kill $DEV_SERVER_PID
+          exit 1

.github/workflows/lint-backend.yml

@@ -7,6 +7,7 @@ on:
       - main
     paths:
       - '**.py'
+      - 'CHANGELOG.md'
   workflow_dispatch:
 
 permissions:

.github/workflows/lint-frontend.yml

@@ -6,9 +6,10 @@ on:
       - develop
       - main
     paths:
-      - '**.json'
       - '**.ts'
       - '**.js'
+      - '**/package.json'
+      - 'CHANGELOG.md'
   workflow_dispatch:
 
 permissions:
@@ -30,18 +31,18 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v5
         with:
-            node-version: 20
+            node-version: 24
 
       - name: Install Node.js dependencies
+        working-directory: frontend
         run: |
-          cd frontend
           npm ci
 
       - name: Run linters
         uses: reviewdog/action-eslint@v1
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-review
+          workdir: frontend
           eslint_flags: "--format rdjson --ext .js,.jsx,.ts,.tsx ./"
           fail_level: error
-          workdir: frontend

.github/workflows/pr-bot.yml

@@ -1,11 +1,12 @@
 name: AI-assisted
 on:
-  pull_request:
+  pull_request_target:
     types: [ready_for_review, opened, reopened]
 
 jobs:
   summary:
     name: PR Summary
+    if: github.actor != 'dependabot'
     runs-on: [ubuntu-latest]
     steps:
       - uses: SAP/ai-assisted-github-actions/pr-summary@v3
@@ -15,6 +16,7 @@ jobs:
           exclude-files: package-lock.json, uv.lock
   review:
     name: PR Review
+    if: github.actor != 'dependabot'
     runs-on: [ubuntu-latest]
     steps:
       - uses: SAP/ai-assisted-github-actions/pr-review@v3
@@ -25,3 +27,7 @@ jobs:
           footer-text: |
             ---
             > Always critique what AI says. Do not let AI replace YOUR I.
+          prompt-addition: |
+            Do not feel obliged to comment on every file. Focus on the most important aspects of the code change.
+            Keep your comments concise and to the point.
+            Avoid unnecessary complexity, and focus on maintainability, readability, and performance.

CHANGELOG.md

@@ -1,3 +1,20 @@
+# Version: v0.6.0
+
+* [#93](https://github.com/SAP/STARS/pull/93): Add 2 PyRIT orchestrators ((Crescendo, PAIR)) and re-strucutre PyRIT code.
+* [#102](https://github.com/SAP/STARS/pull/102): Restart k8s deployments running new images
+* [#103](https://github.com/SAP/STARS/pull/103): Optimize docker builds and auto-deploy
+* [#104](https://github.com/SAP/STARS/pull/104): Bump azure/setup-kubectl from 3 to 4
+* [#106](https://github.com/SAP/STARS/pull/106): Bump ollama from 0.5.3 to 0.5.4 in /backend-agent
+* [#107](https://github.com/SAP/STARS/pull/107): Bump the js-dependencies group across 1 directory with 22 updates
+* [#109](https://github.com/SAP/STARS/pull/109): [chore] Fix GitHub Actions
+* [#110](https://github.com/SAP/STARS/pull/110): Add run_all cli + route
+* [#111](https://github.com/SAP/STARS/pull/111): Update current dependencies with versions
+* [#113](https://github.com/SAP/STARS/pull/113): Bump pyyaml from 6.0.2 to 6.0.3 in /backend-agent
+* [#114](https://github.com/SAP/STARS/pull/114): Bump ollama from 0.5.4 to 0.6.0 in /backend-agent
+* [#115](https://github.com/SAP/STARS/pull/115): Bump the js-dependencies group in /frontend with 15 updates
+* [#116](https://github.com/SAP/STARS/pull/116): Fix run_all attacks configuration
+
+
 # Version: v0.5.0
 
 * [#84](https://github.com/SAP/STARS/pull/84): Bump flask-cors from 6.0.0 to 6.0.1 in /backend-agent

backend-agent/.dockerignore

@@ -1,6 +1,8 @@
 # Caches
 **/__pycache__
 cache
+**/.cache
+**/.mypy_cache
 
 # Libraries
 venv*
@@ -13,10 +15,28 @@ logger.log
 result_gptfuzz.txt
 prompt_success.txt
 
+# Non-relevant files and folders
+README.md
+*.md
+docs/
+examples/
+build/
+dist/
+*.egg-info/
+
 # Sensitive data
-.env
+.env*
 
-# Development files
+# Development files and folders
 .vscode
 .gitignore
-README.md
+.git
+**/*.pyc
+**/*.pyo
+**/*.pyd
+**/.pytest_cache
+**/test*
+**/Test*
+**/.coverage
+**/htmlcov
+**/.tox