Merge pull request #20 from firasrg/config/2-setting-github-actions-c…

…i-pipeline [Configuration][DevOps] Setting a first github action script
firasrg · Aug 11, 2024 · 72523e5 · 72523e5
2 parents a0c38bc + 89c554a
commit 72523e5
Show file tree

Hide file tree

Showing 6 changed files with 107 additions and 3 deletions.
diff --git a/.github/workflows/basic.yaml b/.github/workflows/basic.yaml
@@ -0,0 +1,26 @@
+name: Basic Verifications
+
+on:
+  push:
+    branches: [main, develop]
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  basic-verifications:
+    name: Verify code format and run tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ vars.JAVA_VERSION }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ vars.JAVA_VERSION }}
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Verify code and apply tests
+        run: ./mvnw verify
diff --git a/.github/workflows/code-analysis.yaml b/.github/workflows/code-analysis.yaml
@@ -0,0 +1,64 @@
+name: Code Analysis
+
+on:
+  push:
+    branches: [main, develop]
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ vars.JAVA_VERSION }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ vars.JAVA_VERSION }}
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Perform the scan
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./mvnw verify -B sonar:sonar -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
+
+  code-ql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['java']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ vars.JAVA_VERSION }}
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ vars.JAVA_VERSION }}
+          distribution: 'temurin'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Build with Maven
+        run: ./mvnw compile
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/README.md b/README.md
@@ -1,5 +1,13 @@
 # Car Service REST API sample
 
+[![Code Analysis](https://github.com/firasrg/car-service-rest-api/actions/workflows/code-analysis.yaml/badge.svg)](https://github.com/firasrg/car-service-rest-api/actions/workflows/code-analysis.yaml)
+[![java-version](https://img.shields.io/badge/Java-17-f0fc03)](https://img.shields.io/badge/Java-17-f0fc03)
+
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=bugs)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api)
+[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api)
+
 ## Overview
 
 The **Car Service REST API** 🚗🧑‍🔧  offers a comprehensive solution for managing car service systems. This developer-friendly project is designed to enhance proficiency with modern Spring applications, providing hands-on experience with real-world scenarios and best practices for backend development.

diff --git a/configs/git-hooks/pre-commit b/configs/git-hooks/pre-commit
@@ -4,7 +4,7 @@
 #
 
 # Run the Maven verify command
-./mvnw verify --offline
+./mvnw  spotless:apply verify --offline
 
 # Capture exit status of Maven command
 RESULT=$?

diff --git a/mvnw b/mvnw
diff --git a/pom.xml b/pom.xml
@@ -8,7 +8,7 @@
 		<version>3.2.8</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
-	<groupId>com.example</groupId>
+	<groupId>com.frg</groupId>
 	<artifactId>car-service-rest-api</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
 	<packaging>jar</packaging>
@@ -29,6 +29,7 @@
 	</scm>
 	<properties>
 		<java.version>17</java.version>
+		<sonar.host.url>https://sonarcloud.io</sonar.host.url>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -121,7 +122,7 @@
 						<id>spotless-validate</id>
 						<phase>validate</phase>
 						<goals>
-							<goal>apply</goal>
+							<goal>check</goal>
 						</goals>
 					</execution>
 				</executions>
@@ -163,6 +164,11 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.sonarsource.scanner.maven</groupId>
+				<artifactId>sonar-maven-plugin</artifactId>
+				<version>4.0.0.4121</version>
+			</plugin>
 		</plugins>
 	</build>
 </project>