From 1bf095662e43d3fcddeff5ee4a14b0f204f70fa9 Mon Sep 17 00:00:00 2001 From: Firas RG Date: Sat, 10 Aug 2024 19:17:57 +0100 Subject: [PATCH 1/2] Add basic CI github actions script Note: this commit includes fixing an issue in pom.xml: renaming groupId --- .github/workflows/basic.yaml | 26 +++++++++++ .github/workflows/code-analysis.yaml | 64 ++++++++++++++++++++++++++++ configs/git-hooks/pre-commit | 2 +- mvnw | 0 pom.xml | 10 ++++- 5 files changed, 99 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/basic.yaml create mode 100644 .github/workflows/code-analysis.yaml mode change 100644 => 100755 mvnw diff --git a/.github/workflows/basic.yaml b/.github/workflows/basic.yaml new file mode 100644 index 0000000..1b4ba4e --- /dev/null +++ b/.github/workflows/basic.yaml @@ -0,0 +1,26 @@ +name: Basic Verifications + +on: + push: + branches: [main, develop] + + pull_request: + types: [opened, synchronize, reopened] + +jobs: + basic-verifications: + name: Verify code format and run tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up JDK ${{ vars.JAVA_VERSION }} + uses: actions/setup-java@v4 + with: + java-version: ${{ vars.JAVA_VERSION }} + distribution: 'temurin' + cache: 'maven' + + - name: Verify code and apply tests + run: ./mvnw verify diff --git a/.github/workflows/code-analysis.yaml b/.github/workflows/code-analysis.yaml new file mode 100644 index 0000000..f1eb730 --- /dev/null +++ b/.github/workflows/code-analysis.yaml @@ -0,0 +1,64 @@ +name: Code Analysis + +on: + push: + branches: [main, develop] + + pull_request: + types: [opened, synchronize, reopened] + +jobs: + sonarcloud: + name: SonarCloud Analysis + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up JDK ${{ vars.JAVA_VERSION }} + uses: actions/setup-java@v4 + with: + java-version: ${{ vars.JAVA_VERSION }} + distribution: 'temurin' + cache: 'maven' + + - name: Perform the scan + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: ./mvnw verify -B sonar:sonar -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} + + code-ql: + name: CodeQL Analysis + runs-on: ubuntu-latest + + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ['java-kotlin'] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK ${{ vars.JAVA_VERSION }} + uses: actions/setup-java@v4 + with: + java-version: ${{ vars.JAVA_VERSION }} + distribution: 'temurin' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Build with Maven + run: ./mvnw compile + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 diff --git a/configs/git-hooks/pre-commit b/configs/git-hooks/pre-commit index cafcba1..df75c96 100644 --- a/configs/git-hooks/pre-commit +++ b/configs/git-hooks/pre-commit @@ -4,7 +4,7 @@ # # Run the Maven verify command -./mvnw verify --offline +./mvnw spotless:apply verify --offline # Capture exit status of Maven command RESULT=$? diff --git a/mvnw b/mvnw old mode 100644 new mode 100755 diff --git a/pom.xml b/pom.xml index 7286724..f095a56 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ 3.2.8 - com.example + com.frg car-service-rest-api 0.0.1-SNAPSHOT jar @@ -29,6 +29,7 @@ 17 + https://sonarcloud.io @@ -121,7 +122,7 @@ spotless-validate validate - apply + check @@ -163,6 +164,11 @@ + + org.sonarsource.scanner.maven + sonar-maven-plugin + 4.0.0.4121 + From 89c554a9e03b58b927740237be46b5048071f7e9 Mon Sep 17 00:00:00 2001 From: Firas RG Date: Sun, 11 Aug 2024 00:54:18 +0100 Subject: [PATCH 2/2] update readme file with badges --- .github/workflows/code-analysis.yaml | 2 +- README.md | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-analysis.yaml b/.github/workflows/code-analysis.yaml index f1eb730..0107267 100644 --- a/.github/workflows/code-analysis.yaml +++ b/.github/workflows/code-analysis.yaml @@ -40,7 +40,7 @@ jobs: strategy: fail-fast: false matrix: - language: ['java-kotlin'] + language: ['java'] steps: - name: Checkout repository diff --git a/README.md b/README.md index 41c809a..f6831a8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,13 @@ # Car Service REST API sample +[![Code Analysis](https://github.com/firasrg/car-service-rest-api/actions/workflows/code-analysis.yaml/badge.svg)](https://github.com/firasrg/car-service-rest-api/actions/workflows/code-analysis.yaml) +[![java-version](https://img.shields.io/badge/Java-17-f0fc03)](https://img.shields.io/badge/Java-17-f0fc03) + +[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=bugs)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api) +[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api) +[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api) +[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=firasrg_car-service-rest-api&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=firasrg_car-service-rest-api) + ## Overview The **Car Service REST API** 🚗🧑‍🔧 offers a comprehensive solution for managing car service systems. This developer-friendly project is designed to enhance proficiency with modern Spring applications, providing hands-on experience with real-world scenarios and best practices for backend development.